Bug #48985 show create table crashes if previous access to the table was killed
Submitted: 23 Nov 2009 11:23 Modified: 12 Mar 2010 16:46
Reporter: Shane Bester (Platinum Quality Contributor) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: DML Severity:S1 (Critical)
Version:5.1.40, 5.1.41 OS:Any
Assigned to: Georgi Kodinov
Tags: crash, KILL, regression
Triage: Triaged: D1 (Critical)

[23 Nov 2009 11:23] Shane Bester
Description:
when running a query, and killing it using 'kill query' command, next access to that table crashes in show create table:

5.1.41 stack trace:
14008AE70    mysqld.exe!store_create_info()[sql_show.cc:1210]
140094A4D    mysqld.exe!mysqld_show_create()[sql_show.cc:742]
14006B684    mysqld.exe!mysql_execute_command()[sql_parse.cc:2960]
14006EB5E    mysqld.exe!mysql_parse()[sql_parse.cc:5974]
14006F6FA    mysqld.exe!dispatch_command()[sql_parse.cc:1233]
140070377    mysqld.exe!do_command()[sql_parse.cc:872]
140096B37    mysqld.exe!handle_one_connection()[sql_connect.cc:1127]
140317635    mysqld.exe!pthread_start()[my_winthread.c:85]
1402E1767    mysqld.exe!_callthreadstart()[thread.c:295]
1402E1835    mysqld.exe!_threadstart()[thread.c:275]
077D6B6CA    kernel32.dll!BaseThreadStart()
to get some variables.
inters may be invalid and cause the dump to abort...
ery at 0000000003390F90=show create table t1

Example output from testcase:
mysql> select max(a) from t1 group by b;
+---------+
| max(a)  |
+---------+
|       1 |
|       2 |
|       3 |Ctrl-C -- sending "KILL QUERY 6" to server ...
Ctrl-C -- query aborted.

+---------+
1048580 rows in set (7.38 sec)

mysql> show create table t1;
ERROR 2013 (HY000): Lost connection to MySQL server during query
mysql>

How to repeat:
#create a table:

drop table if exists t1;
create table t1(a int auto_increment primary key,b int,key(b)) engine=innodb;
insert into t1 values (1,1),(2,2),(3,3),(4,4);
set @a=5;
insert into t1 select @a:=@a+1,@a from t1 a,t1 b,t1 c,t1 d,t1 e,t1 f,t1 g,
t1 h,t1 i,t1 j;

#Now, run this query in command line client:

select max(a) from t1 group by b;

#hit ctrl-c, so that the client executes 'kill query'.  Then, run this:

show create table t1;

It's a timing issue, so you might have to repeat the select/ctrl-c/show create/ a few times to get it to crash.
[23 Nov 2009 12:20] Miguel Solorzano
Thank you for the bug report.

Ctrl-C -- sending "KILL QUERY 9" to server ...
+---------+Ctrl-C -- query aborted.

1048580 rows in set (1.10 sec)

mysql 5.1 >show create table t1;
ERROR 2013 (HY000): Lost connection to MySQL server during query
mysql 5.1 >

091123  7:46:18 [Note] C:\dbs\5.1\bin\mysqld: ready for connections.
Version: '5.1.42-Win X64-log'  socket: ''  port: 3510  Source distribution
091123 10:15:16 - mysqld got exception 0xc0000005 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help diagnose
the problem, but since we have already crashed, something is definitely wrong
and this may fail.

key_buffer_size=8384512
read_buffer_size=131072
max_used_connections=3
max_threads=151
threads_connected=2
It is possible that mysqld could use up to 
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 338110 K
bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

thd: 0xc3fa60
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
000000014009A847    mysqld.exe!?store_create_info@@YAHPEAVTHD@@PEAUTABLE_LIST@@PEAVString@@PEAUst_ha_create_information@@_N@Z()
00000001400A595D    mysqld.exe!?mysqld_show_create@@YA_NPEAVTHD@@PEAUTABLE_LIST@@@Z()
00000001400773A9    mysqld.exe!?mysql_execute_command@@YAHPEAVTHD@@@Z()
000000014007AD41    mysqld.exe!?mysql_parse@@YAXPEAVTHD@@PEBDIPEAPEBD@Z()
000000014007B8DA    mysqld.exe!?dispatch_command@@YA_NW4enum_server_command@@PEAVTHD@@PEADI@Z()
000000014007C6B7    mysqld.exe!?do_command@@YA_NPEAVTHD@@@Z()
00000001400A7C17    mysqld.exe!handle_one_connection()
0000000140377C05    mysqld.exe!pthread_start()
000000014033F927    mysqld.exe!_callthreadstart()[thread.c:295]
000000014033F9F5    mysqld.exe!_threadstart()[thread.c:275]
000000007766C3BD    kernel32.dll!BaseThreadInitThunk()
0000000077934581    ntdll.dll!RtlUserThreadStart()
Trying to get some variables.
Some pointers may be invalid and cause the dump to abort...
thd->query at 0000000000C62080=show create table t1
thd->thread_id=9
thd->killed=KILL_QUERY
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
information that should help you find out what is causing the crash.
[23 Nov 2009 15:31] Shane Bester
regression: i cannot repeat with 5.1.32 or 5.0.87.
[24 Nov 2009 8:40] Georgi Kodinov
One has to wait for the rows to start printing on the client console before hitting Ctrl-c to get the crash.
[24 Nov 2009 9:15] Georgi Kodinov
Introduced by the fix for bug #35996
[24 Nov 2009 9:56] Georgi Kodinov
This bug is manifesting itself because of the ability of  the mysql server to defer the check for killed statements to the next statement. It does that when the KILL comes in "too late" (e.g. after the actual execution of the statement is complete and it's only waiting for the last few confirmations from the client before closing). This means that the next statement will get killed right away.
This is expected behavior although it may seem a little abstract.
 
