problem afer upgrade to mysql 5.0.22-0ubuntu6.06.8

Bug #209699 reported by buttha on 2008-03-31
2
Affects Status Importance Assigned to Milestone
mysql-dfsg-5.0 (Ubuntu)
Undecided
Jamie Strandboge

Bug Description

Binary package hint: mysql-server

After upgrade (on a 6.06 tls) to:

mysql-client-5.0_5.0.22-0ubuntu6.06.8_amd64.deb
mysql-common_5.0.22-0ubuntu6.06.8_all.deb
mysql-server_5.0.22-0ubuntu6.06.8_all.deb
mysql-server-5.0_5.0.22-0ubuntu6.06.8_amd64.deb
libmysqlclient15off_5.0.22-0ubuntu6.06.8_amd64.deb

mysql stop working correctly (I'll show you the problem later) on a large database (but only with that database: others works correclty).
Doing a downgrade to

libmysqlclient15off_5.0.22-0ubuntu6.06.6_amd64.deb
mysql-client-5.0_5.0.22-0ubuntu6.06.6_amd64.deb
mysql-common_5.0.22-0ubuntu6.06.6_all.deb
mysql-server_5.0.22-0ubuntu6.06.6_all.deb
mysql-server-5.0_5.0.22-0ubuntu6.06.6_amd64.deb

fixed the problem.

The problem is: I can't see the list of database's tables using SQLyog, while database works well (applications don't stop working and I can do every kind of query obtaining the correct result).
In order to let me see database's tables, SQLyog execute::

select `TABLE_NAME` from `INFORMATION_SCHEMA`.`TABLES` where
`TABLE_SCHEMA` = db_name' and `TABLE_TYPE` = 'BASE TABLE'

query give me the list of tables if executed on small databases. When I try to execute it on a large database (with a lot of tables) this is the result:

**************************************************
Mar 31 15:08:45 behappy mysqld[15539]: mysqld got signal 11;
Mar 31 15:08:45 behappy mysqld[15539]: This could be because you hit a bug. It is also possible that this binary
Mar 31 15:08:45 behappy mysqld[15539]: or one of the libraries it was linked against is corrupt, improperly built,
Mar 31 15:08:45 behappy mysqld[15539]: or misconfigured. This error can also be caused by malfunctioning hardware.
Mar 31 15:08:45 behappy mysqld[15539]: We will try our best to scrape up some info that will hopefully help diagnose
Mar 31 15:08:45 behappy mysqld[15539]: the problem, but since we have already crashed, something is definitely wrong
Mar 31 15:08:45 behappy mysqld[15539]: and this may fail.
Mar 31 15:08:45 behappy mysqld[15539]:
Mar 31 15:08:45 behappy mysqld[15539]: key_buffer_size=16777216
Mar 31 15:08:45 behappy mysqld[15539]: read_buffer_size=131072
Mar 31 15:08:45 behappy mysqld[15539]: max_used_connections=3
Mar 31 15:08:45 behappy mysqld[15539]: max_connections=100
Mar 31 15:08:45 behappy mysqld[15539]: threads_connected=1
Mar 31 15:08:45 behappy mysqld[15539]: It is possible that mysqld could use up to
Mar 31 15:08:45 behappy mysqld[15539]: key_buffer_size + (read_buffer_size + sort_buffer_size)*max_connections = 233983 K
Mar 31 15:08:45 behappy mysqld[15539]: bytes of memory
Mar 31 15:08:45 behappy mysqld[15539]: Hope that's ok; if not, decrease some variables in the equation.
Mar 31 15:08:45 behappy mysqld[15539]:
Mar 31 15:08:45 behappy mysqld_safe[15843]: Number of processes running now: 0
Mar 31 15:08:45 behappy mysqld_safe[15845]: restarted
Mar 31 15:08:46 behappy mysqld[15848]: 080331 15:08:46 InnoDB: Database was not shut down normally!
Mar 31 15:08:46 behappy mysqld[15848]: InnoDB: Starting crash recovery.
Mar 31 15:08:46 behappy mysqld[15848]: InnoDB: Reading tablespace information from the .ibd files...
Mar 31 15:08:46 behappy mysqld[15848]: InnoDB: Restoring possible half-written data pages from the doublewrite
Mar 31 15:08:46 behappy mysqld[15848]: InnoDB: buffer...
Mar 31 15:08:46 behappy mysqld[15848]: 080331 15:08:46 InnoDB: Starting log scan based on checkpoint at
Mar 31 15:08:46 behappy mysqld[15848]: InnoDB: log sequence number 0 6654142.
Mar 31 15:08:46 behappy mysqld[15848]: InnoDB: Doing recovery: scanned up to log sequence number 0 6654142
Mar 31 15:08:46 behappy mysqld[15848]: InnoDB: Last MySQL binlog file position 0 53628556, file name /var/log/mysql/mysql-bin.000411
Mar 31 15:08:46 behappy mysqld[15848]: 080331 15:08:46 InnoDB: Started; log sequence number 0 6654142
Mar 31 15:08:46 behappy mysqld[15848]: 080331 15:08:46 [Note] Recovering after a crash using /var/log/mysql/mysql-bin
Mar 31 15:08:46 behappy mysqld[15848]: 080331 15:08:46 [Note] Starting crash recovery...
Mar 31 15:08:46 behappy mysqld[15848]: 080331 15:08:46 [Note] Crash recovery finished.
Mar 31 15:08:46 behappy mysqld[15848]: 080331 15:08:46 [Note] /usr/sbin/mysqld: ready for connections.
Mar 31 15:08:46 behappy mysqld[15848]: Version: '5.0.22-Debian_0ubuntu6.06.8-log' socket: '/var/run/mysqld/mysqld.sock' port: 3306 Debian Etch distributio
**************************************************

