Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-17898

FLUSH PRIVILEGES crashes server with segfault

    Details

      Description

      With a set of data in the mysql system schema `FLUSH PRIVILEGES` crashes the server with segfault.
      There seem to be an aleatory factor that determines the number of times it's needed to FLUSH PRIVILEGES before the crash, between 0 and 19 was tested.

      sql_acl.cc:5306:

      GRANT_NAME **first= NULL, *UNINIT_VAR(merged);
        ulong UNINIT_VAR(privs);
        for (GRANT_NAME **cur= grants.front(); cur <= grants.back(); cur++)
        {
         ACL_DB **first= NULL, *UNINIT_VAR(merged);
        ulong UNINIT_VAR(access), update_flags= 0;
        for (ACL_DB **cur= dbs.front(); cur <= dbs.back(); cur++)
        {
          if (!first || (!dbname && strcmp(cur[0]->db, cur[-1]->db)))
          { // new db name series 
            update_flags|= *update_role_db*(merged, first, access, grantee->user.str);
            merged= NULL;
            access= 0;
            first= cur;
          }
          if (strcmp(cur[0]->user, grantee->user.str) == 0)   *# SEGFAULT*
            access|= (merged= cur[0])->initial_access;
          else
            access|= cur[0]->access;
        }
      

      What I noticed is that when the problem occurs `cur` is valued before the call to update_role_db(), but after it comes back `cur` is empty (at least if I'm not mistaken).
      It definitely depends on data in the mysql schema tables.
      I could not identify one specific data culprit, also because the occurrence seems to happen after a variable number of `FLUSH PRIVILEGES`.

      Stack trace:

      Thread pointer: 0x7f3ea83a8008
      Attempting backtrace. You can use the following information to find out
      where mysqld died. If you see no messages after this, something went
      terribly wrong...
      stack_bottom = 0x7f3e9d517110 thread_stack 0x48400
      mysys/stacktrace.c:268(my_print_stacktrace)[0x555a1a1bdd4b]
      sql/signal_handler.cc:168(handle_fatal_signal)[0x555a19d1a485]
      /lib64/libpthread.so.0(+0x3639a0f7e0)[0x7f43230827e0]
      /lib64/libc.so.6(+0x3638f28696)[0x7f43219e8696]
      sql/sql_acl.cc:5317(merge_role_db_privileges)[0x555a19b42e9b]
      sql/sql_acl.cc:5081(traverse_role_graph_impl)[0x555a19b35bab]
      sql/sql_acl.cc:6779(propagate_role_grants_action)[0x555a19b35de4]
      mysys/hash.c:769(my_hash_iterate)[0x555a1a19fd6c]
      sql/sql_acl.cc:6845(grant_reload(THD*))[0x555a19b44dbc]
      sql/sql_reload.cc:86(reload_acl_and_cache(THD*, unsigned long long, TABLE_LIST*, int*))[0x555a19c851ce]
      sql/sql_parse.cc:4885(mysql_execute_command(THD*))[0x555a19b9e7e3]
      sql/sql_parse.cc:7466(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x555a19ba6405]
      sql/sql_parse.cc:1582(dispatch_command(enum_server_command, THD*, char*, unsigned int))[0x555a19ba9015]
      sql/sql_parse.cc:1126(do_command(THD*))[0x555a19ba9687]
      sql/sql_connect.cc:1330(do_handle_one_connection(THD*))[0x555a19c6b99f]
      sql/sql_connect.cc:1244(handle_one_connection)[0x555a19c6bad7]
      perfschema/pfs.cc:1864(pfs_spawn_thread)[0x555a19e8bb8d]
      /lib64/libpthread.so.0(+0x3639a07aa1)[0x7f432307aaa1]
      /lib64/libc.so.6(clone+0x6d)[0x7f43219a8bdd]
       
      Trying to get some variables.
      Some pointers may be invalid and cause the dump to abort.
      Query (0x7f3eac4364e5): FLUSH PRIVILEGES
      Connection ID (thread ID): 3
      Status: NOT_KILLED
      
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                serg Sergei Golubchik
                Reporter:
                claudio.nanni Claudio Nanni
              • Votes:
                2 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: