Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-11093

FULLTEXT query crashes MariaDB 10.0.27

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Cannot Reproduce
    • Affects Version/s: 10.0.27
    • Fix Version/s: N/A
    • Labels:
      None
    • Environment:
      3GB OpenVZ VPS, 2.6.32-042stab094.8, Debian 8, MariaDB 10.0.27 as provided by Debian (10.0.27-MariaDB-0+deb8u1)

      Description

      Two days ago, a user of our site executed a search that triggered this SQL query:

      SELECT page_id,page_namespace,page_title  FROM `page`,`searchindex`   WHERE (page_id=si_page) AND ( MATCH(si_text) AGAINST('+\"u8e7a791 u8e4b8be u8e4bc98 u8e7ad89 u8e7949f u8efbc8c u8e4b88d u8e5a682 u8e58d8a u8e9878e u8e4baba\" ' IN BOOLEAN MODE) ) AND page_namespace = '0'  
      

      While that seems like a normal (FULLTEXT) query to me, MariaDB did not handle that properly and crashed:

      2016-10-18 17:17:18 7fc84e16c700  InnoDB: Assertion failure in thread 140498280302336 in file fts0que.cc line 3391
      InnoDB: Failing assertion: ret == 0
      InnoDB: We intentionally generate a memory trap.
      InnoDB: Submit a detailed bug report to http://bugs.mysql.com.
      InnoDB: If you get repeated assertion failures or crashes, even
      InnoDB: immediately after the mysqld startup, there may be
      InnoDB: corruption in the InnoDB tablespace. Please refer to
      InnoDB: http://dev.mysql.com/doc/refman/5.6/en/forcing-innodb-recovery.html
      InnoDB: about forcing recovery.
      """"""""""""""""161018 17:17:18 [ERROR] mysqld got signal 6 ;
      This could be because you hit a bug. It is also possible that this binary
      or one of the libraries it was linked against is corrupt, improperly built,
      or misconfigured. This error can also be caused by malfunctioning hardware.
       
      To report this bug, see https://mariadb.com/kb/en/reporting-bugs
       
      We will try our best to scrape up some info that will hopefully help
      diagnose the problem, but since we have already crashed,
      something is definitely wrong and this may fail.
       
      Server version: 10.0.27-MariaDB-0+deb8u1
      key_buffer_size=33554432
      read_buffer_size=131072
      max_used_connections=76
      max_threads=77
      thread_count=18
      It is possible that mysqld could use up to
      key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 201826 K  bytes of memory
      Hope that's ok; if not, decrease some variables in the equation.
       
      Thread pointer: 0x0x7fc802837008
      Attempting backtrace. You can use the following information to find out
      where mysqld died. If you see no messages after this, something went
      terribly wrong...
      stack_bottom = 0x7fc84e16be88 thread_stack 0x48000
      /usr/sbin/mysqld(my_print_stacktrace+0x2e)[0xbfff4e]
      /usr/sbin/mysqld(handle_fatal_signal+0x3af)[0x7344af]
      /lib/x86_64-linux-gnu/libpthread.so.0(+0xf8d0)[0x7fc8b043b8d0]
      /lib/x86_64-linux-gnu/libc.so.6(gsignal+0x37)[0x7fc8aefe4067]
      /lib/x86_64-linux-gnu/libc.so.6(abort+0x148)[0x7fc8aefe5448]
      /usr/sbin/mysqld[0xa54a79]
      /usr/sbin/mysqld[0x8ad0e5]
      /usr/sbin/mysqld(_ZN15Item_func_match11init_searchEb+0x3f3)[0x79a0d3]
      /usr/sbin/mysqld(_Z12init_ftfuncsP3THDP13st_select_lexb+0x30)[0x57cb90]
      /usr/sbin/mysqld[0x615b00]
      /usr/sbin/mysqld(_ZN4JOIN8optimizeEv+0x11b)[0x616fdb]
      /usr/sbin/mysqld(_Z13handle_selectP3THDP3LEXP13select_resultm+0xa47)[0x61af57]
      /usr/sbin/mysqld[0x5b7beb]
      /usr/sbin/mysqld(_Z21mysql_execute_commandP3THD+0x4c64)[0x5c3574]
      /usr/sbin/mysqld(_Z11mysql_parseP3THDPcjP12Parser_state+0x1ca)[0x5c523a]
      /usr/sbin/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcj+0x1531)[0x5c6d01]
      /usr/sbin/mysqld(_Z24do_handle_one_connectionP3THD+0x25b)[0x69543b]
      /usr/sbin/mysqld(handle_one_connection+0x39)[0x695489]
      /lib/x86_64-linux-gnu/libpthread.so.0(+0x80a4)[0x7fc8b04340a4]
      /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d)[0x7fc8af09762d]
       
      Trying to get some variables.
      Some pointers may be invalid and cause the dump to abort.
      Query (0x7fc8068af020): is an invalid pointer
      Connection ID (thread ID): 10364277
      Status: NOT_KILLED
       
      Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=off,table_elimination=on,extended_keys=on,exists_to_in=on
       
      The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
      information that should help you find out what is causing the crash.
      

      We think the query pointer is invalid, but we will try to print it anyway.
      Query: SELECT page_id,page_namespace,page_title  FROM `page`,`searchindex`   WHERE (page_id=si_page) AND ( MATCH(si_text) AGAINST('+\"u8e7a791 u8e4b8be u8e4bc98 u8e7ad89 u8e7949f u8efbc8c u8e4b88d u8e5a682 u8e58d8a u8e9878e u8e4baba\" ' IN BOOLEAN MODE) ) AND page_namespace = '0'  LIMIT 20
      

      We immediately tried to restart MariaDB, but without success, we think InnoDB data corruption occurred, thus we ended up restarting MariaDB with innodb-force-recovery = 6, dumping all our databases and importing them on a fresh MariaDB installation.

      https://github.com/MariaDB/server/blob/10.0/storage/innobase/fts/fts0que.cc#L3391 is the failing assertion. A "show create table" of searchindex:

      +-------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
      | Table       | Create Table                                                                                                                                                                                                                                                                                              |
      +-------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
      | searchindex | CREATE TABLE `searchindex` (
        `si_page` int(10) unsigned NOT NULL,
        `si_title` varchar(255) NOT NULL DEFAULT '',
        `si_text` mediumtext NOT NULL,
        UNIQUE KEY `si_page` (`si_page`),
        FULLTEXT KEY `si_title` (`si_title`),
        FULLTEXT KEY `si_text` (`si_text`)
      ) ENGINE=InnoDB DEFAULT CHARSET=utf8 |
      +-------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
      

      The table is filled with 54k rows.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              southparkfan Southparkfan
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: