MariaDB

Using 'innodb_sys_indexes' causes core dump

Bug #875797 reported by Michael Widenius on 2011-10-16

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	MariaDB	Fix Released	Medium	Unassigned	MariaDB 5.2
	Percona Server moved to https://jira.percona.com/projects/PS	Invalid	Undecided	Unassigned

Bug Description

Using 'innodb_sys_indexes' causes core dump with MariaDB 5.2 with XtraDB.
MySQL doesn't have the bug as MySQL doesn't expose innodb_sys_indexe

Here is a test case:

- Start with a clean setup (no ib* files and no tables in the test database)

Execute the included script with:

mysql test < /tmp/query2

You get a core dump with the following stack trace:

x0000000000ad37de in mach_read_from_2 (b=0x2a <Address 0x2a out of bounds>) at ./include/mach0data.ic:84
(gdb) back
#0 0x0000000000ad37de in mach_read_from_2 (b=0x2a <Address 0x2a out of bounds>) at ./include/mach0data.ic:84
#1 0x0000000000ae27f1 in page_header_get_field (page=0x0, field=4) at ./include/page0page.ic:119
#2 0x0000000000ae298a in page_is_comp (page=0x0) at ./include/page0page.ic:237
#3 0x0000000000ae29b1 in page_rec_is_comp (rec=0x0) at ./include/page0page.ic:250
#4 0x0000000000ae3096 in page_rec_get_next (rec=0x0) at ./include/page0page.ic:739
#5 0x0000000000adf2e9 in page_cur_move_to_next (cur=0x7ffff7f86508) at ./include/page0cur.ic:185
#6 0x0000000000b49a09 in btr_pcur_move_to_next_on_page (cursor=0x7ffff7f86500) at ./include/btr0pcur.ic:288
#7 0x0000000000b49b00 in btr_pcur_move_to_next_user_rec (cursor=0x7ffff7f86500, mtr=0x7ffff7f86060) at ./include/btr0pcur.ic:352
#8 0x0000000000abe895 in i_s_innodb_schema_table_fill (thd=0x2483d40, tables=0x2499d68, cond=0x0) at handler/i_s.cc:4338
#9 0x0000000000846024 in get_schema_tables_result (join=0x249cf08, executed_place=PROCESSED_BY_JOIN_EXEC) at sql_show.cc:6682
#10 0x00000000007286f3 in JOIN::exec (this=0x249cf08) at sql_select.cc:1858
#11 0x000000000072ae3a in mysql_select (thd=0x2483d40, rref_pointer_array=0x2486778, tables=0x2499d68, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2684635648, result=0x2493d38, unit=0x2486120, select_lex=0x2486580) at sql_select.cc:2565
#12 0x0000000000722b35 in handle_select (thd=0x2483d40, lex=0x2486080, result=0x2493d38, setup_tables_done_option=0) at sql_select.cc:280
#13 0x00000000006be089 in execute_sqlcom_select (thd=0x2483d40, all_tables=0x2499d68) at sql_parse.cc:5157
#14 0x00000000006b51c9 in mysql_execute_command (thd=0x2483d40) at sql_parse.cc:2301
#15 0x00000000006c099d in mysql_parse (thd=0x2483d40, rawbuf=0x2494868 "SELECT COUNT(*) FROM `information_schema`.`INNODB_SYS_INDEXES`", length=62, found_semicolon=0x7ffff7f87cb8) at sql_parse.cc:6156
#16 0x00000000006b2a8c in dispatch_command (command=COM_QUERY, thd=0x2483d40, packet=0x2487151 "SELECT COUNT(*) FROM `information_schema`.`INNODB_SYS_INDEXES`", packet_length=62) at sql_parse.cc:1226

The issue seams to be that page=0x0 in a lot of calls.
A likely cause for the bug is that the code in i_s_innodb_schema_table_fill() doesn't properly detect that we are at end of the table.

Revision history for this message

Michael Widenius (monty) wrote on 2011-10-16:

query2 Edit (802 bytes, text/plain)

Changed in maria:
milestone:	none → 5.2

Stewart Smith (stewart) on 2011-10-17

Changed in percona-server:
assignee:	nobody → Yasufumi Kinoshita (yasufumi-kinoshita)

Revision history for this message

Yasufumi Kinoshita (yasufumi-kinoshita) wrote on 2011-10-17:

I cannot reproduce at PerconaServer-5.1.58, at least

Revision history for this message

Stewart Smith (stewart) wrote on 2011-10-17: Re: [Bug 875797] Re: Using 'innodb_sys_indexes' causes core dump

On Mon, 17 Oct 2011 00:54:48 -0000, Yasufumi Kinoshita <email address hidden> wrote:
> I cannot reproduce at PerconaServer-5.1.58, at least

Could this be one of the fixes we've done in Percona Server but possibly
not merged into MariaDB?

--
Stewart Smith

Revision history for this message

Yasufumi Kinoshita (yasufumi-kinoshita) wrote on 2011-10-17:

Stewart,

I don't know how XtraDB is used at MariaDB at all, even how it has been broken.
I think MariaDB doesn't use XtraDB as it is.

So I have to do is just wrote the fact.
The judgement should be done by MariaDB team themselves...

Revision history for this message

Yasufumi Kinoshita (yasufumi-kinoshita) wrote on 2011-10-17:

I cannot reproduce at PerconaServer-5.5.15, also

Yasufumi Kinoshita (yasufumi-kinoshita) on 2011-10-20

Changed in percona-server:
status:	New → Invalid

Revision history for this message

Tomáš Zvala (foxlik) wrote on 2011-11-06:

any news on this one? pretty please! :)

Revision history for this message

Michael Widenius (monty) wrote on 2011-11-18:

Yasufumi Kinoshita: MariaDB uses XtraDB since version one.
http://kb.askmonty.org/en/about-xtradb

Thanks for testing that the latest Percona-5.1 server doesn't have the problem. In that case the issue is probably that we haven't the latest xtradb code in 5.1.

We will merge it this/early next week and if this fixes the issue we will close this bug.

Revision history for this message

Michael Widenius (monty) wrote on 2011-11-24:

I have verified that after merge with latest Percona server, the error disappeared from MariaDB.

Changed in maria:
status:	New → Fix Committed

Michael Widenius (monty) on 2011-11-29

Changed in maria:
importance:	Undecided → Medium

Daniel Bartholomew (dbart) on 2011-12-13

Changed in maria:
status:	Fix Committed → Fix Released

Revision history for this message

Shahriyar Rzayev (rzayev-sehriyar) wrote on 2018-01-25:

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PS-2698

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

query2 Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.