MySQL Bugs: #26360: Crashing on bugzilla SELECTs

Bug #26360	Crashing on bugzilla SELECTs
Submitted:	14 Feb 2007 9:38	Modified:	10 Apr 2007 14:57
Reporter:	Davide Ferrari	Email Updates:
Status:	Closed	Impact on me:	None
Category:	MySQL Server	Severity:	S1 (Critical)
Version:	5.0.32	OS:	Linux (Gentoo Linux)
Assigned to:		CPU Architecture:	Any

Description:
Doing certain bugzilla SELECTs the server crashes. There are queries that sistematically crash mysqld. Normally in mysqld.err there is only the "normal" stack trace but I just found this more complete trace.

This is an old mysqld 5.0.x installation, these crashes started to appear only after updating to 5.0.32. If you need DB definitions, I can post it, but it's a pretty standard bugzilla one.

070214 10:24:08 [Note] /usr/sbin/mysqld: ready for connections.
Version: '5.0.32'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  Gentoo Linux mysql-5.0.32
*** glibc detected *** /usr/sbin/mysqld: free(): invalid pointer: 0x08a70138 ***
======= Backtrace: =========
/lib/libc.so.6[0xb7c25cb0]
/lib/libc.so.6(__libc_free+0x84)[0xb7c272f4]
/usr/sbin/mysqld(_ZN23Item_sum_count_distinct7cleanupEv+0xc7)[0x810d617]
/usr/sbin/mysqld(_ZN11Query_arena10free_itemsEv+0x22)[0x8166732]
/usr/sbin/mysqld(_ZN3THD19cleanup_after_queryEv+0x3c)[0x816678c]
/usr/sbin/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcj+0x460)[0x8191880]
/usr/sbin/mysqld(_Z10do_commandP3THD+0x94)[0x8192b34]
/usr/sbin/mysqld(handle_one_connection+0x93a)[0x819356a]
/lib/libpthread.so.0[0xb7e3b294]
/lib/libc.so.6(__clone+0x5e)[0xb7c7e32e]
======= Memory map: ========
08048000-08558000 r-xp 00000000 08:03 2639712    /usr/sbin/mysqld
08558000-085b1000 rw-p 00510000 08:03 2639712    /usr/sbin/mysqld
085b1000-08af3000 rw-p 085b1000 00:00 0          [heap]
b0808000-b0c08000 rw-p b0808000 00:00 0
b0d08000-b1b31000 rw-p b0d08000 00:00 0
b1b31000-b1b32000 ---p b1b31000 00:00 0
b1b32000-b2332000 rw-p b1b32000 00:00 0
b2332000-b2333000 ---p b2332000 00:00 0
b2333000-b2b33000 rw-p b2333000 00:00 0
b2b33000-b2b34000 ---p b2b33000 00:00 0
b2b34000-b3334000 rw-p b2b34000 00:00 0
b3334000-b3335000 ---p b3334000 00:00 0
b3335000-b3d5e000 rw-p b3335000 00:00 0
b3de8000-b3de9000 ---p b3de8000 00:00 0
b3de9000-b3e19000 rw-p b3de9000 00:00 0
b3e19000-b3e27000 r-xp 00000000 08:03 442477     /lib/libresolv-2.4.so
b3e27000-b3e29000 rw-p 0000d000 08:03 442477     /lib/libresolv-2.4.so
b3e29000-b3e2b000 rw-p b3e29000 00:00 0
b3e2b000-b3e2f000 r-xp 00000000 08:03 442470     /lib/libnss_dns-2.4.so
b3e2f000-b3e31000 rw-p 00003000 08:03 442470     /lib/libnss_dns-2.4.so
b3e34000-b3e35000 ---p b3e34000 00:00 0
b3e35000-b3e65000 rw-p b3e35000 00:00 0
b3e65000-b3e66000 ---p b3e65000 00:00 0
b3e66000-b406e000 rw-p b3e66000 00:00 0
b406e000-b406f000 ---p b406e000 00:00 0
b406f000-b486f000 rw-p b406f000 00:00 0
b486f000-b4870000 ---p b486f000 00:00 0
b4870000-b5070000 rw-p b4870000 00:00 0
b5070000-b5071000 ---p b5070000 00:00 0
b5071000-b5871000 rw-p b5071000 00:00 0
b5871000-b5872000 ---p b5871000 00:00 0
b5872000-b7b74000 rw-p b5872000 00:00 0
b7b74000-b7b7c000 r-xp 00000000 08:03 442471     /lib/libnss_files-2.4.so
b7b7c000-b7b7e000 rw-p 00007000 08:03 442471     /lib/libnss_files-2.4.so
b7b7e000-b7b86000 r-xp 00000000 08:03 442473     /lib/libnss_nis-2.4.so
b7b86000-b7b88000 rw-p 00007000 08:03 442473     /lib/libnss_nis-2.4.so
b7b88000-b7b8e000 r-xp 00000000 08:03 442469     /lib/libnss_compat-2.4.so
b7b8e000-b7b90000 rw-p 00005000 08:03 442469     /lib/libnss_compat-2.4.so
b7b90000-b7bc3000 rw-p b7b90000 00:00 0
b7bc3000-b7cda000 r-xp 00000000 08:03 442460     /lib/libc-2.4.so
b7cda000-b7cdc000 r--p 00116000 08:03 442460     /lib/libc-2.4.so
b7cdc000-b7cde000 rw-p 00118000 08:03 442460     /lib/libc-2.4.so
b7cde000-b7ce1000 rw-p b7cde000 00:00 0
b7ce1000-b7ceb000 r-xp 00000000 08:03 1659003    /usr/lib/gcc/i686-pc-linux-gnu/4.1.1/libgcc_s.so.1
b7ceb000-b7cec000 rw-p 00009000 08:03 1659003    /usr/lib/gcc/i686-pc-linux-gnu/4.1.1/libgcc_s.so.1
b7cec000-b7d0f000 r-xp 00000000 08:03 442465     /lib/libm-2.4.so
b7d0f000-b7d11000 rw-p 00022000 08:03 442465     /lib/libm-2.4.so
b7d11000-b7de7000 r-xp 00000000 08:03 1659002    /usr/lib/gcc/i686-pc-linux-gnu/4.1.1/libstdc++.so.6.0.8
b7de7000-b7dea000 r--p 000d5000 08:03 1659002    /usr/lib/gcc/i686-pc-linux-gnu/4.1.1/libstdc++.so.6.0.8
b7dea000-b7dec000 rw-p 000d8000 08:03 1659002    /usr/lib/gcc/i686-pc-linux-gnu/4.1.1/libstdc++.so.6.0.8
b7dec000-b7df2000 rw-p b7dec000 00:00 0
b7df2000-b7e03000 r-xp 00000000 08:03 442468     /lib/libnsl-2.4.so
b7e03000-b7e05000 rw-p 00010000 08:03 442468     /lib/libnsl-2.4.so
b7e05000-b7e07000 rw-p b7e05000 00:00 0
b7e07000-b7e0c000 r-xp 00000000 08:03 442462     /lib/libcrypt-2.4.so
b7e0c000-b7e0e000 rw-p 00004000 08:03 442462     /lib/libcrypt-2.4.so
b7e0e000-b7e36000 rw-p b7e0e000 00:00 0
b7e36000-b7e45000 r-xp 00000000 08:03 442476     /lib/libpthread-2.4.so
b7e45000-b7e46000 r--p 0000e000 08:03 442476     /lib/libpthread-2.4.so
b7e46000-b7e47000 rw-p 0000f000 08:03 442476     /lib/libpthread-2.4.so
b7e47000-b7e49000 rw-p b7e47000 00:00 0
b7e49000-b7f66000 r-xp 00000000 08:03 8457649    /usr/lib/libcrypto.so.0.9.8
b7f66000-b7f7b000 rw-p 0011d000 08:03 8457649    /usr/lib/libcrypto.so.0.9.8
b7f7b000-b7f7e000 rw-p b7f7b000 00:00 0
b7f7e000-b7fb8000 r-xp 00000000 08:03 8457652    /usr/lib/libssl.so.0.9.8
b7fb8000-b7fbc000 rw-p 00039000 08:03 8457652    /usr/lib/libssl.so.0.9.8
b7fbc000-b7fbe000 r-xp 00000000 08:03 442463     /lib/libdl-2.4.so
b7fbe000-b7fc0000 rw-p 00001000 08:03 442463     /lib/libdl-2.4.so
b7fc0000-b7fd1000 r-xp 00000000 08:03 8440405    /lib/libz.so.1.2.3
b7fd1000-b7fd2000 rw-p 00010000 08:03 8440405    /lib/libz.so.1.2.3
b7fd2000-b7fd9000 r-xp 00000000 08:03 442478     /lib/librt-2.4.so
b7fd9000-b7fdb000 rw-p 00006000 08:03 442478     /lib/librt-2.4.so
b7fdb000-b7fdf000 rw-p b7fdb000 00:00 0
b7fdf000-b7ff9000 r-xp 00000000 08:03 442449     /lib/ld-2.4.so
b7ff9000-b7ffa000 r--p 00019000 08:03 442449     /lib/ld-2.4.so
b7ffa000-b7ffb000 rw-p 0001a000 08:03 442449     /lib/ld-2.4.so
bfe8d000-bfea3000 rw-p bfe8d000 00:00 0          [stack]
ffffe000-fffff000 ---p 00000000 00:00 0          [vdso]

How to repeat:
with queries like this one:

SELECT bugs.bug_id, bugs.bug_severity, bugs.priority, bugs.bug_status, bugs.resolution, bugs.remaining_time, (SUM(ldtime.work_time)*COUNT(DISTINCT ldtime.bug_when)/COUNT(bugs.bug_id)) AS actual_time, bugs.bug_severity, bugs.priority, map_assigned_to.login_name, bugs.bug_status, map_products.name, map_components.name, bugs.estimated_time, bugs.remaining_time, (SUM(ldtime.work_time)*COUNT(DISTINCT ldtime.bug_when)/COUNT(bugs.bug_id)) AS actual_time, (CASE WHEN (SUM(ldtime.work_time)*COUNT(DISTINCT ldtime.bug_when)/COUNT(bugs.bug_id))             + bugs.remaining_time = 0.0 THEN 0.0 ELSE 100*((SUM(ldtime.work_time)*COUNT(DISTINCT ldtime.bug_when)/COUNT(bugs.bug_id))      /((SUM(ldtime.work_time)*COUNT(DISTINCT ldtime.bug_when)/COUNT(bugs.bug_id)) + bugs.remaining_time)) END) AS percentage_complete, bugs.short_desc FROM bugs  INNER JOIN profiles AS map_assigned_to ON (bugs.assigned_to = map_assigned_to.userid) INNER JOIN products AS map_products ON (bugs.product_id = map_products.id) INNER JOIN components AS map_

Hi Davide, please post the table structures (+ data if you can)
Thanks,

Hi Davide, please upload a few complete SELECT statements - the one seems incomplete. thanks,

Our data is about 1.8GB in bzipped SQL, so... ;)

We do not need a dump of all the data. Shane asked about few complete SELECT statements only. Please, send those ones that lead to crash.

With this query mysql 5.0.32 with our tables *always* crashes. *Always*

SELECT bugs.bug_id, bugs.bug_severity, bugs.priority, bugs.bug_status, bugs.resolution, bugs.remaining_time, (SUM(ldtime.work_time)*COUNT(DISTINCT ldtime.bug_when)/COUNT(bugs.bug_id)) AS actual_time, bugs.bug_severity, bugs.priority, map_assigned_to.login_name, bugs.bug_status, map_products.name, map_components.name, bugs.estimated_time, bugs.remaining_time, (SUM(ldtime.work_time)*COUNT(DISTINCT ldtime.bug_when)/COUNT(bugs.bug_id)) AS actual_time, (CASE WHEN (SUM(ldtime.work_time)*COUNT(DISTINCT ldtime.bug_when)/COUNT(bugs.bug_id))             + bugs.remaining_time = 0.0 THEN 0.0 ELSE 100*((SUM(ldtime.work_time)*COUNT(DISTINCT ldtime.bug_when)/COUNT(bugs.bug_id))      /((SUM(ldtime.work_time)*COUNT(DISTINCT ldtime.bug_when)/COUNT(bugs.bug_id)) + bugs.remaining_time)) END) AS percentage_complete, bugs.short_desc FROM bugs  INNER JOIN profiles AS map_assigned_to ON (bugs.assigned_to = map_assigned_to.userid) INNER JOIN products AS map_products ON (bugs.product_id = map_products.id) INNER JOIN components AS map_components ON (bugs.component_id = map_components.id) INNER JOIN longdescs AS ldtime ON (ldtime.bug_id = bugs.bug_id) LEFT JOIN bug_severity ON (bug_severity.value = bugs.bug_severity) LEFT JOIN priority ON (priority.value = bugs.priority) LEFT JOIN bug_group_map  ON bug_group_map.bug_id = bugs.bug_id  AND bug_group_map.group_id NOT IN (14,3,6,13,9,4,1,7,2,5,8)  LEFT JOIN cc ON cc.bug_id = bugs.bug_id AND cc.who = 2 WHERE ((bugs.bug_status IN ('NEW','ASSIGNED','REOPENED','RESOLVED')) AND (bugs.resolution IN ('LATER','')) AND (bugs.assigned_to IN (2))) AND bugs.creation_ts IS NOT NULL AND ((bug_group_map.group_id IS NULL)    OR (bugs.reporter_accessible = 1 AND bugs.reporter = 2)     OR (bugs.cclist_accessible = 1 AND cc.who IS NOT NULL)     OR (bugs.assigned_to = 2) ) GROUP BY bugs.bug_id ORDER BY bug_severity.sortkey,bug_severity.value,priority.sortkey,priority.value,bugs.bug_id

Please, try to repeat with a newer version, 5.0.36/5.0.37, and inform about the results.

It seems that upgrading to 5.0.38 solved the problem.
Thanks a lot!

Closing..