| Bug #104566 | show slave hosts maybe crash | ||
|---|---|---|---|
| Submitted: | 8 Aug 2021 10:04 | Modified: | 7 Nov 2021 18:49 |
| Reporter: | GONGTUI FU | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Server: Replication | Severity: | S1 (Critical) |
| Version: | 8.0.25 | OS: | Any |
| Assigned to: | CPU Architecture: | Any | |
| Tags: | creash, show slave hosts | ||
[9 Aug 2021 19:28]
MySQL Verification Team
Hi, Thanks for the report. I'm not able to verify this but looking at the code your suggestion makes sense, I'll let replication team do their own analysis. Thanks
[7 Nov 2021 18:49]
Margaret Fisher
Posted by developer: Changelog entry added for MySQL 8.0.28: If a replica was disconnecting while a SHOW REPLICAS statement was being issued, the server was able to access deleted data.
Description: Hello guys, There is a hidden danger that the master server will crash, when the 'show slave hosts command' is executed on the master server. The slave connected master. Under certain conditions, such as bad network, slave server maybe disconnect, the master server will delete THD. The function (THD::~THD) flow is as follows: 1. mysql_mutex_destroy(&LOCK_thd_data); 2. unregister_slave(this, true, true); When the server calls THD::~THD in the middle of step 1 and step 2, mysql client sends 'show slave hosts' statement to maser server, the new thread will call functions show_slave_hosts --> get_slave_uuid --> MUTEX_LOCK(lock_guard, &thd->LOCK_thd_data); But thd->LOCK_thd_data has already been destroyed! Attempting to lock an already destroyed mutex results in undefined behavior. The maser server maybe crash. How to repeat: It's difficulty to repeat the crash bug. reasons: 1. Poor timing of execution! 2. mutex just Destroyed maybe useful. However we shouldn't use a Destroyed mutex. After testing so many times, master server crashed one time. Suggested fix: In THD::~THD() function: May 'unregister_slave(this, true, true);' be placed before 'mysql_mutex_lock(&LOCK_thd_data);' ?