[MDEV-21134] Crash with partitioned table, PARTITION syntax, and index_merge Created: 2019-11-23  Updated: 2022-11-22  Resolved: 2022-09-27

Status: Closed
Project: MariaDB Server
Component/s: Partitioning
Affects Version/s: 10.3.20, 10.3, 10.4, 10.5, 10.6, 10.7
Fix Version/s: 10.3.37, 10.4.27, 10.5.18, 10.6.11, 10.7.7

Type: Bug Priority: Critical
Reporter: Sergei Petrunia Assignee: Alexey Botchkov
Resolution: Fixed Votes: 1
Labels: None

Attachments: File psergey-mdev21134-incomplete.diff    
Issue Links:
Relates
relates to MDEV-20680 Server crashes in ha_partition::compa... Closed
relates to MDEV-22262 Server crashes in ha_partition::open ... Confirmed
relates to MDEV-21061 Select Query causes signal 11 from my... Stalled

 Description    

create table t1 (
 
  pk int primary key,
 
  a int,
 
  b int,
 
  filler char(32),
 
  key (a),
 
  key (b)
 
) engine=myisam  partition by range(pk) (
 
  partition p0 values less than (10),
 
  partition p1 values less than MAXVALUE
 
) ;


insert into t1 select 
   seq,
 
   MOD(seq, 100),
 
   MOD(seq, 100),
 
   'filler-data-filler-data'
 
from
 
 seq_1_to_50000;


explain 
select * from t1 partition (p1) where a=10 and b=10;
 
flush tables;
 
select * from t1 partition (p1)where a=10 and b=10;

explain output:

MariaDB [j3]> explain 
    -> select * from t1 partition (p1) where a=10 and b=10;
 
+------+-------------+-------+-------------+---------------+------+---------+------+------+-----------------------------------+
 
| id   | select_type | table | type        | possible_keys | key  | key_len | ref  | rows | Extra                             |
 
+------+-------------+-------+-------------+---------------+------+---------+------+------+-----------------------------------+
 
|    1 | SIMPLE      | t1    | index_merge | a,b           | a,b  | 5,5     | NULL |    4 | Using intersect(a,b); Using where |
 
+------+-------------+-------+-------------+---------------+------+---------+------+------+-----------------------------------+

The select crashes 

  Thread 38 "mysqld" received signal SIGSEGV, Segmentation fault.
 
  [Switching to LWP 803]
 
  0x0000555556776031 in ha_partition::compare_number_of_records (me=0x7ffe54076f10, a=0x7ffe54069c30, b=0x7ffe54069c34) at /home/psergey/dev-git/10.3.20/sql/ha_partition.cc:8058
 
(gdb) wher
 
  #0  0x0000555556776031 in ha_partition::compare_number_of_records (me=0x7ffe54076f10, a=0x7ffe54069c30, b=0x7ffe54069c34) at /home/psergey/dev-git/10.3.20/sql/ha_partition.cc:8058
 
  #1  0x00005555567a09e8 in my_qsort2 (base_ptr=0x7ffe54069c30, count=2, size=4, cmp=0x555556775ff8 <ha_partition::compare_number_of_records(ha_partition*, unsigned int const*, unsigned int const*)>, cmp_argument=0x7ffe54076f10) at /home/psergey/dev-git/10.3.20/mysys/mf_qsort.c:131
 
  #2  0x0000555556776a07 in ha_partition::info (this=0x7ffe54076f10, flag=280) at /home/psergey/dev-git/10.3.20/sql/ha_partition.cc:8340
 
  #3  0x0000555556769806 in ha_partition::open (this=0x7ffe54076f10, name=0x7ffe54044b80 "./j2/t1", mode=33, test_if_locked=1026) at /home/psergey/dev-git/10.3.20/sql/ha_partition.cc:3653
 
