ShahMitesh, thank you for your report.
Unfortunately, there is no useful stack trace. Could you enable the --core-file option and then extract a stack trace with something like
gdb --batch --ex 'thr a a bt' /usr/sbin/mysqld core
|
Alternatively, could you attach gdb to the running mysqld process (if it is possible to do so before starting a service that crashes it), and then extract a proper stack trace once the SIGSEGV is delivered?
/usr/sbin/mysqld --defaults-file=/etc/mysql/conf.d/my2.cnf /usr/sbin/mysqld --defaults-file=/etc/mysql/conf.d/my2.cnf^C
|
root@agentgrowdev:/tmp# /usr/sbin/mysqld --defaults-file=/etc/mysql/conf.d/my2.cnf --gdb --core-file --general-log --general-log-file --verbose
|
2019-04-23 7:53:43 0 [Note] /usr/sbin/mysqld (mysqld 10.3.14-MariaDB-1:10.3.14+maria~bionic-log) starting as process 16404 ...
|
*** buffer overflow detected ***: /usr/sbin/mysqld terminated
|
Aborted (core dumped)
|
|
|
|
|
|
|
root@agentgrowdev:/tmp# gdb mysqld core-mysqld-6-113-118-16404-1556006036
|
GNU gdb (Ubuntu 8.1-0ubuntu3) 8.1.0.20180409-git
|
Copyright (C) 2018 Free Software Foundation, Inc.
|
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
|
This is free software: you are free to change and redistribute it.
|
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
|
and "show warranty" for details.
|
This GDB was configured as "x86_64-linux-gnu".
|
Type "show configuration" for configuration details.
|
For bug reporting instructions, please see:
|
<http://www.gnu.org/software/gdb/bugs/>.
|
Find the GDB manual and other documentation resources online at:
|
<http://www.gnu.org/software/gdb/documentation/>.
|
For help, type "help".
|
Type "apropos word" to search for commands related to "word"...
|
Reading symbols from mysqld...(no debugging symbols found)...done.
|
[New LWP 16767]
|
[New LWP 16422]
|
[New LWP 16407]
|
[New LWP 16405]
|
[New LWP 16406]
|
[New LWP 16409]
|
[New LWP 16427]
|
[New LWP 16417]
|
[New LWP 16430]
|
[New LWP 16410]
|
[New LWP 16423]
|
[New LWP 16416]
|
[New LWP 16419]
|
[New LWP 16432]
|
[New LWP 16420]
|
[New LWP 16415]
|
[New LWP 16412]
|
[New LWP 16408]
|
[New LWP 16421]
|
[New LWP 16414]
|
[New LWP 16411]
|
[New LWP 16425]
|
[New LWP 16413]
|
[New LWP 16424]
|
[New LWP 16428]
|
[New LWP 16434]
|
[New LWP 16431]
|
[New LWP 16433]
|
[New LWP 16426]
|
[New LWP 16429]
|
[New LWP 16655]
|
[New LWP 16404]
|
[Thread debugging using libthread_db enabled]
|
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
|
Core was generated by `/usr/sbin/mysqld --defaults-file=/etc/mysql/conf.d/my2.cnf --gdb --core-file --'.
|
Program terminated with signal SIGABRT, Aborted.
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
|
51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
|
[Current thread is 1 (Thread 0x7fa238295700 (LWP 16767))]
|
(gdb) bt full
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
|
set = {__val = {28677, 18446744073709551615 <repeats 12 times>, 0, 0, 0}}
|
pid = <optimized out>
|
tid = <optimized out>
|
ret = <optimized out>
|
#1 0x00007fa23ace58db in __GI_abort () at abort.c:100
|
act = {__sigaction_handler = {sa_handler = 0x0, sa_sigaction = 0x0}, sa_mask = {
|
__val = {18446744073709551615 <repeats 16 times>}}, sa_flags = 0,
|
sa_restorer = 0x0}
|
sigs = {__val = {32, 0 <repeats 15 times>}}
|
__cnt = <optimized out>
|
__set = <optimized out>
|
__cnt = <optimized out>
|
__set = <optimized out>
|
#2 0x00007fa23ad2e897 in __libc_message (action=action@entry=(do_abort | do_backtrace),
|
fmt=fmt@entry=0x7fa23ae5b988 "*** %s ***: %s terminated\n")
|
at ../sysdeps/posix/libc_fatal.c:181
|
ap = {{gp_offset = 32, fp_offset = 1073741824, overflow_arg_area = 0x7fa238291340,
|
reg_save_area = 0x7fa2382912d0}}
|
fd = <optimized out>
|
list = <optimized out>
|
nlist = <optimized out>
|
cp = <optimized out>
|
written = <optimized out>
|
on_2 = <optimized out>
|
next = <optimized out>
|
str = <optimized out>
|
len = <optimized out>
|
---Type <return> to continue, or q <return> to quit---
|
newp = <optimized out>
|
iov = <optimized out>
|
total = <optimized out>
|
cnt = <optimized out>
|
buf = <optimized out>
|
wp = <optimized out>
|
old = <optimized out>
|
cnt = <optimized out>
|
result = <optimized out>
|
#3 0x00007fa23add9cff in __GI___fortify_fail_abort (
|
need_backtrace=need_backtrace@entry=true,
|
msg=msg@entry=0x7fa23ae5b905 "buffer overflow detected") at fortify_fail.c:33
|
No locals.
|
#4 0x00007fa23add9d21 in __GI___fortify_fail (
|
msg=msg@entry=0x7fa23ae5b905 "buffer overflow detected") at fortify_fail.c:44
|
No locals.
|
#5 0x00007fa23add7a10 in __GI___chk_fail () at chk_fail.c:28
|
No locals.
|
#6 0x00007fa23add9c0a in __fdelt_chk (d=<optimized out>) at fdelt_chk.c:25
|
No locals.
|
#7 0x000055ef68bff595 in my_addr_resolve ()
|
No symbol table info available.
|
#8 0x000055ef68be5f73 in my_print_stacktrace ()
|
No symbol table info available.
|
#9 0x000055ef68684f55 in handle_fatal_signal ()
|
No symbol table info available.
|
#10 <signal handler called>
|
No locals.
|
---Type <return> to continue, or q <return> to quit---
|
#11 0x000055ef6855bc50 in calculate_key_len(TABLE*, unsigned int, unsigned char const*, unsigned long) ()
|
No symbol table info available.
|
#12 0x000055ef684edca8 in ?? ()
|
No symbol table info available.
|
#13 0x000055ef684e0651 in sub_select(JOIN*, st_join_table*, bool) ()
|
No symbol table info available.
|
#14 0x000055ef684d6048 in ?? ()
|
No symbol table info available.
|
#15 0x000055ef684e0672 in sub_select(JOIN*, st_join_table*, bool) ()
|
No symbol table info available.
|
#16 0x000055ef684ff166 in JOIN::exec_inner() ()
|
No symbol table info available.
|
#17 0x000055ef684ff4b3 in JOIN::exec() ()
|
No symbol table info available.
|
#18 0x000055ef684ff5fb in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) ()
|
No symbol table info available.
|
#19 0x000055ef684fff6d in handle_select(THD*, LEX*, select_result*, unsigned long) ()
|
No symbol table info available.
|
#20 0x000055ef684a1131 in ?? ()
|
No symbol table info available.
|
#21 0x000055ef684adb01 in mysql_execute_command(THD*) ()
|
No symbol table info available.
|
#22 0x000055ef684b053a in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) ()
|
No symbol table info available.
|
#23 0x000055ef684b2f67 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool---Type <return> to continue, or q <return> to quit---
|
, bool) ()
|
No symbol table info available.
|
#24 0x000055ef684b3d08 in do_command(THD*) ()
|
No symbol table info available.
|
#25 0x000055ef68584492 in do_handle_one_connection(CONNECT*) ()
|
No symbol table info available.
|
#26 0x000055ef6858466d in handle_one_connection ()
|
No symbol table info available.
|
#27 0x00007fa23b7c46db in start_thread (arg=0x7fa238295700) at pthread_create.c:463
|
pd = 0x7fa238295700
|
now = <optimized out>
|
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140334703662848, 987485806210634432,
|
140334703660864, 0, 94486808363560, 94486752470528, -941198131328134464,
|
-941190872569425216}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0,
|
0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
|
not_first_call = <optimized out>
|
#28 0x00007fa23adc688f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
No locals.
|
(gdb)
|
(gdb)
|
Thanks, that is much better. Only the stack trace of the crashing thread was included. If this were an InnoDB bug (which it does not look like), then other threads could be crucial.
We still do not seem to know the current statement (thd->query_string) or what exactly caused the SIGSEGV. Could you provide the output for the following?
frame 18
|
p thd->query_string
|
disassemble *0x000055ef6855bc50
|
There should be a separate package mariadb-server-core-10.3-dbgsym that could be beneficial, but I do not see it being available for Ubuntu Bionic.
The mariadb-server-core-10.3-dbgsym package is not available for Ubuntu 18.04 
Can you give me any other command or something which can help you to identify the issue?
ShahMitesh, I am still waiting for the disassembly of the function. That should be obtainable even if debugging symbols are not available.
Can you guide me how can i get what you needed?
Any commands or example will be great help for me to provide what you needed
ShahMitesh I hope that the following command should work:
gdb --batch --ex 'disassemble *0x000055ef6855bc50' /usr/sbin/mysqld
|
root@agentgrowdev:~# gdb --batch --ex 'disassemble *0x000055ef6855bc50' /usr/sbin/mysqld
Cannot access memory at address 0x55ef6855bc50
I'd tried with new core dump and same results
/usr/sbin/mysqld --defaults-file=/etc/mysql/conf.d/my2.cnf --gdb --core-file --general-log --general-log-file --verbose
|
2019-04-29 7:26:24 0 [Note] /usr/sbin/mysqld (mysqld 10.3.14-MariaDB-1:10.3.14+maria~bionic-log) starting as process 14375 ... |
Segmentation fault (core dumped)
|
root@agentgrowdev:/tmp# gdb mysqld core-mysqld-11-113-118-14375-1556522796 |
GNU gdb (Ubuntu 8.1-0ubuntu3) 8.1.0.20180409-git |
Copyright (C) 2018 Free Software Foundation, Inc. |
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> |
This is free software: you are free to change and redistribute it.
|
There is NO WARRANTY, to the extent permitted by law. Type "show copying" |
and "show warranty" for details. |
This GDB was configured as "x86_64-linux-gnu". |
Type "show configuration" for configuration details. |
For bug reporting instructions, please see:
|
<http://www.gnu.org/software/gdb/bugs/>. |
Find the GDB manual and other documentation resources online at:
|
<http://www.gnu.org/software/gdb/documentation/>. |
For help, type "help". |
Type "apropos word" to search for commands related to "word"... |
Reading symbols from mysqld...(no debugging symbols found)...done.
|
[New LWP 14752] |
[New LWP 14377] |
[New LWP 14383] |
[New LWP 14394] |
[New LWP 14395] |
[New LWP 14376] |
[New LWP 14396] |
[New LWP 14392] |
[New LWP 14397] |
[New LWP 14390] |
[New LWP 14405] |
[New LWP 14378] |
[New LWP 14399] |
[New LWP 14381] |
[New LWP 14389] |
[New LWP 14404] |
[New LWP 14406] |
[New LWP 14398] |
[New LWP 14388] |
[New LWP 14425] |
[New LWP 14384] |
[New LWP 14382] |
[New LWP 14402] |
[New LWP 14401] |
[New LWP 14387] |
[New LWP 14375] |
[New LWP 14379] |
[New LWP 14400] |
[New LWP 14380] |
[New LWP 14403] |
[New LWP 14386] |
[New LWP 14393] |
[New LWP 14385] |
[New LWP 14407] |
|
|
[Thread debugging using libthread_db enabled]
|
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". |
Core was generated by `/usr/sbin/mysqld --defaults-file=/etc/mysql/conf.d/my2.cnf --gdb --core-file --'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x000056387e45fc50 in calculate_key_len(TABLE*, unsigned int, unsigned char const*, unsigned long) () |
[Current thread is 1 (Thread 0x7fa580143700 (LWP 14752))] |
(gdb)
|
(gdb) bt full
|
#0 0x000056387e45fc50 in calculate_key_len(TABLE*, unsigned int, unsigned char const*, unsigned long) () |
No symbol table info available.
|
#1 0x000056387e3f1ca8 in ?? () |
No symbol table info available.
|
#2 0x000056387e3e4651 in sub_select(JOIN*, st_join_table*, bool) () |
No symbol table info available.
|
#3 0x000056387e3da048 in ?? () |
No symbol table info available.
|
#4 0x000056387e3e4672 in sub_select(JOIN*, st_join_table*, bool) () |
No symbol table info available.
|
#5 0x000056387e403166 in JOIN::exec_inner() () |
No symbol table info available.
|
#6 0x000056387e4034b3 in JOIN::exec() () |
No symbol table info available.
|
#7 0x000056387e4035fb in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) () |
No symbol table info available.
|
#8 0x000056387e403f6d in handle_select(THD*, LEX*, select_result*, unsigned long) () |
No symbol table info available.
|
#9 0x000056387e3a5131 in ?? () |
No symbol table info available.
|
#10 0x000056387e3b1b01 in mysql_execute_command(THD*) () |
No symbol table info available.
|
#11 0x000056387e3b453a in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) |
()
|
No symbol table info available.
|
---Type <return> to continue, or q <return> to quit--- |
#12 0x000056387e3b6f67 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) () |
No symbol table info available.
|
#13 0x000056387e3b7d08 in do_command(THD*) () |
No symbol table info available.
|
#14 0x000056387e488492 in do_handle_one_connection(CONNECT*) () |
No symbol table info available.
|
#15 0x000056387e48866d in handle_one_connection () |
No symbol table info available.
|
#16 0x00007fa598a3f6db in start_thread (arg=0x7fa580143700) at pthread_create.c:463 |
pd = 0x7fa580143700 |
now = <optimized out>
|
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140348795139840, -2727825305200548886, |
140348795137856, 0, 94800762758584, 94800653149696, 2697605041840399338, |
2697621067710014442}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, |
0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} |
not_first_call = <optimized out>
|
#17 0x00007fa59804188f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 |
No locals.
|
|
root@agentgrowdev:~# gdb --batch --ex 'disassemble *0x000056387e3b453a' /usr/sbin/mysqld |
Cannot access memory at address 0x56387e3b453a |
root@agentgrowdev:~# gdb --batch --ex 'disassemble *0x000056387e45fc50' /usr/sbin/mysqld |
Cannot access memory at address 0x56387e45fc50 |
I am also seeing the same error. MariaDB is crashing every time I run USE INFORMATION_SCHEMA.
2019-06-04 17:11:27 0 [Note] InnoDB: Buffer pool(s) load completed at 190604 17:11:27
|
an190604 17:12:45 [ERROR] mysqld got signal 11 ;
|
This could be because you hit a bug. It is also possible that this binary
|
or one of the libraries it was linked against is corrupt, improperly built,
|
or misconfigured. This error can also be caused by malfunctioning hardware.
|
|
|
To report this bug, see https://mariadb.com/kb/en/reporting-bugs
|
|
|
We will try our best to scrape up some info that will hopefully help
|
diagnose the problem, but since we have already crashed,
|
something is definitely wrong and this may fail.
|
|
|
Server version: 10.3.15-MariaDB-1:10.3.15+maria~bionic-log
|
key_buffer_size=134217728
|
read_buffer_size=1048576
|
max_used_connections=38
|
max_threads=603
|
thread_count=31
|
It is possible that mysqld could use up to
|
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 8171753 K bytes of memory
|
Hope that's ok; if not, decrease some variables in the equation.
|
|
|
Thread pointer: 0x7f67000008d8
|
Attempting backtrace. You can use the following information to find out
|
where mysqld died. If you see no messages after this, something went
|
terribly wrong...
|
stack_bottom = 0x7f6822ab6dd8 thread_stack 0x49000
|
*** buffer overflow detected ***: /usr/sbin/mysqld terminated
|
Fatal signal 6 while backtracing
|
Server version is 10.3.15-MariaDB-1:10.3.15+maria~bionic-log mariadb.org binary distribution
What you are getting is more likely to be MDEV-19490.
@Elena Stepanova It appears so. I am seeing the same behaviour mentioned in the comment. Sorry.
We ran into this exact same issue in our environment this morning, triggered by a similar invocation of a wp-cli --network search and replace command.
Looking at the query, I noticed that it was generating an IN operator list of ~1700 items. When I narrow that list of items down under 1000, the query completes successfully. The query crashes MariaDB if the list is >= 1000 items.
I've verified that this affects MariaDB 10.3 and 10.4, but not 10.2, 10.1 or 10.0, and that it will happen in a brand-new database.
To reproduce, use a query generated by a script similar to this one in Python:
N=1000
|
print("use mysql;")
|
print("SHOW TABLES WHERE `Tables_in_mysql` IN ({});".format(
|
", ".join(["'{}'".format(x) for x in range(N)]))
|
)
|
Setting N < 1000 allows the query to succeed. N >= 1000 causes a crash.
You can verify in docker easily:
docker run -d --rm --name in_operator_crash --env MYSQL_ALLOW_EMPTY_PASSWORD=1 -it mariadb:10.3
|
docker exec -it in_operator_crash /usr/bin/mysql -u root
|
# PASTE GIGANTIC QUERY HERE
|
Example log output from a 10.3.16 container:
MySQL init process done. Ready for start up.
|
|
|
2019-06-21 18:37:55 0 [Note] mysqld (mysqld 10.3.16-MariaDB-1:10.3.16+maria~bionic) starting as process 1 ...
|
2019-06-21 18:37:55 0 [Note] InnoDB: Using Linux native AIO
|
2019-06-21 18:37:55 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
|
2019-06-21 18:37:55 0 [Note] InnoDB: Uses event mutexes
|
2019-06-21 18:37:55 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
|
2019-06-21 18:37:55 0 [Note] InnoDB: Number of pools: 1
|
2019-06-21 18:37:55 0 [Note] InnoDB: Using SSE2 crc32 instructions
|
2019-06-21 18:37:55 0 [Note] InnoDB: Initializing buffer pool, total size = 256M, instances = 1, chunk size = 128M
|
2019-06-21 18:37:55 0 [Note] InnoDB: Completed initialization of buffer pool
|
2019-06-21 18:37:55 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
|
2019-06-21 18:37:55 0 [Note] InnoDB: 128 out of 128 rollback segments are active.
|
2019-06-21 18:37:55 0 [Note] InnoDB: Creating shared tablespace for temporary tables
|
2019-06-21 18:37:55 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
|
2019-06-21 18:37:55 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
|
2019-06-21 18:37:55 0 [Note] InnoDB: 10.3.16 started; log sequence number 1630824; transaction id 21
|
2019-06-21 18:37:55 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
|
2019-06-21 18:37:55 0 [Note] Plugin 'FEEDBACK' is disabled.
|
2019-06-21 18:37:55 0 [Note] InnoDB: Buffer pool(s) load completed at 190621 18:37:55
|
2019-06-21 18:37:55 0 [Note] Server socket created on IP: '::'.
|
2019-06-21 18:37:55 0 [Warning] 'proxies_priv' entry '@% root@2611a63c363f' ignored in --skip-name-resolve mode.
|
2019-06-21 18:37:55 0 [Note] Reading of all Master_info entries succeeded
|
2019-06-21 18:37:55 0 [Note] Added new Master_info '' to hash table
|
2019-06-21 18:37:55 0 [Note] mysqld: ready for connections.
|
Version: '10.3.16-MariaDB-1:10.3.16+maria~bionic' socket: '/var/run/mysqld/mysqld.sock' port: 3306 mariadb.org binary distribution
|
2019-06-21 18:38:05 8 [Warning] Access denied for user 'root'@'localhost' (using password: YES)
|
190621 18:38:59 [ERROR] mysqld got signal 11 ;
|
This could be because you hit a bug. It is also possible that this binary
|
or one of the libraries it was linked against is corrupt, improperly built,
|
or misconfigured. This error can also be caused by malfunctioning hardware.
|
|
|
To report this bug, see https://mariadb.com/kb/en/reporting-bugs
|
|
|
We will try our best to scrape up some info that will hopefully help
|
diagnose the problem, but since we have already crashed,
|
something is definitely wrong and this may fail.
|
|
|
Server version: 10.3.16-MariaDB-1:10.3.16+maria~bionic
|
key_buffer_size=134217728
|
read_buffer_size=2097152
|
max_used_connections=1
|
max_threads=102
|
thread_count=7
|
It is possible that mysqld could use up to
|
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 760032 K bytes of memory
|
Hope that's ok; if not, decrease some variables in the equation.
|
|
|
Thread pointer: 0x7f004c000c08
|
Attempting backtrace. You can use the following information to find out
|
where mysqld died. If you see no messages after this, something went
|
terribly wrong...
|
stack_bottom = 0x7f00a40b1dd8 thread_stack 0x49000
|
mysqld(my_print_stacktrace+0x2e)[0x55bdcc37b53e]
|
mysqld(handle_fatal_signal+0x515)[0x55bdcbe15fb5]
|
/lib/x86_64-linux-gnu/libpthread.so.0(+0x12890)[0x7f00becb1890]
|
mysqld(_Z17calculate_key_lenP5TABLEjPKhm+0x0)[0x55bdcbceb120]
|
mysqld(+0x5b9468)[0x55bdcbc7c468]
|
mysqld(_Z10sub_selectP4JOINP13st_join_tableb+0x151)[0x55bdcbc6ec21]
|
mysqld(+0x5a0bd8)[0x55bdcbc63bd8]
|
mysqld(_Z10sub_selectP4JOINP13st_join_tableb+0x172)[0x55bdcbc6ec42]
|
mysqld(_ZN4JOIN10exec_innerEv+0x946)[0x55bdcbc8db16]
|
mysqld(_ZN4JOIN4execEv+0x33)[0x55bdcbc8de63]
|
mysqld(_Z12mysql_selectP3THDP10TABLE_LISTjR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex+0xeb)[0x55bdcbc8dfab]
|
mysqld(_Z13handle_selectP3THDP3LEXP13select_resultm+0x14d)[0x55bdcbc8e91d]
|
mysqld(+0x56c551)[0x55bdcbc2f551]
|
mysqld(_Z21mysql_execute_commandP3THD+0x5cd5)[0x55bdcbc3bb65]
|
mysqld(_Z11mysql_parseP3THDPcjP12Parser_statebb+0x20a)[0x55bdcbc3e13a]
|
mysqld(_Z16dispatch_command19enum_server_commandP3THDPcjbb+0x1cd7)[0x55bdcbc40b67]
|
mysqld(_Z10do_commandP3THD+0x178)[0x55bdcbc41908]
|
mysqld(_Z24do_handle_one_connectionP7CONNECT+0x212)[0x55bdcbd13a12]
|
mysqld(handle_one_connection+0x3d)[0x55bdcbd13bed]
|
/lib/x86_64-linux-gnu/libpthread.so.0(+0x76db)[0x7f00beca66db]
|
/lib/x86_64-linux-gnu/libc.so.6(clone+0x3f)[0x7f00be2a888f]
|
|
|
Trying to get some variables.
|
Some pointers may be invalid and cause the dump to abort.
|
Query (0x7f004c00f5f0): SHOW TABLES WHERE `Tables_in_mysql` IN ('0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '10', '11', '12', '13', '14', '15', '16', '17', '18', '19', '20', '21', '22', '23', '24', '25', '26', '27', '28', '29', '30', '31', '32', '33', '34', '35', '36', '37', '38', '39', '40', '41', '42', '43', '44', '45', '46', '47', '48', '49', '50', '51', '52', '53', '54', '55', '56', '57', '58', '59', '60', '61', '62', '63', '64', '65', '66', '67', '68', '69', '70', '71', '72', '73', '74', '75', '76', '77', '78', '79', '80', '81', '82', '83', '84', '85', '86', '87', '88', '89', '90', '91', '92', '93', '94', '95', '96', '97', '98', '99', '100', '101', '102', '103', '104', '105', '106', '107', '108', '109', '110', '111', '112', '113', '114', '115', '116', '117', '118', '119', '120', '121', '122', '123', '124', '125', '126', '127', '128', '129', '130', '131', '132', '133', '134', '135', '136', '137', '138', '139', '140', '141', '142', '143', '144', '145', '146', '147', '148', '149', '150', '151', '152', '153', '154', '155', '156', '157', '158', '159', '160', '161', '162', '163', '164', '165', '166', '167', '168', '169', '170', '171', '172', '173', '174', '175', '176', '177', '178', '179', '180', '181', '182', '183', '184', '185', '186', '187', '188', '189', '190', '191', '192', '193', '194', '195', '196', '197', '198', '199', '200', '201', '202', '203', '204', '205', '206', '207', '208', '209', '210', '211', '212', '213', '214', '215', '216', '217', '218', '219', '220', '221', '222', '223', '224', '225', '226', '227', '228', '229', '230', '231', '232', '233', '234', '235', '236', '237', '238', '239', '240', '241', '242', '243', '244', '245', '246', '247', '248', '249', '250', '251', '252', '253', '254', '255', '256', '257', '258', '259', '260', '261', '262', '263', '264', '265', '266', '267', '268', '269', '270', '271', '272', '273', '274', '275', '276', '277', '278', '279', '280', '281', '282', '283', '284', '285', '286', '287', '288', '289', '290', '291', '292', '293', '294', '295', '296', '297', '298', '299', '300', '301', '302', '303', '304', '305', '306', '307', '308', '309', '310', '311', '312', '313', '314', '315', '316', '317', '318', '319', '320', '321', '322', '323', '324', '325', '326', '327', '328', '329', '330', '331', '332', '333', '334', '335', '336', '337', '338', '339', '340', '341', '342', '343', '344', '345', '346', '347', '348', '349', '350', '351', '352', '353', '354', '355', '356', '357', '358', '359', '360', '361', '362', '363', '364', '365', '366', '367', '368', '369', '370', '371', '372', '373', '374', '375', '376', '377', '378', '379', '380', '381', '382', '383', '384', '385', '386', '387', '388', '389', '390', '391', '392', '393', '394', '395', '396', '397', '398', '399', '400', '401', '402', '403', '404', '405', '406', '407', '408', '409', '410', '411', '412', '413', '414', '415', '416', '417', '418', '419', '420', '421', '422', '423', '424', '425', '426', '427', '428', '429', '430', '431', '432', '433', '434', '435', '436', '437', '438', '439', '440', '441', '442', '443', '444', '445', '446', '447', '448', '449', '450', '451', '452', '453', '454', '455', '456', '457', '458', '459', '460', '461', '462', '463', '464', '465', '466', '467', '468', '469', '470', '471', '472', '473', '474', '475', '476', '477', '478', '479', '480', '481', '482', '483', '484', '485', '486', '487', '488', '489', '490', '491', '492', '493', '494', '495', '496', '497', '498', '499', '500', '501', '502', '503', '504', '505', '506', '507', '508', '509', '510', '511', '512', '513', '514', '515', '516', '517', '518', '519', '520', '521', '522', '523', '524', '525', '526', '527', '528', '529', '530', '531', '532', '533', '534', '535', '536', '537', '538', '539', '540', '541', '542', '543', '544', '545', '546', '547', '548', '549', '550', '551', '552', '553', '554', '555', '556', '557', '558', '559', '560', '561', '562', '563', '564', '565', '566', '567', '568', '569', '570', '571', '572', '573', '574', '575', '576', '577', '578', '579', '580', '581', '582', '583', '584', '585', '586', '587', '588', '589', '590', '591', '592', '593', '594', '595', '596', '597', '598', '599', '600', '601', '602', '603', '604', '605', '606', '607', '608', '609', '610', '611', '612', '613', '614', '615', '616', '617', '618', '619', '620', '621', '622', '623', '624', '625', '626', '627', '628', '629', '630', '631', '632', '633', '634', '635', '636', '637', '638', '639', '640', '641', '642', '643', '644', '645', '646', '647', '648', '649', '650', '651', '652', '653', '654', '655', '656', '657', '658', '659', '660', '661', '662', '663', '664', '665', '666', '667', '668', '669', '670', '671', '672', '673', '674', '675', '676', '677', '678', '679', '680', '681', '682', '683', '684', '685', '686', '687', '688', '689', '690', '691', '692', '693', '694', '695', '696', '697', '698', '699', '700', '701', '702', '703', '704', '705', '706', '707', '708', '709', '710', '711', '712', '713', '714', '715', '716', '717', '718', '719', '720', '721', '722', '723', '724', '725', '726', '727', '728', '729', '730', '731', '732', '733', '734', '735', '736', '737', '738', '739', '740', '741', '742', '743', '744', '745', '746', '747', '748', '749', '750', '751', '752', '753', '754', '755', '756', '757', '758', '759', '760', '761', '762', '763', '764', '765', '766', '767', '768', '769', '770', '771', '772', '773', '774', '775', '776', '777', '778', '779', '780', '781', '782', '783', '784', '785', '786', '787', '788', '789', '790', '791', '792', '793', '794', '795', '796', '797', '798', '799', '800', '801', '802', '803', '804', '805', '806', '807', '808', '809', '810', '811', '812', '813', '814', '815', '816', '817', '818', '819', '820', '821', '822', '823', '824', '825', '826', '827', '828', '829', '830', '831', '832', '833', '834', '835', '836', '837', '838', '839', '840', '841', '842', '843', '844', '845', '846', '847', '848', '849', '850', '851', '852', '853', '854', '855', '856', '857', '858', '859', '860', '861', '862', '863', '864', '865', '866', '867', '868', '869', '870', '871', '872', '873', '874', '875', '876', '877', '878', '879', '880', '881', '882', '883', '884', '885', '886', '887', '888', '889', '890', '891', '892', '893', '894', '895', '896', '897', '898', '899', '900', '901', '902', '903', '904', '905', '906', '907', '908', '909', '910', '911', '912', '913', '914', '915', '916', '917', '918', '919', '920', '921', '922', '923', '924', '925', '926', '927', '928', '929', '930', '931', '932', '933', '934', '935', '936', '937', '938', '939', '940', '941', '942', '943', '944', '945', '946', '947', '948', '949', '950', '951', '952', '953', '954', '955', '956', '957', '958', '959', '960', '961', '962', '963', '964', '965', '966', '967', '968', '969', '970', '971', '972', '973', '974', '975', '976', '977', '978', '979', '980', '981', '982', '983', '984', '985', '986', '987', '988', '989', '990', '991', '992', '993', '994', '995', '996', '997', '998', '999')
|
Connection ID (thread ID): 9
|
Status: NOT_KILLED
|
|
|
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=off,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on
|
|
|
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
|
information that should help you find out what is causing the crash.
|
Writing a core file...
|
Working directory at /var/lib/mysql
|
Resource Limits:
|
Limit Soft Limit Hard Limit Units
|
Max cpu time unlimited unlimited seconds
|
Max file size unlimited unlimited bytes
|
Max data size unlimited unlimited bytes
|
Max stack size 8388608 unlimited bytes
|
Max core file size 0 unlimited bytes
|
Max resident set unlimited unlimited bytes
|
Max processes 63529 63529 processes
|
Max open files 65536 65536 files
|
Max locked memory 65536 65536 bytes
|
Max address space unlimited unlimited bytes
|
Max file locks unlimited unlimited locks
|
Max pending signals 63529 63529 signals
|
Max msgqueue size 819200 819200 bytes
|
Max nice priority 0 0
|
Max realtime priority 0 0
|
Max realtime timeout unlimited unlimited us
|
Core pattern: core
|
I tried reproduce the problem with following test script, but failed. Could you give schema (SHOW CREATE TABLE for table(s) used in the query), and example of generated query (with not so big N, I can only guess how it looks like because never worked with python and not going to now).
--source include/have_innodb.inc
|
|
|
create table t1(a int) engine=heap;
|
create table t2(a bigint primary key) engine=innodb;
|
--disable_query_log
|
let $base=2000;
|
let $1=$base;
|
while ($1)
|
{
|
eval insert into t1 values($1*10);
|
eval insert into t2 values($1*10);
|
eval insert into t2 values($base + 1 +$1*10);
|
dec $1;
|
}
|
--enable_query_log
|
let $in=`select group_concat(a) from t1`;
|
|
|
eval select count(*) from t2 where a in ( $in );
|
|
|
drop table t1, t2;
|
Also optimiser switches are interesting if they are not default.
Sorry about the python. Here's a trimmed example of crashing query (N=5):
use mysql;
|
SHOW TABLES WHERE `Tables_in_mysql` IN ('0', '1', '2', '3', '4');
|
This is still on MariaDB 10.3.16, running a fresh instance in docker (10.3.16-MariaDB-1:10.3.16+maria~bionic). This also crashes on CentOS 6 & 7 using the official packages.
I can confirm that running a select against an empty table with an IN operator list N>1000 does not cause the crash. I've only been able to do it by limiting a SHOW TABLES.
