[MDEV-34474] InnoDB: Failing assertion: stat_n_leaf_pages > 0 in ha_innobase::estimate_rows_upper_bound - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.5, 10.6, 10.11, 11.1(EOL), 11.2(EOL), 11.4, 11.5(EOL), 11.6(EOL)
Fix Version/s: 10.5.26, 10.6.19, 10.11.9, 11.1.6, 11.2.5, 11.4.3
Component/s: Storage Engine - InnoDB
Labels:
None

Description

--source include/have_innodb.inc

CREATE TABLE t (c1 INT,c2 INT) ENGINE=INNODB;

UPDATE mysql.innodb_index_stats SET stat_value=0;

SELECT * FROM t;

FLUSH TABLES;

UPDATE t SET c1=+1 ORDER BY c2;

Leads to:

11.6.0 42294b8cd2cbb72c1d5da6058dd6f0c55669def7 (Optimized)
InnoDB: Failing assertion: stat_n_leaf_pages > 0

11.6.0 42294b8cd2cbb72c1d5da6058dd6f0c55669def7 (Optimized)
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x000014ac7fa3a859 in __GI_abort () at abort.c:79
#2 0x000055fa1643c518 in ut_dbg_assertion_failed (expr=expr@entry=0x55fa171f486e "stat_n_leaf_pages > 0", file=file@entry=0x55fa171ee4c0 "/test/11.6_opt/storage/innobase/handler/ha_innodb.cc", line=line@entry=14341) at /test/11.6_opt/storage/innobase/ut/ut0dbg.cc:60
#3 0x000055fa164159d0 in ha_innobase::estimate_rows_upper_bound (this=0x14ac4c153440) at /test/11.6_opt/storage/innobase/handler/ha_innodb.cc:14341
#4 0x000055fa1684fc09 in filesort (thd=thd@entry=0x14ac4c000c58, table=table@entry=0x14ac4c107b68, filesort=filesort@entry=0x14ac780c18d0, tracker=0x14ac4c015018, join=join@entry=0x0, first_table_bit=first_table_bit@entry=0) at /test/11.6_opt/sql/filesort.cc:1490
#5 0x000055fa166b1546 in Sql_cmd_update::update_single_table (this=0x14ac4c0137c8, thd=0x14ac4c000c58) at /test/11.6_opt/sql/sql_update.cc:712
#6 0x000055fa166b31fd in Sql_cmd_update::execute_inner (this=0x14ac4c0137c8, thd=0x14ac4c000c58) at /test/11.6_opt/sql/sql_update.cc:3079
#7 0x000055fa165ff5db in Sql_cmd_dml::execute (this=0x14ac4c0137c8, thd=0x14ac4c000c58) at /test/11.6_opt/sql/sql_select.cc:33717
#8 0x000055fa165ca28d in mysql_execute_command (thd=0x14ac4c000c58, is_called_from_prepared_stmt=<optimized out>) at /test/11.6_opt/sql/sql_parse.cc:4402
#9 0x000055fa165b9846 in mysql_parse (thd=0x14ac4c000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/11.6_opt/sql/sql_parse.cc:7868
#10 0x000055fa165c602d in dispatch_command (command=COM_QUERY, thd=0x14ac4c000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/11.6_opt/sql/sql_class.h:1638
#11 0x000055fa165c849e in do_command (thd=0x14ac4c000c58, blocking=blocking@entry=true) at /test/11.6_opt/sql/sql_parse.cc:1405
#12 0x000055fa166fc8f7 in do_handle_one_connection (connect=<optimized out>, put_in_cache=true) at /test/11.6_opt/sql/sql_connect.cc:1448
#13 0x000055fa166fcc4d in handle_one_connection (arg=arg@entry=0x55fa1aa118c8) at /test/11.6_opt/sql/sql_connect.cc:1350
#14 0x000055fa16ab3e8c in pfs_spawn_thread (arg=0x55fa1a9b6458) at /test/11.6_opt/storage/perfschema/pfs.cc:2201
#15 0x000014ac7ff4b609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#16 0x000014ac7fb37133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.5.26 (dbg), 10.5.26 (opt), 10.6.18 (dbg), 10.6.18 (opt), 10.11.8 (dbg), 10.11.8 (opt), 11.1.5 (dbg), 11.1.5 (opt), 11.2.4 (dbg), 11.2.4 (opt), 11.4.2 (dbg), 11.4.2 (opt), 11.5.1 (dbg), 11.5.1 (opt), 11.6.0 (dbg), 11.6.0 (opt)

Attachments

Activity

Ascending order - Click to sort in descending order

Marko Mäkelä added a comment - 2024-06-27 11:15

The column mysql.innodb_index_stats.stat_value is declared as BIGINT UNSIGNED without any CHECK constraint. Therefore, we must tolerate any values that we can read from there, but maybe interpret them differently (such as interpreting the value 0 as 1). I see that there is also the column sample_size, which could suffer from a similar problem.

