[MDEV-22319] SIGSEGV in handle_grant_table Created: 2020-04-21  Updated: 2020-04-21  Resolved: 2020-04-21

Status: Closed
Project: MariaDB Server
Component/s: Authentication and Privilege System
Affects Version/s: 10.1, 10.2, 10.3, 10.4, 10.5
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: Roel Van de Paar Assignee: Alexander Barkov
Resolution: Duplicate Votes: 0
Labels: None

Issue Links:
Duplicate
duplicates MDEV-22133 handle_fatal_signal (sig=11) on optim... Stalled

 Description    

RENAME TABLE mysql.procs_priv TO mysql.procs_priv_backup;
 
DROP USER a;

Leads to:

10.5.3 181f17c3cd4366f58d9efbff9d7556bb49742ed4

 
Core was generated by `/test/MD180420-mariadb-10.5.3-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
 
Program terminated with signal SIGSEGV, Segmentation fault.
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
 
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
 
[Current thread is 1 (Thread 0x7f25b8104700 (LWP 35112))]
 
(gdb) bt
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
 
#1  0x000056056958ce87 in my_write_core (sig=sig@entry=11) at /test/10.5_opt/mysys/stacktrace.c:518
 
#2  0x0000560568f4f2ca in handle_fatal_signal (sig=11) at /test/10.5_opt/sql/signal_handler.cc:329
 
#3  <signal handler called>
 
#4  handle_grant_table (thd=0x7f2589412018, grant_table=..., which_table=PROCS_PRIV_TABLE, drop=true, user_from=0x7f25894470b8, user_to=0x0) at /test/10.5_opt/sql/sql_acl.cc:9895
 
#5  0x0000560568cda699 in handle_grant_data (thd=thd@entry=0x7f2589412018, tables=..., drop=drop@entry=true, user_from=user_from@entry=0x7f25894470b8, user_to=0x0) at /test/10.5_opt/sql/sql_acl.cc:10464
 
#6  0x0000560568ce66c1 in mysql_drop_user (thd=thd@entry=0x7f2589412018, list=..., handle_as_role=false) at /test/10.5_opt/sql/sql_acl.cc:10841
 
#7  0x0000560568d59f9d in mysql_execute_command (thd=thd@entry=0x7f2589412018) at /test/10.5_opt/sql/sql_parse.cc:5262
 
#8  0x0000560568d60b9c in mysql_parse (thd=thd@entry=0x7f2589412018, rawbuf=<optimized out>, length=11, parser_state=parser_state@entry=0x7f25b81034d0, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_opt/sql/sql_parse.cc:7953
 
#9  0x0000560568d55a10 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7f2589412018, packet=packet@entry=0x7f258943a019 "DROP USER a", packet_length=packet_length@entry=11, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_opt/sql/sql_parse.cc:1839
 
#10 0x0000560568d53d2f in do_command (thd=0x7f2589412018) at /test/10.5_opt/sql/sql_parse.cc:1358
 
#11 0x0000560568e48d7e in do_handle_one_connection (connect=<optimized out>, connect@entry=0x7f25b5c329b8, put_in_cache=put_in_cache@entry=true) at /test/10.5_opt/sql/sql_connect.cc:1422
 
#12 0x0000560568e48f24 in handle_one_connection (arg=arg@entry=0x7f25b5c329b8) at /test/10.5_opt/sql/sql_connect.cc:1319
 
#13 0x00005605691b552a in pfs_spawn_thread (arg=0x7f25b5c4b018) at /test/10.5_opt/storage/perfschema/pfs.cc:2201
 
#14 0x00007f25b752b6db in start_thread (arg=0x7f25b8104700) at pthread_create.c:463
 
#15 0x00007f25b692988f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.1.45 (dbg), 10.1.45 (opt), 10.2.32 (dbg), 10.2.32 (opt), 10.3.23 (dbg), 10.3.23 (opt), 10.4.13 (dbg), 10.4.13 (opt), 10.5.2 (dbg), 10.5.2 (opt), 10.5.3 (dbg), 10.5.3 (opt)

Bug confirmed not present in:
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.47 (dbg), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)

MySQL 8.0.19 (dbg) output:

8.0.19>RENAME TABLE mysql.procs_priv TO mysql.procs_priv_backup;
 
Query OK, 0 rows affected (0.04 sec)
 
8.0.19>DROP USER a;
 
ERROR 1146 (42S02): Table 'mysql.procs_priv' doesn't exist



 Comments   
Comment by Roel Van de Paar [ 2020-04-21 ]

Hmm, duplicate of MDEV-22133 it seems.

Generated at Thu Feb 08 09:13:50 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.