Percona Server moved to https://jira.percona.com/projects/PS

innodb-persistent-stats-root-page crashes on invalid values | handle_fatal_signal (sig=6) in btr_cur_search_to_nth_level

Bug #1604218 reported by Roel Van de Paar
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Percona Server moved to https://jira.percona.com/projects/PS
Status tracked in 5.7
5.5
Triaged
Low
Unassigned
5.6
Invalid
Undecided
Unassigned
5.7
Invalid
Undecided
Unassigned

Bug Description

# mysqld options required for replay: --innodb-persistent-stats-root-page=1125899906842624
DROP DATABASE test;CREATE DATABASE test;USE test;
CREATE TABLE t1(goods int(1),name CHAR (1),shop char(1));
drop table t1,t2;

# mysqld options required for replay: --innodb-persistent-stats-root-page=1125899906842624
DROP DATABASE test;CREATE DATABASE test;USE test;
CREATE TABLE t1(c1 CHAR (1));
DROP TABLE t1,t9;

Backtrace:
+bt
#0 0x00007f709a867741 in __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c:61
#1 0x00000000007f6128 in my_write_core (sig=6) at /bzr/5.5_dbg/mysys/stacktrace.c:433
#2 0x00000000006b704a in handle_fatal_signal (sig=6) at /bzr/5.5_dbg/sql/signal_handler.cc:250
#3 <signal handler called>
#4 0x00007f70992345f7 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#5 0x00007f7099235ce8 in __GI_abort () at abort.c:90
#6 0x00000000009150ad in btr_cur_search_to_nth_level (index=index@entry=0x73009a8, level=level@entry=0, tuple=0x7f6ff401c320, mode=2, latch_mode=latch_mode@entry=1, cursor=cursor@entry=0x7f6ff401c090, has_search_latch=has_search_latch@entry=0, file=file@entry=0xb64a58 "/bzr/5.5_dbg/storage/innobase/row/row0sel.c", line=line@entry=1076, mtr=mtr@entry=0x7f709406a620) at /bzr/5.5_dbg/storage/innobase/btr/btr0cur.c:758
#7 0x00000000008a44d2 in btr_pcur_open_with_no_init_func (mtr=0x7f709406a620, line=1076, file=0xb64a58 "/bzr/5.5_dbg/storage/innobase/row/row0sel.c", has_search_latch=0, cursor=0x7f6ff401c090, latch_mode=1, mode=<optimized out>, tuple=<optimized out>, index=0x73009a8) at /bzr/5.5_dbg/storage/innobase/include/btr0pcur.ic:482
#8 row_sel_open_pcur (plan=plan@entry=0x7f6ff401c080, search_latch_locked=search_latch_locked@entry=0, mtr=mtr@entry=0x7f709406a620) at /bzr/5.5_dbg/storage/innobase/row/row0sel.c:1074
#9 0x00000000008a7dbc in row_sel (node=node@entry=0x7f6ff401bfa0, thr=thr@entry=0x7f6ff401e948) at /bzr/5.5_dbg/storage/innobase/row/row0sel.c:1445
#10 0x00000000008aa740 in row_sel_step (thr=thr@entry=0x7f6ff401e948) at /bzr/5.5_dbg/storage/innobase/row/row0sel.c:2105
#11 0x0000000000a12dbd in que_thr_step (thr=0x7f6ff401e948) at /bzr/5.5_dbg/storage/innobase/que/que0que.c:1234
#12 que_run_threads_low (thr=0x7f6ff401e948) at /bzr/5.5_dbg/storage/innobase/que/que0que.c:1319
#13 que_run_threads (thr=<optimized out>) at /bzr/5.5_dbg/storage/innobase/que/que0que.c:1356
#14 0x0000000000a13ab1 in que_eval_sql (info=info@entry=0x7f6ff4011ed8, sql=sql@entry=0xb61f98 "PROCEDURE DROP_TABLE_PROC () IS\nsys_foreign_id CHAR;\ntable_id CHAR;\nindex_id CHAR;\nforeign_id CHAR;\nfound INT;\nDECLARE CURSOR cur_fk IS\nSELECT ID FROM SYS_FOREIGN\nWHERE FOR_NAME = :table_name\nAND TO_BINARY(FOR_NAME)\n = TO_BINARY(:table_name)\nLOCK IN SHARE MODE;\nDECLARE CURSOR cur_idx IS\nSELECT ID FROM SYS_INDEXES\nWHERE TABLE_ID = table_id\nLOCK IN SHARE MODE;\nBEGIN\nSELECT ID INTO table_id\nFROM SYS_TABLES\nWHERE NAME = :table_name\nLOCK IN SHARE MODE;\nIF (SQL % NOTFOUND) THEN\n RETURN;\nEND IF;\nfound := 1;\nSELECT ID INTO sys_foreign_id\nFROM SYS_TABLES\nWHERE NAME = 'SYS_FOREIGN'\nLOCK IN SHARE MODE;\nIF (SQL % NOTFOUND) THEN\n found := 0;\nEND IF;\nIF (:table_name = 'SYS_FOREIGN') THEN\n found := 0;\nEND IF;\nIF (:table_name = 'SYS_FOREIGN_COLS') THEN\n found := 0;\nEND IF;\nOPEN cur_fk;\nWHILE found = 1 