In mysql.innodb_table_stats the columns n_rows, clustered_index_size, sum_of_other_index_sizes had better be checked in a similar way.

Marko Mäkelä added a comment - 2024-06-27 11:15 The column mysql.innodb_index_stats.stat_value is declared as BIGINT UNSIGNED without any CHECK constraint. Therefore, we must tolerate any values that we can read from there, but maybe interpret them differently (such as interpreting the value 0 as 1). I see that there is also the column sample_size , which could suffer from a similar problem. In mysql.innodb_table_stats the columns n_rows , clustered_index_size , sum_of_other_index_sizes had better be checked in a similar way.

Thirunarayanan Balathandayuthapani added a comment - 2024-07-05 12:58

https://github.com/MariaDB/server/pull/3388

Thirunarayanan Balathandayuthapani added a comment - 2024-07-05 12:58 https://github.com/MariaDB/server/pull/3388

Debarun Banerjee added a comment - 2024-07-08 06:52

Thanks Thiru. The patch looks good and correct to me.
I have some minor suggestions.

Debarun Banerjee added a comment - 2024-07-08 06:52 Thanks Thiru. The patch looks good and correct to me. I have some minor suggestions.

Roel Van de Paar added a comment - 2024-08-06 05:52 - edited

A different stack was possible pre-fix with:

--source include/have_innodb.inc

CREATE TABLE t (c TIME,c2 CHAR(1),c3 INT(1),c4 CHAR(1) KEY,c5 TIME UNIQUE KEY,c6 NUMERIC(0,0) DEFAULT 3) ENGINE=InnoDB;

UPDATE mysql.innodb_index_stats SET stat_value=0;

--error ER_BAD_FIELD_ERROR

ALTER TABLE t CHANGE COLUMN a a CHAR(1);

SELECT * FROM t ORDER BY c;

Leading to:

11.2.5 03807c8449cdccbf5b8afc0dddabb1d8ec7ba85a (Debug)
InnoDB: Failing assertion: stat_n_leaf_pages > 0

11.2.5 03807c8449cdccbf5b8afc0dddabb1d8ec7ba85a (Debug)
Core was generated by `/test/MD200724-mariadb-11.2.5-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'.
Program terminated with signal SIGABRT, Aborted.
Download failed: Invalid argument. Continuing without source file ./nptl/./nptl/pthread_kill.c.
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44

