Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-5367

Server crashes in acl_authenticate on concurrent thread connection, FLUSH PRIVILEGES

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.0.6
    • Fix Version/s: 10.0.7
    • Component/s: None
    • Labels:
      None

      Description

      I am getting various stack traces with the same concurrent test, here are examples:

      #2  0x000000000084487d in handle_fatal_signal (sig=11) at 10.0/sql/signal_handler.cc:262
      #3  <signal handler called>
      #4  0x0000000000f0d3a1 in my_strcasecmp_utf8 (cs=0x1947a20, s=0x5a5a5a5a5a5a5a5a <Address 0x5a5a5a5a5a5a5a5a out of bounds>, t=0xfab50c "mysql_native_password") at 10.0/strings/ctype-utf8.c:5320
      #5  0x00000000005fa434 in parse_client_handshake_packet (mpvio=0x7fa9ce9d93b0, buff=0x7fa9ce9d8fc0, pkt_len=65) at 10.0/sql/sql_acl.cc:11539
      #6  0x00000000005fa9ad in server_mpvio_read_packet (param=0x7fa9ce9d93b0, buf=0x7fa9ce9d8fc0) at 10.0/sql/sql_acl.cc:11701
      #7  0x00000000005fbf1e in native_password_authenticate (vio=0x7fa9ce9d93b0, info=0x7fa9ce9d93c8) at 10.0/sql/sql_acl.cc:12272
      #8  0x00000000005fafee in do_auth_once (thd=0x7fa9afbf8070, auth_plugin_name=0x1769000, mpvio=0x7fa9ce9d93b0) at 10.0/sql/sql_acl.cc:11869
      #9  0x00000000005fb325 in acl_authenticate (thd=0x7fa9afbf8070, connect_errors=0, com_change_user_pkt_len=0) at 10.0/sql/sql_acl.cc:11971
      #10 0x000000000077660b in check_connection (thd=0x7fa9afbf8070) at 10.0/sql/sql_connect.cc:1070
      #11 0x000000000077677e in login_connection (thd=0x7fa9afbf8070) at 10.0/sql/sql_connect.cc:1138
      #12 0x0000000000776cfb in thd_prepare_connection (thd=0x7fa9afbf8070) at 10.0/sql/sql_connect.cc:1301
      #13 0x0000000000776f5b in do_handle_one_connection (thd_arg=0x7fa9afbf8070) at 10.0/sql/sql_connect.cc:1370
      #14 0x0000000000776cd0 in handle_one_connection (arg=0x7fa9afbf8070) at 10.0/sql/sql_connect.cc:1293
      #15 0x0000000000a859e1 in pfs_spawn_thread (arg=0x7fa9af739670) at 10.0/storage/perfschema/pfs.cc:1853
      #16 0x00007fa9ce6b7b50 in start_thread (arg=<optimized out>) at pthread_create.c:304
      #17 0x00007fa9cd206a7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112