LOOP\n FETCH cur_fk INTO foreign_id;\n IF (SQL % NOTFOUND) THEN\n", ' ' <repeats 15 times>, "found := 0;\n ELSE\n", ' ' <repeats 15 times>, "DELETE FROM SYS_FOREIGN_COLS\n", ' ' <repeats 15 times>, "WHERE ID = foreign_id;\n", ' ' <repeats 15 times>, "DELETE FROM SYS_FOREIGN\n", ' ' <repeats 15 times>, "WHERE ID = foreign_id;\n END IF;\nEND LOOP;\nCLOSE cur_fk;\nfound := 1;\nOPEN cur_idx;\nWHILE found = 1 LOOP\n FETCH cur_idx INTO index_id;\n IF (SQL % NOTFOUND) THEN\n", ' ' <repeats 15 times>, "found := 0;\n ELSE\n", ' ' <repeats 15 times>, "DELETE FROM SYS_STATS\n", ' ' <repeats 15 times>, "WHERE INDEX_ID = index_id;\n", ' ' <repeats 15 times>, "DELETE FROM SYS_FIELDS\n", ' ' <repeats 15 times>, "WHERE INDEX_ID = index_id;\n", ' ' <repeats 15 times>, "DELETE FROM SYS_INDEXES\n", ' ' <repeats 15 times>..., reserve_dict_mutex=reserve_dict_mutex@entry=0, trx=trx@entry=0x7f6ff4017148) at /bzr/5.5_dbg/storage/innobase/que/que0que.c:1445
#15 0x0000000000899b26 in row_drop_table_for_mysql (name=<optimized out>, trx=<optimized out>, drop_db=<optimized out>) at /bzr/5.5_dbg/storage/innobase/row/row0mysql.c:3454
#16 0x000000000086e301 in ha_innobase::delete_table (this=<optimized out>, name=<optimized out>) at /bzr/5.5_dbg/storage/innobase/handler/ha_innodb.cc:8535
#17 0x00000000006bdd53 in handler::ha_delete_table (this=this@entry=0x7f6ff400fe80, name=name@entry=0x7f709406c4b0 "./test/t1") at /bzr/5.5_dbg/sql/handler.cc:3694
#18 0x00000000006bde58 in ha_delete_table (thd=thd@entry=0x7328360, table_type=table_type@entry=0x30362b0, path=path@entry=0x7f709406c4b0 "./test/t1", db=db@entry=0x7f6ff40051f0 "test", alias=0x7f6ff4004c90 "t1", generate_warning=generate_warning@entry=true) at /bzr/5.5_dbg/sql/handler.cc:2237
#19 0x00000000005fec01 in mysql_rm_table_no_locks (thd=thd@entry=0x7328360, tables=tables@entry=0x7f6ff4004cc8, if_exists=if_exists@entry=false, drop_temporary=drop_temporary@entry=false, drop_view=drop_view@entry=false, dont_log_query=dont_log_query@entry=false) at /bzr/5.5_dbg/sql/sql_table.cc:2278
#20 0x00000000005ff68f in mysql_rm_table (thd=thd@entry=0x7328360, tables=tables@entry=0x7f6ff4004cc8, if_exists=<optimized out>, drop_temporary=<optimized out>) at /bzr/5.5_dbg/sql/sql_table.cc:1969
#21 0x0000000000597fd7 in mysql_execute_command (thd=thd@entry=0x7328360) at /bzr/5.5_dbg/sql/sql_parse.cc:3367
#22 0x000000000059c8f3 in mysql_parse (thd=thd@entry=0x7328360, rawbuf=<optimized out>, length=16, parser_state=parser_state@entry=0x7f709406d580) at /bzr/5.5_dbg/sql/sql_parse.cc:6055
#23 0x000000000059e2f7 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7328360, packet=packet@entry=0x73abf41 "drop table t1,t2", packet_length=packet_length@entry=16) at /bzr/5.5_dbg/sql/sql_parse.cc:1075
#24 0x00000000005a010f in do_command (thd=0x7328360) at /bzr/5.5_dbg/sql/sql_parse.cc:789
#25 0x000000000064d8c0 in do_handle_one_connection (thd_arg=thd_arg@entry=0x7328360) at /bzr/5.5_dbg/sql/sql_connect.cc:1409
#26 0x000000000064d9b6 in handle_one_connection (arg=0x7328360) at /bzr/5.5_dbg/sql/sql_connect.cc:1324
#27 0x00007f709a862dc5 in start_thread (arg=0x7f709406e700) at pthread_create.c:308
#28 0x00007f70992f521d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Tags: qa xtradb
Revision history for this message
Roel Van de Paar (roel11) wrote :

Split of from bug 1382764

summary: - handle_fatal_signal (sig=6) in btr_cur_search_to_nth_level |
+ handle_fatal_signal (sig=6) in btr_cur_search_to_nth_level
Laurynas Biveinis (laurynas-biveinis)
tags: added: xtradb
summary: + innodb-persistent-stats-root-page crashes on invalid values |
handle_fatal_signal (sig=6) in btr_cur_search_to_nth_level
Revision history for this message
Roel Van de Paar (roel11) wrote :
Download full text (6.8 KiB)

160810 2:19:36 InnoDB: Assertion failure in thread 140159144589056 in file btr0cur.c line 763
InnoDB: Failing assertion: index->id == btr_page_get_index_id(page)

Leads to

+bt
#0 0x00007f7972087741 in __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c:61
#1 0x00000000007f9b58 in my_write_core (sig=6) at /git/PS-5.5-090816_dbg/mysys/stacktrace.c:433
#2 0x00000000006b9a16 in handle_fatal_signal (sig=6) at /git/PS-5.5-090816_dbg/sql/signal_handler.cc:250
#3 <signal handler called>
#4 0x00007f797083e5f7 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#5 0x00007f797083fce8 in __GI_abort () at abort.c:90
#6 0x0000000000919674 in btr_cur_search_to_nth_level (index=index@entry=0x220def8, level=level@entry=0, tuple=0x7f7938027bb0, mode=2, latch_mode=latch_mode@entry=1, cursor=cursor@entry=0x7f7938027920, has_search_latch=has_search_latch@entry=0, file=file@entry=0xb63620 "/git/PS-5.5-090816_dbg/storage/innobase/row/row0sel.c", line=line@entry=1076, mtr=mtr@entry=0x7f79580634b0) at /git/PS-5.5-090816_dbg/storage/innobase/btr/btr0cur.c:763
#7 0x00000000008a8ba2 in btr_pcur_open_with_no_init_func (mtr=0x7f79580634b0, line=1076, file=0xb63620 "/git/PS-5.5-090816_dbg/storage/innobase/row/row0sel.c", has_search_latch=0, cursor=0x7f7938027920, latch_mode=1, mode=<optimized out>, tuple=<optimized out>, index=0x220def8) at /git/PS-5.5-090816_dbg/storage/innobase/include/btr0pcur.ic:482
#8 row_sel_open_pcur (plan=plan@entry=0x7f7938027910, search_latch_locked=search_latch_locked@entry=0, mtr=mtr@entry=0x7f79580634b0) at /git/PS-5.5-090816_dbg/storage/innobase/row/row0sel.c:1074
#9 0x00000000008ac48c in row_sel (node=node@entry=0x7f7938027830, thr=thr@entry=0x7f793802a1d8) at /git/PS-5.5-090816_dbg/storage/innobase/row/row0sel.c:1445
#10 0x00000000008aee10 in row_sel_step (thr=thr@entry=0x7f793802a1d8) at /git/PS-5.5-090816_dbg/storage/innobase/row/row0sel.c:2105
#11 0x0000000000a173bd in que_thr_step (thr=0x7f793802a1d8) at /git/PS-5.5-090816_dbg/storage/innobase/que/que0que.c:1234
#12 que_run_threads_low (thr=0x7f793802a1d8) at /git/PS-5.5-090816_dbg/storage/innobase/que/que0que.c:1319
#13 que_run_threads (thr=<optimized out>) at /git/PS-5.5-090816_dbg/storage/innobase/que/que0que.c:1356
#14 0x0000000000a180b1 in que_eval_sql (info=info@entry=0x7f793801a298, sql=sql@entry=0xb60b40 "PROCEDURE DROP_TABLE_PROC () IS\nsys_foreign_id CHAR;\ntable_id CHAR;\nindex_id CHAR;\nforeign_id CHAR;\nfound INT;\nDECLARE CURSOR cur_fk IS\nSELECT ID FROM SYS_FOREIGN\nWHERE FOR_NAME = :table_name\nAND TO_BINARY(FOR_NAME)\n = TO_BINARY(:table_name)\nLOCK IN SHARE MODE;\nDECLARE CURSOR cur_idx IS\nSELECT ID FROM SYS_INDEXES\nWHERE TABLE_ID = table_id\nLOCK IN SHARE MODE;\nBEGIN\nSELECT ID INTO table_id\nFROM SYS_TABLES\nWHERE NAME = :table_name\nLOCK IN SHARE MODE;\nIF (SQL % NOTFOUND) THEN\n RETURN;\nEND IF;\nfound := 1;\nSELECT ID INTO sys_foreign_id\nFROM SYS_TABLES\nWHERE NAME = 'SYS_FOREIGN'\nLOCK IN SHARE MODE;\nIF (SQL % NOTFOUND) THEN\n found := 0;\nEND IF;\nIF (:table_name = 'SYS_FOREIGN') THEN\n found := 0;\nEND IF;\nIF (:table_name = 'SYS_FOREIGN_C...

Read more...

Revision history for this message
Roel Van de Paar (roel11) wrote :

Another testcase;

# mysqld options required for replay: --innodb-persistent-stats-root-page=2047
DROP DATABASE test;CREATE DATABASE test;USE test;
CREATE TEMPORARY TABLE tmp(c1 int);
DROP TABLE tmp;

Revision history for this message
Shahriyar Rzayev (rzayev-sehriyar) wrote :

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PS-3487

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.