Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5, 10.6, 10.7(EOL), 10.8(EOL), 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL), 11.1(EOL)
Description
SET sql_mode='';
|
RENAME TABLE mysql.tables_priv TO mysql.tables_priv_bak;
|
CREATE TABLE t (c INT) ENGINE=InnoDB;
|
CREATE TABLE mysql.tables_priv SELECT * FROM mysql.tables_priv_bak;
|
GRANT SELECT ON t TO m@localhost;
|
Leads to:
10.6.0 3f871b339429441ad907ecf7dfabdc414797e664 (Debug) |
Core was generated by `/test/MD260121-mariadb-10.6.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
|
at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
|
[Current thread is 1 (Thread 0x1553f0d70700 (LWP 2966583))]
|
(gdb) bt
|
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
|
#1 0x000055ed3253c210 in my_write_core (sig=sig@entry=11) at /data/builds/10.6_dbg/mysys/stacktrace.c:424
|
#2 0x000055ed31cd12d0 in handle_fatal_signal (sig=11) at /data/builds/10.6_dbg/sql/signal_handler.cc:330
|
#3 <signal handler called>
|
#4 0x000055ed3195ece7 in replace_table_table (thd=thd@entry=0x1553c0000db8, grant_table=grant_table@entry=0x55ed3450cb08, table=0x1553c008c0e8, combo=@0x1553c0012808: {<AUTHID> = {user = {str = 0x1553c00127f0 "m", length = 1}, host = {str = 0x1553c00127f8 "localhost", length = 9}}, auth = 0x55ed32fde340 <auth_no_password>}, db=<optimized out>, db@entry=0x1553c0012f18 "test", table_name=<optimized out>, table_name@entry=0x1553c00127a0 "t", rights=SELECT_ACL, col_rights=NO_ACL, revoke_grant=false) at /data/builds/10.6_dbg/sql/sql_acl.cc:5764
|
#5 0x000055ed319643f6 in mysql_table_grant (thd=thd@entry=0x1553c0000db8, table_list=0x1553c0012848, user_list=@0x1553c0005e08: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1553c0012830, last = 0x1553c0012830, elements = 1}, <No data fields>}, columns=@0x1553c0012f30: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55ed32fdf2e0 <end_of_list>, last = 0x1553c0012f30, elements = 0}, <No data fields>}, rights=SELECT_ACL, revoke_grant=false) at /data/builds/10.6_dbg/sql/sql_acl.cc:7122
|
#6 0x000055ed31964884 in Sql_cmd_grant_table::execute_exact_table (this=0x1553c0012f20, thd=0x1553c0000db8, table=<optimized out>) at /data/builds/10.6_dbg/sql/sql_acl.h:317
|
#7 0x000055ed319686ce in Sql_cmd_grant_table::execute (this=<optimized out>, thd=<optimized out>) at /data/builds/10.6_dbg/sql/sql_acl.cc:12097
|
#8 0x000055ed31a12556 in mysql_execute_command (thd=thd@entry=0x1553c0000db8) at /data/builds/10.6_dbg/sql/sql_parse.cc:5875
|
#9 0x000055ed319f915e in mysql_parse (thd=thd@entry=0x1553c0000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1553f0d6f3d0) at /data/builds/10.6_dbg/sql/sql_parse.cc:7901
|
#10 0x000055ed31a0724f in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1553c0000db8, packet=packet@entry=0x1553c001aac9 "GRANT SELECT ON t TO m@localhost", packet_length=packet_length@entry=32) at /data/builds/10.6_dbg/sql/sql_class.h:1294
|
#11 0x000055ed31a0a581 in do_command (thd=0x1553c0000db8) at /data/builds/10.6_dbg/sql/sql_parse.cc:1365
|
#12 0x000055ed31b66079 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55ed3452f1d8, put_in_cache=put_in_cache@entry=true) at /data/builds/10.6_dbg/sql/sql_connect.cc:1410
|
#13 0x000055ed31b6677d in handle_one_connection (arg=arg@entry=0x55ed3452f1d8) at /data/builds/10.6_dbg/sql/sql_connect.cc:1312
|
#14 0x000055ed3201943f in pfs_spawn_thread (arg=0x55ed34454bd8) at /data/builds/10.6_dbg/storage/perfschema/pfs.cc:2201
|
#15 0x00001554060f1609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#16 0x0000155405ce0293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
10.6.0 3f871b339429441ad907ecf7dfabdc414797e664 (Optimized) |
Core was generated by `/test/MD260121-mariadb-10.6.0-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
|
at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
|
[Current thread is 1 (Thread 0x14ccf8cde700 (LWP 2975418))]
|
(gdb) bt
|
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
|
#1 0x000055caa7e2e05f in my_write_core (sig=sig@entry=11) at /data/builds/10.6_opt/mysys/stacktrace.c:424
|
#2 0x000055caa78a2730 in handle_fatal_signal (sig=11) at /data/builds/10.6_opt/sql/signal_handler.cc:330
|
#3 <signal handler called>
|
#4 0x000055caa7614190 in replace_table_table (revoke_grant=false, col_rights=NO_ACL, rights=SELECT_ACL, table_name=0x14ccb40104c0 "t", db=0x14ccb4010c38 "test", combo=@0x14ccb4010528: {<AUTHID> = {user = {str = 0x14ccb4010510 "m", length = 1}, host = {str = 0x14ccb4010518 "localhost", length = 9}}, auth = 0x55caa878e0c0 <auth_no_password>}, table=0x14ccb4058bb8, grant_table=0x55caa9d8baa8, thd=0x14ccb4000c58) at /data/builds/10.6_opt/sql/sql_acl.cc:5764
|
