Bug #44940 mysqld crashes when creating a cluster table with 64 character table name
Submitted: 18 May 2009 18:28 Modified: 1 Dec 2020 2:20
Reporter: Hartmut Holzgraefe Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Cluster: Cluster (NDB) storage engine Severity:S1 (Critical)
Version:mysql-5.1-telco-7.0, 7.2.0 OS:Linux
Assigned to: Assigned Account CPU Architecture:Any

[18 May 2009 18:28] Hartmut Holzgraefe 
Description:
Using a ndb-7.0.5 debug-max build:

Trying to create a cluster table with 65 character table name fails with "Incorrect table name" which is OK ...

Creating a 63 character table name works which is also OK ...

Creating a 64 character table name crashes the mysqld server, but after restarting the mysqld the table exists just fine and can be used to store and retrieve data.

When trying to DROP the table the server crashes again, after restarting the server the table is gone though.

How to repeat:
mysql> create table abcdefghijklmnopqrstuvwxyz1234567890bcdefghijklmnopqrstuvwxyz12(id int primary key) engine=ndb; -- 63 character name
Query OK, 0 rows affected (1.23 sec)

mysql> create table abcdefghijklmnopqrstuvwxyz1234567890bcdefghijklmnopqrstuvwxyz1234(id int primary key) engine=ndb; -- 65 character name
ERROR 1103 (42000): Incorrect table name 'abcdefghijklmnopqrstuvwxyz1234567890bcdefghijklmnopqrstuvwxyz1234'

mysql> create table abcdefghijklmnopqrstuvwxyz1234567890bcdefghijklmnopqrstuvwxyz123(id int primary key) engine=ndb; -- 64 character name
ERROR 2013 (HY000): Lost connection to MySQL server during query

Suggested fix:
do not crash
[18 May 2009 18:33] Hartmut Holzgraefe 
Backtrace from CREATE crash:

#0  0xb8071430 in __kernel_vsyscall ()
#1  0xb804b1c8 in __pthread_kill (threadid=2985085840, signo=6) at ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c:64
#2  0x0871f38d in my_write_core (sig=6) at stacktrace.c:310
#3  0x082d48ab in handle_segfault (sig=6) at mysqld.cc:2542
#4  <signal handler called>
#5  0xb8071430 in __kernel_vsyscall ()
#6  0xb7e896d0 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#7  0xb7e8b098 in *__GI_abort () at abort.c:88
#8  0xb7e825ce in *__GI___assert_fail (assertion=0x88fd02b "r == 0", file=0x88fb157 "ha_ndbcluster_binlog.cc", line=1971, 
    function=0x88ff2e0 "int ndbcluster_log_schema_op(THD*, const char*, int, const char*, const char*, uint32, uint32, SCHEMA_OP_TYPE, const char*, const char*, int)") at assert.c:78
#9  0x08524764 in ndbcluster_log_schema_op (thd=0xab6cca0, 
    query=0xab6e7e0 "create table abcdefghijklmnopqrstuvwxyz1234567890bcdefghijklmnopqrstuvwxyz123(id int primary key) engine=ndb", query_length=108, 
    db=0xab89058 "test", table_name=0xab8905d "abcdefghijklmnopqrstuvwxyz1234567890bcdefghijklmnopqrstuvwxyz123", ndb_table_id=7, ndb_table_version=2, 
    type=SOT_CREATE_TABLE, new_db=0x0, new_table_name=0x0, have_lock_open=1) at ha_ndbcluster_binlog.cc:1971
#10 0x0850a1c3 in ha_ndbcluster::create (this=0xab87c90, name=0xb1ecaeb0 "./test/abcdefghijklmnopqrstuvwxyz1234567890bcdefghijklmnopqrstuvwxyz123", 
    form=0xb1eca02c, create_info=0xb1ecb388) at ha_ndbcluster.cc:7170
#11 0x084116aa in handler::ha_create (this=0xab87c90, name=0xb1ecaeb0 "./test/abcdefghijklmnopqrstuvwxyz1234567890bcdefghijklmnopqrstuvwxyz123", 
    form=0xb1eca02c, info=0xb1ecb388) at handler.cc:3332
#12 0x08415086 in ha_create_table (thd=0xab6cca0, path=0xb1ecaeb0 "./test/abcdefghijklmnopqrstuvwxyz1234567890bcdefghijklmnopqrstuvwxyz123", 
    db=0xab6eb88 "test", table_name=0xab6e908 "abcdefghijklmnopqrstuvwxyz1234567890bcdefghijklmnopqrstuvwxyz123", create_info=0xb1ecb388, 
    update_create_info=false) at handler.cc:3543
#13 0x083c6135 in rea_create_table (thd=0xab6cca0, path=0xb1ecaeb0 "./test/abcdefghijklmnopqrstuvwxyz1234567890bcdefghijklmnopqrstuvwxyz123", 
    db=0xab6eb88 "test", table_name=0xab6e908 "abcdefghijklmnopqrstuvwxyz1234567890bcdefghijklmnopqrstuvwxyz123", create_info=0xb1ecb388, 
    create_fields=@0xb1ecb69c, keys=1, key_info=0xab70248, file=0xab6ed10) at unireg.cc:468
#14 0x08438220 in mysql_create_table_no_lock (thd=0xab6cca0, db=0xab6eb88 "test", 
    table_name=0xab6e908 "abcdefghijklmnopqrstuvwxyz1234567890bcdefghijklmnopqrstuvwxyz123", create_info=0xb1ecb388, alter_info=0xb1ecb678, 
    internal_tmp_table=false, select_field_count=0) at sql_table.cc:3578
#15 0x084386fd in mysql_create_table (thd=0xab6cca0, db=0xab6eb88 "test", 
    table_name=0xab6e908 "abcdefghijklmnopqrstuvwxyz1234567890bcdefghijklmnopqrstuvwxyz123", create_info=0xb1ecb388, alter_info=0xb1ecb678, 
    internal_tmp_table=false, select_field_count=0) at sql_table.cc:3690
#16 0x082e83ea in mysql_execute_command (thd=0xab6cca0) at sql_parse.cc:2658
#17 0x082f0545 in mysql_parse (thd=0xab6cca0, 
    inBuf=0xab6e7e0 "create table abcdefghijklmnopqrstuvwxyz1234567890bcdefghijklmnopqrstuvwxyz123(id int primary key) engine=ndb", length=108, 
    found_semicolon=0xb1ecc084) at sql_parse.cc:5813
#18 0x082f1305 in dispatch_command (command=COM_QUERY, thd=0xab6cca0, 
    packet=0xab91ca1 "create table abcdefghijklmnopqrstuvwxyz1234567890bcdefghijklmnopqrstuvwxyz123(id int primary key) engine=ndb", packet_length=108)
    at sql_parse.cc:1216
[...]

Backtrace from DROP TABLE crash:

