Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-16478

mysql_real_connect() from libmariadbd.so always crash

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Critical
    • Resolution: Fixed
    • 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, 10.3.6, 10.3.7, 10.3
    • 10.3.8
    • Embedded Server
    • None

    Description

      Function mysql_real_connect() from libmariadbd.so library always crash. In attachment is simple reproducer which tries to connect to MariaDB server via TCP from libmariadbd.so library.

      Compile steps:

      gcc -g test-connect.c -o test-connect `mysql_config --cflags --libmysqld-libs`
      

      And here is crash backtrace from gdb:

      $ gdb --args ./test-connect 127.0.0.1 3306 pali pali
       
      Program received signal SIGSEGV, Segmentation fault.
      QUERY_PROFILE::new_status (this=0x4, status_arg=0x7ffff6c83527 "Waiting for query cache lock", 
          function_arg=function_arg@entry=0x7ffff6c8da78 <Query_cache::try_lock(THD*, Query_cache::Cache_try_lock_mode)::__FUNCTION__> "try_lock", 
          file_arg=file_arg@entry=0x7ffff6c8d8f8 "mariadb-10.3.6/sql/sql_cache.cc", line_arg=603) at mariadb-10.3.6/sql/sql_profile.cc:312
      312       prof->m_seq= m_seq_counter++;
      (gdb) bt
      #0  QUERY_PROFILE::new_status (this=0x4, status_arg=0x7ffff6c83527 "Waiting for query cache lock", 
          function_arg=function_arg@entry=0x7ffff6c8da78 <Query_cache::try_lock(THD*, Query_cache::Cache_try_lock_mode)::__FUNCTION__> "try_lock", 
          file_arg=file_arg@entry=0x7ffff6c8d8f8 "mariadb-10.3.6/sql/sql_cache.cc", line_arg=603) at mariadb-10.3.6/sql/sql_profile.cc:312
      #1  0x00007ffff66610cc in PROFILING::status_change (this=<optimized out>, line_arg=<optimized out>, file_arg=0x7ffff6c8d8f8 "mariadb-10.3.6/sql/sql_cache.cc", 
          function_arg=0x7ffff6c8da78 <Query_cache::try_lock(THD*, Query_cache::Cache_try_lock_mode)::__FUNCTION__> "try_lock", status_arg=<optimized out>) at mariadb-10.3.6/sql/sql_profile.h:312
      #2  THD::enter_stage (stage=<optimized out>, stage=<optimized out>, calling_line=<optimized out>, calling_file=0x7ffff6c8d8f8 "mariadb-10.3.6/sql/sql_cache.cc", 
          calling_func=0x7ffff6c8da78 <Query_cache::try_lock(THD*, Query_cache::Cache_try_lock_mode)::__FUNCTION__> "try_lock", this=<optimized out>) at mariadb-10.3.6/sql/sql_class.h:2365
      #3  set_thd_stage_info (thd_arg=thd_arg@entry=0x55555576b140, new_stage=<optimized out>, old_stage=old_stage@entry=0x7fffffffce78, 
          calling_func=calling_func@entry=0x7ffff6c8da78 <Query_cache::try_lock(THD*, Query_cache::Cache_try_lock_mode)::__FUNCTION__> "try_lock", 
          calling_file=calling_file@entry=0x7ffff6c8d8f8 "mariadb-10.3.6/sql/sql_cache.cc", calling_line=calling_line@entry=603) at mariadb-10.3.6/sql/sql_class.cc:408
      #4  0x00007ffff665a3b3 in Query_cache_wait_state::Query_cache_wait_state (line=603, file=0x7ffff6c8d8f8 "mariadb-10.3.6/sql/sql_cache.cc", func=<synthetic pointer>, thd=0x55555576b140, 
          this=0x7fffffffce70) at mariadb-10.3.6/sql/sql_cache.cc:432
      #5  Query_cache::try_lock (this=0x555555770178, this@entry=0x7ffff75502c0 <query_cache>, thd=0x55555576b140, mode=(unknown: 4149543616), mode@entry=Query_cache::WAIT)
          at mariadb-10.3.6/sql/sql_cache.cc:603
      #6  0x00007ffff665d6ac in Query_cache::insert (this=0x7ffff75502c0 <query_cache>, thd=<optimized out>, query_cache_tls=0x55555576b410, packet=0x5555557772a8 "\244", length=168, pkt_nr=2)
          at mariadb-10.3.6/sql/sql_cache.cc:1082
      #7  0x00007ffff6616211 in net_real_write (net=net@entry=0x555555770178, packet=0x5555557772a8 "\244", len=<optimized out>) at mariadb-10.3.6/sql/net_serv.cc:620
      #8  0x00007ffff661658b in net_flush (net=net@entry=0x555555770178) at mariadb-10.3.6/sql/net_serv.cc:377
      #9  0x00007ffff65e4b71 in send_client_reply_packet (mpvio=0x7fffffffd680, data=<optimized out>, data_len=<optimized out>) at mariadb-10.3.6/sql-common/client.c:2679
      #10 0x00007ffff65e506d in client_mpvio_write_packet (mpv=0x7fffffffd680, pkt=<optimized out>, pkt_len=<optimized out>) at mariadb-10.3.6/sql-common/client.c:2775
      #11 0x00007ffff65e25f2 in native_password_auth_client (vio=0x7fffffffd680, mysql=0x555555770178) at mariadb-10.3.6/sql-common/client.c:4702
      #12 0x00007ffff65e5322 in run_plugin_auth (mysql=mysql@entry=0x555555770178, data=0x5555557772df "l\365\211\062\254\332dmysql_native_password", data_len=21, data_plugin=0x5555557772f4 "assword", 
          db=db@entry=0x0) at mariadb-10.3.6/sql-common/client.c:2911
      #13 0x00007ffff65e70c3 in cli_mysql_real_connect (mysql=mysql@entry=0x555555770178, host=0x7fffffffe1b7 "127.0.0.1", user=<optimized out>, user@entry=0x7fffffffe1c6 "pali", passwd=0x7fffffffe1cb "pali", 
          db=<optimized out>, db@entry=0x0, port=3306, unix_socket=<optimized out>, client_flag=2147614722) at mariadb-10.3.6/sql-common/client.c:3575
      #14 0x00007ffff65f627d in mysql_real_connect (mysql=0x555555770178, host=<optimized out>, user=0x7fffffffe1c6 "pali", passwd=<optimized out>, db=0x0, port=<optimized out>, unix_socket=0x0, 
          client_flag=2147614722) at mariadb-10.3.6/libmysqld/libmysqld.c:108
      #15 0x0000555555554c86 in main (argc=5, argv=0x7fffffffddf8) at test-connect.c:46
      

      This problem was discovered while developing Perl DBI driver DBD::MariaDB: https://github.com/gooddata/DBD-MariaDB. First MariaDB version in which it was detected is 10.3.1 and it is present also in last 10.3.7 version. Versions 10.3.0 is working fine, also all versions from 10.2, 10.1, 10.0 and 5.5 series.

      Due to this problem, when DBD::MariaDB is compiled and linked with affected libmariadbd.so version, libmariadbd.so crashes and segfault whole perl process on every connection attempt. So it makes it fully unusable.

      Please, let us know what should we do with these crashes... If there is some workaround or something else.

      Attachments

        Activity

          People

            sanja Oleksandr Byelkin
            pali Pali
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.