Ubuntu
mysql-dfsg-5.0 package

MySQL 5.0.22 Crash on Ubuntu 6.06.2 LTS (SELECT 0+0+0...)

Bug #394036 reported by Shang Wu
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mysql-dfsg-5.0 (Ubuntu)
Fix Released
Undecided
Unassigned
Dapper
Invalid
Medium
Unassigned

Bug Description

Fresh install dapper 6.06.2 with latest updates. Running MySQL Version: 5.0.22-0ubuntu6.06.11 on the system.

Using the default my.cnf with one setting changed:
thread_stack = 265K

Running the following MySQL command:
mysql> SELECT 0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0;
Then we get the error:
ERROR 2013 (HY000): Lost connection to MySQL server during query

From syslog, it show:

Jun 30 10:00:39 ubuntu mysqld[14953]: mysqld got signal 11;
Jun 30 10:00:39 ubuntu mysqld[14953]: This could be because you hit a bug. It is also possible that this binary
Jun 30 10:00:39 ubuntu mysqld[14953]: or one of the libraries it was linked against is corrupt, improperly built,
Jun 30 10:00:39 ubuntu mysqld[14953]: or misconfigured. This error can also be caused by malfunctioning hardware.
Jun 30 10:00:39 ubuntu mysqld[14953]: We will try our best to scrape up some info that will hopefully help diagnose
Jun 30 10:00:39 ubuntu mysqld[14953]: the problem, but since we have already crashed, something is definitely wrong
Jun 30 10:00:39 ubuntu mysqld[14953]: and this may fail.
Jun 30 10:00:39 ubuntu mysqld[14953]:
Jun 30 10:00:39 ubuntu mysqld[14953]: key_buffer_size=16777216
Jun 30 10:00:39 ubuntu mysqld[14953]: read_buffer_size=131072
Jun 30 10:00:39 ubuntu mysqld[14953]: max_used_connections=1
Jun 30 10:00:39 ubuntu mysqld[14953]: max_connections=100
Jun 30 10:00:39 ubuntu mysqld[14953]: threads_connected=1
Jun 30 10:00:39 ubuntu mysqld[14953]: It is possible that mysqld could use up to
Jun 30 10:00:39 ubuntu mysqld[14953]: key_buffer_size + (read_buffer_size + sort_buffer_size)*max_connections = 233983 K
Jun 30 10:00:39 ubuntu mysqld[14953]: bytes of memory
Jun 30 10:00:39 ubuntu mysqld[14953]: Hope that's ok; if not, decrease some variables in the equation.
Jun 30 10:00:39 ubuntu mysqld[14953]:
Jun 30 10:00:39 ubuntu mysqld[14953]: thd=0x8b0d238
Jun 30 10:00:39 ubuntu mysqld[14953]: Attempting backtrace. You can use the following information to find out
Jun 30 10:00:39 ubuntu mysqld[14953]: where mysqld died. If you see no messages after this, something went
Jun 30 10:00:39 ubuntu mysqld[14953]: terribly wrong...
Jun 30 10:00:39 ubuntu mysqld[14953]: Cannot determine thread, fp=0xb3f54d48, backtrace may not be correct.
Jun 30 10:00:39 ubuntu mysqld[14953]: Stack range sanity check OK, backtrace follows:
Jun 30 10:00:39 ubuntu mysqld[14953]: 0x818a089
Jun 30 10:00:39 ubuntu mysqld[14953]: 0xffffe420
Jun 30 10:00:39 ubuntu mysqld[14953]: 0x8b2d890
Jun 30 10:00:39 ubuntu mysqld[14953]: 0x81d24e4
Jun 30 10:00:39 ubuntu mysqld[14953]: 0x81d2877
Jun 30 10:00:39 ubuntu mysqld[14953]: 0x81d40cd
Jun 30 10:00:39 ubuntu mysqld[14953]: 0x81e6609
Jun 30 10:00:39 ubuntu mysqld[14953]: 0x8279856
Jun 30 10:00:39 ubuntu mysqld[14953]: 0x827b172
Jun 30 10:00:39 ubuntu mysqld[14953]: 0x827afae
Jun 30 10:00:39 ubuntu mysqld[14953]: 0x81c2c21
Jun 30 10:00:39 ubuntu mysqld[14953]: 0x819d205
Jun 30 10:00:39 ubuntu mysqld[14953]: 0x81a2ce7
Jun 30 10:00:39 ubuntu mysqld[14953]: 0x81a32b1
Jun 30 10:00:39 ubuntu mysqld[14953]: 0x81a43ec
Jun 30 10:00:39 ubuntu mysqld[14953]: 0x81a4d98
Jun 30 10:00:39 ubuntu mysqld[14953]: 0xb7f1c341
Jun 30 10:00:39 ubuntu mysqld[14953]: 0xb7d6d4ee
Jun 30 10:00:39 ubuntu mysqld[14953]: New value of fp=(nil) failed sanity check, terminating stack trace!
Jun 30 10:00:39 ubuntu mysqld[14953]: Please read http://dev.mysql.com/doc/mysql/en/Using_stack_trace.html and follow instructions on how to resolve the stack trace. Resolved
Jun 30 10:00:39 ubuntu mysqld[14953]: stack trace is much more helpful in diagnosing the problem, so please do
Jun 30 10:00:39 ubuntu mysqld[14953]: resolve it
Jun 30 10:00:39 ubuntu mysqld[14953]: Trying to get some variables.
Jun 30 10:00:39 ubuntu mysqld[14953]: Some pointers may be invalid and cause the dump to abort...
Jun 30 10:00:39 ubuntu mysqld[14953]: thd->query at 0x8b2c730 = SELECT * FROM (SELECT mu.User FROM mysql.user mu UNION SELECT mu.user FROM mysql.user mu ORDER BY mu.user) a
Jun 30 10:00:39 ubuntu mysqld[14953]: thd->thread_id=1
Jun 30 10:00:39 ubuntu mysqld[14953]: The manual page at http://www.mysql.com/doc/en/Crashing.html contains
Jun 30 10:00:39 ubuntu mysqld[14953]: information that should help you find out what is causing the crash.
Jun 30 10:00:39 ubuntu mysqld_safe[14970]: Number of processes running now: 0
Jun 30 10:00:39 ubuntu mysqld_safe[14972]: restarted
Jun 30 10:00:39 ubuntu mysqld[14975]: 090630 10:00:39 InnoDB: Started; log sequence number 0 43655
Jun 30 10:00:39 ubuntu mysqld[14975]: 090630 10:00:39 [Note] Recovering after a crash using /var/log/mysql/mysql-bin
Jun 30 10:00:39 ubuntu mysqld[14975]: 090630 10:00:39 [Note] Starting crash recovery...
Jun 30 10:00:39 ubuntu mysqld[14975]: 090630 10:00:39 [Note] Crash recovery finished.
Jun 30 10:00:39 ubuntu mysqld[14975]: 090630 10:00:39 [Note] /usr/sbin/mysqld: ready for connections.
Jun 30 10:00:39 ubuntu mysqld[14975]: Version: '5.0.22-Debian_0ubuntu6.06.11-log' socket: '/var/run/mysqld/mysqld.sock' port: 3306 Debian Etch distribution

