Bug #83738 Assertion `! is_set()' failed.
Submitted: 8 Nov 2016 9:23 Modified: 23 Jan 2019 11:51
Reporter: Roel Van de Paar Email Updates:
Status: Unsupported Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S2 (Serious)
Version:5.5, 5.5.53 OS:Any
Assigned to: CPU Architecture:Any

[8 Nov 2016 9:23] Roel Van de Paar 
Description:
+bt
#0  0x00007f0bacb0d741 in __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c:61
#1  0x00000000007e0548 in my_write_core (sig=6) at /git/mysql-server_dbg/mysys/stacktrace.c:433
#2  0x00000000006a3598 in handle_fatal_signal (sig=6) at /git/mysql-server_dbg/sql/signal_handler.cc:247
#3  <signal handler called>
#4  0x00007f0bab2c25f7 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#5  0x00007f0bab2c3ce8 in __GI_abort () at abort.c:90
#6  0x00007f0bab2bb566 in __assert_fail_base (fmt=0x7f0bab40bce8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0xa4d131 "! is_set()", file=file@entry=0xa4d1f8 "/git/mysql-server_dbg/sql/sql_error.cc", line=line@entry=358, function=function@entry=0xa4d540 <Diagnostics_area::set_ok_status(THD*, unsigned long long, unsigned long long, char const*)::__PRETTY_FUNCTION__> "void Diagnostics_area::set_ok_status(THD*, ulonglong, ulonglong, const char*)") at assert.c:92
#7  0x00007f0bab2bb612 in __GI___assert_fail (assertion=0xa4d131 "! is_set()", file=0xa4d1f8 "/git/mysql-server_dbg/sql/sql_error.cc", line=358, function=0xa4d540 <Diagnostics_area::set_ok_status(THD*, unsigned long long, unsigned long long, char const*)::__PRETTY_FUNCTION__> "void Diagnostics_area::set_ok_status(THD*, ulonglong, ulonglong, const char*)") at assert.c:101
#8  0x000000000056fb60 in Diagnostics_area::set_ok_status (this=0x7f0b9e78bbf8, thd=thd@entry=0x7f0b9e789000, affected_rows_arg=affected_rows_arg@entry=0, last_insert_id_arg=last_insert_id_arg@entry=0, message_arg=message_arg@entry=0x0) at /git/mysql-server_dbg/sql/sql_error.cc:358
#9  0x000000000059032b in my_ok (message=0x0, id=0, affected_rows=0, thd=0x7f0b9e789000) at /git/mysql-server_dbg/sql/sql_class.h:2958
#10 mysql_execute_command (thd=thd@entry=0x7f0b9e789000) at /git/mysql-server_dbg/sql/sql_parse.cc:3604
#11 0x0000000000593476 in mysql_parse (thd=thd@entry=0x7f0b9e789000, rawbuf=<optimized out>, length=51, parser_state=parser_state@entry=0x7f0bad101580) at /git/mysql-server_dbg/sql/sql_parse.cc:5780
#12 0x0000000000594cc3 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7f0b9e789000, packet=packet@entry=0x7f0b9e780001 "grant execute on procedure bug0.0 to bug0@localhost", packet_length=packet_length@entry=51) at /git/mysql-server_dbg/sql/sql_parse.cc:1038
#13 0x0000000000596b4c in do_command (thd=0x7f0b9e789000) at /git/mysql-server_dbg/sql/sql_parse.cc:773
#14 0x000000000063edf8 in do_handle_one_connection (thd_arg=thd_arg@entry=0x7f0b9e789000) at /git/mysql-server_dbg/sql/sql_connect.cc:862
#15 0x000000000063eeb5 in handle_one_connection (arg=0x7f0b9e789000) at /git/mysql-server_dbg/sql/sql_connect.cc:781
#16 0x00007f0bacb08dc5 in start_thread (arg=0x7f0bad102700) at pthread_create.c:308
#17 0x00007f0bab383ced in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

How to repeat:
DROP DATABASE test;
ALTER TABLE mysql.proc MODIFY comment CHAR;
grant execute on procedure bug0.0 to bug0@localhost;
[8 Nov 2016 9:38] MySQL Verification Team 
Hello Roel,

Thank you for the report.
Observed that only debug build(checked 5.5.53) affected.

