[MDEV-25242] Server crashes in check_grant upon invoking function with userstat enabled - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5, 10.6
Fix Version/s: 10.2.38, 10.3.29, 10.4.19, 10.5.10
Component/s: Authentication and Privilege System, Plugin - userstat, Stored routines
Labels:
None

Description

SET @userstat.save= @@userstat;

CREATE FUNCTION f() RETURNS INT RETURN (SELECT 1 FROM performance_schema.threads);

SET GLOBAL userstat= 1;

SELECT f() FROM INFORMATION_SCHEMA.TABLE_STATISTICS;

# Cleanup

SET GLOBAL userstat= @userstat.save;

10.2 3dae5647
#3 <signal handler called>
#4 0x000055eb50b228b8 in check_grant (thd=0x7f03e0000d90, want_access=1, tables=0x7f03f0245ce0, any_combination_will_do=true, number=4294967295, no_errors=true) at /data/src/10.2/sql/sql_acl.cc:7659
#5 0x000055eb51542e79 in table_stats_fill (thd=0x7f03e0000d90, tables=0x7f03e0013c20, cond=0x0) at /data/src/10.2/plugin/userstat/table_stats.cc:34
#6 0x000055eb50c623cc in get_schema_tables_result (join=0x7f03e0017d80, executed_place=PROCESSED_BY_JOIN_EXEC) at /data/src/10.2/sql/sql_show.cc:8472
#7 0x000055eb50bfb66b in JOIN::exec_inner (this=0x7f03e0017d80) at /data/src/10.2/sql/sql_select.cc:3606
#8 0x000055eb50bfad22 in JOIN::exec (this=0x7f03e0017d80) at /data/src/10.2/sql/sql_select.cc:3437
#9 0x000055eb50bfbefc in mysql_select (thd=0x7f03e0000d90, tables=0x7f03e0013c20, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2684619520, result=0x7f03e0017d60, unit=0x7f03e0004988, select_lex=0x7f03e00050c8) at /data/src/10.2/sql/sql_select.cc:3840
#10 0x000055eb50bf005e in handle_select (thd=0x7f03e0000d90, lex=0x7f03e00048c8, result=0x7f03e0017d60, setup_tables_done_option=0) at /data/src/10.2/sql/sql_select.cc:361
#11 0x000055eb50bba67f in execute_sqlcom_select (thd=0x7f03e0000d90, all_tables=0x7f03e0013c20) at /data/src/10.2/sql/sql_parse.cc:6274
#12 0x000055eb50bb11f3 in mysql_execute_command (thd=0x7f03e0000d90) at /data/src/10.2/sql/sql_parse.cc:3585
#13 0x000055eb50bbe43b in mysql_parse (thd=0x7f03e0000d90, rawbuf=0x7f03e00126f8 "SELECT f() FROM INFORMATION_SCHEMA.TABLE_STATISTICS", length=51, parser_state=0x7f03f02475f0, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7794
#14 0x000055eb50bac664 in dispatch_command (command=COM_QUERY, thd=0x7f03e0000d90, packet=0x7f03e0008b51 "SELECT f() FROM INFORMATION_SCHEMA.TABLE_STATISTICS", packet_length=51, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1827
#15 0x000055eb50bab15f in do_command (thd=0x7f03e0000d90) at /data/src/10.2/sql/sql_parse.cc:1381
#16 0x000055eb50d05c94 in do_handle_one_connection (connect=0x55eb53721110) at /data/src/10.2/sql/sql_connect.cc:1336
#17 0x000055eb50d059f9 in handle_one_connection (arg=0x55eb53721110) at /data/src/10.2/sql/sql_connect.cc:1241
#18 0x000055eb5152ed10 in pfs_spawn_thread (arg=0x55eb53704580) at /data/src/10.2/storage/perfschema/pfs.cc:1869
#19 0x00007f03f65fe609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#20 0x00007f03f61d8293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Fails on debug, release and ASAN builds alike.

