Bug #88801 Assertion `t1->result_range' failed.
Submitted: 7 Dec 2017 4:01 Modified: 13 Feb 2018 3:03
Reporter: Roel Van de Paar Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: GIS Severity:S6 (Debug Builds)
Version:5.6.38 OS:Any
Assigned to: CPU Architecture:Any

[7 Dec 2017 4:01] Roel Van de Paar
Description:
2017-12-07 14:29:58 5528 [Note] /sda/MS071217-mysql-5.6.38-linux-x86_64-debug/bin/mysqld: ready for connections.
Version: '5.6.38-debug'  socket: '/sda/MS071217-mysql-5.6.38-linux-x86_64-debug/socket.sock'  port: 15301  MySQL Community Server (GPL)
mysqld: /git/mysql-server_dbg/sql/gcalc_tools.cc:731: int Gcalc_operation_reducer::end_couple(Gcalc_operation_reducer::active_thread*, Gcalc_operation_reducer::active_thread*, const Gcalc_heap::Info*): Assertion `t1->result_range' failed.
03:30:24 UTC - mysqld got signal 6 ;

Core was generated by `/sda/MS071217-mysql-5.6.38-linux-x86_64-debug/bin/mysqld --no-defaults --core -'.
Program terminated with signal 6, Aborted.
#0  0x00007ff9a74ba9b1 in __pthread_kill (threadid=<optimized out>, signo=6) at ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c:61
61	  val = INTERNAL_SYSCALL (tgkill, err, 3, THREAD_GETMEM (THREAD_SELF, pid),
(gdb) bt
#0  0x00007ff9a74ba9b1 in __pthread_kill (threadid=<optimized out>, signo=6) at ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c:61
#1  0x0000000000aa0ede in my_write_core (sig=6) at /git/mysql-server_dbg/mysys/stacktrace.c:424
#2  0x000000000072e9d6 in handle_fatal_signal (sig=6) at /git/mysql-server_dbg/sql/signal_handler.cc:230
#3  <signal handler called>
#4  0x00007ff9a59da1f7 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#5  0x00007ff9a59db8e8 in __GI_abort () at abort.c:90
#6  0x00007ff9a59d3266 in __assert_fail_base (fmt=0x7ff9a5b25e68 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", 
    assertion=assertion@entry=0xf121a4 "t1->result_range", file=file@entry=0xf11c00 "/git/mysql-server_dbg/sql/gcalc_tools.cc", 
    line=line@entry=731, 
    function=function@entry=0xf12960 <Gcalc_operation_reducer::end_couple(Gcalc_operation_reducer::active_thread*, Gcalc_operation_reducer::active_thread*, Gcalc_heap::Info const*)::__PRETTY_FUNCTION__> "int Gcalc_operation_reducer::end_couple(Gcalc_operation_reducer::active_thread*, Gcalc_operation_reducer::active_thread*, const Gcalc_heap::Info*)") at assert.c:92
#7  0x00007ff9a59d3312 in __GI___assert_fail (assertion=0xf121a4 "t1->result_range", 
    file=0xf11c00 "/git/mysql-server_dbg/sql/gcalc_tools.cc", line=731, 
    function=0xf12960 <Gcalc_operation_reducer::end_couple(Gcalc_operation_reducer::active_thread*, Gcalc_operation_reducer::active_thread*, Gcalc_heap::Info const*)::__PRETTY_FUNCTION__> "int Gcalc_operation_reducer::end_couple(Gcalc_operation_reducer::active_thread*, Gcalc_operation_reducer::active_thread*, const Gcalc_heap::Info*)") at assert.c:101
#8  0x000000000092eb75 in Gcalc_operation_reducer::end_couple (this=0x7ff96387d530, t0=0x7ff96396e320, t1=0x7ff96396e008, 
    p=0x7ff96396c120) at /git/mysql-server_dbg/sql/gcalc_tools.cc:731
#9  0x000000000092f5df in Gcalc_operation_reducer::count_slice (this=0x7ff96387d530, si=0x7ff9a7aaca90)
    at /git/mysql-server_dbg/sql/gcalc_tools.cc:942
#10 0x0000000000930069 in Gcalc_operation_reducer::count_all (this=0x7ff96387d530, hp=0x7ff96387d418)
    at /git/mysql-server_dbg/sql/gcalc_tools.cc:1088
#11 0x00000000006ce7cc in Item_func_spatial_operation::val_str (this=0x7ff96387d348, str_value=0x7ff9a7aacd40)
