[MDEV-34501] SIGSEGV in pfs_start_mutex_wait_v1, __strlen_avx2, or __strlen_evex from safe_mutex_lock on CREATE DEFINER when using skip-grant-tables - Jira

Details

Type: Bug
Status: Open (View Workflow)
Priority: Minor
Resolution: Unresolved
Affects Version/s: 10.5, 10.6, 10.11, 11.1(EOL), 11.2(EOL), 11.4, 11.5(EOL), 11.6(EOL)
Fix Version/s: 10.5, 10.6, 10.11, 11.4
Component/s: Data Definition - Procedure
Labels:
- ASAN
- mutex

Description

# mysqld options required for replay:  --skip-grant-tables=1

CREATE DEFINER=a PROCEDURE p() SELECT 1;

Leads to:

11.6.0 29e9ade269d803b6823ec57808e0b7fad28baf9e (Debug)
Core was generated by `/test/MD190624-mariadb-11.6.0-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:76
Download failed: Invalid argument. Continuing without source file ./string/../sysdeps/x86_64/multiarch/strlen-avx2.S.
[Current thread is 1 (LWP 3654619)]
(gdb) bt
#0 __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:76
#1 0x000014e45a466d58 in __printf_buffer (buf=buf@entry=0x14e4441631a0, format=format@entry=0x5587b02d8ad0 "Got error %d when trying to lock mutex %s at %s, line %d\n", ap=ap@entry=0x14e4441632a0, mode_flags=mode_flags@entry=2)at ./stdio-common/vfprintf-process-arg.c:435
#2 0x000014e45a4674d9 in __vfprintf_internal (s=0x14e45a5ff6c0 <_IO_2_1_stderr_>, format=0x5587b02d8ad0 "Got error %d when trying to lock mutex %s at %s, line %d\n", ap=ap@entry=0x14e4441632a0, mode_flags=mode_flags@entry=2)at ./stdio-common/vfprintf-internal.c:1538
#3 0x000014e45a537bc3 in ___fprintf_chk (fp=<optimized out>, flag=flag@entry=1, format=format@entry=0x5587b02d8ad0 "Got error %d when trying to lock mutex %s at %s, line %d\n") at ./debug/fprintf_chk.c:33
#4 0x00005587aff2f9b5 in fprintf (__fmt=0x5587b02d8ad0 "Got error %d when trying to lock mutex %s at %s, line %d\n", __stream=<optimized out>)at /usr/include/x86_64-linux-gnu/bits/stdio2.h:79
#5 safe_mutex_lock (mp=mp@entry=0x5587b2e31948, my_flags=my_flags@entry=0, file=file@entry=0x5587b030097d "/test/11.6_dbg/sql/sql_acl.cc", line=line@entry=13232) at /test/11.6_dbg/mysys/thr_mutex.c:294
#6 0x00005587aff2afdb in psi_mutex_lock (that=0x5587b2e31948, file=0x5587b030097d "/test/11.6_dbg/sql/sql_acl.cc", line=13232)at /test/11.6_dbg/mysys/my_thr_init.c:489
#7 0x00005587af35f407 in inline_mysql_mutex_lock (src_line=13232, src_file=0x5587b030097d "/test/11.6_dbg/sql/sql_acl.cc", that=<optimized out>)at /test/11.6_dbg/include/mysql/psi/mysql_thread.h:746
#8 get_current_user (thd=thd@entry=0x14e414000d58, user=0x14e41401aa88, lock=lock@entry=true) at /test/11.6_dbg/sql/sql_acl.cc:13232
#9 0x00005587af40d27d in sp_process_definer (thd=thd@entry=0x14e414000d58)at /test/11.6_dbg/sql/sql_parse.cc:2825
#10 0x00005587af40d7fa in mysql_create_routine (thd=thd@entry=0x14e414000d58, lex=lex@entry=0x14e414005160) at /test/11.6_dbg/sql/sql_parse.cc:3116
#11 0x00005587af41334d in mysql_execute_command (thd=thd@entry=0x14e414000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false)at /test/11.6_dbg/sql/sql_parse.cc:5559
#12 0x00005587af41519b in mysql_parse (thd=thd@entry=0x14e414000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14e4441642a0)at /test/11.6_dbg/sql/sql_parse.cc:7868
#13 0x00005587af41755e in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14e414000d58, packet=packet@entry=0x14e41400b319 "CREATE DEFINER=a PROCEDURE p() SELECT 1", packet_length=packet_length@entry=39, blocking=blocking@entry=true)at /test/11.6_dbg/sql/sql_class.h:255
#14 0x00005587af4199f4 in do_command (thd=0x14e414000d58, blocking=blocking@entry=true) at /test/11.6_dbg/sql/sql_parse.cc:1405
#15 0x00005587af589855 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5587b2e33d98, put_in_cache=put_in_cache@entry=true)at /test/11.6_dbg/sql/sql_connect.cc:1447
#16 0x00005587af589b4a in handle_one_connection (arg=arg@entry=0x5587b2e33d98)at /test/11.6_dbg/sql/sql_connect.cc:1349
#17 0x00005587af9ea2e0 in pfs_spawn_thread (arg=0x5587b2ded3e8)at /test/11.6_dbg/storage/perfschema/pfs.cc:2201
#18 0x000014e45a497ada in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:444
#19 0x000014e45a52847c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

