Bug #24358 Table access crashes server
Submitted: 16 Nov 2006 11:19 Modified: 7 Feb 2007 12:19
Reporter: Steven Hartland Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: MyISAM storage engine Severity:S1 (Critical)
Version:5.0.32-BK OS:Linux (Linux)
Assigned to: Sergey Vojtovich

[16 Nov 2006 11:19] Steven Hartland
Description:
Just accessing a table we have hear which reports as being just fine with myisamchk crashes the db. Tested on 4.0.22-nt, 4.1.21 and 5.0.18 all have the same effect.

How to repeat:
Access the table which will be attached

Suggested fix:
It seems to be releated to the .frm file replacing this with a copy from an old version seems to fix the problem.
[21 Nov 2006 16:59] Valerii Kravchuk
Thank you for a problem report. What exact SQL statement should I execute agains your table? Please, check with the latest versions: 4.0.28, 4.1.21, 5.0.27 (for 5.0.27 you'll need to dump and restore the table, almost surely), and inform about the results.
[21 Nov 2006 17:09] Steven Hartland
It appeared any select against the table caused the issue. As mentioned we tried the latest in the 4.1 stream but didnt have the latest 5.x on hand to try but as they all we needed 4.1 that by the by a bit.
[22 Nov 2006 8:29] Valerii Kravchuk
Do you mean that even

SELECT * FROM thread;

will crash the server? Have you tried to run CHECK TABLE thread?
[22 Nov 2006 13:36] Steven Hartland
That is correct. I just tested that case, had only used a LIMIT case before, but that does indeed crash the entire db.

Both check table and repair table report no errors either done via the server or from the command line, thats one of the most worrying factors as there is no indication there is anything wrong with the table at all.
[25 Nov 2006 8:43] Valerii Kravchuk
I've got a crash with 5.0.32-debug when put your `thread` table files into a database and tried to use it:

openxs@suse:~/dbs/5.0> cd var/s
openxs@suse:~/dbs/5.0/var/s> ../../bin/myisamchk -e thread.MYI
Checking MyISAM file: thread.MYI
Data records:    2672   Deleted blocks:       0
- check file-size
- check record delete-chain
- check key delete-chain
- check index reference
- check data record references index: 1
- check data record references index: 2
- check data record references index: 3
- check data record references index: 4
- check data record references index: 5
- check data record references index: 6
- check data record references index: 7
- check records and index references
openxs@suse:~/dbs/5.0/var/s> cd ../..
openxs@suse:~/dbs/5.0> bin/mysqld_safe &
[1] 12193
openxs@suse:~/dbs/5.0> Starting mysqld daemon with databases from /home/openxs/d
bs/5.0/var

openxs@suse:~/dbs/5.0> bin/mysql -uroot
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.0.32-debug Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> use s;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql>
Number of processes running now: 0
061125 09:26:25  mysqld restarted

Moreover, exen mysqlchk -e had not found any problems with this table.

Resolved stack trace is:

openxs@suse:~/dbs/5.0> bin/resolve_stack_dump  -s /tmp/mysqld50.sym -n 24358.st
ack
0x81d6f28 handle_segfault + 412
0x401f5903 _end + 933816611
0x82ed8a4 _Z18mysqld_list_fieldsP3THDP13st_table_listPKc + 456
0x81edb96 _Z16dispatch_command19enum_server_commandP3THDPcj + 3224
0x81eceee _Z10do_commandP3THD + 526
0x81ec0da handle_one_connection + 982
0x40050aa7 _end + 932092615
0x40247c2e _end + 934153294

Buf repair found some problem:

openxs@suse:~/dbs/5.0/var/s> ../../bin/myisamchk -e -r thread.MYI
- recovering (with sort) MyISAM-table 'thread.MYI'
Data records: 2672
- Fixing index 1
Found block with too small length at 61720; Skipped
Found link that points at 7527043798416888069 (outside data file) at 115152
- Fixing index 2
- Fixing index 3
- Fixing index 4
- Fixing index 5
- Fixing index 6
- Fixing index 7

And even after that repair server still crashes.
[15 Dec 2006 12:01] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/17042

ChangeSet@1.2583, 2006-12-15 16:01:56+04:00, svoj@mysql.com +1 -0
  BUG#24358 - Table access crashes server
  
  Having broken .frm, particulary number of field names does
  not match number of fields, causes server crash.
  
  Refuse to open a table if number of field names in a table
  is not equal to number of fields in a table.
  
  No test case, since it requires broken .frm file.
[25 Jan 2007 9:29] Sergey Vojtovich
Pushed to trees currently marked as 5.0.36 and 5.1.15.
[26 Jan 2007 13:39] Steven Hartland
Is this fix going to be pushed into 4.x?
[26 Jan 2007 14:04] Sergey Vojtovich
Steven,

I hope to push it into 4.1 during next week.
[5 Feb 2007 11:41] Sergey Vojtovich
Pushed to tree currently marked as 4.1.23.
[7 Feb 2007 12:19] MC Brown
A note has been added to the 4.1.23, 5.0.36 and 5.1.15 changelogs.