[MDEV-13380] Signal 11 with stored procedure using cursor Created: 2017-07-25  Updated: 2017-08-15  Resolved: 2017-07-31

Status: Closed
Project: MariaDB Server
Component/s: Stored routines
Affects Version/s: 10.2, 10.3
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: Rich Theobald Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: None
Environment:

Ubuntu 14.04

Issue Links:
Duplicate
is duplicated by MDEV-13346 Excuting a stored procedure with a cu... Closed

 Description   

Do the following on a fresh install of MariaDB 10.2.7

DELIMITER ;;
 
CREATE PROCEDURE test()
 
BEGIN
 
  DECLARE test CURSOR FOR
 
    SELECT 
      IFNULL(NULL,1) test
 
    FROM 
      ( select 1 as id ) table_a
 
    GROUP BY table_a.id
 
  ;     
  OPEN test;
 
END
 
;;
 
CALL test;;

Causes a Signal 11:

Version: '10.2.7-MariaDB-10.2.7+maria~trusty'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  mariadb.org binary distribution
 
 
 
Status information:
 
 
 
Current dir: /var/lib/mysql/
 
Running threads: 6  Cached threads: 0  Stack size: 299008
 
 
 
Key caches:
 
default
 
Buffer_size:     134217728
 
Block_size:           1024
 
Division_limit:        100
 
Age_threshold:         300
 
Partitions:              0
 
blocks used:             0
 
not flushed:             0
 
w_requests:              0
 
writes:                  0
 
r_requests:              0
 
reads:                   0
 
 
 
 
 
handler status:
 
read_key:            0
 
read_next:           0
 
read_rnd             0
 
read_first:          3
 
write:               0
 
delete               0
 
update:              0
 
 
 
Table status:
 
Opened tables:         24
 
Open tables:           18
 
Open files:            39
 
Open streams:           0
 
 
 
Alarm status:
 
Active alarms:   0
 
Max used alarms: 0
 
Next alarm time: 0
 
 
 
Memory status:
 
Non-mmapped space allocated from system: 17833984
 
Number of free chunks:                   62
 
Number of fastbin blocks:                4
 
Number of mmapped regions:               10
 
Space in mmapped regions:                311881728
 
Maximum total allocated space:           0
 
Space available in freed fastbin blocks: 304
 
Total allocated space:                   12129600
 
Total free space:                        5704384
 
Top-most, releasable space:              62272
 
Estimated memory (with thread stack):    331509760
 
Global memory allocated by server:       273861560
 
Memory allocated by threads:             188440
 
 
 
 
 
 
 
Events status:
 
LLA = Last Locked At  LUA = Last Unlocked At
 
WOC = Waiting On Condition  DL = Data Locked
 
 
 
Event scheduler status:
 
State      : INITIALIZED
 
Thread id  : 0
 
LLA        : n/a:0
 
LUA        : n/a:0
 
WOC        : NO
 
Workers    : 0
 
Executed   : 0
 
Data locked: NO
 
 
 
Event queue status:
 
Element count   : 0
 
Data locked     : NO
 
Attempting lock : NO
 
LLA             : init_queue:140
 
LUA             : init_queue:150
 
WOC             : NO
 
Next activation : never
 
170725 12:16:20 [ERROR] mysqld got signal 11 ;
 
This could be because you hit a bug. It is also possible that this binary
 
or one of the libraries it was linked against is corrupt, improperly built,
 
or misconfigured. This error can also be caused by malfunctioning hardware.
 
 
 
To report this bug, see https://mariadb.com/kb/en/reporting-bugs
 
 
 
We will try our best to scrape up some info that will hopefully help
 
diagnose the problem, but since we have already crashed, 
something is definitely wrong and this may fail.
 
 
 
Server version: 10.2.7-MariaDB-10.2.7+maria~trusty
 
key_buffer_size=134217728
 
read_buffer_size=131072
 
max_used_connections=1
 
max_threads=153
 
thread_count=7
 
It is possible that mysqld could use up to 
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 467207 K  bytes of memory
 
Hope that's ok; if not, decrease some variables in the equation.
 
 
 
Thread pointer: 0x7f35300009a8
 
Attempting backtrace. You can use the following information to find out
 
where mysqld died. If you see no messages after this, something went
 
terribly wrong...
 
stack_bottom = 0x7f3598222e70 thread_stack 0x49000
 
/usr/sbin/mysqld(my_print_stacktrace+0x2e)[0x5615799f002e]
 
/usr/sbin/mysqld(handle_fatal_signal+0x30d)[0x56157943787d]
 
/lib/x86_64-linux-gnu/libpthread.so.0(+0x10330)[0x7f359ac2b330]
 
/usr/sbin/mysqld(_ZN19Materialized_cursor24send_result_set_metadataEP3THDR4ListI4ItemE+0xb9)[0x56157957c689]
 
/usr/sbin/mysqld(_ZN18Select_materialize24send_result_set_metadataER4ListI4ItemEj+0xe3)[0x56157957c813]
 
/usr/sbin/mysqld(_ZN4JOIN10exec_innerEv+0x26e)[0x5615792fdf1e]
 
/usr/sbin/mysqld(_ZN4JOIN4execEv+0x33)[0x5615792fe8d3]
 
/usr/sbin/mysqld(_Z12mysql_selectP3THDP10TABLE_LISTjR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex+0x11a)[0x5615792fea2a]
 
/usr/sbin/mysqld(_Z13handle_selectP3THDP3LEXP13select_resultm+0x23c)[0x5615792ff56c]
 
/usr/sbin/mysqld(+0x4ceca6)[0x5615792a2ca6]
 
/usr/sbin/mysqld(_Z21mysql_execute_commandP3THD+0x5c20)[0x5615792af0f0]
 
/usr/sbin/mysqld(_Z17mysql_open_cursorP3THDP13select_resultPP18Server_side_cursor+0x164)[0x56157957c1e4]
 
/usr/sbin/mysqld(_ZN9sp_cursor4openEP3THD+0x1e)[0x56157956e9fe]
 
/usr/sbin/mysqld(_ZN14sp_instr_copen9exec_coreEP3THDPj+0x27)[0x561579564327]
 
/usr/sbin/mysqld(_ZN13sp_lex_keeper23reset_lex_and_exec_coreEP3THDPjbP8sp_instr+0x99)[0x56157956a309]
 
/usr/sbin/mysqld(_ZN14sp_instr_copen7executeEP3THDPj+0x48)[0x56157956a698]
 
/usr/sbin/mysqld(_ZN7sp_head7executeEP3THDb+0x79e)[0x5615795671ae]
 
/usr/sbin/mysqld(_ZN7sp_head17execute_procedureEP3THDP4ListI4ItemE+0x5df)[0x5615795688ff]
 
/usr/sbin/mysqld(+0x4ce646)[0x5615792a2646]
 
/usr/sbin/mysqld(_Z21mysql_execute_commandP3THD+0x1aa7)[0x5615792aaf77]
 
/usr/sbin/mysqld(_Z11mysql_parseP3THDPcjP12Parser_statebb+0x2bd)[0x5615792b254d]
 
/usr/sbin/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcjbb+0x2373)[0x5615792b5733]
 
/usr/sbin/mysqld(_Z10do_commandP3THD+0x161)[0x5615792b6081]
 
/usr/sbin/mysqld(_Z24do_handle_one_connectionP7CONNECT+0x1aa)[0x561579377d9a]
 
/usr/sbin/mysqld(handle_one_connection+0x3d)[0x561579377ebd]
 
/lib/x86_64-linux-gnu/libpthread.so.0(+0x8184)[0x7f359ac23184]
 
/lib/x86_64-linux-gnu/libc.so.6(clone+0x6d)[0x7f359a345ffd]
 
 
 
Trying to get some variables.
 
Some pointers may be invalid and cause the dump to abort.
 
Query (0x7f353000ef50): is an invalid pointer
 
Connection ID (thread ID): 49
 
Status: NOT_KILLED
 
 
 
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=off,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on
 
 
 
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
 
information that should help you find out what is causing the crash.
 
