Details
-
Bug
-
Status: Open (View Workflow)
-
Blocker
-
Resolution: Unresolved
-
10.11, 11.4, 11.8
-
Can result in hang or crash
-
Q1/2026 Server Development
Description
--let $restart_parameters = --skip-grant-tables
|
--source include/restart_mysqld.inc
|
|
|
SELECT * FROM information_schema.table_constraints; |
Leads to:
|
CS 10.11.16 b29d3779e42f1cf65b1bbe84876767122dcc76c8 (Optimized, Clang 18.1.3-11) Build 29/01/2026 |
Core was generated by `/test/MD290126-mariadb-10.11.16-linux-x86_64-opt/bin/mariadbd --no-defaults --m'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x0000000000000000 in ?? ()
|
[Current thread is 1 (LWP 1512580)]
|
(gdb) bt
|
#0 0x0000000000000000 in ?? ()
|
#1 0x00005aea74715549 in my_hash_first (hash=0x5aea8cdfe118, length=20, current_record=0x7efa8ced11d4, key=<optimized out>)at /test/10.11_opt/mysys/hash.c:264
|
#2 my_hash_search (hash=0x5aea8cdfe118, key=0x7efa8ced1240 "", length=20)at /test/10.11_opt/mysys/hash.c:236
|
#3 0x00005aea73f86f50 in hash_filo::search (this=0x5aea8cdfe0a0, key=0x7efa8ced1240 "", length=20) at /test/10.11_opt/sql/hash_filo.h:120
|
#4 Hash_filo<acl_entry>::search (this=0x5aea8cdfe0a0, key=0x7efa8ced1240 "", len=20) at /test/10.11_opt/sql/hash_filo.h:211
|
#5 acl_get (host=0x5aea7492a5d8 "localhost", ip=0x0, user=user@entry=0x7edf7c002bb0 "", db=db@entry=0x5aea74944b5c "information_schema", db_is_pattern=db_is_pattern@entry=0 '\000')at /test/10.11_opt/sql/sql_acl.cc:3813
|
#6 0x00005aea73f8695c in acl_get_all3 (sctx=0x7edf7c002b98, db=0x5aea74944b5c "information_schema", db_is_patern=<error reading variable: Cannot access memory at address 0x0>)at /test/10.11_opt/sql/sql_acl.cc:3878
|
#7 0x00005aea740b16d8 in get_schema_constraints_record (thd=0x7edf7c000c68, tables=0x7edf7c025260, table=0x7edf7c01d200, res=252, db_name=0x5aea751db700 <INFORMATION_SCHEMA_NAME>, table_name=0x7edf7c015b18) at /test/10.11_opt/sql/sql_show.cc:7337
|
#8 0x00005aea740a6115 in fill_schema_table_by_open (thd=thd@entry=0x7edf7c000c68, mem_root=mem_root@entry=0x7efa8ced3490, is_show_fields_or_keys=false, table=table@entry=0x7edf7c01d200, schema_table=schema_table@entry=0x5aea751d9710 <schema_tables+2496>, orig_db_name=orig_db_name@entry=0x5aea751db700 <INFORMATION_SCHEMA_NAME>, orig_table_name=0x7edf7c015b18, open_tables_state_backup=0x7efa8ced3400, can_deadlock=<optimized out>) at /test/10.11_opt/sql/sql_show.cc:4806
|
#9 0x00005aea740a5d1f in get_all_tables (thd=0x7edf7c000c68, tables=0x7edf7c011398, cond=<optimized out>)at /test/10.11_opt/sql/sql_show.cc:5441
|
#10 0x00005aea740ac916 in get_schema_tables_result (join=join@entry=0x7edf7c012768, executed_place=executed_place@entry=PROCESSED_BY_JOIN_EXEC)at /test/10.11_opt/sql/sql_show.cc:9279
|
#11 0x00005aea7406e43d in JOIN::exec_inner (this=this@entry=0x7edf7c012768)at /test/10.11_opt/sql/sql_select.cc:4980
|
#12 0x00005aea74054630 in JOIN::exec (this=0x7edf7c012768)at /test/10.11_opt/sql/sql_select.cc:4807
|
#13 mysql_select (thd=thd@entry=0x7edf7c000c68, tables=<optimized out>, fields=@0x7edf7c010ff0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7edf7c011318, last = 0x7edf7c013780, elements = 6}, <No data fields>}, conds=<optimized out>, og_num=<optimized out>, order=<optimized out>, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x7edf7c012740, unit=0x7edf7c004f68, select_lex=0x7edf7c010d38)at /test/10.11_opt/sql/sql_select.cc:5285
|
#14 0x00005aea74054229 in handle_select (thd=thd@entry=0x7edf7c000c68, lex=lex@entry=0x7edf7c004e90, result=result@entry=0x7edf7c012740, setup_tables_done_option=setup_tables_done_option@entry=0)at /test/10.11_opt/sql/sql_select.cc:601
|
#15 0x00005aea74020656 in execute_sqlcom_select (thd=thd@entry=0x7edf7c000c68, all_tables=0x7edf7c011398) at /test/10.11_opt/sql/sql_parse.cc:6463
|
#16 0x00005aea7401e751 in mysql_execute_command (thd=thd@entry=0x7edf7c000c68, is_called_from_prepared_stmt=<optimized out>)at /test/10.11_opt/sql/sql_parse.cc:4042
|
#17 0x00005aea74016781 in mysql_parse (thd=thd@entry=0x7edf7c000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7efa8ced5480)at /test/10.11_opt/sql/sql_parse.cc:8223
|
#18 0x00005aea74014b1f in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7edf7c000c68, packet=packet@entry=0x7edf7c0086f9 "SELECT * FROM information_schema.table_constraints", packet_length=packet_length@entry=50, blocking=true)at /test/10.11_opt/sql/sql_parse.cc:1924
|
#19 0x00005aea74016b91 in do_command (thd=thd@entry=0x7edf7c000c68, blocking=true) at /test/10.11_opt/sql/sql_parse.cc:1434
|
#20 0x00005aea7413974d in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5aea8cdfc6d8, put_in_cache=true)at /test/10.11_opt/sql/sql_connect.cc:1475
|
#21 0x00005aea74139513 in handle_one_connection (arg=arg@entry=0x5aea8cdfc6d8)at /test/10.11_opt/sql/sql_connect.cc:1387
|
#22 0x00005aea7449688e in pfs_spawn_thread (arg=0x5aea8ce77ac8)at /test/10.11_opt/storage/perfschema/pfs.cc:2201
|
#23 0x00007efa8f69caa4 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
|
#24 0x00007efa8f729c6c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
Bug Detection Matrix |
Rel o/d Build Commit UniqueID observed
|
CS 10.6 dbg 290126 bf686bb987766bce4ca842d12178d0c08710cab8 No bug found
|
CS 10.6 opt 290126 bf686bb987766bce4ca842d12178d0c08710cab8 No bug found
|
CS 10.11 dbg 290126 b29d3779e42f1cf65b1bbe84876767122dcc76c8 SIGSEGV|__strlen_evex|safe_mutex_lock|inline_mysql_mutex_lock|acl_get
|
CS 10.11 opt 290126 b29d3779e42f1cf65b1bbe84876767122dcc76c8 SIGSEGV|my_hash_first|my_hash_search|hash_filo::search|Hash_filo<acl_entry>::search
|
CS 11.4 dbg 030226 ae5c8bfe764dc3a301826c15beaab49be5282263 SIGSEGV|__sanitizer::internal_strlen|printf_common|safe_mutex_lock|inline_mysql_mutex_lock
|
CS 11.4 opt 030226 ae5c8bfe764dc3a301826c15beaab49be5282263 SIGSEGV|my_hash_first|my_hash_search|hash_filo::search|Hash_filo<acl_entry>::search
|
CS 11.8 dbg 030226 9bfea48ce1214cc4470f6f6f8a4e30352cef84e7 SIGSEGV|__sanitizer::internal_strlen|printf_common|safe_mutex_lock|inline_mysql_mutex_lock
|
CS 11.8 opt 030226 9bfea48ce1214cc4470f6f6f8a4e30352cef84e7 SIGSEGV|my_hash_first|my_hash_search|hash_filo::search|Hash_filo<acl_entry>::search
|
CS 12.2 dbg 030226 de72d02bffe6639ef0b7911966a3f85e3eba052f No bug found
|
CS 12.2 opt 030226 de72d02bffe6639ef0b7911966a3f85e3eba052f No bug found
|
CS 12.3 dbg 030226 549628d9ccb822252b55210d922cef3d13eecd71 No bug found
|
CS 12.3 opt 030226 549628d9ccb822252b55210d922cef3d13eecd71 No bug found
|
ES 10.5 dbg 040825 70586522eacf09d04d49962072e14325a75d8155 No bug found
|
ES 10.5 opt 040825 70586522eacf09d04d49962072e14325a75d8155 No bug found
|
ES 10.6 dbg 040825 9b794f34b48fb7eee490b6da44edc0f33a947447 No bug found
|
ES 10.6 opt 040825 9b794f34b48fb7eee490b6da44edc0f33a947447 No bug found
|
ES 11.4 dbg 040825 a1c03ccd54b582e75506687ee19b273ca897f261 No bug found
|
ES 11.4 opt 040825 a1c03ccd54b582e75506687ee19b273ca897f261 No bug found
|
ES 11.8 dbg 151025 780565c207e9ce0ebf7d8e3d59f223801447b619 No bug found
|
ES 11.8 opt 151025 780565c207e9ce0ebf7d8e3d59f223801447b619 No bug found
|
The crash is happening this commit
commit c0acc3cc8f1ec24e96b1ee192fdf6e4b6ccf4e0a
|
Author: Sergei Golubchik <serg@mariadb.org>
|
Date: Mon Dec 29 20:35:09 2025 +0100
|
|
|
MDEV-38209 REFERENCES permission on particular schema is sometimes ignored
|
|
some I_S tables require "any non-SELECT privilege on the table".
|
If only SELECT was granted on the global level and something non-SELECT
|
on the schema level, then we need to check schema level privileges
|
explicitly, because check_grant() doesn't do that and get_all_tables()
|
doesn't look deeper if SELECT is present on the global level.
|
Attachments
Issue Links
- is caused by
-
-
- Closed
-