Percona Server moved to https://jira.percona.com/projects/PS

handle_fatal_signal 8 (divide by zero) in ha_partition::min_rows_for_estimate for SELECT...WHERE on partitioned table

Bug #1033724 reported by Roel Van de Paar
34
This bug affects 4 people
Affects Status Importance Assigned to Milestone
MySQL Server
Unknown
Unknown
Percona Server moved to https://jira.percona.com/projects/PS
Invalid
High
Unassigned
5.1
Invalid
Undecided
Unassigned
5.5
Invalid
High
Unassigned

Bug Description

(gdb) bt
#0 0x000000307260c60c in pthread_kill () from /lib64/libpthread.so.0
#1 0x0000000000690d1f in handle_fatal_signal (sig=8) at /percona-server/5.5/Percona-Server-5.5.25a-rel27.1/sql/signal_handler.cc:249
#2 <signal handler called>
#3 0x000000000096d38a in ha_partition::min_rows_for_estimate (this=this@entry=0x7ff5e80197e0)
at /percona-server/5.5/Percona-Server-5.5.25a-rel27.1/sql/ha_partition.cc:6351
#4 0x000000000096d420 in ha_partition::records_in_range (this=0x7ff5e80197e0, inx=0, min_key=0x7ff6005d5f00, max_key=0x7ff6005d5f20)
at /percona-server/5.5/Percona-Server-5.5.25a-rel27.1/sql/ha_partition.cc:6427
#5 0x000000000073a143 in check_quick_keys (param=param@entry=0x7ff6005d7b30, idx=0, key_tree=0x7ff5e8013d88,
min_key=min_key@entry=0x7ff6005d7c88 "", min_key_flag=min_key_flag@entry=0, min_keypart=min_keypart@entry=-1,
max_key=max_key@entry=0x7ff6005d8b86 "\001", max_key_flag=max_key_flag@entry=0, max_keypart=max_keypart@entry=-1)
at /percona-server/5.5/Percona-Server-5.5.25a-rel27.1/sql/opt_range.cc:7807
#6 0x000000000073a8ce in check_quick_select (param=param@entry=0x7ff6005d7b30, idx=idx@entry=0, tree=<optimized out>, update_tbl_stats=update_tbl_stats@entry=true)
at /percona-server/5.5/Percona-Server-5.5.25a-rel27.1/sql/opt_range.cc:7578
#7 0x0000000000747599 in get_key_scans_params (estimated_records=<synthetic pointer>, read_time=1.2, update_tbl_stats=true,
index_read_must_be_used=false, tree=0x7ff5e8013828, param=0x7ff6005d7b30)
at /percona-server/5.5/Percona-Server-5.5.25a-rel27.1/sql/opt_range.cc:4966
#8 SQL_SELECT::test_quick_select (this=0x7ff5e80062f8, thd=0x3552c30, keys_to_use=..., prev_tables=<optimized out>, limit=<optimized out>, force_quick_range=<optimized out>)
at /percona-server/5.5/Percona-Server-5.5.25a-rel27.1/sql/opt_range.cc:2322
#9 0x00000000005d41db in get_quick_record_count (limit=<optimized out>, keys=0x7ff5e8005ec8, table=0x7ff5e8018f00, select=0x7ff5e80062f8, thd=<optimized out>)
at /percona-server/5.5/Percona-Server-5.5.25a-rel27.1/sql/sql_select.cc:2635
#10 make_join_statistics (join=join@entry=0x7ff5e8011260, tables_arg=0x7ff5e8004da0, conds=0x7ff5e80058c0,
keyuse_array=keyuse_array@entry=0x7ff5e8012818) at /percona-server/5.5/Percona-Server-5.5.25a-rel27.1/sql/sql_select.cc:3084
#11 0x00000000005d73fd in JOIN::optimize (this=this@entry=0x7ff5e8011260)
at /percona-server/5.5/Percona-Server-5.5.25a-rel27.1/sql/sql_select.cc:1076
#12 0x00000000005d9c27 in mysql_select (thd=thd@entry=0x3552c30, rref_pointer_array=rref_pointer_array@entry=0x35550b8, tables=<optimized out>, wild_num=<optimized out>, fields=..., conds=<optimized out>, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=result@entry=0x7ff5e8005a68, unit=0x35548c0, select_lex=select_lex@entry=0x3554ee0)
at /percona-server/5.5/Percona-Server-5.5.25a-rel27.1/sql/sql_select.cc:2586
#13 0x00000000005dfd5f in handle_select (thd=0x3552c30, lex=0x3554800, result=0x7ff5e8005a68, setup_tables_done_option=0)
at /percona-server/5.5/Percona-Server-5.5.25a-rel27.1/sql/sql_select.cc:312
#14 0x00000000005990f1 in execute_sqlcom_select (thd=thd@entry=0x3552c30, all_tables=0x7ff5e8004da0)
at /percona-server/5.5/Percona-Server-5.5.25a-rel27.1/sql/sql_parse.cc:4739
#15 0x00000000005a06c3 in mysql_execute_command (thd=thd@entry=0x3552c30)
at /percona-server/5.5/Percona-Server-5.5.25a-rel27.1/sql/sql_parse.cc:2283
#16 0x00000000005a4741 in mysql_parse (thd=thd@entry=0x3552c30, rawbuf=<optimized out>, length=40,parser_state=parser_state@entry=0x7ff6005db810) at /percona-server/5.5/Percona-Server-5.5.25a-rel27.1/sql/sql_parse.cc:5809
#17 0x00000000005a5bc0 in dispatch_command (command=COM_QUERY, thd=0x3552c30, packet=<optimized out>, packet_length=40)
at /percona-server/5.5/Percona-Server-5.5.25a-rel27.1/sql/sql_parse.cc:1060
#18 0x000000000063dedf in do_handle_one_connection (thd_arg=thd_arg@entry=0x3552c30)
at /percona-server/5.5/Percona-Server-5.5.25a-rel27.1/sql/sql_connect.cc:1458
#19 0x000000000063dfa1 in handle_one_connection (arg=0x3552c30) at /percona-server/5.5/Percona-Server-5.5.25a-rel27.1/sql/sql_connect.cc:1365
#20 0x0000003072607d14 in start_thread () from /lib64/libpthread.so.0
#21 0x00000030722f197d in clone () from /lib64/libc.so.6