warning: 44 ./nptl/pthread_kill.c: No such file or directory
[Current thread is 1 (LWP 1567839)]
(gdb) bt
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44
#1 __pthread_kill_internal (signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:78
#2 __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6)at ./nptl/pthread_kill.c:89
#3 0x000015026144526e in __GI_raise (sig=sig@entry=6)at ../sysdeps/posix/raise.c:26
#4 0x00001502614288ff in __GI_abort () at ./stdlib/abort.c:79
#5 0x000055b51cc9269a in ut_dbg_assertion_failed (expr=expr@entry=0x55b51d294cc9 "stat_n_leaf_pages > 0", file=file@entry=0x55b51d198da8 "/test/11.2_dbg/storage/innobase/handler/ha_innodb.cc", line=line@entry=14396)at /test/11.2_dbg/storage/innobase/ut/ut0dbg.cc:60
#6 0x000055b51ca0ea4d in ha_innobase::estimate_rows_upper_bound (this=0x150200078300)at /test/11.2_dbg/storage/innobase/handler/ha_innodb.cc:14396
#7 0x000055b51c69736a in filesort (thd=thd@entry=0x150200000d58, table=table@entry=0x150200077a98, filesort=filesort@entry=0x150200017440, tracker=0x150200082d10, join=join@entry=0x150200014fa8, first_table_bit=<optimized out>) at /test/11.2_dbg/sql/filesort.cc:288
#8 0x000055b51c409cbb in create_sort_index (thd=0x150200000d58, join=0x150200014fa8, tab=tab@entry=0x150200081a10, fsort=0x150200017440, fsort@entry=0x0) at /test/11.2_dbg/sql/sql_select.cc:27174
#9 0x000055b51c409f47 in st_join_table::sort_table (this=this@entry=0x150200081a10) at /test/11.2_dbg/sql/sql_select.cc:24729
#10 0x000055b51c40a067 in join_init_read_record (tab=0x150200081a10)at /test/11.2_dbg/sql/sql_select.cc:24649
#11 0x000055b51c3f026c in sub_select (join=0x150200014fa8, join_tab=0x150200081a10, end_of_records=false)at /test/11.2_dbg/sql/sql_select.cc:23644
#12 0x000055b51c4283ee in do_select (procedure=0x0, join=0x150200014fa8)at /test/11.2_dbg/sql/sql_select.cc:23158
#13 JOIN::exec_inner (this=this@entry=0x150200014fa8)at /test/11.2_dbg/sql/sql_select.cc:5021
#14 0x000055b51c428970 in JOIN::exec (this=this@entry=0x150200014fa8)at /test/11.2_dbg/sql/sql_select.cc:4798
#15 0x000055b51c4266df in mysql_select (thd=thd@entry=0x150200000d58, tables=0x150200013d10, fields=@0x150200013990: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x150200013cc0, last = 0x150200015f10, elements = 6}, <No data fields>}, conds=0x0, og_num=1, order=0x150200014db8, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x150200014f80, unit=0x1502000052a0, select_lex=0x1502000136d8)at /test/11.2_dbg/sql/sql_select.cc:5336
#16 0x000055b51c426f08 in handle_select (thd=thd@entry=0x150200000d58, lex=lex@entry=0x1502000051c0, result=result@entry=0x150200014f80, setup_tables_done_option=setup_tables_done_option@entry=0)at /test/11.2_dbg/sql/sql_select.cc:628
#17 0x000055b51c3864ef in execute_sqlcom_select (thd=thd@entry=0x150200000d58, all_tables=0x150200013d10) at /test/11.2_dbg/sql/sql_parse.cc:6161
#18 0x000055b51c391f38 in mysql_execute_command (thd=thd@entry=0x150200000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false)at /test/11.2_dbg/sql/sql_parse.cc:3984
#19 0x000055b51c398753 in mysql_parse (thd=thd@entry=0x150200000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x15026104d290)at /test/11.2_dbg/sql/sql_parse.cc:7920
#20 0x000055b51c39aada in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x150200000d58, packet=packet@entry=0x15020000b309 "", packet_length=packet_length@entry=26, blocking=blocking@entry=true)at /test/11.2_dbg/sql/sql_class.h:247
#21 0x000055b51c39cdff in do_command (thd=0x150200000d58, blocking=blocking@entry=true) at /test/11.2_dbg/sql/sql_parse.cc:1407
#22 0x000055b51c503e61 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55b5200acad8, put_in_cache=put_in_cache@entry=true)at /test/11.2_dbg/sql/sql_connect.cc:1439
#23 0x000055b51c504156 in handle_one_connection (arg=arg@entry=0x55b5200acad8)at /test/11.2_dbg/sql/sql_connect.cc:1341
#24 0x000055b51c955192 in pfs_spawn_thread (arg=0x55b52007bc98)at /test/11.2_dbg/storage/perfschema/pfs.cc:2201
#25 0x000015026149ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
#26 0x0000150261529c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

It seems resolved by the fix (not reproducible on 10.5 of 20/7).

