|
There is an additional regression in 10.4:
RENAME TABLE mysql.user TO mysql.user_bak;
|
DROP TABLE mysql.global_priv;
|
CREATE TABLE mysql.user (HOST CHAR,USER CHAR);
|
CREATE USER m@localhost;
|
Leads to:
|
10.9.0 0b14dbd45b5a1c02616d611876158d44b92b77bf (Optimized)
|
Core was generated by `/test/MD030522-mariadb-10.9.0-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x0000557ad254d652 in replace_user_table (thd=0x14db8c000c58,
|
user_table=..., combo=0x14db8c010770, rights=NO_ACL,
|
revoke_grant=<optimized out>, can_create_user=<optimized out>,
|
no_auto_create=false) at /test/10.9_opt/sql/sql_acl.cc:4575
|
[Current thread is 1 (Thread 0x14dc34189700 (LWP 1219118))]
|
(gdb) bt
|
#0 0x0000557ad254d652 in replace_user_table (thd=0x14db8c000c58, user_table=@0x14dc34187e48: {<Grant_table_base> = {min_columns = 13, start_priv_columns = 0, end_priv_columns = 2, m_table = 0x557ad4c9db08}, _vptr.User_table = 0x557ad3468ae8 <vtable for User_table_tabular+16>}, combo=0x14db8c010770, rights=NO_ACL, revoke_grant=<optimized out>, can_create_user=<optimized out>, no_auto_create=false) at /test/10.9_opt/sql/sql_acl.cc:4575
|
#1 0x0000557ad2556939 in mysql_create_user (thd=thd@entry=0x14db8c000c58, list=@0x14db8c005b48: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14db8c010798, last = 0x14db8c010798, elements = 1}, <No data fields>}, handle_as_role=false) at /test/10.9_opt/sql/sql_acl.cc:10911
|
#2 0x0000557ad25e6a82 in mysql_execute_command (thd=0x14db8c000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.9_opt/sql/sql_parse.cc:5338
|
#3 0x0000557ad25d6a55 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x14db8c000c58) at /test/10.9_opt/sql/sql_parse.cc:8046
|
#4 mysql_parse (thd=0x14db8c000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.9_opt/sql/sql_parse.cc:7968
|
#5 0x0000557ad25e271a in dispatch_command (command=COM_QUERY, thd=0x14db8c000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.9_opt/sql/sql_class.h:1364
|
#6 0x0000557ad25e4642 in do_command (thd=0x14db8c000c58, blocking=blocking@entry=true) at /test/10.9_opt/sql/sql_parse.cc:1408
|
#7 0x0000557ad26f95bf in do_handle_one_connection (connect=<optimized out>, connect@entry=0x557ad4cecd48, put_in_cache=put_in_cache@entry=true) at /test/10.9_opt/sql/sql_connect.cc:1418
|
#8 0x0000557ad26f989d in handle_one_connection (arg=0x557ad4cecd48) at /test/10.9_opt/sql/sql_connect.cc:1312
|
#9 0x000014dc4dbce609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#10 0x000014dc4d7ba133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
|
10.9.0 0b14dbd45b5a1c02616d611876158d44b92b77bf (Debug)
|
Core was generated by `/test/MD030522-mariadb-10.9.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x00005565382d6ec8 in replace_user_table (thd=thd@entry=0x14b00c000db8,
|
user_table=..., combo=combo@entry=0x14b00c013c90,
|
rights=rights@entry=NO_ACL, revoke_grant=revoke_grant@entry=false,
|
can_create_user=can_create_user@entry=true, no_auto_create=false)
|
at /test/10.9_dbg/sql/sql_acl.cc:4575
|
[Current thread is 1 (Thread 0x14b0c00e5700 (LWP 1219635))]
|
(gdb) bt
|