since in [url=http://www.net-security.org/advisory.php?id=8674]the advisory[/url] we can read:

*******************************************************
Masaaki Hirose discovered that MySQL could be made to dereference
a NULL pointer. An authenticated user could cause a denial of service
(application crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA
table. This issue only affects Ubuntu 6.06 and 6.10. (CVE-2006-7232)
*******************************************************

I suspect it may be related.

Jamie Strandboge (jdstrand) wrote :

Thank you for using Ubuntu and taking the time to report a bug. How large is the database? Would it be possible to provide a mysqldump of the database? This can be coordinated outside of Launchpad if needed.

Changed in mysql-dfsg-5.0:
assignee: nobody → jamie-strandboge
status: New → Incomplete

You can download the dump from
http://84.233.155.194/dump.gz

best regards
Andrea Buttarello

Jamie Strandboge ha scritto:
> Thank you for using Ubuntu and taking the time to report a bug. How
> large is the database? Would it be possible to provide a mysqldump of
> the database? This can be coordinated outside of Launchpad if needed.
>
> ** Changed in: mysql-dfsg-5.0 (Ubuntu)
> Assignee: (unassigned) => Jamie Strandboge (jamie-strandboge)
> Status: New => Incomplete
>

Jamie Strandboge (jdstrand) wrote :

I have confirmed that this dump causes the problem. To reproduce:
1. apt-get install mysql-server-5.0
2. /etc/init.d/mysql reset-password
3. update the database to accept connections from anywhere for root:
mysql> update user set host='%' where user='root' and host='hostname here';
mysql> flush privileges;
('hostname here' should be substituted with what is found with 'select host,user from user;'

4. now restore from the dump with:
mysql -u root -p < ./dump

5. trigger with:
$ mysql -u root -p
use information_schema;
select * from TABLES;

Changed in mysql-dfsg-5.0:
status: Incomplete → Confirmed
Jamie Strandboge (jdstrand) wrote :

Feel free to remove the dump link as I have it now.

Jamie Strandboge (jdstrand) wrote :

I forgot to mention in step 3, should do before the select:
mysql> use mysql;

Jamie Strandboge (jdstrand) wrote :

Feisty 5.0.38-0ubuntu1.4 and Gutsy 5.0.45-1ubuntu3.3 not affected.

Jamie Strandboge (jdstrand) wrote :

Edgy 5.0.24a-9ubuntu2.4 no affected.

Jamie Strandboge (jdstrand) wrote :

The patch for Dapper exposed upstream bug http://bugs.mysql.com/bug.php?id=20482. Preliminary patch does not fail.

Changed in mysql-dfsg-5.0:
status: Confirmed → Triaged
Jamie Strandboge (jdstrand) wrote :

In addition to the above test case, the following works as expected:
select `TABLE_NAME` from `INFORMATION_SCHEMA`.`TABLES` where `TABLE_SCHEMA` = 'mosaicox' and `TABLE_TYPE` = 'BASE TABLE';

Running patched package through QA.

Changed in mysql-dfsg-5.0:
status: Triaged → In Progress
Changed in mysql-dfsg-5.0:
status: In Progress → Fix Committed
Jamie Strandboge (jdstrand) wrote :
Changed in mysql-dfsg-5.0:
status: Fix Committed → Fix Released
buttha (buttha) wrote :

thank you, now it works.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers