Bug #77525 handle_fatal_signal (sig=11) in __stpcpy_sse2_unaligned from my_stpcpy
Submitted: 29 Jun 2015 0:02 Modified: 17 Aug 2015 14:09
Reporter: Roel Van de Paar Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Prepared statements Severity:S1 (Critical)
Version:5.7.7 RC, 5.7.8, 8.0.0 OS:Any
Assigned to: CPU Architecture:Any

[29 Jun 2015 0:02] Roel Van de Paar 
Description:
+bt
#0  0x00007f70d24b5771 in __pthread_kill (threadid=<optimized out>, signo=11) at ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c:61
#1  0x0000000000737304 in handle_fatal_signal (sig=11) at /export/home/pb2/build/sb_0-14853600-1427719770.96/mysql-5.7.7-rc/sql/signal_handler.cc:220
#2  <signal handler called>
#3  __stpcpy_sse2_unaligned () at ../sysdeps/x86_64/multiarch/strcpy-sse2-unaligned.S:296
#4  0x000000000073e4ae in my_stpcpy (src=<optimized out>, dst=<optimized out>) at /export/home/pb2/build/sb_0-14853600-1427719770.96/mysql-5.7.7-rc/include/m_string.h:81
#5  name_hash_search (name_hash=0x1cfebe0 <column_priv_hash>, host=<optimized out>, ip=0x7f703888d048 "localhost", db=<optimized out>, user=<optimized out>, tname=0x0, exact=false, name_tolower=false) at /export/home/pb2/build/sb_0-14853600-1427719770.96/mysql-5.7.7-rc/sql/auth/sql_auth_cache.cc:2093
#6  0x0000000000d86b0e in table_hash_search (exact=<optimized out>, tname=<optimized out>, user=<optimized out>, db=<optimized out>, ip=<optimized out>, host=<optimized out>) at /export/home/pb2/build/sb_0-14853600-1427719770.96/mysql-5.7.7-rc/sql/auth/sql_auth_cache.h:300
#7  fill_effective_table_privileges (thd=<optimized out>, grant=0x7f703889a5c8, db=0x14c2f57 "", table=<optimized out>) at /export/home/pb2/build/sb_0-14853600-1427719770.96/mysql-5.7.7-rc/sql/auth/sql_authorization.cc:3590
#8  0x0000000000d27785 in TABLE_LIST::prepare_security (this=0x7f703888ba10, thd=0x7f7038818000) at /export/home/pb2/build/sb_0-14853600-1427719770.96/mysql-5.7.7-rc/sql/table.cc:5150
#9  0x0000000000d0ae1b in mysql_make_view (thd=0x7f7038818000, share=<optimized out>, view_ref=0x7f703888ba10, open_view_no_parse=false) at /export/home/pb2/build/sb_0-14853600-1427719770.96/mysql-5.7.7-rc/sql/sql_view.cc:1212
#10 0x0000000000c30bcd in open_table (thd=0x7f7038818000, table_list=0x7f703888ba10, ot_ctx=<optimized out>) at /export/home/pb2/build/sb_0-14853600-1427719770.96/mysql-5.7.7-rc/sql/sql_base.cc:3337
#11 0x0000000000c32046 in open_and_process_table (ot_ctx=<optimized out>, has_prelocking_list=<optimized out>, prelocking_strategy=<optimized out>, flags=<optimized out>, counter=<optimized out>, tables=<optimized out>, lex=<optimized out>, thd=<optimized out>) at /export/home/pb2/build/sb_0-14853600-1427719770.96/mysql-5.7.7-rc/sql/sql_base.cc:4953
#12 open_tables (thd=0x7f7038818000, start=<optimized out>, counter=<optimized out>, flags=<optimized out>, prelocking_strategy=<optimized out>) at /export/home/pb2/build/sb_0-14853600-1427719770.96/mysql-5.7.7-rc/sql/sql_base.cc:5542