  #4  0x0000555555f4481d in handler::ha_open (this=0x7ffe54076f10, table_arg=0x7ffe54040a40, name=0x7ffe54044b80 "./j2/t1", mode=33, test_if_locked=1026, mem_root=0x0, partitions_to_open=0x0) at /home/psergey/dev-git/10.3.20/sql/handler.cc:2760
 
  #5  0x0000555556769acd in ha_partition::clone (this=0x7ffe5407c978, name=0x7ffe54044b80 "./j2/t1", mem_root=0x7ffe5403b510) at /home/psergey/dev-git/10.3.20/sql/ha_partition.cc:3752
 
  #6  0x00005555560acefe in QUICK_RANGE_SELECT::init_ror_merged_scan (this=0x7ffe6c014810, reuse_handler=false, local_alloc=0x7ffe5403b510) at /home/psergey/dev-git/10.3.20/sql/opt_range.cc:1503
 
  #7  0x00005555560ad3b0 in QUICK_ROR_INTERSECT_SELECT::init_ror_merged_scan (this=0x7ffe5403b4b0, reuse_handler=true, local_alloc=0x7ffe5403b510) at /home/psergey/dev-git/10.3.20/sql/opt_range.cc:1608
 
  #8  0x00005555560ad63e in QUICK_ROR_INTERSECT_SELECT::reset (this=0x7ffe5403b4b0) at /home/psergey/dev-git/10.3.20/sql/opt_range.cc:1643
 
  #9  0x0000555555ca281b in join_init_read_record (tab=0x7ffe54017460) at /home/psergey/dev-git/10.3.20/sql/sql_select.cc:20451
 
  #10 0x0000555555ca050b in sub_select (join=0x7ffe54014c88, join_tab=0x7ffe54017460, end_of_records=false) at /home/psergey/dev-git/10.3.20/sql/sql_select.cc:19527
 
  #11 0x0000555555c9f9f7 in do_select (join=0x7ffe54014c88, procedure=0x0) at /home/psergey/dev-git/10.3.20/sql/sql_select.cc:19070
 
  #12 0x0000555555c76a00 in JOIN::exec_inner (this=0x7ffe54014c88) at /home/psergey/dev-git/10.3.20/sql/sql_select.cc:4040
 
  #13 0x0000555555c75dd0 in JOIN::exec (this=0x7ffe54014c88) at /home/psergey/dev-git/10.3.20/sql/sql_select.cc:3834



 Comments   
Comment by Sergei Petrunia [ 2019-11-23 ]

This is 10.3-specific, as "do not open un-needed partitions in the clone has been introduced here: https://github.com/mariadb/server/commit/b4a2baffa82e5c07b96a1c752228560dcac1359b

Comment by Sergei Petrunia [ 2019-11-23 ]

Another case after I fixed the first one:

(gdb) wher
 
  #0  0x0000555555ba1db2 in handler::ha_table_flags (this=0x0) at /home/psergey/dev-git/10.3.20/sql/handler.h:3122
 
  #1  0x0000555556779f74 in ha_partition::table_flags (this=0x7ffe5c02a9c8) at /home/psergey/dev-git/10.3.20/sql/ha_partition.cc:9887
 
  #2  0x0000555555f44b42 in handler::ha_open (this=0x7ffe5c02a9c8, table_arg=0x7ffe5c01f3b0, name=0x7ffe5c013730 "./j3/t1", mode=33, test_if_locked=1026, mem_root=0x0, partitions_to_open=0x0) at /home/psergey/dev-git/10.3.20/sql/handler.cc:2801
 
  #3  0x0000555556769acd in ha_partition::clone (this=0x7ffe5c01fff8, name=0x7ffe5c013730 "./j3/t1", mem_root=0x7ffe5c023f80) at /home/psergey/dev-git/10.3.20/sql/ha_partition.cc:3752
 
  #4  0x00005555560acefe in QUICK_RANGE_SELECT::init_ror_merged_scan (this=0x7ffe5c02b940, reuse_handler=false, local_alloc=0x7ffe5c023f80) at /home/psergey/dev-git/10.3.20/sql/opt_range.cc:1503
 
