[MDEV-22884] Assertion `grant_table || grant_table_role' failed on perfschema Created: 2020-06-13  Updated: 2020-06-14  Resolved: 2020-06-13

Status: Closed
Project: MariaDB Server
Component/s: Authentication and Privilege System, Debug, Performance Schema
Affects Version/s: 10.5
Fix Version/s: 10.5.4

Type: Bug Priority: Major
Reporter: Roel Van de Paar Assignee: Sergei Golubchik
Resolution: Fixed Votes: 0
Labels: not-10.1, not-10.2, not-10.3, not-10.4, regression

Issue Links:
Relates
relates to MDEV-21560 Assertion `grant_table || grant_table... Closed

 Description    

USE test;
 
RENAME USER CURRENT_USER TO 'a'@'a';
 
CREATE TABLE t (c INT);
 
GRANT INSERT ON *.* TO CURRENT_USER() IDENTIFIED BY 'a';
 
SET ROLE NONE;
 
INSERT INTO t SELECT * FROM performance_schema.global_status WHERE variable_name='b';

Leads to:

10.5.4 6877ef9a7c9c7ee55d67e4baaf4e8f7b874c9f89

 
mysqld: /test/10.5_dbg/sql/sql_acl.cc:8459: bool check_grant_all_columns(THD*, privilege_t, Field_iterator_table_ref*): Assertion `grant_table || grant_table_role' failed.

10.5.4 6877ef9a7c9c7ee55d67e4baaf4e8f7b874c9f89

 
Core was generated by `/test/MD060620-mariadb-10.5.4-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
 
Program terminated with signal SIGABRT, Aborted.
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
 
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
 
[Current thread is 1 (Thread 0x149f85c9c700 (LWP 1333305))]
 
(gdb) bt
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
 
#1  0x0000560a635cd00d in my_write_core (sig=sig@entry=6) at /test/10.5_dbg/mysys/stacktrace.c:518
 
#2  0x0000560a62d76bbc in handle_fatal_signal (sig=6) at /test/10.5_dbg/sql/signal_handler.cc:330
 
#3  <signal handler called>
 
#4  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
 
#5  0x0000149f8e5cf801 in __GI_abort () at abort.c:79
 
#6  0x0000149f8e5bf39a in __assert_fail_base (fmt=0x149f8e7467d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x560a637331f8 "grant_table || grant_table_role", file=file@entry=0x560a63734157 "/test/10.5_dbg/sql/sql_acl.cc", line=line@entry=8459, function=function@entry=0x560a637365c0 <check_grant_all_columns(THD*, privilege_t, Field_iterator_table_ref*)::__PRETTY_FUNCTION__> "bool check_grant_all_columns(THD*, privilege_t, Field_iterator_table_ref*)") at assert.c:92
 
#7  0x0000149f8e5bf412 in __GI___assert_fail (assertion=assertion@entry=0x560a637331f8 "grant_table || grant_table_role", file=file@entry=0x560a63734157 "/test/10.5_dbg/sql/sql_acl.cc", line=line@entry=8459, function=function@entry=0x560a637365c0 <check_grant_all_columns(THD*, privilege_t, Field_iterator_table_ref*)::__PRETTY_FUNCTION__> "bool check_grant_all_columns(THD*, privilege_t, Field_iterator_table_ref*)") at assert.c:101
 
#8  0x0000560a62a25b9d in check_grant_all_columns (thd=thd@entry=0x149f6cc15088, want_access_arg=want_access_arg@entry=SELECT_ACL, fields=fields@entry=0x149f85c9a420) at /test/10.5_dbg/sql/sql_acl.cc:8459
 
#9  0x0000560a62a524f3 in insert_fields (thd=thd@entry=0x149f6cc15088, context=<optimized out>, db_name=0x0, table_name=0x0, it=it@entry=0x149f85c9a800, any_privileges=any_privileges@entry=false, hidden_bit_fields=0x149f6cc74be8) at /test/10.5_dbg/sql/sql_base.cc:8025
 
#10 0x0000560a62a52e94 in setup_wild (thd=0x149f6cc15088, tables=<optimized out>, fields=@0x149f6cc74a28: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x149f6cc74e88, last = 0x149f6cc74e88, elements = 1}, <No data fields>}, sum_func_list=sum_func_list@entry=0x149f6cc778c0, select_lex=0x149f6cc748d8) at /test/10.5_dbg/sql/sql_base.cc:7475
 
