[MDEV-20680] Server crashes in ha_partition::compare_number_of_records upon REPLACE into partition Created: 2019-09-26  Updated: 2022-12-07  Resolved: 2022-12-07

Status: Closed
Project: MariaDB Server
Component/s: Data Manipulation - Insert, Partitioning, Storage Engine - MyISAM
Affects Version/s: 10.4, 10.5, 10.6, 10.7, 10.8, 10.9
Fix Version/s: 10.3.37, 10.4.27, 10.5.18, 10.6.11, 10.7.7, 10.8.6, 10.9.4, 10.10.2

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Unassigned
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Relates
relates to MDEV-21134 Crash with partitioned table, PARTITI... Closed
relates to MDEV-22262 Server crashes in ha_partition::open ... Confirmed

 Description    

--source include/have_partition.inc
 
 
 
CREATE TABLE t1 (pk INT PRIMARY KEY, a VARCHAR(1024)) ENGINE=MyISAM PARTITION BY LIST (pk) (PARTITION p1 VALUES IN (0,1), PARTITION p2 VALUES IN (2,3,4));
 
INSERT INTO t1 (pk) VALUES (3),(4);
 
ALTER TABLE t1 ADD UNIQUE(a);
 
REPLACE INTO t1 PARTITION (p2) (pk) VALUES (4);
 
 
 
 
 
# Cleanup
 
DROP TABLE t1;

10.4 d3350c16

 
#3  <signal handler called>
 
#4  0x0000559e15e419cd in ha_partition::compare_number_of_records (me=0x7fed60014b10, a=0x7fed6013a180, b=0x7fed6013a184) at /data/src/10.4/sql/ha_partition.cc:8056
 
#5  0x0000559e15e6c87e in my_qsort2 (base_ptr=0x7fed6013a180, count=2, size=4, cmp=0x559e15e41994 <ha_partition::compare_number_of_records(ha_partition*, unsigned int const*, unsigned int const*)>, cmp_argument=0x7fed60014b10) at /data/src/10.4/mysys/mf_qsort.c:131
 
#6  0x0000559e15e42369 in ha_partition::info (this=0x7fed60014b10, flag=280) at /data/src/10.4/sql/ha_partition.cc:8337
 
#7  0x0000559e15e352cd in ha_partition::open (this=0x7fed60014b10, name=0x7fed6012c280 "./test/t1", mode=33, test_if_locked=1026) at /data/src/10.4/sql/ha_partition.cc:3655
 
#8  0x0000559e155f334b in handler::ha_open (this=0x7fed60014b10, table_arg=0x7fed60182b10, name=0x7fed6012c280 "./test/t1", mode=33, test_if_locked=1026, mem_root=0x0, partitions_to_open=0x0) at /data/src/10.4/sql/handler.cc:2746
 
#9  0x0000559e15e35591 in ha_partition::clone (this=0x7fed60183978, name=0x7fed6012c280 "./test/t1", mem_root=0x7fed60006488) at /data/src/10.4/sql/ha_partition.cc:3754
 
#10 0x0000559e153cd7b5 in TABLE::clone_handler_for_update (this=0x7fed60182b10) at /data/src/10.4/sql/table.cc:9091
 
#11 0x0000559e155ff1a8 in check_duplicate_long_entries_update (table=0x7fed60182b10, h=0x7fed60183978, new_rec=0x7fed60137248 "\377\004") at /data/src/10.4/sql/handler.cc:6623
 
#12 0x0000559e155ff9ca in handler::ha_update_row (this=0x7fed60183978, old_data=0x7fed60137658 "\377\004", new_data=0x7fed60137248 "\377\004") at /data/src/10.4/sql/handler.cc:6713
 
#13 0x0000559e152496a4 in write_record (thd=0x7fed60000b00, table=0x7fed60182b10, info=0x7fed70dbf4a0) at /data/src/10.4/sql/sql_insert.cc:1955
 
#14 0x0000559e15246bb0 in mysql_insert (thd=0x7fed60000b00, table_list=0x7fed60013280, fields=..., values_list=..., update_fields=..., update_values=..., duplic=DUP_REPLACE, ignore=false) at /data/src/10.4/sql/sql_insert.cc:1076
 
#15 0x0000559e152948c4 in mysql_execute_command (thd=0x7fed60000b00) at /data/src/10.4/sql/sql_parse.cc:4524
 
#16 0x0000559e152a104f in mysql_parse (thd=0x7fed60000b00, rawbuf=0x7fed60013128 "REPLACE INTO t1 PARTITION (p2) (pk) VALUES (4)", length=46, parser_state=0x7fed70dc0170, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:7912
 
#17 0x0000559e1528c2e2 in dispatch_command (command=COM_QUERY, thd=0x7fed60000b00, packet=0x7fed60008331 "REPLACE INTO t1 PARTITION (p2) (pk) VALUES (4)", packet_length=46, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1841
 
#18 0x0000559e1528a96f in do_command (thd=0x7fed60000b00) at /data/src/10.4/sql/sql_parse.cc:1359
 
#19 0x0000559e15411def in do_handle_one_connection (connect=0x559e187f9a60) at /data/src/10.4/sql/sql_connect.cc:1412
 
#20 0x0000559e15411b3e in handle_one_connection (arg=0x559e187f9a60) at /data/src/10.4/sql/sql_connect.cc:1316
 
#21 0x0000559e15e113a7 in pfs_spawn_thread (arg=0x559e187644a0) at /data/src/10.4/storage/perfschema/pfs.cc:1862
 
#22 0x00007fed787634a4 in start_thread (arg=0x7fed70dc1700) at pthread_create.c:456
 
#23 0x00007fed76cabd0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

All non-debug, debug and ASAN crash the same way.
Couldn't reproduce with InnoDB. The test case is not applicable to Aria and to 10.3 (long unique key).
10.5 is also affected.

 Comments   
Comment by Yuchen Pei [ 2022-12-07 ]

I created a test case, identical to that in the issue description above, and ran mtr on all versions from 10.4 to 10.9, and they all passed. So I am marking this as "Cannot reproduce".

Let me know if I have missed anything.

Comment by Elena Stepanova [ 2022-12-07 ]

With all probability it was fixed in the scope of MDEV-21134, there was a comment asking to re-check and close both, but the request wasn't fulfilled.

Generated at Thu Feb 08 09:01:21 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.