10.5.26 6cab2f75fe25df4673cab5ac6ff2c114fb976ed8 (Debug)
Core was generated by `/test/MD190624-mariadb-10.5.26-linux-x86_64-dbg/bin/mariadbd --no-defaults --ma'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 pfs_start_mutex_wait_v1 (state=0x15045c55f6d0, mutex=0x8f8f8f8f8f8f8f8f, op=PSI_MUTEX_LOCK, src_file=0x55d8ae6d6176 "/test/10.5_dbg/sql/sql_acl.cc", src_line=12919)at /test/10.5_dbg/storage/perfschema/pfs.cc:2627
[Current thread is 1 (LWP 3665629)]
(gdb) bt
#0 pfs_start_mutex_wait_v1 (state=0x15045c55f6d0, mutex=0x8f8f8f8f8f8f8f8f, op=PSI_MUTEX_LOCK, src_file=0x55d8ae6d6176 "/test/10.5_dbg/sql/sql_acl.cc", src_line=12919)at /test/10.5_dbg/storage/perfschema/pfs.cc:2627
#1 0x000055d8ad7bbd5e in inline_mysql_mutex_lock (src_line=12919, src_file=0x55d8ae6d6176 "/test/10.5_dbg/sql/sql_acl.cc", that=0x55d8b10aeb48) at /test/10.5_dbg/include/mysql/psi/mysql_thread.h:745
#2 get_current_user (thd=thd@entry=0x1503c8000d58, user=<optimized out>, lock=lock@entry=true) at /test/10.5_dbg/sql/sql_acl.cc:12919
#3 0x000055d8ad856dc0 in sp_process_definer (thd=thd@entry=0x1503c8000d58)at /test/10.5_dbg/sql/sql_parse.cc:2879
#4 0x000055d8ad85705d in mysql_create_routine (thd=thd@entry=0x1503c8000d58, lex=lex@entry=0x1503c8004e40) at /test/10.5_dbg/sql/sql_parse.cc:3171
#5 0x000055d8ad85d741 in mysql_execute_command (thd=thd@entry=0x1503c8000d58)at /test/10.5_dbg/sql/sql_parse.cc:5878
#6 0x000055d8ad8601bf in mysql_parse (thd=thd@entry=0x1503c8000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x15045c5602f0, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false)at /test/10.5_dbg/sql/sql_parse.cc:8221
#7 0x000055d8ad86273f in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1503c8000d58, packet=packet@entry=0x1503c800aaf9 "CREATE DEFINER=a PROCEDURE p() SELECT 1", packet_length=packet_length@entry=39, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false)at /test/10.5_dbg/sql/sql_class.h:238
#8 0x000055d8ad864f15 in do_command (thd=0x1503c8000d58)at /test/10.5_dbg/sql/sql_parse.cc:1376
#9 0x000055d8ad999378 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55d8b1af23f8, put_in_cache=put_in_cache@entry=true)at /test/10.5_dbg/sql/sql_connect.cc:1417
#10 0x000055d8ad99969e in handle_one_connection (arg=arg@entry=0x55d8b1af23f8)at /test/10.5_dbg/sql/sql_connect.cc:1319
#11 0x000055d8adde92e6 in pfs_spawn_thread (arg=0x55d8b1b5cc48)at /test/10.5_dbg/storage/perfschema/pfs.cc:2201
#12 0x0000150466297ada in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:444
#13 0x000015046632847c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

Attachments

Issue Links

relates to

MDEV-31825 Server crashes when creating PS to show grants for unknown user after starting server with skip-grant-tables

Open

SIGSEGV in pfs_start_mutex_wait_v1, __strlen_avx2, or __strlen_evex from safe_mutex_lock on CREATE DEFINER when using skip-grant-tables

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration