MySQL Bugs: #58647: Mysql Crach while killing query

Bug #58647	Mysql Crach while killing query
Submitted:	2 Dec 2010 5:58	Modified:	2 Jan 2011 13:45
Reporter:	Abhay Singh	Email Updates:
Status:	No Feedback	Impact on me:	None
Category:	MySQL Server: General	Severity:	S1 (Critical)
Version:	5.1.47	OS:	Linux (Red Hat Enterprise Linux Server release 5.3 (Tikanga))
Assigned to:		CPU Architecture:	Any
Tags:	Mysql Crach while killing query

Description:
While killing query from mysqladmin kill command, mysqld crashs with signal 6

here is the log entries from mysqld log

*** glibc detected *** /usr/sbin/mysqld: double free or corruption (!prev): 0x0000000015406fc0 ***
======= Backtrace: =========
/lib64/libc.so.6[0x3e67871ce2]
/lib64/libc.so.6(cfree+0x8c)[0x3e6787590c]
/lib64/libc.so.6(fclose+0x14b)[0x3e67860d0b]
/usr/lib64/mysql/plugin/finyr.so(deinit_my_mysql_Log+0x22)[0x2aaac596d9c5]
/usr/lib64/mysql/plugin/finyr.so(getrange_deinit+0x16)[0x2aaac596d946]
/usr/sbin/mysqld(_ZN11udf_handler7cleanupEv+0x94)[0x543c84]
/usr/sbin/mysqld(_ZN13Item_udf_func7cleanupEv+0x10)[0x543cb0]
/usr/sbin/mysqld(_ZN11Query_arena10free_itemsEv+0x22)[0x5aef42]
/usr/sbin/mysqld(_ZN3THD19cleanup_after_queryEv+0x90)[0x5b2680]
/usr/sbin/mysqld(_Z11mysql_parseP3THDPKcjPS2_+0x190)[0x5d51b0]
/usr/sbin/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcj+0x1030)[0x5d6260]
/usr/sbin/mysqld(_Z10do_commandP3THD+0xe4)[0x5d6834]
/usr/sbin/mysqld(handle_one_connection+0x6f0)[0x5c9850]
/lib64/libpthread.so.0[0x3e68406367]
/lib64/libc.so.6(clone+0x6d)[0x3e678d30ad]
======= Memory map: ========
00400000-00b1e000 r-xp 00000000 68:07 928792                             /usr/sbin/mysqld
--------
too many line so not pesting here
-------
1410730                    /usr/lib64/mysql/plugin/gep_days.so
2aaac8000000-2aaac9934000 rw-p 2aaac8000000 00:00 0
2aaac9934000-2aaacc000000 ---p 2aaac9934000 00:00 0
2b9669330000-2b9669331000 rw-p 2b9669330000 00:00 0
2b966934b000-2b966934f000 rw-p 2b966934b000 00:00 0
7fff41765000-7fff4177a000 rw-p 7ffffffea000 00:00 0                      [stack]
ffffffffff600000-ffffffffffe00000 ---p 00000000 00:00 0                  [vdso]
101201 21:00:01 - mysqld got signal 6 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help diagnose
the problem, but since we have already crashed, something is definitely wrong
and this may fail.

key_buffer_size=402653184
read_buffer_size=2097152
max_used_connections=34
max_threads=151
threads_connected=27
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 1013266 K
bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

thd: 0x14c06b10
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 0x463a7f10 thread_stack 0x40000
/usr/sbin/mysqld(my_print_stacktrace+0x2e)[0x850ffe]
/usr/sbin/mysqld(handle_segfault+0x322)[0x5c2652]
/lib64/libpthread.so.0[0x3e6840e4c0]
/lib64/libc.so.6(gsignal+0x35)[0x3e67830215]
/lib64/libc.so.6(abort+0x110)[0x3e67831cc0]
/lib64/libc.so.6[0x3e6786a7fb]
/lib64/libc.so.6[0x3e67871ce2]
/lib64/libc.so.6(cfree+0x8c)[0x3e6787590c]
/lib64/libc.so.6(fclose+0x14b)[0x3e67860d0b]
/usr/lib64/mysql/plugin/finyr.so(deinit_my_mysql_Log+0x22)[0x2aaac596d9c5]
/usr/lib64/mysql/plugin/finyr.so(getrange_deinit+0x16)[0x2aaac596d946]
/usr/sbin/mysqld(_ZN11udf_handler7cleanupEv+0x94)[0x543c84]
/usr/sbin/mysqld(_ZN13Item_udf_func7cleanupEv+0x10)[0x543cb0]
/usr/sbin/mysqld(_ZN11Query_arena10free_itemsEv+0x22)[0x5aef42]
/usr/sbin/mysqld(_ZN3THD19cleanup_after_queryEv+0x90)[0x5b2680]
/usr/sbin/mysqld(_Z11mysql_parseP3THDPKcjPS2_+0x190)[0x5d51b0]
/usr/sbin/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcj+0x1030)[0x5d6260]
/usr/sbin/mysqld(_Z10do_commandP3THD+0xe4)[0x5d6834]
/usr/sbin/mysqld(handle_one_connection+0x6f0)[0x5c9850]
/lib64/libpthread.so.0[0x3e68406367]
/lib64/libc.so.6(clone+0x6d)[0x3e678d30ad]
Trying to get some variables.
Some pointers may be invalid and cause the dump to abort...
thd->query at 0x1547ba30 = select 1179671, getrange(datediff( RBT_SUBSCRIBER_PROFILE.PROVISIONING_DATE, 

RBT_SUBSCRIBER_PROFILE.DE_PROVISIONING_DATE), '0,10,20,30','New-Subs'),month(trn_crbt.sdate),  count(trn_crbt.subscriber_id) 

from trn_crbt, mst_circle, free_paid, RBT_SUBSCRIBER_PROFILE where trn_crbt.sdate <  '30'  and year(trn_crbt.sdate) =  '2010' 

 and  mst_circle.circle not like 'T%' and mst_circle.circle =  'BIH'  and free_paid.fp_name =  'Paid'  and flag in(5, 7) and 

error_code !=555  and trn_crbt.circle=mst_circle.circle_id and trn_crbt.free_paid=free_paid.fp_id and 

trn_crbt.subscriber_id=RBT_SUBSCRIBER_PROFILE.SUBSCRIBER_ID    group by getrange(datediff( 

RBT_SUBSCRIBER_PROFILE.PROVISIONING_DATE, RBT_SUBSCRIBER_PROFILE.DE_PROVISIONING_DATE), 

'0,10,20,30','New-Subs'),month(trn_crbt.sdate)
thd->thread_id=56
thd->killed=KILL_CONNECTION
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
information that should help you find out what is causing the crash.

How to repeat:

Didn't have proper how to reproduce sequence, but you can try with killing query with udf.

Please try version 5.1.53 and comment the results you got. Thanks in advance.

No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".