Hi,

I found MariaDB C-connector to cause segfault sometimes when closing database connection. Please see backtrace attached (also screenshots 1-3).

We have a multithreaded server which opens multiple connections to MariaDB. When the server is closing a DB connection a random crash happens. This problem is not easy to reproduce and usually requires several hundreds of connections, plus it has possibly something to do with a situation where multiple clients are accessing the same database table in parallel where there are triggers related (at least this causes crash to be happening more often, db dead locks?).

Backtrace is from version 2.0.0, but I tested also version 2.1.0 and the same thing happens. Server was running in a single core VirtualBox environment with database server on the same virtual machine.

BR,
Sauli

----------------------------------------------------

Backtrace:

#0 0xb7712422 in __kernel_vsyscall ()
No symbol table info available.
#1 0xb7123661 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
resultvar = <optimized out>
pid = -1222275084
selftid = 10807
#2 0xb7126a92 in *__GI_abort () at abort.c:92
act = {__sigaction_handler =

, sa_mask = {__val = {1769472, 135070432, 134523120, 3066999364, 7332, 3066999332, 134516448, 134515844,
0, 13, 3066999176, 3072098536, 3, 3066999260, 3072692212, 8, 3067000720, 3066999380, 3072217124, 592, 3066999260, 3, 0, 3066999356, 0, 1, 3072550129, 3072550125, 3072545604, 3072545669, 109, 3066999260}},
sa_flags = -1227967964, sa_restorer = 0xb723791f}
sigs = {__val = {32, 0 <repeats 31 times>}}
#3 0xb715edc5 in __libc_message (do_abort=2, fmt=0xb7239b50 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
ap = <optimized out>
fd = -1227967604
on_2 = <optimized out>
list = <optimized out>
nlist = <optimized out>
cp = <optimized out>
written = false
#4 0xb7168eb1 in malloc_printerr (action=<optimized out>, str=0x6 <Address 0x6 out of bounds>, ptr=0xb5459db0) at malloc.c:6312
buf = "b5459db0"
cp = <optimized out>
#5 0xb716a718 in _int_free (av=<optimized out>, p=<optimized out>) at malloc.c:4824
size = 24592
nextchunk = 0x2a37
nextsize = 146219720
prevsize = <optimized out>
bck = <optimized out>
fwd = <optimized out>
errstr = 0x6 <Address 0x6 out of bounds>
_func_ = "_int_free"
#6 0xb716d85d in *_GI__libc_free (mem=0xb5459db0) at malloc.c:3738
ar_ptr = 0xb725a3c0
p = 0x6
#7 0x0808bdc0 in vio_delete (vio=0xb5459d10) at /home/georg/work/mariadb/client/mariadb-native-client/libmariadb/violite.c:190
No locals.
#8 0x0807be27 in end_server (mysql=0xb5457878) at /home/georg/work/mariadb/client/mariadb-native-client/libmariadb/libmariadb.c:767
No locals.
#9 0x0807d3ba in mysql_close (mysql=0xb5457878) at /home/georg/work/mariadb/client/mariadb-native-client/libmariadb/libmariadb.c:2212
li_stmt = 0x8d35830
#10 0x0804f249 in MySQLDatabase::close (this=0xb5457820) at src/MySQLDatabase.cpp:82
No locals.
#11 0x0806368c in ConnectionController::execute (this=0x8b722c8) at src/ConnectionController.cpp:432
...