Bug #83118 handle_fatal_signal (sig=11) in replace_user_table
Submitted: 23 Sep 2016 4:59 Modified: 9 Jan 2017 21:18
Reporter: Roel Van de Paar Email Updates:
Status: Closed Impact on me:
Category:MySQL Server: Security: Privileges Severity:S1 (Critical)
Version:8.0-dmr OS:Any
Assigned to: CPU Architecture:Any

[23 Sep 2016 4:59] Roel Van de Paar
#0  0x00007f7e6d166741 in __pthread_kill (threadid=<optimized out>, signo=11) at ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c:61
#1  0x00000000023fc1b9 in my_write_core (sig=11) at /git/MS8.0_dbg/mysys/stacktrace.cc:275
#2  0x0000000001b517ed in handle_fatal_signal (sig=11) at /git/MS8.0_dbg/sql/signal_handler.cc:219
#3  <signal handler called>
#4  0x0000000001c05265 in replace_user_table (thd=0x7f7e3a419000, table=0x7f7e3a471c20, combo=0x7f7e3a42d9b0, rights=2147482623, revoke_grant=false, can_create_user=true, what_to_replace=33) at /git/MS8.0_dbg/sql/auth/sql_user_table.cc:915
#5  0x0000000001bdaf42 in mysql_grant (thd=0x7f7e3a419000, db=0x0, list=..., rights=2147482623, revoke_grant=false, is_proxy=false) at /git/MS8.0_dbg/sql/auth/sql_authorization.cc:3332
#6  0x0000000001872175 in mysql_execute_command (thd=0x7f7e3a419000, first_level=true) at /git/MS8.0_dbg/sql/sql_parse.cc:3818
#7  0x0000000001875c14 in mysql_parse (thd=0x7f7e3a419000, parser_state=0x7f7e6d7594e0) at /git/MS8.0_dbg/sql/sql_parse.cc:5233
#8  0x000000000186c3b8 in dispatch_command (thd=0x7f7e3a419000, com_data=0x7f7e6d759c70, command=COM_QUERY) at /git/MS8.0_dbg/sql/sql_parse.cc:1481
#9  0x000000000186b244 in do_command (thd=0x7f7e3a419000) at /git/MS8.0_dbg/sql/sql_parse.cc:1043
#10 0x0000000001b43af1 in handle_connection (arg=0x7f7e39d6d080) at /git/MS8.0_dbg/sql/conn_handler/connection_handler_per_thread.cc:301
#11 0x000000000242bf29 in pfs_spawn_thread (arg=0x7f7e39de4e20) at /git/MS8.0_dbg/storage/perfschema/pfs.cc:2282
#12 0x00007f7e6d161dc5 in start_thread (arg=0x7f7e6d75a700) at pthread_create.c:308
#13 0x00007f7e6b5beced in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

How to repeat:
# mysqld options required for replay:  --sql_mode=
ALTER TABLE mysql.user DROP COLUMN account_locked;
GRANT ALL PRIVILEGES ON *.* to 'root0'@0;
[23 Sep 2016 7:21] MySQL Verification Team
Hello Roel,

Thank you for the report and test case.
Observed that 8.0 release build is affected.

[28 Nov 2016 10:37] Arun Kuruvila
Posted by developer:
Fixed as part of the patch provided for Bug #23295423.
[6 Dec 2016 5:28] Roel Van de Paar
Which version was this fixed in please?
[9 Jan 2017 21:18] Roel Van de Paar
Which version was this fixed in please?