[MDEV-37975] Crash in page_validate() inside ibuf_merge_or_delete_for_page() - Jira

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.6, 10.11
Fix Version/s: 10.6, 10.11
Component/s: Storage Engine - InnoDB
Labels:
- coredump

Bug Category:
Can result in hang or crash

Description

Assertion found while testing ~~MDEV-37306~~

origin/MDEV-37306 cea7feb6242b9114b543007348d8f8de0935853d

# 2025-10-26T19:39:56 [2769508] | mariadbd: /data/Server/MDEV-37306/storage/innobase/rem/rem0rec.cc:576: bool rec_offs_validate(const rec_t*, const dict_index_t*, const rec_offs*): Assertion `!index->n_def || i <= max_n_fields || rec_is_metadata(rec, *index)' failed.

Stacktrace
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:44
#1 __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
#2 __GI___pthread_kill (threadid=<optimized out>, signo=6) at ./nptl/pthread_kill.c:89
#3 my_write_core (sig=6) at /data/Server/MDEV-37306/mysys/stacktrace.c:424
#4 handle_fatal_signal (sig=6) at /data/Server/MDEV-37306/sql/signal_handler.cc:298
#5 <signal handler called>
#6 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:44
#7 __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
#8 __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
#9 __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#10 __GI_abort () at ./stdlib/abort.c:79
#11 __assert_fail_base (fmt="%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry="!index->n_def \|\| i <= max_n_fields \|\| rec_is_metadata(rec, *index)",
file=file@entry="/data/Server/MDEV-37306/storage/innobase/rem/rem0rec.cc", line=line@entry=576,
function=function@entry="bool rec_offs_validate(const rec_t, const dict_index_t, const rec_offs*)") at ./assert/assert.c:94
#12 __assert_fail (assertion="!index->n_def \|\| i <= max_n_fields \|\| rec_is_metadata(rec, *index)", file="/data/Server/MDEV-37306/storage/innobase/rem/rem0rec.cc", line=576,
function="bool rec_offs_validate(const rec_t, const dict_index_t, const rec_offs*)") at ./assert/assert.c:103
#13 rec_offs_validate (rec=<optimized out>, rec@entry="\200", index=<optimized out>, index@entry=, offsets=offsets@entry=)
at /data/Server/MDEV-37306/storage/innobase/rem/rem0rec.cc:576
#14 cmp_rec_rec (rec1=rec1@entry="\200", rec2=rec2@entry="\200", offsets1=offsets1@entry=, offsets2=offsets2@entry=, index=index@entry=, nulls_unequal=nulls_unequal@entry=false,
matched_fields=) at /data/Server/MDEV-37306/storage/innobase/rem/rem0cmp.cc:832
#15 page_validate (page="\364n]\035", index=) at /data/Server/MDEV-37306/storage/innobase/page/page0page.cc:2227
#16 ibuf_merge_or_delete_for_page (block=block@entry=, page_id=..., zip_size=0) at /data/Server/MDEV-37306/storage/innobase/ibuf/ibuf0ibuf.cc:4256
#17 buf_page_ibuf_merge_try (block=block@entry=, rw_latch=rw_latch@entry=2, err=err@entry=) at /data/Server/MDEV-37306/storage/innobase/include/buf0buf.h:651
#18 buf_page_get_low (page_id=..., zip_size=zip_size@entry=0, rw_latch=rw_latch@entry=RW_X_LATCH, guess=guess@entry=, mode=mode@entry=10, mtr=mtr@entry=, err=, allow_ibuf_merge=true)
at /data/Server/MDEV-37306/storage/innobase/buf/buf0buf.cc:3011
#19 buf_page_get_gen (page_id=page_id@entry=..., zip_size=zip_size@entry=0, rw_latch=rw_latch@entry=RW_X_LATCH, guess=guess@entry=, mode=mode@entry=10, mtr=mtr@entry=, err=,
allow_ibuf_merge=true) at /data/Server/MDEV-37306/storage/innobase/buf/buf0buf.cc:3050
#20 btr_cur_t::search_leaf (this=this@entry=, tuple=tuple@entry=, mode=mode@entry=PAGE_CUR_LE, latch_mode=<optimized out>, latch_mode@entry=BTR_MODIFY_LEAF_ALREADY_LATCHED,
mtr=mtr@entry=) at /data/Server/MDEV-37306/storage/innobase/btr/btr0cur.cc:1268
