[MDEV-24570] InnoDB indexes are inconsistent with what defined in .frm, Assertion `size == rec_offs_size(*offsets)' failed in page_cur_tuple_insert Created: 2021-01-11  Updated: 2022-01-07

Status: Open
Project: MariaDB Server
Component/s: Storage Engine - InnoDB
Affects Version/s: 10.4, 10.5
Fix Version/s: 10.4, 10.5

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Elena Stepanova
Resolution: Unresolved Votes: 0
Labels: needs_bisect


 Description    

--source include/have_innodb.inc
 
 
 
CREATE TABLE t1 (
 
 pk int,
 
 a char(1),
 
 b decimal,
 
 c decimal,
 
 col_int int,
 
 primary key (pk),
 
 key (a),
 
 key (c)
 
) ENGINE=InnoDB;
 
 
 
CREATE TABLE t2 (
 
  pk INT PRIMARY KEY,
 
  a INT,
 
  b CHAR(1),
 
  KEY(b),
 
  CONSTRAINT fk FOREIGN KEY(a) REFERENCES t2(pk)
 
) ENGINE=InnoDB;
 
 
 
SET FOREIGN_KEY_CHECKS= OFF;
 
--error ER_FK_FAIL_ADD_SYSTEM
 
ALTER TABLE t1 DROP COLUMN b, ADD CONSTRAINT fk FOREIGN KEY (a) REFERENCES t2(b);
 
INSERT INTO t1 VALUES (1,'r',9,0,1),(2,'a',0,0,6);
 
 
 
# Cleanup
 
DROP TABLE t1, t2;

10.4 a131b976

 
2021-01-11 16:00:11 9 [ERROR] Found index c whose column info does not match that of MariaDB.
 
2021-01-11 16:00:11 9 [ERROR] InnoDB indexes are inconsistent with what defined in .frm for table ./test/t1
 
mysqld: /data/src/10.4/storage/innobase/include/page0cur.ic:278: rec_t* page_cur_tuple_insert(page_cur_t*, const dtuple_t*, dict_index_t*, rec_offs**, mem_heap_t**, ulint, mtr_t*): Assertion `size == rec_offs_size(*offsets)' failed.
 
210111 16:00:11 [ERROR] mysqld got signal 6 ;
 
 
 
#7  0x00007f2c571e6f36 in __GI___assert_fail (assertion=0x55b35224e820 "size == rec_offs_size(*offsets)", file=0x55b35224e638 "/data/src/10.4/storage/innobase/include/page0cur.ic", line=278, function=0x55b35224e840 "rec_t* page_cur_tuple_insert(page_cur_t*, const dtuple_t*, dict_index_t*, rec_offs**, mem_heap_t**, ulint, mtr_t*)") at assert.c:101
 
#8  0x000055b351afe85a in page_cur_tuple_insert (cursor=0x7f2c503a9388, tuple=0x7f2c00086258, index=0x7f2c001a6f20, offsets=0x7f2c503a9328, heap=0x7f2c503a9300, n_ext=0, mtr=0x7f2c503a9680) at /data/src/10.4/storage/innobase/include/page0cur.ic:278
 
#9  0x000055b351b0cf6e in btr_cur_optimistic_insert (flags=0, cursor=0x7f2c503a9380, offsets=0x7f2c503a9328, heap=0x7f2c503a9300, entry=0x7f2c00086258, rec=0x7f2c503a9330, big_rec=0x7f2c503a9338, n_ext=0, thr=0x7f2c001512d0, mtr=0x7f2c503a9680) at /data/src/10.4/storage/innobase/btr/btr0cur.cc:3581
 
#10 0x000055b3519c792f in row_ins_sec_index_entry_low (flags=0, mode=2, index=0x7f2c001a6f20, offsets_heap=0x7f2c000619a0, heap=0x7f2c00061e30, entry=0x7f2c00086258, trx_id=0, thr=0x7f2c001512d0) at /data/src/10.4/storage/innobase/row/row0ins.cc:3089
 
#11 0x000055b3519c822e in row_ins_sec_index_entry (index=0x7f2c001a6f20, entry=0x7f2c00086258, thr=0x7f2c001512d0, check_foreign=true) at /data/src/10.4/storage/innobase/row/row0ins.cc:3291
 