#0 0x00005565382d6ec8 in replace_user_table (thd=thd@entry=0x14b00c000db8, user_table=@0x14b0c00e3e28: {<Grant_table_base> = {min_columns = 13, start_priv_columns = 0, end_priv_columns = 2, m_table = 0x14b00c078cb8}, _vptr.User_table = 0x556539654808 <vtable for User_table_tabular+16>}, combo=combo@entry=0x14b00c013c90, rights=rights@entry=NO_ACL, revoke_grant=revoke_grant@entry=false, can_create_user=can_create_user@entry=true, no_auto_create=false) at /test/10.9_dbg/sql/sql_acl.cc:4575
|
#1 0x00005565382dc6fe in mysql_create_user (thd=thd@entry=0x14b00c000db8, list=@0x14b00c005e68: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14b00c013cb8, last = 0x14b00c013cb8, elements = 1}, <No data fields>}, handle_as_role=<optimized out>) at /test/10.9_dbg/sql/sql_acl.cc:10911
|
#2 0x0000556538384315 in mysql_execute_command (thd=thd@entry=0x14b00c000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.9_dbg/sql/sql_parse.cc:5338
|
#3 0x000055653836e67b in mysql_parse (thd=thd@entry=0x14b00c000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14b0c00e4470) at /test/10.9_dbg/sql/sql_parse.cc:8046
|
#4 0x000055653837bf79 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14b00c000db8, packet=packet@entry=0x14b00c00b699 "CREATE USER m@localhost", packet_length=packet_length@entry=23, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_class.h:1364
|
#5 0x000055653837e686 in do_command (thd=0x14b00c000db8, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_parse.cc:1408
|
#6 0x00005565384dbd02 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55653a97cc18, put_in_cache=put_in_cache@entry=true) at /test/10.9_dbg/sql/sql_connect.cc:1418
|
#7 0x00005565384dc20b in handle_one_connection (arg=0x55653a97cc18) at /test/10.9_dbg/sql/sql_connect.cc:1312
|
#8 0x000014b0e799b609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#9 0x000014b0e7587133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Bug confirmed present in:
MariaDB: 10.4.25 (dbg), 10.4.25 (opt), 10.5.16 (dbg), 10.5.16 (opt), 10.6.8 (dbg), 10.6.8 (opt), 10.7.4 (dbg), 10.7.4 (opt), 10.8.3 (dbg), 10.8.3 (opt), 10.9.0 (dbg), 10.9.0 (opt)
Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.3.35 (dbg), 10.3.35 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.37 (dbg), 5.7.37 (opt), 8.0.28 (dbg), 8.0.28 (opt)
In 10.3 we can also see a 168 "Unknown (generic) error from engine" error with a modified testcase (and there is no global_priv table):
DROP TABLE mysql.user;
|
CREATE TABLE mysql.user (HOST CHAR,USER CHAR);
|
CREATE USER m@localhost;
|
Leads to:
|
10.3.35 6a2d88c132221ea07dd322060089c85ff5e469b5 (Debug)
|
10.3.35-dbg>DROP TABLE mysql.user;
|
Query OK, 0 rows affected (0.003 sec)
|
|
10.3.35-dbg>CREATE TABLE mysql.user (HOST CHAR,USER CHAR);
|
ERROR 1005 (HY000): Can't create table `mysql`.`user` (errno: 168 "Unknown (generic) error from engine")
|
|
10.3.35-dbg>CREATE USER m@localhost;
|
ERROR 1146 (42S02): Table 'mysql.user' doesn't exist
|
|
|
Additional testcase which looks related to both this ticket and MDEV-26716:
RENAME TABLE mysql.user TO mysql.user_bak;
|
CREATE TABLE mysql.user (HOST CHAR,USER INT) ENGINE=InnoDB;
|
DROP TABLE mysql.global_priv;
|
GRANT PROXY ON a TO b;
|
Leads to:
|
10.11.0 fe1f8f2c6b6f3b8e3383168225f9ae7853028947 (Optimized, UBASAN)
|
2022-10-15 13:09:16 0 [Note] /test/UBASAN_MD010922-mariadb-10.11.0-linux-x86_64-opt/bin/mysqld: ready for connections.