#5 mysql_table_grant (thd=0x14ccb4000c58, table_list=0x14ccb4010568, user_list=<optimized out>, columns=@0x14ccb4010c50: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55caa878ef70 <end_of_list>, last = 0x14ccb4010c50, elements = 0}, <No data fields>}, rights=SELECT_ACL, revoke_grant=false) at /data/builds/10.6_opt/sql/sql_acl.cc:7122
|
#6 0x000055caa7617e14 in Sql_cmd_grant_table::execute_exact_table (this=0x14ccb4010c40, thd=0x14ccb4000c58, table=<optimized out>) at /data/builds/10.6_opt/sql/sql_acl.h:317
|
#7 0x000055caa76951ce in mysql_execute_command (thd=0x14ccb4000c58) at /data/builds/10.6_opt/sql/sql_parse.cc:5875
|
#8 0x000055caa7685336 in mysql_parse (thd=0x14ccb4000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /data/builds/10.6_opt/sql/sql_parse.cc:7901
|
#9 0x000055caa7690c18 in dispatch_command (command=COM_QUERY, thd=0x14ccb4000c58, packet=0x14ccb4008049 "GRANT SELECT ON t TO m@localhost", packet_length=32) at /data/builds/10.6_opt/sql/sql_class.h:1294
|
#10 0x000055caa7693016 in do_command (thd=0x14ccb4000c58) at /data/builds/10.6_opt/sql/sql_parse.cc:1365
|
#11 0x000055caa77980a1 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55caa9da6648, put_in_cache=put_in_cache@entry=true) at /data/builds/10.6_opt/sql/sql_connect.cc:1410
|
#12 0x000055caa779851d in handle_one_connection (arg=arg@entry=0x55caa9da6648) at /data/builds/10.6_opt/sql/sql_connect.cc:1312
|
#13 0x000055caa7b212c9 in pfs_spawn_thread (arg=0x55caa9d14188) at /data/builds/10.6_opt/storage/perfschema/pfs.cc:2201
|
#14 0x000014cd04617609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#15 0x000014cd04206293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Versions 10.5 and 10.6, debug versus opt (differs) crash as above.
Versions 10.4 and earlier, both debug and opt (identical), crash as below:
10.4.18 e626f511f9dc4faee9ae98fb5a8c8c6ddd06679b (Optimized) |
Core was generated by `/test/MD260121-mariadb-10.4.18-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
|
at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
|
[Current thread is 1 (Thread 0x14e50c070700 (LWP 2979328))]
|
(gdb) bt
|
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
|
#1 0x000055827cb2543f in my_write_core (sig=sig@entry=11) at /data/builds/10.4_opt/mysys/stacktrace.c:386
|
#2 0x000055827c534ca8 in handle_fatal_signal (sig=11) at /data/builds/10.4_opt/sql/signal_handler.cc:343
|
#3 <signal handler called>
|
#4 0x000055827c296d23 in replace_table_table (revoke_grant=false, col_rights=0, rights=1, table_name=0x14e4a8010060 "t", db=0x14e4a8010758 "test", combo=@0x14e4a8010778: {<AUTHID> = {user = {str = 0x14e4a8010760 "m", length = 1}, host = {str = 0x14e4a8010768 "localhost", length = 9}}, auth = 0x55827d390780 <auth_no_password>}, table=0x14e4a805d9e8, grant_table=0x55828047eea0, thd=0x14e4a8000c48) at /data/builds/10.4_opt/sql/sql_acl.cc:5626
|
#5 mysql_table_grant (thd=thd@entry=0x14e4a8000c48, table_list=0x14e4a8010098, user_list=@0x14e4a8005830: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14e4a80107a0, last = 0x14e4a80107a0, elements = 1}, <No data fields>}, columns=@0x14e4a8005848: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55827d391490 <end_of_list>, last = 0x14e4a8005848, elements = 0}, <No data fields>}, rights=1, revoke_grant=false) at /data/builds/10.4_opt/sql/sql_acl.cc:6984
|
#6 0x000055827c312379 in mysql_execute_command (thd=0x14e4a8000c48) at /data/builds/10.4_opt/sql/sql_parse.cc:5396
|
#7 0x000055827c3137c7 in mysql_parse (thd=0x14e4a8000c48, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/builds/10.4_opt/sql/sql_parse.cc:7958
|
#8 0x000055827c315d2b in dispatch_command (command=COM_QUERY, thd=0x14e4a8000c48, packet=0x14e4a8007cd9 "GRANT SELECT ON t TO m@localhost", packet_length=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/builds/10.4_opt/sql/sql_class.h:1170
|
#9 0x000055827c317f28 in do_command (thd=0x14e4a8000c48) at /data/builds/10.4_opt/sql/sql_parse.cc:1373
|
#10 0x000055827c40ae0e in do_handle_one_connection (connect=connect@entry=0x558280490148) at /data/builds/10.4_opt/sql/sql_connect.cc:1412
|
#11 0x000055827c40af2f in handle_one_connection (arg=0x558280490148) at /data/builds/10.4_opt/sql/sql_connect.cc:1316
|
#12 0x000014e50e1fa609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#13 0x000014e50dd3a293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Bug confirmed present in:
MariaDB: 10.2.37 (dbg), 10.2.37 (opt), 10.3.28 (dbg), 10.3.28 (opt), 10.4.18 (dbg), 10.4.18 (opt), 10.5.9 (dbg), 10.5.9 (opt), 10.6.0 (dbg), 10.6.0 (opt)
Bug (or feature/syntax) confirmed not present in:
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.33 (dbg), 5.7.33 (opt), 8.0.23 (dbg), 8.0.23 (opt)
Attachments
Issue Links
- relates to
-
MDEV-28128 SIGSEGV in replace_column_table on GRANT
- Confirmed