Details

    Description

      Simple select query that crashes MariaDB 10.2.
      Crash does not happen when set names utf8 is not set.

      SET NAMES 'utf8';
      SELECT p.`id_product`, product_shop.`condition`, p.`id_manufacturer`, sa.`quantity`, p.`weight` , psi.price_min, psi.price_max
                   FROM ps_product p  INNER JOIN ps_product_shop product_shop
                      ON (product_shop.id_product = p.id_product AND product_shop.id_shop = 1)
                   INNER JOIN ps_category_product cp ON (cp.id_product = p.id_product)
                   INNER JOIN ps_category c ON (c.id_category = cp.id_category AND c.nleft >= 3 AND c.nright <= 24 AND c.active = 1)
                   LEFT JOIN `ps_stock_available` sa ON (sa.id_product = p.id_product AND sa.id_shop = 1)
                   INNER JOIN `ps_layered_price_index` psi ON (psi.id_product = p.id_product AND psi.id_currency = 1)
                     WHERE product_shop.`active` = 1 AND product_shop.`visibility` IN ("both","catalog")  AND p.id_product IN
                      (SELECT id_product FROM ps_feature_product fp WHERE fp.`id_feature_value` = 32)  AND p.id_product IN
                        (SELECT id_product FROM ps_feature_product fp WHERE fp.`id_feature_value` = 15)  AND p.id_product IN
                          (SELECT id_product FROM ps_feature_product fp WHERE fp.`id_feature_value` = 18 OR fp.`id_feature_value` = 19)  AND p.id_product IN
                            (SELECT id_product FROM ps_feature_product fp WHERE fp.`id_feature_value` = 34 OR fp.`id_feature_value` = 23)  AND p.id_product IN
                              (SELECT id_product FROM ps_feature_product fp WHERE fp.`id_feature_value` = 29 OR fp.`id_feature_value` = 28 OR fp.`id_feature_value` = 26)
                   GROUP BY p.id_product;
      

      Log:

