Bug #119085 FLUSH PRIVILEGES crashes server after a column is dropped from mysql.servers table.
Submitted: 27 Sep 15:45 Modified: 28 Sep 15:54
Reporter: QiFan Liu Email Updates:
Status: Unsupported Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:9.4.0 OS:Linux
Assigned to: CPU Architecture:Any

[27 Sep 15:45] QiFan Liu 
Description:
Hey, I've found a server crash that can be reproduced by dropping a column from the mysql.servers system table and then running FLUSH PRIVILEGES.
While altering system tables is not a recommended practice, the server should handle this inconsistency with a graceful error rather than a crash.

Server version: 9.4.0 MySQL Community Server - GPL

Copyright (c) 2000, 2025, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> 
mysql> ALTER TABLE mysql.servers DROP COLUMN Owner;
.procs_priv VALUES (0);
CREATE ROLE r;
Query OK, 0 rows affected (0.044 sec)
Records: 0  Duplicates: 0  Warnings: 0

mysql> INSERT INTO mysql.servers VALUES (0,0,0,0,0,0,0,0);
Query OK, 1 row affected (0.010 sec)

mysql> FLUSH PRIVILEGES ;
imchifan@imchifan-vm:~$ 

call stack:
[force_exit_all] #0 0x5bc322f75f3d (_Z9get_fieldP8MEM_ROOTP5Field+0x5d)

How to repeat:
ALTER TABLE mysql.servers DROP COLUMN Owner;
INSERT INTO mysql.servers VALUES (0,0,0,0,0,0,0,0);
FLUSH PRIVILEGES ;
ALTER TABLE mysql.plugin DROP COLUMN dl;
INSTALL SONAME "ha_example" ;
CREATE OR REPLACE TABLE mysql.procs_priv (id INT );
INSERT INTO mysql.procs_priv VALUES (0);
CREATE ROLE r;
[28 Sep 15:48] MySQL Verification Team 
Changing the system table's structure is not supported.
IF you can get a crash without doing that, feel free to open a new bug.
[28 Sep 15:51] MySQL Verification Team 
For reference, the crash is:

2025-09-28T15:50:56.221515Z 0 [System] [MY-010931] [Server] C:\my\mysql-commercial-9.4.0-winx64\bin\mysqld.exe: ready for connections. Version: '9.4.0-commercial'  socket: ''  port: 3306  MySQL Enterprise Server - Commercial.
2025-09-28T15:51:00Z UTC - mysqld got exception 0xc0000005 ;
Most likely, you have hit a bug, but this error can also be caused by malfunctioning hardware.
Thread pointer: 0x21a88d9bf50
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
7ff6b42ebcf6    mysqld.exe!get_field()[table.cc:3680]
7ff6b440cad0    mysqld.exe!get_server_from_table_to_cache()[sql_servers.cc:376]
7ff6b440d2c8    mysqld.exe!servers_load()[sql_servers.cc:260]
7ff6b440d5b5    mysqld.exe!servers_reload()[sql_servers.cc:304]
7ff6b46fc297    mysqld.exe!handle_reload_request()[sql_reload.cc:169]
7ff6b4464260    mysqld.exe!mysql_execute_command()[sql_parse.cc:4267]
7ff6b445f965    mysqld.exe!dispatch_sql_command()[sql_parse.cc:5431]
7ff6b445ee29    mysqld.exe!dispatch_command()[sql_parse.cc:2151]
7ff6b445fd79    mysqld.exe!do_command()[sql_parse.cc:1492]
7ff6b4221d58    mysqld.exe!handle_connection()[connection_handler_per_thread.cc:304]
7ff6b5846b78    mysqld.exe!pfs_spawn_thread()[pfs.cc:3070]
7ff6b5250cfc    mysqld.exe!win_thread_start()[my_thread.cc:75]
7ffed89637b0    ucrtbase.dll!wcsrchr()
7ffed9c9e8d7    KERNEL32.DLL!BaseThreadInitThunk()
7ffedb088d9c    ntdll.dll!RtlUserThreadStart()

Trying to get some variables.
Some pointers may be invalid and cause the dump to abort.
Query (21aa97c0cf0): FLUSH PRIVILEGES
Connection ID (thread ID): 9
Status: NOT_KILLED

The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
information that should help you find out what is causing the crash.