Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Incomplete
-
11.8.3
-
None
-
None
Description
What happened
At 2025-08-31 06:08:31 the server crashed with signal 11 during cleanup of an internal Aria temporary table at the end of a `SELECT` that uses `JOIN + GROUP BY + ORDER BY`. The crash occurs inside `ha_maria::drop_table()` invoked by `free_tmp_table()`.
Environment
- MariaDB: `11.8.3-MariaDB-ubu2204-log` (source rev: b565b3e7e041c480fd8013e3beec6b99544d6bf8)
- OS: Ubuntu 22.04 LTS, kernel `5.15.0-153-generic` (x86_64)
- Storage: InnoDB for user tables; internal on-disk temp tables = Aria (defaults)
- Notable InnoDB notes at startup: io_uring enabled; buffer pool ≈ 12.4 GiB; zlib 1.2.11 for compressed tables
- wsrep provider disabled
- Core dumps were disabled at crash time (`Max core file size: 0`)
Query that triggered the crash (from error log)
SELECT c.*, cl.`id_lang`, cl.`name`, cl.`description`, cl.`link_rewrite`, cl.`meta_title`,
|
cl.`meta_keywords`, cl.`meta_description`
|
FROM `ps_category` c
|
INNER JOIN ps_category_shop category_shop
|
ON (category_shop.id_category = c.id_category AND category_shop.id_shop = 1) |
LEFT JOIN `ps_category_lang` cl
|
ON (c.`id_category` = cl.`id_category` AND `id_lang` = 1 AND cl.id_shop = 1) |
LEFT JOIN `ps_category_group` cg
|
ON (cg.`id_category` = c.`id_category`)
|
WHERE `id_parent` = 2504 |
AND `active` = 1 |
AND cg.`id_group` = 1 |
GROUP BY c.`id_category`
|
ORDER BY `level_depth` ASC, category_shop.`position` ASC;
|
Backtrace excerpt (top frames)
```
/usr/sbin/mariadbd(my_print_stacktrace)
/usr/sbin/mariadbd(handle_fatal_signal)
/lib/x86_64-linux-gnu/libc.so.6
/usr/sbin/mariadbd(ha_maria::drop_table) <-- crash here
/usr/sbin/mariadbd(free_tmp_table)
/usr/sbin/mariadbd(JOIN::cleanup)
/usr/sbin/mariadbd(JOIN::join_free)
/usr/sbin/mariadbd(JOIN::exec_inner)
/usr/sbin/mariadbd(JOIN::exec)
/usr/sbin/mariadbd(mysql_select)
/usr/sbin/mariadbd(handle_select)
/usr/sbin/mariadbd(mysql_execute_command)
...
Status: KILL_SERVER
```
Steps to reproduce (current understanding)
1. Run the query above (it’s from a PrestaShop workload).
2. The optimizer creates an on-disk temporary table (Aria) for GROUP BY / ORDER BY.
3. At statement end, the server attempts to drop the Aria temp table and segfaults in `ha_maria::drop_table()`.
Expected result
Query completes and the temporary table is dropped without crashing.
Actual result
`mariadbd` crashes with SIGSEGV; server restarts and InnoDB performs clean crash recovery. No persistent table corruption observed.
Frequency / Reproducibility
Observed once so far under production load on 11.8.3. We will attempt to reproduce under controlled conditions after enabling core dumps and debug symbols.
Additional notes
- `optimizer_switch` was largely default with many modern options enabled (see attached full line from the error log).
- After restart, `Created_tmp_disk_tables` increases during similar workloads, indicating Aria temp tables are used as expected.
- Core dumps were disabled at crash time; we have now enabled them and can provide a full backtrace and coredump if it recurs.
Attachments planned
- Full error log segment (crash + restart)
- Exact `optimizer_switch` line from the log
- `SHOW VARIABLES` relevant to tmp tables (`tmp_table_size`, `max_heap_table_size`, Aria settings)
- `EXPLAIN FORMAT=JSON` for the query
- coredump + symbolized stack trace (if/when reproduced with core dumps enabled)