Bug #65233 Using percent sign in FTS crashes the server
Submitted: 7 May 2012 21:34 Modified: 24 Dec 2012 8:25
Reporter: Vyacheslav Brover Email Updates:
Status: Duplicate Impact on me:
None 
Category:MySQL Server: FULLTEXT search Severity:S1 (Critical)
Version:5.6.5-m8-log OS:Linux (Linux 2.6.18-194.32.1.el5)
Assigned to: CPU Architecture:Any
Tags: BINARY, crash, fts, percent, utf8

[7 May 2012 21:34] Vyacheslav Brover 
Description:
A FTS query using the character '%' in the "against" clause crashes the server.
For example,
  select * from TAB where match(Title) against ('protein%');

How to repeat:
Let column TAB.Title have an FTS index.
Then the below statement results in error 2013.
  select * from TAB where match(Title) against ('protein%');

The contents of the .err file is below:

ft_init_ext()
keynr=4, 'protein%'
NL search
120507 14:29:13  InnoDB: Assertion failure in thread 1100994880 in file fts0que.cc line 2778
InnoDB: Failing assertion: ret == 0
InnoDB: We intentionally generate a memory trap.
InnoDB: Submit a detailed bug report to http://bugs.mysql.com.
InnoDB: If you get repeated assertion failures or crashes, even
InnoDB: immediately after the mysqld startup, there may be
InnoDB: corruption in the InnoDB tablespace. Please refer to
InnoDB: http://dev.mysql.com/doc/refman/5.6/en/forcing-innodb-recovery.html
InnoDB: about forcing recovery.
21:29:13 UTC - mysqld got signal 6 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help
diagnose the problem, but since we have already crashed,
something is definitely wrong and this may fail.

key_buffer_size=402653184
read_buffer_size=2097152
max_used_connections=2
max_threads=151
thread_count=2
connection_count=2
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 1013717 K  bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

Thread pointer: 0xb279d50
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 419fd0d8 thread_stack 0x40000
/opt/mysql/bin/mysqld(my_print_stacktrace+0x35)[0x88cb85]
/opt/mysql/bin/mysqld(handle_fatal_signal+0x403)[0x637323]
/lib64/libpthread.so.0[0x31a7a0eb10]
/lib64/libc.so.6(gsignal+0x35)[0x31a6e30265]
/lib64/libc.so.6(abort+0x110)[0x31a6e31d10]
/opt/mysql/bin/mysqld[0xa2ca8a]
/opt/mysql/bin/mysqld[0xa2cb07]
/opt/mysql/bin/mysqld[0x96e583]
/opt/mysql/bin/mysqld[0x94b0e8]
/opt/mysql/bin/mysqld[0xa302ed]
/opt/mysql/bin/mysqld[0xa26277]
/opt/mysql/bin/mysqld[0xa2d573]
/opt/mysql/bin/mysqld[0xa2f3f0]
/opt/mysql/bin/mysqld[0xa3b1fe]
/opt/mysql/bin/mysqld[0xa2dcde]
/opt/mysql/bin/mysqld[0x8eac16]
/opt/mysql/bin/mysqld(_ZN15Item_func_match11init_searchEb+0x181)[0x5d5971]
/opt/mysql/bin/mysqld(_Z12init_ftfuncsP3THDP13st_select_lexb+0x60)[0x664360]
/opt/mysql/bin/mysqld(_ZN4JOIN8optimizeEv+0x121e)[0x6c449e]
/opt/mysql/bin/mysqld(_Z12mysql_selectP3THDP10TABLE_LISTjR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex+0x176)[0x6f5486]
/opt/mysql/bin/mysqld(_Z13handle_selectP3THDP3LEXP13select_resultm+0x16a)[0x6f5cba]
/opt/mysql/bin/mysqld[0x6cb638]
/opt/mysql/bin/mysqld(_Z21mysql_execute_commandP3THD+0x26c0)[0x6cec80]
/opt/mysql/bin/mysqld(_Z11mysql_parseP3THDPcjP12Parser_state+0x2db)[0x6d134b]
/opt/mysql/bin/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcj+0x8e5)[0x6d22e5]
/opt/mysql/bin/mysqld(_Z24do_handle_one_connectionP3THD+0x10f)[0x68483f]
/opt/mysql/bin/mysqld(handle_one_connection+0x45)[0x684915]
/lib64/libpthread.so.0[0x31a7a0673d]
/lib64/libc.so.6(clone+0x6d)[0x31a6ed3f6d]

