Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-23167

Server crashes upon HANDLER READ from partitioned table

Details

    • Bug
    • Status: Confirmed (View Workflow)
    • Major
    • Resolution: Unresolved
    • 10.3(EOL), 10.4(EOL), 10.5, 10.6, 10.7(EOL), 10.8(EOL), 10.11, 11.4, 11.7(EOL), 11.8
    • 10.5, 10.6, 10.11, 11.4
    • Partitioning
    • None

    Description

      Reproducible on 10.3-10.5, with Aria and Innodb.

      --source include/have_partition.inc
      --source include/have_innodb.inc
       
      CREATE TABLE t1 (pk int NOT NULL PRIMARY KEY) engine=innodb partition BY KEY (pk) partitions 2;
      INSERT INTO t1 values (1),(2),(3),(4),(5);
       
      HANDLER  t1 OPEN AS a1;
      HANDLER a1 READ `PRIMARY` > (3);
      HANDLER a1 READ `PRIMARY` = (9);
      HANDLER a1 READ `PRIMARY` PREV;
      

      10.3 f3f23b5c4bdc669ad0af4

      Version: '10.3.24-MariaDB-debug-log'  
      200714 12:01:07 [ERROR] mysqld got signal 11 ;
       
      /lib/x86_64-linux-gnu/libpthread.so.0(+0x128a0)[0x7f2bc307a8a0]
      row/row0sel.cc:2756(row_sel_field_store_in_mysql_format_func(unsigned char*, mysql_row_templ_t const*, dict_index_t const*, unsigned long, unsigned char const*, unsigned long))[0x55685fc287f3]
      row/row0sel.cc:3036(row_sel_store_mysql_field(unsigned char*, row_prebuilt_t*, unsigned char const*, dict_index_t const*, unsigned short const*, unsigned long, mysql_row_templ_t const*))[0x55685fc29908]
      row/row0sel.cc:3168(row_sel_store_mysql_rec(unsigned char*, row_prebuilt_t*, unsigned char const*, dtuple_t const*, bool, dict_index_t const*, unsigned short const*))[0x55685fc2a06c]
      row/row0sel.cc:5486(row_search_mvcc(unsigned char*, page_cur_mode_t, row_prebuilt_t*, unsigned long, unsigned long))[0x55685fc308c7]
      handler/ha_innodb.cc:9550(ha_innobase::general_fetch(unsigned char*, unsigned int, unsigned int))[0x55685fa4f39c]
      handler/ha_innodb.cc:9644(ha_innobase::index_prev(unsigned char*))[0x55685fa4f67c]
      sql/handler.cc:2975(handler::ha_index_prev(unsigned char*))[0x55685f81f63c]
      sql/ha_partition.cc:8033(ha_partition::handle_ordered_prev(unsigned char*))[0x55686005488a]
      sql/ha_partition.cc:5938(ha_partition::index_prev(unsigned char*))[0x55686004d9da]
      sql/handler.cc:2975(handler::ha_index_prev(unsigned char*))[0x55685f81f5ea]
      sql/sql_handler.cc:922(mysql_ha_read(THD*, TABLE_LIST*, enum_ha_read_modes, char const*, List<Item>*, ha_rkey_function, Item*, unsigned long long, unsigned long long))[0x55685f4b5779]
      sql/sql_parse.cc:5492(mysql_execute_command(THD*))[0x55685f501e18]
      sql/sql_parse.cc:7810(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x55685f509556]
      sql/sql_parse.cc:1850(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x55685f4f5d8b]
      sql/sql_parse.cc:1393(do_command(THD*))[0x55685f4f46a5]
      sql/sql_connect.cc:1403(do_handle_one_connection(CONNECT*))[0x55685f66dc33]
      sql/sql_connect.cc:1309(handle_one_connection)[0x55685f66d995]
      perfschema/pfs.cc:1871(pfs_spawn_thread)[0x55686002539d]
      nptl/pthread_create.c:463(start_thread)[0x7f2bc306f6db]
      x86_64/clone.S:97(clone)[0x7f2bc2459a3f]
       
      Query (0x7f2b6c012a78): HANDLER a1 READ `PRIMARY` PREV
      

      the same with Aria:

      --source include/have_partition.inc
       
      CREATE TABLE t1 (pk int NOT NULL PRIMARY KEY) engine=aria partition BY KEY (pk) partitions 2;
      INSERT INTO t1 values (1),(2),(3),(4),(5);
       
      HANDLER  t1 OPEN AS a1;
      HANDLER a1 READ `PRIMARY` > (3);
      HANDLER a1 READ `PRIMARY` = (9);
      HANDLER a1 READ `PRIMARY` PREV;
      

      200714 12:04:39 [ERROR] mysqld got signal 11 ;
       
      /lib/x86_64-linux-gnu/libpthread.so.0(+0x128a0)[0x7f9462abd8a0]
      multiarch/memmove-vec-unaligned-erms.S:275(__nss_passwd_lookup)[0x7f9461f09dab]
      maria/ma_blockrec.c:4796(_ma_read_block_record2)[0x558a8987981a]
      maria/ma_blockrec.c:5178(_ma_read_block_record)[0x558a8987ab10]
      maria/ma_rprev.c:100(maria_rprev)[0x558a89896d8f]
      maria/ha_maria.cc:2327(ha_maria::index_prev(unsigned char*))[0x558a8980ab2a]
      sql/handler.cc:2975(handler::ha_index_prev(unsigned char*))[0x558a8917163c]
      sql/ha_partition.cc:8033(ha_partition::handle_ordered_prev(unsigned char*))[0x558a899a688a]
      sql/ha_partition.cc:5938(ha_partition::index_prev(unsigned char*))[0x558a8999f9da]
      sql/handler.cc:2975(handler::ha_index_prev(unsigned char*))[0x558a891715ea]
      sql/sql_handler.cc:922(mysql_ha_read(THD*, TABLE_LIST*, enum_ha_read_modes, char const*, List<Item>*, ha_rkey_function, Item*, unsigned long long, unsigned long long))[0x558a88e07779]
      sql/sql_parse.cc:5492(mysql_execute_command(THD*))[0x558a88e53e18]
      sql/sql_parse.cc:7810(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x558a88e5b556]
      sql/sql_parse.cc:1850(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x558a88e47d8b]
      sql/sql_parse.cc:1393(do_command(THD*))[0x558a88e466a5]
      sql/sql_connect.cc:1403(do_handle_one_connection(CONNECT*))[0x558a88fbfc33]
      sql/sql_connect.cc:1309(handle_one_connection)[0x558a88fbf995]
      perfschema/pfs.cc:1871(pfs_spawn_thread)[0x558a8997739d]
      nptl/pthread_create.c:463(start_thread)[0x7f9462ab26db]
      x86_64/clone.S:97(clone)[0x7f9461e9ca3f]
       
      Query (0x7f9408012a78): HANDLER a1 READ `PRIMARY` PREV
      

      MyIsam returns: "query 'HANDLER a1 READ `PRIMARY` PREV' failed: 1030: Got error 14 "Bad address" from storage engine MyISAM"

      No visible effect on non-debug build.

      Attachments

        Issue Links

          Activity

            alice Alice Sherepa added a comment - - edited

            some variation

            10.5 9ef36faa614528b66e0a6

            Version: '10.5.6-MariaDB-debug-log'  
            2020-09-02 15:29:04 5 [Note] Start binlog_dump to slave_server(2), pos(, 4), using_gtid(0), gtid('')
            ASAN:DEADLYSIGNAL
            =================================================================
            ==25935==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f4de18d4634 bp 0x7f4da9658a40 sp 0x7f4da96581b0 T29)
            ==25935==The signal is caused by a READ memory access.
            ==25935==Hint: address points to the zero page.
                #0 0x7f4de18d4633  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x79633)
                #1 0x5614b35af49a in _mi_rec_unpack /10.5/storage/myisam/mi_dynrec.c:1335
                #2 0x5614b35b06f4 in _mi_read_dynamic_record /10.5/storage/myisam/mi_dynrec.c:1529
                #3 0x5614b35fdc06 in mi_rprev /10.5/storage/myisam/mi_rprev.c:106
                #4 0x5614b35598b8 in ha_myisam::index_prev(unsigned char*) /10.5/storage/myisam/ha_myisam.cc:1986
                #5 0x5614b21b7820 in handler::ha_index_prev(unsigned char*) /10.5/sql/handler.cc:3191
                #6 0x5614b2a90348 in ha_partition::handle_ordered_prev(unsigned char*) /10.5/sql/ha_partition.cc:8152
                #7 0x5614b2a7b4c5 in ha_partition::index_prev(unsigned char*) /10.5/sql/ha_partition.cc:6066
                #8 0x5614b21b7820 in handler::ha_index_prev(unsigned char*) /10.5/sql/handler.cc:3191
                #9 0x5614b18fd923 in mysql_ha_read(THD*, TABLE_LIST*, enum_ha_read_modes, char const*, List<Item>*, ha_rkey_function, Item*, unsigned long long, unsigned long long) /10.5/sql/sql_handler.cc:921
                #10 0x5614b19d5066 in mysql_execute_command(THD*) /10.5/sql/sql_parse.cc:5557
                #11 0x5614b19e54ba in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /10.5/sql/sql_parse.cc:7994
                #12 0x5614b19bbf55 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /10.5/sql/sql_parse.cc:1867
                #13 0x5614b19b87c9 in do_command(THD*) /10.5/sql/sql_parse.cc:1348
                #14 0x5614b1dec92f in do_handle_one_connection(CONNECT*, bool) /10.5/sql/sql_connect.cc:1410
                #15 0x5614b1dec288 in handle_one_connection /10.5/sql/sql_connect.cc:1312
                #16 0x5614b2ab907e in pfs_spawn_thread /10.5/storage/perfschema/pfs.cc:2201
                #17 0x7f4ddfd5f6da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
                #18 0x7f4ddef45a3e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x121a3e)
            
