Details
-
Bug
-
Status: Closed (View Workflow)
-
Blocker
-
Resolution: Fixed
-
12.3
-
Can result in hang or crash
-
Q2/2026 Server Development
Description
Note that there are two test cases in the reproducer below. The test cases are identical except for extra HANDLER t READ NEXT command in the first one. The first one causes a non-debug crash, the second one a debug assertion failure. Both failures started happening after the guilty commit mentioned below. Please make sure that both pass before the bug report is closed, or split the report into two if necessary.
#
|
# SIGSEGV in que_fork_get_first_thr |
#
|
|
|
--source include/have_innodb.inc
|
--source include/have_partition.inc
|
|
|
CREATE TABLE t (pk YEAR PRIMARY KEY) ENGINE=InnoDB |
PARTITION BY key (pk) PARTITIONS 2; |
INSERT INTO t VALUES (2001); |
|
|
SELECT * FROM t WHERE pk = 3000; |
HANDLER t OPEN; |
HANDLER t READ NEXT; |
HANDLER t READ `PRIMARY` PREV; |
HANDLER t READ `PRIMARY` PREV; |
|
|
DROP TABLE t; |
|
|
#
|
# Assertion failure in ha_partition::handle_unordered_prev |
#
|
|
|
--source include/have_innodb.inc
|
--source include/have_partition.inc
|
|
|
CREATE TABLE t (pk YEAR PRIMARY KEY) ENGINE=InnoDB |
PARTITION BY key (pk) PARTITIONS 2; |
INSERT INTO t VALUES (2001); |
|
|
SELECT * FROM t WHERE pk = 3000; |
HANDLER t OPEN; |
HANDLER t READ `PRIMARY` PREV; |
HANDLER t READ `PRIMARY` PREV; |
|
|
DROP TABLE t; |
|
12.3 f445c066ab679169599e80d210527571ecf8f9d1 |
storage/innobase/include/que0que.inl:48:38: runtime error: member access within null pointer of type 'struct que_fork_t'
|
#2 <signal handler called>
|
#3 0x000055a26c346182 in que_fork_get_first_thr (fork=0x0) at /data/bld/12.3-rel/storage/innobase/include/que0que.inl:48
|
#4 row_search_mvcc (buf=<optimized out>, mode=<optimized out>, mode@entry=PAGE_CUR_UNSUPP, prebuilt=0x77810c156ee8, match_mode=match_mode@entry=0, direction=direction@entry=2) at /data/bld/12.3-rel/storage/innobase/row/row0sel.cc:4695
|
#5 0x000055a26c271f9d in ha_innobase::general_fetch (match_mode=0, direction=2, buf=<optimized out>, this=0x77810c23ac80) at /data/bld/12.3-rel/storage/innobase/handler/ha_innodb.cc:9264
|
#6 ha_innobase::index_prev (this=0x77810c23ac80, buf=<optimized out>) at /data/bld/12.3-rel/storage/innobase/handler/ha_innodb.cc:9345
|
#7 0x000055a26bf2a537 in handler::ha_index_prev (this=0x77810c23ac80, buf=buf@entry=0x77810c23b4f0 "\377e") at /data/bld/12.3-rel/sql/handler.cc:4236
|
#8 0x000055a26c1b195a in ha_partition::handle_unordered_prev (buf=0x77810c23b4f0 "\377e", this=0x77810c239af0) at /data/bld/12.3-rel/sql/ha_partition.cc:7957
|
#9 ha_partition::index_prev (this=0x77810c239af0, buf=0x77810c23b4f0 "\377e") at /data/bld/12.3-rel/sql/ha_partition.cc:6281
|
#10 0x000055a26bf2a4eb in handler::ha_index_prev (this=0x77810c239af0, buf=0x77810c23b4f0 "\377e") at /data/bld/12.3-rel/sql/handler.cc:4236
|
#11 0x000055a26bc2cf26 in mysql_ha_read (thd=thd@entry=0x77810c000c70, tables=tables@entry=0x77810c013720, mode=<optimized out>, keyname=<optimized out>, key_expr=<optimized out>, ha_rkey_mode=<optimized out>, cond=<optimized out>, select_limit_cnt=<optimized out>, offset_limit_cnt=<optimized out>) at /data/bld/12.3-rel/sql/sql_handler.cc:933
|
#12 0x000055a26bc76a48 in mysql_execute_command (thd=thd@entry=0x77810c000c70, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /data/bld/12.3-rel/sql/sql_limit.h:94
|
#13 0x000055a26bc78b06 in mysql_parse (thd=0x77810c000c70, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /data/bld/12.3-rel/sql/sql_parse.cc:7949
|
#14 0x000055a26bc7b585 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x77810c000c70, packet=packet@entry=0x77810c008d81 "", packet_length=packet_length@entry=29, blocking=blocking@entry=true) at /data/bld/12.3-rel/sql/sql_parse.cc:2002
|
#15 0x000055a26bc7cb7f in do_command (thd=thd@entry=0x77810c000c70, blocking=blocking@entry=true) at /data/bld/12.3-rel/sql/sql_parse.cc:1437
|
#16 0x000055a26bdb9515 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55a276e66f40, put_in_cache=put_in_cache@entry=true) at /data/bld/12.3-rel/sql/sql_connect.cc:1503
|
#17 0x000055a26bdb986d in handle_one_connection (arg=arg@entry=0x55a276e66f40) at /data/bld/12.3-rel/sql/sql_connect.cc:1415
|
#18 0x000055a26c1ba54c in pfs_spawn_thread (arg=0x55a276dfe760) at /data/bld/12.3-rel/storage/perfschema/pfs.cc:2198
|
#19 0x00007f81407c91c4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
|
#20 0x00007f814084985c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
|
mariadbd: /data/bld/12.3-asan-ubsan/sql/ha_partition.cc:7952: int ha_partition::handle_unordered_prev(uchar*): Assertion `0' failed.