#11 0x0000560a62b3bedb in JOIN::prepare (this=this@entry=0x149f6cc77598, tables_init=tables_init@entry=0x149f6cc74ef8, conds_init=conds_init@entry=0x149f6cc757d0, og_num=og_num@entry=0, order_init=order_init@entry=0x0, skip_order_by=skip_order_by@entry=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x149f6cc748d8, unit_arg=0x149f6cc190a0) at /test/10.5_dbg/sql/sql_select.cc:1237
 
#12 0x0000560a62b495a1 in mysql_select (thd=thd@entry=0x149f6cc15088, tables=0x149f6cc74ef8, fields=@0x149f6cc74a28: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x149f6cc74e88, last = 0x149f6cc74e88, elements = 1}, <No data fields>}, conds=0x149f6cc757d0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2202244745984, result=0x149f6cc774e0, unit=0x149f6cc190a0, select_lex=0x149f6cc748d8) at /test/10.5_dbg/sql/sql_select.cc:4645
 
#13 0x0000560a62b499a3 in handle_select (thd=thd@entry=0x149f6cc15088, lex=lex@entry=0x149f6cc18fd8, result=result@entry=0x149f6cc774e0, setup_tables_done_option=setup_tables_done_option@entry=1073741824) at /test/10.5_dbg/sql/sql_select.cc:417
 
#14 0x0000560a62ace531 in mysql_execute_command (thd=thd@entry=0x149f6cc15088) at /test/10.5_dbg/sql/sql_parse.cc:4699
 
#15 0x0000560a62ad9322 in mysql_parse (thd=thd@entry=0x149f6cc15088, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x149f85c9b350, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:7992
 
#16 0x0000560a62ac5e1c in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x149f6cc15088, packet=packet@entry=0x149f6cc67089 "INSERT INTO t SELECT * FROM performance_schema.global_status WHERE variable_name='b'", packet_length=packet_length@entry=84, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:1874
 
#17 0x0000560a62ac45f6 in do_command (thd=0x149f6cc15088) at /test/10.5_dbg/sql/sql_parse.cc:1355
 
#18 0x0000560a62c1f9f9 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x149f6fd15808, put_in_cache=put_in_cache@entry=true) at /test/10.5_dbg/sql/sql_connect.cc:1411
 
#19 0x0000560a62c20115 in handle_one_connection (arg=arg@entry=0x149f6fd15808) at /test/10.5_dbg/sql/sql_connect.cc:1313
 
#20 0x0000560a6307f104 in pfs_spawn_thread (arg=0x149f8d045888) at /test/10.5_dbg/storage/perfschema/pfs.cc:2201
 
#21 0x0000149f8f2b26db in start_thread (arg=0x149f85c9c700) at pthread_create.c:463
 
#22 0x0000149f8e6b088f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.5.4 (dbg)

Bug confirmed not present in:
MariaDB: 10.1.46 (dbg), 10.1.46 (opt), 10.2.33 (dbg), 10.2.33 (opt), 10.3.24 (dbg), 10.3.24 (opt), 10.4.14 (dbg), 10.4.14 (opt), 10.5.4 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.47 (dbg), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)

 Comments   
Comment by Roel Van de Paar [ 2020-06-13 ]

May or may not be related to MDEV-21560.

Perhaps look at fixing both at same time (same assert/location, very different testcase, and this issue is 10.5.4 only)?

Comment by Roel Van de Paar [ 2020-06-13 ]

This issue does not seem to reproduce anymore on 10.5.4 at revision 07d1c8567cbfe94398a9857c47fb9919cad42651. Perhaps a relevant change was made?

Comment by Roel Van de Paar [ 2020-06-13 ]

Secondary testcase, also reproduces on 6877ef9a7c9c7ee55d67e4baaf4e8f7b874c9f89 and not 07d1c8567cbfe94398a9857c47fb9919cad42651 alike to the testcase above.

SET SQL_MODE='';
 
CREATE TABLE t(c INT) ENGINE=InnoDB;
 
DROP USER CURRENT_USER();
 
GRANT INSERT ON *.* TO CURRENT_USER();
 
SET ROLE NONE;
 
INSERT INTO t VALUES (0);
 
SELECT * FROM performance_schema.session_status;

Generated at Thu Feb 08 09:18:12 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.