Bug #46267 Shutdown with idle connection crash the server
Submitted: 17 Jul 2009 16:53 Modified: 12 Nov 2009 19:12
Reporter: Miguel Solorzano Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: General Severity:S3 (Non-critical)
Version:5.4.4 OS:Windows (64-bit)
Assigned to: Vladislav Vaintroub CPU Architecture:Any
Tags: azalea

[17 Jul 2009 16:53] Miguel Solorzano 
Description:
Shutdown the server while there is an idle connection makes the server to crash:

c:\temp\mysql>bin\mysqld --standalone --console
090717 13:47:49 [Note] Plugin 'FEDERATED' is disabled.
090717 13:47:49  InnoDB: Started; log sequence number 0 46409
090717 13:47:50 [Note] Event Scheduler: Loaded 0 events
090717 13:47:50 [Note] bin\mysqld: ready for connections.
Version: '5.4.4-alpha-Win X64-debug'  socket: ''  port: 3306  Source distribution
090717 13:48:13 [Note] bin\mysqld: Normal shutdown

090717 13:48:13 [Note] Event Scheduler: Purging the queue. 0 events
090717 13:48:15 - mysqld got exception 0xc0000005 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help diagnose
the problem, but since we have already crashed, something is definitely wrong
and this may fail.

key_buffer_size=8384512
read_buffer_size=131072
max_used_connections=2
max_threads=151
thread_count=1
connection_count=1
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 338197 K
bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

thd: 0x0
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
00000001400562C0    mysqld.exe!close_connections()[mysqld.cc:1090]
0000000140055DB9    mysqld.exe!kill_server()[mysqld.cc:1254]
000000014005810F    mysqld.exe!handle_shutdown()[mysqld.cc:3111]
00000001406007CB    mysqld.exe!pthread_start()[my_winthread.c:62]
00000001407206F5    mysqld.exe!_callthreadstartex()[threadex.c:348]
00000001407206C4    mysqld.exe!_threadstartex()[threadex.c:331]
0000000076FFC3BD    kernel32.dll!BaseThreadInitThunk()
0000000077574581    ntdll.dll!RtlUserThreadStart()
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
information that should help you find out what is causing the crash.

How to repeat:
Start the server, connect with mysql client and then with mysqladmin issue the shutdown command.

Suggested fix:
-
[17 Jul 2009 17:14] Valeriy Kravchuk 
I can't repeat with debug (32-bit) binaries on Mac OS X. May be platform-specific.
[30 Jul 2009 7:54] Alexander Nozdrin 
I can not reproduce this bug on Windows 7 32-bit.
[9 Aug 2009 2:00] Vladislav Vaintroub 
I can reproduce it as described.
Looking closer, the problematic statemtn is in this code

    if (tmp->vio_ok())
    {
      if (global_system_variables.log_warnings)
      {
        sql_print_warning(ER(ER_FORCING_CLOSE),my_progname,
                          tmp->thread_id,....

In particular, ER(ER_FORCING_CLOSE) evaluates to 
_current_thd()->variables.lc_messages->errmsgs->errmsgs[(1080) - 1000]

_current_thd() is NULL in this case, so the whole thing crashes dereferencing a null pointer.
[10 Aug 2009 11:24] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/80435

2852 Vladislav Vaintroub	2009-08-10
      Bug #46267 Shutdown with idle connection crash the server
      The crashes happens when mysqld logs a warning. The macro ER() used in sql_print_warning
      references thread local storage variable via current_thd(), to output the warning in "current 
      user language". However, for the shutdown thread current_thd() will return NULL, and mysqld 
      will crash dereferecing NULL pointer.
      
      Solution: get error mesage text with ER_DEFAULT() macro instead of ER(), this does not 
      current_thd() and will output errors in default language.
[10 Aug 2009 11:28] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/80436

2852 Vladislav Vaintroub	2009-08-10
      Bug #46267 Shutdown with idle connection crash the server.
      
      The crash happens when mysqld logs a warning. The macro 
      ER() used in sql_print_warning references thread local storage
      variable via current_thd(), to output the warning in "current 
      user language". However, for the shutdown thread, 
      current_thd() will return NULL, and mysqld will crash while 
      derefencing NULL pointer.
      
      Solution: get error mesage text with ER_DEFAULT() macro 
      instead of ER(), this does not current_thd() and will output
      errors in default language.
[10 Aug 2009 11:48] Alexander Barkov 
Looks ok to push.
[24 Aug 2009 13:53] Bugs System 
Pushed into 5.4.4-alpha (revid:alik@sun.com-20090824135126-2rngffvth14a8bpj) (version source revid:vvaintroub@mysql.com-20090810112623-bguulw9whr22dn78) (merge vers: 5.4.4-alpha) (pib:11)
[26 Aug 2009 2:28] Paul DuBois 
Noted in 5.4.4 changelog.

The server crashed if a shutdown occurred while a connection was
idle. This happened because of a NULL pointer dereference while
logging to the error log.
[23 Oct 2009 7:45] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/87894

2914 Alexander Nozdrin	2009-10-23
      Backport of patch for Bug#46267.
      Original revision:
      ------------------------------------------------------------
      revno: 2801.10.16
      committer: Vladislav Vaintroub <vvaintroub@mysql.com>
      branch nick: mysql-azalea-bugfixing
      timestamp: Mon 2009-08-10 13:26:23 +0200
      message:
        Bug #46267 Shutdown with idle connection crash the server.
        
        The crash happens when mysqld logs a warning. The macro 
        ER() used in sql_print_warning references thread local storage
        variable via current_thd(), to output the warning in "current 
        user language". However, for the shutdown thread, 
        current_thd() will return NULL, and mysqld will crash while 
        derefencing NULL pointer.
        
        Solution: get error mesage text with ER_DEFAULT() macro 
        instead of ER(), this does not current_thd() and will output
        errors in default language.
      ------------------------------------------------------------
[23 Oct 2009 7:49] Alexander Nozdrin 
Backported & queued in mysql-next-mr-bugfixing (5.5.0).
[31 Oct 2009 8:19] Bugs System 
Pushed into 6.0.14-alpha (revid:alik@sun.com-20091031081410-qkxmjsdzjmj840aq) (version source revid:alik@sun.com-20091023074806-q8fwcoq3s0rqd4ub) (merge vers: 6.0.14-alpha) (pib:13)
[31 Oct 2009 18:41] Paul DuBois 
Noted in 6.0.14 changelog.

Setting report to NDI pending push to 5.5.x.
[12 Nov 2009 8:18] Bugs System 
Pushed into 5.5.0-beta (revid:alik@sun.com-20091110093229-0bh5hix780cyeicl) (version source revid:mikael@mysql.com-20091102100915-a2nbfxaqprpgptfw) (merge vers: 5.5.0-beta) (pib:13)
[12 Nov 2009 19:12] Paul DuBois 
Noted in 5.5.0 changelog.