Description:
Mysqld 4.1.3 compiled under FreeBSD-4.10 with linuxthreads 2.2.3 from packages crash after loading privilege tables... Normal mysql 4.1.3 (with freebsd native thread library) works OK. Albo mysql 4.1.2 with linuxthreads works OK...

----
# ./mysqld --verbose
040731 23:12:13  Warning: Can't open time zone table: Table 'mysql.time_zone_leap_second' doesn't exist trying to live without them
mysqld got signal 11;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help diagnose
the problem, but since we have already crashed, something is definitely wrong
and this may fail.

key_buffer_size=16777216
read_buffer_size=131072
max_used_connections=0
max_connections=256
threads_connected=0
It is possible that mysqld could use up to 
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_connections = 573438 K
bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

thd=0x956b000
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
Cannot determine thread, fp=0xbfbff338, backtrace may not be correct.
Stack range sanity check OK, backtrace follows:
0x80a5196
0x82e7d77
0x956e510
0x8290144
0x811b476
0x81052d6
0x8106d36
0x80a677b
0x8048146
0x2
New value of fp=0x0 failed sanity check, terminating stack trace!
Please read http://www.mysql.com/doc/en/Using_stack_trace.html and follow instructions on how to resolve the stack trace. Resolved
stack trace is much more helpful in diagnosing the problem, so please do 
resolve it
Trying to get some variables.
Some pointers may be invalid and cause the dump to abort...
thd->query at 0x0  is invalid pointer
thd->thread_id=0
The manual page at http://www.mysql.com/doc/en/Crashing.html contains
information that should help you find out what is causing the crash.

---
# gdb mysqld
GNU gdb 4.18 (FreeBSD)

(gdb) handle all nostop pass
(gdb) handle SIGSEGV stop
(gdb) r
Starting program: /data/src/mysql-4.1.3-beta/sql/mysqld 

Program received signal SIGUSR2, User defined signal 2.

Program received signal SIGUSR2, User defined signal 2.

Program received signal SIGUSR2, User defined signal 2.

Program received signal SIGUSR2, User defined signal 2.
040731 23:06:53  Warning: Can't open time zone table: Table 'mysql.time_zone_leap_second' doesn't exist trying to live without them

Program received signal SIGSEGV, Segmentation fault.
0x82e5d6a in __pthread_rwlock_rdlock (rwlock=0x956e510) at queue.h:26
26      queue.h: No such file or directory.
Current language:  auto; currently c
(gdb) where
#0  0x82e5d6a in __pthread_rwlock_rdlock (rwlock=0x956e510) at queue.h:26
#1  0x8290144 in mi_rnext (info=0x956f000, 
    buf=0x9574c10 "&#729;%", ' ' <repeats 59 times>, "homenet", ' ' <repeats 57 times>, "register        bilings", ' ' <repeats 52 times>..., inx=64) at mi_rnext.c:43
#2  0x811b476 in ha_myisam::index_next (this=0x9574900, 
    buf=0x9574c10 "&#729;%", ' ' <repeats 59 times>, "homenet", ' ' <repeats 57 times>, "register        bilings", ' ' <repeats 52 times>...) at ha_myisam.cc:1096
#3  0x81052d6 in GRANT_TABLE::GRANT_TABLE (this=0x959d010, form=0x9572000, col_privs=0x956d000) at sql_acl.cc:1816
#4  0x8106d36 in grant_init (org_thd=0x0) at sql_acl.cc:2567
#5  0x80a677b in main (argc=1, argv=0xbfbffba4) at mysqld.cc:2883

(gdb) p *rwlock
$1 = {__rw_lock = {__status = 139425953, __spinlock = 156679312}, __rw_readers = 156631077, __rw_writer = 0x0, 
  __rw_read_waiting = 0x616d6f64, __rw_write_waiting = 0x736e69, __rw_kind = 1936614512, __rw_pshared = 156679680}

(gdb) p *rwlock->__rw_read_waiting
Error accessing memory address 0x616d6f64: Bad address.

(gdb) p *rwlock->__rw_write_waiting
Error accessing memory address 0x736e69: Bad address.

### So rwlock passed to __pthread_rwlock_rdlock by mi_rnext is invalid...

(gdb) frame 1
#1  0x8290144 in mi_rnext (info=0x956f000, 
    buf=0x9574c10 "&#729;%", ' ' <repeats 59 times>, "homenet", ' ' <repeats 57 times>, "register        bilings", ' ' <repeats 52 times>..., inx=64) at mi_rnext.c:43
43          rw_rdlock(&info->s->key_root_lock[inx]);

