[MDEV-36982] Server crashes in maria_ft_init_search / ft_init_boolean_search - Jira

Details

Type: Bug
Status: Confirmed (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.6, 10.11, 10.5(EOL)
Fix Version/s: 10.6, 10.11
Component/s: Full-text Search
Labels:
None

Description

Reproducible on 10.5-10.11. Needs cleaning. Upd: see comments for a clean test case.
Could not reproduce on 11.4-main.

--disable_abort_on_error

GRANT ALL ON *.* TO rqg@localhost;

CREATE DATABASE IF NOT EXISTS oltp_db;

USE oltp_db;

CREATE TABLE oltp4 (id int(10) unsigned NOT NULL auto_increment,

 c char(120) NOT NULL default '',

 PRIMARY KEY (id));

CREATE VIEW oltp_db.view_oltp4 AS SELECT * FROM oltp_db.oltp4;

--connect (con12_0,localhost,root,,)

CREATE FUNCTION IF NOT EXISTS MIN2(a BIGINT, b BIGINT) RETURNS BIGINT RETURN (a>b,b,a);

CREATE TABLE test.tmp49 SELECT c AS f1 FROM oltp_db.view_oltp4;

CREATE TABLE test.tmp333 SELECT f1 AS f1, f1 AS f2, f1 AS f3 FROM test.tmp49;

UPDATE IGNORE test.tmp333 SET f1 = REPEAT('afndvguxueurotineptulviwouvqwmswlboulfupthzgndcnebsrouehshbiuvevyrtqnipocpbqazmjovv', test.MIN2((TIMESTAMP(f1, NULL)), 65536)), f2 = ((NAME_CONST('fndvguxueuro', 'ndvguxueurotineptulviwouvqwmswlboulfupthzgndcnebsrouehshbiuvevyrtqnipocpbqazmjovviybvdkjsrsjvjmzovvbwycwvyleidoiscyoqtxqelqsbdswrbzzrxbehblkogpgklxpnnbmclgdzjgkobgzqtwkgdemkbaovmuayvjajykhxshqlmvonjj')) = 0xFAFAC22AF7A7CF) ^ '12:26:20.041403', f3 = SUBSTR((CONCAT((CONVERT((MATCH(f3, f2, f3, f3) AGAINST ('validity' IN BOOLEAN MODE)), CHAR(9))))) FROM 2845179904);

With Aria

10.11 5a6732983d88c282c3e8e8c2dbf8ee6af86f2ad6
#4 <signal handler called>
#5 0x0000556b8ad6c036 in maria_ft_init_boolean_search (info=0x62900028f218, keynr=0, query=0x62d00026f788 "validity", query_len=8, cs=0x556b95066400 <my_charset_latin1>) at /data/bld/10.11-asan-ubsan/storage/maria/ma_ft_boolean_search.c:577
#6 0x0000556b8ad0d856 in maria_ft_init_search (flags=<optimized out>, info=<optimized out>, keynr=<optimized out>, query=<optimized out>, query_len=<optimized out>, cs=<optimized out>, record=0x625000265148 "\377", ' ' <repeats 199 times>...) at /data/bld/10.11-asan-ubsan/storage/maria/ft_maria.c:30
#7 0x0000556b8aae95cd in ha_maria::ft_init_ext (this=0x625000264948, flags=1, inx=0, key=<optimized out>) at /data/bld/10.11-asan-ubsan/storage/maria/ha_maria.cc:3483
#8 0x0000556b8a348995 in Item_func_match::init_search (this=this@entry=0x62d00026f858, thd=thd@entry=0x62c0000e0218, no_order=no_order@entry=true) at /data/bld/10.11-asan-ubsan/sql/item_func.cc:6260
#9 0x0000556b88945b42 in init_ftfuncs (thd=thd@entry=0x62c0000e0218, select_lex=select_lex@entry=0x62c0000e4f10, no_order=no_order@entry=true) at /data/bld/10.11-asan-ubsan/sql/sql_base.cc:9547
#10 0x0000556b892d81da in mysql_update (thd=thd@entry=0x62c0000e0218, table_list=<optimized out>, fields=..., values=..., conds=conds@entry=0x0, order_num=order_num@entry=0, order=<optimized out>, limit=18446744073709551615, ignore=<optimized out>, found_return=<optimized out>, updated_return=<optimized out>) at /data/bld/10.11-asan-ubsan/sql/sql_update.cc:645
#11 0x0000556b88cc231b in mysql_execute_command (thd=thd@entry=0x62c0000e0218, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /data/bld/10.11-asan-ubsan/sql/sql_parse.cc:4475
#12 0x0000556b88cdf7c7 in mysql_parse (thd=thd@entry=0x62c0000e0218, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7fe62f613ab0) at /data/bld/10.11-asan-ubsan/sql/sql_parse.cc:8179
#13 0x0000556b88ce8a9b in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x62c0000e0218, packet=packet@entry=0x62900025d219 "UPDATE IGNORE test.tmp333 SET f1 = REPEAT('afndvguxueurotineptulviwouvqwmswlboulfupthzgndcnebsrouehshbiuvevyrtqnipocpbqazmjovv', test.MIN2((TIMESTAMP(f1, NULL)), 65536)), f2 = ((NAME_CONST('fndvguxueu"..., packet_length=packet_length@entry=569, blocking=blocking@entry=true) at /data/bld/10.11-asan-ubsan/sql/sql_parse.cc:1905
#14 0x0000556b88cf56d7 in do_command (thd=thd@entry=0x62c0000e0218, blocking=blocking@entry=true) at /data/bld/10.11-asan-ubsan/sql/sql_parse.cc:1418
#15 0x0000556b894e6a12 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x608000003ab8, put_in_cache=put_in_cache@entry=true) at /data/bld/10.11-asan-ubsan/sql/sql_connect.cc:1386
#16 0x0000556b894e7b6f in handle_one_connection (arg=0x608000003ab8) at /data/bld/10.11-asan-ubsan/sql/sql_connect.cc:1298
#17 0x0000556b8ae45389 in pfs_spawn_thread (arg=0x617000005f18) at /data/bld/10.11-asan-ubsan/storage/perfschema/pfs.cc:2201
#18 0x00007fe63b8a81c4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
#19 0x00007fe63b92885c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

With MyISAM

#4  <signal handler called>

#5  0x000055abd61e0528 in ft_init_boolean_search (info=0x61a000020a98, keynr=0, query=0x62d00026f788 "validity", query_len=8, cs=0x55abdf230400 <my_charset_latin1>) at /data/bld/10.11-asan-ubsan/storage/myisam/ft_boolean_search.c:584

#6  0x000055abd60b3e49 in ft_init_search (flags=<optimized out>, info=<optimized out>, keynr=<optimized out>, query=<optimized out>, query_len=<optimized out>, cs=<optimized out>, record=0x625000265140 "\377", ' ' <repeats 199 times>...) at /data/bld/10.11-asan-ubsan/storage/myisam/ft_myisam.c:31

#7  0x000055abd60b2787 in ha_myisam::ft_init_ext (this=0x625000264948, flags=1, inx=0, key=<optimized out>) at /data/bld/10.11-asan-ubsan/storage/myisam/ha_myisam.h:93

#8  0x000055abd4512995 in Item_func_match::init_search (this=this@entry=0x62d00026f858, thd=thd@entry=0x62c0000e0218, no_order=no_order@entry=true) at /data/bld/10.11-asan-ubsan/sql/item_func.cc:6260

#9  0x000055abd2b0fb42 in init_ftfuncs (thd=thd@entry=0x62c0000e0218, select_lex=select_lex@entry=0x62c0000e4f10, no_order=no_order@entry=true) at /data/bld/10.11-asan-ubsan/sql/sql_base.cc:9547

#10 0x000055abd34a21da in mysql_update (thd=thd@entry=0x62c0000e0218, table_list=<optimized out>, fields=..., values=..., conds=conds@entry=0x0, order_num=order_num@entry=0, order=<optimized out>, limit=18446744073709551615, ignore=<optimized out>, found_return=<optimized out>, updated_return=<optimized out>) at /data/bld/10.11-asan-ubsan/sql/sql_update.cc:645

#11 0x000055abd2e8c31b in mysql_execute_command (thd=thd@entry=0x62c0000e0218, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /data/bld/10.11-asan-ubsan/sql/sql_parse.cc:4475

#12 0x000055abd2ea97c7 in mysql_parse (thd=thd@entry=0x62c0000e0218, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7f05d1aa5ab0) at /data/bld/10.11-asan-ubsan/sql/sql_parse.cc:8179

#13 0x000055abd2eb2a9b in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x62c0000e0218, packet=packet@entry=0x62900025d219 "UPDATE IGNORE test.tmp333 SET f1 = REPEAT('afndvguxueurotineptulviwouvqwmswlboulfupthzgndcnebsrouehshbiuvevyrtqnipocpbqazmjovv', test.MIN2((TIMESTAMP(f1, NULL)), 65536)), f2 = ((NAME_CONST('fndvguxueu"..., packet_length=packet_length@entry=569, blocking=blocking@entry=true) at /data/bld/10.11-asan-ubsan/sql/sql_parse.cc:1905

#14 0x000055abd2ebf6d7 in do_command (thd=thd@entry=0x62c0000e0218, blocking=blocking@entry=true) at /data/bld/10.11-asan-ubsan/sql/sql_parse.cc:1418

#15 0x000055abd36b0a12 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x608000003ab8, put_in_cache=put_in_cache@entry=true) at /data/bld/10.11-asan-ubsan/sql/sql_connect.cc:1386

#16 0x000055abd36b1b6f in handle_one_connection (arg=0x608000003ab8) at /data/bld/10.11-asan-ubsan/sql/sql_connect.cc:1298

#17 0x000055abd500f389 in pfs_spawn_thread (arg=0x617000005f18) at /data/bld/10.11-asan-ubsan/storage/perfschema/pfs.cc:2201

#18 0x00007f05ddca81c4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442

#19 0x00007f05ddd2885c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Server crashes in maria_ft_init_search / ft_init_boolean_search

Details

Description

Attachments

Activity

People

Dates

Git Integration