 
 
We think the query pointer is invalid, but we will try to print it anyway. 
Query: call test



 Comments   
Comment by Alice Sherepa [ 2017-07-26 ]

Thanks for the report and test case. Reproduced as described.
There is also crash with NULLIF, IF, CASE functions.
Reproducible on 10.2 (10.2.0-10.2.7) and 10.3, no crash on 10.0 and 10.1

Server version: 10.2.7-MariaDB-debug
 
key_buffer_size=134217728
 
read_buffer_size=131072
 
max_used_connections=1
 
max_threads=153
 
thread_count=7
 
It is possible that mysqld could use up to 
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 467292 K  bytes of memory
 
Hope that's ok; if not, decrease some variables in the equation.
 
 
 
Thread pointer: 0x7efce4000b00
 
Attempting backtrace. You can use the following information to find out
 
where mysqld died. If you see no messages after this, something went
 
terribly wrong...
 
stack_bottom = 0x7efd5406cec0 thread_stack 0x49000
 
/data/bld/10.2/bin/mysqld(my_print_stacktrace+0x38)[0x55fe740f60d6]
 
/data/bld/10.2/bin/mysqld(handle_fatal_signal+0x3a3)[0x55fe73985496]
 
/lib/x86_64-linux-gnu/libpthread.so.0(+0x11390)[0x7efd58d68390]
 
/lib/x86_64-linux-gnu/libc.so.6(gsignal+0x38)[0x7efd58121428]
 
/lib/x86_64-linux-gnu/libc.so.6(abort+0x16a)[0x7efd5812302a]
 
/lib/x86_64-linux-gnu/libc.so.6(+0x2dbd7)[0x7efd58119bd7]
 
/lib/x86_64-linux-gnu/libc.so.6(+0x2dc82)[0x7efd58119c82]
 
/data/bld/10.2/bin/mysqld(_ZN19Materialized_cursor24send_result_set_metadataEP3THDR4ListI4ItemE+0x102)[0x55fe73b1de78]
 
/data/bld/10.2/bin/mysqld(_ZN18Select_materialize24send_result_set_metadataER4ListI4ItemEj+0x196)[0x55fe73b1e7ee]
 
/data/bld/10.2/bin/mysqld(_ZN4JOIN10exec_innerEv+0xa79)[0x55fe73763067]
 
/data/bld/10.2/bin/mysqld(_ZN4JOIN4execEv+0xc8)[0x55fe73762552]
 
/data/bld/10.2/bin/mysqld(_Z12mysql_selectP3THDP10TABLE_LISTjR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex+0x2f3)[0x55fe737636f2]
 
/data/bld/10.2/bin/mysqld(_Z13handle_selectP3THDP3LEXP13select_resultm+0x15f)[0x55fe737580e9]
 
/data/bld/10.2/bin/mysqld(+0x5b3fc4)[0x55fe73723fc4]
 
/data/bld/10.2/bin/mysqld(_Z21mysql_execute_commandP3THD+0x1847)[0x55fe73719d14]
 
/data/bld/10.2/bin/mysqld(_Z17mysql_open_cursorP3THDP13select_resultPP18Server_side_cursor+0xe6)[0x55fe73b1d95a]
 
/data/bld/10.2/bin/mysqld(_ZN9sp_cursor4openEP3THD+0x6c)[0x55fe73b0ba42]
 
/data/bld/10.2/bin/mysqld(_ZN14sp_instr_copen9exec_coreEP3THDPj+0x47)[0x55fe73b062cb]
 
/data/bld/10.2/bin/mysqld(_ZN13sp_lex_keeper23reset_lex_and_exec_coreEP3THDPjbP8sp_instr+0x1d4)[0x55fe73b0438c]
 
/data/bld/10.2/bin/mysqld(_ZN14sp_instr_copen7executeEP3THDPj+0xc0)[0x55fe73b0620c]
 
/data/bld/10.2/bin/mysqld(_ZN7sp_head7executeEP3THDb+0x731)[0x55fe73affc17]
 
/data/bld/10.2/bin/mysqld(_ZN7sp_head17execute_procedureEP3THDP4ListI4ItemE+0x92b)[0x55fe73b01c9b]
 
/data/bld/10.2/bin/mysqld(+0x5a840c)[0x55fe7371840c]
 