(gdb) p inx
$2 = 64

(gdb) p *info->s
$4 = {state = {header = {file_version = "&#355;&#355;\a\001", options = "\000\002", header_length = "\001&#354;", state_info_length = "\000°", 
      base_info_length = "\000d", base_pos = "\000Ü", key_parts = "\000\005", unique_key_parts = "\000", keys = 1 '\001', 
      uniques = 0 '\000', language = 9 '\t', max_block_size = 2 '\002', fulltext_keys = 0 '\000', not_used = 0 '\000'}, state = {
      records = 43, del = 0, empty = 0, key_empty = 0, key_file_length = 3072, data_file_length = 11782}, split = 43, 
    dellink = 18446744073709551615, auto_increment = 0, process = 13659, unique = 13, update_count = 1, status = 0, 
    rec_per_key_part = 0x956da98, key_root = 0x956dcf8, key_del = 0x956dd00, rec_per_key_rows = 0, sec_index_changed = 0, 
    sec_index_used = 0, key_map = 1, checksum = 0, version = 1091194521, create_time = 1091194521, recover_time = 0, 
    check_time = 0, sortkey = 4294967295, open_count = 0, changed = 57 '9', state_diff_length = 0, state_length = 220, 
    key_info = 0x0}, base = {keystart = 1024, max_data_file_length = 1176821039103, max_key_file_length = 17179868160, 
    margin_key_file_length = 17179851776, records = 0, reloc = 0, mean_row_length = 0, reclength = 274, pack_reclength = 274, 
    min_pack_length = 274, max_pack_length = 274, min_block_length = 20, fields = 8, pack_fields = 0, rec_reflength = 4, 
    key_reflength = 3, keys = 1, auto_key = 0, blobs = 0, pack_bits = 0, max_key_block_length = 2048, max_key_length = 288, 
    extra_alloc_bytes = 0, extra_alloc_procent = 0, raid_type = 0, raid_chunks = 0, raid_chunksize = 0, key_parts = 5, 
    all_key_parts = 5}, ft2_keyinfo = {keysegs = 0, flag = 0, key_alg = 0 '\000', block_length = 0, underflow_block_length = 0, 
    keylength = 0, minlength = 0, maxlength = 0, block_size = 0, version = 0, seg = 0x0, end = 0x0, bin_search = 0, get_key = 0, 
    pack_key = 0, store_key = 0, ck_insert = 0, ck_delete = 0}, keyinfo = 0x956dab0, uniqueinfo = 0x956dae8, keyparts = 0x956dae8, 
  rec = 0x956db78, pack = {header_length = 0, ref_length = 0}, blobs = 0x956dc98, 
  unique_file_name = 0x956dc98 "/var/mysql/columns_priv.MYI", data_file_name = 0x956dcd8 "./mysql/columns_priv.MYD", 
  index_file_name = 0x956dcb8 "./mysql/columns_priv.MYI", file_map = 0x0, key_cache = 0x8528000, decode_trees = 0x0, 
  decode_tables = 0x0, read_record = 0x82950cc <_mi_read_static_record>, write_record = 0x8294c0c <_mi_write_static_record>, 
  update_record = 0x8294ec0 <_mi_update_static_record>, delete_record = 0x8294f0c <_mi_delete_static_record>, 
  read_rnd = 0x82951c8 <_mi_read_rnd_static_record>, compare_record = 0x8294fa8 <_mi_cmp_static_record>, calc_checksum = 0, 
  compare_unique = 0x8295060 <_mi_cmp_static_unique>, invalidator = 0, this_process = 95019, last_process = 13659, 
  last_version = 1091194521, options = 2, min_pack_length = 0, max_pack_length = 0, state_diff_length = 0, rec_reflength = 4, 
  unique_name_length = 27, kfile = 14, data_file = 0, mode = 2, reopen = 1, w_locks = 0, r_locks = 1, tot_locks = 1, 
  blocksize = 1024, write_flag = 36, data_file_type = STATIC_RECORD, changed = 0 '\000', global_changed = 0 '\000', 
  not_flushed = 0 '\000', temporary = 0 '\000', delay_key_write = 0 '\000', concurrent_insert = 1 '\001', lock = {list = {
      prev = 0x0, next = 0x9576a20, data = 0x956da20}, mutex = {__m_reserved = 0, __m_count = 0, __m_owner = 0x0, __m_kind = 0, 
      __m_lock = {__status = 0, __spinlock = 0}}, read_wait = {data = 0x0, last = 0x956da44}, read = {data = 0x956f1cc, 
      last = 0x956f1d0}, write_wait = {data = 0x0, last = 0x956da54}, write = {data = 0x0, last = 0x956da5c}, 
    write_lock_count = 0, read_no_write_count = 0, get_status = 0x8294624 <mi_get_status>, 
    copy_status = 0x82946ac <mi_copy_status>, update_status = 0x8294648 <mi_update_status>, 
    check_status = 0x82946c0 <mi_check_status>}, intern_lock = {__m_reserved = 0, __m_count = 0, __m_owner = 0x0, __m_kind = 0, 
    __m_lock = {__status = 0, __spinlock = 0}}, key_root_lock = 0x956dd10}

How to repeat:
start mysqld 4.1.3 with linuxthreads under freebsd-4.10 :>

Just to make that sure: the bug appears also on Linux (Kernel 2.6.5), not only on FreeBSD!

I could be wrong, but it looks like this is the same issue as for #4407 
Could you please try the last patch from the link below? 
http://bugs.mysql.com/bug.php?id=4407

POSITIVE: the given patch at the very bottom (sys_acl.cc) fixes my server and as far as my first checks are concerned everything is working quite well. Thanks!

Also for me this patch works OK ;-)
Thanks...

Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.

If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information 
about accessing the source trees is available at
    http://www.mysql.com/doc/en/Installing_source_tree.html