Attachments

Activity

Ascending order - Click to sort in descending order

Elena Stepanova created issue - 2021-03-24 17:05

Elena Stepanova made changes - 2021-03-24 18:51

Field	Original Value	New Value
Component/s		Performance Schema [ 15627 ]
Component/s		Stored routines [ 13905 ]
Component/s	Server [ 13907 ]
Fix Version/s		10.2 [ 14601 ]
Fix Version/s		10.3 [ 22126 ]
Fix Version/s		10.4 [ 22408 ]
Fix Version/s		10.5 [ 23123 ]
Fix Version/s	10.6 [ 24028 ]
Affects Version/s		10.2 [ 14601 ]
Affects Version/s		10.3 [ 22126 ]
Affects Version/s		10.4 [ 22408 ]
Affects Version/s		10.5 [ 23123 ]
Assignee	Vladislav Vaintroub [ wlad ]	Sergei Golubchik [ serg ]
Description	{code:sql} SET @userstat.save= @@userstat; SET GLOBAL userstat= 1; SELECT sys.ps_thread_account(1) FROM INFORMATION_SCHEMA.TABLE_STATISTICS; # Cleanup SET GLOBAL userstat= @userstat.save; {code} {noformat:title=10.6 cb545f11} #3 <signal handler called> #4 0x000055babfbe6627 in check_grant (thd=0x7ff658000db8, want_access=SELECT_ACL, tables=0x7ff669fc9f30, any_combination_will_do=true, number=4294967295, no_errors=true) at /data/src/10.6/sql/sql_acl.cc:8096 #5 0x000055bac09edcb6 in table_stats_fill (thd=0x7ff658000db8, tables=0x7ff658016678, cond=0x0) at /data/src/10.6/plugin/userstat/table_stats.cc:40 #6 0x000055babfd80614 in get_schema_tables_result (join=0x7ff658104688, executed_place=PROCESSED_BY_JOIN_EXEC) at /data/src/10.6/sql/sql_show.cc:8728 #7 0x000055babfd0d51f in JOIN::exec_inner (this=0x7ff658104688) at /data/src/10.6/sql/sql_select.cc:4448 #8 0x000055babfd0c921 in JOIN::exec (this=0x7ff658104688) at /data/src/10.6/sql/sql_select.cc:4271 #9 0x000055babfd0e16d in mysql_select (thd=0x7ff658000db8, tables=0x7ff658016678, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2684619520, result=0x7ff658104660, unit=0x7ff658004f90, select_lex=0x7ff6580152b8) at /data/src/10.6/sql/sql_select.cc:4747 #10 0x000055babfcfda13 in handle_select (thd=0x7ff658000db8, lex=0x7ff658004ec8, result=0x7ff658104660, setup_tables_done_option=0) at /data/src/10.6/sql/sql_select.cc:417 #11 0x000055babfcc0243 in execute_sqlcom_select (thd=0x7ff658000db8, all_tables=0x7ff658016678) at /data/src/10.6/sql/sql_parse.cc:6231 #12 0x000055babfcb74a3 in mysql_execute_command (thd=0x7ff658000db8) at /data/src/10.6/sql/sql_parse.cc:3927 #13 0x000055babfcc508e in mysql_parse (thd=0x7ff658000db8, rawbuf=0x7ff6580151b0 "SELECT sys.ps_thread_account(CONNECTION_ID()) FROM INFORMATION_SCHEMA.TABLE_STATISTICS", length=86, parser_state=0x7ff669fcb510) at /data/src/10.6/sql/sql_parse.cc:8004 #14 0x000055babfcb14b4 in dispatch_command (command=COM_QUERY, thd=0x7ff658000db8, packet=0x7ff65800b469 "SELECT sys.ps_thread_account(CONNECTION_ID()) FROM INFORMATION_SCHEMA.TABLE_STATISTICS", packet_length=86, blocking=true) at /data/src/10.6/sql/sql_parse.cc:1888 #15 0x000055babfcafe5b in do_command (thd=0x7ff658000db8, blocking=true) at /data/src/10.6/sql/sql_parse.cc:1399 #16 0x000055babfe5e6dc in do_handle_one_connection (connect=0x55bac2b22788, put_in_cache=true) at /data/src/10.6/sql/sql_connect.cc:1410 #17 0x000055babfe5e438 in handle_one_connection (arg=0x55bac2b22d88) at /data/src/10.6/sql/sql_connect.cc:1312 #18 0x000055bac03bc953 in pfs_spawn_thread (arg=0x55bac2a29608) at /data/src/10.6/storage/perfschema/pfs.cc:2201 #19 0x00007ff66fb27609 in start_thread (arg=<optimized out>) at pthread_create.c:477 #20 0x00007ff66f6fb293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 {noformat} Fails on debug, release and ASAN builds alike.	{code:sql} SET @userstat.save= @@userstat; CREATE FUNCTION f() RETURNS INT RETURN (SELECT 1 FROM performance_schema.threads); SET GLOBAL userstat= 1; SELECT f() FROM INFORMATION_SCHEMA.TABLE_STATISTICS; # Cleanup SET GLOBAL userstat= @userstat.save;{code} {noformat:title=10.2 3dae5647} #3 <signal handler called> #4 0x000055eb50b228b8 in check_grant (thd=0x7f03e0000d90, want_access=1, tables=0x7f03f0245ce0, any_combination_will_do=true, number=4294967295, no_errors=true) at /data/src/10.2/sql/sql_acl.cc:7659 #5 0x000055eb51542e79 in table_stats_fill (thd=0x7f03e0000d90, tables=0x7f03e0013c20, cond=0x0) at /data/src/10.2/plugin/userstat/table_stats.cc:34 #6 0x000055eb50c623cc in get_schema_tables_result (join=0x7f03e0017d80, executed_place=PROCESSED_BY_JOIN_EXEC) at /data/src/10.2/sql/sql_show.cc:8472 #7 0x000055eb50bfb66b in JOIN::exec_inner (this=0x7f03e0017d80) at /data/src/10.2/sql/sql_select.cc:3606 #8 0x000055eb50bfad22 in JOIN::exec (this=0x7f03e0017d80) at /data/src/10.2/sql/sql_select.cc:3437 #9 0x000055eb50bfbefc in mysql_select (thd=0x7f03e0000d90, tables=0x7f03e0013c20, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2684619520, result=0x7f03e0017d60, unit=0x7f03e0004988, select_lex=0x7f03e00050c8) at /data/src/10.2/sql/sql_select.cc:3840 #10 0x000055eb50bf005e in handle_select (thd=0x7f03e0000d90, lex=0x7f03e00048c8, result=0x7f03e0017d60, setup_tables_done_option=0) at /data/src/10.2/sql/sql_select.cc:361 #11 0x000055eb50bba67f in execute_sqlcom_select (thd=0x7f03e0000d90, all_tables=0x7f03e0013c20) at /data/src/10.2/sql/sql_parse.cc:6274 #12 0x000055eb50bb11f3 in mysql_execute_command (thd=0x7f03e0000d90) at /data/src/10.2/sql/sql_parse.cc:3585 #13 0x000055eb50bbe43b in mysql_parse (thd=0x7f03e0000d90, rawbuf=0x7f03e00126f8 "SELECT f() FROM INFORMATION_SCHEMA.TABLE_STATISTICS", length=51, parser_state=0x7f03f02475f0, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7794 #14 0x000055eb50bac664 in dispatch_command (command=COM_QUERY, thd=0x7f03e0000d90, packet=0x7f03e0008b51 "SELECT f() FROM INFORMATION_SCHEMA.TABLE_STATISTICS", packet_length=51, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1827 #15 0x000055eb50bab15f in do_command (thd=0x7f03e0000d90) at /data/src/10.2/sql/sql_parse.cc:1381 #16 0x000055eb50d05c94 in do_handle_one_connection (connect=0x55eb53721110) at /data/src/10.2/sql/sql_connect.cc:1336 #17 0x000055eb50d059f9 in handle_one_connection (arg=0x55eb53721110) at /data/src/10.2/sql/sql_connect.cc:1241 #18 0x000055eb5152ed10 in pfs_spawn_thread (arg=0x55eb53704580) at /data/src/10.2/storage/perfschema/pfs.cc:1869 #19 0x00007f03f65fe609 in start_thread (arg=<optimized out>) at pthread_create.c:477 #20 0x00007f03f61d8293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 {noformat} Fails on debug, release and ASAN builds alike.
Summary	Server crashes in check_grant upon invoking sys schema function with userstat enabled	Server crashes in check_grant upon invoking function with userstat enabled

