[MDEV-23167] Server crashes upon HANDLER READ from partitioned table Created: 2020-07-14  Updated: 2023-04-27

Status: Confirmed
Project: MariaDB Server
Component/s: Partitioning
Affects Version/s: 10.3, 10.4, 10.5, 10.6, 10.7, 10.8
Fix Version/s: 10.4, 10.5, 10.6

Type: Bug Priority: Major
Reporter: Alice Sherepa Assignee: Alexey Botchkov
Resolution: Unresolved Votes: 0
Labels: None

Issue Links:
Relates
relates to MDEV-20195 Assertion `0' failed in ha_partition:... Confirmed
relates to MDEV-20940 Data corruption after partition maint... Confirmed
relates to MDEV-18366 Crash on SELECT on a table that conta... Closed
relates to MDEV-23200 Assertion `btr_page_get_index_id(btr_... Confirmed

 Description   

Reproducible on 10.3-10.5, with Aria and Innodb.

--source include/have_partition.inc
 
--source include/have_innodb.inc
 
 
 
CREATE TABLE t1 (pk int NOT NULL PRIMARY KEY) engine=innodb partition BY KEY (pk) partitions 2;
 
INSERT INTO t1 values (1),(2),(3),(4),(5);
 
 
 
HANDLER  t1 OPEN AS a1;
 
HANDLER a1 READ `PRIMARY` > (3);
 
HANDLER a1 READ `PRIMARY` = (9);
 
HANDLER a1 READ `PRIMARY` PREV;

10.3 f3f23b5c4bdc669ad0af4

 
Version: '10.3.24-MariaDB-debug-log'  
200714 12:01:07 [ERROR] mysqld got signal 11 ;
 
 
 
/lib/x86_64-linux-gnu/libpthread.so.0(+0x128a0)[0x7f2bc307a8a0]
 
row/row0sel.cc:2756(row_sel_field_store_in_mysql_format_func(unsigned char*, mysql_row_templ_t const*, dict_index_t const*, unsigned long, unsigned char const*, unsigned long))[0x55685fc287f3]
 
row/row0sel.cc:3036(row_sel_store_mysql_field(unsigned char*, row_prebuilt_t*, unsigned char const*, dict_index_t const*, unsigned short const*, unsigned long, mysql_row_templ_t const*))[0x55685fc29908]
 
row/row0sel.cc:3168(row_sel_store_mysql_rec(unsigned char*, row_prebuilt_t*, unsigned char const*, dtuple_t const*, bool, dict_index_t const*, unsigned short const*))[0x55685fc2a06c]
 
row/row0sel.cc:5486(row_search_mvcc(unsigned char*, page_cur_mode_t, row_prebuilt_t*, unsigned long, unsigned long))[0x55685fc308c7]
 
handler/ha_innodb.cc:9550(ha_innobase::general_fetch(unsigned char*, unsigned int, unsigned int))[0x55685fa4f39c]
 
handler/ha_innodb.cc:9644(ha_innobase::index_prev(unsigned char*))[0x55685fa4f67c]
 
sql/handler.cc:2975(handler::ha_index_prev(unsigned char*))[0x55685f81f63c]
 
sql/ha_partition.cc:8033(ha_partition::handle_ordered_prev(unsigned char*))[0x55686005488a]
 
sql/ha_partition.cc:5938(ha_partition::index_prev(unsigned char*))[0x55686004d9da]
 
sql/handler.cc:2975(handler::ha_index_prev(unsigned char*))[0x55685f81f5ea]
 
sql/sql_handler.cc:922(mysql_ha_read(THD*, TABLE_LIST*, enum_ha_read_modes, char const*, List<Item>*, ha_rkey_function, Item*, unsigned long long, unsigned long long))[0x55685f4b5779]
 
sql/sql_parse.cc:5492(mysql_execute_command(THD*))[0x55685f501e18]
 
sql/sql_parse.cc:7810(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x55685f509556]
 
sql/sql_parse.cc:1850(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x55685f4f5d8b]
 
sql/sql_parse.cc:1393(do_command(THD*))[0x55685f4f46a5]
 
sql/sql_connect.cc:1403(do_handle_one_connection(CONNECT*))[0x55685f66dc33]
 
sql/sql_connect.cc:1309(handle_one_connection)[0x55685f66d995]
 
perfschema/pfs.cc:1871(pfs_spawn_thread)[0x55686002539d]
 
nptl/pthread_create.c:463(start_thread)[0x7f2bc306f6db]
 
x86_64/clone.S:97(clone)[0x7f2bc2459a3f]
 
 
 
Query (0x7f2b6c012a78): HANDLER a1 READ `PRIMARY` PREV

the same with Aria:

--source include/have_partition.inc
 
 
 
CREATE TABLE t1 (pk int NOT NULL PRIMARY KEY) engine=aria partition BY KEY (pk) partitions 2;
 
INSERT INTO t1 values (1),(2),(3),(4),(5);
 
 
 
HANDLER  t1 OPEN AS a1;
 
HANDLER a1 READ `PRIMARY` > (3);
 
HANDLER a1 READ `PRIMARY` = (9);
 
HANDLER a1 READ `PRIMARY` PREV;


200714 12:04:39 [ERROR] mysqld got signal 11 ;
 
 
 