    at /git/mysql-server_dbg/sql/item_geofunc.cc:1060
#12 0x0000000000668693 in Item::send (this=0x7ff96387d348, protocol=0x7ff97f7d64d8, buffer=0x7ff9a7aacd40)
    at /git/mysql-server_dbg/sql/item.cc:6899
#13 0x000000000072683a in Protocol::send_result_set_row (this=0x7ff97f7d64d8, row_items=0x7ff97f7d85f0)
    at /git/mysql-server_dbg/sql/protocol.cc:844
#14 0x0000000000794d31 in select_send::send_data (this=0x7ff96387d748, items=...) at /git/mysql-server_dbg/sql/sql_class.cc:2541
#15 0x00000000007aa6f6 in JOIN::exec (this=0x7ff96387d770) at /git/mysql-server_dbg/sql/sql_executor.cc:151
#16 0x000000000080aab3 in mysql_execute_select (thd=0x7ff97f7d6000, select_lex=0x7ff97f7d84d0, free_join=true)
    at /git/mysql-server_dbg/sql/sql_select.cc:1101
#17 0x000000000080ada5 in mysql_select (thd=0x7ff97f7d6000, tables=0x0, wild_num=0, fields=..., conds=0x0, order=0x7ff97f7d8698, 
    group=0x7ff97f7d85d0, having=0x0, select_options=2147748608, result=0x7ff96387d748, unit=0x7ff97f7d7e88, 
    select_lex=0x7ff97f7d84d0) at /git/mysql-server_dbg/sql/sql_select.cc:1222
#18 0x0000000000808e76 in handle_select (thd=0x7ff97f7d6000, result=0x7ff96387d748, setup_tables_done_option=0)
    at /git/mysql-server_dbg/sql/sql_select.cc:110
#19 0x00000000007e30a9 in execute_sqlcom_select (thd=0x7ff97f7d6000, all_tables=0x0) at /git/mysql-server_dbg/sql/sql_parse.cc:5187
#20 0x00000000007dbe96 in mysql_execute_command (thd=0x7ff97f7d6000) at /git/mysql-server_dbg/sql/sql_parse.cc:2695
#21 0x00000000007e5bb4 in mysql_parse (thd=0x7ff97f7d6000, 
    rawbuf=0x7ff96381f010 "SELECT ST_SYMDIFFERENCE(MULTIPOLYGON(POLYGON(LINESTRING(POINT(61,58),POINT(53,-3),POINT(-91,-19),POINT(61,58)),LINESTRING(POINT(-70,-6),POINT(-70,-6)))),LINESTRING(POINT(27,6),POINT(19,15),POINT(78,-3"..., length=204, 
    parser_state=0x7ff9a7aae590) at /git/mysql-server_dbg/sql/sql_parse.cc:6439
#22 0x00000000007d8e92 in dispatch_command (command=COM_QUERY, thd=0x7ff97f7d6000, packet=0x7ff971af0001 "", packet_length=204)
    at /git/mysql-server_dbg/sql/sql_parse.cc:1376
#23 0x00000000007d7ed0 in do_command (thd=0x7ff97f7d6000) at /git/mysql-server_dbg/sql/sql_parse.cc:1039
#24 0x000000000079f86b in do_handle_one_connection (thd_arg=0x7ff97f78f000) at /git/mysql-server_dbg/sql/sql_connect.cc:982
#25 0x000000000079f608 in handle_one_connection (arg=0x7ff97f78f000) at /git/mysql-server_dbg/sql/sql_connect.cc:899
#26 0x0000000000aed28b in pfs_spawn_thread (arg=0x7ff9a3bf3e80) at /git/mysql-server_dbg/storage/perfschema/pfs.cc:1861
#27 0x00007ff9a74b5e25 in start_thread (arg=0x7ff9a7aaf700) at pthread_create.c:308
#28 0x00007ff9a5a9d34d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

How to repeat:
SELECT ST_SYMDIFFERENCE(MULTIPOLYGON(POLYGON(LINESTRING(POINT(61,58),POINT(53,-3),POINT(-91,-19),POINT(61,58)),LINESTRING(POINT(-70,-6),POINT(-70,-6)))),LINESTRING(POINT(27,6),POINT(19,15),POINT(78,-36)));
[7 Dec 2017 4:03] Roel Van de Paar
Another testcase

SELECT ST_ASTEXT(ST_DIFFERENCE(ST_GEOMFROMTEXT('GEOMETRYCOLLECTION(' 'MULTIPOINT(-8 1,-8 1,-10 -3,-10 -1,-9 3),' 'POLYGON((8 -7,1 -7,-9 0,9 8,-9 7,-10 -2,5 3,8 -8,-10 0,-3 -8,2 9,-7 4,-2 -8,8 -7)))'),ST_GEOMFROMTEXT('LINESTRING(-7 4,-7 4,9 3,1 -2,-10 2)')));

This error is seen regularly (there are likely more test cases). Another problem is that the assert seems generic - i.e. as soon as we filter it there may be other bugs that are hidden?