#12 0x000055b3519c8428 in row_ins_index_entry (index=0x7f2c001a6f20, entry=0x7f2c00086258, thr=0x7f2c001512d0) at /data/src/10.4/storage/innobase/row/row0ins.cc:3338
 
#13 0x000055b3519c8cdf in row_ins_index_entry_step (node=0x7f2c00151038, thr=0x7f2c001512d0) at /data/src/10.4/storage/innobase/row/row0ins.cc:3505
 
#14 0x000055b3519c91ff in row_ins (node=0x7f2c00151038, thr=0x7f2c001512d0) at /data/src/10.4/storage/innobase/row/row0ins.cc:3664
 
#15 0x000055b3519c9b1f in row_ins_step (thr=0x7f2c001512d0) at /data/src/10.4/storage/innobase/row/row0ins.cc:3810
 
#16 0x000055b3519ef7f6 in row_insert_for_mysql (mysql_rec=0x7f2c000469e0 "\341\001", prebuilt=0x7f2c00150a60, ins_mode=ROW_INS_NORMAL) at /data/src/10.4/storage/innobase/row/row0mysql.cc:1422
 
#17 0x000055b351842fd2 in ha_innobase::write_row (this=0x7f2c001b4e38, record=0x7f2c000469e0 "\341\001") at /data/src/10.4/storage/innobase/handler/ha_innodb.cc:8001
 
#18 0x000055b3515f6404 in handler::ha_write_row (this=0x7f2c001b4e38, buf=0x7f2c000469e0 "\341\001") at /data/src/10.4/sql/handler.cc:6753
 
#19 0x000055b35122f8f9 in write_record (thd=0x7f2c00000d90, table=0x7f2c00087bc0, info=0x7f2c503aaa70) at /data/src/10.4/sql/sql_insert.cc:2058
 
#20 0x000055b35122c78b in mysql_insert (thd=0x7f2c00000d90, table_list=0x7f2c00013560, fields=..., values_list=..., update_fields=..., update_values=..., duplic=DUP_ERROR, ignore=false) at /data/src/10.4/sql/sql_insert.cc:1078
 
#21 0x000055b35127b326 in mysql_execute_command (thd=0x7f2c00000d90) at /data/src/10.4/sql/sql_parse.cc:4571
 
#22 0x000055b351286d5f in mysql_parse (thd=0x7f2c00000d90, rawbuf=0x7f2c00013458 "INSERT INTO t1 VALUES (1,'r',9,0,1),(2,'a',0,0,6)", length=49, parser_state=0x7f2c503ab550, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:7958
 
#23 0x000055b351273087 in dispatch_command (command=COM_QUERY, thd=0x7f2c00000d90, packet=0x7f2c000087b1 "INSERT INTO t1 VALUES (1,'r',9,0,1),(2,'a',0,0,6)", packet_length=49, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1855
 
#24 0x000055b3512718ef in do_command (thd=0x7f2c00000d90) at /data/src/10.4/sql/sql_parse.cc:1373
 
#25 0x000055b351400bd9 in do_handle_one_connection (connect=0x55b3549b4c50) at /data/src/10.4/sql/sql_connect.cc:1412
 
#26 0x000055b351400922 in handle_one_connection (arg=0x55b3549b4c50) at /data/src/10.4/sql/sql_connect.cc:1316
 
#27 0x000055b351e21814 in pfs_spawn_thread (arg=0x55b3549a7300) at /data/src/10.4/storage/perfschema/pfs.cc:1869
 
#28 0x00007f2c57a67609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#29 0x00007f2c572d2293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

10.4 a131b976 non-debug ASAN

 
==541301==ERROR: AddressSanitizer: use-after-poison on address 0x6190000f64fe at pc 0x7f7e6a8dc480 bp 0x7f7e53a78080 sp 0x7f7e53a77828
 
READ of size 15 at 0x6190000f64fe thread T27
 
    #0 0x7f7e6a8dc47f  (/lib/x86_64-linux-gnu/libasan.so.5+0x9b47f)
 
    #1 0x55f5dc0dbbb6 in ut_memcpy /data/src/10.4/storage/innobase/include/ut0mem.ic:40
 