Thanks,
Umesh
[8 Nov 2016 9:39] MySQL Verification Team 
-- 5.5.53 debug build

(gdb) bt
#0  0x00007ff999feb771 in pthread_kill () from /lib64/libpthread.so.0
#1  0x00000000007eecb6 in my_write_core (sig=6) at /pb2/build/sb_0-20575670-1475079000.51/mysqlcom-pro-5.5.53/mysys/stacktrace.c:433
#2  0x00000000006a695c in handle_fatal_signal (sig=6) at /pb2/build/sb_0-20575670-1475079000.51/mysqlcom-pro-5.5.53/sql/signal_handler.cc:247
#3  <signal handler called>
#4  0x00007ff99910e5d7 in raise () from /lib64/libc.so.6
#5  0x00007ff99910fcc8 in abort () from /lib64/libc.so.6
#6  0x00007ff999107546 in __assert_fail_base () from /lib64/libc.so.6
#7  0x00007ff9991075f2 in __assert_fail () from /lib64/libc.so.6
#8  0x00000000005722c1 in Diagnostics_area::set_ok_status (this=0x208e308, thd=0x208b710, affected_rows_arg=0, last_insert_id_arg=0, message_arg=0x0)
    at /pb2/build/sb_0-20575670-1475079000.51/mysqlcom-pro-5.5.53/sql/sql_error.cc:358
#9  0x000000000059816e in my_ok (thd=0x0, affected_rows=<optimized out>, id=<optimized out>, message=<optimized out>)
    at /pb2/build/sb_0-20575670-1475079000.51/mysqlcom-pro-5.5.53/sql/sql_class.h:2959
#10 0x0000000000591d95 in mysql_execute_command (thd=0x208b710) at /pb2/build/sb_0-20575670-1475079000.51/mysqlcom-pro-5.5.53/sql/sql_parse.cc:3604
#11 0x00000000005943ed in mysql_parse (thd=0x208b710, rawbuf=0x7ff974004bd0 "grant execute on procedure bug0.0 to bug0@localhost", length=<optimized out>, parser_state=0x7ff9826d2c20)
    at /pb2/build/sb_0-20575670-1475079000.51/mysqlcom-pro-5.5.53/sql/sql_parse.cc:5780
#12 0x00000000005959ee in dispatch_command (command=COM_QUERY, thd=0x208b710, packet=0x2107381 "grant execute on procedure bug0.0 to bug0@localhost", packet_length=51)
    at /pb2/build/sb_0-20575670-1475079000.51/mysqlcom-pro-5.5.53/sql/sql_parse.cc:1038
#13 0x0000000000597124 in do_command (thd=0x208b710) at /pb2/build/sb_0-20575670-1475079000.51/mysqlcom-pro-5.5.53/sql/sql_parse.cc:773
#14 0x000000000063db66 in do_handle_one_connection (thd_arg=<optimized out>) at /pb2/build/sb_0-20575670-1475079000.51/mysqlcom-pro-5.5.53/sql/sql_connect.cc:862
#15 0x000000000063dc2f in handle_one_connection (arg=<optimized out>) at /pb2/build/sb_0-20575670-1475079000.51/mysqlcom-pro-5.5.53/sql/sql_connect.cc:781
#16 0x00007ff999fe6df5 in start_thread () from /lib64/libpthread.so.0
#17 0x00007ff9991cf60d in clone () from /lib64/libc.so.6

-- with release build

mysql> grant execute on procedure bug0.0 to bug0@localhost;
ERROR 1548 (HY000): Cannot load from mysql.proc. The table is probably corrupted
mysql> grant execute on procedure bug0.0 to bug0@localhost;
ERROR 1548 (HY000): Cannot load from mysql.proc. The table is probably corrupted
mysql> \q
Bye
[8 Nov 2016 9:42] MySQL Verification Team 
-- 5.6.34 release/debug not affected

mysql> grant execute on procedure bug0.0 to bug0@localhost;
ERROR 1728 (HY000): Cannot load from mysql.proc. The table is probably corrupted
mysql> grant execute on procedure bug0.0 to bug0@localhost;
ERROR 1728 (HY000): Cannot load from mysql.proc. The table is probably corrupted
mysql> grant execute on procedure bug0.0 to bug0@localhost;
ERROR 1728 (HY000): Cannot load from mysql.proc. The table is probably corrupted
mysql> grant execute on procedure bug0.0 to bug0@localhost;
ERROR 1728 (HY000): Cannot load from mysql.proc. The table is probably corrupted
mysql> \q
[23 Jan 2019 11:51] Erlend Dahl 
5.5 is covered under Oracle Lifetime Sustaining Support and will no longer be supported with updates. See

https://www.mysql.com/support/eol-notice.html

The bug is not present on 5.6+.