Please fix asap so we can remove this from the filter list.
[7 Dec 2017 4:04] Roel Van de Paar
Stacks for [7 Dec 4:03] testcase

Core was generated by `/sda/MS071217-mysql-5.6.38-linux-x86_64-debug/bin/mysqld --no-defaults --core -'.
Program terminated with signal 6, Aborted.
#0  0x00007f3ca015a9b1 in __pthread_kill (threadid=<optimized out>, signo=6) at ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c:61
61	  val = INTERNAL_SYSCALL (tgkill, err, 3, THREAD_GETMEM (THREAD_SELF, pid),
(gdb) bt
#0  0x00007f3ca015a9b1 in __pthread_kill (threadid=<optimized out>, signo=6) at ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c:61
#1  0x0000000000aa0ede in my_write_core (sig=6) at /git/mysql-server_dbg/mysys/stacktrace.c:424
#2  0x000000000072e9d6 in handle_fatal_signal (sig=6) at /git/mysql-server_dbg/sql/signal_handler.cc:230
#3  <signal handler called>
#4  0x00007f3c9e67a1f7 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#5  0x00007f3c9e67b8e8 in __GI_abort () at abort.c:90
#6  0x00007f3c9e673266 in __assert_fail_base (fmt=0x7f3c9e7c5e68 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", 
    assertion=assertion@entry=0xf121a4 "t1->result_range", file=file@entry=0xf11c00 "/git/mysql-server_dbg/sql/gcalc_tools.cc", 
    line=line@entry=731, 
    function=function@entry=0xf12960 <Gcalc_operation_reducer::end_couple(Gcalc_operation_reducer::active_thread*, Gcalc_operation_reducer::active_thread*, Gcalc_heap::Info const*)::__PRETTY_FUNCTION__> "int Gcalc_operation_reducer::end_couple(Gcalc_operation_reducer::active_thread*, Gcalc_operation_reducer::active_thread*, const Gcalc_heap::Info*)") at assert.c:92
#7  0x00007f3c9e673312 in __GI___assert_fail (assertion=0xf121a4 "t1->result_range", 
    file=0xf11c00 "/git/mysql-server_dbg/sql/gcalc_tools.cc", line=731, 
    function=0xf12960 <Gcalc_operation_reducer::end_couple(Gcalc_operation_reducer::active_thread*, Gcalc_operation_reducer::active_thread*, Gcalc_heap::Info const*)::__PRETTY_FUNCTION__> "int Gcalc_operation_reducer::end_couple(Gcalc_operation_reducer::active_thread*, Gcalc_operation_reducer::active_thread*, const Gcalc_heap::Info*)") at assert.c:101
#8  0x000000000092eb75 in Gcalc_operation_reducer::end_couple (this=0x7f3c5cc1fad0, t0=0x7f3c5cc791c0, t1=0x7f3c5cc79e78, 
    p=0x7f3c5cc75430) at /git/mysql-server_dbg/sql/gcalc_tools.cc:731
#9  0x000000000092f5df in Gcalc_operation_reducer::count_slice (this=0x7f3c5cc1fad0, si=0x7f3ca074c990)
    at /git/mysql-server_dbg/sql/gcalc_tools.cc:942
#10 0x0000000000930069 in Gcalc_operation_reducer::count_all (this=0x7f3c5cc1fad0, hp=0x7f3c5cc1f9b8)
    at /git/mysql-server_dbg/sql/gcalc_tools.cc:1088
#11 0x00000000006ce7cc in Item_func_spatial_operation::val_str (this=0x7f3c5cc1f8e8, str_value=0x7f3ca074cb80)
    at /git/mysql-server_dbg/sql/item_geofunc.cc:1060
#12 0x00000000006cb4e4 in Item_func_as_wkt::val_str_ascii (this=0x7f3c5cc1fc98, str=0x7f3ca074cd40)
    at /git/mysql-server_dbg/sql/item_geofunc.cc:146
#13 0x00000000006d52f6 in Item_str_func::val_str_from_val_str_ascii (this=0x7f3c5cc1fc98, str=0x7f3ca074cd40, str2=0x7f3c5cc1fd68)
    at /git/mysql-server_dbg/sql/item_strfunc.cc:78
