[#MDEV-16478] mysql_real_connect() from libmariadbd.so always crash

Function mysql_real_connect() from libmariadbd.so library always crash. In attachment is simple reproducer which tries to connect to MariaDB server via TCP from libmariadbd.so library.

gcc -g test-connect.c -o test-connect `mysql_config --cflags --libmysqld-libs`

$ gdb --args ./test-connect 127.0.0.1 3306 pali pali

Program received signal SIGSEGV, Segmentation fault.

QUERY_PROFILE::new_status (this=0x4, status_arg=0x7ffff6c83527 "Waiting for query cache lock",

    function_arg=function_arg@entry=0x7ffff6c8da78 <Query_cache::try_lock(THD*, Query_cache::Cache_try_lock_mode)::__FUNCTION__> "try_lock",

    file_arg=file_arg@entry=0x7ffff6c8d8f8 "mariadb-10.3.6/sql/sql_cache.cc", line_arg=603) at mariadb-10.3.6/sql/sql_profile.cc:312

312       prof->m_seq= m_seq_counter++;

(gdb) bt

#0  QUERY_PROFILE::new_status (this=0x4, status_arg=0x7ffff6c83527 "Waiting for query cache lock",

    function_arg=function_arg@entry=0x7ffff6c8da78 <Query_cache::try_lock(THD*, Query_cache::Cache_try_lock_mode)::__FUNCTION__> "try_lock",

    file_arg=file_arg@entry=0x7ffff6c8d8f8 "mariadb-10.3.6/sql/sql_cache.cc", line_arg=603) at mariadb-10.3.6/sql/sql_profile.cc:312

#1  0x00007ffff66610cc in PROFILING::status_change (this=<optimized out>, line_arg=<optimized out>, file_arg=0x7ffff6c8d8f8 "mariadb-10.3.6/sql/sql_cache.cc",

    function_arg=0x7ffff6c8da78 <Query_cache::try_lock(THD*, Query_cache::Cache_try_lock_mode)::__FUNCTION__> "try_lock", status_arg=<optimized out>) at mariadb-10.3.6/sql/sql_profile.h:312

#2  THD::enter_stage (stage=<optimized out>, stage=<optimized out>, calling_line=<optimized out>, calling_file=0x7ffff6c8d8f8 "mariadb-10.3.6/sql/sql_cache.cc",

    calling_func=0x7ffff6c8da78 <Query_cache::try_lock(THD*, Query_cache::Cache_try_lock_mode)::__FUNCTION__> "try_lock", this=<optimized out>) at mariadb-10.3.6/sql/sql_class.h:2365

#3  set_thd_stage_info (thd_arg=thd_arg@entry=0x55555576b140, new_stage=<optimized out>, old_stage=old_stage@entry=0x7fffffffce78,

    calling_func=calling_func@entry=0x7ffff6c8da78 <Query_cache::try_lock(THD*, Query_cache::Cache_try_lock_mode)::__FUNCTION__> "try_lock",

    calling_file=calling_file@entry=0x7ffff6c8d8f8 "mariadb-10.3.6/sql/sql_cache.cc", calling_line=calling_line@entry=603) at mariadb-10.3.6/sql/sql_class.cc:408

#4  0x00007ffff665a3b3 in Query_cache_wait_state::Query_cache_wait_state (line=603, file=0x7ffff6c8d8f8 "mariadb-10.3.6/sql/sql_cache.cc", func=<synthetic pointer>, thd=0x55555576b140,

    this=0x7fffffffce70) at mariadb-10.3.6/sql/sql_cache.cc:432

#5  Query_cache::try_lock (this=0x555555770178, this@entry=0x7ffff75502c0 <query_cache>, thd=0x55555576b140, mode=(unknown: 4149543616), mode@entry=Query_cache::WAIT)

    at mariadb-10.3.6/sql/sql_cache.cc:603

#6  0x00007ffff665d6ac in Query_cache::insert (this=0x7ffff75502c0 <query_cache>, thd=<optimized out>, query_cache_tls=0x55555576b410, packet=0x5555557772a8 "\244", length=168, pkt_nr=2)

    at mariadb-10.3.6/sql/sql_cache.cc:1082

#7  0x00007ffff6616211 in net_real_write (net=net@entry=0x555555770178, packet=0x5555557772a8 "\244", len=<optimized out>) at mariadb-10.3.6/sql/net_serv.cc:620

#8  0x00007ffff661658b in net_flush (net=net@entry=0x555555770178) at mariadb-10.3.6/sql/net_serv.cc:377

#9  0x00007ffff65e4b71 in send_client_reply_packet (mpvio=0x7fffffffd680, data=<optimized out>, data_len=<optimized out>) at mariadb-10.3.6/sql-common/client.c:2679

#10 0x00007ffff65e506d in client_mpvio_write_packet (mpv=0x7fffffffd680, pkt=<optimized out>, pkt_len=<optimized out>) at mariadb-10.3.6/sql-common/client.c:2775

#11 0x00007ffff65e25f2 in native_password_auth_client (vio=0x7fffffffd680, mysql=0x555555770178) at mariadb-10.3.6/sql-common/client.c:4702

#12 0x00007ffff65e5322 in run_plugin_auth (mysql=mysql@entry=0x555555770178, data=0x5555557772df "l\365\211\062\254\332dmysql_native_password", data_len=21, data_plugin=0x5555557772f4 "assword",

    db=db@entry=0x0) at mariadb-10.3.6/sql-common/client.c:2911

#13 0x00007ffff65e70c3 in cli_mysql_real_connect (mysql=mysql@entry=0x555555770178, host=0x7fffffffe1b7 "127.0.0.1", user=<optimized out>, user@entry=0x7fffffffe1c6 "pali", passwd=0x7fffffffe1cb "pali",

    db=<optimized out>, db@entry=0x0, port=3306, unix_socket=<optimized out>, client_flag=2147614722) at mariadb-10.3.6/sql-common/client.c:3575

#14 0x00007ffff65f627d in mysql_real_connect (mysql=0x555555770178, host=<optimized out>, user=0x7fffffffe1c6 "pali", passwd=<optimized out>, db=0x0, port=<optimized out>, unix_socket=0x0,

    client_flag=2147614722) at mariadb-10.3.6/libmysqld/libmysqld.c:108

#15 0x0000555555554c86 in main (argc=5, argv=0x7fffffffddf8) at test-connect.c:46

This problem was discovered while developing Perl DBI driver DBD::MariaDB: https://github.com/gooddata/DBD-MariaDB. First MariaDB version in which it was detected is 10.3.1 and it is present also in last 10.3.7 version. Versions 10.3.0 is working fine, also all versions from 10.2, 10.1, 10.0 and 5.5 series.

Due to this problem, when DBD::MariaDB is compiled and linked with affected libmariadbd.so version, libmariadbd.so crashes and segfault whole perl process on every connection attempt. So it makes it fully unusable.

Please, let us know what should we do with these crashes... If there is some workaround or something else.

10.2 352c7e0dfa

mdev16478a: /data/src/10.2/sql/log.cc:1139: void LOGGER::cleanup_base(): Assertion `inited == 1' failed.

#0  0x00007f1c68a07fcf in raise () from /lib/x86_64-linux-gnu/libc.so.6

#1  0x00007f1c68a093fa in abort () from /lib/x86_64-linux-gnu/libc.so.6

#2  0x00007f1c68a00e37 in __assert_fail_base () from /lib/x86_64-linux-gnu/libc.so.6

#3  0x00007f1c68a00ee2 in __assert_fail () from /lib/x86_64-linux-gnu/libc.so.6

#4  0x00007f1c6ac252cd in LOGGER::cleanup_base (this=0x7f1c6c5bb5c0 <logger>) at /data/src/10.2/sql/log.cc:1139

#5  0x00007f1c6a8b49dc in clean_up (print_message=false) at /data/src/10.2/libmysqld/../sql/mysqld.cc:2200

#6  0x00007f1c6a8bd98a in end_embedded_server () at /data/src/10.2/libmysqld/lib_sql.cc:647

#7  0x00007f1c6a89b1d1 in mysql_server_end () at /data/src/10.2/libmysqld/libmysql.c:213

#8  0x0000000000400acf in main (argc=5, argv=0x7ffd7ea6a5c8) at mdev16478.c:58

[MDEV-16478] mysql_real_connect() from libmariadbd.so always crash Created: 2018-06-13 Updated: 2018-06-25 Resolved: 2018-06-25
Status:	Closed
Project:	MariaDB Server
Component/s:	Embedded Server
Affects Version/s:	10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, 10.3.6, 10.3.7, 10.3
Fix Version/s:	10.3.8

[MDEV-16478] mysql_real_connect() from libmariadbd.so always crash Created: 2018-06-13 Updated: 2018-06-25 Resolved: 2018-06-25