    #2 0x55f5dc0dbbb6 in rec_copy /data/src/10.4/storage/innobase/include/rem0rec.ic:1324
 
    #3 0x55f5dc0dbbb6 in page_cur_insert_rec_low(unsigned char*, dict_index_t*, unsigned char const*, unsigned short*, mtr_t*) /data/src/10.4/storage/innobase/page/page0cur.cc:1365
 
    #4 0x55f5dc3aab1d in btr_cur_optimistic_insert(unsigned long, btr_cur_t*, unsigned short**, mem_block_info_t**, dtuple_t*, unsigned char**, big_rec_t**, unsigned long, que_thr_t*, mtr_t*) /data/src/10.4/storage/innobase/btr/btr0cur.cc:3581
 
    #5 0x55f5dc176862 in row_ins_sec_index_entry_low(unsigned long, unsigned long, dict_index_t*, mem_block_info_t*, mem_block_info_t*, dtuple_t*, unsigned long, que_thr_t*) /data/src/10.4/storage/innobase/row/row0ins.cc:3089
 
    #6 0x55f5dc179780 in row_ins_sec_index_entry(dict_index_t*, dtuple_t*, que_thr_t*, bool) /data/src/10.4/storage/innobase/row/row0ins.cc:3291
 
    #7 0x55f5dc1817fa in row_ins_index_entry /data/src/10.4/storage/innobase/row/row0ins.cc:3338
 
    #8 0x55f5dc1817fa in row_ins_index_entry_step /data/src/10.4/storage/innobase/row/row0ins.cc:3505
 
    #9 0x55f5dc1817fa in row_ins /data/src/10.4/storage/innobase/row/row0ins.cc:3664
 
    #10 0x55f5dc1817fa in row_ins_step(que_thr_t*) /data/src/10.4/storage/innobase/row/row0ins.cc:3810
 
    #11 0x55f5dc1b6e19 in row_insert_for_mysql(unsigned char const*, row_prebuilt_t*, ins_mode_t) /data/src/10.4/storage/innobase/row/row0mysql.cc:1422
 
    #12 0x55f5dbf3967d in ha_innobase::write_row(unsigned char const*) /data/src/10.4/storage/innobase/handler/ha_innodb.cc:8001
 
    #13 0x55f5db8fd242 in handler::ha_write_row(unsigned char const*) /data/src/10.4/sql/handler.cc:6753
 
    #14 0x55f5db0c00bc in write_record(THD*, TABLE*, st_copy_info*) /data/src/10.4/sql/sql_insert.cc:2058
 
    #15 0x55f5db0e84ab in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool) /data/src/10.4/sql/sql_insert.cc:1078
 
    #16 0x55f5db185e8d in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:4571
 
    #17 0x55f5db19f12f in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:7958
 
    #18 0x55f5db1a8051 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1855
 
    #19 0x55f5db1adb94 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1373
 
    #20 0x55f5db517a46 in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1412
 
    #21 0x55f5db517fce in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1316
 
    #22 0x55f5dc9832b8 in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1869
 
    #23 0x7f7e6a758608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477
 
    #24 0x7f7e69fc1292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
 
 
 
0x6190000f64fe is located 126 bytes inside of 1128-byte region [0x6190000f6480,0x6190000f68e8)
 
allocated by thread T27 here:
 
    #0 0x7f7e6a94ebc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
 
    #1 0x55f5dc0a4fd5 in mem_heap_create_block_func(mem_block_info_t*, unsigned long, unsigned long) /data/src/10.4/storage/innobase/mem/mem0mem.cc:277
 
    #2 0x55f5dc179527 in mem_heap_create_func /data/src/10.4/storage/innobase/include/mem0mem.ic:375
 
    #3 0x55f5dc179527 in row_ins_sec_index_entry(dict_index_t*, dtuple_t*, que_thr_t*, bool) /data/src/10.4/storage/innobase/row/row0ins.cc:3272
 
    #4 0x55f5dc1817fa in row_ins_index_entry /data/src/10.4/storage/innobase/row/row0ins.cc:3338
 
    #5 0x55f5dc1817fa in row_ins_index_entry_step /data/src/10.4/storage/innobase/row/row0ins.cc:3505
 