/data/bld/10.2/bin/mysqld(_Z21mysql_execute_commandP3THD+0x8fec)[0x55fe737214b9]
 
/data/bld/10.2/bin/mysqld(_Z11mysql_parseP3THDPcjP12Parser_statebb+0x29d)[0x55fe7372794d]
 
/data/bld/10.2/bin/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcjbb+0xfe6)[0x55fe73715723]
 
/data/bld/10.2/bin/mysqld(_Z10do_commandP3THD+0x712)[0x55fe7371405d]
 
/data/bld/10.2/bin/mysqld(_Z24do_handle_one_connectionP7CONNECT+0x1ca)[0x55fe7385f406]
 
/data/bld/10.2/bin/mysqld(handle_one_connection+0x30)[0x55fe7385f186]
 
/lib/x86_64-linux-gnu/libpthread.so.0(+0x76ba)[0x7efd58d5e6ba]
 
/lib/x86_64-linux-gnu/libc.so.6(clone+0x6d)[0x7efd581f33dd]
 
 
 
Trying to get some variables.
 
Some pointers may be invalid and cause the dump to abort.
 
Query (0x7efce4010ea8): CALL test
 
Connection ID (thread ID): 8
 
Status: NOT_KILLED
 
 
 
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=off,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on

stack trace

 
 
Thread 1 (Thread 0x7efd5406d700 (LWP 17881)):
 
#0  0x00007efd58121428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
 
#1  0x00007efd5812302a in __GI_abort () at abort.c:89
 
#2  0x00007efd58119bd7 in __assert_fail_base (fmt=<optimized out>, assertion=assertion@entry=0x55fe7427d160 "send_result_set_metadata.elements == item_list.elements", file=file@entry=0x55fe7427d110 "/home/alice/git/10.2/sql/sql_cursor.cc", line=line@entry=267, function=function@entry=0x55fe7427d1c0 <Materialized_cursor::send_result_set_metadata(THD*, List<Item>&)::__PRETTY_FUNCTION__> "int Materialized_cursor::send_result_set_metadata(THD*, List<Item>&)") at assert.c:92
 
#3  0x00007efd58119c82 in __GI___assert_fail (assertion=0x55fe7427d160 "send_result_set_metadata.elements == item_list.elements", file=0x55fe7427d110 "/home/alice/git/10.2/sql/sql_cursor.cc", line=267, function=0x55fe7427d1c0 <Materialized_cursor::send_result_set_metadata(THD*, List<Item>&)::__PRETTY_FUNCTION__> "int Materialized_cursor::send_result_set_metadata(THD*, List<Item>&)") at assert.c:101
 
#4  0x000055fe73b1de78 in Materialized_cursor::send_result_set_metadata (this=0x7efce4063d78, thd=0x7efce4000b00, send_result_set_metadata=...) at /home/alice/git/10.2/sql/sql_cursor.cc:267
 
#5  0x000055fe73b1e7ee in Select_materialize::send_result_set_metadata (this=0x7efce403b9e8, list=..., flags=5) at /home/alice/git/10.2/sql/sql_cursor.cc:452
 
#6  0x000055fe73763067 in JOIN::exec_inner (this=0x7efce403bb70) at /home/alice/git/10.2/sql/sql_select.cc:3472
 
#7  0x000055fe73762552 in JOIN::exec (this=0x7efce403bb70) at /home/alice/git/10.2/sql/sql_select.cc:3274
 
#8  0x000055fe737636f2 in mysql_select (thd=0x7efce4000b00, tables=0x7efce4038ed8, wild_num=0, fields=..., conds=0x0, og_num=1, order=0x0, group=0x7efce40394e8, having=0x0, proc_param=0x0, select_options=2147749632, result=0x7efce403b9e8, unit=0x7efce40379e0, select_lex=0x7efce4038118) at /home/alice/git/10.2/sql/sql_select.cc:3668
 
#9  0x000055fe737580e9 in handle_select (thd=0x7efce4000b00, lex=0x7efce4037918, result=0x7efce403b9e8, setup_tables_done_option=0) at /home/alice/git/10.2/sql/sql_select.cc:373
 
#10 0x000055fe73723fc4 in execute_sqlcom_select (thd=0x7efce4000b00, all_tables=0x7efce4038ed8) at /home/alice/git/10.2/sql/sql_parse.cc:6442
 
#11 0x000055fe73719d14 in mysql_execute_command (thd=0x7efce4000b00) at /home/alice/git/10.2/sql/sql_parse.cc:3457
 
#12 0x000055fe73b1d95a in mysql_open_cursor (thd=0x7efce4000b00, result=0x7efce4011668, pcursor=0x7efce40116a0) at /home/alice/git/10.2/sql/sql_cursor.cc:141
 
#13 0x000055fe73b0ba42 in sp_cursor::open (this=0x7efce4011660, thd=0x7efce4000b00) at /home/alice/git/10.2/sql/sp_rcontext.cc:459
 
#14 0x000055fe73b062cb in sp_instr_copen::exec_core (this=0x7efce40395a8, thd=0x7efce4000b00, nextp=0x7efd5406b214) at /home/alice/git/10.2/sql/sp_head.cc:3832
 
#15 0x000055fe73b0438c in sp_lex_keeper::reset_lex_and_exec_core (this=0x7efce4039570, thd=0x7efce4000b00, nextp=0x7efd5406b214, open_tables=false, instr=0x7efce40395a8) at /home/alice/git/10.2/sql/sp_head.cc:2998
 
#16 0x000055fe73b0620c in sp_instr_copen::execute (this=0x7efce40395a8, thd=0x7efce4000b00, nextp=0x7efd5406b214) at /home/alice/git/10.2/sql/sp_head.cc:3817
 
#17 0x000055fe73affc17 in sp_head::execute (this=0x7efce401da58, thd=0x7efce4000b00, merge_da_on_success=true) at /home/alice/git/10.2/sql/sp_head.cc:1324
 
#18 0x000055fe73b01c9b in sp_head::execute_procedure (this=0x7efce401da58, thd=0x7efce4000b00, args=0x7efce40052f8) at /home/alice/git/10.2/sql/sp_head.cc:2113
 
#19 0x000055fe7371840c in do_execute_sp (thd=0x7efce4000b00, sp=0x7efce401da58) at /home/alice/git/10.2/sql/sql_parse.cc:2889
 
#20 0x000055fe737214b9 in mysql_execute_command (thd=0x7efce4000b00) at /home/alice/git/10.2/sql/sql_parse.cc:5798
 
#21 0x000055fe7372794d in mysql_parse (thd=0x7efce4000b00, rawbuf=0x7efce4010ea8 "CALL test", length=9, parser_state=0x7efd5406c250, is_com_multi=false, is_next_command=false) at /home/alice/git/10.2/sql/sql_parse.cc:7879
 
#22 0x000055fe73715723 in dispatch_command (command=COM_QUERY, thd=0x7efce4000b00, packet=0x7efce40086d1 "CALL test", packet_length=9, is_com_multi=false, is_next_command=false) at /home/alice/git/10.2/sql/sql_parse.cc:1817
 
#23 0x000055fe7371405d in do_command (thd=0x7efce4000b00) at /home/alice/git/10.2/sql/sql_parse.cc:1362
 
#24 0x000055fe7385f406 in do_handle_one_connection (connect=0x55fe75769c60) at /home/alice/git/10.2/sql/sql_connect.cc:1354
 
#25 0x000055fe7385f186 in handle_one_connection (arg=0x55fe75769c60) at /home/alice/git/10.2/sql/sql_connect.cc:1260
 
#26 0x00007efd58d5e6ba in start_thread (arg=0x7efd5406d700) at pthread_create.c:333
 
#27 0x00007efd581f33dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Comment by Juha Pyy [ 2017-07-27 ]

If you change the cursor to only return hard-coded values or columns from table(s), without using any "normal" functions in any of the fields, it won't cause a crash. But using aggregate functions does work though.

Comment by Elena Stepanova [ 2017-07-31 ]

It appears to be a duplicate of MDEV-13346, please track further progress there.

Generated at Thu Feb 08 08:05:09 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.