Here is some debug info:
# gdb /usr/sbin/mysqld
GNU gdb 6.4-debian
Copyright 2005 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...(no debugging symbols found)
Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".

(gdb) q
root@builder:~# gdb /usr/sbin/mysqld | tee /tmp/mysqltrace.txt
GNU gdb 6.4-debian
Copyright 2005 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...(no debugging symbols found)
Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".

(gdb) r
Starting program: /usr/sbin/mysqld
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1211894080 (LWP 31517)]
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
090630 12:51:05 InnoDB: Started; log sequence number 0 43655
090630 12:51:05 [Note] /usr/sbin/mysqld: ready for connections.
Version: '5.0.22-Debian_0ubuntu6.06.11-log' socket: '/var/run/mysqld/mysqld.sock' port: 3306 Debian Etch distribution
[New Thread -1241224272 (LWP 31520)]
[New Thread -1249616976 (LWP 31521)]
[New Thread -1258009680 (LWP 31522)]
[New Thread -1266402384 (LWP 31523)]
[New Thread -1279702096 (LWP 31524)]
[New Thread -1288094800 (LWP 31525)]
[New Thread -1296487504 (LWP 31526)]
[Thread -1279702096 (zombie) exited]
[New Thread -1304880208 (LWP 31527)]
[New Thread -1276731472 (LWP 31528)]
[New Thread -1277005904 (LWP 31529)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1277005904 (LWP 31529)]
0xb7c7bf00 in vfprintf () from /lib/tls/i686/cmov/libc.so.6
(gdb) bt
#0 0xb7c7bf00 in vfprintf () from /lib/tls/i686/cmov/libc.so.6
#1 0xb7c9741b in vsprintf () from /lib/tls/i686/cmov/libc.so.6
#2 0xb7c8476b in sprintf () from /lib/tls/i686/cmov/libc.so.6
#3 0x08198b0c in check_stack_overrun ()
#4 0x0812f7be in Item_func::fix_fields ()
#5 0x0812f932 in Item_func::fix_fields ()
#6 0x0812f932 in Item_func::fix_fields ()
#7 0x0812f932 in Item_func::fix_fields ()
#8 0x0812f932 in Item_func::fix_fields ()

--- removed a lot more Item_func::fix_fields messages

#849 0x0812f932 in Item_func::fix_fields ()
#850 0x0812f932 in Item_func::fix_fields ()
#851 0x0812f932 in Item_func::fix_fields ()
#852 0x0812f932 in Item_func::fix_fields ()
#853 0x0812f932 in Item_func::fix_fields ()
#854 0x0812f932 in Item_func::fix_fields ()
#855 0x081c19ef in setup_fields ()
#856 0x081d3b6c in JOIN::prepare ()
#857 0x081e6a38 in mysql_select ()
#858 0x081e6d91 in handle_select ()
#859 0x0819d260 in mysql_execute_command ()
#860 0x081a2ce7 in mysql_parse ()
#861 0x081a32b1 in dispatch_command ()
#862 0x081a43ec in do_command ()
#863 0x081a4d98 in handle_one_connection ()
#864 0xb7eb9341 in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#865 0xb7d0a4ee in clone () from /lib/tls/i686/cmov/libc.so.6

Revision history for this message
Daniël van Eeden (dveeden) wrote :
Download full text (21.4 KiB)

I saw a similair query which seem to crash the MySQL client (version 5.0.22-0ubuntu6.06.11).

mysql> SELECT CONCAT('', 0+8609563+141+141+488+141+141+141+141+141+141+141+141+141+141+141+141+871+268+488+141+141+141+141+141+141+141+1232+141+141+141+141+141+360+141+360+141+141+488+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+488+141+141+141+1695+141+141+141+141+141+141+141+141+488+141+141+141+141+141+141+141+141+141+360+141+141+141+141+141+141+141+141+488+141+141+141+141+141+360+141+360+141+359+359+141+488+141+141+578+141+1579+706+578+141+466+466+488+141+141+360+141+141+141+141+141+141+141+1127+141+141+141+141+141+141+141+141+141+141+141+360+141+141+141+1003+141+141+141+488+141+141+141+141+141+141+141+141+141+141+141+141+141+141+360+141+141+141+487+141+141+141+141+141+141+141+1032+487+141+141+141+141+141+141+141+141+141+141+141+487+141+141+141+141+141+141+141+141+141+141+487+141+1217+141+141+141+141+278+141+141+141+141+141+487+141+141+141+141+141+1137+141+141+141+141+141+141+141+487+141+141+141+141+141+141+141+141+835+141+141+141+141+141+277+141+1053+141+141+1001+141+141+141+141+487+141+141+141+141+141+141+141+141+269167+7777418+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+244+141+141+141+486+141+141+273+141+141+141+141+141+141+359+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+1114+141+141+141+141+141+141+141+141+141+141+141+141+1003+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+1994+141+141+141+141+141+141+141+141+141+1326+141+141+141+141+141+141+141+141+141+141+141+486+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+277+141+141+141+141+141+141+466+141+141+141+141+141+141+141+141+141+141+141+141+141+141+488+141+579+141+141+141+141+141+141+141+141+141+141+466+710+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+488+141+141+141+141+141+141+141+141+141+141+141+488+141+141+141+141+141+141+141+141+141+488+141+141+141+141+141+141+141+141+141+141+141+141+2211+141+141+1291+141+141+141+141+2134+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+255946+10410609+141+141+141+237+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+1033+141+141+141+141+141+1020+141+141+141+141+141+141+363+1105+141+269+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+360+360+141+141+141+466+141+141+141+141+141+141+141+485+141+523+141+141+360+141+141+141+141+466+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+2011+141+141+141+141+141+141+249+141+141+141+1005+320+141+141+141+486+141+141+141+141+141+429+141+141+141+141+998+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+141+365+141+141+141+141+141+141+141+141+141+141+141+141+141+1239+141+141+141+486+141+141+141+141+141+141+141+320+645+141+141+141+141+488+141+141+488+141+141+141+141+141+141+141+141+141+141+141+141+141+141+...

