Bug #75958 handle_fatal_signal (sig=11) in String::replace | INSERT into TEMPORARY table
Submitted: 18 Feb 2015 18:21 Modified: 18 Feb 2015 22:32
Reporter: Roel Van de Paar Email Updates:
Status: Can't repeat Impact on me:
None 
Category:MySQL Server: DML Severity:S1 (Critical)
Version:5.7.5-m15 OS:Any
Assigned to: CPU Architecture:Any

[18 Feb 2015 18:21] Roel Van de Paar 
Description:
Version: '5.7.5-m15-debug'  socket: '/sda/MS-mysql-5.7.5-m15-linux-x86_64-debug/socket.sock'  port: 11997  MySQL Community Server (GPL)
18:03:06 UTC - mysqld got signal 11 ;

(gdb) bt
#0  0x00007fac8b461771 in pthread_kill () from /lib64/libpthread.so.0
#1  0x0000000000e15cd8 in my_write_core (sig=11) at /bzr/testbuild/mysql-5.7.5-m15_dbg/mysys/stacktrace.c:247
#2  0x0000000000822044 in handle_fatal_signal (sig=11) at /bzr/testbuild/mysql-5.7.5-m15_dbg/sql/signal_handler.cc:219
#3  <signal handler called>
#4  0x00007fac8a17a6d3 in __memcpy_ssse3_back () from /lib64/libc.so.6
#5  0x0000000000c4b82c in String::replace (this=0x7fac8ba57340, offset=0, arg_length=2, to=0x7fabd002fe30 "0", to_length=1) at /bzr/testbuild/mysql-5.7.5-m15_dbg/sql-common/sql_string.cc:689
#6  0x0000000000c4b7aa in String::replace (this=0x7fac8ba57340, offset=0, arg_length=2, to=...) at /bzr/testbuild/mysql-5.7.5-m15_dbg/sql-common/sql_string.cc:677
#7  0x0000000000a2813c in Item_func_insert::val_str (this=0x7fabd0027c18, str=0x7fac8ba57340) at /bzr/testbuild/mysql-5.7.5-m15_dbg/sql/item_strfunc.cc:2159
#8  0x00000000008a7797 in Item::send (this=0x7fabd0027c18, protocol=0x7fabd001c540, buffer=0x7fac8ba57340) at /bzr/testbuild/mysql-5.7.5-m15_dbg/sql/item.cc:6941
#9  0x0000000000a8e0a8 in Protocol::send_result_set_row (this=0x7fabd001c540, row_items=0x7fabd0027198) at /bzr/testbuild/mysql-5.7.5-m15_dbg/sql/protocol.cc:1014
#10 0x0000000000aee129 in select_send::send_data (this=0x7fabd0028d28, items=...) at /bzr/testbuild/mysql-5.7.5-m15_dbg/sql/sql_class.cc:2734
#11 0x0000000000b0965e in end_send (join=0x7fabd009e020, qep_tab=0x7fabd009e8d0, end_of_records=false) at /bzr/testbuild/mysql-5.7.5-m15_dbg/sql/sql_executor.cc:2833
#12 0x0000000000b065dd in evaluate_join_record (join=0x7fabd009e020, qep_tab=0x7fabd009e758) at /bzr/testbuild/mysql-5.7.5-m15_dbg/sql/sql_executor.cc:1606
#13 0x0000000000b05a46 in sub_select (join=0x7fabd009e020, qep_tab=0x7fabd009e758, end_of_records=false) at /bzr/testbuild/mysql-5.7.5-m15_dbg/sql/sql_executor.cc:1269
#14 0x0000000000b05282 in do_select (join=0x7fabd009e020) at /bzr/testbuild/mysql-5.7.5-m15_dbg/sql/sql_executor.cc:922
#15 0x0000000000b031ae in JOIN::exec (this=0x7fabd009e020) at /bzr/testbuild/mysql-5.7.5-m15_dbg/sql/sql_executor.cc:190
#16 0x0000000000b8730c in mysql_select (thd=0x7fabd001c000, fields=..., select_options=2147748608, result=0x7fabd0028d28, select_lex=0x7fabd0027090) at /bzr/testbuild/mysql-5.7.5-m15_dbg/sql/sql_select.cc:1055
#17 0x0000000000b8575f in handle_select (thd=0x7fabd001c000, result=0x7fabd0028d28, setup_tables_done_option=0) at /bzr/testbuild/mysql-5.7.5-m15_dbg/sql/sql_select.cc:97
#18 0x0000000000b4edf5 in execute_sqlcom_select (thd=0x7fabd001c000, all_tables=0x7fabd00286f0) at /bzr/testbuild/mysql-5.7.5-m15_dbg/sql/sql_parse.cc:5028
#19 0x0000000000b47775 in mysql_execute_command (thd=0x7fabd001c000) at /bzr/testbuild/mysql-5.7.5-m15_dbg/sql/sql_parse.cc:2488
#20 0x0000000000b4fcc1 in mysql_parse (thd=0x7fabd001c000, parser_state=0x7fac8ba58e60) at /bzr/testbuild/mysql-5.7.5-m15_dbg/sql/sql_parse.cc:5427
#21 0x0000000000b44814 in dispatch_command (command=COM_QUERY, thd=0x7fabd001c000, packet=0x7fabd0033011 "", packet_length=48) at /bzr/testbuild/mysql-5.7.5-m15_dbg/sql/sql_parse.cc:1250
#22 0x0000000000b4354d in do_command (thd=0x7fabd001c000) at /bzr/testbuild/mysql-5.7.5-m15_dbg/sql/sql_parse.cc:834
#23 0x0000000000c4d4ce in handle_connection (arg=0x7fac6d3ffee0) at /bzr/testbuild/mysql-5.7.5-m15_dbg/sql/conn_handler/connection_handler_per_thread.cc:298
#24 0x0000000000e394b8 in pfs_spawn_thread (arg=0x7fac6dbf8a50) at /bzr/testbuild/mysql-5.7.5-m15_dbg/storage/perfschema/pfs.cc:2137
#25 0x00007fac8b45cdf3 in start_thread () from /lib64/libpthread.so.0
#26 0x00007fac8a1261ad in clone () from /lib64/libc.so.6