|
Version: '10.11.0-MariaDB' socket: '/test/UBASAN_MD010922-mariadb-10.11.0-linux-x86_64-opt/socket.sock' port: 11063 MariaDB Server
|
/test/10.11_opt_san/sql/sql_acl.cc:4643:11: runtime error: member access within null pointer of type 'struct KEY'
|
#0 0x55a310f6e706 in replace_user_table /test/10.11_opt_san/sql/sql_acl.cc:4643
|
#1 0x55a310fa8039 in mysql_grant(THD*, char const*, List<LEX_USER>&, privilege_t, bool, bool) /test/10.11_opt_san/sql/sql_acl.cc:7805
|
#2 0x55a310faf360 in Sql_cmd_grant_proxy::execute(THD*) /test/10.11_opt_san/sql/sql_acl.cc:12132
|
#3 0x55a31142e184 in mysql_execute_command(THD*, bool) /test/10.11_opt_san/sql/sql_parse.cc:5997
|
#4 0x55a3113bd500 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.11_opt_san/sql/sql_parse.cc:8035
|
#5 0x55a3114120ff in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/10.11_opt_san/sql/sql_parse.cc:1894
|
#6 0x55a31141d3fd in do_command(THD*, bool) /test/10.11_opt_san/sql/sql_parse.cc:1407
|
#7 0x55a311d064cd in do_handle_one_connection(CONNECT*, bool) /test/10.11_opt_san/sql/sql_connect.cc:1418
|
#8 0x55a311d08b3c in handle_one_connection /test/10.11_opt_san/sql/sql_connect.cc:1312
|
#9 0x1525de6cf608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477
|
#10 0x1525dd944132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132)
|
|
221015 13:09:30 [ERROR] mysqld got signal 11 ;
|
And:
|
10.11.0 6ebdd3013a18b01dbecec76b870810329eb76586 (Debug)
|
Core was generated by `/test/MD190922-mariadb-10.11.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x000055d2a47fb57b in replace_user_table (thd=thd@entry=0x147a5c000d48,
|
user_table=..., combo=combo@entry=0x147a5c013378,
|
rights=rights@entry=NO_ACL, revoke_grant=revoke_grant@entry=false,
|
can_create_user=can_create_user@entry=true, no_auto_create=true)
|
at /test/10.11_dbg/sql/sql_acl.cc:4646
|
[Current thread is 1 (Thread 0x147b181ae700 (LWP 1373200))]
|
(gdb) bt
|
#0 0x000055d2a47fb57b in replace_user_table (thd=thd@entry=0x147a5c000d48, user_table=@0x147b181abb98: {<Grant_table_base> = {min_columns = 13, start_priv_columns = 0, end_priv_columns = 2, m_table = 0x55d2a8b06b88}, _vptr.User_table = 0x55d2a5c21ae8 <vtable for User_table_tabular+16>}, combo=combo@entry=0x147a5c013378, rights=rights@entry=NO_ACL, revoke_grant=revoke_grant@entry=false, can_create_user=can_create_user@entry=true, no_auto_create=true) at /test/10.11_dbg/sql/sql_acl.cc:4646
|
#1 0x000055d2a480ad2d in mysql_grant (thd=thd@entry=0x147a5c000d48, db=db@entry=0x0, list=@0x147a5c005e18: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x147a5c0132f8, last = 0x147a5c0132e8, elements = 2}, <No data fields>}, rights=NO_ACL, revoke_grant=false, is_proxy=is_proxy@entry=true) at /test/10.11_dbg/sql/sql_acl.cc:2040
|
#2 0x000055d2a480b0a8 in Sql_cmd_grant_proxy::execute (this=0x147a5c013308, thd=0x147a5c000d48) at /test/10.11_dbg/sql/sql_acl.h:317
|
#3 0x000055d2a48ada7b in mysql_execute_command (thd=thd@entry=0x147a5c000d48, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.11_dbg/sql/sql_parse.cc:5997
|
#4 0x000055d2a489603c in mysql_parse (thd=thd@entry=0x147a5c000d48, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x147b181ad330) at /test/10.11_dbg/sql/sql_parse.cc:8037
|
#5 0x000055d2a48a366d in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x147a5c000d48, packet=packet@entry=0x147a5c00aed9 "GRANT PROXY ON a TO b", packet_length=packet_length@entry=21, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_class.h:1345
