Bug #18139 SELECT * FROM information_schema.tables crashes server
Submitted: 10 Mar 2006 17:11 Modified: 2 Nov 2007 15:51
Reporter: Andrey Hristov Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Partitions Severity:S1 (Critical)
Version:5.1.8-debug OS:Linux (SuSE 9.3)
Assigned to: Sergei Glukhov CPU Architecture:Any

[10 Mar 2006 17:11] Andrey Hristov 
Description:
This seems similar to #18113 but happens in 5.1 and has paritioning related code in the backtrace.

SELECT * FROM INFORMATION_SCHEMA.TABLES.

The problem comes from after testing bug #14356 (BUG:Partitions: crash if range((select)))
Opening t12 crashes the server while doing SELECT * FROM I_S.TABLES. This bug is only a reminder what can happen and to save time for others who find the same.

How to repeat:
(gdb) bt
#0  0x08222341 in setup_table_map (table=0x0, table_list=0x9188c78, tablenr=0) at mysql_priv.h:1718
#1  0x0821f5b9 in setup_tables (thd=0x9116a98, context=0x917a850, from_clause=0x917a8f8, tables=0x9188c78, conds=0x9187644, leaves=0x917a90c, select_insert=false) at sql_base.cc:5198
#2  0x0822b622 in JOIN::prepare (this=0x9186898, rref_pointer_array=0x917a944, tables_init=0x9188c78, wild_num=0, conds_init=0x0, og_num=0, order_init=0x0, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x917a820, unit_arg=0x9188890) at sql_select.cc:339
#3  0x0819369f in subselect_single_select_engine::prepare (this=0x9188b38) at item_subselect.cc:1466
#4  0x0818fa9f in Item_subselect::fix_fields (this=0x9188ac0, thd_param=0x9116a98, ref=0x9188ba4) at item_subselect.cc:145
#5  0x08152b32 in Item_func::fix_fields (this=0x9188b58, thd=0x9116a98, ref=0x0) at item_func.cc:163
#6  0x08126a2c in fix_fields_part_func (thd=0x9116a98, tables=0x425147e0, func_expr=0x9188b58, part_info=0x917a718, is_sub_part=false) at sql_partition.cc:1221
#7  0x081279b5 in fix_partition_func (thd=0x9116a98, name=0x91816c0 "./test/t12", table=0x914c580, is_create_table_ind=false) at sql_partition.cc:1822
#8  0x08225f3f in open_table_from_share (thd=0x9116a98, share=0x9181480, alias=0x91b00a0 "t12", db_stat=39, prgflag=44, ha_open_flags=0, outparam=0x914c580, is_create_table=false) at table.cc:1488
#9  0x0821a624 in open_unireg_entry (thd=0x9116a98, entry=0x914c580, table_list=0x91b00a8, alias=0x91b00a0 "t12", cache_key=0x42515230 "test", cache_key_length=9, mem_root=0x42515310) at sql_base.cc:2520
#10 0x08218e40 in open_table (thd=0x9116a98, table_list=0x91b00a8, mem_root=0x42515310, refresh=0x4251533b, flags=2) at sql_base.cc:1956
#11 0x0821adb1 in open_tables (thd=0x9116a98, start=0x42515394, counter=0x42515384, flags=2) at sql_base.cc:2775
#12 0x0821b6ef in open_normal_and_derived_tables (thd=0x9116a98, tables=0x91b00a8, flags=2) at sql_base.cc:3107
#13 0x082ec2a0 in get_all_tables (thd=0x9116a98, tables=0x912ed40, cond=0x0) at sql_show.cc:2441
#14 0x082f5a7e in get_schema_tables_result (join=0x912fc60) at sql_show.cc:4670
#15 0x0822ee80 in JOIN::exec (this=0x912fc60) at sql_select.cc:1350
#16 0x082309ed in mysql_select (thd=0x9116a98, rref_pointer_array=0x9116e38, tables=0x912ed40, wild_num=1, fields=@0x9116d9c, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2684635648, result=0x912fc50, unit=0x9116ae8, select_lex=0x9116d14) at sql_select.cc:1933
#17 0x0822b3ae in handle_select (thd=0x9116a98, lex=0x9116ad8, result=0x912fc50, setup_tables_done_option=0) at sql_select.cc:238
#18 0x081e8ddc in mysql_execute_command (thd=0x9116a98) at sql_parse.cc:2513
#19 0x081f2534 in mysql_parse (thd=0x9116a98, inBuf=0x912ec10 "select * from information_schema.tables", length=39) at sql_parse.cc:5777
#20 0x081e6d11 in dispatch_command (command=COM_QUERY, thd=0x9116a98, packet=0x9107e19 "select * from information_schema.tables", packet_length=40) at sql_parse.cc:1740
#21 0x081e64d5 in do_command (thd=0x9116a98) at sql_parse.cc:1536
#22 0x081e5534 in handle_one_connection (arg=0x9116a98) at sql_parse.cc:1178
#23 0x40173aa7 in start_thread () from /lib/tls/libpthread.so.0
#24 0x402a4c2e in clone () from /lib/tls/libc.so.6

(gdb) f 0
#0  0x08222341 in setup_table_map (table=0x0, table_list=0x9188c78, tablenr=0) at mysql_priv.h:1718
 /work/mysql-5.1-bug18078/sql/mysql_priv.h:1718:69260:beg:0x8222341
(gdb) p table_list
$2 = (TABLE_LIST *) 0x9188c78
(gdb) p *table_list
$3 = {next_local = 0x0, next_global = 0x0, prev_global = 0x425145e0, db = 0x87cd9a8 "", alias = 0x917aa98 "t1", table_name = 0x917aa78 "t1", schema_table_name = 0x0, option = 0x0, on_expr = 0x0, prep_on_expr = 0x0, cond_equal = 0x0, natural_join = 0x0, is_natural_join = false, join_using_fields = 0x0, join_columns = 0x0, is_join_columns_complete = false, next_name_resolution_table = 0x0, use_index = 0x0, ignore_index = 0x0, table = 0x0, derived_result = 0x0, correspondent_table = 0x0, derived = 0x0, schema_table = 0x0, schema_select_lex = 0x0, is_schema_table_processed = false, schema_table_reformed = false, schema_table_param = 0x0, select_lex = 0x917a820, view = 0x0, field_translation = 0x0, field_translation_end = 0x0, merge_underlying_list = 0x0, view_tables = 0x0, belong_to_view = 0x0, referencing_view = 0x0, security_ctx = 0x0, view_sctx = 0x0, next_leaf = 0x0, where = 0x0, check_option =
[29 Mar 2006 11:44] Sergei Glukhov 
This and all other bugs related to allowing expressions as partition functions
are being closed as "won't fix" and replaced with Bug #18198  	Expressions are
allowed as partition functions.
[2 Nov 2007 15:51] Mattias Jonsson 
Tested to do "SELECT * FROM I_S.tables" with tables that was crashed-marked, without crashing the server.
It gives the following in the TABLE_COMMENT column for a crashed table:
Unable to open underlying table which is differently defined or of non-MyISAM ty