The problem with this crash is that SHOW CREATE was not checking correctly for this state of the statement being killed and no error (yet) generated on the server thread's context.
[24 Nov 2009 10:43] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/91395

3219 Georgi Kodinov	2009-11-24
      Bug #48985: show create table crashes if previous access to the table was killed
      
      When checking for an error after removing the special view error handler the code
      was not taking into account that open_tables() may fail because of the current
      statement being killed. 
      Added a check for thd->killed.
[25 Nov 2009 12:12] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/91580

3219 Georgi Kodinov	2009-11-25
      Bug #48985: show create table crashes if previous access to the table was killed
      
      When checking for an error after removing the special view error handler the code
      was not taking into account that open_tables() may fail because of the current
      statement being killed. 
      Added a check for thd->killed.
      Added a client program to test it.
[3 Dec 2009 9:19] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/92606

3239 Georgi Kodinov	2009-12-03
      Bug #48985: show create table crashes if previous access to the table was killed
      
      When checking for an error after removing the special view error handler the code
      was not taking into account that open_tables() may fail because of the current
      statement being killed. 
      Added a check for thd->killed.
      Added a client program to test it.
[3 Dec 2009 12:08] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/92665

3239 Georgi Kodinov	2009-12-03
      Bug #48985: show create table crashes if previous access to the table was killed
      
      When checking for an error after removing the special view error handler the code
      was not taking into account that open_tables() may fail because of the current
      statement being killed. 
      Added a check for thd->killed.
      Added a client program to test it.
[3 Dec 2009 12:18] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/92666

3240 Georgi Kodinov	2009-12-03
      Bug #48985: show create table crashes if previous access to the table was killed
      
      When checking for an error after removing the special view error handler the code
      was not taking into account that open_tables() may fail because of the current
      statement being killed. 
      Added a check for thd->killed.
      Added a client program to test it.
[15 Dec 2009 9:04] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/94067

3243 Georgi Kodinov	2009-12-15
      Bug #48985: show create table crashes if previous access to the table 
        was killed
      
      Merge the fix from 5.1-bugteam to 5.1-main
[16 Dec 2009 8:55] Bugs System
Pushed into 5.1.43 (revid:ramil@mysql.com-20091215170821-eexh9rqrnw1ruzh2) (version source revid:joro@sun.com-20091215090324-7c36utr9o5hafowc) (merge vers: 5.1.43) (pib:14)
[17 Dec 2009 18:57] Paul Dubois
Actually pushed into 5.1.42 now.
[18 Dec 2009 2:24] Paul Dubois
Noted in 5.1.42 changelog.

If a query involving a table was terminated with KILL, a subsequent
SHOW CREATE TABLE for that table caused a server crash.

Setting report to NDI pending push to 5.5.x+.
[19 Dec 2009 8:29] Bugs System
Pushed into 6.0.14-alpha (revid:alik@sun.com-20091219082307-f3i4fn0tm8trb3c0) (version source revid:alik@sun.com-20091216180721-eoa754i79j4ssd3m) (merge vers: 6.0.14-alpha) (pib:15)
[19 Dec 2009 8:33] Bugs System
Pushed into 5.5.1-m2 (revid:alik@sun.com-20091219082021-f34nq4jytwamozz0) (version source revid:alik@sun.com-20091216183525-vbefoeydwonfxkye) (merge vers: 5.5.0-beta) (pib:15)
[19 Dec 2009 8:37] Bugs System
Pushed into mysql-next-mr (revid:alik@sun.com-20091219082213-nhjjgmphote4ntxj) (version source revid:alik@sun.com-20091216183710-1stho81j3b8f0kds) (pib:15)
[20 Dec 2009 0:35] Paul Dubois
Noted in 5.5.1, 6.0.14 changelogs.
[15 Jan 2010 9:01] Bugs System
Pushed into 5.1.43 (revid:joro@sun.com-20100115085139-qkh0i0fpohd9u9p5) (version source revid:joro@sun.com-20091203120746-6j3k2xola9ovnsnr) (merge vers: 5.1.42) (pib:16)
[18 Feb 2010 8:37] Valerii Kravchuk
Bug #51270 was marked as a duplicate of this one.
[12 Mar 2010 14:15] Bugs System
Pushed into 5.1.44-ndb-7.0.14 (revid:jonas@mysql.com-20100312135944-t0z8s1da2orvl66x) (version source revid:jonas@mysql.com-20100312115609-woou0te4a6s4ae9y) (merge vers: 5.1.44-ndb-7.0.14) (pib:16)
[12 Mar 2010 14:31] Bugs System
Pushed into 5.1.44-ndb-6.2.19 (revid:jonas@mysql.com-20100312134846-tuqhd9w3tv4xgl3d) (version source revid:jonas@mysql.com-20100312060623-mx6407w2vx76h3by) (merge vers: 5.1.44-ndb-6.2.19) (pib:16)
[12 Mar 2010 14:47] Bugs System
Pushed into 5.1.44-ndb-6.3.33 (revid:jonas@mysql.com-20100312135724-xcw8vw2lu3mijrhn) (version source revid:jonas@mysql.com-20100312103652-snkltsd197l7q2yg) (merge vers: 5.1.44-ndb-6.3.33) (pib:16)