      Feb  8 10:26:19 uvn-234-24 mysqld: Version: '10.2.12-MariaDB'  socket: '/var/lib/mysql/mysql.sock'  port: 3306  MariaDB Server
      Feb  8 10:26:19 uvn-234-24 systemd: Started MariaDB database server.
      Feb  8 10:26:55 uvn-234-24 systemd: Started Session 1150 of user root.
      Feb  8 10:26:55 uvn-234-24 systemd-logind: New session 1150 of user root.
      Feb  8 10:26:55 uvn-234-24 systemd: Starting Session 1150 of user root.
      Feb  8 10:26:55 uvn-234-24 systemd-logind: Removed session 1150.
      Feb  8 10:28:31 uvn-234-24 mysqld: 180208 10:28:31 [ERROR] mysqld got signal 11 ;
      Feb  8 10:28:31 uvn-234-24 mysqld: This could be because you hit a bug. It is also possible that this binary
      Feb  8 10:28:31 uvn-234-24 mysqld: or one of the libraries it was linked against is corrupt, improperly built,
      Feb  8 10:28:31 uvn-234-24 mysqld: or misconfigured. This error can also be caused by malfunctioning hardware.
      Feb  8 10:28:31 uvn-234-24 mysqld: To report this bug, see https://mariadb.com/kb/en/reporting-bugs
      Feb  8 10:28:31 uvn-234-24 mysqld: We will try our best to scrape up some info that will hopefully help
      Feb  8 10:28:31 uvn-234-24 mysqld: diagnose the problem, but since we have already crashed,
      Feb  8 10:28:31 uvn-234-24 mysqld: something is definitely wrong and this may fail.
      Feb  8 10:28:31 uvn-234-24 mysqld: Server version: 10.2.12-MariaDB
      Feb  8 10:28:31 uvn-234-24 mysqld: key_buffer_size=134217728
      Feb  8 10:28:31 uvn-234-24 mysqld: read_buffer_size=131072
      Feb  8 10:28:31 uvn-234-24 mysqld: max_used_connections=1
      Feb  8 10:28:31 uvn-234-24 mysqld: max_threads=153
      Feb  8 10:28:31 uvn-234-24 mysqld: thread_count=7
      Feb  8 10:28:31 uvn-234-24 mysqld: It is possible that mysqld could use up to
      Feb  8 10:28:31 uvn-234-24 mysqld: key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 467244 K  bytes of memory
      Feb  8 10:28:31 uvn-234-24 mysqld: Hope that's ok; if not, decrease some variables in the equation.
      Feb  8 10:28:31 uvn-234-24 mysqld: Thread pointer: 0x7fe6e9a04e38
      Feb  8 10:28:31 uvn-234-24 mysqld: Attempting backtrace. You can use the following information to find out
      Feb  8 10:28:31 uvn-234-24 mysqld: where mysqld died. If you see no messages after this, something went
      Feb  8 10:28:31 uvn-234-24 mysqld: terribly wrong...
      Feb  8 10:28:31 uvn-234-24 mysqld: stack_bottom = 0x7fe6d80c6d70 thread_stack 0x49000
      Feb  8 10:28:31 uvn-234-24 mysqld: /usr/sbin/mysqld(my_print_stacktrace+0x2e)[0x7fe6e6511c4e]
      Feb  8 10:28:31 uvn-234-24 mysqld: /usr/sbin/mysqld(handle_fatal_signal+0x355)[0x7fe6e5f9c825]
      Feb  8 10:28:31 uvn-234-24 mysqld: /lib64/libpthread.so.0(+0xf130)[0x7fe6e5501130]
      Feb  8 10:28:31 uvn-234-24 mysqld: /usr/sbin/mysqld(_ZN10TABLE_LIST33is_with_table_recursive_referenceEv+0x0)[0x7fe6e5f2e4a0]
      Feb  8 10:28:31 uvn-234-24 mysqld: /usr/sbin/mysqld(_ZN13st_join_table7cleanupEv+0x18)[0x7fe6e5e489d8]
      Feb  8 10:28:31 uvn-234-24 mysqld: /usr/sbin/mysqld(_ZN4JOIN7cleanupEb+0x368)[0x7fe6e5e49058]
      Feb  8 10:28:31 uvn-234-24 mysqld: /usr/sbin/mysqld(_ZN4JOIN9join_freeEv+0x4c)[0x7fe6e5e4934c]
      Feb  8 10:28:31 uvn-234-24 mysqld: /usr/sbin/mysqld(_ZN4JOIN10exec_innerEv+0x9b5)[0x7fe6e5e60635]
      Feb  8 10:28:31 uvn-234-24 mysqld: /usr/sbin/mysqld(_ZN4JOIN4execEv+0x33)[0x7fe6e5e608d3]
      Feb  8 10:28:31 uvn-234-24 mysqld: /usr/sbin/mysqld(_Z12mysql_selectP3THDP10TABLE_LISTjR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex+0x11a)[0x7fe6e5e60a2a]
      Feb  8 10:28:31 uvn-234-24 mysqld: /usr/sbin/mysqld(_Z13handle_selectP3THDP3LEXP13select_resultm+0x254)[0x7fe6e5e61584]
      Feb  8 10:28:31 uvn-234-24 mysqld: /usr/sbin/mysqld(+0x415dcc)[0x7fe6e5d46dcc]
      Feb  8 10:28:31 uvn-234-24 mysqld: /usr/sbin/mysqld(_Z21mysql_execute_commandP3THD+0x6d85)[0x7fe6e5e113a5]
      Feb  8 10:28:31 uvn-234-24 mysqld: /usr/sbin/mysqld(_Z11mysql_parseP3THDPcjP12Parser_statebb+0x2de)[0x7fe6e5e13a5e]
      Feb  8 10:28:31 uvn-234-24 mysqld: /usr/sbin/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcjbb+0x209f)[0x7fe6e5e16a6f]
      Feb  8 10:28:31 uvn-234-24 mysqld: /usr/sbin/mysqld(_Z10do_commandP3THD+0x149)[0x7fe6e5e17669]
      Feb  8 10:28:31 uvn-234-24 mysqld: /usr/sbin/mysqld(_Z24do_handle_one_connectionP7CONNECT+0x1aa)[0x7fe6e5edaefa]
      Feb  8 10:28:31 uvn-234-24 mysqld: /usr/sbin/mysqld(handle_one_connection+0x3d)[0x7fe6e5edb01d]
      Feb  8 10:28:31 uvn-234-24 mysqld: /lib64/libpthread.so.0(+0x7df3)[0x7fe6e54f9df3]
      Feb  8 10:28:31 uvn-234-24 mysqld: /lib64/libc.so.6(clone+0x6d)[0x7fe6e3b511ad]
      Feb  8 10:28:31 uvn-234-24 mysqld: Trying to get some variables.
      Feb  8 10:28:31 uvn-234-24 mysqld: Some pointers may be invalid and cause the dump to abort.
      Feb  8 10:28:31 uvn-234-24 mysqld: Query (0x7fe6e9a12400): SELECT p.`id_product`, product_shop.`condition`, p.`id_manufacturer`, sa.`quantity`, p.`weight` , psi.price_min, psi.price_max              FROM ps_product p  INNER JOIN ps_product_shop product_shop                 ON (product_shop.id_product = p.id_product AND product_shop.id_shop = 1)              INNER JOIN ps_category_product cp ON (cp.id_product = p.id_product)              INNER JOIN ps_category c ON (c.id_category = cp.id_category AND c.nleft >= 3 AND c.nright <= 24 AND c.active = 1)              LEFT JOIN `ps_stock_available` sa ON (sa.id_product = p.id_product AND sa.id_shop = 1)               INNER JOIN `ps_layered_price_index` psi ON (psi.id_product = p.id_product AND psi.id_currency = 1)                 WHERE product_shop.`active` = 1 AND product_shop.`visibility` IN ("both","catalog")  AND p.id_product IN                 (SELECT id_product FROM ps_feature_product fp WHERE fp.`id_feature_value` = 32)  AND p.id_product IN                   (SELECT id_product FROM ps_feature_product fp WHERE fp.`id_feature_value` = 15)  AND p.id_product IN                     (SELECT id_product FROM ps_feature_product fp WHERE fp.`id_feature_value` = 18 OR fp.`id_feature_value` = 19)  AND p.id_product IN                        (SELECT id_product FROM ps_feature_product fp WHERE fp.`id_feature_value` = 34 OR fp.`id_feature_value` = 23)  AND p.id_product IN                         (SELECT id_product FROM ps_feature_product fp WHERE fp.`id_feature_value` = 29 OR fp.`id_feature_value` = 28 OR fp.`id_feature_value` = 26)               GROUP BY p.id_product
      Feb  8 10:28:31 uvn-234-24 mysqld: Connection ID (thread ID): 10
      Feb  8 10:28:31 uvn-234-24 mysqld: Status: NOT_KILLED
      Feb  8 10:28:31 uvn-234-24 mysqld: Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=off,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on
      Feb  8 10:28:31 uvn-234-24 mysqld: The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
      Feb  8 10:28:31 uvn-234-24 mysqld: information that should help you find out what is causing the crash.
      Feb  8 10:28:31 uvn-234-24 systemd: mariadb.service: main process exited, code=killed, status=11/SEGV
      Feb  8 10:28:31 uvn-234-24 systemd: Unit mariadb.service entered failed state.
      Feb  8 10:28:31 uvn-234-24 systemd: mariadb.service failed.
      Feb  8 10:28:36 uvn-234-24 systemd: mariadb.service holdoff time over, scheduling restart.
      Feb  8 10:28:36 uvn-234-24 systemd: Starting MariaDB database server...
      

      Attachments

        Issue Links

          Activity

            dtakken Dik Takken added a comment -

            I am planning to drop the database that reproduces this crash, please let me know if there is anything I can do to help.

            dtakken Dik Takken added a comment - I am planning to drop the database that reproduces this crash, please let me know if there is anything I can do to help.
            alice Alice Sherepa added a comment -

            10.3 3bbc30c73b3db

            Thread 1 (Thread 0x7fde3c421700 (LWP 4528)):
            #0  0x00007fde412dd428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
            #1  0x00007fde412df02a in __GI_abort () at abort.c:89
            #2  0x00007fde4131f7ea in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7fde41438ed8 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
            #3  0x00007fde4132a651 in malloc_printerr (ar_ptr=0x7fde3c41f0b0, ptr=0x7fde201782e0, str=0x7fde414392e0 "malloc(): memory corruption (fast)", action=3) at malloc.c:5006
            #4  _int_malloc (av=av@entry=0x7fde20000020, bytes=bytes@entry=56) at malloc.c:3386
            #5  0x00007fde4132c184 in __GI___libc_malloc (bytes=bytes@entry=56) at malloc.c:2913
            #6  0x00007fde4307c737 in _dl_map_object_deps (map=map@entry=0x7fde43269000, preloads=preloads@entry=0x0, npreloads=npreloads@entry=0, trace_mode=trace_mode@entry=0, open_mode=open_mode@entry=-2147483648) at dl-deps.c:499
            #7  0x00007fde430835e2 in dl_open_worker (a=a@entry=0x7fde3c41f520) at dl-open.c:280
            #8  0x00007fde4307e564 in _dl_catch_error (objname=objname@entry=0x7fde3c41f510, errstring=errstring@entry=0x7fde3c41f518, mallocedp=mallocedp@entry=0x7fde3c41f50f, operate=operate@entry=0x7fde430834d0 <dl_open_worker>, args=args@entry=0x7fde3c41f520) at dl-error.c:187
            #9  0x00007fde43082da9 in _dl_open (file=0x7fde41434686 "libgcc_s.so.1", mode=-2147483647, caller_dlopen=0x7fde413bda85 <init+21>, nsid=-2, argc=<optimized out>, argv=<optimized out>, env=0x7ffec9f594a0) at dl-open.c:660
            #10 0x00007fde413eb5ad in do_dlopen (ptr=ptr@entry=0x7fde3c41f740) at dl-libc.c:87
            #11 0x00007fde4307e564 in _dl_catch_error (objname=0x7fde3c41f730, errstring=0x7fde3c41f738, mallocedp=0x7fde3c41f72f, operate=0x7fde413eb570 <do_dlopen>, args=0x7fde3c41f740) at dl-error.c:187
            #12 0x00007fde413eb664 in dlerror_run (args=0x7fde3c41f740, operate=0x7fde413eb570 <do_dlopen>) at dl-libc.c:46
            #13 __GI___libc_dlopen_mode (name=name@entry=0x7fde41434686 "libgcc_s.so.1", mode=mode@entry=-2147483647) at dl-libc.c:163
            #14 0x00007fde413bda85 in init () at ../sysdeps/x86_64/backtrace.c:52
            #15 0x00007fde41f21a99 in __pthread_once_slow (once_control=0x7fde41670110 <once>, init_routine=0x7fde413bda70 <init>) at pthread_once.c:116
            #16 0x00007fde413bdba4 in __GI___backtrace (array=<optimized out>, size=<optimized out>) at ../sysdeps/x86_64/backtrace.c:105
            #17 0x000055a32e4a270b in my_print_stacktrace (stack_bottom=0x7fde3c420e70 "\230\n", thread_stack=299008, silent=0 '\000') at /home/alice/git/10.3/mysys/stacktrace.c:269
            #18 0x000055a32dc90d68 in handle_fatal_signal (sig=11) at /home/alice/git/10.3/sql/signal_handler.cc:166
            #19 <signal handler called>
            #20 __memset_avx2 () at ../sysdeps/x86_64/multiarch/memset-avx2.S:161
            #21 0x000055a32e49a0c9 in my_free (ptr=0x7fde20037398) at /home/alice/git/10.3/mysys/my_malloc.c:220
            #22 0x000055a32e48ac26 in free_root (root=0x7fde20006110, MyFlags=1) at /home/alice/git/10.3/mysys/my_alloc.c:418
            #23 0x000055a32d993df4 in dispatch_command (command=COM_QUERY, thd=0x7fde20000a98, packet=0x7fde2014e539 '\217' <repeats 200 times>..., packet_length=786, is_com_multi=false, is_next_command=false) at /home/alice/git/10.3/sql/sql_parse.cc:2436
            #24 0x000055a32d990a14 in do_command (thd=0x7fde20000a98) at /home/alice/git/10.3/sql/sql_parse.cc:1391
            #25 0x000055a32dafb957 in do_handle_one_connection (connect=0x55a331c25778) at /home/alice/git/10.3/sql/sql_connect.cc:1402
            #26 0x000055a32dafb6a8 in handle_one_connection (arg=0x55a331c25778) at /home/alice/git/10.3/sql/sql_connect.cc:1308
            #27 0x000055a32dee18d6 in pfs_spawn_thread (arg=0x55a331c1f648) at /home/alice/git/10.3/storage/perfschema/pfs.cc:1862
            #28 0x00007fde41f1a6ba in start_thread (arg=0x7fde3c421700) at pthread_create.c:333
            #29 0x00007fde413af41d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
            
            

            alice Alice Sherepa added a comment - 10.3 3bbc30c73b3db Thread 1 (Thread 0x7fde3c421700 (LWP 4528)): #0 0x00007fde412dd428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54 #1 0x00007fde412df02a in __GI_abort () at abort.c:89 #2 0x00007fde4131f7ea in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7fde41438ed8 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175 #3 0x00007fde4132a651 in malloc_printerr (ar_ptr=0x7fde3c41f0b0, ptr=0x7fde201782e0, str=0x7fde414392e0 "malloc(): memory corruption (fast)", action=3) at malloc.c:5006 #4 _int_malloc (av=av@entry=0x7fde20000020, bytes=bytes@entry=56) at malloc.c:3386 #5 0x00007fde4132c184 in __GI___libc_malloc (bytes=bytes@entry=56) at malloc.c:2913 #6 0x00007fde4307c737 in _dl_map_object_deps (map=map@entry=0x7fde43269000, preloads=preloads@entry=0x0, npreloads=npreloads@entry=0, trace_mode=trace_mode@entry=0, open_mode=open_mode@entry=-2147483648) at dl-deps.c:499 #7 0x00007fde430835e2 in dl_open_worker (a=a@entry=0x7fde3c41f520) at dl-open.c:280 #8 0x00007fde4307e564 in _dl_catch_error (objname=objname@entry=0x7fde3c41f510, errstring=errstring@entry=0x7fde3c41f518, mallocedp=mallocedp@entry=0x7fde3c41f50f, operate=operate@entry=0x7fde430834d0 <dl_open_worker>, args=args@entry=0x7fde3c41f520) at dl-error.c:187 #9 0x00007fde43082da9 in _dl_open (file=0x7fde41434686 "libgcc_s.so.1", mode=-2147483647, caller_dlopen=0x7fde413bda85 <init+21>, nsid=-2, argc=<optimized out>, argv=<optimized out>, env=0x7ffec9f594a0) at dl-open.c:660 #10 0x00007fde413eb5ad in do_dlopen (ptr=ptr@entry=0x7fde3c41f740) at dl-libc.c:87 #11 0x00007fde4307e564 in _dl_catch_error (objname=0x7fde3c41f730, errstring=0x7fde3c41f738, mallocedp=0x7fde3c41f72f, operate=0x7fde413eb570 <do_dlopen>, args=0x7fde3c41f740) at dl-error.c:187 #12 0x00007fde413eb664 in dlerror_run (args=0x7fde3c41f740, operate=0x7fde413eb570 <do_dlopen>) at dl-libc.c:46 #13 __GI___libc_dlopen_mode (name=name@entry=0x7fde41434686 "libgcc_s.so.1", mode=mode@entry=-2147483647) at dl-libc.c:163 #14 0x00007fde413bda85 in init () at ../sysdeps/x86_64/backtrace.c:52 #15 0x00007fde41f21a99 in __pthread_once_slow (once_control=0x7fde41670110 <once>, init_routine=0x7fde413bda70 <init>) at pthread_once.c:116 #16 0x00007fde413bdba4 in __GI___backtrace (array=<optimized out>, size=<optimized out>) at ../sysdeps/x86_64/backtrace.c:105 #17 0x000055a32e4a270b in my_print_stacktrace (stack_bottom=0x7fde3c420e70 "\230\n", thread_stack=299008, silent=0 '\000') at /home/alice/git/10.3/mysys/stacktrace.c:269 #18 0x000055a32dc90d68 in handle_fatal_signal (sig=11) at /home/alice/git/10.3/sql/signal_handler.cc:166 #19 <signal handler called> #20 __memset_avx2 () at ../sysdeps/x86_64/multiarch/memset-avx2.S:161 #21 0x000055a32e49a0c9 in my_free (ptr=0x7fde20037398) at /home/alice/git/10.3/mysys/my_malloc.c:220 #22 0x000055a32e48ac26 in free_root (root=0x7fde20006110, MyFlags=1) at /home/alice/git/10.3/mysys/my_alloc.c:418 #23 0x000055a32d993df4 in dispatch_command (command=COM_QUERY, thd=0x7fde20000a98, packet=0x7fde2014e539 '\217' <repeats 200 times>..., packet_length=786, is_com_multi=false, is_next_command=false) at /home/alice/git/10.3/sql/sql_parse.cc:2436 #24 0x000055a32d990a14 in do_command (thd=0x7fde20000a98) at /home/alice/git/10.3/sql/sql_parse.cc:1391 #25 0x000055a32dafb957 in do_handle_one_connection (connect=0x55a331c25778) at /home/alice/git/10.3/sql/sql_connect.cc:1402 #26 0x000055a32dafb6a8 in handle_one_connection (arg=0x55a331c25778) at /home/alice/git/10.3/sql/sql_connect.cc:1308 #27 0x000055a32dee18d6 in pfs_spawn_thread (arg=0x55a331c1f648) at /home/alice/git/10.3/storage/perfschema/pfs.cc:1862 #28 0x00007fde41f1a6ba in start_thread (arg=0x7fde3c421700) at pthread_create.c:333 #29 0x00007fde413af41d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
            varun Varun Gupta (Inactive) added a comment - Patch http://lists.askmonty.org/pipermail/commits/2018-June/012602.html
            BB Silver Asu added a comment -

            I can confirm, patch works for me.

            BB Silver Asu added a comment - I can confirm, patch works for me.

            Ok to push

            psergei Sergei Petrunia added a comment - Ok to push

            People

              varun Varun Gupta (Inactive)
              BB Silver Asu
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.