Uploaded image for project: 'Percona Server for MySQL'
  1. Percona Server for MySQL
  2. PS-7958

Crash when SELECT using a fulltext search index with special character

Details

    • Yes

    Description

      MySQL crash when using a full-text search index with a special character.

      The crash is at https://github.com/percona/percona-server/blob/Percona-Server-8.0.26-16/storage/innobase/eval/eval0eval.cc#L130

       
      The reproducible test case

      mysql> CREATE TABLE `tbtest` (
          ->   `col1` int(11) NOT NULL AUTO_INCREMENT,
          ->   `col2` varchar(100) COLLATE utf8mb4_bin DEFAULT NULL ,
          ->   `col3` text COLLATE utf8mb4_bin,
          ->   `col4` varchar(300) COLLATE utf8mb4_bin DEFAULT NULL ,
          ->   PRIMARY KEY (`col1`),
          ->   FULLTEXT KEY `FTX_01` (`col2`,`col3`,`col4`) /*!50100 WITH PARSER `ngram` */ ,
          ->   FULLTEXT KEY `FTX_02` (`col4`) /*!50100 WITH PARSER `ngram` */
          ->   ) ENGINE=InnoDB AUTO_INCREMENT=100001 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_bin;
      Query OK, 0 rows affected, 1 warning (0.10 sec)

       

      mysql> insert into tbtest (col2, col3, col4)
          ->   select
          ->   concat(a.column_name,a.column_name) as c1,
          ->   concat(a.column_name,a.column_name) as c2,
          ->   concat(a.column_name,a.column_name) as c3
          ->   from information_schema.columns a, information_schema.columns b limit 100000;
      Query OK, 100000 rows affected (3.64 sec)
      Records: 100000  Duplicates: 0  Warnings: 0
      
      mysql> optimize table tbtest;
      +---------------+----------+----------+-------------------------------------------------------------------+
      | Table         | Op       | Msg_type | Msg_text                                                          |
      +---------------+----------+----------+-------------------------------------------------------------------+
      | dbtest.tbtest | optimize | note     | Table does not support optimize, doing recreate + analyze instead |
      | dbtest.tbtest | optimize | status   | OK                                                                |
      +---------------+----------+----------+-------------------------------------------------------------------+
      2 rows in set (2.39 sec)

       

      mysql> select * from tbtest where MATCH(col4) AGAINST('1some_inexistent_file_with_long_name\0.jpg');
      ERROR 2013 (HY000): Lost connection to MySQL server during query
      No connection. Trying to reconnect...
      ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (111)
      ERROR:
      Can't connect to the server
      

      The stack trace

      2021-10-29T06:33:10.306288Z 8 [ERROR] [MY-013183] [InnoDB] Assertion failure: eval0eval.cc:130:arg3 thread 140713129019136
      InnoDB: We intentionally generate a memory trap.
      InnoDB: Submit a detailed bug report to http://bugs.mysql.com.
      InnoDB: If you get repeated assertion failures or crashes, even
      InnoDB: immediately after the mysqld startup, there may be
      InnoDB: corruption in the InnoDB tablespace. Please refer to
      InnoDB: http://dev.mysql.com/doc/refman/8.0/en/forcing-innodb-recovery.html
      InnoDB: about forcing recovery.
      06:33:10 UTC - mysqld got signal 6 ;
      Most likely, you have hit a bug, but this error can also be caused by malfunctioning hardware.Build ID: 4e59bcf3910cc7012f0ee1a91c5472434f731ed6
      Server Version: 8.0.26-16 Percona Server (GPL), Release 16, Revision 3d64165Thread pointer: 0x7ff9c8000d20
      Attempting backtrace. You can use the following information to find out
      where mysqld died. If you see no messages after this, something went
      terribly wrong...
      stack_bottom = 7ffa5411fc70 thread_stack 0x46000
      /usr/sbin/mysqld(my_print_stacktrace(unsigned char const*, unsigned long)+0x3d) [0x218420d]
      /usr/sbin/mysqld(handle_fatal_signal+0x37b) [0x1173beb]
      /lib64/libpthread.so.0(+0xf630) [0x7ffa6e7b9630]
      /lib64/libc.so.6(gsignal+0x37) [0x7ffa6caa4387]
      /lib64/libc.so.6(abort+0x148) [0x7ffa6caa5a78]
      /usr/sbin/mysqld() [0xca5022]
      /usr/sbin/mysqld(eval_cmp(func_node_t*)+0x1f8) [0x253ddf8]
      /usr/sbin/mysqld() [0x23c47b2]
      /usr/sbin/mysqld(row_sel_step(que_thr_t*)+0x3b) [0x23c66ab]
      /usr/sbin/mysqld(que_run_threads(que_thr_t*)+0x318) [0x2365be8]
      /usr/sbin/mysqld(fts_eval_sql(trx_t*, que_fork_t*)+0x2d) [0x25aa5ed]
      /usr/sbin/mysqld(fts_index_fetch_nodes(trx_t*, que_fork_t**, fts_table_t*, fts_string_t const*, fts_fetch_t*)+0x116) [0x259ebf6]
      /usr/sbin/mysqld() [0x25a6081]
      /usr/sbin/mysqld() [0x25a8def]
      /usr/sbin/mysqld(fts_ast_visit(fts_ast_oper_t, fts_ast_node_t*, dberr_t (*)(fts_ast_oper_t, fts_ast_node_t*, void*), void*, bool*)+0x111) [0x25d9021]
      /usr/sbin/mysqld(fts_query(trx_t*, dict_index_t*, unsigned int, unsigned char const*, unsigned long, fts_result_t**, unsigned long long)+0x991) [0x25a6a81]
      /usr/sbin/mysqld(ha_innobase::ft_init_ext(unsigned int, unsigned int, String*)+0x2ad) [0x2280c6d]
      /usr/sbin/mysqld(Item_func_match::init_search(THD*)+0x551) [0xdb9941]
      /usr/sbin/mysqld(init_ftfuncs(THD*, Query_block*)+0x40) [0xf758c0]
      /usr/sbin/mysqld(JOIN::optimize()+0x197a) [0x100789a]
      /usr/sbin/mysqld(Query_block::optimize(THD*)+0xb6) [0x106e586]
      /usr/sbin/mysqld(Query_expression::optimize(THD*, TABLE*, bool)+0x7b) [0x10eb3bb]
      /usr/sbin/mysqld(Sql_cmd_dml::execute_inner(THD*)+0x2a) [0x106d2ca]
      /usr/sbin/mysqld(Sql_cmd_dml::execute(THD*)+0x186) [0x106c996]
      /usr/sbin/mysqld(mysql_execute_command(THD*, bool)+0x9e0) [0x1010280]
      /usr/sbin/mysqld(dispatch_sql_command(THD*, Parser_state*, bool)+0x4f1) [0x1013e11]
      /usr/sbin/mysqld(dispatch_command(THD*, COM_DATA const*, enum_server_command)+0x210b) [0x101642b]
      /usr/sbin/mysqld(do_command(THD*)+0x210) [0x10170b0]
      /usr/sbin/mysqld() [0x1164530]
      /usr/sbin/mysqld() [0x260b24e]
      /lib64/libpthread.so.0(+0x7ea5) [0x7ffa6e7b1ea5]
      /lib64/libc.so.6(clone+0x6d) [0x7ffa6cb6cb0d]Trying to get some variables.
      Some pointers may be invalid and cause the dump to abort.
      Query (7ff9c8d639a8): select * from tbtest where MATCH(col4) AGAINST('1some_inexistent_file_with_long_name\0.jpg')
      Connection ID (thread ID): 8
      Status: NOT_KILLED

       

      Attachments

        Activity

          People

            oleksandr.kachan Oleksandr Kachan
            phong.dinh Phong Dinh (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            12 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - Not Specified
                Not Specified
                Logged:
                Time Spent - 2 days, 5 hours, 25 minutes
                2d 5h 25m

                Smart Checklist