#0  0xb809c430 in __kernel_vsyscall ()
#1  0xb80761c8 in __pthread_kill (threadid=2986486672, signo=6) at ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c:64
#2  0x0871f38d in my_write_core (sig=6) at stacktrace.c:310
#3  0x082d48ab in handle_segfault (sig=6) at mysqld.cc:2542
#4  <signal handler called>
#5  0xb809c430 in __kernel_vsyscall ()
#6  0xb7eb46d0 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#7  0xb7eb6098 in *__GI_abort () at abort.c:88
#8  0xb7ead5ce in *__GI___assert_fail (assertion=0x88fd02b "r == 0", file=0x88fb157 "ha_ndbcluster_binlog.cc", line=1971, 
    function=0x88ff2e0 "int ndbcluster_log_schema_op(THD*, const char*, int, const char*, const char*, uint32, uint32, SCHEMA_OP_TYPE, const char*, const char*, int)") at assert.c:78
#9  0x08524764 in ndbcluster_log_schema_op (thd=0x97dfaa8, 
    query=0xb201fcf4 "drop table `test`.`abcdefghijklmnopqrstuvwxyz1234567890bcdefghijklmnopqrstuvwxyz123`", query_length=84, db=0x9822528 "test", 
    table_name=0x982252d "abcdefghijklmnopqrstuvwxyz1234567890bcdefghijklmnopqrstuvwxyz123", ndb_table_id=7, ndb_table_version=2, type=SOT_DROP_TABLE, 
    new_db=0x0, new_table_name=0x0, have_lock_open=1) at ha_ndbcluster_binlog.cc:1971
#10 0x084fb556 in ha_ndbcluster::delete_table (thd=0x97dfaa8, h=0x97dce10, ndb=0x98043e8, 
    path=0xb2020eac "./test/abcdefghijklmnopqrstuvwxyz1234567890bcdefghijklmnopqrstuvwxyz123", db=0x97dcf7c "test", 
    table_name=0x97dd079 "abcdefghijklmnopqrstuvwxyz1234567890bcdefghijklmnopqrstuvwxyz123") at ha_ndbcluster.cc:7786
#11 0x0850766a in ha_ndbcluster::delete_table (this=0x97dce10, name=0xb2020eac "./test/abcdefghijklmnopqrstuvwxyz1234567890bcdefghijklmnopqrstuvwxyz123")
    at ha_ndbcluster.cc:7863
#12 0x08411706 in handler::ha_delete_table (this=0x97dce10, name=0xb2020eac "./test/abcdefghijklmnopqrstuvwxyz1234567890bcdefghijklmnopqrstuvwxyz123")
    at handler.cc:3302
#13 0x08417890 in ha_delete_table (thd=0x97dfaa8, table_type=0x9774298, 
    path=0xb2020eac "./test/abcdefghijklmnopqrstuvwxyz1234567890bcdefghijklmnopqrstuvwxyz123", db=0x97dce08 "test", 
    alias=0x97dcb88 "abcdefghijklmnopqrstuvwxyz1234567890bcdefghijklmnopqrstuvwxyz123", generate_warning=true) at handler.cc:1932
#14 0x0843d0e6 in mysql_rm_table_part2 (thd=0x97dfaa8, tables=0x97dcc30, if_exists=false, drop_temporary=false, drop_view=false, dont_log_query=false)
    at sql_table.cc:1733
#15 0x0843d701 in mysql_rm_table (thd=0x97dfaa8, tables=0x97dcc30, if_exists=0 '\0', drop_temporary=0 '\0') at sql_table.cc:1518
#16 0x082ea893 in mysql_execute_command (thd=0x97dfaa8) at sql_parse.cc:3303
#17 0x082f0545 in mysql_parse (thd=0x97dfaa8, inBuf=0x97dcaa8 "drop table abcdefghijklmnopqrstuvwxyz1234567890bcdefghijklmnopqrstuvwxyz123", length=75, 
    found_semicolon=0xb2022084) at sql_parse.cc:5813
#18 0x082f1305 in dispatch_command (command=COM_QUERY, thd=0x97dfaa8, 
    packet=0x97fffa1 "drop table abcdefghijklmnopqrstuvwxyz1234567890bcdefghijklmnopqrstuvwxyz123", packet_length=75) at sql_parse.cc:1216
[...]
[18 May 2009 20:14] Hartmut Holzgraefe 
Actual crash is here in sql/ha_ndbcluster_binlog.cc:1971

   1967       /* name */
   1968       ndb_pack_varchar(col[SCHEMA_NAME_I], tmp_buf, log_tab,
   1969                        strlen(log_tab));
   1970       r|= op->equal(SCHEMA_NAME_I, tmp_buf);
-> 1971       DBUG_ASSERT(r == 0);
[18 May 2009 20:16] Hartmut Holzgraefe 
See also bug# 25225
[25 May 2009 13:20] Jonathan Miller 
Please try non debug build
[25 Jun 2009 23:00] Bugs System 
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
[13 Jul 2011 22:58] Sveta Smirnova 
Bug #61831 was marked as duplicate of this one. I tested with release binaries
[1 Dec 2020 2:20] Jon Stephens 
Fixed in NDB 8.0.18 by BUG#89436.

Closed.