Bug #9022 Server crashes when max_connection is exceeded
Submitted: 7 Mar 2005 14:21 Modified: 9 Mar 2005 23:06
Reporter: Marko Mäkelä Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S1 (Critical)
Version:5.0.3-bk OS:Linux (GNU/Linux)
Assigned to: Sergei Golubchik CPU Architecture:Any

[7 Mar 2005 14:21] Marko Mäkelä 
Description:
mysqld crashes when the maximum number of connections is exceeded.

How to repeat:
Set max_connections=1 and open two connections. (I wonder why it doesn't complain already for the second connection.) For the third connection, the mysql client will display "ERROR 1040: Too many connections", and the server will crash.

I was able to repeat this twice on hundin, with identical stack trace in gdb. The first connection was running test-ATIS from the run-all-tests suite. The second connection was the mysql client where I executed "SELECT @version;". The third connection failed with ERROR 1040 when I tried to start the mysql client.
[7 Mar 2005 20:53] Heikki Tuuri 
Marko,

please post the stack trace.

Regards,

Heikki
[8 Mar 2005 10:32] Marko Mäkelä 
Here is the stack trace from another x86 system, running a 5.0.3 checkout from yesterday:
#0  0x080ce3c4 in thd_increment_bytes_sent ()
#1  0x080d28e4 in net_real_write ()
#2  0x080d2f1c in net_write_command ()
#3  0x080d386d in net_send_error ()
#4  0x080ddcb5 in handle_connections_sockets ()
#5  0x080e0b1a in main ()
I'll recompile it, disabling inlining and enabling more debug information, to get a better stack trace.
[8 Mar 2005 13:44] Marko Mäkelä 
The function thd_increment_bytes_sent() crashes because current_thd has not been initialized at the time when create_new_thread() calls close_connection().

The following patch appears to work for me:

===== sql_class.cc 1.169 vs edited =====
--- 1.169/sql/sql_class.cc      Fri Mar  4 16:46:41 2005
+++ edited/sql_class.cc Tue Mar  8 14:44:56 2005
@@ -1781,7 +1781,9 @@

 void thd_increment_bytes_sent(ulong length)
 {
-  current_thd->status_var.bytes_sent+= length;
+  THD* thd= current_thd;
+  if (thd)
+    thd->status_var.bytes_sent+= length;
 }

However, I'm not sure if _current_thd() can return non-NULL right after the thread has been created, and I didn't find the place where the value returned by _current_thd() is written.  It should be made sure that the thread where create_new_thread() runs always has _current_thd() == NULL.
[9 Mar 2005 23:06] Sergei Golubchik 
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.

If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information 
about accessing the source trees is available at
    http://www.mysql.com/doc/en/Installing_source_tree.html

Additional info:

fixed in 5.0.3