[MDEV-22649] SIGSEGV in ha_partition::create_partitioning_metadata on ALTER Created: 2020-05-21  Updated: 2023-11-27  Resolved: 2020-06-15

Status: Closed
Project: MariaDB Server
Component/s: Partitioning
Affects Version/s: 10.5.4, 10.5.3
Fix Version/s: 10.5.4

Type: Bug Priority: Blocker
Reporter: Roel Van de Paar Assignee: Michael Widenius
Resolution: Fixed Votes: 0
Labels: not-10.1, not-10.2, not-10.3, not-10.4, regression

Issue Links:
Relates

 Description    

USE test;
 
SET default_storage_engine=MyISAM;
 
SET SESSION alter_algorithm=4;
 
CREATE TABLE t(a INT) PARTITION BY RANGE(a) SUBPARTITION BY KEY(a) (PARTITION p0 VALUES LESS THAN (10) (SUBPARTITION s0,SUBPARTITION s1), PARTITION p1 VALUES LESS THAN (20) (SUBPARTITION s2,SUBPARTITION s3));
 
ALTER TABLE t ADD COLUMN c INT;

Leads to:

10.5.4 69077dea25f6e7cab4ff8927e4429ad62af9de49

 
Core was generated by `/test/MD160520-mariadb-10.5.4-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
 
Program terminated with signal SIGSEGV, Segmentation fault.
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
 
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
 
[Current thread is 1 (Thread 0x15319f35b700 (LWP 3223198))]
 
(gdb) bt
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
 
#1  0x00005614731a9617 in my_write_core (sig=sig@entry=11) at /test/10.5_opt/mysys/stacktrace.c:518
 
#2  0x0000561472b6c0fa in handle_fatal_signal (sig=11) at /test/10.5_opt/sql/signal_handler.cc:329
 
#3  <signal handler called>
 
#4  0x0000561472dc6869 in ha_partition::create_partitioning_metadata (this=0x15317c46f630, path=0x15319f35928d "./test/#sql-alter-312c43-4", old_path=0x0, action_flag=CHF_DELETE_FLAG) at /test/10.5_opt/sql/ha_partition.cc:689
 
#5  0x00005614728677a3 in cleanup_table_after_inplace_alter (table=table@entry=0x15319f356730) at /test/10.5_opt/sql/sql_table.cc:9559
 
#6  0x0000561472a0e5de in mysql_alter_table (thd=thd@entry=0x15317c412018, new_db=new_db@entry=0x15317c416710, new_name=new_name@entry=0x15317c416b18, create_info=create_info@entry=0x15319f359600, table_list=<optimized out>, table_list@entry=0x15317c447118, alter_info=alter_info@entry=0x15319f359530, order_num=0, order=0x0, ignore=false, if_exists=false) at /test/10.5_opt/sql/sql_table.cc:10417
 
#7  0x0000561472a6a7a1 in Sql_cmd_alter_table::execute (this=<optimized out>, thd=0x15317c412018) at /test/10.5_opt/sql/sql_alter.cc:532
 
#8  0x00005614729765d0 in mysql_execute_command (thd=thd@entry=0x15317c412018) at /test/10.5_opt/sql/sql_parse.cc:5912
 
#9  0x000056147297d82c in mysql_parse (thd=0x15317c412018, rawbuf=<optimized out>, length=30, parser_state=0x15319f35a4b0, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.5_opt/sql/sql_parse.cc:7957
 
#10 0x0000561472972e75 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x15317c412018, packet=packet@entry=0x15317c43a019 "ALTER TABLE t ADD COLUMN c INT", packet_length=packet_length@entry=30, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_opt/sql/sql_parse.cc:1839
 
#11 0x0000561472971106 in do_command (thd=0x15317c412018) at /test/10.5_opt/sql/sql_parse.cc:1358
 
#12 0x0000561472a65bf1 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x15319d0329b8, put_in_cache=put_in_cache@entry=true) at /test/10.5_opt/sql/sql_connect.cc:1411
 
#13 0x0000561472a65f54 in handle_one_connection (arg=arg@entry=0x15319d0329b8) at /test/10.5_opt/sql/sql_connect.cc:1313
 
#14 0x0000561472dd143a in pfs_spawn_thread (arg=0x15319d04b018) at /test/10.5_opt/storage/perfschema/pfs.cc:2201
 
#15 0x000015319e7826db in start_thread (arg=0x15319f35b700) at pthread_create.c:463
 
#16 0x000015319db8088f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.5.3 (dbg), 10.5.3 (opt), 10.5.4 (dbg), 10.5.4 (opt)

Bug confirmed not present in:
MariaDB: 10.1.45 (dbg), 10.1.45 (opt), 10.2.32 (dbg), 10.2.32 (opt), 10.3.23 (dbg), 10.3.23 (opt), 10.4.13 (dbg), 10.4.13 (opt), 10.5.2 (dbg), 10.5.2 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.47 (dbg), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)

 Comments   
Comment by Roel Van de Paar [ 2020-05-21 ]

Somewhat different stack on 10.5.3 debug:

10.5.3 cfe5ee90c8e4b9dfa98a41fcd299197a59261be7

 
Core was generated by `/test/MD110520-mariadb-10.5.3-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
 
Program terminated with signal SIGSEGV, Segmentation fault.
 