Trying to get some variables.
Some pointers may be invalid and cause the dump to abort.
Query (b2858c0): select Id from icmdb_page.LABPAGE where match(Title) against ('protein%')
Connection ID (thread ID): 2
Status: NOT_KILLED

The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
information that should help you find out what is causing the crash.
120507 14:29:13 mysqld_safe Number of processes running now: 0
120507 14:29:13 mysqld_safe mysqld restarted
120507 14:29:13 [Warning] Changed limits: max_open_files: 1024  max_connections: 151  table_cache: 431
120507 14:29:13 [Note] Plugin 'FEDERATED' is disabled.
120507 14:29:13 InnoDB: Warning: Using innodb_additional_mem_pool_size is DEPRECATED. This option may be removed in future releases, together with the option innodb_use_sys_malloc and with the InnoDB's internal memory allocator.
120507 14:29:13 InnoDB: The InnoDB memory heap is disabled
120507 14:29:13 InnoDB: Mutexes and rw_locks use GCC atomic builtins
120507 14:29:13 InnoDB: Compressed tables use zlib 1.2.3
120507 14:29:13 InnoDB: Using Linux native AIO
120507 14:29:13 InnoDB: CPU does not support crc32 instructions
120507 14:29:13 InnoDB: Initializing buffer pool, size = 384.0M
120507 14:29:13 InnoDB: Completed initialization of buffer pool
120507 14:29:13 InnoDB: highest supported file format is Barracuda.
InnoDB: The log sequence number in ibdata files does not match
InnoDB: the log sequence number in the ib_logfiles!
120507 14:29:13  InnoDB: Database was not shut down normally!
InnoDB: Starting crash recovery.
InnoDB: Reading tablespace information from the .ibd files...
InnoDB: Restoring possible half-written data pages from the doublewrite
InnoDB: buffer...
InnoDB: Last MySQL binlog file position 0 73829869, file name ./mysql-bin.000017
120507 14:29:13 InnoDB: 128 rollback segment(s) are active.
120507 14:29:13 InnoDB: 1.2.5 started; log sequence number 1386373089
120507 14:29:13 [Note] Recovering after a crash using mysql-bin
120507 14:29:13 [Note] Starting crash recovery...
120507 14:29:13 [Note] Crash recovery finished.
120507 14:29:13 [Note] Event Scheduler: Loaded 0 events
120507 14:29:13 [Note] /opt/mysql/bin/mysqld: ready for connections.
Version: '5.6.5-m8-log'  socket: '/tmp/mysql.sock'  port: 53306  MySQL Community Server (GPL)
[7 May 2012 22:35] MySQL Verification Team 
Could you please provide the complete test case (create table, insert and so on) I could not repeat on my own. Provide the my.cnf too. Thanks.
[7 May 2012 23:14] Vyacheslav Brover 
How to reproduce:

create table test.TAB
(
  Id int(6) not null,
 Title varbinary(4000),
 primary key (Id)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

insert into test.TAB (Id, Title) values (1, 'aa');
insert into test.TAB (Id, Title) values (2, 'bb');
insert into test.TAB (Id, Title) values (3, 'protein');

alter table test.TAB modify Title varchar(4000) CHARACTER SET utf8 COLLATE utf8_bin;
create fulltext index  Title_fts on test.TAB (Title);

select Id from test.TAB where match(Title) against ('protein%');
[7 May 2012 23:16] Vyacheslav Brover 
my.cnf

Attachment: my.cnf (application/octet-stream, text), 4.59 KiB.
[7 May 2012 23:46] MySQL Verification Team 
Thank you for the feedback. Verified as described.

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.6.5-m8 MySQL Community Server (GPL)

Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> create table test.TAB
    -> (
    ->   Id int(6) not null,
    ->  Title varbinary(4000),
    ->  primary key (Id)
    -> ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
Query OK, 0 rows affected (0.07 sec)

mysql>
mysql> insert into test.TAB (Id, Title) values (1, 'aa');
Query OK, 1 row affected (0.03 sec)

mysql> insert into test.TAB (Id, Title) values (2, 'bb');
Query OK, 1 row affected (0.04 sec)

mysql> insert into test.TAB (Id, Title) values (3, 'protein');
Query OK, 1 row affected (0.03 sec)

mysql>
mysql> alter table test.TAB modify Title varchar(4000) CHARACTER SET utf8 COLLATE utf8_bin;
Query OK, 3 rows affected (0.23 sec)
Records: 3  Duplicates: 0  Warnings: 0

mysql> create fulltext index  Title_fts on test.TAB (Title);
Query OK, 0 rows affected (0.33 sec)
Records: 0  Duplicates: 0  Warnings: 0

mysql>
mysql> select Id from test.TAB where match(Title) against ('protein%');
ERROR 2013 (HY000): Lost connection to MySQL server during query
mysql>
[10 May 2012 23:08] MySQL Verification Team 
Looks like is already fixed:

d:\dbs>d:\dbs\5.6\bin\mysql -uroot --port=3540 --prompt="mysql 5.6 >"
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.6.6-m9 Source distribution

Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql 5.6 >create table test.TAB
    -> (
    ->   Id int(6) not null,
    ->  Title varbinary(4000),
    ->  primary key (Id)
    -> ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
Query OK, 0 rows affected (0.00 sec)

mysql 5.6 >insert into test.TAB (Id, Title) values (1, 'aa');
Query OK, 1 row affected (0.00 sec)

mysql 5.6 >insert into test.TAB (Id, Title) values (2, 'bb');
Query OK, 1 row affected (0.00 sec)

mysql 5.6 >insert into test.TAB (Id, Title) values (3, 'protein');
Query OK, 1 row affected (0.01 sec)

mysql 5.6 >alter table test.TAB modify Title varchar(4000) CHARACTER SET utf8 COLLATE utf8_bin;
Query OK, 3 rows affected (0.26 sec)
Records: 3  Duplicates: 0  Warnings: 0

mysql 5.6 >create fulltext index  Title_fts on test.TAB (Title);
Query OK, 0 rows affected, 1 warning (0.08 sec)
Records: 0  Duplicates: 0  Warnings: 1

mysql 5.6 >show warnings;
+---------+------+--------------------------------------------------+
| Level   | Code | Message                                          |
+---------+------+--------------------------------------------------+
| Warning |  124 | InnoDB rebuilding table to add column FTS_DOC_ID |
+---------+------+--------------------------------------------------+
1 row in set (0.00 sec)

mysql 5.6 >select Id from test.TAB where match(Title) against ('protein%');
+----+
| Id |
+----+
|  3 |
+----+
1 row in set (0.00 sec)

mysql 5.6 >SHOW CREATE TABLE test.TAB;
+-------+------------------------------------------------------------------
------------------------------------------------------------------------+
| Table | Create Table
                                                                        |
+-------+------------------------------------------------------------------
------------------------------------------------------------------------+
| TAB   | CREATE TABLE `tab` (
  `Id` int(6) NOT NULL,
  `Title` varchar(4000) CHARACTER SET utf8 COLLATE utf8_bin DEFAULT NULL,
  PRIMARY KEY (`Id`),
  FULLTEXT KEY `Title_fts` (`Title`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 |
+-------+------------------------------------------------------------------
------------------------------------------------------------------------+
1 row in set (0.00 sec)
[24 Dec 2012 8:25] Erlend Dahl 
This is a duplicate of Bug #64901 InnoDB: Assertion failure in thread 34387022112 in file rem0cmp.cc line 584 - which was fixed in 5.6.6.