Non-reproducing example below.
show create table bar
|
-> ;
|
+-------+------------------------------------------------------------------------------------------+
|
| Table | Create Table |
|
+-------+------------------------------------------------------------------------------------------+
|
| bar | CREATE TABLE `bar` (
|
`baz` int(11) DEFAULT NULL
|
) ENGINE=InnoDB DEFAULT CHARSET=latin1 |
|
+-------+------------------------------------------------------------------------------------------+
|
SELECT * from bar WHERE baz IN ('0', '1', '2', '3', '4');
|
repeatable:
create table t1(a int) engine=heap;
|
--disable_query_log
|
let $base=1000;
|
let $1=$base;
|
while ($1)
|
{
|
eval insert into t1 values($1);
|
dec $1;
|
}
|
--enable_query_log
|
let $in=`select group_concat(a) from t1`;
|
|
|
use mysql;
|
eval SHOW TABLES WHERE Tables_in_mysql in ( $in );
|
|
|
drop table t1, t2;
|
better test suite:
let $base=1000;
|
let $1=$base;
|
let $in="0";
|
while ($1)
|
{
|
let $in=$in, "$1";
|
dec $1;
|
}
|
|
|
use mysql;
|
eval SHOW TABLES WHERE Tables_in_mysql in ( $in );
|
it appeared on 10.3 (5.5 - 10.2 has no such problem)
probably JOIN::transform_in_predicates_into_in_subq is not completely compatible with SHOW TABLES
It might be the case this got fixed in 10.3.29
$ for v in $(seq 14 29); do echo version=10.3.$v; podman run -d --name mariadb-10.3.$v -e MYSQL_ALLOW_EMPTY_PASSWORD=1 -e MYSQL_INITDB_SKIP_TZINFO=1 --rm docker.io/library/mariadb:10.3.$v ; sleep 5; podman exec -ti mariadb-10.3.$v mysql -e "SHOW TABLES WHERE Tables_in_mysql IN ('0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '10', '11', '12', '13', '14', '15', '16', '17', '18', '19', '20', '21', '22', '23', '24', '25', '26', '27', '28', '29', '30', '31', '32', '33', '34', '35', '36', '37', '38', '39', '40', '41', '42', '43', '44', '45', '46', '47', '48', '49', '50', '51', '52', '53', '54', '55', '56', '57', '58', '59', '60', '61', '62', '63', '64', '65', '66', '67', '68', '69', '70', '71', '72', '73', '74', '75', '76', '77', '78', '79', '80', '81', '82', '83', '84', '85', '86', '87', '88', '89', '90', '91', '92', '93', '94', '95', '96', '97', '98', '99', '100', '101', '102', '103', '104', '105', '106', '107', '108', '109', '110', '111', '112', '113', '114', '115', '116', '117', '118', '119', '120', '121', '122', '123', '124', '125', '126', '127', '128', '129', '130', '131', '132', '133', '134', '135', '136', '137', '138', '139', '140', '141', '142', '143', '144', '145', '146', '147', '148', '149', '150', '151', '152', '153', '154', '155', '156', '157', '158', '159', '160', '161', '162', '163', '164', '165', '166', '167', '168', '169', '170', '171', '172', '173', '174', '175', '176', '177', '178', '179', '180', '181', '182', '183', '184', '185', '186', '187', '188', '189', '190', '191', '192', '193', '194', '195', '196', '197', '198', '199', '200', '201', '202', '203', '204', '205', '206', '207', '208', '209', '210', '211', '212', '213', '214', '215', '216', '217', '218', '219', '220', '221', '222', '223', '224', '225', '226', '227', '228', '229', '230', '231', '232', '233', '234', '235', '236', '237', '238', '239', '240', '241', '242', '243', '244', '245', '246', '247', '248', '249', '250', '251', '252', '253', '254', '255', '256', '257', '258', '259', '260', '261', '262', '263', '264', '265', '266', '267', '268', '269', '270', '271', '272', '273', '274', '275', '276', '277', '278', '279', '280', '281', '282', '283', '284', '285', '286', '287', '288', '289', '290', '291', '292', '293', '294', '295', '296', '297', '298', '299', '300', '301', '302', '303', '304', '305', '306', '307', '308', '309', '310', '311', '312', '313', '314', '315', '316', '317', '318', '319', '320', '321', '322', '323', '324', '325', '326', '327', '328', '329', '330', '331', '332', '333', '334', '335', '336', '337', '338', '339', '340', '341', '342', '343', '344', '345', '346', '347', '348', '349', '350', '351', '352', '353', '354', '355', '356', '357', '358', '359', '360', '361', '362', '363', '364', '365', '366', '367', '368', '369', '370', '371', '372', '373', '374', '375', '376', '377', '378', '379', '380', '381', '382', '383', '384', '385', '386', '387', '388', '389', '390', '391', '392', '393', '394', '395', '396', '397', '398', '399', '400', '401', '402', '403', '404', '405', '406', '407', '408', '409', '410', '411', '412', '413', '414', '415', '416', '417', '418', '419', '420', '421', '422', '423', '424', '425', '426', '427', '428', '429', '430', '431', '432', '433', '434', '435', '436', '437', '438', '439', '440', '441', '442', '443', '444', '445', '446', '447', '448', '449', '450', '451', '452', '453', '454', '455', '456', '457', '458', '459', '460', '461', '462', '463', '464', '465', '466', '467', '468', '469', '470', '471', '472', '473', '474', '475', '476', '477', '478', '479', '480', '481', '482', '483', '484', '485', '486', '487', '488', '489', '490', '491', '492', '493', '494', '495', '496', '497', '498', '499', '500', '501', '502', '503', '504', '505', '506', '507', '508', '509', '510', '511', '512', '513', '514', '515', '516', '517', '518', '519', '520', '521', '522', '523', '524', '525', '526', '527', '528', '529', '530', '531', '532', '533', '534', '535', '536', '537', '538', '539', '540', '541', '542', '543', '544', '545', '546', '547', '548', '549', '550', '551', '552', '553', '554', '555', '556', '557', '558', '559', '560', '561', '562', '563', '564', '565', '566', '567', '568', '569', '570', '571', '572', '573', '574', '575', '576', '577', '578', '579', '580', '581', '582', '583', '584', '585', '586', '587', '588', '589', '590', '591', '592', '593', '594', '595', '596', '597', '598', '599', '600', '601', '602', '603', '604', '605', '606', '607', '608', '609', '610', '611', '612', '613', '614', '615', '616', '617', '618', '619', '620', '621', '622', '623', '624', '625', '626', '627', '628', '629', '630', '631', '632', '633', '634', '635', '636', '637', '638', '639', '640', '641', '642', '643', '644', '645', '646', '647', '648', '649', '650', '651', '652', '653', '654', '655', '656', '657', '658', '659', '660', '661', '662', '663', '664', '665', '666', '667', '668', '669', '670', '671', '672', '673', '674', '675', '676', '677', '678', '679', '680', '681', '682', '683', '684', '685', '686', '687', '688', '689', '690', '691', '692', '693', '694', '695', '696', '697', '698', '699', '700', '701', '702', '703', '704', '705', '706', '707', '708', '709', '710', '711', '712', '713', '714', '715', '716', '717', '718', '719', '720', '721', '722', '723', '724', '725', '726', '727', '728', '729', '730', '731', '732', '733', '734', '735', '736', '737', '738', '739', '740', '741', '742', '743', '744', '745', '746', '747', '748', '749', '750', '751', '752', '753', '754', '755', '756', '757', '758', '759', '760', '761', '762', '763', '764', '765', '766', '767', '768', '769', '770', '771', '772', '773', '774', '775', '776', '777', '778', '779', '780', '781', '782', '783', '784', '785', '786', '787', '788', '789', '790', '791', '792', '793', '794', '795', '796', '797', '798', '799', '800', '801', '802', '803', '804', '805', '806', '807', '808', '809', '810', '811', '812', '813', '814', '815', '816', '817', '818', '819', '820', '821', '822', '823', '824', '825', '826', '827', '828', '829', '830', '831', '832', '833', '834', '835', '836', '837', '838', '839', '840', '841', '842', '843', '844', '845', '846', '847', '848', '849', '850', '851', '852', '853', '854', '855', '856', '857', '858', '859', '860', '861', '862', '863', '864', '865', '866', '867', '868', '869', '870', '871', '872', '873', '874', '875', '876', '877', '878', '879', '880', '881', '882', '883', '884', '885', '886', '887', '888', '889', '890', '891', '892', '893', '894', '895', '896', '897', '898', '899', '900', '901', '902', '903', '904', '905', '906', '907', '908', '909', '910', '911', '912', '913', '914', '915', '916', '917', '918', '919', '920', '921', '922', '923', '924', '925', '926', '927', '928', '929', '930', '931', '932', '933', '934', '935', '936', '937', '938', '939', '940', '941', '942', '943', '944', '945', '946', '947', '948', '949', '950', '951', '952', '953', '954', '955', '956', '957', '958', '959', '960', '961', '962', '963', '964', '965', '966', '967', '968', '969', '970', '971', '972', '973', '974', '975', '976', '977', '978', '979', '980', '981', '982', '983', '984', '985', '986', '987', '988', '989', '990', '991', '992', '993', '994', '995', '996', '997', '998', '999', 'user', 'server');" mysql ; done
|
version=10.3.14
|
3a0e2590e240d39a4a37c9fb90cc9a96b8d0da34a443e862588bdc1974a0db04
|
version=10.3.15
|
2b85de3f2681f058280c2a4b72857928a6b410fdf5837f88d17944c0c454a10c
|
version=10.3.16
|
7d7c77775cfe6424a7b33ebc8713cb29f143e5fd8500c9c5f911366de721470c
|
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
|
version=10.3.17
|
f3e4030f0a7d4ba8a47d62de3bb40a3890e14b601a695c3280908716d7ebaa97
|
version=10.3.18
|
9243231bf20dd33a5f15297bb26bf19260f36b3304c326d483be2ab231c8de91
|
version=10.3.19
|
Trying to pull docker.io/library/mariadb:10.3.19...
|
manifest unknown: manifest unknown
|
Error: Error initializing source docker://mariadb:10.3.19: Error reading manifest 10.3.19 in docker.io/library/mariadb: manifest unknown: manifest unknown
|
Error: no container with name or ID "mariadb-10.3.19" found: no such container
|
version=10.3.20
|
3b39e752200d2f4a8a9bfbb8476c3530f41d8952b2a19e99f45d7d0a336a2755
|
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
|
version=10.3.21
|
fd9ff47a78a6e54b00f0e9f96f4d4427db5cbfbc356b44d84bca897c7417a866
|
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
|
version=10.3.22
|
3871ddb487be020a5da1569f9a20d41d8eb1b495ce8f80e44994e8ad83d2d52b
|
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
|
version=10.3.23
|
bb058b20529752a8aa99452477759b963db538cf7584e4a8e6545db16f7405df
|
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
|
version=10.3.24
|
7470f9f3bf7485e3b48169fec43768713b9f54cc9ad4ce51c35748a0bfc07d61
|
version=10.3.25
|
c3d6b97e2263a24c974c5f84683d831df56a8c3a44b4229f8ae16cfe191003d1
|
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
|
version=10.3.26
|
17b755b1838a93d4924613d41b97181f10ab6f4e81f2ca3448923f090e805e31
|
version=10.3.27
|
56cb0a72bde5715c3ed8a69a6cb8ae7d65394c57fb6aaf626121ffa43367bf70
|
version=10.3.28
|
e537ccdb1a6288314b9ada9913590e825233476325b07e9ea68dfac61ed1a1ea
|
version=10.3.29
|
8bffe600702f1c52395bfdce3fd35fc17ca65f321006877e758fe7d8056eae72
|
+-----------------+
|
| Tables_in_mysql |
|
+-----------------+
|
| user |
|
+-----------------+
|
|
Retested and 10.3 and 10.4 with Sanja's test and it has been fixed. In fixed in 10.3.29.