Bug #33049 Assert while running test-as3ap test(mysql-bench suite)
Submitted: 6 Dec 2007 21:52 Modified: 15 Mar 2008 9:14
Reporter: Alexey Stroganov Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Views Severity:S3 (Non-critical)
Version:5.0.56-debug, 5.1.24-rc-debug, 6.0.4-debug, 6.0.5pre-DEBUG OS:Any
Assigned to: Alexey Kopytov CPU Architecture:Any
Triage: D1 (Critical) / R2 (Low) / E4 (High)

[6 Dec 2007 21:52] Alexey Stroganov
Description:
While testing 6.0.4 optimized binaries with tests from mysql-bench suite I observed couple of different random crashes but was unable to provide repeatable test cases. Running tests against debug binary helps to identify some issues. 

Issue below happens during run of test-as3ap test. 

I simplified dataset(attached) and query that cause assert:

select  max(col_signed), count(distinct col_name) from reportview where col_decim >980000000 group by col_code;

bt:

(gdb) bt
#0  0x00002af5c67ec4c5 in pthread_kill () from /lib64/libpthread.so.0
#1  0x000000000076c875 in write_core (sig=6) at stacktrace.c:240
#2  0x00000000005cec63 in handle_segfault (sig=6) at mysqld.cc:2313
#3  <signal handler called>
#4  0x00002af5c6e9faa5 in raise () from /lib64/libc.so.6
#5  0x00002af5c6ea0e60 in abort () from /lib64/libc.so.6
#6  0x00002af5c6e99246 in __assert_fail () from /lib64/libc.so.6
#7  0x00000000005c1543 in Protocol_text::store_longlong (this=0xced610, from=490849908, unsigned_flag=false)
    at protocol.cc:821
#8  0x00000000004f8f9e in Item::send (this=0xd38110, protocol=0xced610, buffer=0x4087fe20) at item.cc:5076
#9  0x00000000005b7687 in select_send::send_data (this=0xd30bd8, items=@0xd1e638) at sql_class.cc:1415
#10 0x00000000006452a2 in end_send_group (join=0xd1cbe8, join_tab=0xd38650, end_of_records=false)
    at sql_select.cc:14392
#11 0x0000000000649d64 in evaluate_join_record (join=0xd1cbe8, join_tab=0xd383b8, error=0)
    at sql_select.cc:13449
#12 0x000000000064a008 in sub_select (join=0xd1cbe8, join_tab=0xd383b8, end_of_records=false)
    at sql_select.cc:13235
#13 0x0000000000651d63 in do_select (join=0xd1cbe8, fields=0xd1e638, table=0x0, procedure=0x0)
    at sql_select.cc:12982
#14 0x000000000066fb27 in JOIN::exec (this=0xd1cbe8) at sql_select.cc:2713
#15 0x000000000066abd0 in mysql_select (thd=0xced248, rref_pointer_array=0xceee10, tables=0xd29358, wild_num=0,
    fields=@0xceed30, conds=0xd29838, og_num=1, order=0x0, group=0xd29aa0, having=0x0, proc_param=0x0,
    select_options=2147764736, result=0xd30bd8, unit=0xcee7e8, select_lex=0xceec28) at sql_select.cc:2901
#16 0x000000000066fe50 in handle_select (thd=0xced248, lex=0xcee748, result=0xd30bd8,
    setup_tables_done_option=0) at sql_select.cc:282
#17 0x00000000005ddd12 in execute_sqlcom_select (thd=0xced248, all_tables=0xd29358) at sql_parse.cc:4517
#18 0x00000000005df221 in mysql_execute_command (thd=0xced248) at sql_parse.cc:1845
#19 0x00000000005e737d in mysql_parse (thd=0xced248,
    inBuf=0xd28c58 "select  max(col_signed), count(distinct col_name) from reportview where col_decim >980000000 group by col_code", length=110, found_semicolon=0x40881fa0) at sql_parse.cc:5410
#20 0x00000000005e7f76 in dispatch_command (command=COM_QUERY, thd=0xced248, packet=0xd24c09 "",
    packet_length=110) at sql_parse.cc:921
#21 0x00000000005e92cc in do_command (thd=0xced248) at sql_parse.cc:697
#22 0x00000000005d77c3 in handle_one_connection (arg=0xced248) at sql_connect.cc:1146
#23 0x00002af5c67e8193 in start_thread () from /lib64/libpthread.so.0
#24 0x00002af5c6f2f45d in clone () from /lib64/libc.so.6
#25 0x0000000000000000 in ?? ()

How to repeat:
1. Download attached dataset (bug-test-as3ap-falcon.gz)
2. Unpack it - gzip -d bug-test-as3ap-falcon.gz
3. Load it to mysql-6.0.4-debug: mysql -uroot test < bug-test-as3ap-falcon
4. Run a query: 

mysql>select  max(col_signed), count(distinct col_name) from reportview where col_decim >980000000 group by col_code;
[6 Dec 2007 21:54] Alexey Stroganov
Dataset for issue

Attachment: bug-test-as3ap-falcon.gz (application/x-gzip, text), 88.30 KiB.

[19 Feb 2008 12:31] Alexey Kopytov
A short testcase that crashes 5.0 and 5.1 as well:

CREATE TABLE `t1` (
  `id` int(11) NOT NULL auto_increment,
  `a` int(11) NOT NULL,
  PRIMARY KEY  (`id`);
)

CREATE TABLE `t2` (
  `id` int(11) NOT NULL auto_increment,
  `c` char(20) NOT NULL,
  PRIMARY KEY  (`id`)
)

insert into t1(a) values (1),(1),(1);
insert into t2(c) values('a'),('b'),('c');

CREATE VIEW v1 AS select t1.id as id, t1.a as a, t2.c as c from (t1 join t2) where t1.id = t2.id;

select max(a), count(distinct c) from v1 group by c;
[22 Feb 2008 8:34] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/42804

ChangeSet@1.2607, 2008-02-22 11:34:18+03:00, kaa@kaamos.(none) +3 -0
  Fix for bug #33049: Assert while running test-as3ap test(mysql-bench 
                      suite)
  
  Under some circumstances a combination of aggregate functions and
  GROUP BY in a SELECT query over a VIEW could lead to incorrect
  calculation of the result type of the aggregate function. This in
  turn could result in incorrect results, or assertion failures on debug
  builds.
  
  Fixed by changing the logic in Item_sum_hybrid::fix_fields() so that
  the argument's item is dereferenced before calling its type() method.
[13 Mar 2008 19:28] Bugs System
Pushed into 6.0.5-alpha
[13 Mar 2008 19:35] Bugs System
Pushed into 5.1.24-rc
[13 Mar 2008 19:42] Bugs System
Pushed into 5.0.60
[15 Mar 2008 9:14] Jon Stephens
Documented bugfix in the 5.0.60, 5.1.24, and 6.0.5 changelogs as follows:

        Under some circumstances a combination of aggregate functions and
        GROUP BY in a SELECT query over a view could lead to incorrect
        calculation of the result type of the aggregate function. This in
        turn could lead to incorrect results, or to crashes on debug
        builds of the server.
[31 Mar 2008 19:58] Jon Stephens
Pushed to 5.1-telco-6.3.

Documented in the 5.1.23-ndb-6.3.11 changelog.