      #3  <signal handler called>
      #4  strmake (dst=0x7f5f49bfd3e8 "", src=0x5a5a5a5a5a5a5a5a <Address 0x5a5a5a5a5a5a5a5a out of bounds>, length=511) at 10.0/strings/strmake.c:36
      #5  0x00000000005f91d6 in find_mpvio_user (mpvio=0x7f5f49bfd3b0) at 10.0/sql/sql_acl.cc:11100
      #6  0x00000000005fa26e in parse_client_handshake_packet (mpvio=0x7f5f49bfd3b0, buff=0x7f5f49bfcfc0, pkt_len=65) at 10.0/sql/sql_acl.cc:11495
      #7  0x00000000005fa9ad in server_mpvio_read_packet (param=0x7f5f49bfd3b0, buf=0x7f5f49bfcfc0) at 10.0/sql/sql_acl.cc:11701
      #8  0x00000000005fbf1e in native_password_authenticate (vio=0x7f5f49bfd3b0, info=0x7f5f49bfd3c8) at 10.0/sql/sql_acl.cc:12272
      #9  0x00000000005fafee in do_auth_once (thd=0x7f5f51fbf070, auth_plugin_name=0x1769000, mpvio=0x7f5f49bfd3b0) at 10.0/sql/sql_acl.cc:11869
      #10 0x00000000005fb325 in acl_authenticate (thd=0x7f5f51fbf070, connect_errors=0, com_change_user_pkt_len=0) at 10.0/sql/sql_acl.cc:11971
      #11 0x000000000077660b in check_connection (thd=0x7f5f51fbf070) at 10.0/sql/sql_connect.cc:1070
      #12 0x000000000077677e in login_connection (thd=0x7f5f51fbf070) at 10.0/sql/sql_connect.cc:1138
      #13 0x0000000000776cfb in thd_prepare_connection (thd=0x7f5f51fbf070) at 10.0/sql/sql_connect.cc:1301
      #14 0x0000000000776f5b in do_handle_one_connection (thd_arg=0x7f5f51fbf070) at 10.0/sql/sql_connect.cc:1370
      #15 0x0000000000776cd0 in handle_one_connection (arg=0x7f5f51fbf070) at 10.0/sql/sql_connect.cc:1293
      #16 0x0000000000a859e1 in pfs_spawn_thread (arg=0x7f5f58afd3f0) at 10.0/storage/perfschema/pfs.cc:1853
      #17 0x00007f5f77a0bb50 in start_thread (arg=<optimized out>) at pthread_create.c:304
      #18 0x00007f5f7655aa7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112

      #3  <signal handler called>
      #4  __strcmp_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:214
      #5  0x00000000005f5a6e in acl_find_proxy_user (user=0x5a5a5a5a5a5a5a5a <Address 0x5a5a5a5a5a5a5a5a out of bounds>, host=0xf96e3b "localhost", ip=0x7f3c94c5c3b0 "127.0.0.1", authenticated_as=0x7f3cbbde83e8 "root", proxy_used=0x7f3cbbde886e) at 10.0/sql/sql_acl.cc:9875
      #6  0x00000000005fb66d in acl_authenticate (thd=0x7f3c95fa0070, connect_errors=0, com_change_user_pkt_len=0) at 10.0/sql/sql_acl.cc:12052
      #7  0x000000000077660b in check_connection (thd=0x7f3c95fa0070) at 10.0/sql/sql_connect.cc:1070
      #8  0x000000000077677e in login_connection (thd=0x7f3c95fa0070) at 10.0/sql/sql_connect.cc:1138
      #9  0x0000000000776cfb in thd_prepare_connection (thd=0x7f3c95fa0070) at 10.0/sql/sql_connect.cc:1301
      #10 0x0000000000776f5b in do_handle_one_connection (thd_arg=0x7f3c95fa0070) at 10.0/sql/sql_connect.cc:1370
      #11 0x0000000000776cd0 in handle_one_connection (arg=0x7f3c95fa0070) at 10.0/sql/sql_connect.cc:1293
      #12 0x0000000000a859e1 in pfs_spawn_thread (arg=0x7f3c96369d50) at 10.0/storage/perfschema/pfs.cc:1853
      #13 0x00007f3cbba7cb50 in start_thread (arg=<optimized out>) at pthread_create.c:304
      #14 0x00007f3cba5cba7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112

      revision-id: bar@mnogosearch.org-20131126065321-vcuhvtfjs7d09xpl
      revno: 3911
      branch-nick: 10.0

      RQG grammar (test.yy):

       
      query:
      	FLUSH PRIVILEGES | SELECT MIN(ID) INTO @kill_id FROM INFORMATION_SCHEMA.PROCESSLIST ; KILL @kill_id ; 
       

      RQG command line (assuming the server is already running on port 3306):

       
      perl ./gentest.pl --threads=4 --duration=400 --queries=100M --grammar=test.yy --dsn=dbi:mysql:host=127.0.0.1:port=3306:user=root:database=test
       

      It fails for me within seconds or tens of seconds after a start.
      Please note that the test can return a false positive, saying that the server crashes when it actually didn't. That's what happens on 5.5 – I never got a real crash there, but after some time the test commits suicide. On 10.0, in all test runs the server crashed for real.

        Attachments

          Activity

            People

            Assignee:
            serg Sergei Golubchik
            Reporter:
            elenst Elena Stepanova
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Git Integration