diff --git a/sql/slave.cc b/sql/slave.cc
index d58a3f549d8..572fafd58b5 100644
--- a/sql/slave.cc
+++ b/sql/slave.cc
@@ -3759,8 +3759,13 @@ err:
   mi->abort_slave= 0;
   mi->slave_running= 0;
   mi->io_thd= 0;
-  pthread_mutex_unlock(&mi->run_lock);
+  /*
+    Note: the order of the two following calls (first broadcast, then unlock)
+    is important. Otherwise a killer_thread can execute between the calls and
+    delete the mi structure leading to a crash! (see BUG#25306 for details)
+   */ 
   pthread_cond_broadcast(&mi->stop_cond);       // tell the world we are done
+  pthread_mutex_unlock(&mi->run_lock);
 #ifndef DBUG_OFF
   if (abort_slave_event_count && !events_till_abort)
     goto slave_begin;
@@ -3978,8 +3983,13 @@ the slave SQL thread with \"SLAVE START\". We stopped at log \
   THD_CHECK_SENTRY(thd);
   delete thd;
   pthread_mutex_unlock(&LOCK_thread_count);
-  pthread_cond_broadcast(&rli->stop_cond);
 
+ /*
+  Note: the order of the broadcast and unlock calls below (first broadcast, then unlock)
+  is important. Otherwise a killer_thread can execute between the calls and
+  delete the mi structure leading to a crash! (see BUG#25306 for details)
+ */ 
+  pthread_cond_broadcast(&rli->stop_cond);
 #ifndef DBUG_OFF
   /*
     Bug #19938 Valgrind error (race) in handle_slave_sql()
@@ -3987,9 +3997,8 @@ the slave SQL thread with \"SLAVE START\". We stopped at log \
   */
   const int eta= rli->events_till_abort;
 #endif
-
-  // tell the world we are done
-  pthread_mutex_unlock(&rli->run_lock);
+  pthread_mutex_unlock(&rli->run_lock);  // tell the world we are done
+  
 #ifndef DBUG_OFF // TODO: reconsider the code below
   if (abort_slave_event_count && !eta)
     goto slave_begin;
diff --git a/sql/sql_repl.cc b/sql/sql_repl.cc
index 01b1149a2b3..1702783b5b7 100644
--- a/sql/sql_repl.cc
+++ b/sql/sql_repl.cc
@@ -882,12 +882,14 @@ int start_slave(THD* thd , MASTER_INFO* mi,  bool net_report)
 
 int stop_slave(THD* thd, MASTER_INFO* mi, bool net_report )
 {
+  DBUG_ENTER("stop_slave");
+  
   int slave_errno;
   if (!thd)
     thd = current_thd;
 
   if (check_access(thd, SUPER_ACL, any_db,0,0,0,0))
-    return 1;
+    DBUG_RETURN(1);
   thd->proc_info = "Killing slave";
   int thread_mask;
   lock_slave_threads(mi);
@@ -921,12 +923,12 @@ int stop_slave(THD* thd, MASTER_INFO* mi, bool net_report )
   {
     if (net_report)
       my_message(slave_errno, ER(slave_errno), MYF(0));
-    return 1;
+    DBUG_RETURN(1);
   }
   else if (net_report)
     send_ok(thd);
 
-  return 0;
+  DBUG_RETURN(0);
 }