Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-39923

Assertion `dtuple_get_n_fields_cmp(tuple) <= dict_index_get_n_unique_in_tree(index)' failed

    XMLWordPrintable

Details

    • Can result in hang or crash
    • Q3/2026 Server Maintenance

    Description

      --source include/have_innodb.inc
      		 
      --source include/have_partition.inc
      		 
      SET sql_mode='';
      		 
      CREATE TABLE t1 (c1 BIT KEY,c2 INT) ENGINE=InnoDB PARTITION BY LINEAR HASH(c1) PARTITIONS 822;
      		 
      ALTER TABLE t1 ADD INDEX idx1(c2);
      		 
      INSERT INTO t1 PARTITION (p1) VALUES (1,1);
      		 
      UPDATE t1 SET c1=(TIME_FORMAT(1,1)MOD 1) DIV (18 ^ SECOND(1));
      		 
      WITH cte AS(SELECT 1 FROM t1) SELECT 1 FROM cte;
      		 
      HANDLER t1 OPEN;
      		 
      HANDLER t1 READ `PRIMARY`=(1);
      		 
      SET GLOBAL innodb_buffer_pool_size=+1;
      		 
      HANDLER t1 READ `PRIMARY` PREV;

      Leads to:

      CS 11.8.8 b494164767979072713fdeccc175ce3b3f5b1983 (Optimized, Clang 18.1.3-11) Build 24/05/2026

      		 
      Core was generated by `/test/MD240526-mariadb-11.8.8-linux-x86_64-opt/bin/mariadbd --no-defaults --loo'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  __memcpy_evex_unaligned_erms ()at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:323
      		 
       
      		 
      [Current thread is 1 (LWP 758508)]
      		 
      (gdb) bt
      		 
      #0  __memcpy_evex_unaligned_erms ()at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:323
      		 
      #1  0x0000555556350f46 in row_sel_store_mysql_field (mysql_rec=mysql_rec@entry=0x10000000a <error: Cannot access memory at address 0x10000000a>, prebuilt=prebuilt@entry=0x77fec522e688, rec=rec@entry=0x77ff9401407e "", index=index@entry=0x77fec4409bb8, offsets=<optimized out>, field_no=<optimized out>, templ=0x77fec4697fd8)at /test/11.8_opt/storage/innobase/row/row0sel.cc:3103
      		 
      #2  0x000055555634c8b0 in row_sel_store_mysql_rec (mysql_rec=mysql_rec@entry=0x10000000a <error: Cannot access memory at address 0x10000000a>, prebuilt=prebuilt@entry=0x77fec522e688, rec=rec@entry=0x77ff9401407e "", vrow=0x0, rec_clust=false, index=index@entry=0x77fec4409bb8, offsets=0x7fffe418d110)at /test/11.8_opt/storage/innobase/row/row0sel.cc:3239
      		 
      #3  0x000055555634b479 in row_search_mvcc (buf=0x10000000a <error: Cannot access memory at address 0x10000000a>, mode=PAGE_CUR_G, mode@entry=PAGE_CUR_UNSUPP, prebuilt=0x77fec522e688, match_mode=0, direction=2)at /test/11.8_opt/storage/innobase/row/row0sel.cc:5709
      		 
      #4  0x00005555562908b6 in ha_innobase::general_fetch (this=0x77feca3d4678, buf=0x10000000b <error: Cannot access memory at address 0x10000000b>, direction=1451945552, match_mode=<optimized out>)at /test/11.8_opt/storage/innobase/handler/ha_innodb.cc:9245
      		 
      #5  0x0000555555fd9e87 in handler::ha_index_prev (this=0x77feca3d4678, buf=0x10000000a <error: Cannot access memory at address 0x10000000a>)at /test/11.8_opt/sql/handler.cc:4005
      		 
      #6  0x00005555561f7e7b in ha_partition::handle_ordered_prev (this=0x77feca3d3d98, buf=0x77fec50f2118 "\377\001")at /test/11.8_opt/sql/ha_partition.cc:8527
      		 