|
#6 0x000055d2a48a5d97 in do_command (thd=0x147a5c000d48, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_parse.cc:1407
|
#7 0x000055d2a4a09fb9 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55d2a8b99be8, put_in_cache=put_in_cache@entry=true) at /test/10.11_dbg/sql/sql_connect.cc:1416
|
#8 0x000055d2a4a0a4c3 in handle_one_connection (arg=0x55d2a8b99be8) at /test/10.11_dbg/sql/sql_connect.cc:1318
|
#9 0x0000147b46e46609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#10 0x0000147b46a32133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
|
10.4.27 3e3cfa893481abe9524a1657c4246fa9f91d4826 (Optimized)
|
Core was generated by `/test/MD190922-mariadb-10.4.27-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x0000557526f10d9f in replace_user_table (thd=thd@entry=0x150458000c48,
|
user_table=..., combo=combo@entry=0x15045800ffc0, rights=rights@entry=0,
|
revoke_grant=<optimized out>, can_create_user=<optimized out>,
|
no_auto_create=true) at /test/10.4_opt/sql/sql_acl.cc:4502
|
[Current thread is 1 (Thread 0x1504a009a700 (LWP 1788490))]
|
(gdb) bt
|
#0 0x0000557526f10d9f in replace_user_table (thd=thd@entry=0x150458000c48, user_table=@0x1504a0096bd8: {<Grant_table_base> = {min_columns = 13, start_priv_columns = 0, end_priv_columns = 2, m_table = 0x150458044c88}, _vptr.User_table = 0x557527ddb5d0 <vtable for User_table_tabular+16>}, combo=combo@entry=0x15045800ffc0, rights=rights@entry=0, revoke_grant=<optimized out>, can_create_user=<optimized out>, no_auto_create=true) at /test/10.4_opt/sql/sql_acl.cc:4502
|
#1 0x0000557526f23367 in mysql_grant (thd=thd@entry=0x150458000c48, db=0x0, list=@0x1504580056c8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15045800ff58, last = 0x15045800ff48, elements = 2}, <No data fields>}, rights=0, revoke_grant=false, is_proxy=true) at /test/10.4_opt/sql/sql_acl.cc:1915
|
#2 0x0000557526f98115 in mysql_execute_command (thd=0x150458000c48) at /test/10.4_opt/sql/sql_parse.cc:5441
|
#3 0x0000557526f99de2 in mysql_parse (thd=0x150458000c48, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.4_opt/sql/sql_parse.cc:7996
|
#4 0x0000557526f9c79a in dispatch_command (command=COM_QUERY, thd=0x150458000c48, packet=<optimized out>, packet_length=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.4_opt/sql/sql_class.h:1207
|
#5 0x0000557526f9e2ef in do_command (thd=0x150458000c48) at /test/10.4_opt/sql/sql_parse.cc:1378
|
#6 0x0000557527089cde in do_handle_one_connection (connect=0x55752a05df38) at /test/10.4_opt/sql/sql_connect.cc:1420
|
#7 0x0000557527089d6d in handle_one_connection (arg=<optimized out>) at /test/10.4_opt/sql/sql_connect.cc:1324
|
#8 0x00001504bafdd609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#9 0x00001504babc9133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Bug confirmed present in:
MariaDB: 10.4.27 (dbg), 10.4.27 (opt), 10.5.18 (dbg), 10.5.18 (opt), 10.6.10 (dbg), 10.6.10 (opt), 10.7.6 (dbg), 10.7.6 (opt), 10.8.5 (dbg), 10.8.5 (opt), 10.9.3 (dbg), 10.9.3 (opt), 10.10.2 (dbg), 10.10.2 (opt), 10.11.0 (dbg), 10.11.0 (opt)
Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.3.37 (dbg), 10.3.37 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.38 (dbg), 5.7.38 (opt), 8.0.29 (dbg), 8.0.29 (opt)
|