| Bug #16155 | TRUNCATE TABLE crashes mysqld | ||
|---|---|---|---|
| Submitted: | 3 Jan 2006 15:47 | Modified: | 6 Jan 2006 16:11 |
| Reporter: | Kristian Nielsen | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Server | Severity: | S1 (Critical) |
| Version: | Lastest 5.1-new bitkeeper | OS: | IBM AIX (AIX 5.2 (64 bit)) |
| Assigned to: | Kristian Nielsen | CPU Architecture: | Any |
[6 Jan 2006 14:29]
Kristian Nielsen
A trace from the crash: T@3 : | | | >mysql_truncate T@3 : | | | | >unpack_filename T@3 : | | | | | >dirname_part T@3 : | | | | | | enter: './test/kntest.frm' T@3 : | | | | | | >convert_dirname T@3 : | | | | | | <convert_dirname T@3 : | | | | | <dirname_part T@3 : | | | | | >unpack_dirname T@3 : | | | | | | >dirname_part T@3 : | | | | | | | enter: './test/' T@3 : | | | | | | | >convert_dirname T@3 : | | | | | | | <convert_dirname T@3 : | | | | | | <dirname_part T@3 : | | | | | | >cleanup_dirname T@3 : | | | | | | | enter: from: './test/' T@3 : | | | | | | | exit: to: './test/' T@3 : | | | | | | <cleanup_dirname T@3 : | | | | | <unpack_dirname T@3 : | | | | <unpack_filename T@3 : | | | | >mysql_frm_type T@3 : | | | | | >my_open T@3 : | | | | | | my: Name: './test/kntest.frm' Flags: 0 MyFlags: 0 T@3 : | | | | | <my_open T@3 : | | | | | >my_malloc T@3 : | | | | | | my: size: 18 my_flags: 0 T@3 : | | | | | | exit: ptr: 0x111e18eb0 T@3 : | | | | | <my_malloc T@3 : | | | | | exit: fd: 28 T@3 : | | | | | >my_read T@3 : | | | | | | my: Fd: 28 Buffer: 0x111ea2464 Count: 10 MyFlags: 20 T@3 : | | | | | <my_read T@3 : | | | | | >my_close T@3 : | | | | | | my: fd: 28 MyFlags: 16 T@3 : | | | | | | >my_free T@3 : | | | | | | | my: ptr: 0x111e18eb0 T@3 : | | | | | | <my_free T@3 : | | | | | <my_close T@3 : | | | | <mysql_frm_type T@3 : | | | | >mysql_uninstall_plugin T@3 : | | | | <mysql_uninstall_plugin T@3 : | | | | >lock_and_wait_for_table_name T@3 : | | | | | >wait_if_global_read_lock T@3 : | | | | | <wait_if_global_read_lock T@3 : | | | | | >lock_table_name T@3 : | | | | | | enter: db: test name: kntest T@3 : | | | | | | >hash_search T@3 : | | | | | | <hash_search T@3 : | | | | | | >my_malloc T@3 : | | | | | | | my: size: 2564 my_flags: 48 T@3 : | | | | | | | exit: ptr: 0x111e195d0 T@3 : | | | | | | <my_malloc T@3 : | | | | | <lock_table_name T@3 : | | | | | >remove_table_from_cache T@3 : | | | | | | >hash_search T@3 : | | | | | | | exit: found key at 1 T@3 : | | | | | | <hash_search T@3 : | | | | | | info: Table was in use by current thread. db_stat: 0 T@3 : | | | | | | info: Removing table from table_def_cache T@3 : | | | | | | >hash_search T@3 : | | | | | | <hash_search T@3 : | | | | | <remove_table_from_cache T@3 : | | | | | >start_waiting_global_read_lock T@3 : | | | | | <start_waiting_global_read_lock T@3 : | | | | <lock_and_wait_for_table_name
[6 Jan 2006 15:27]
Kristian Nielsen
Hm, I found the cause of this.
It crashes in sql/sql_delete.cc line 893:
*(path + path_length - reg_ext_length)= '\0';
The crash can be reproduced by this small program:
#include <string.h>
#include <stdio.h>
int main(int argc, char *argv) {
char path[255];
unsigned int path_length, reg_ext_length;
strcpy(path, "./test/kntest.frm");
path_length = 17;
reg_ext_length = 4;
*(path + path_length - reg_ext_length)= '\0';
fprintf(stderr, "path='%s'\n", path);
}
Compile with "xlC_r -g -q64 test.cc" and it crashes. Compile with "xlC_r -g test.cc" and it works ok...
Looks like a compiler bug then.
A workaround is to change the offending line to this (both in test program and mysqld):
path[path_length - reg_ext_length]= '\0';
Maybe we should do this?
[6 Jan 2006 16:06]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/706
[6 Jan 2006 16:11]
Kristian Nielsen
Fixed in 5.1.5. Not in any released version, so nothing to document.
Description: Mysqld crashes on a TRUNCATE TABLE statement (SIGSEGV). Mysql-5.1-new bitkeeper tree. ChangeSet: 1.2026 06/01/03 11:09:18 knielsen@mysql.com I saw this in the testsuite (auto_increment), but it reproduces in a simple stand-alone test. The server crashes in several other tests, I assume the problems are related but have not investigated. It produces a core file, but it is unhelpful: mysqldev@aix52:~/knielsen/mysql-5.1.5-alpha-standard/mysql-test> gdb ../sql/mysqld var/master-data/core Program terminated with signal 11, Segmentation fault. #0 0x9000000002df2ac in pthread_kill () (gdb) bt #0 0x9000000002df2ac in pthread_kill () #1 0xffffffffffffffff in ?? () from (unknown load module) How to repeat: Start mysqld; I started it using mysql-test-run.pl: $ cd mysql-test $ MTR_BUILD_THREAD=6 ./mysql-test-run.pl --tmpdir=/tmp/knielsen --start-and-exit auto_increment Then run a mysql session like this: $ ../client/mysql -uroot --socket=/tmp/knielsen/master.sock --password= test mysql> create table kntest(a varchar(100)); mysql> truncate table kntest; ERROR 2013 (HY000): Lost connection to MySQL server during query