Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Critical
-
Resolution: Fixed
-
Affects Version/s: 10.0.7, 10.0.8
-
Fix Version/s: 10.0.9
-
Component/s: None
-
Labels:None
-
Environment:Wheezy amd64
Description
If I run mysqld with the following command line
sql/mysqld --defaults-file=/scratch/db/maria-container/maria-test.my.cnf --datadir=/scratch/db/maria-container/maria-test/data --lc-messages-dir=/scratch/develop/maria/bzr/maria-oqgraph-maintenance/build/sql/share --plugin-dir=`pwd`/storage/oqgraph -#d,oq-debug,info
and I have a misconfigured entry for pid-file in my defaults file, such that the path is unwritable, I get a segfault when mysqld attempts to report the fact
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff7fd3700 (LWP 7842)]
mysql_audit_general (error_code=error_code@entry=1,
msg=msg@entry=0x7ffff7fd28f0 "Can't create/write to file '/home/maria/test/mysqld.pid' (Errcode: 2 \"No such file or directory\")", event_subtype=1, thd=
0x0) at /scratch/develop/maria/bzr/maria-oqgraph-maintenance/sql/sql_audit.h:150
150 thd->db, thd->db_length);
(gdb) bt
#0 mysql_audit_general (error_code=error_code@entry=1,
msg=msg@entry=0x7ffff7fd28f0 "Can't create/write to file '/home/maria/test/mysqld.pid' (Errcode: 2 \"No such file or directory\")", event_subtype=1,
thd=0x0) at /scratch/develop/maria/bzr/maria-oqgraph-maintenance/sql/sql_audit.h:150
#1 0x000000000054ab83 in my_message_sql (error=1,
str=0x7ffff7fd28f0 "Can't create/write to file '/home/maria/test/mysqld.pid' (Errcode: 2 \"No such file or directory\")", MyFlags=36)
at /scratch/develop/maria/bzr/maria-oqgraph-maintenance/sql/mysqld.cc:3418
#2 0x0000000000b17a6b in my_error (nr=nr@entry=1, MyFlags=MyFlags@entry=36) at /scratch/develop/maria/bzr/maria-oqgraph-maintenance/mysys/my_error.c:125
#3 0x0000000000b1d50d in my_register_filename (fd=fd@entry=-1, FileName=FileName@entry=0x136a440 "/home/maria/test/mysqld.pid",
type_of_file=type_of_file@entry=FILE_BY_CREATE, error_message_number=error_message_number@entry=1, MyFlags=MyFlags@entry=16)
at /scratch/develop/maria/bzr/maria-oqgraph-maintenance/mysys/my_open.c:159
#4 0x0000000000b1779f in my_create (FileName=0x136a440 "/home/maria/test/mysqld.pid", CreateFlags=<optimized out>, access_flags=<optimized out>, MyFlags=16)
at /scratch/develop/maria/bzr/maria-oqgraph-maintenance/mysys/my_create.c:57
#5 0x000000000054a5ca in inline_mysql_file_create (key=<optimized out>, src_line=src_line@entry=9218,
filename=filename@entry=0x136a440 "/home/maria/test/mysqld.pid", create_flags=create_flags@entry=436, access_flags=access_flags@entry=513,
myFlags=myFlags@entry=16, src_file=0xbac1c8 "/scratch/develop/maria/bzr/maria-oqgraph-maintenance/sql/mysqld.cc")
at /scratch/develop/maria/bzr/maria-oqgraph-maintenance/include/mysql/psi/mysql_file.h:1001
#6 0x000000000054af0e in create_pid_file () at /scratch/develop/maria/bzr/maria-oqgraph-maintenance/sql/mysqld.cc:9217
#7 signal_hand (arg=arg@entry=0x0) at /scratch/develop/maria/bzr/maria-oqgraph-maintenance/sql/mysqld.cc:3265
#8 0x00000000008e9740 in pfs_spawn_thread (arg=0x7fffe1fff2e8) at /scratch/develop/maria/bzr/maria-oqgraph-maintenance/storage/perfschema/pfs.cc:1853
#9 0x00007ffff7bc7b50 in start_thread (arg=<optimized out>) at pthread_create.c:304
#10 0x00007ffff6918a7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#11 0x0000000000000000 in ?? ()
Gliffy Diagrams
Attachments
Activity
- All
- Comments
- Work Log
- History
- Activity
- Transitions
If I attempt to fix this by not dereferencing and instead passing NULL for thd->db and 0 for thd->length, this simply cascades the crash to inside of mysql_audit_notify. Additionally no dereferencing in there fixes the problem.
This patch fixes the problem:
=== modified file 'sql/sql_audit.cc'
--- sql/sql_audit.cc 2013-12-16 12:02:21 +0000
+++ sql/sql_audit.cc 2014-02-08 12:27:53 +0000
@@ -84,7 +84,7 @@
event.general_rows= (unsigned long long) va_arg(ap, ha_rows);
event.database= va_arg(ap, const char *);
event.database_length= va_arg(ap, unsigned int);
- event.query_id= (unsigned long long) thd->query_id;
+ event.query_id= (unsigned long long) thd ? thd->query_id : -1;
event_class_dispatch(thd, MYSQL_AUDIT_GENERAL_CLASS, &event);
}
=== modified file 'sql/sql_audit.h'
--- sql/sql_audit.h 2013-12-16 12:02:21 +0000
+++ sql/sql_audit.h 2014-02-08 12:24:55 +0000
@@ -147,7 +147,7 @@
mysql_audit_notify(thd, MYSQL_AUDIT_GENERAL_CLASS, event_subtype,
error_code, time, user, userlen, msg, msglen,
query.str(), query.length(), query.charset(), rows,
- thd->db, thd->db_length);
+ thd ? thd->db : NULL, thd ? thd->db_length : 0);
}
}
Expected output after patch:
140208 22:58:21 [ERROR] mysqld: Can't create/write to file '/home/maria/test/mysqld.pid' (Errcode: 2 "No such file or directory") 140208 22:58:21 [ERROR] Can't start server: can't create PID file: No such file or directory
I have pushed this to my branch https://code.launchpad.net/~andymc73/maria/oqgraph-maintenance as a single commit, revision 3969, I dont know how to propose a single commit for merging in launchpad though?
Alexey Botchkov, please check whether 5.5 is affected
Yes, 5.5 is affected.
Fix:
http://lists.askmonty.org/pipermail/commits/2014-February/005952.html
pushed into 5.5
The segfault appears to be because thd is NULL. Looking at sql/sql_audit.h, I can see a check for thd being NULL, so this is accounted for, but then a derefence attempt is still made in the call to mysql_audit_notify, which causes the crash
if (thd) { query= thd->query_string; user= user_buff; userlen= make_user_name(thd, user_buff); rows= thd->get_stmt_da()->current_row_for_warning(); } else { user= 0; userlen= 0; rows= 0; } mysql_audit_notify(thd, MYSQL_AUDIT_GENERAL_CLASS, event_subtype, error_code, time, user, userlen, msg, msglen, query.str(), query.length(), query.charset(), rows, thd->db, thd->db_length);