Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.1.26, 10.1.37, 10.0(EOL), 10.1(EOL), 10.2(EOL), 10.3(EOL), 10.4(EOL)
-
None
Description
With a set of data in the mysql system schema `FLUSH PRIVILEGES` crashes the server with segfault.
There seem to be an aleatory factor that determines the number of times it's needed to FLUSH PRIVILEGES before the crash, between 0 and 19 was tested.
sql_acl.cc:5306:
GRANT_NAME **first= NULL, *UNINIT_VAR(merged);
|
ulong UNINIT_VAR(privs);
|
for (GRANT_NAME **cur= grants.front(); cur <= grants.back(); cur++) |
{
|
ACL_DB **first= NULL, *UNINIT_VAR(merged);
|
ulong UNINIT_VAR(access), update_flags= 0; |
for (ACL_DB **cur= dbs.front(); cur <= dbs.back(); cur++) |
{
|
if (!first || (!dbname && strcmp(cur[0]->db, cur[-1]->db))) |
{ // new db name series |
update_flags|= *update_role_db*(merged, first, access, grantee->user.str);
|
merged= NULL;
|
access= 0; |
first= cur;
|
}
|
if (strcmp(cur[0]->user, grantee->user.str) == 0) *# SEGFAULT* |
access|= (merged= cur[0])->initial_access; |
else |
access|= cur[0]->access; |
}
|
What I noticed is that when the problem occurs `cur` is valued before the call to update_role_db(), but after it comes back `cur` is empty (at least if I'm not mistaken).
It definitely depends on data in the mysql schema tables.
I could not identify one specific data culprit, also because the occurrence seems to happen after a variable number of `FLUSH PRIVILEGES`.
Stack trace:
Thread pointer: 0x7f3ea83a8008
|
Attempting backtrace. You can use the following information to find out
|
where mysqld died. If you see no messages after this, something went
|
terribly wrong...
|
stack_bottom = 0x7f3e9d517110 thread_stack 0x48400
|
mysys/stacktrace.c:268(my_print_stacktrace)[0x555a1a1bdd4b]
|
sql/signal_handler.cc:168(handle_fatal_signal)[0x555a19d1a485]
|
/lib64/libpthread.so.0(+0x3639a0f7e0)[0x7f43230827e0]
|
/lib64/libc.so.6(+0x3638f28696)[0x7f43219e8696]
|
sql/sql_acl.cc:5317(merge_role_db_privileges)[0x555a19b42e9b]
|
sql/sql_acl.cc:5081(traverse_role_graph_impl)[0x555a19b35bab]
|
sql/sql_acl.cc:6779(propagate_role_grants_action)[0x555a19b35de4]
|
mysys/hash.c:769(my_hash_iterate)[0x555a1a19fd6c]
|
sql/sql_acl.cc:6845(grant_reload(THD*))[0x555a19b44dbc]
|
sql/sql_reload.cc:86(reload_acl_and_cache(THD*, unsigned long long, TABLE_LIST*, int*))[0x555a19c851ce]
|
sql/sql_parse.cc:4885(mysql_execute_command(THD*))[0x555a19b9e7e3]
|
sql/sql_parse.cc:7466(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x555a19ba6405]
|
sql/sql_parse.cc:1582(dispatch_command(enum_server_command, THD*, char*, unsigned int))[0x555a19ba9015]
|
sql/sql_parse.cc:1126(do_command(THD*))[0x555a19ba9687]
|
sql/sql_connect.cc:1330(do_handle_one_connection(THD*))[0x555a19c6b99f]
|
sql/sql_connect.cc:1244(handle_one_connection)[0x555a19c6bad7]
|
perfschema/pfs.cc:1864(pfs_spawn_thread)[0x555a19e8bb8d]
|
/lib64/libpthread.so.0(+0x3639a07aa1)[0x7f432307aaa1]
|
/lib64/libc.so.6(clone+0x6d)[0x7f43219a8bdd]
|
 |
Trying to get some variables.
|
Some pointers may be invalid and cause the dump to abort.
|
Query (0x7f3eac4364e5): FLUSH PRIVILEGES
|
Connection ID (thread ID): 3
|
Status: NOT_KILLED
|
|
Attachments
Issue Links
- causes
-
-
- Closed
-
- is blocked by
-
-
- Closed
-