Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-5367

Server crashes in acl_authenticate on concurrent thread connection, FLUSH PRIVILEGES

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 10.0.6
    • 10.0.7
    • None
    • None

    Description

      I am getting various stack traces with the same concurrent test, here are examples:

      #2  0x000000000084487d in handle_fatal_signal (sig=11) at 10.0/sql/signal_handler.cc:262
      		 
      #3  <signal handler called>
      		 
      #4  0x0000000000f0d3a1 in my_strcasecmp_utf8 (cs=0x1947a20, s=0x5a5a5a5a5a5a5a5a <Address 0x5a5a5a5a5a5a5a5a out of bounds>, t=0xfab50c "mysql_native_password") at 10.0/strings/ctype-utf8.c:5320
      		 
      #5  0x00000000005fa434 in parse_client_handshake_packet (mpvio=0x7fa9ce9d93b0, buff=0x7fa9ce9d8fc0, pkt_len=65) at 10.0/sql/sql_acl.cc:11539
      		 
      #6  0x00000000005fa9ad in server_mpvio_read_packet (param=0x7fa9ce9d93b0, buf=0x7fa9ce9d8fc0) at 10.0/sql/sql_acl.cc:11701
      		 
      #7  0x00000000005fbf1e in native_password_authenticate (vio=0x7fa9ce9d93b0, info=0x7fa9ce9d93c8) at 10.0/sql/sql_acl.cc:12272
      		 
      #8  0x00000000005fafee in do_auth_once (thd=0x7fa9afbf8070, auth_plugin_name=0x1769000, mpvio=0x7fa9ce9d93b0) at 10.0/sql/sql_acl.cc:11869
      		 
      #9  0x00000000005fb325 in acl_authenticate (thd=0x7fa9afbf8070, connect_errors=0, com_change_user_pkt_len=0) at 10.0/sql/sql_acl.cc:11971
      		 
      #10 0x000000000077660b in check_connection (thd=0x7fa9afbf8070) at 10.0/sql/sql_connect.cc:1070
      		 
      #11 0x000000000077677e in login_connection (thd=0x7fa9afbf8070) at 10.0/sql/sql_connect.cc:1138
      		 
      #12 0x0000000000776cfb in thd_prepare_connection (thd=0x7fa9afbf8070) at 10.0/sql/sql_connect.cc:1301
      		 
      #13 0x0000000000776f5b in do_handle_one_connection (thd_arg=0x7fa9afbf8070) at 10.0/sql/sql_connect.cc:1370
      		 
      #14 0x0000000000776cd0 in handle_one_connection (arg=0x7fa9afbf8070) at 10.0/sql/sql_connect.cc:1293
      		 
      #15 0x0000000000a859e1 in pfs_spawn_thread (arg=0x7fa9af739670) at 10.0/storage/perfschema/pfs.cc:1853
      		 
      #16 0x00007fa9ce6b7b50 in start_thread (arg=<optimized out>) at pthread_create.c:304
      		 
      #17 0x00007fa9cd206a7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
      		 

      #3  <signal handler called>
      		 
      #4  strmake (dst=0x7f5f49bfd3e8 "", src=0x5a5a5a5a5a5a5a5a <Address 0x5a5a5a5a5a5a5a5a out of bounds>, length=511) at 10.0/strings/strmake.c:36
      		 
      #5  0x00000000005f91d6 in find_mpvio_user (mpvio=0x7f5f49bfd3b0) at 10.0/sql/sql_acl.cc:11100
      		 
      #6  0x00000000005fa26e in parse_client_handshake_packet (mpvio=0x7f5f49bfd3b0, buff=0x7f5f49bfcfc0, pkt_len=65) at 10.0/sql/sql_acl.cc:11495
      		 
      #7  0x00000000005fa9ad in server_mpvio_read_packet (param=0x7f5f49bfd3b0, buf=0x7f5f49bfcfc0) at 10.0/sql/sql_acl.cc:11701
      		 
      #8  0x00000000005fbf1e in native_password_authenticate (vio=0x7f5f49bfd3b0, info=0x7f5f49bfd3c8) at 10.0/sql/sql_acl.cc:12272
      		 
      #9  0x00000000005fafee in do_auth_once (thd=0x7f5f51fbf070, auth_plugin_name=0x1769000, mpvio=0x7f5f49bfd3b0) at 10.0/sql/sql_acl.cc:11869
      		 
      #10 0x00000000005fb325 in acl_authenticate (thd=0x7f5f51fbf070, connect_errors=0, com_change_user_pkt_len=0) at 10.0/sql/sql_acl.cc:11971
      		 
      #11 0x000000000077660b in check_connection (thd=0x7f5f51fbf070) at 10.0/sql/sql_connect.cc:1070
      		 
      #12 0x000000000077677e in login_connection (thd=0x7f5f51fbf070) at 10.0/sql/sql_connect.cc:1138
      		 
      #13 0x0000000000776cfb in thd_prepare_connection (thd=0x7f5f51fbf070) at 10.0/sql/sql_connect.cc:1301
      		 
      #14 0x0000000000776f5b in do_handle_one_connection (thd_arg=0x7f5f51fbf070) at 10.0/sql/sql_connect.cc:1370
      		 
      #15 0x0000000000776cd0 in handle_one_connection (arg=0x7f5f51fbf070) at 10.0/sql/sql_connect.cc:1293
      		 
      #16 0x0000000000a859e1 in pfs_spawn_thread (arg=0x7f5f58afd3f0) at 10.0/storage/perfschema/pfs.cc:1853
      		 
      #17 0x00007f5f77a0bb50 in start_thread (arg=<optimized out>) at pthread_create.c:304
      		 
      #18 0x00007f5f7655aa7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
      		 

      #3  <signal handler called>
      		 
      #4  __strcmp_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:214
      		 
      #5  0x00000000005f5a6e in acl_find_proxy_user (user=0x5a5a5a5a5a5a5a5a <Address 0x5a5a5a5a5a5a5a5a out of bounds>, host=0xf96e3b "localhost", ip=0x7f3c94c5c3b0 "127.0.0.1", authenticated_as=0x7f3cbbde83e8 "root", proxy_used=0x7f3cbbde886e) at 10.0/sql/sql_acl.cc:9875
      		 
      #6  0x00000000005fb66d in acl_authenticate (thd=0x7f3c95fa0070, connect_errors=0, com_change_user_pkt_len=0) at 10.0/sql/sql_acl.cc:12052
      		 
      #7  0x000000000077660b in check_connection (thd=0x7f3c95fa0070) at 10.0/sql/sql_connect.cc:1070
      		 
      #8  0x000000000077677e in login_connection (thd=0x7f3c95fa0070) at 10.0/sql/sql_connect.cc:1138
      		 
      #9  0x0000000000776cfb in thd_prepare_connection (thd=0x7f3c95fa0070) at 10.0/sql/sql_connect.cc:1301
      		 
      #10 0x0000000000776f5b in do_handle_one_connection (thd_arg=0x7f3c95fa0070) at 10.0/sql/sql_connect.cc:1370
      		 
      #11 0x0000000000776cd0 in handle_one_connection (arg=0x7f3c95fa0070) at 10.0/sql/sql_connect.cc:1293
      		 
      #12 0x0000000000a859e1 in pfs_spawn_thread (arg=0x7f3c96369d50) at 10.0/storage/perfschema/pfs.cc:1853
      		 
      #13 0x00007f3cbba7cb50 in start_thread (arg=<optimized out>) at pthread_create.c:304
      		 
      #14 0x00007f3cba5cba7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
      		 

      revision-id: bar@mnogosearch.org-20131126065321-vcuhvtfjs7d09xpl
      		 
      revno: 3911
      		 
      branch-nick: 10.0

      RQG grammar (test.yy):

       
      		 
      query:
      		 
      	FLUSH PRIVILEGES | SELECT MIN(ID) INTO @kill_id FROM INFORMATION_SCHEMA.PROCESSLIST ; KILL @kill_id ; 
       

      RQG command line (assuming the server is already running on port 3306):

       
      		 
      perl ./gentest.pl --threads=4 --duration=400 --queries=100M --grammar=test.yy --dsn=dbi:mysql:host=127.0.0.1:port=3306:user=root:database=test
      		 
       

      It fails for me within seconds or tens of seconds after a start.
      Please note that the test can return a false positive, saying that the server crashes when it actually didn't. That's what happens on 5.5 – I never got a real crash there, but after some time the test commits suicide. On 10.0, in all test runs the server crashed for real.

      Attachments

        Activity

          There are no comments yet on this issue.

          People

            serg Sergei Golubchik
            elenst Elena Stepanova
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.