Bug #51818 Core Dump in mysql_stmt_close (Segmentation fault)
Submitted: 8 Mar 2010 8:04 Modified: 30 Jan 2013 17:03
Reporter: yog vashishth Email Updates:
Status: Not a Bug Impact on me:
None 
Category:Connector / C Severity:S1 (Critical)
Version:mysql-connector-c-6.0.2 OS:Linux (RHEL5)
Assigned to: Assigned Account CPU Architecture:Any

[8 Mar 2010 8:04] yog vashishth 
Description:
MySQL Server : version 5.1.42-community

mysql_options set are : MYSQL_OPT_RECONNECT , MYSQL_OPT_READ_TIMEOUT
client_flag set in mysql_real_connect is : CLIENT_MULTI_STATEMENTS | CLIENT_INTERACTIVE

We are doing a doing a load test on our application which is using mysql C client liabrary for making connection with the database. At regular intervals we are restarting the mysql server. 
 
During this testing a coredump was observed in our application which shows that there is a segmentation fault in mysql_stmt_close  function.

The stack trace of the core is : 
===============================================================================

#0  0x00f8383f in _int_free () from /lib/libc.so.6
#1  0x00f875d0 in free () from /lib/libc.so.6
#2  0x00125f21 in my_no_flags_free () from /root/rtHSS_2.3.2_L/HSS-Linux-MYSQL_2.3.2_installed/Implementation/db/lib/libmysqlclient_r.so.16
#3  0x001294b1 in free_root () from /root/rtHSS_2.3.2_L/HSS-Linux-MYSQL_2.3.2_installed/Implementation/db/lib/libmysqlclient_r.so.16
#4  0x0011ec30 in mysql_stmt_close () from /root/rtHSS_2.3.2_L/HSS-Linux-MYSQL_2.3.2_installed/Implementation/db/lib/libmysqlclient_r.so.16
#5  0x080b4c6b in RtIdentityDao::rtGetRegistraationStaus (this=0x38bdc0c4, r_registrationStausVecData=@0x38bdc0fc, publicIdentityID=200004)
    at ../../../Implementation/app/src/dbclient/RtIdentityDao.cpp:872
#6  0x0812405a in RtIdentityLocation::rtProcess (this=0x38bdc0b8) at ../../../Implementation/app/src/sessions/RtIdentityLocation.cpp:227
#7  0x0812c933 in RtMessageProcessor::rtExecuteWork (event=@0xb6ff929c)
    at ../../../Implementation/app/src/sessions/RtMessageProcessor.cpp:136
#8  0x080f099d in RtMethod::invoke (this=0xaf1213d8) at ../../../Implementation/app/include/sessions/RtMethod.hpp:51
#9  0x0812d694 in RtScheduler::rtThreadFunction (p_arg=0xa35effc) at ../../../Implementation/app/src/sessions/RtScheduler.cpp:436
#10 0x0038b2db in start_thread () from /lib/libpthread.so.0
#11 0x00feb14e in clone () from /lib/libc.so.6

===============================================================================

The value of the statement when mysql_stmt_close  is called is 

p *l_stmt
$1 = {mem_root = {free = 0x1058498, used = 0x1058498, pre_alloc = 0x0, min_malloc = 32, block_size = 2020, block_num = 4,
    first_block_usage = 0, error_handler = 0}, list = {prev = 0x0, next = 0x0, data = 0x38dec000}, mysql = 0xa33e834, params = 0x38dec580,
  bind = 0x38dec5c0, fields = 0x38dec2d0, result = {data = 0x0, embedded_info = 0x0, alloc = {free = 0x0, used = 0x0, pre_alloc = 0x0,
      min_malloc = 12, block_size = 4068, block_num = 4, first_block_usage = 0, error_handler = 0}, rows = 0, fields = 0, extension = 0x0},
  data_cursor = 0x0, read_row_func = 0x11e820 <stmt_read_row_no_result_set>, affected_rows = 1, insert_id = 0, stmt_id = 26996, flags = 0,
  prefetch_rows = 1, server_status = 2, last_errno = 2003, param_count = 1, field_count = 4, state = MYSQL_STMT_PREPARE_DONE,
  last_error = "Can't connect to MySQL server on '192.168.128.205' (111)", '\0' <repeats 455 times>, sqlstate = "HY000",
  send_types_to_server = 0 '\0', bind_param_done = 1 '\001', bind_result_done = 3 '\003', unbuffered_fetch_cancelled = 0 '\0',
  update_max_length = 0 '\0', extension = 0x0}

===============================================================================

How to repeat:
We can have an application which does the following : in loop and then at regular interval we can start the Database server

MYSQL_STMT *l_stmt = NULL;
try
{
     mysql_stmt_init
     mysql_stmt_prepare
     mysql_stmt_bind_param
     mysql_stmt_execute 
     mysql_stmt_free_result
     mysql_stmt_close
}
catch(...)
{
    if (l_stmt != NULL)
    {
        mysql_stmt_close(l_stmt)
    }
}

we are throwing an exception if there is any error while executing any of the mysql_stmt_* and then catching it and calling mysql_stmt_close to deallocate the meory allocated by the statement.
[8 Mar 2010 9:18] yog vashishth 
Instead of start its restart

We can have an application which does the following : in loop and then at regular interval we can re-start the Database server
[9 Mar 2010 9:13] Sveta Smirnova 
Thank you for the report.