      #7  0x0000555555fd9e87 in handler::ha_index_prev (this=0x77feca3d3d98, buf=0x77fec50f2118 "\377\001") at /test/11.8_opt/sql/handler.cc:4005
      		 
      #8  0x0000555555d4209e in mysql_ha_read (thd=thd@entry=0x77fec4000c68, tables=tables@entry=0x77fec40177a0, mode=<optimized out>, keyname=0x77fec4017ed8 "PRIMARY", key_expr=<optimized out>, ha_rkey_mode=HA_READ_KEY_EXACT, cond=0x0, select_limit_cnt=1, offset_limit_cnt=0) at /test/11.8_opt/sql/sql_handler.cc:933
      		 
      #9  0x0000555555d7f45a in mysql_execute_command (thd=thd@entry=0x77fec4000c68, is_called_from_prepared_stmt=false) at /test/11.8_opt/sql/sql_parse.cc:5549
      		 
      #10 0x0000555555d78f42 in mysql_parse (thd=thd@entry=0x77fec4000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7fffe418e4f0)at /test/11.8_opt/sql/sql_parse.cc:7953
      		 
      #11 0x0000555555d773ff in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x77fec4000c68, packet=packet@entry=0x77fec4008889 "", packet_length=packet_length@entry=30, blocking=true)at /test/11.8_opt/sql/sql_parse.cc:1923
      		 
      #12 0x0000555555d793c1 in do_command (thd=thd@entry=0x77fec4000c68, blocking=true) at /test/11.8_opt/sql/sql_parse.cc:1431
      		 
      #13 0x0000555555e99d3d in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5555581e0be8, put_in_cache=true)at /test/11.8_opt/sql/sql_connect.cc:1504
      		 
      #14 0x0000555555e99b72 in handle_one_connection (arg=arg@entry=0x5555581e0be8)at /test/11.8_opt/sql/sql_connect.cc:1416
      		 
      #15 0x0000555556201533 in pfs_spawn_thread (arg=0x5555581e0c58)at /test/11.8_opt/storage/perfschema/pfs.cc:2198
      		 
      #16 0x00007fffe6e9caa4 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
      		 
      #17 0x00007fffe6f29c6c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

      CS 11.8.8 b494164767979072713fdeccc175ce3b3f5b1983 (Debug, Clang 18.1.3-11) Build 24/05/2026

      		 
      mariadbd: /test/11.8_dbg/storage/innobase/dict/dict0dict.cc:3571: ulint dict_index_check_search_tuple(const dict_index_t *, const dtuple_t *): Assertion `dtuple_get_n_fields_cmp(tuple) <= dict_index_get_n_unique_in_tree(index)' failed.

      CS 11.8.8 b494164767979072713fdeccc175ce3b3f5b1983 (Debug, Clang 18.1.3-11) Build 24/05/2026

      		 
      Core was generated by `/test/MD240526-mariadb-11.8.8-linux-x86_64-dbg/bin/mariadbd --no-defaults --loo'.
      		 
      Program terminated with signal SIGABRT, Aborted.
      		 
      #0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44
      		 
       
      		 
      [Current thread is 1 (LWP 758614)]
      		 
      (gdb) bt
      		 
      #0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44
      		 
      #1  __pthread_kill_internal (signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:78
      		 
      #2  __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6)at ./nptl/pthread_kill.c:89
      		 
      #3  0x00007fffe6e4527e in __GI_raise (sig=sig@entry=6)at ../sysdeps/posix/raise.c:26
      		 
      #4  0x00007fffe6e288ff in __GI_abort () at ./stdlib/abort.c:79
      		 
      #5  0x00007fffe6e2881b in __assert_fail_base (fmt=0x7fffe6fd01e8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x55555719a706 "dtuple_get_n_fields_cmp(tuple) <= dict_index_get_n_unique_in_tree(index)", file=file@entry=0x55555719977c "/test/11.8_dbg/storage/innobase/dict/dict0dict.cc", line=line@entry=3571, function=function@entry=0x55555719a74f "ulint dict_index_check_search_tuple(const dict_index_t *, const dtuple_t *)") at ./assert/assert.c:96
      		 
      #6  0x00007fffe6e3b517 in __assert_fail (assertion=0x55555719a706 "dtuple_get_n_fields_cmp(tuple) <= dict_index_get_n_unique_in_tree(index)", file=0x55555719977c "/test/11.8_dbg/storage/innobase/dict/dict0dict.cc", line=3571, function=0x55555719a74f "ulint dict_index_check_search_tuple(const dict_index_t *, const dtuple_t *)") at ./assert/assert.c:105
      		 
      #7  0x0000555556baf313 in dict_index_check_search_tuple (index=0x77fee85b9648, tuple=0x77fee83e4f88)at /test/11.8_dbg/storage/innobase/dict/dict0dict.cc:3570
      		 
      #8  0x0000555556b197ed in btr_cur_t::search_leaf (this=0x77fe9f0ea1d8, tuple=0x77fee83e4f88, mode=PAGE_CUR_G, latch_mode=BTR_SEARCH_LEAF, mtr=0x7fffc06cd850) at /test/11.8_dbg/storage/innobase/btr/btr0cur.cc:1098
      		 
      #9  0x00005555569e837f in btr_pcur_open_with_no_init (tuple=0x77fee83e4f88, mode=PAGE_CUR_G, latch_mode=BTR_SEARCH_LEAF, cursor=0x77fe9f0ea1d8, mtr=0x7fffc06cd850) at include/btr0pcur.inl:322
      		 
      #10 0x0000555556b3f8e8 in btr_pcur_t::restore_position (this=0x77fe9f0ea1d8, restore_latch_mode=BTR_SEARCH_LEAF, mtr=0x7fffc06cd850)at /test/11.8_dbg/storage/innobase/btr/btr0pcur.cc:423
      		 
      #11 0x0000555556a4e50e in sel_restore_position_for_mysql (same_user_rec=0x7fffc06cd1a7, latch_mode=BTR_SEARCH_LEAF, pcur=0x77fe9f0ea1d8, moves_up=false, mtr=0x7fffc06cd850)at /test/11.8_dbg/storage/innobase/row/row0sel.cc:3651
      		 
      #12 0x0000555556a47ffc in row_search_mvcc (buf=0xa5a5a5a5a5a5a5af <error: Cannot access memory at address 0xa5a5a5a5a5a5a5af>, mode=PAGE_CUR_G, prebuilt=0x77fe9f0ea008, match_mode=0, direction=2)at /test/11.8_dbg/storage/innobase/row/row0sel.cc:4740
      		 
      #13 0x00005555568069fe in ha_innobase::general_fetch (this=0x77fe9ef1a788, buf=0xa5a5a5a5a5a5a5af <error: Cannot access memory at address 0xa5a5a5a5a5a5a5af>, direction=2, match_mode=0)at /test/11.8_dbg/storage/innobase/handler/ha_innodb.cc:9245
      		 
      #14 0x0000555556806c84 in ha_innobase::index_prev (this=0x77fe9ef1a788, buf=0xa5a5a5a5a5a5a5af <error: Cannot access memory at address 0xa5a5a5a5a5a5a5af>) at /test/11.8_dbg/storage/innobase/handler/ha_innodb.cc:9326
      		 
      #15 0x0000555556414713 in handler::ha_index_prev (this=0x77fe9ef1a788, buf=0xa5a5a5a5a5a5a5af <error: Cannot access memory at address 0xa5a5a5a5a5a5a5af>) at /test/11.8_dbg/sql/handler.cc:4005
      		 
      #16 0x000055555678bd49 in ha_partition::handle_ordered_prev (this=0x77fe9ef19ea8, buf=0x77fe9f1aa998 "\377\001")at /test/11.8_dbg/sql/ha_partition.cc:8527
      		 
      #17 0x000055555678bcbc in ha_partition::index_prev (this=0x77fe9ef19ea8, buf=0x77fe9f1aa998 "\377\001") at /test/11.8_dbg/sql/ha_partition.cc:6349
      		 