  #5  0x00005555560ad3b0 in QUICK_ROR_INTERSECT_SELECT::init_ror_merged_scan (this=0x7ffe5c023f20, reuse_handler=true, local_alloc=0x7ffe5c023f80) at /home/psergey/dev-git/10.3.20/sql/opt_range.cc:1608
 
  #6  0x00005555560ad63e in QUICK_ROR_INTERSECT_SELECT::reset (this=0x7ffe5c023f20) at /home/psergey/dev-git/10.3.20/sql/opt_range.cc:1643
 
  #7  0x0000555555ca281b in join_init_read_record (tab=0x7ffe5c017410) at /home/psergey/dev-git/10.3.20/sql/sql_select.cc:20451
 
  #8  0x0000555555ca050b in sub_select (join=0x7ffe5c014bf8, join_tab=0x7ffe5c017410, end_of_records=false) at /home/psergey/dev-git/10.3.20/sql/sql_select.cc:19527
 
  #9  0x0000555555c9f9f7 in do_select (join=0x7ffe5c014bf8, procedure=0x0) at /home/psergey/dev-git/10.3.20/sql/sql_select.cc:19070
 
  #10 0x0000555555c76a00 in JOIN::exec_inner (this=0x7ffe5c014bf8) at /home/psergey/dev-git/10.3.20/sql/sql_select.cc:4040
 
  #11 0x0000555555c75dd0 in JOIN::exec (this=0x7ffe5c014bf8) at /home/psergey/dev-git/10.3.20/sql/sql_select.cc:3834
 
  #12 0x0000555555c770e5 in mysql_select (thd=0x7ffe5c000d50, tables=0x7ffe5c013d28, wild_num=1, fields=..., conds=0x7ffe5c0149c0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7ffe5c014bd0, unit=0x7ffe5c004c20, select_lex=0x7ffe5c0053a0) at /home/psergey/dev-git/10.3.20/sql/sql_select.cc:4239
 
  #13 0x0000555555c68b57 in handle_select (thd=0x7ffe5c000d50, lex=0x7ffe5c004b58, result=0x7ffe5c014bd0, setup_tables_done_option=0) at /home/psergey/dev-git/10.3.20/sql/sql_select.cc:370
 
  #14 0x0000555555c3051c in execute_sqlcom_select (thd=0x7ffe5c000d50, all_tables=0x7ffe5c013d28) at /home/psergey/dev-git/10.3.20/sql/sql_parse.cc:6291
 
  #15 0x0000555555c26f4a in mysql_execute_command (thd=0x7ffe5c000d50) at /home/psergey/dev-git/10.3.20/sql/sql_parse.cc:3821
 
  #16 0x0000555555c34814 in mysql_parse (thd=0x7ffe5c000d50, rawbuf=0x7ffe5c013aa8 "select * from t1 partition (p1)where a=10 and b=10", length=50, parser_state=0x7ffff016e5c0, is_com_multi=false, is_next_command=false) at /home/psergey/dev-git/10.3.20/sql/sql_parse.cc:7815

Comment by Elena Stepanova [ 2019-11-23 ]

The one in the description looks like a duplicate of it might be related to MDEV-20680, but the test case in MDEV-20680 wasn't applicable to 10.4. Please close both after making sure that the test case from MDEV-20680 doesn't fail after the fix.

Comment by Sergei Petrunia [ 2019-11-23 ]

Attached a patch that makes the testcase pass. I'm not sure of the approach taken, though.
Some code uses `m_file[first_used_partition]`, some code uses m_file_sample, some code uses m_file[0]. Sometimes, m_file[] is present but not open()'ed.

Comment by Alexey Botchkov [ 2022-08-19 ]

https://github.com/MariaDB/server/commit/b902114da1087be5a846c5cfa5da99d7375109a4

Comment by Nayuta Yanagisawa (Inactive) [ 2022-08-22 ]

OK to push

Generated at Thu Feb 08 09:04:50 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.