Percona Server moved to https://jira.percona.com/projects/PS

Adding COMPRESSED attributes to InnoDB special tables fields can lead to server crashes

Bug #1640810 reported by Yura Sorokin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Percona Server moved to https://jira.percona.com/projects/PS
Status tracked in 5.7
5.6
Fix Released
Medium
Yura Sorokin
Percona Server moved to https://jira.percona.com/projects/PS 5.6.35-80.0
5.7
Fix Released
Medium
Yura Sorokin
Percona Server moved to https://jira.percona.com/projects/PS 5.7.17-11

Bug Description

Changing the definition of special InnoDB tables (like 'mysql.innodb_index_stats' and 'mysql.innodb_table_stats') so that their structure is preserved with only exception that COLUMN_FORMAT COMPRESSED attribute is added to one or more of their fields can lead to server crashes when reading from those tables.

Steps to reproduce:
ALTER TABLE mysql.innodb_index_stats
  MODIFY stat_description VARCHAR(1024) COLLATE utf8_bin NOT NULL COLUMN_FORMAT COMPRESSED;
CREATE TABLE t1(i INT);
SELECT * FROM mysql.innodb_index_stats;

Thread 1 (Thread 0x7fda3936c700 (LWP 7480)):
#0 0x00007fda41aac741 in pthread_kill () from /lib64/libpthread.so.0
#1 0x000000000184adfc in my_write_core (sig=6) at /home/yura/host-ws/percona-server/mysys/stacktrace.c:247
#2 0x0000000000e803cb in handle_fatal_signal (sig=6) at /home/yura/host-ws/percona-server/sql/signal_handler.cc:223
#3 <signal handler called>
#4 0x00007fda3fe435f7 in raise () from /lib64/libc.so.6
#5 0x00007fda3fe44ce8 in abort () from /lib64/libc.so.6
#6 0x0000000001addb27 in ut_dbg_assertion_failed (expr=0x0, file=0x2202968 "/home/yura/host-ws/percona-server/storage/innobase/ut/ut0ut.cc", line=917) at /home/yura/host-ws/percona-server/storage/innobase/ut/ut0dbg.cc:67
#7 0x0000000001ae2486 in ib::fatal::~fatal (this=0x7fda393685c0, __in_chrg=<optimized out>) at /home/yura/host-ws/percona-server/storage/innobase/ut/ut0ut.cc:917
#8 0x00000000019fc540 in row_decompress_column (data=0x7fda32c44372 "DB_ROW_ID!\f\017\002\004\001", len=0x7fda39368bb0, dict_data=0x0, dict_data_len=0, prebuilt=0x7fd9ec00bfa0) at /home/yura/host-ws/percona-server/storage/innobase/row/row0mysql.cc:605
#9 0x0000000001a377f2 in row_sel_field_store_in_mysql_format_func (dest=0x7fd9ecdeee8b "", templ=0x7fd9ec00d630, index=0x7fd9ec0045d0, field_no=9, data=0x7fda32c44372 "DB_ROW_ID!\f\017\002\004\001", len=9, prebuilt=0x7fd9ec00bfa0) at /home/yura/host-ws/percona-server/storage/innobase/row/row0sel.cc:2927
#10 0x0000000001a38318 in row_sel_store_mysql_field_func (mysql_rec=0x7fd9ecdeeb72 "", prebuilt=0x7fd9ec00bfa0, rec=0x7fda32c44330 "testt1GEN_CLUST_INDEXn_diff_pfx01", index=0x7fd9ec0045d0, offsets=0x7fda39368db0, field_no=9, templ=0x7fd9ec00d630) at /home/yura/host-ws/percona-server/storage/innobase/row/row0sel.cc:3201
#11 0x0000000001a387e3 in row_sel_store_mysql_rec (mysql_rec=0x7fd9ecdeeb72 "", prebuilt=0x7fd9ec00bfa0, rec=0x7fda32c44330 "testt1GEN_CLUST_INDEXn_diff_pfx01", vrow=0x0, rec_clust=0, index=0x7fd9ec0045d0, offsets=0x7fda39368db0) at /home/yura/host-ws/percona-server/storage/innobase/row/row0sel.cc:3327
#12 0x0000000001a3daf4 in row_search_mvcc (buf=0x7fd9ec014940 "\376\003sysql", mode=PAGE_CUR_G, prebuilt=0x7fd9ec00bfa0, match_mode=0, direction=1) at /home/yura/host-ws/percona-server/storage/innobase/row/row0sel.cc:5743
#13 0x00000000018a1fed in ha_innobase::general_fetch (this=0x7fd9ec006d90, buf=0x7fd9ec014940 "\376\003sysql", direction=1, match_mode=0) at /home/yura/host-ws/percona-server/storage/innobase/handler/ha_innodb.cc:9640
#14 0x00000000018a26b4 in ha_innobase::rnd_next (this=0x7fd9ec006d90, buf=0x7fd9ec014940 "\376\003sysql") at /home/yura/host-ws/percona-server/storage/innobase/handler/ha_innodb.cc:9879
#15 0x0000000000f1115a in handler::ha_rnd_next (this=0x7fd9ec006d90, buf=0x7fd9ec014940 "\376\003sysql") at /home/yura/host-ws/percona-server/sql/handler.cc:3099
#16 0x00000000014409aa in rr_sequential (info=0x7fd9ecd3d348) at /home/yura/host-ws/percona-server/sql/records.cc:520
#17 0x00000000014d2df1 in sub_select (join=0x7fd9ecd3cc18, qep_tab=0x7fd9ecd3d2f8, end_of_records=false) at /home/yura/host-ws/percona-server/sql/sql_executor.cc:1274
#18 0x00000000014d276e in do_select (join=0x7fd9ecd3cc18) at /home/yura/host-ws/percona-server/sql/sql_executor.cc:944
#19 0x00000000014d06ef in JOIN::exec (this=0x7fd9ecd3cc18) at /home/yura/host-ws/percona-server/sql/sql_executor.cc:199
#20 0x000000000156cef2 in handle_query (thd=0x7fd9ec12c7a0, lex=0x7fd9ec12ed90, result=0x7fd9ecec4218, added_options=0, removed_options=0) at /home/yura/host-ws/percona-server/sql/sql_select.cc:184
#21 0x00000000015211fd in execute_sqlcom_select (thd=0x7fd9ec12c7a0, all_tables=0x7fd9ecec3bd8) at /home/yura/host-ws/percona-server/sql/sql_parse.cc:5432
#22 0x000000000151a226 in mysql_execute_command (thd=0x7fd9ec12c7a0, first_level=true) at /home/yura/host-ws/percona-server/sql/sql_parse.cc:2905
#23 0x00000000015221d9 in mysql_parse (thd=0x7fd9ec12c7a0, parser_state=0x7fda3936b530) at /home/yura/host-ws/percona-server/sql/sql_parse.cc:5877
#24 0x0000000001516d58 in dispatch_command (thd=0x7fd9ec12c7a0, com_data=0x7fda3936bcd0, command=COM_QUERY) at /home/yura/host-ws/percona-server/sql/sql_parse.cc:1461
#25 0x0000000001515c41 in do_command (thd=0x7fd9ec12c7a0) at /home/yura/host-ws/percona-server/sql/sql_parse.cc:1019
#26 0x00000000016532a0 in handle_connection (arg=0x50cf9a0) at /home/yura/host-ws/percona-server/sql/conn_handler/connection_handler_per_thread.cc:312
#27 0x0000000001ccc838 in pfs_spawn_thread (arg=0x50f6a60) at /home/yura/host-ws/percona-server/storage/perfschema/pfs.cc:2188
#28 0x00007fda41aa7dc5 in start_thread () from /lib64/libpthread.so.0
#29 0x00007fda3ff04ced in clone () from /lib64/libc.so.6

Yura Sorokin (yura-sorokin)
summary: - Adding COMPRESSED attributes to special tables fields can lead to server
- crashes
+ Adding COMPRESSED attributes to InnoDB special tables fields can lead to
+ server crashes
Revision history for this message
Yura Sorokin (yura-sorokin) wrote :

It looks like adding COMPRESSED attributes is not detected by the 'dict_stats_persistent_storage_check()' as table structure change and therefore validation succeeds.
However, as data is written to the 'mysql.innodb_index_stats' and 'mysql.innodb_table_stats' via InnoDB low level API, no actual data compression is performed. This leads to integrity checks assertions in 'row_decompress_column ()' upon subsequent reads from these tables.

Revision history for this message
Roel Van de Paar (roel11) wrote :

Confirmed on 5.6.34

mysql> SELECT * FROM mysql.innodb_index_stats;
ERROR 2013 (HY000): Lost connection to MySQL server during query

These queries also added to SQL file now.

Revision history for this message
Yura Sorokin (yura-sorokin) wrote :

https://github.com/percona/percona-server/pull/1241
https://github.com/percona/percona-server/pull/1242

Revision history for this message
Shahriyar Rzayev (rzayev-sehriyar) wrote :

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PS-1762

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.