[MDEV-7672] Crash creating an InnoDB table with foreign keys Created: 2015-03-05  Updated: 2015-03-24  Resolved: 2015-03-06

Status: Closed
Project: MariaDB Server
Component/s: Storage Engine - InnoDB
Affects Version/s: 5.5.42
Fix Version/s: 5.5.42-galera, 5.5.43

Type: Bug Priority: Critical
Reporter: Kolbe Kegel (Inactive) Assignee: Jan Lindström (Inactive)
Resolution: Fixed Votes: 0
Labels: upstream, verified

Issue Links:
Relates
relates to MDEV-7809 Crash after modifying FK on version 5.5 Closed

 Description    

stack_bottom = 0x7fd8fc9c0e30 thread_stack 0x48000
 
mysys/stacktrace.c:247(my_print_stacktrace)[0xaf36de]
 
sql/signal_handler.cc:153(handle_fatal_signal)[0x6db7fc]
 
/lib64/libpthread.so.0(+0xf710)[0x7fd8fc5ed710]
 
dict/dict0dict.c:2671(dict_foreign_remove_from_cache)[0x908b24]
 
dict/dict0dict.c:1377(dict_table_remove_from_cache)[0x908cf8]
 
row/row0mysql.c:3561(row_drop_table_for_mysql)[0x87e920]
 
row/row0mysql.c:2283(row_table_add_foreign_constraints)[0x880329]
 
handler/ha_innodb.cc:8460(ha_innobase::create(char const*, TABLE*, st_ha_create_information*))[0x861f17]
 
sql/handler.cc:3756(handler::ha_create(char const*, TABLE*, st_ha_create_information*))[0x6e17ef]
 
sql/unireg.cc:500(rea_create_table(THD*, char const*, char const*, char const*, st_ha_create_information*, List<Create_field>&, unsigned int, st_key*, handler*))[0x62ab8c]
 
sql/sql_table.cc:4496(mysql_create_table_no_lock(THD*, char const*, char const*, st_ha_create_information*, Alter_info*, bool, unsigned int, bool*))[0x5f9a0c]
 
sql/sql_table.cc:4601(mysql_create_table(THD*, TABLE_LIST*, st_ha_create_information*, Alter_info*))[0x5fa672]
 
sql/sql_parse.cc:2645(mysql_execute_command(THD*))[0x5868a6]
 
sql/sql_parse.cc:5909(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x587141]
 
sql/sql_parse.cc:1081(dispatch_command(enum_server_command, THD*, char*, unsigned int))[0x58886c]
 
sql/sql_parse.cc:793(do_command(THD*))[0x588e12]
 
sql/sql_connect.cc:1266(do_handle_one_connection(THD*))[0x643c13]
 
sql/sql_connect.cc:1183(handle_one_connection)[0x643d5c]
 
/lib64/libpthread.so.0(+0x79d1)[0x7fd8fc5e59d1]
 
/lib64/libc.so.6(clone+0x6d)[0x7fd8fb7658fd]



 Comments   
Comment by Elena Stepanova [ 2015-03-05 ]

Test case

 
--source include/have_innodb.inc
 
 
 
CREATE TABLE t1 (
 
  id int(11) NOT NULL AUTO_INCREMENT,
 
  f1 int(11) DEFAULT NULL,
 
  PRIMARY KEY (id),
 
  CONSTRAINT fk1 FOREIGN KEY (f1) REFERENCES t1 (id) ON DELETE CASCADE
 
) ENGINE=InnoDB;
 
 
 
CREATE TABLE t2 (
 
  id int(11) NOT NULL AUTO_INCREMENT,
 
  f2 int(11) NOT NULL,
 
  f3 int(11) NOT NULL,
 
  PRIMARY KEY (`id`),
 
  CONSTRAINT fk2 FOREIGN KEY (f2) REFERENCES t1 (`id`) ON DELETE CASCADE,
 
  CONSTRAINT fk3 FOREIGN KEY (f3) REFERENCES t3 (id) ON DELETE CASCADE
 
) ENGINE=InnoDB;

Stack trace from f66fbe8ce0ff4ffcd6a6c185f9b3d25bd9f67f8d

 
#3  <signal handler called>
 
#4  0x00007ff9953f8023 in dict_foreign_remove_from_cache (foreign=0x7ff98b93f5f8) at 5.5/storage/innobase/dict/dict0dict.c:2536
 
#5  0x00007ff9953f561b in dict_table_remove_from_cache (table=0x7ff98b93f378) at 5.5/storage/innobase/dict/dict0dict.c:1368
 
#6  0x00007ff9954e3437 in row_drop_table_for_mysql (name=0x7ff98b822278 "test/t2", trx=0x7ff98b860c78, drop_db=0) at 5.5/storage/innobase/row/row0mysql.c:3419
 
#7  0x00007ff9954e1327 in row_table_add_foreign_constraints (trx=0x7ff98b860c78, sql_string=0x7ff98b951078 "CREATE TABLE t2 (\nid int(11) NOT NULL AUTO_INCREMENT,\nf2 int(11) NOT NULL,\nf3 int(11) NOT NULL,\nPRIMARY KEY (`id`),\nCONSTRAINT fk2 FOREIGN KEY (f2) REFERENCES t1 (`id`) ON DELETE CASCADE,\nCONSTRAINT f"..., sql_length=272, name=0x7ff99bea9270 "test/t2", reject_fks=0) at 5.5/storage/innobase/row/row0mysql.c:2190
 
#8  0x00007ff9954a6222 in ha_innodb::create (this=0x7ff98b985078, name=0x7ff99beaa9d0 "./test/t2", form=0x7ff99bea9b70, create_info=0x7ff99beaae40) at 5.5/storage/innobase/handler/ha_innodb.cc:7412
 
#9  0x00000000007eab98 in handler::ha_create (this=0x7ff98b985078, name=0x7ff99beaa9d0 "./test/t2", form=0x7ff99bea9b70, info=0x7ff99beaae40) at 5.5/sql/handler.cc:3755
 
#10 0x00000000007eb8a3 in ha_create_table (thd=0x7ff99394e060, path=0x7ff99beaa9d0 "./test/t2", db=0x7ff98b951918 "test", table_name=0x7ff98b951310 "t2", create_info=0x7ff99beaae40, update_create_info=false) at 5.5/sql/handler.cc:4084
 
#11 0x000000000070bf33 in rea_create_table (thd=0x7ff99394e060, path=0x7ff99beaa9d0 "./test/t2", db=0x7ff98b951918 "test", table_name=0x7ff98b951310 "t2", create_info=0x7ff99beaae40, create_fields=..., keys=3, key_info=0x7ff98b952980, file=0x7ff98ba83078) at 5.5/sql/unireg.cc:503
 
#12 0x00000000006cca99 in mysql_create_table_no_lock (thd=0x7ff99394e060, db=0x7ff98b951918 "test", table_name=0x7ff98b951310 "t2", create_info=0x7ff99beaae40, alter_info=0x7ff99beaada0, internal_tmp_table=false, select_field_count=0, is_trans=0x7ff99beaacde) at 5.5/sql/sql_table.cc:4498
 
#13 0x00000000006ccda5 in mysql_create_table (thd=0x7ff99394e060, create_table=0x7ff98b951348, create_info=0x7ff99beaae40, alter_info=0x7ff99beaada0) at 5.5/sql/sql_table.cc:4593
 
#14 0x00000000006327d6 in mysql_execute_command (thd=0x7ff99394e060) at 5.5/sql/sql_parse.cc:2645
 
#15 0x000000000063b20e in mysql_parse (thd=0x7ff99394e060, rawbuf=0x7ff98b951078 "CREATE TABLE t2 (\nid int(11) NOT NULL AUTO_INCREMENT,\nf2 int(11) NOT NULL,\nf3 int(11) NOT NULL,\nPRIMARY KEY (`id`),\nCONSTRAINT fk2 FOREIGN KEY (f2) REFERENCES t1 (`id`) ON DELETE CASCADE,\nCONSTRAINT f"..., length=272, parser_state=0x7ff99beab620) at 5.5/sql/sql_parse.cc:5909
 
#16 0x000000000062ee51 in dispatch_command (command=COM_QUERY, thd=0x7ff99394e060, packet=0x7ff993a76061 "CREATE TABLE t2 (\nid int(11) NOT NULL AUTO_INCREMENT,\nf2 int(11) NOT NULL,\nf3 int(11) NOT NULL,\nPRIMARY KEY (`id`),\nCONSTRAINT fk2 FOREIGN KEY (f2) REFERENCES t1 (`id`) ON DELETE CASCADE,\nCONSTRAINT f"..., packet_length=272) at 5.5/sql/sql_parse.cc:1079
 
#17 0x000000000062dfdd in do_command (thd=0x7ff99394e060) at 5.5/sql/sql_parse.cc:793
 
#18 0x0000000000730712 in do_handle_one_connection (thd_arg=0x7ff99394e060) at 5.5/sql/sql_connect.cc:1266
 
#19 0x00000000007301d1 in handle_one_connection (arg=0x7ff99394e060) at 5.5/sql/sql_connect.cc:1181
 
#20 0x0000000000b66ba1 in pfs_spawn_thread (arg=0x7ff9939a0480) at 5.5/storage/perfschema/pfs.cc:1015
 
#21 0x00007ff99bae3b50 in start_thread (arg=<optimized out>) at pthread_create.c:304
 
#22 0x00007ff99a3f170d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112

Comment by Jan Lindström (Inactive) [ 2015-03-06 ]

commit 206b111b114be9eccbecaac5f3060c2ecd6b575c
Author: Jan Lindström <jan.lindstrom@mariadb.com>
Date: Fri Mar 6 11:19:23 2015 +0200

MDEV-7672: Crash creating an InnoDB table with foreign keys

Analysis: after a red-black-tree lookup we use node withouth
checking did lookup succeed or not. This lead to situation
where NULL-pointer was used.

Fix: Add additional check that found node from red-back-tree
is valid.

Generated at Thu Feb 08 07:21:23 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.