Please provide compete C test case demonstrating the problem. We need only example of client C code you are using, not script which restarts the server.
[20 Mar 2010 6:44] yog vashishth 
Hi Sveta 

As desired I am attaching a test case for the occurence of the scenario reported by me earlier (mysqltest1.cpp).

I repeated the experiment again . This time restarting the mysql server every 9 second.(Attaching the script for same : restratMysqlServer.sh ).
The coredump occured in the same fashion as reported earlier.

The fullback trace of the dump is 
==============================================================================
No symbol table info available.
#1  0x0000003795c31bf0 in abort () from /lib64/libc.so.6
No symbol table info available.
#2  0x0000003795c6a38b in __libc_message () from /lib64/libc.so.6
No symbol table info available.
#3  0x0000003795c714cc in _int_free () from /lib64/libc.so.6
No symbol table info available.
#4  0x0000003795c74c5c in free () from /lib64/libc.so.6
No symbol table info available.
#5  0x00002b5a2160a99d in mysql_stmt_close () from ./HSS-MYSQL-64/Implementation/db/lib/libmysql.so.16
No symbol table info available.
#6  0x0000000000401c4d in querryDataBase () at mysqltest1.cpp:209
        ex = (SQLException &) @0xb57c540: {<> = {<No data fields>},
  error = "2003:Can't connect to MySQL server on '10.34.77.64' (111)", '\0' <repeats 111 times>, "TCP/IP (6)", '\0' <repeats 47 times>, "\004j!Z+\000\000`\fj!Z+\000\000ð\fj!Z+\000\000à\f", errNumber = 2003,
  errString = "Can't connect to MySQL server on '10.34.77.64' (111)\000+\000\000\000\fj!Z+\000\000\220\vj!Z+\000\000À\bj!Z+", '\0' <repeats 18 times>, "\201\033\000\000\000\000\000\000\000êô\2257\000\000\000\000êô\2257", '\0' <repeats 83 times>}
        l_stmt = (MYSQL_STMT *) 0xb57e230
        l_outputBind = {{length = 0x7fff894f9dd0, is_null = 0x7fff894f9dcf "", buffer = 0x7fff894f9dc0, error = 0x7fff894f9dce "",
    row_ptr = 0x0, store_param_func = 0, fetch_result = 0, skip_result = 0, buffer_length = 0, offset = 0, length_value = 0,
    param_number = 0, pack_length = 0, buffer_type = MYSQL_TYPE_LONG, error_value = 0 '\0', is_unsigned = 0 '\0', long_data_used = 0 '\0',
    is_null_value = 0 '\0', extension = 0x0}}
---Type <return> to continue, or q <return> to quit---
        l_length = 4
        l_isNull = 0 '\0'
        l_error = 0 '\0'
        l_countRow = 1
        counter = 152
#7  0x0000000000401fab in main () at mysqltest1.cpp:89
        client_flag = 66560
        reconnectFlag = 1 '\001'
        readTimeOut = 5
================================================================================
The list command also shows that segmentation fault occured when mysql_stmt_close was called.

Thanks

Yog Vashishth
[20 Mar 2010 6:45] yog vashishth 
list 
===============================================================================
list
224                                     printf("\n [ %s::%d ]-->Exception  mysql_stmt_close() failed\n",__FILE__,__LINE__);
225                                     printf("%d: %s \n",mysql_stmt_errno(l_stmt),mysql_stmt_error(l_stmt));
226                             }
227                     }
228                     printf("\n [ %s::%d ]-->Standard Exception  ---------- %s\n",__FILE__,__LINE__,e.what());
229                     throw e;
230             }
231
232
233     }

===============================================================================
[20 Mar 2010 6:48] yog vashishth 
test case repeating the scenarion of the bug as reported

Attachment: mysqltest1.cpp (application/octet-stream, text), 6.13 KiB.
[20 Mar 2010 6:49] yog vashishth 
script to restart mysql server every 9 sec

Attachment: restratMysqlServer.sh (text/plain), 113 bytes.
[20 Mar 2010 6:51] yog vashishth 
compilation can be done using

g++ -g  mysqltest1.cpp -I $PATH_MYSQL_HEADER -L $PATH_MYSQL_CLENT_LIBRARY -lmysqlclient_r
[22 Mar 2010 9:58] Sveta Smirnova 
Thank you for the report.

Verified as described. To repeat it faster I added sleep(2) before mysql_stmt_close
[22 Mar 2010 10:03] Sveta Smirnova 
Repeatable if link with regular C API bundled with server
[25 Mar 2010 6:19] Adityakar Jha 
Should we expect a fix for this bug?
[29 Apr 2010 11:19] yog vashishth 
Hi Sveta 

Are there any update regarding the fix of above reported bug

Thanks & Regards

Yog Vashishth
[29 Nov 2011 9:41] Matthieu Lochegnies 
Hi.

I've taken a look at this bug, thinking it could be related with the 63363. In fact not.

From my point of view, the problem is that you still use l_stmt after the mysql_stmt_close().
Even if the call fails, it frees the statement structure, so you may not access it further with mysql_stmt_errno and such, neither close it again calling mysql_stmt_close() in your exception handler.

I think you should set l_stmt to 0 after you call mysq_stmt_close(), no matter if it returned a good or bad rc.

And I'm also afraid you cannot get the statement error code after having called mysql_stmt_close().

Regards

Matthieu
[30 Jan 2013 17:02] Igor Solodovnikov 
This is not a bug in connector code. The problem was that user was using
MYSQL_STMT hanlde after closing it, which is not allowed.