Roel Van de Paar added a comment - 2024-08-06 05:52 - edited A different stack was possible pre-fix with: --source include/have_innodb.inc CREATE TABLE t (c TIME ,c2 CHAR (1),c3 INT (1),c4 CHAR (1) KEY ,c5 TIME UNIQUE KEY ,c6 NUMERIC (0,0) DEFAULT 3) ENGINE=InnoDB; UPDATE mysql.innodb_index_stats SET stat_value=0; --error ER_BAD_FIELD_ERROR ALTER TABLE t CHANGE COLUMN a a CHAR (1); SELECT * FROM t ORDER BY c; Leading to: 11.2.5 03807c8449cdccbf5b8afc0dddabb1d8ec7ba85a (Debug) InnoDB: Failing assertion: stat_n_leaf_pages > 0 11.2.5 03807c8449cdccbf5b8afc0dddabb1d8ec7ba85a (Debug) Core was generated by `/test/MD200724-mariadb-11.2.5-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'. Program terminated with signal SIGABRT, Aborted. Download failed: Invalid argument. Continuing without source file ./nptl/./nptl/pthread_kill.c. #0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44 warning: 44 ./nptl/pthread_kill.c: No such file or directory [Current thread is 1 (LWP 1567839)] (gdb) bt #0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44 #1 __pthread_kill_internal (signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:78 #2 __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6)at ./nptl/pthread_kill.c:89 #3 0x000015026144526e in __GI_raise (sig=sig@entry=6)at ../sysdeps/posix/raise.c:26 #4 0x00001502614288ff in __GI_abort () at ./stdlib/abort.c:79 #5 0x000055b51cc9269a in ut_dbg_assertion_failed (expr=expr@entry=0x55b51d294cc9 "stat_n_leaf_pages > 0", file=file@entry=0x55b51d198da8 "/test/11.2_dbg/storage/innobase/handler/ha_innodb.cc", line=line@entry=14396)at /test/11.2_dbg/storage/innobase/ut/ut0dbg.cc:60 #6 0x000055b51ca0ea4d in ha_innobase::estimate_rows_upper_bound (this=0x150200078300)at /test/11.2_dbg/storage/innobase/handler/ha_innodb.cc:14396 #7 0x000055b51c69736a in filesort (thd=thd@entry=0x150200000d58, table=table@entry=0x150200077a98, filesort=filesort@entry=0x150200017440, tracker=0x150200082d10, join=join@entry=0x150200014fa8, first_table_bit=<optimized out>) at /test/11.2_dbg/sql/filesort.cc:288 #8 0x000055b51c409cbb in create_sort_index (thd=0x150200000d58, join=0x150200014fa8, tab=tab@entry=0x150200081a10, fsort=0x150200017440, fsort@entry=0x0) at /test/11.2_dbg/sql/sql_select.cc:27174 #9 0x000055b51c409f47 in st_join_table::sort_table (this=this@entry=0x150200081a10) at /test/11.2_dbg/sql/sql_select.cc:24729 #10 0x000055b51c40a067 in join_init_read_record (tab=0x150200081a10)at /test/11.2_dbg/sql/sql_select.cc:24649 #11 0x000055b51c3f026c in sub_select (join=0x150200014fa8, join_tab=0x150200081a10, end_of_records=false)at /test/11.2_dbg/sql/sql_select.cc:23644 #12 0x000055b51c4283ee in do_select (procedure=0x0, join=0x150200014fa8)at /test/11.2_dbg/sql/sql_select.cc:23158 #13 JOIN::exec_inner (this=this@entry=0x150200014fa8)at /test/11.2_dbg/sql/sql_select.cc:5021 #14 0x000055b51c428970 in JOIN::exec (this=this@entry=0x150200014fa8)at /test/11.2_dbg/sql/sql_select.cc:4798 #15 0x000055b51c4266df in mysql_select (thd=thd@entry=0x150200000d58, tables=0x150200013d10, fields=@0x150200013990: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x150200013cc0, last = 0x150200015f10, elements = 6}, <No data fields>}, conds=0x0, og_num=1, order=0x150200014db8, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x150200014f80, unit=0x1502000052a0, select_lex=0x1502000136d8)at /test/11.2_dbg/sql/sql_select.cc:5336 #16 0x000055b51c426f08 in handle_select (thd=thd@entry=0x150200000d58, lex=lex@entry=0x1502000051c0, result=result@entry=0x150200014f80, setup_tables_done_option=setup_tables_done_option@entry=0)at /test/11.2_dbg/sql/sql_select.cc:628 #17 0x000055b51c3864ef in execute_sqlcom_select (thd=thd@entry=0x150200000d58, all_tables=0x150200013d10) at /test/11.2_dbg/sql/sql_parse.cc:6161 #18 0x000055b51c391f38 in mysql_execute_command (thd=thd@entry=0x150200000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false)at /test/11.2_dbg/sql/sql_parse.cc:3984 #19 0x000055b51c398753 in mysql_parse (thd=thd@entry=0x150200000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x15026104d290)at /test/11.2_dbg/sql/sql_parse.cc:7920 #20 0x000055b51c39aada in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x150200000d58, packet=packet@entry=0x15020000b309 "", packet_length=packet_length@entry=26, blocking=blocking@entry=true)at /test/11.2_dbg/sql/sql_class.h:247 #21 0x000055b51c39cdff in do_command (thd=0x150200000d58, blocking=blocking@entry=true) at /test/11.2_dbg/sql/sql_parse.cc:1407 #22 0x000055b51c503e61 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55b5200acad8, put_in_cache=put_in_cache@entry=true)at /test/11.2_dbg/sql/sql_connect.cc:1439 #23 0x000055b51c504156 in handle_one_connection (arg=arg@entry=0x55b5200acad8)at /test/11.2_dbg/sql/sql_connect.cc:1341 #24 0x000055b51c955192 in pfs_spawn_thread (arg=0x55b52007bc98)at /test/11.2_dbg/storage/perfschema/pfs.cc:2201 #25 0x000015026149ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447 #26 0x0000150261529c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78 It seems resolved by the fix (not reproducible on 10.5 of 20/7).

MariaDB Server

InnoDB: Failing assertion: stat_n_leaf_pages > 0 in ha_innobase::estimate_rows_upper_bound

Details

Description

Attachments

Activity

People

Dates

Git Integration