|
260505 22:55:19 [ERROR] /share8t/bld/12.3-asan-ubsan/sql/mariadbd got signal 6 ;
|
|
|
#10 0x00007f4935453eb2 in __GI___assert_fail (assertion=0x55ae04c5f5a0 "0", file=0x55ae04c5eec0 "/data/bld/12.3-asan-ubsan/sql/ha_partition.cc", line=7952, function=0x55ae04c67880 "int ha_partition::handle_unordered_prev(uchar*)") at ./assert/assert.c:101
|
#11 0x000055ae029157d5 in ha_partition::handle_unordered_prev (this=this@entry=0x62500029b960, buf=buf@entry=0x62500029d380 "\377") at /data/bld/12.3-asan-ubsan/sql/ha_partition.cc:7952
|
#12 0x000055ae02918c4e in ha_partition::index_prev (this=0x62500029b960, buf=<optimized out>) at /data/bld/12.3-asan-ubsan/sql/ha_partition.cc:6281
|
#13 0x000055ae0184e1f5 in handler::ha_index_prev (this=this@entry=0x62500029b960, buf=<optimized out>) at /data/bld/12.3-asan-ubsan/sql/handler.cc:4236
|
#14 0x000055adffdf959b in mysql_ha_read (thd=thd@entry=0x62c0001e0220, tables=tables@entry=0x62d00017c610, mode=mode@entry=RPREV, keyname=keyname@entry=0x62d00017cd80 "PRIMARY", key_expr=key_expr@entry=0x0, ha_rkey_mode=ha_rkey_mode@entry=HA_READ_KEY_EXACT, cond=<optimized out>, select_limit_cnt=<optimized out>, offset_limit_cnt=<optimized out>) at /data/bld/12.3-asan-ubsan/sql/sql_handler.cc:933
|
#15 0x000055ae0005b970 in mysql_execute_command (thd=thd@entry=0x62c0001e0220, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /data/bld/12.3-asan-ubsan/sql/sql_parse.cc:5535
|
#16 0x000055ae00065176 in mysql_parse (thd=thd@entry=0x62c0001e0220, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7749220b2a00) at /data/bld/12.3-asan-ubsan/sql/sql_parse.cc:7949
|
#17 0x000055ae0006e230 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x62c0001e0220, packet=packet@entry=0x6290002d0221 "", packet_length=packet_length@entry=29, blocking=blocking@entry=true) at /data/bld/12.3-asan-ubsan/sql/sql_parse.cc:1903
|
#18 0x000055ae0007ad4d in do_command (thd=thd@entry=0x62c0001e0220, blocking=blocking@entry=true) at /data/bld/12.3-asan-ubsan/sql/sql_parse.cc:1437
|
#19 0x000055ae00a33928 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x60b0000062b0, put_in_cache=put_in_cache@entry=true) at /data/bld/12.3-asan-ubsan/sql/sql_connect.cc:1503
|
#20 0x000055ae00a34a91 in handle_one_connection (arg=0x60b0000062b0) at /data/bld/12.3-asan-ubsan/sql/sql_connect.cc:1415
|
#21 0x000055ae02978079 in pfs_spawn_thread (arg=0x617000009720) at /data/bld/12.3-asan-ubsan/storage/perfschema/pfs.cc:2198
|
#22 0x00007f49354a81c4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
|
#23 0x00007f493552885c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
|
The failures started happening after this commit in 12.3.1:
commit 496aecf9251e3d74b83285f4e787daa9d8c37ae4 (HEAD)
|
Author: Yuchen Pei
|
Date: Fri Nov 21 14:49:39 2025 +1100
|
|
|
MDEV-37330 Allow unordered index scan for tables partitioned by range when a priority queue is not needed
|
Attachments
Issue Links
- is caused by
-
MDEV-37330 Ordered scans over PARTITION BY RANGE should not use priority queue
-
- Closed
-
- relates to
-
-
- Closed
-