            

            alice Alice Sherepa added a comment - - edited some variation 10.5 9ef36faa614528b66e0a6 Version: '10.5.6-MariaDB-debug-log' 2020-09-02 15:29:04 5 [Note] Start binlog_dump to slave_server(2), pos(, 4), using_gtid(0), gtid('') ASAN:DEADLYSIGNAL ================================================================= ==25935==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f4de18d4634 bp 0x7f4da9658a40 sp 0x7f4da96581b0 T29) ==25935==The signal is caused by a READ memory access. ==25935==Hint: address points to the zero page. #0 0x7f4de18d4633 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x79633) #1 0x5614b35af49a in _mi_rec_unpack /10.5/storage/myisam/mi_dynrec.c:1335 #2 0x5614b35b06f4 in _mi_read_dynamic_record /10.5/storage/myisam/mi_dynrec.c:1529 #3 0x5614b35fdc06 in mi_rprev /10.5/storage/myisam/mi_rprev.c:106 #4 0x5614b35598b8 in ha_myisam::index_prev(unsigned char*) /10.5/storage/myisam/ha_myisam.cc:1986 #5 0x5614b21b7820 in handler::ha_index_prev(unsigned char*) /10.5/sql/handler.cc:3191 #6 0x5614b2a90348 in ha_partition::handle_ordered_prev(unsigned char*) /10.5/sql/ha_partition.cc:8152 #7 0x5614b2a7b4c5 in ha_partition::index_prev(unsigned char*) /10.5/sql/ha_partition.cc:6066 #8 0x5614b21b7820 in handler::ha_index_prev(unsigned char*) /10.5/sql/handler.cc:3191 #9 0x5614b18fd923 in mysql_ha_read(THD*, TABLE_LIST*, enum_ha_read_modes, char const*, List<Item>*, ha_rkey_function, Item*, unsigned long long, unsigned long long) /10.5/sql/sql_handler.cc:921 #10 0x5614b19d5066 in mysql_execute_command(THD*) /10.5/sql/sql_parse.cc:5557 #11 0x5614b19e54ba in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /10.5/sql/sql_parse.cc:7994 #12 0x5614b19bbf55 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /10.5/sql/sql_parse.cc:1867 #13 0x5614b19b87c9 in do_command(THD*) /10.5/sql/sql_parse.cc:1348 #14 0x5614b1dec92f in do_handle_one_connection(CONNECT*, bool) /10.5/sql/sql_connect.cc:1410 #15 0x5614b1dec288 in handle_one_connection /10.5/sql/sql_connect.cc:1312 #16 0x5614b2ab907e in pfs_spawn_thread /10.5/storage/perfschema/pfs.cc:2201 #17 0x7f4ddfd5f6da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da) #18 0x7f4ddef45a3e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x121a3e)

            Another variation:

            10.5 22414d2ed0f1f8be26fb5e82e0129b629e5dbd20

            mariadbd: /data/bld/10.5-debug/storage/innobase/row/row0sel.cc:4909: dberr_t row_search_mvcc(byte*, page_cur_mode_t, row_prebuilt_t*, ulint, ulint): Assertion `btr_page_get_index_id(btr_pcur_get_page(pcur)) == index->id' failed.
             