    #6 0x55f5dc1817fa in row_ins /data/src/10.4/storage/innobase/row/row0ins.cc:3664
 
    #7 0x55f5dc1817fa in row_ins_step(que_thr_t*) /data/src/10.4/storage/innobase/row/row0ins.cc:3810
 
    #8 0x55f5dc1b6e19 in row_insert_for_mysql(unsigned char const*, row_prebuilt_t*, ins_mode_t) /data/src/10.4/storage/innobase/row/row0mysql.cc:1422
 
    #9 0x55f5dbf3967d in ha_innobase::write_row(unsigned char const*) /data/src/10.4/storage/innobase/handler/ha_innodb.cc:8001
 
    #10 0x55f5db8fd242 in handler::ha_write_row(unsigned char const*) /data/src/10.4/sql/handler.cc:6753
 
    #11 0x55f5db0c00bc in write_record(THD*, TABLE*, st_copy_info*) /data/src/10.4/sql/sql_insert.cc:2058
 
    #12 0x55f5db0e84ab in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool) /data/src/10.4/sql/sql_insert.cc:1078
 
    #13 0x55f5db185e8d in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:4571
 
    #14 0x55f5db19f12f in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:7958
 
    #15 0x55f5db1a8051 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1855
 
    #16 0x55f5db1adb94 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1373
 
    #17 0x55f5db517a46 in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1412
 
    #18 0x55f5db517fce in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1316
 
    #19 0x55f5dc9832b8 in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1869
 
    #20 0x7f7e6a758608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477
 
 
 
Thread T27 created by T0 here:
 
    #0 0x7f7e6a87b805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
 
    #1 0x55f5dc98ae0e in spawn_thread_v1 /data/src/10.4/storage/perfschema/pfs.cc:1919
 
    #2 0x55f5daf0130e in inline_mysql_thread_create /data/src/10.4/include/mysql/psi/mysql_thread.h:1275
 
    #3 0x55f5daf0130e in create_thread_to_handle_connection(CONNECT*) /data/src/10.4/sql/mysqld.cc:6259
 
    #4 0x55f5daf0d762 in create_new_thread(CONNECT*) /data/src/10.4/sql/mysqld.cc:6329
 
    #5 0x55f5daf0dd82 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.4/sql/mysqld.cc:6427
 
    #6 0x55f5daf0ee9d in handle_connections_sockets() /data/src/10.4/sql/mysqld.cc:6585
 
    #7 0x55f5daf1090c in mysqld_main(int, char**) /data/src/10.4/sql/mysqld.cc:5917
 
    #8 0x7f7e69ec60b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
 
 
 
SUMMARY: AddressSanitizer: use-after-poison (/lib/x86_64-linux-gnu/libasan.so.5+0x9b47f) 
Shadow bytes around the buggy address:
 
  0x0c3280016c40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c3280016c50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c3280016c60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c3280016c70: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa
 
  0x0c3280016c80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 
=>0x0c3280016c90: 00 00 00 00 00 00 00 00 00 00 00 00 00 f7 00[06]
 
  0x0c3280016ca0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
 
  0x0c3280016cb0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
 
  0x0c3280016cc0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
 
  0x0c3280016cd0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
 
  0x0c3280016ce0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
 
Shadow byte legend (one shadow byte represents 8 application bytes):
 
  Addressable:           00
 
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
 
  Freed heap region:       fd
 
  Stack left redzone:      f1
 
  Stack mid redzone:       f2
 
  Stack right redzone:     f3
 
  Stack after return:      f5
 
  Stack use after scope:   f8
 
  Global redzone:          f9
 
  Global init order:       f6
 
  Poisoned by user:        f7
 
  Container overflow:      fc
 
  Array cookie:            ac
 
  Intra object redzone:    bb
 
  ASan internal:           fe
 
  Left alloca redzone:     ca
 
  Right alloca redzone:    cb
 
  Shadow gap:              cc
 
==541301==ABORTING

Non-debug non-ASAN build does not crash, but error messages are still there.

Reproducible on 10.4+.
Couldn't reproduce on 10.3.

 Comments   
Comment by Elena Stepanova [ 2022-01-07 ]

Doesn't seem to be reproducible on current 10.4 c18896f9 and higher versions.

Generated at Thu Feb 08 09:30:59 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.