Bug #30822 ALTER TABLE COALESCE PARTITION causes segmentation fault
Submitted: 5 Sep 2007 9:15 Modified: 13 Dec 2007 12:36
Reporter: Guilhem Bichot Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Partitions Severity:S3 (Non-critical)
Version:5.1-bk, 5.2-BK OS:Linux
Assigned to: Mattias Jonsson CPU Architecture:Any
Tags: coalesce partition, crash, partition by hash, partition by key
Triage: D2 (Serious)

[5 Sep 2007 9:15] Guilhem Bichot
Description:
I tested only using the latest 5.1-maint tree. Please verify with the main tree.
See how-to-repeat

How to repeat:
Create bug.test:
CREATE TABLE t1 (c1 TINYINT NOT NULL, c2 CHAR(5)) PARTITION BY LINEAR KEY(c1) PARTITIONS 10;
INSERT INTO t1 VALUES(0,'abc'),(5,'abc'),(10,'abc'),(15,'abc'),(20,'abc'),(25,'abc'),(30,'abc'),(35,'abc');
ALTER TABLE t1 ADD PARTITION PARTITIONS 10;
ALTER TABLE t1 COALESCE PARTITION 18;
then run
./mtr --mem bug
mysqltest: At line 4: query 'ALTER TABLE t1 COALESCE PARTITION 18' failed: 2013: Lost connection to MySQL server during query
It's signal 11. Valgrind shows:
==12897== Invalid read of size 4
==12897==    at 0x832A761: ha_partition::copy_partitions(unsigned long long*, un
signed long long*) (ha_partition.cc:1569)
==12897==    by 0x832B0E5: ha_partition::change_partitions(st_ha_create_informat
ion*, char const*, unsigned long long*, unsigned long long*, unsigned char const
*, unsigned) (ha_partition.cc:1503)
==12897==    by 0x817A84D: mysql_change_partitions(st_lock_param_type*) (sql_par
tition.cc:5077)
==12897==    by 0x817C0CC: fast_alter_partition_table(THD*, st_table*, Alter_inf
o*, st_ha_create_information*, TABLE_LIST*, char*, char const*, unsigned) (sql_p
artition.cc:6354)
==12897==    by 0x833AED5: mysql_alter_table(THD*, char*, char*, st_ha_create_in
formation*, TABLE_LIST*, Alter_info*, unsigned, st_order*, bool) (sql_table.cc:6
216)
==12897==    by 0x82412CF: mysql_execute_command(THD*) (sql_parse.cc:2474)
==12897==    by 0x8241D9D: mysql_parse(THD*, char const*, unsigned, char const**
) (sql_parse.cc:5457)
==12897==    by 0x824304F: dispatch_command(enum_server_command, THD*, char*, un
signed) (sql_parse.cc:958)
==12897==    by 0x82440EC: do_command(THD*) (sql_parse.cc:717)
==12897==    by 0x82337CD: handle_one_connection (sql_connect.cc:1099)
==12897==    by 0x404D111: start_thread (in /lib/libpthread-2.5.so)
==12897==    by 0x41A62ED: clone (in /lib/libc-2.5.so)
==12897==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
[5 Sep 2007 9:47] Sveta Smirnova
Thank you for the report.

Verified as described.
[9 Oct 2007 10:53] Sergey Vojtovich
The problem is likely around get_part_id_from_linear_hash() function, which shouldn't return value bigger than number of partitions.

Try to execute it with following arguments:
get_part_id_from_linear_hash (hash_value=267, mask=31, no_parts=2)

Return value will be 11, whereas it must be smaller than no_parts (that is 2).

OTOH the problem may be that we don't call set_linear_hash_mask() for new partitioned table.
[9 Oct 2007 12:45] Mikael Ronström
The error is the mask parameter, if no_parts is 2 the mask should be 1.
So the bug is that mask is not updated as part of the coalesce partition call.
Only the number of parts is updated, the get_linear_... call assumes that
mask is set properly.
[20 Nov 2007 10:21] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/38119

ChangeSet@1.2621, 2007-11-20 11:21:00+01:00, mattiasj@mattias-jonssons-macbook.local +5 -0
  Bug#30822: ALTER TABLE COALESCE PARTITION causes segmentation fault
  
  Problem was for LINEAR HASH/KEY. Crashes because of wrong partition id
  returned when creating the new altered partitions. (because of wrong
  linear hash mask)
  
  Solution: Update the linear hash mask before using it for the new
  altered table.
[20 Nov 2007 10:29] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/38123

ChangeSet@1.2621, 2007-11-20 09:20:59+01:00, mattiasj@mattias-jonssons-macbook.local +5 -0
  Bug#30822: ALTER TABLE COALESCE PARTITION causes segmentation fault
  
  Problem was for LINEAR HASH/KEY. Crashes because of wrong partition id
  returned when creating the new altered partitions. (because of wrong
  linear hash mask)
  
  Solution: Update the linear hash mask before using it for the new
  altered table.
[12 Dec 2007 23:00] Bugs System
Pushed into 6.0.5-alpha
[12 Dec 2007 23:02] Bugs System
Pushed into 5.1.23-rc
[13 Dec 2007 12:36] Jon Stephens
Documented bugfix in 5.1.23 and 6.0.5 changelogs as:

      
        ALTER TABLE ... COALESCE PARTITION on a table
        partitioned by [LINEAR] HASH or
        [LINEAR] KEY caused the server to crash.