(gdb) frame 3
#3 0x000000000096d38a in ha_partition::min_rows_for_estimate (this=this@entry=0x7ff5e80197e0)
at /percona-server/5.5/Percona-Server-5.5.25a-rel27.1/sql/ha_partition.cc:6351
6351 DBUG_RETURN(stats.records * max_used_partitions / tot_used_partitions);

(gdb) p tot_used_partitions
$1 = 0

=======================================================================

Testcase:
  CREATE TABLE t1 (c1 int key) PARTITION BY KEY (c1) PARTITIONS 2;
  SELECT * FROM t1 WHERE c1 > 0 AND c1 < 1;

Crashes:
  Percona-Server-5.5.25a-rel27.1 (optimized)
  mysql-5.5.25a-linux2.6-x86_64 (optimized)

Does not crash:
  mysql-5.5.27-linux2.6-x86_64 (optimized) (!)
  mysql-5.1.63-linux-x86_64-glibc23 (optimized)
  mysql-5.1.57-linux-x86_64-glibc23 (optimized)
  Percona-Server-5.1.63-rel13.4-458.Linux.x86_64 (optimized)

A user seeing this crash:
  http://stackoverflow.com/questions/11538705/mysql-with-innodb-table-keep-crashing

See original description
Tags: qa crash i32744
Roel Van de Paar (roel11)
description: updated
description: updated
Revision history for this message
Roel Van de Paar (roel11) wrote :

The crash in mysql-5.5.25a-linux2.6-x86_64 has a slightly different stacktrace (diff: no frame #4 ha_partition::records_in_range):

(gdb) bt
[...]
#2 <signal handler called>
#3 ha_partition::min_rows_for_estimate (this=<optimized out>) at /pb2/build/sb_0-6211460-1340979815.56/mysql-5.5.25a/sql/ha_partition.cc:6340
#4 0x000000000072c9ef in check_quick_keys (param=0x7fb0c9086fb0, idx=3154162400, key_tree=0x0, min_key=0x7fb0c9087108 "", min_key_flag=0,
min_keypart=-1, max_key=0x7fb0c9088006 "\001", max_key_flag=0, max_keypart=-1)
at /pb2/build/sb_0-6211460-1340979815.56/mysql-5.5.25a/sql/opt_range.cc:7789
#5 0x000000000072d0fe in check_quick_select (param=0x7fb0c9086fb0, idx=0, tree=0x7fb0bc013fd8, update_tbl_stats=<optimized out>)
at /pb2/build/sb_0-6211460-1340979815.56/mysql-5.5.25a/sql/opt_range.cc:7560
[...]

description: updated
description: updated
Revision history for this message
Alexey Kopytov (akopytov) wrote :

This has been fixed upstream (apparently in 5.5.27, though I could not find it in changelogs). Here's the commit with the fix:

  bug#13949735: crash regression from bug#13694811.

  There can be cases when the optimizer calls ha_partition::records_in_range
  when there are no matching partitions. So the DBUG_ASSERT of
  !tot_used_partitions does assert.

  Fixed by returning 0 instead when no matching partitions are found.

  This will avoid the crash. records_in_range will then try to find the
  biggest used partition, which will not find any partition and
  records_in_range will then return 0, meaning non rows can be found.

  Patch contributed by Davi Arnaut at twitter.

Revision history for this message
Raghavendra D Prabhu (raghavendra-prabhu) wrote :

This looks like the upstream bug for it - http://bugs.mysql.com/bug.php?id=65587

markus_albe (markus-albe)
tags: added: i32744
Revision history for this message
Shahriyar Rzayev (rzayev-sehriyar) wrote :

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PS-575

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.