            #9  0x00007fcb63653eb2 in __GI___assert_fail (assertion=0x55c68ba89fe8 "btr_page_get_index_id(btr_pcur_get_page(pcur)) == index->id", file=0x55c68ba87cf8 "/data/bld/10.5-debug/storage/innobase/row/row0sel.cc", line=4909, function=0x55c68ba89b78 "dberr_t row_search_mvcc(byte*, page_cur_mode_t, row_prebuilt_t*, ulint, ulint)") at ./assert/assert.c:101
            #10 0x000055c68b23ffeb in row_search_mvcc (buf=0xa5a5a5a5a5a5a5af <error: Cannot access memory at address 0xa5a5a5a5a5a5a5af>, mode=PAGE_CUR_G, prebuilt=0x7fcaec1051e8, match_mode=0, direction=2) at /data/bld/10.5-debug/storage/innobase/row/row0sel.cc:4909
            #11 0x000055c68afdef32 in ha_innobase::general_fetch (this=0x7fcaec083d90, buf=0xa5a5a5a5a5a5a5af <error: Cannot access memory at address 0xa5a5a5a5a5a5a5af>, direction=2, match_mode=0) at /data/bld/10.5-debug/storage/innobase/handler/ha_innodb.cc:9197
            #12 0x000055c68afdf21c in ha_innobase::index_prev (this=0x7fcaec083d90, buf=0xa5a5a5a5a5a5a5af <error: Cannot access memory at address 0xa5a5a5a5a5a5a5af>) at /data/bld/10.5-debug/storage/innobase/handler/ha_innodb.cc:9285
            #13 0x000055c68ab831ab in handler::ha_index_prev (this=0x7fcaec083d90, buf=0xa5a5a5a5a5a5a5af <error: Cannot access memory at address 0xa5a5a5a5a5a5a5af>) at /data/bld/10.5-debug/sql/handler.cc:3319
            #14 0x000055c68aecc9ec in ha_partition::handle_ordered_prev (this=0x7fcaec2314d0, buf=0x7fcaec084e70 "\001") at /data/bld/10.5-debug/sql/ha_partition.cc:8344
            #15 0x000055c68aec5102 in ha_partition::index_prev (this=0x7fcaec2314d0, buf=0x7fcaec084e70 "\001") at /data/bld/10.5-debug/sql/ha_partition.cc:6190
            #16 0x000055c68ab82f94 in handler::ha_index_prev (this=0x7fcaec2314d0, buf=0x7fcaec084e70 "\001") at /data/bld/10.5-debug/sql/handler.cc:3319
            #17 0x000055c68a7752cf in mysql_ha_read (thd=0x7fcaec000dc8, tables=0x7fcaec0156a8, mode=RPREV, keyname=0x7fcaec015db0 "PRIMARY", key_expr=0x7fcaec015dd0, ha_rkey_mode=HA_READ_KEY_EXACT, cond=0x0, select_limit_cnt=1, offset_limit_cnt=0) at /data/bld/10.5-debug/sql/sql_handler.cc:923
            #18 0x000055c68a7d49df in mysql_execute_command (thd=0x7fcaec000dc8) at /data/bld/10.5-debug/sql/sql_parse.cc:5788
            #19 0x000055c68a7dc7b7 in mysql_parse (thd=0x7fcaec000dc8, rawbuf=0x7fcaec015520 "HANDLER alias4 READ `PRIMARY` PREV", length=34, parser_state=0x7fcb5c1a5380, is_com_multi=false, is_next_command=false) at /data/bld/10.5-debug/sql/sql_parse.cc:8252
            #20 0x000055c68a7c76ed in dispatch_command (command=COM_QUERY, thd=0x7fcaec000dc8, packet=0x7fcaec00b759 "", packet_length=34, is_com_multi=false, is_next_command=false) at /data/bld/10.5-debug/sql/sql_parse.cc:1891
            #21 0x000055c68a7c5e9c in do_command (thd=0x7fcaec000dc8) at /data/bld/10.5-debug/sql/sql_parse.cc:1375
            #22 0x000055c68a98f985 in do_handle_one_connection (connect=0x55c6ae78e6b8, put_in_cache=true) at /data/bld/10.5-debug/sql/sql_connect.cc:1386
            #23 0x000055c68a98f70d in handle_one_connection (arg=0x55c6ae842498) at /data/bld/10.5-debug/sql/sql_connect.cc:1298
            #24 0x000055c68aedb658 in pfs_spawn_thread (arg=0x55c6ae78e2f8) at /data/bld/10.5-debug/storage/perfschema/pfs.cc:2201
            #25 0x00007fcb636a81c4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #26 0x00007fcb6372885c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
            

            elenst Elena Stepanova added a comment - Another variation: 10.5 22414d2ed0f1f8be26fb5e82e0129b629e5dbd20 mariadbd: /data/bld/10.5-debug/storage/innobase/row/row0sel.cc:4909: dberr_t row_search_mvcc(byte*, page_cur_mode_t, row_prebuilt_t*, ulint, ulint): Assertion `btr_page_get_index_id(btr_pcur_get_page(pcur)) == index->id' failed.   #9 0x00007fcb63653eb2 in __GI___assert_fail (assertion=0x55c68ba89fe8 "btr_page_get_index_id(btr_pcur_get_page(pcur)) == index->id", file=0x55c68ba87cf8 "/data/bld/10.5-debug/storage/innobase/row/row0sel.cc", line=4909, function=0x55c68ba89b78 "dberr_t row_search_mvcc(byte*, page_cur_mode_t, row_prebuilt_t*, ulint, ulint)") at ./assert/assert.c:101 #10 0x000055c68b23ffeb in row_search_mvcc (buf=0xa5a5a5a5a5a5a5af <error: Cannot access memory at address 0xa5a5a5a5a5a5a5af>, mode=PAGE_CUR_G, prebuilt=0x7fcaec1051e8, match_mode=0, direction=2) at /data/bld/10.5-debug/storage/innobase/row/row0sel.cc:4909 #11 0x000055c68afdef32 in ha_innobase::general_fetch (this=0x7fcaec083d90, buf=0xa5a5a5a5a5a5a5af <error: Cannot access memory at address 0xa5a5a5a5a5a5a5af>, direction=2, match_mode=0) at /data/bld/10.5-debug/storage/innobase/handler/ha_innodb.cc:9197 #12 0x000055c68afdf21c in ha_innobase::index_prev (this=0x7fcaec083d90, buf=0xa5a5a5a5a5a5a5af <error: Cannot access memory at address 0xa5a5a5a5a5a5a5af>) at /data/bld/10.5-debug/storage/innobase/handler/ha_innodb.cc:9285 #13 0x000055c68ab831ab in handler::ha_index_prev (this=0x7fcaec083d90, buf=0xa5a5a5a5a5a5a5af <error: Cannot access memory at address 0xa5a5a5a5a5a5a5af>) at /data/bld/10.5-debug/sql/handler.cc:3319 #14 0x000055c68aecc9ec in ha_partition::handle_ordered_prev (this=0x7fcaec2314d0, buf=0x7fcaec084e70 "\001") at /data/bld/10.5-debug/sql/ha_partition.cc:8344 #15 0x000055c68aec5102 in ha_partition::index_prev (this=0x7fcaec2314d0, buf=0x7fcaec084e70 "\001") at /data/bld/10.5-debug/sql/ha_partition.cc:6190 #16 0x000055c68ab82f94 in handler::ha_index_prev (this=0x7fcaec2314d0, buf=0x7fcaec084e70 "\001") at /data/bld/10.5-debug/sql/handler.cc:3319 #17 0x000055c68a7752cf in mysql_ha_read (thd=0x7fcaec000dc8, tables=0x7fcaec0156a8, mode=RPREV, keyname=0x7fcaec015db0 "PRIMARY", key_expr=0x7fcaec015dd0, ha_rkey_mode=HA_READ_KEY_EXACT, cond=0x0, select_limit_cnt=1, offset_limit_cnt=0) at /data/bld/10.5-debug/sql/sql_handler.cc:923 #18 0x000055c68a7d49df in mysql_execute_command (thd=0x7fcaec000dc8) at /data/bld/10.5-debug/sql/sql_parse.cc:5788 #19 0x000055c68a7dc7b7 in mysql_parse (thd=0x7fcaec000dc8, rawbuf=0x7fcaec015520 "HANDLER alias4 READ `PRIMARY` PREV", length=34, parser_state=0x7fcb5c1a5380, is_com_multi=false, is_next_command=false) at /data/bld/10.5-debug/sql/sql_parse.cc:8252 #20 0x000055c68a7c76ed in dispatch_command (command=COM_QUERY, thd=0x7fcaec000dc8, packet=0x7fcaec00b759 "", packet_length=34, is_com_multi=false, is_next_command=false) at /data/bld/10.5-debug/sql/sql_parse.cc:1891 #21 0x000055c68a7c5e9c in do_command (thd=0x7fcaec000dc8) at /data/bld/10.5-debug/sql/sql_parse.cc:1375 #22 0x000055c68a98f985 in do_handle_one_connection (connect=0x55c6ae78e6b8, put_in_cache=true) at /data/bld/10.5-debug/sql/sql_connect.cc:1386 #23 0x000055c68a98f70d in handle_one_connection (arg=0x55c6ae842498) at /data/bld/10.5-debug/sql/sql_connect.cc:1298 #24 0x000055c68aedb658 in pfs_spawn_thread (arg=0x55c6ae78e2f8) at /data/bld/10.5-debug/storage/perfschema/pfs.cc:2201 #25 0x00007fcb636a81c4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442 #26 0x00007fcb6372885c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

            People

              holyfoot Alexey Botchkov
              alice Alice Sherepa
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.