Bug #55648 Server crashes when subjected to max/min on a table containing max allowed TIME
Submitted: 30 Jul 2010 12:21 Modified: 23 Nov 2010 3:31
Reporter: Nirbhay Choubey Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Optimizer Severity:S3 (Non-critical)
Version:5.5.6-m3-debug OS:Any
Assigned to: Evgeny Potemkin
Tags: daily-trunk-bugfixing, regression
Triage: Triaged: D1 (Critical)

[30 Jul 2010 12:21] Nirbhay Choubey
Description:
Server crashes when we perform a max or min select query
on a table containing TIME attribute, which has any of its tuples'
value >= '838:59:59'

Branch Name : daily-trunk-bugfixing

USE `test`;
CREATE TABLE `t1`(`c1` TIME NOT NULL);
INSERT INTO t1 VALUES('837:59:59');
INSERT INTO t1 VALUES('838:59:59');
SELECT MAX(c1) FROM t1;
ERROR 2013 (HY000): Lost connection to MySQL server during query

--------

$ mysqld: /data0/bzr/builds/source/mysql-trunk-bugfixing/sql/item.cc:7513: virtual String* Item_cache_datetime::val_str(String*): Assertion `time < (838*10000 + 59*100 + 59)' failed.
100730 17:32:28 - mysqld got signal 6 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help diagnose
the problem, but since we have already crashed, something is definitely wrong
and this may fail.

key_buffer_size=8388608
read_buffer_size=131072
max_used_connections=1
max_threads=151
thread_count=1
connection_count=1
It is possible that mysqld could use up to 
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 337849 K
bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

thd: 0x96954f0
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 0xa6d36378 thread_stack 0x30000
./bin/mysqld(my_print_stacktrace+0x32)[0x8654d4b]
./bin/mysqld(handle_segfault+0x2cd)[0x816a80d]
[0xb7851400]
/lib/tls/i686/cmov/libc.so.6(abort+0x188)[0xb756d098]
/lib/tls/i686/cmov/libc.so.6(__assert_fail+0xee)[0xb75645ce]
./bin/mysqld(_ZN19Item_cache_datetime7val_strEP6String+0xdc)[0x8371240]
./bin/mysqld(_ZN15Item_sum_hybrid7val_strEP6String+0x70)[0x83dc8cc]
./bin/mysqld(_ZN4Item13val_str_asciiEP6String+0x62)[0x8378f66]
./bin/mysqld(_ZN4Item8get_timeEP13st_mysql_time+0x5a)[0x837ba64]
./bin/mysqld(_ZN4Item4sendEP8ProtocolP6String+0x34b)[0x836971f]
./bin/mysqld(_ZN8Protocol19send_result_set_rowEP4ListI4ItemE+0xd9)[0x8176843]
./bin/mysqld(_ZN11select_send9send_dataER4ListI4ItemE+0xc5)[0x81ce25b]
./bin/mysqld[0x822c158]
./bin/mysqld(_Z10sub_selectP4JOINP13st_join_tableb+0x41)[0x822ca43]
./bin/mysqld[0x82366ce]
./bin/mysqld(_ZN4JOIN4execEv+0x209f)[0x824e301]
./bin/mysqld(_Z12mysql_selectP3THDPPP4ItemP10TABLE_LISTjR4ListIS1_ES2_jP8st_orderSB_S2_SB_yP13select_resultP18st_select_lex_unitP13st_select_lex+0x30d)[0x824905f]
./bin/mysqld(_Z13handle_selectP3THDP3LEXP13select_resultm+0x1e4)[0x824e60a]
./bin/mysqld[0x81f9037]
./bin/mysqld(_Z21mysql_execute_commandP3THD+0x9f8)[0x81fa2ea]
./bin/mysqld(_Z11mysql_parseP3THDPcjP12Parser_state+0x1e2)[0x8202846]
./bin/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcj+0xa3c)[0x8203d2c]
./bin/mysqld(_Z10do_commandP3THD+0x242)[0x8205202]
./bin/mysqld(_Z24do_handle_one_connectionP3THD+0x142)[0x82d1be4]
./bin/mysqld(handle_one_connection+0x25)[0x82d1c9f]
/lib/tls/i686/cmov/libpthread.so.0[0xb78244ff]
/lib/tls/i686/cmov/libc.so.6(clone+0x5e)[0xb76245ee]
Trying to get some variables.
Some pointers may be invalid and cause the dump to abort...
thd->query at 0x9719f90 = SELECT MAX(c1) FROM t1
thd->thread_id=1
thd->killed=NOT_KILLED
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
information that should help you find out what is causing the crash.

How to repeat:
Mentioned in the description
[2 Aug 2010 12:37] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/114841

3162 Evgeny Potemkin	2010-08-02
      Bug#55648: Server crash on MIX/MAX on maximum time value
      
      A typo in the Item_cache_datetime::val_str caused an assertion to fail on the
      maximum time value.
     @ mysql-test/r/func_group.result
        A test case for the bug#55648.
     @ mysql-test/t/func_group.test
        A test case for the bug#55648.
     @ sql/item.cc
        Bug#55648: Server crash on MIX/MAX on maximum time value
        Corrected assertion.
[6 Aug 2010 7:35] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/115154

3192 Tor Didriksen	2010-08-06
      Bug#55648 post-push fix: remove string 'End of 6.0 tests'
[16 Aug 2010 6:30] Bugs System
Pushed into mysql-trunk 5.6.1-m4 (revid:alik@sun.com-20100816062701-qo9dpnk5tkt1pksb) (version source revid:alik@sun.com-20100816062603-xc16eftmv7rmktyq) (merge vers: 5.6.1-m4) (pib:20)
[16 Aug 2010 6:38] Bugs System
Pushed into mysql-next-mr (revid:alik@sun.com-20100816062819-bluwgdq8q4xysmlg) (version source revid:alik@sun.com-20100816062612-enatdwnv809iw3s9) (pib:20)
[16 Aug 2010 17:18] Paul Dubois
Noted in 5.6.1 changelog.

Using MIN() or MAX() on a column containing the maximum TIME value
caused a server crash.

Setting report to Need Merge pending push to 5.5.x.
[21 Aug 2010 1:26] Paul Dubois
Noted in 5.5.6 changelog.
[13 Nov 2010 16:25] Bugs System
Pushed into mysql-trunk 5.6.99-m5 (revid:alexander.nozdrin@oracle.com-20101113155825-czmva9kg4n31anmu) (version source revid:vasil.dimov@oracle.com-20100629074804-359l9m9gniauxr94) (merge vers: 5.6.99-m4) (pib:21)