#14 0x00000000006a2370 in Item_str_ascii_func::val_str (this=0x7f3c5cc1fc98, str=0x7f3ca074cd40)
    at /git/mysql-server_dbg/sql/item_strfunc.h:81
#15 0x0000000000668693 in Item::send (this=0x7f3c5cc1fc98, protocol=0x7f3c787d64d8, buffer=0x7f3ca074cd40)
    at /git/mysql-server_dbg/sql/item.cc:6899
#16 0x000000000072683a in Protocol::send_result_set_row (this=0x7f3c787d64d8, row_items=0x7f3c787d85f0)
    at /git/mysql-server_dbg/sql/protocol.cc:844
#17 0x0000000000794d31 in select_send::send_data (this=0x7f3c5cc1ff38, items=...) at /git/mysql-server_dbg/sql/sql_class.cc:2541
#18 0x00000000007aa6f6 in JOIN::exec (this=0x7f3c5cc1ff60) at /git/mysql-server_dbg/sql/sql_executor.cc:151
#19 0x000000000080aab3 in mysql_execute_select (thd=0x7f3c787d6000, select_lex=0x7f3c787d84d0, free_join=true)
    at /git/mysql-server_dbg/sql/sql_select.cc:1101
#20 0x000000000080ada5 in mysql_select (thd=0x7f3c787d6000, tables=0x0, wild_num=0, fields=..., conds=0x0, order=0x7f3c787d8698, 
    group=0x7f3c787d85d0, having=0x0, select_options=2147748608, result=0x7f3c5cc1ff38, unit=0x7f3c787d7e88, 
    select_lex=0x7f3c787d84d0) at /git/mysql-server_dbg/sql/sql_select.cc:1222
#21 0x0000000000808e76 in handle_select (thd=0x7f3c787d6000, result=0x7f3c5cc1ff38, setup_tables_done_option=0)
    at /git/mysql-server_dbg/sql/sql_select.cc:110
#22 0x00000000007e30a9 in execute_sqlcom_select (thd=0x7f3c787d6000, all_tables=0x0) at /git/mysql-server_dbg/sql/sql_parse.cc:5187
#23 0x00000000007dbe96 in mysql_execute_command (thd=0x7f3c787d6000) at /git/mysql-server_dbg/sql/sql_parse.cc:2695
#24 0x00000000007e5bb4 in mysql_parse (thd=0x7f3c787d6000, 
    rawbuf=0x7f3c5cc1f010 "SELECT ST_ASTEXT(ST_DIFFERENCE(ST_GEOMFROMTEXT('GEOMETRYCOLLECTION(' 'MULTIPOINT(-8 1,-8 1,-10 -3,-10 -1,-9 3),' 'POLYGON((8 -7,1 -7,-9 0,9 8,-9 7,-10 -2,5 3,8 -8,-10 0,-3 -8,2 9,-7 4,-2 -8,8 -7)))'),"..., length=257, 
    parser_state=0x7f3ca074e590) at /git/mysql-server_dbg/sql/sql_parse.cc:6439
#25 0x00000000007d8e92 in dispatch_command (command=COM_QUERY, thd=0x7f3c787d6000, packet=0x7f3c6aaf0001 "", packet_length=257)
    at /git/mysql-server_dbg/sql/sql_parse.cc:1376
#26 0x00000000007d7ed0 in do_command (thd=0x7f3c787d6000) at /git/mysql-server_dbg/sql/sql_parse.cc:1039
#27 0x000000000079f86b in do_handle_one_connection (thd_arg=0x7f3c7878f000) at /git/mysql-server_dbg/sql/sql_connect.cc:982
#28 0x000000000079f608 in handle_one_connection (arg=0x7f3c7878f000) at /git/mysql-server_dbg/sql/sql_connect.cc:899
#29 0x0000000000aed28b in pfs_spawn_thread (arg=0x7f3c9cbf3e80) at /git/mysql-server_dbg/storage/perfschema/pfs.cc:1861
#30 0x00007f3ca0155e25 in start_thread (arg=0x7f3ca074f700) at pthread_create.c:308
#31 0x00007f3c9e73d34d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
[7 Dec 2017 4:06] Roel Van de Paar
See also bug 75946 and bug 83737
[7 Dec 2017 7:19] MySQL Verification Team
Hello Roel,

Thank you for the report and test case.
Observed that 5.6.38 debug build is affected.

Thanks,
Umesh
[13 Feb 2018 3:03] Paul DuBois
Posted by developer:
 
Fixed in 5.6.40.

An invalid input polygon for spatial functions could lead to
undefined server behavior. Now the server returns NULL.