#21 btr_pcur_open (mtr=, cursor=, latch_mode=BTR_MODIFY_LEAF_ALREADY_LATCHED, mode=PAGE_CUR_LE, tuple=) at /data/Server/MDEV-37306/storage/innobase/include/btr0pcur.h:430
#22 row_search_index_entry (entry=entry@entry=, mode=BTR_MODIFY_LEAF_ALREADY_LATCHED, pcur=pcur@entry=, mtr=mtr@entry=)
at /data/Server/MDEV-37306/storage/innobase/row/row0row.cc:1289
#23 row_undo_ins_remove_sec_low (mode=<optimized out>, mode@entry=BTR_MODIFY_LEAF, index=index@entry=, entry=entry@entry=, thr=thr@entry=)
at /data/Server/MDEV-37306/storage/innobase/row/row0uins.cc:304
#24 row_undo_ins_remove_sec (index=index@entry=, entry=, thr=thr@entry=) at /data/Server/MDEV-37306/storage/innobase/row/row0uins.cc:353
#25 row_undo_ins_remove_sec_rec (node=node@entry=, thr=thr@entry=) at /data/Server/MDEV-37306/storage/innobase/row/row0uins.cc:547
#26 row_undo_ins (node=node@entry=, thr=thr@entry=) at /data/Server/MDEV-37306/storage/innobase/row/row0uins.cc:599
#27 row_undo (node=node@entry=, thr=thr@entry=) at /data/Server/MDEV-37306/storage/innobase/row/row0undo.cc:401
#28 row_undo_step (thr=thr@entry=) at /data/Server/MDEV-37306/storage/innobase/row/row0undo.cc:442
#29 que_thr_step (thr=thr@entry=) at /data/Server/MDEV-37306/storage/innobase/que/que0que.cc:551
#30 que_run_threads_low (thr=thr@entry=) at /data/Server/MDEV-37306/storage/innobase/que/que0que.cc:609
--Type <RET> for more, q to quit, c to continue without paging--c
#31 que_run_threads (thr=) at /data/Server/MDEV-37306/storage/innobase/que/que0que.cc:629
#32 trx_t::rollback_low (this=this@entry=, savept=savept@entry=) at /data/Server/MDEV-37306/storage/innobase/trx/trx0roll.cc:117
#33 trx_rollback_for_mysql (trx=trx@entry=) at /data/Server/MDEV-37306/storage/innobase/trx/trx0roll.cc:211
#34 innobase_rollback (thd=<optimized out>, rollback_trx=true) at /data/Server/MDEV-37306/storage/innobase/handler/ha_innodb.cc:4768
#35 ha_rollback_trans (thd=thd@entry=, all=all@entry=true) at /data/Server/MDEV-37306/sql/handler.cc:2315
#36 trans_rollback (thd=thd@entry=) at /data/Server/MDEV-37306/sql/transaction.cc:391
#37 mysql_execute_command (thd=thd@entry=, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /data/Server/MDEV-37306/sql/sql_parse.cc:5827
#38 mysql_parse (thd=thd@entry=, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=) at /data/Server/MDEV-37306/sql/sql_parse.cc:8200
#39 dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=, packet=packet@entry=" ROLLBACK /* E_R Thread9 QNO 2363 CON_ID 663 */ ", packet_length=packet_length@entry=49,
blocking=blocking@entry=true) at /data/Server/MDEV-37306/sql/sql_parse.cc:1908
#40 do_command (thd=thd@entry=, blocking=blocking@entry=true) at /data/Server/MDEV-37306/sql/sql_parse.cc:1421
#41 do_handle_one_connection (connect=<optimized out>, connect@entry=, put_in_cache=put_in_cache@entry=true) at /data/Server/MDEV-37306/sql/sql_connect.cc:1386
#42 handle_one_connection (arg=) at /data/Server/MDEV-37306/sql/sql_connect.cc:1298
#43 start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:447
#44 clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

Core dump is present on SDP:-
/data/results/1761508324/TBR-1702

Attachments

Issue Links

relates to

MDEV-37976 Assertion `!ext || index->is_primary()' failed

Open

MDEV-37336 void ibuf_delete(const dtuple_t*, buf_block_t*, dict_index_t*, mtr_t*): Assertion `0' failed

Closed

MDEV-37517 dberr_t ibuf_merge_or_delete_for_page(buf_block_t*, page_id_t, ulint): Assertion `page_validate(block->page.frame, dummy_index)' failed

Open

Crash in page_validate() inside ibuf_merge_or_delete_for_page()

Details

Description

Attachments

Issue Links

Activity

People

Dates