Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Cannot Reproduce
-
10.0.27
-
None
-
3GB OpenVZ VPS, 2.6.32-042stab094.8, Debian 8, MariaDB 10.0.27 as provided by Debian (10.0.27-MariaDB-0+deb8u1)
Description
Two days ago, a user of our site executed a search that triggered this SQL query:
SELECT page_id,page_namespace,page_title FROM `page`,`searchindex` WHERE (page_id=si_page) AND ( MATCH(si_text) AGAINST('+\"u8e7a791 u8e4b8be u8e4bc98 u8e7ad89 u8e7949f u8efbc8c u8e4b88d u8e5a682 u8e58d8a u8e9878e u8e4baba\" ' IN BOOLEAN MODE) ) AND page_namespace = '0' |
While that seems like a normal (FULLTEXT) query to me, MariaDB did not handle that properly and crashed:
2016-10-18 17:17:18 7fc84e16c700 InnoDB: Assertion failure in thread 140498280302336 in file fts0que.cc line 3391
|
InnoDB: Failing assertion: ret == 0
|
InnoDB: We intentionally generate a memory trap.
|
InnoDB: Submit a detailed bug report to http://bugs.mysql.com.
|
InnoDB: If you get repeated assertion failures or crashes, even
|
InnoDB: immediately after the mysqld startup, there may be
|
InnoDB: corruption in the InnoDB tablespace. Please refer to
|
InnoDB: http://dev.mysql.com/doc/refman/5.6/en/forcing-innodb-recovery.html
|
InnoDB: about forcing recovery.
|
""""""""""""""""161018 17:17:18 [ERROR] mysqld got signal 6 ;
|
This could be because you hit a bug. It is also possible that this binary
|
or one of the libraries it was linked against is corrupt, improperly built,
|
or misconfigured. This error can also be caused by malfunctioning hardware.
|
|
To report this bug, see https://mariadb.com/kb/en/reporting-bugs
|
|
We will try our best to scrape up some info that will hopefully help
|
diagnose the problem, but since we have already crashed,
|
something is definitely wrong and this may fail.
|
|
Server version: 10.0.27-MariaDB-0+deb8u1
|
key_buffer_size=33554432
|
read_buffer_size=131072
|
max_used_connections=76
|
max_threads=77
|
thread_count=18
|
It is possible that mysqld could use up to
|
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 201826 K bytes of memory
|
Hope that's ok; if not, decrease some variables in the equation.
|
|
Thread pointer: 0x0x7fc802837008
|
Attempting backtrace. You can use the following information to find out
|
where mysqld died. If you see no messages after this, something went
|
terribly wrong...
|
stack_bottom = 0x7fc84e16be88 thread_stack 0x48000
|
/usr/sbin/mysqld(my_print_stacktrace+0x2e)[0xbfff4e]
|
/usr/sbin/mysqld(handle_fatal_signal+0x3af)[0x7344af]
|
/lib/x86_64-linux-gnu/libpthread.so.0(+0xf8d0)[0x7fc8b043b8d0]
|
/lib/x86_64-linux-gnu/libc.so.6(gsignal+0x37)[0x7fc8aefe4067]
|
/lib/x86_64-linux-gnu/libc.so.6(abort+0x148)[0x7fc8aefe5448]
|
/usr/sbin/mysqld[0xa54a79]
|
/usr/sbin/mysqld[0x8ad0e5]
|
/usr/sbin/mysqld(_ZN15Item_func_match11init_searchEb+0x3f3)[0x79a0d3]
|
/usr/sbin/mysqld(_Z12init_ftfuncsP3THDP13st_select_lexb+0x30)[0x57cb90]
|
/usr/sbin/mysqld[0x615b00]
|
/usr/sbin/mysqld(_ZN4JOIN8optimizeEv+0x11b)[0x616fdb]
|
/usr/sbin/mysqld(_Z13handle_selectP3THDP3LEXP13select_resultm+0xa47)[0x61af57]
|
/usr/sbin/mysqld[0x5b7beb]
|
/usr/sbin/mysqld(_Z21mysql_execute_commandP3THD+0x4c64)[0x5c3574]
|
/usr/sbin/mysqld(_Z11mysql_parseP3THDPcjP12Parser_state+0x1ca)[0x5c523a]
|
/usr/sbin/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcj+0x1531)[0x5c6d01]
|
/usr/sbin/mysqld(_Z24do_handle_one_connectionP3THD+0x25b)[0x69543b]
|
/usr/sbin/mysqld(handle_one_connection+0x39)[0x695489]
|
/lib/x86_64-linux-gnu/libpthread.so.0(+0x80a4)[0x7fc8b04340a4]
|
/lib/x86_64-linux-gnu/libc.so.6(clone+0x6d)[0x7fc8af09762d]
|
|
Trying to get some variables.
|
Some pointers may be invalid and cause the dump to abort.
|
Query (0x7fc8068af020): is an invalid pointer
|
Connection ID (thread ID): 10364277
|
Status: NOT_KILLED
|
|
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=off,table_elimination=on,extended_keys=on,exists_to_in=on
|
|
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
|
information that should help you find out what is causing the crash.
|
We think the query pointer is invalid, but we will try to print it anyway.
|
Query: SELECT page_id,page_namespace,page_title FROM `page`,`searchindex` WHERE (page_id=si_page) AND ( MATCH(si_text) AGAINST('+\"u8e7a791 u8e4b8be u8e4bc98 u8e7ad89 u8e7949f u8efbc8c u8e4b88d u8e5a682 u8e58d8a u8e9878e u8e4baba\" ' IN BOOLEAN MODE) ) AND page_namespace = '0' LIMIT 20
|
We immediately tried to restart MariaDB, but without success, we think InnoDB data corruption occurred, thus we ended up restarting MariaDB with innodb-force-recovery = 6, dumping all our databases and importing them on a fresh MariaDB installation.
https://github.com/MariaDB/server/blob/10.0/storage/innobase/fts/fts0que.cc#L3391 is the failing assertion. A "show create table" of searchindex:
+-------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ |
| Table | Create Table | |
+-------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ |
| searchindex | CREATE TABLE `searchindex` ( |
`si_page` int(10) unsigned NOT NULL, |
`si_title` varchar(255) NOT NULL DEFAULT '', |
`si_text` mediumtext NOT NULL, |
UNIQUE KEY `si_page` (`si_page`), |
FULLTEXT KEY `si_title` (`si_title`), |
FULLTEXT KEY `si_text` (`si_text`) |
) ENGINE=InnoDB DEFAULT CHARSET=utf8 | |
+-------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ |
The table is filled with 54k rows.