Bug #24358 Table access crashes server
Submitted: 16 Nov 2006 12:19 Modified: 7 Feb 2007 13:19
Reporter: Steven Hartland
Status: Closed
Category:Server: MyISAM Severity:S1 (Critical)
Version:5.0.32-BK OS:Linux (Linux)
Assigned to: Sergey Vojtovich Target Version:

[16 Nov 2006 12:19] Steven Hartland 
Description:
Just accessing a table we have hear which reports as being just fine with myisamchk
crashes the db. Tested on 4.0.22-nt, 4.1.21 and 5.0.18 all have the same effect.

How to repeat:
Access the table which will be attached

Suggested fix:
It seems to be releated to the .frm file replacing this with a copy from an old version
seems to fix the problem.
[21 Nov 2006 17:59] Valeriy Kravchuk 
Thank you for a problem report. What exact SQL statement should I execute agains your
table? Please, check with the latest versions: 4.0.28, 4.1.21, 5.0.27 (for 5.0.27 you'll
need to dump and restore the table, almost surely), and inform about the results.
[21 Nov 2006 18:09] Steven Hartland 
It appeared any select against the table caused the issue. As mentioned we tried the
latest in the 4.1 stream but didnt have the latest 5.x on hand to try but as they all we
needed 4.1 that by the by a bit.
[22 Nov 2006 9:29] Valeriy Kravchuk 
Do you mean that even

SELECT * FROM thread;

will crash the server? Have you tried to run CHECK TABLE thread?
[22 Nov 2006 14:36] Steven Hartland 
That is correct. I just tested that case, had only used a LIMIT case before, but that does
indeed crash the entire db.

Both check table and repair table report no errors either done via the server or from the
command line, thats one of the most worrying factors as there is no indication there is
anything wrong with the table at all.
[25 Nov 2006 9:43] Valeriy Kravchuk 
I've got a crash with 5.0.32-debug when put your `thread` table files into a database and
tried to use it:

openxs@suse:~/dbs/5.0> cd var/s
openxs@suse:~/dbs/5.0/var/s> ../../bin/myisamchk -e thread.MYI
Checking MyISAM file: thread.MYI
Data records:    2672   Deleted blocks:       0
- check file-size
- check record delete-chain
- check key delete-chain
- check index reference
- check data record references index: 1
- check data record references index: 2
- check data record references index: 3
- check data record references index: 4
- check data record references index: 5
- check data record references index: 6
- check data record references index: 7
- check records and index references
openxs@suse:~/dbs/5.0/var/s> cd ../..
openxs@suse:~/dbs/5.0> bin/mysqld_safe &
[1] 12193
openxs@suse:~/dbs/5.0> Starting mysqld daemon with databases from /home/openxs/d
bs/5.0/var

openxs@suse:~/dbs/5.0> bin/mysql -uroot
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.0.32-debug Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> use s;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql>
Number of processes running now: 0
061125 09:26:25  mysqld restarted

Moreover, exen mysqlchk -e had not found any problems with this table.

Resolved stack trace is:

openxs@suse:~/dbs/5.0> bin/resolve_stack_dump  -s /tmp/mysqld50.sym -n 24358.st
ack
0x81d6f28 handle_segfault + 412
0x401f5903 _end + 933816611
0x82ed8a4 _Z18mysqld_list_fieldsP3THDP13st_table_listPKc + 456
0x81edb96 _Z16dispatch_command19enum_server_commandP3THDPcj + 3224
0x81eceee _Z10do_commandP3THD + 526
0x81ec0da handle_one_connection + 982
0x40050aa7 _end + 932092615
0x40247c2e _end + 934153294

Buf repair found some problem:

openxs@suse:~/dbs/5.0/var/s> ../../bin/myisamchk -e -r thread.MYI
- recovering (with sort) MyISAM-table 'thread.MYI'
Data records: 2672
- Fixing index 1
Found block with too small length at 61720; Skipped
Found link that points at 7527043798416888069 (outside data file) at 115152
- Fixing index 2
- Fixing index 3
- Fixing index 4
- Fixing index 5
- Fixing index 6
- Fixing index 7

And even after that repair server still crashes.
[15 Dec 2006 13:01] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/17042

ChangeSet@1.2583, 2006-12-15 16:01:56+04:00, svoj@mysql.com +1 -0
  BUG#24358 - Table access crashes server
  
  Having broken .frm, particulary number of field names does
  not match number of fields, causes server crash.
  
  Refuse to open a table if number of field names in a table
  is not equal to number of fields in a table.
  
  No test case, since it requires broken .frm file.
[25 Jan 2007 10:29] Sergey Vojtovich 
Pushed to trees currently marked as 5.0.36 and 5.1.15.
[26 Jan 2007 14:39] Steven Hartland 
Is this fix going to be pushed into 4.x?
[26 Jan 2007 15:04] Sergey Vojtovich 
Steven,

I hope to push it into 4.1 during next week.
[5 Feb 2007 12:41] Sergey Vojtovich 
Pushed to tree currently marked as 4.1.23.
[7 Feb 2007 13:19] MC Brown 
A note has been added to the 4.1.23, 5.0.36 and 5.1.15 changelogs.