Revision history for this message
Daniël van Eeden (dveeden) wrote :

The above query together with this config crashes the server.

# egrep -v "^($|#)" /etc/mysql/my.cnf
[client]
port = 3306
socket = /var/run/mysqld/mysqld.sock
[mysqld_safe]
socket = /var/run/mysqld/mysqld.sock
nice = 0
core-file-size = unlimited
[mysqld]
core-file
user = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = 3306
basedir = /usr
datadir = /export/mysql
tmpdir = /tmp
language = /usr/share/mysql/english
skip-external-locking
old_passwords = 1
bind-address = 0.0.0.0
key_buffer = 128M
max_allowed_packet = 16M
thread_stack = 265K
table_cache = 16M
query_cache_limit = 1048576
query_cache_size = 128M
query_cache_type = 1
log-bin = /var/log/mysql/mysql-bin.log
expire-logs-days = 20
max_binlog_size = 104857600
skip-bdb
innodb_buffer_pool_size = 64M
[mysqldump]
quick
quote-names
max_allowed_packet = 16M
[mysql]
[isamchk]
key_buffer = 16M

Revision history for this message
Mathias Gug (mathiaz) wrote :

On hardy and above the server doesn't crash. Instead the following error is reported:

ERROR 1436 (HY000): Thread stack overrun: 250312 bytes used of a 262144 byte stack, and 12000 bytes needed. Use 'mysqld -O thread_stack=#' to specify a bigger stack.

Marking bug Fixed Released for hardy and above.

Changed in mysql-dfsg-5.0 (Ubuntu):
status: New → Fix Released
Changed in mysql-dfsg-5.0 (Ubuntu Dapper):
importance: Undecided → Medium
status: New → Triaged
Revision history for this message
Mathias Gug (mathiaz) wrote :

What needs to be to move things forward on dapper is to figure out which version of mysql has the fix.

1. Narrow down the range of versions to test by testing mysql packages from every release (edgy, feisty, gutsy).
2. Figure out if mysql keeps an archive of all previous releases. If not, look at the bzr branches - they may use tag for each release.
3. Use the bisection method to find out which release of mysql fixed the bug by building a binary package for each release.
4. Go through the list of changes for that release and figure out which patch has fixed the bugs.

Revision history for this message
Andreas Olsson (andol) wrote :

I can reproduce this bug in MySQL 5.0.24a-9ubuntu2.4 (edgy)
It appears to have been fixed in MySQL 5.0.38-0ubuntu1 (feisty)

Do note that even affected MySQL versions can detect/handle ERROR 1436. It seems as if the option thread_stack has to be within a certain range for this bug to manifest itself.

Revision history for this message
Mathias Gug (mathiaz) wrote :

On a related note, here is a link where previous versions of mysql 5.0 can be downloaded:

http://snaps.mysql.com/archives.php?p=mysql-5.0&o=other

Revision history for this message
Shang Wu (shangwu) wrote :

Seems to be directly related to:
http://bugs.mysql.com/bug.php?id=21476

Revision history for this message
JC Hulce (soaringsky) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. The version of Ubuntu you're reporting this issue on is in End of Life status, and newer versions have fixed this issue. You can learn more about this at https://wiki.ubuntu.com/Releases

Changed in mysql-dfsg-5.0 (Ubuntu Dapper):
status: Triaged → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.