Sergei Golubchik made changes - 2021-03-24 22:08

Status

Open [ 1 ]

In Progress [ 3 ]

Sergei Golubchik made changes - 2021-03-24 22:08

Status

In Progress [ 3 ]

Stalled [ 10000 ]

Sergei Golubchik made changes - 2021-03-25 09:32

Fix Version/s		10.2.38 [ 25207 ]
Fix Version/s		10.3.29 [ 25206 ]
Fix Version/s		10.4.19 [ 25205 ]
Fix Version/s		10.5.10 [ 25204 ]
Fix Version/s	10.2 [ 14601 ]
Fix Version/s	10.3 [ 22126 ]
Fix Version/s	10.4 [ 22408 ]
Fix Version/s	10.5 [ 23123 ]
Resolution		Fixed [ 1 ]
Status	Stalled [ 10000 ]	Closed [ 6 ]

Sergei Golubchik made changes - 2021-03-25 09:32

Component/s

Performance Schema [ 15627 ]

Elena Stepanova made changes - 2021-04-02 21:44

Resolution	Fixed [ 1 ]
Status	Closed [ 6 ]	Stalled [ 10000 ]

Elena Stepanova made changes - 2021-04-02 21:53

Fix Version/s

10.2 [ 14601 ]

Sergei Golubchik made changes - 2021-04-03 10:45

Fix Version/s	10.2 [ 14601 ]
Resolution		Fixed [ 1 ]
Status	Stalled [ 10000 ]	Closed [ 6 ]

Sergei Golubchik made changes - 2021-12-06 21:53

Workflow

MariaDB v3 [ 120453 ]

MariaDB v4 [ 159076 ]

People

Assignee:: Sergei Golubchik

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2021-03-24 17:05

Updated:: 2022-06-21 11:42

Resolved:: 2021-04-03 10:45

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server