How to repeat:
DROP DATABASE test;CREATE DATABASE test;USE test;
CREATE TEMPORARY TABLE t1(c1 TIMESTAMP);
INSERT INTO t1 VALUES(3),(5);
select insert(c1,1,2,0),insert(0,1,2,c1) from t1;
[18 Feb 2015 19:17] MySQL Verification Team 
looks like a duplicate of mine, which is fixed in 5.7.6
Bug 19174480 - INSERT STRING FUNCTIONS RECENTLY CRASHING
[18 Feb 2015 22:32] MySQL Verification Team 
Thank you for the bug report. Not more repeatable with recent source code and looks duplicate of Bug 19174480 - INSERT STRING FUNCTIONS RECENTLY CRASHING filed by Shane Bester which was already fixed:

C:\dbs>net start mysqld57
The MySQLD57 service is starting..
The MySQLD57 service was started successfully.

C:\dbs>57

C:\dbs>c:\dbs\5.7\bin\mysql -uroot --port=3570 --prompt="mysql 5.7 > "
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.6-m16-debug Source distribution 2015/02/09

Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql 5.7 > DROP DATABASE test;CREATE DATABASE test;USE test;
Query OK, 0 rows affected (0.01 sec)

Query OK, 1 row affected (0.00 sec)

Database changed
mysql 5.7 > CREATE TEMPORARY TABLE t1(c1 TIMESTAMP);
Query OK, 0 rows affected (0.00 sec)

mysql 5.7 > INSERT INTO t1 VALUES(3),(5);
Query OK, 2 rows affected, 2 warnings (0.00 sec)
Records: 2  Duplicates: 0  Warnings: 2

mysql 5.7 > select insert(c1,1,2,0),insert(0,1,2,c1) from t1;
+--------------------+---------------------+
| insert(c1,1,2,0)   | insert(0,1,2,c1)    |
+--------------------+---------------------+
| 000-00-00 00:00:00 | 0000-00-00 00:00:00 |
| 000-00-00 00:00:00 | 0000-00-00 00:00:00 |
+--------------------+---------------------+
2 rows in set (0.00 sec)

mysql 5.7 > SHOW VARIABLES LIKE "%VERSION%";
+-------------------------+--------------------------------+
| Variable_name           | Value                          |
+-------------------------+--------------------------------+
| innodb_version          | 5.7.6                          |
| protocol_version        | 10                             |
| slave_type_conversions  |                                |
| version                 | 5.7.6-m16-debug                |
| version_comment         | Source distribution 2015/02/09 |
| version_compile_machine | x86_64                         |
| version_compile_os      | Win64                          |
+-------------------------+--------------------------------+
7 rows in set (0.00 sec)

mysql 5.7 >