Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.1.3, 10.0(EOL)
-
None
Description
Server crashes when running the following test case:
CREATE USER u1;
|
CREATE ROLE r1;
|
CREATE ROLE r2;
|
GRANT r1 to u1;
|
GRANT r2 to r1;
|
delimiter |;
|
create procedure mysql.test_proc (OUT param1 INT)
|
begin
|
select COUNT(*) into param1 from mysql.roles_mapping;
|
end|
|
delimiter ;|
|
GRANT EXECUTE ON PROCEDURE mysql.test_proc TO r1;
|
GRANT EXECUTE ON PROCEDURE mysql.test_proc TO u1;
|
CREATE FUNCTION mysql.test_func (param INT) RETURNS INT
|
RETURN (SELECT COUNT(*) FROM mysql.user);
|
GRANT EXECUTE ON FUNCTION mysql.test_func TO r1;
|
GRANT EXECUTE ON FUNCTION mysql.test_func TO u1;
|
DROP PROCEDURE mysql.test_proc;
|
DROP FUNCTION mysql.test_func;
|
DROP ROLE r1;
|
DROP USER u1;
|
Stack trace is:
Server version: 10.1.3-MariaDB-wsrep-debug-log
|
key_buffer_size=1048576
|
read_buffer_size=131072
|
max_used_connections=1
|
max_threads=153
|
thread_count=1
|
It is possible that mysqld could use up to
|
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 63099 K bytes of memory
|
Hope that's ok; if not, decrease some variables in the equation.
|
|
|
Thread pointer: 0x0x7f80cf212070
|
Attempting backtrace. You can use the following information to find out
|
where mysqld died. If you see no messages after this, something went
|
terribly wrong...
|
stack_bottom = 0x7f80d7dfcde8 thread_stack 0x48000
|
mysys/stacktrace.c:246(my_print_stacktrace)[0xfcf223]
|
sql/signal_handler.cc:155(handle_fatal_signal)[0x88e3cb]
|
/lib/x86_64-linux-gnu/libpthread.so.0(+0xfc90)[0x7f80d6fb4c90]
|
/lib/x86_64-linux-gnu/libc.so.6(gsignal+0x37)[0x7f80d63ebe37]
|
/lib/x86_64-linux-gnu/libc.so.6(abort+0x148)[0x7f80d63ed528]
|
/lib/x86_64-linux-gnu/libc.so.6(+0x2fce6)[0x7f80d63e4ce6]
|
/lib/x86_64-linux-gnu/libc.so.6(+0x2fd92)[0x7f80d63e4d92]
|
sql/sql_acl.cc:2611(add_role_user_mapping_action)[0x5cd9b6]
|
mysys/hash.c:761(my_hash_iterate)[0xfa6c1e]
|
sql/sql_acl.cc:2637(rebuild_role_grants)[0x5cda68]
|
sql/sql_acl.cc:9582(mysql_drop_user(THD*, List<st_lex_user>&, bool))[0x5e4047]
|
sql/sql_parse.cc:4543(mysql_execute_command(THD*))[0x664443]
|
sql/sql_parse.cc:7152(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x66c1d0]
|
sql/sql_parse.cc:1463(dispatch_command(enum_server_command, THD*, char*, unsigned int))[0x65b24f]
|
sql/sql_parse.cc:1090(do_command(THD*))[0x65a00c]
|
sql/sql_connect.cc:1347(do_handle_one_connection(THD*))[0x791e27]
|
sql/sql_connect.cc:1259(handle_one_connection)[0x791b70]
|
perfschema/pfs.cc:1862(pfs_spawn_thread)[0xc1aaff]
|
/lib/x86_64-linux-gnu/libpthread.so.0(+0x80a5)[0x7f80d6fad0a5]
|
/lib/x86_64-linux-gnu/libc.so.6(clone+0x6d)[0x7f80d64aecfd]
|
|
|
Trying to get some variables.
|
Some pointers may be invalid and cause the dump to abort.
|
Query (0x7f80ccce4088): DROP USER u1
|
Connection ID (thread ID): 3
|
Status: NOT_KILLED
|
Attachments
Activity
| Field | Original Value | New Value |
|---|---|---|
| Fix Version/s | 10.0 [ 16000 ] | |
| Affects Version/s | 10.0 [ 16000 ] |
| Assignee | Vicentiu Ciorbaru [ cvicentiu ] | Sergei Golubchik [ serg ] |
| Status | Open [ 1 ] | In Review [ 10002 ] |
| Assignee | Sergei Golubchik [ serg ] | Vicentiu Ciorbaru [ cvicentiu ] |
| Status | In Review [ 10002 ] | Stalled [ 10000 ] |
| Fix Version/s | 10.0.18 [ 18702 ] | |
| Fix Version/s | 10.0 [ 16000 ] | |
| Fix Version/s | 10.1 [ 16100 ] | |
| Resolution | Fixed [ 1 ] | |
| Status | Stalled [ 10000 ] | Closed [ 6 ] |
| Workflow | MariaDB v2 [ 60115 ] | MariaDB v3 [ 65326 ] |
| Workflow | MariaDB v3 [ 65326 ] | MariaDB v4 [ 148893 ] |
Smaller test case (at least for a debug build):
mysqld: 10.1/sql/sql_acl.cc:2610: my_bool add_role_user_mapping_action(void*, void*): Assertion `status == 0' failed.150313 16:02:10 [ERROR] mysqld got signal 6 ;Stack trace from 10.1 commit 702fba1511c90ea9c72b6c00122e0f31a05237b4
#6 0x00007fd951d89311 in *__GI___assert_fail (assertion=0x7fd954fd9a26 "status == 0", file=<optimized out>, line=2610, function=0x7fd954fdd000 "my_bool add_role_user_mapping_action(void*, void*)") at assert.c:81#7 0x00007fd954625ec1 in add_role_user_mapping_action (ptr=0x7fd94aded8c0, unused=0x0) at 10.1/sql/sql_acl.cc:2610#8 0x00007fd954f03952 in my_hash_iterate (hash=0x7fd95599d620, action=0x7fd954625e5f <add_role_user_mapping_action(void*, void*)>, argument=0x0) at 10.1/mysys/hash.c:761#9 0x00007fd954625f6d in rebuild_role_grants () at 10.1/sql/sql_acl.cc:2635#10 0x00007fd95463bd74 in mysql_drop_user (thd=0x7fd94ae5b070, list=..., handle_as_role=false) at 10.1/sql/sql_acl.cc:9579#11 0x00007fd9546b8d6a in mysql_execute_command (thd=0x7fd94ae5b070) at 10.1/sql/sql_parse.cc:4544#12 0x00007fd9546c0b4c in mysql_parse (thd=0x7fd94ae5b070, rawbuf=0x7fd9488e0088 "DROP USER u1", length=12, parser_state=0x7fd95416c1b0) at 10.1/sql/sql_parse.cc:7152#13 0x00007fd9546afb97 in dispatch_command (command=COM_QUERY, thd=0x7fd94ae5b070, packet=0x7fd94cffa071 "DROP USER u1", packet_length=12) at 10.1/sql/sql_parse.cc:1461#14 0x00007fd9546ae972 in do_command (thd=0x7fd94ae5b070) at 10.1/sql/sql_parse.cc:1090#15 0x00007fd9547df757 in do_handle_one_connection (thd_arg=0x7fd94ae5b070) at 10.1/sql/sql_connect.cc:1347#16 0x00007fd9547df49c in handle_one_connection (arg=0x7fd94ae5b070) at 10.1/sql/sql_connect.cc:1258#17 0x00007fd954d94496 in pfs_spawn_thread (arg=0x7fd9514235f0) at 10.1/storage/perfschema/pfs.cc:1860#18 0x00007fd953da5b50 in start_thread (arg=<optimized out>) at pthread_create.c:304#19 0x00007fd951e3a70d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112