      #18 0x0000555556414713 in handler::ha_index_prev (this=0x77fe9ef19ea8, buf=0x77fe9f1aa998 "\377\001") at /test/11.8_dbg/sql/handler.cc:4005
      		 
      #19 0x0000555555f88149 in mysql_ha_read (thd=0x77fee8000d58, tables=0x77fee8019f90, mode=RPREV, keyname=0x77fee801a6c8 "PRIMARY", key_expr=0x77fee801a6e0, ha_rkey_mode=HA_READ_KEY_EXACT, cond=0x0, select_limit_cnt=1, offset_limit_cnt=0)at /test/11.8_dbg/sql/sql_handler.cc:933
      		 
      #20 0x0000555555ff18de in mysql_execute_command (thd=0x77fee8000d58, is_called_from_prepared_stmt=false) at /test/11.8_dbg/sql/sql_parse.cc:5549
      		 
      #21 0x0000555555fe2484 in mysql_parse (thd=0x77fee8000d58, rawbuf=0x77fee8019e30 "HANDLER t1 READ `PRIMARY` PREV", length=30, parser_state=0x7fffc06cfa10) at /test/11.8_dbg/sql/sql_parse.cc:7953
      		 
      #22 0x0000555555fdf7c9 in dispatch_command (command=COM_QUERY, thd=0x77fee8000d58, packet=0x77fee800b079 "", packet_length=30, blocking=true) at /test/11.8_dbg/sql/sql_parse.cc:1923
      		 
      #23 0x0000555555fe3033 in do_command (thd=0x77fee8000d58, blocking=true)at /test/11.8_dbg/sql/sql_parse.cc:1431
      		 
      #24 0x00005555561d0959 in do_handle_one_connection (connect=0x555558b13028, put_in_cache=true) at /test/11.8_dbg/sql/sql_connect.cc:1504
      		 
      #25 0x00005555561d06fe in handle_one_connection (arg=0x555558bd38d8)at /test/11.8_dbg/sql/sql_connect.cc:1416
      		 
      #26 0x00007fffe6e9caa4 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
      		 
      #27 0x00007fffe6f29c6c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

      Bug Detection Matrix

      		 
          Rel    o/d  Build   Commit                                    UniqueID observed             
      CS  10.6   dbg  240526  b2050fdb4a8776422baf01a41bf86845994edb97  SIGSEGV|row_sel_field_store_in_mysql_format_func|row_sel_store_mysql_field|row_sel_store_mysql_rec|row_search_mvcc
      		 
      CS  10.6   opt  240526  b2050fdb4a8776422baf01a41bf86845994edb97  SIGSEGV|row_sel_store_mysql_field|row_sel_store_mysql_rec|row_search_mvcc|ha_innobase::general_fetch
      		 
      CS  10.11  dbg  240526  9ed3a7f9f6929aa34420a8616930844d3a35bb91  SIGSEGV|row_sel_field_store_in_mysql_format_func|row_sel_store_mysql_field|row_sel_store_mysql_rec|row_search_mvcc
      		 
      CS  10.11  opt  240526  9ed3a7f9f6929aa34420a8616930844d3a35bb91  SIGSEGV|row_sel_store_mysql_field|row_sel_store_mysql_rec|row_search_mvcc|ha_innobase::general_fetch
      		 
      CS  11.4   dbg  240526  19c59f2c79637cc360cc6d6b219ed9131124500d  dtuple_get_n_fields_cmp(tuple) <= dict_index_get_n_unique_in_tree(index)|SIGABRT|dict_index_check_search_tuple|btr_cur_t::search_leaf|btr_pcur_open_with_no_init|btr_pcur_t::restore_position
      		 
      CS  11.4   opt  240526  19c59f2c79637cc360cc6d6b219ed9131124500d  SIGSEGV|row_sel_store_mysql_field|row_sel_store_mysql_rec|row_search_mvcc|ha_innobase::general_fetch
      		 
      CS  11.8   dbg  240526  b494164767979072713fdeccc175ce3b3f5b1983  dtuple_get_n_fields_cmp(tuple) <= dict_index_get_n_unique_in_tree(index)|SIGABRT|dict_index_check_search_tuple|btr_cur_t::search_leaf|btr_pcur_open_with_no_init|btr_pcur_t::restore_position
      		 
      CS  11.8   opt  240526  b494164767979072713fdeccc175ce3b3f5b1983  SIGSEGV|row_sel_store_mysql_field|row_sel_store_mysql_rec|row_search_mvcc|ha_innobase::general_fetch
      		 
      CS  12.3   dbg  240526  66b3c6784689fbb65110a5b21efcb815a8bcde24  old_rec|SIGABRT|ut_dbg_assertion_failed|btr_pcur_t::restore_position|sel_restore_position_for_mysql|row_search_mvcc
      		 
      CS  12.3   opt  240526  66b3c6784689fbb65110a5b21efcb815a8bcde24  old_rec|SIGABRT|ut_dbg_assertion_failed|btr_pcur_t::restore_position|sel_restore_position_for_mysql|row_search_mvcc
      		 
      CS  13.0   dbg  240526  c8e8d33309606e682c98675d594dbd23ebc2ddf6  old_rec|SIGABRT|ut_dbg_assertion_failed|btr_pcur_t::restore_position|sel_restore_position_for_mysql|row_search_mvcc
      		 
      CS  13.0   opt  240526  c8e8d33309606e682c98675d594dbd23ebc2ddf6  No bug found                  
      ES  10.6   dbg  240526  55cfada6c54d1b08f2372adc1369a5e5e76f472d  SIGSEGV|row_sel_field_store_in_mysql_format_func|row_sel_store_mysql_field|row_sel_store_mysql_rec|row_search_mvcc
      		 
      ES  10.6   opt  240526  55cfada6c54d1b08f2372adc1369a5e5e76f472d  SIGSEGV|row_sel_store_mysql_field|row_sel_store_mysql_rec|row_search_mvcc|ha_innobase::general_fetch
      		 
      ES  11.4   dbg  240526  90f707057d44f1b5c013a0c3672fd12f32ea7085  dtuple_get_n_fields_cmp(tuple) <= dict_index_get_n_unique_in_tree(index)|SIGABRT|dict_index_check_search_tuple|btr_cur_t::search_leaf|btr_pcur_open_with_no_init|btr_pcur_t::restore_position
      		 
      ES  11.4   opt  240526  90f707057d44f1b5c013a0c3672fd12f32ea7085  SIGSEGV|ha_partition::return_top_record|ha_partition::handle_ordered_prev|handler::ha_index_prev|mysql_ha_read
      		 
      ES  11.8   dbg  240526  d4fbd664a4514441bb3d9042c0089842ee6fc3c8  dtuple_get_n_fields_cmp(tuple) <= dict_index_get_n_unique_in_tree(index)|SIGABRT|dict_index_check_search_tuple|btr_cur_t::search_leaf|btr_pcur_open_with_no_init|btr_pcur_t::restore_position
      		 
      ES  11.8   opt  240526  d4fbd664a4514441bb3d9042c0089842ee6fc3c8  SIGSEGV|row_sel_store_mysql_field|row_sel_store_mysql_rec|row_search_mvcc|ha_innobase::general_fetch
      		 
      ES  12.3   dbg  240526  4063148254974421994024b7cc94f6f2a850177d  old_rec|SIGABRT|ut_dbg_assertion_failed|btr_pcur_t::restore_position|sel_restore_position_for_mysql|row_search_mvcc
      		 
      ES  12.3   opt  240526  4063148254974421994024b7cc94f6f2a850177d  No bug found

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-32648 InnoDB: Failing assertion: old_rec in storage/innobase/btr/btr0pcur.cc line 366

          • Major - Major loss of function.
          • Open

          Activity

            People

              thiru Thirunarayanan Balathandayuthapani
              saahil Saahil Alam
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.