#13 0x0000000000c32512 in open_tables_for_query (thd=0x7f70d2aaa5b6, tables=0x7f703888ba10, flags=0) at /export/home/pb2/build/sb_0-14853600-1427719770.96/mysql-5.7.7-rc/sql/sql_base.cc:6269
#14 0x0000000000c834ca in execute_sqlcom_select (thd=0x7f7038818000, all_tables=0x7f703888ba10) at /export/home/pb2/build/sb_0-14853600-1427719770.96/mysql-5.7.7-rc/sql/sql_parse.cc:4708
#15 0x0000000000c850ad in mysql_execute_command (thd=0x7f7038818000) at /export/home/pb2/build/sb_0-14853600-1427719770.96/mysql-5.7.7-rc/sql/sql_parse.cc:2450
#16 0x0000000000cb1ae6 in Prepared_statement::execute (this=0x7f703888f280, expanded_query=<optimized out>, open_cursor=<optimized out>) at /export/home/pb2/build/sb_0-14853600-1427719770.96/mysql-5.7.7-rc/sql/sql_prepare.cc:3967
#17 0x0000000000cb1bdb in Prepared_statement::execute_loop (this=0x7f703888f280, expanded_query=<optimized out>, open_cursor=<optimized out>, packet=<optimized out>, packet_end=<optimized out>) at /export/home/pb2/build/sb_0-14853600-1427719770.96/mysql-5.7.7-rc/sql/sql_prepare.cc:3574
#18 0x0000000000cb1ee3 in mysql_sql_stmt_execute (thd=0x7f7038818000) at /export/home/pb2/build/sb_0-14853600-1427719770.96/mysql-5.7.7-rc/sql/sql_prepare.cc:2607
#19 0x0000000000c85fd0 in mysql_execute_command (thd=0x7f7038818000) at /export/home/pb2/build/sb_0-14853600-1427719770.96/mysql-5.7.7-rc/sql/sql_parse.cc:2464
#20 0x0000000000c89010 in mysql_parse (thd=0x7f7038818000, parser_state=<optimized out>) at /export/home/pb2/build/sb_0-14853600-1427719770.96/mysql-5.7.7-rc/sql/sql_parse.cc:5159
#21 0x0000000000c8a5d8 in dispatch_command (command=COM_QUERY, thd=0x7f7038818000, packet=<optimized out>, packet_length=<optimized out>) at /export/home/pb2/build/sb_0-14853600-1427719770.96/mysql-5.7.7-rc/sql/sql_parse.cc:1249
#22 0x0000000000d4fa14 in handle_connection (arg=<optimized out>) at /export/home/pb2/build/sb_0-14853600-1427719770.96/mysql-5.7.7-rc/sql/conn_handler/connection_handler_per_thread.cc:298
#23 0x000000000113cbda in pfs_spawn_thread (arg=<optimized out>) at /export/home/pb2/build/sb_0-14853600-1427719770.96/mysql-5.7.7-rc/storage/perfschema/pfs.cc:2147
#24 0x00007f70d24b0df3 in start_thread (arg=0x7f70d2aae700) at pthread_create.c:308
#25 0x00007f70d117a1ad in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

How to repeat:
DROP DATABASE test;CREATE DATABASE test;USE test;
create view v1 as select 1 from(select 1)as d1;
prepare stmt from "select * from v1";
grant super on *.* to pfsuser@localhost;
EXECUTE stmt;
[29 Jun 2015 0:02] Roel Van de Paar 
Related to other recently logged (7752x) bugs?
[29 Jun 2015 5:16] MySQL Verification Team 
Hello Roel,

Thank you for the report and test case.
Observed that 5.7.8 builds are affected.

Thanks,
Umesh
[17 Aug 2015 14:09] Paul DuBois 
Noted in 5.7.9, 5.8.0 changelogs.

A privilege precheck for derived tables could fail and cause a server
exit.
[18 Jun 2016 21:26] Omer Barnir 
Posted by developer:
 
Reported version value updated to reflect release name change from 5.8 to 8.0