/lib/x86_64-linux-gnu/libpthread.so.0(+0x128a0)[0x7f9462abd8a0]
 
multiarch/memmove-vec-unaligned-erms.S:275(__nss_passwd_lookup)[0x7f9461f09dab]
 
maria/ma_blockrec.c:4796(_ma_read_block_record2)[0x558a8987981a]
 
maria/ma_blockrec.c:5178(_ma_read_block_record)[0x558a8987ab10]
 
maria/ma_rprev.c:100(maria_rprev)[0x558a89896d8f]
 
maria/ha_maria.cc:2327(ha_maria::index_prev(unsigned char*))[0x558a8980ab2a]
 
sql/handler.cc:2975(handler::ha_index_prev(unsigned char*))[0x558a8917163c]
 
sql/ha_partition.cc:8033(ha_partition::handle_ordered_prev(unsigned char*))[0x558a899a688a]
 
sql/ha_partition.cc:5938(ha_partition::index_prev(unsigned char*))[0x558a8999f9da]
 
sql/handler.cc:2975(handler::ha_index_prev(unsigned char*))[0x558a891715ea]
 
sql/sql_handler.cc:922(mysql_ha_read(THD*, TABLE_LIST*, enum_ha_read_modes, char const*, List<Item>*, ha_rkey_function, Item*, unsigned long long, unsigned long long))[0x558a88e07779]
 
sql/sql_parse.cc:5492(mysql_execute_command(THD*))[0x558a88e53e18]
 
sql/sql_parse.cc:7810(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x558a88e5b556]
 
sql/sql_parse.cc:1850(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x558a88e47d8b]
 
sql/sql_parse.cc:1393(do_command(THD*))[0x558a88e466a5]
 
sql/sql_connect.cc:1403(do_handle_one_connection(CONNECT*))[0x558a88fbfc33]
 
sql/sql_connect.cc:1309(handle_one_connection)[0x558a88fbf995]
 
perfschema/pfs.cc:1871(pfs_spawn_thread)[0x558a8997739d]
 
nptl/pthread_create.c:463(start_thread)[0x7f9462ab26db]
 
x86_64/clone.S:97(clone)[0x7f9461e9ca3f]
 
 
 
Query (0x7f9408012a78): HANDLER a1 READ `PRIMARY` PREV

MyIsam returns: "query 'HANDLER a1 READ `PRIMARY` PREV' failed: 1030: Got error 14 "Bad address" from storage engine MyISAM"

No visible effect on non-debug build.

 Comments   
Comment by Alice Sherepa [ 2020-08-04 ]

some variation

10.5 9ef36faa614528b66e0a6

 
Version: '10.5.6-MariaDB-debug-log'  
2020-09-02 15:29:04 5 [Note] Start binlog_dump to slave_server(2), pos(, 4), using_gtid(0), gtid('')
 
ASAN:DEADLYSIGNAL
 
=================================================================
 
==25935==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f4de18d4634 bp 0x7f4da9658a40 sp 0x7f4da96581b0 T29)
 
==25935==The signal is caused by a READ memory access.
 
==25935==Hint: address points to the zero page.
 
    #0 0x7f4de18d4633  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x79633)
 
    #1 0x5614b35af49a in _mi_rec_unpack /10.5/storage/myisam/mi_dynrec.c:1335
 
    #2 0x5614b35b06f4 in _mi_read_dynamic_record /10.5/storage/myisam/mi_dynrec.c:1529
 
    #3 0x5614b35fdc06 in mi_rprev /10.5/storage/myisam/mi_rprev.c:106
 
    #4 0x5614b35598b8 in ha_myisam::index_prev(unsigned char*) /10.5/storage/myisam/ha_myisam.cc:1986
 
    #5 0x5614b21b7820 in handler::ha_index_prev(unsigned char*) /10.5/sql/handler.cc:3191
 
    #6 0x5614b2a90348 in ha_partition::handle_ordered_prev(unsigned char*) /10.5/sql/ha_partition.cc:8152
 
    #7 0x5614b2a7b4c5 in ha_partition::index_prev(unsigned char*) /10.5/sql/ha_partition.cc:6066
 
    #8 0x5614b21b7820 in handler::ha_index_prev(unsigned char*) /10.5/sql/handler.cc:3191
 
    #9 0x5614b18fd923 in mysql_ha_read(THD*, TABLE_LIST*, enum_ha_read_modes, char const*, List<Item>*, ha_rkey_function, Item*, unsigned long long, unsigned long long) /10.5/sql/sql_handler.cc:921
 
    #10 0x5614b19d5066 in mysql_execute_command(THD*) /10.5/sql/sql_parse.cc:5557
 
    #11 0x5614b19e54ba in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /10.5/sql/sql_parse.cc:7994
 
    #12 0x5614b19bbf55 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /10.5/sql/sql_parse.cc:1867
 
    #13 0x5614b19b87c9 in do_command(THD*) /10.5/sql/sql_parse.cc:1348
 
    #14 0x5614b1dec92f in do_handle_one_connection(CONNECT*, bool) /10.5/sql/sql_connect.cc:1410
 
    #15 0x5614b1dec288 in handle_one_connection /10.5/sql/sql_connect.cc:1312
 
    #16 0x5614b2ab907e in pfs_spawn_thread /10.5/storage/perfschema/pfs.cc:2201
 
    #17 0x7f4ddfd5f6da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
 
    #18 0x7f4ddef45a3e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x121a3e)

Generated at Thu Feb 08 09:20:21 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.