[Current thread is 1 (Thread 0x14b05bd1b700 (LWP 3971842))]
 
(gdb) bt
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
 
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
 
#1  0x000055f17f51ec11 in my_write_core (sig=sig@entry=11) at /test/10.5_dbg/mysys/stacktrace.c:518
 
#2  0x000055f17ecc3f8d in handle_fatal_signal (sig=11) at /test/10.5_dbg/sql/signal_handler.cc:329
 
#3  <signal handler called>
 
#4  0x000055f17efb6b3d in ha_partition::create_partitioning_metadata (this=0x14b039c48ea0, 
    path=0x14b05bd18f2d "./test/#sql-alter-3c98fc-4", old_path=0x0, action_flag=CHF_DELETE_FLAG)
 
    at /test/10.5_dbg/sql/ha_partition.cc:689
 
#5  0x000055f17ecd2a5d in handler::ha_create_partitioning_metadata (this=0x14b039c48ea0, 
    name=0x14b05bd18f2d "./test/#sql-alter-3c98fc-4", old_name=old_name@entry=0x0, 
    action_flag=action_flag@entry=CHF_DELETE_FLAG) at /test/10.5_dbg/sql/handler.cc:4931
 
#6  0x000055f17ead8875 in cleanup_table_after_inplace_alter (table=table@entry=0x14b05bd16a70)
 
    at /test/10.5_dbg/sql/sql_table.cc:9559
 
#7  0x000055f17eaf0f25 in mysql_alter_table (thd=thd@entry=0x14b039c15088, 
    new_db=new_db@entry=0x14b039c19940, new_name=new_name@entry=0x14b039c19d48, 
    create_info=create_info@entry=0x14b05bd192b0, table_list=<optimized out>, 
    table_list@entry=0x14b039c74188, alter_info=alter_info@entry=0x14b05bd191e0, order_num=0, 
    order=0x0, ignore=false, if_exists=false) at /test/10.5_dbg/sql/sql_table.cc:10417
 
#8  0x000055f17eb747d0 in Sql_cmd_alter_table::execute (this=<optimized out>, thd=0x14b039c15088)
 
    at /test/10.5_dbg/sql/sql_alter.cc:532
 
#9  0x000055f17ea1feda in mysql_execute_command (thd=thd@entry=0x14b039c15088)
 
    at /test/10.5_dbg/sql/sql_parse.cc:5912
 
#10 0x000055f17ea27804 in mysql_parse (thd=thd@entry=0x14b039c15088, rawbuf=<optimized out>, 
    length=<optimized out>, parser_state=parser_state@entry=0x14b05bd1a3e0, 
    is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false)
 
    at /test/10.5_dbg/sql/sql_parse.cc:7957
 
#11 0x000055f17ea13ffd in dispatch_command (command=command@entry=COM_QUERY, 
    thd=thd@entry=0x14b039c15088, 
    packet=packet@entry=0x14b039c67089 "ALTER TABLE t ADD COLUMN c INT", 
    packet_length=packet_length@entry=30, is_com_multi=is_com_multi@entry=false, 
    is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:1839
 
#12 0x000055f17ea128cc in do_command (thd=0x14b039c15088) at /test/10.5_dbg/sql/sql_parse.cc:1358
 
#13 0x000055f17eb6c99d in do_handle_one_connection (connect=<optimized out>, 
    connect@entry=0x14b03a8433a8, put_in_cache=put_in_cache@entry=true)
 
    at /test/10.5_dbg/sql/sql_connect.cc:1411
 
#14 0x000055f17eb6d0b9 in handle_one_connection (arg=arg@entry=0x14b03a8433a8)
 
    at /test/10.5_dbg/sql/sql_connect.cc:1313
 
#15 0x000055f17efcb10a in pfs_spawn_thread (arg=0x14b059845888)
 
    at /test/10.5_dbg/storage/perfschema/pfs.cc:2201
 
#16 0x000014b05b1426db in start_thread (arg=0x14b05bd1b700) at pthread_create.c:463
 
#17 0x000014b05a54088f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Comment by Sergei Golubchik [ 2020-06-03 ]

Introduced by

commit eca5c2c67ff1854b186b0e1b8dd342cb988e94d2
 
Author: Monty <monty@mariadb.org>
 
Date:   Mon Mar 30 14:50:03 2020 +0300
 
 
 
    Added support for more functions when using partitioned S3 tables
 
    
    MDEV-22088 S3 partitioning support

Comment by Michael Widenius [ 2020-06-05 ]

Fixed in bb-10.5-monty. Will be pushed soon to 10.5 after tree review

Comment by Michael Widenius [ 2020-06-15 ]

Problem was that we didn't take into account that when ALTER TABLE ... DROP PARTITION would fail because of a wrong DROP, then part->engine_type may be 0

Generated at Thu Feb 08 09:16:23 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.