Bug #57616 Sig 11 in dict_load_table() when failed to load index or foreign key
Submitted: 21 Oct 2010 1:38 Modified: 9 Jan 2012 19:27
Reporter: Xinjun Yang Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: InnoDB storage engine Severity:S3 (Non-critical)
Version:5.1, 5.5 OS:Any
Assigned to: Xinjun Yang CPU Architecture:Any
Triage: Needs Triage: D2 (Serious) / R2 (Low) / E2 (Low)

[21 Oct 2010 1:38] Xinjun Yang 
Description:
Michael reported following stacktrace during his regular testing:

server log: dscczz02:/spare2/mizioumt/ctc/keep.incident_c51pb.1.segvo1/log/c51pb/mysqld_c51pb_3264_step9.log

101020 10:25:30 - mysqld got signal 11 ;

dscczz02:/spare2/mizioumt/ctc/keep.incident_c51pb.1.segvo1/data/c51pb/core.3264

extracting stack backtrace for core.3264...
 Thread 1 (Thread 3264):
 #0  0x0000003acc80bd02 in pthread_kill () from /lib64/libpthread.so.0
 #1  0x0000000000843a2e in my_write_core (sig=11) at stacktrace.c:331
 #2  0x00000000005e2207 in handle_segfault (sig=11) at mysqld.cc:2609
 #3  <signal handler called>
 #4  0x00002aaaabbf6942 in dict_load_table (
     name=0x1797cb00 "c51pb/#sql68c3_11b9_107") at dict/dict0load.c:1032
 #5  0x00002aaaabbf6ce5 in dict_load_table_on_id (table_id=...)
     at dict/dict0load.c:1143
 #6  0x00002aaaabca9169 in dict_table_get_on_id_low (table_id=...)
     at ./include/dict0dict.ic:839
 #7  0x00002aaaabca8f19 in trx_rollback_active (trx=0x17993748)
     at trx/trx0roll.c:503
 #8  0x00002aaaabca9463 in trx_rollback_or_clean_recovered (all=0)
     at trx/trx0roll.c:586
 #9  0x00002aaaabc37c1e in recv_recovery_from_checkpoint_finish ()
     at log/log0recv.c:3289
 #10 0x00002aaaabc99d31 in innobase_start_or_create_for_mysql ()
     at srv/srv0start.c:1577
 #11 0x00002aaaabc0fdac in innobase_init (p=0x12e69610)
     at handler/ha_innodb.cc:2263
 #12 0x000000000070580a in ha_initialize_handlerton (plugin=0x12e5d6b0)
     at handler.cc:435
 #13 0x00000000007a24c4 in plugin_initialize (plugin=0x12e5d6b0)
     at sql_plugin.cc:1019
 #14 0x00000000007a36c5 in plugin_init (argc=0xd18370, argv=0x12e38be8, flags=0)
     at sql_plugin.cc:1246
 #15 0x00000000005e3c55 in init_server_components () at mysqld.cc:4003
 #16 0x00000000005e4874 in main (argc=32, argv=0x7fff8c825908) at mysqld.cc:4

In dict_load_table(), if we cannot load index, "table" is set to NULL and re-accessing it will trigger sig 11:

       err = dict_load_indexes(table, heap);

        if (err == DB_SUCCESS) {
                err = dict_load_foreigns(table->name, TRUE, TRUE);

                if (err != DB_SUCCESS) {
                        dict_table_remove_from_cache(table);
                        table = NULL;  <=====
                }
        } else if (!srv_force_recovery) {
                dict_table_remove_from_cache(table);
                table = NULL;
        }

        table->fk_max_recusive_level = 0;  <==== table could be NULL

How to repeat:
Michael's internal test scripts.

Suggested fix:
=== modified file 'storage/innobase/dict/dict0load.c'
--- storage/innobase/dict/dict0load.c	revid:sergey.glukhov@sun.com-20101018121227-o4geyk9m6e0krbp0
+++ storage/innobase/dict/dict0load.c	2010-10-21 01:25:38 +0000
@@ -878,13 +878,14 @@
 		if (err != DB_SUCCESS) {
 			dict_table_remove_from_cache(table);
 			table = NULL;
+		} else {
+			table->fk_max_recusive_level = 0;
 		}
+
 	} else if (!srv_force_recovery) {
 		dict_table_remove_from_cache(table);
 		table = NULL;
 	}
-
-	table->fk_max_recusive_level = 0;
 #if 0
 	if (err != DB_SUCCESS && table != NULL) {
[13 Nov 2010 16:05] Bugs System 
Pushed into mysql-trunk 5.6.99-m5 (revid:alexander.nozdrin@oracle.com-20101113155825-czmva9kg4n31anmu) (version source revid:alexander.nozdrin@oracle.com-20101113152450-2zzcm50e7i4j35v7) (merge vers: 5.6.1-m4) (pib:21)
[13 Nov 2010 16:32] Bugs System 
Pushed into mysql-next-mr (revid:alexander.nozdrin@oracle.com-20101113160336-atmtmfb3mzm4pz4i) (version source revid:alexander.nozdrin@oracle.com-20101113152540-gxro4g0v29l27f5x) (pib:21)
[18 Nov 2010 15:54] Bugs System 
Pushed into mysql-5.1 5.1.54 (revid:build@mysql.com-20101118153531-693taxtxyxpt037i) (version source revid:build@mysql.com-20101118153531-693taxtxyxpt037i) (merge vers: 5.1.54) (pib:21)
[5 Dec 2010 12:39] Bugs System 
Pushed into mysql-trunk 5.6.1 (revid:alexander.nozdrin@oracle.com-20101205122447-6x94l4fmslpbttxj) (version source revid:alexander.nozdrin@oracle.com-20101205122447-6x94l4fmslpbttxj) (merge vers: 5.6.1) (pib:23)
[16 Dec 2010 22:27] Bugs System 
Pushed into mysql-5.5 5.5.9 (revid:jonathan.perkin@oracle.com-20101216101358-fyzr1epq95a3yett) (version source revid:jonathan.perkin@oracle.com-20101216101358-fyzr1epq95a3yett) (merge vers: 5.5.9) (pib:24)
[9 Jan 2012 19:27] John Russell 
Added to 5.1.54 / 5.5.8 / 5.6.1 changelog:

If the MySQL Server crashed immediately after creating an InnoDB
table, the server could quit with a signal 11 during the subsequent
restart. The issue could occur if the server halted after InnoDB
created the primary index for the table, but before the index
definition was recorded in the MySQL metadata.