[MDEV-25506] Atomic DDL: .frm file is removed and orphan InnoDB tablespace is left behind upon crash recovery - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Blocker
Resolution: Fixed
Affects Version/s: N/A
Fix Version/s: 10.6.2
Component/s: Data Definition - Create Table, Storage Engine - InnoDB
Labels:
- rr-profile

Description

In the test run, a server crash was induced while CREATE TABLE IF NOT EXISTS tt11 AS SELECT ... was being executed.

After the crash, the original datadir contained both .frm and .ibd files:

$ ls -l workdirs/worker7/vardir1_65/data_orig/test/tt11*

-rw-rw---- 1 mdbe mdbe   462 Apr 24 14:17 workdirs/worker7/vardir1_65/data_orig/test/tt11.frm

-rw-rw---- 1 mdbe mdbe 65536 Apr 24 14:17 workdirs/worker7/vardir1_65/data_orig/test/tt11.ibd

Upon recovery on this datadir, InnoDB complains in the error log:

bb-10.6-monty 8a94dabc9 with trigger patch

2021-04-24 14:17:06 0 [ERROR] InnoDB: Table `test`.`tt11` does not exist in the InnoDB internal data dictionary though MariaDB is trying to drop it. Have you copied the .frm file of the table to the MariaDB database directory from another database? Please refer to https://mariadb.com/kb/en/innodb-troubleshooting/ for how to resolve the issue.

2021-04-24 14:17:06 0 [Note] DDL_LOG: Crash recovery executed 1 entries

After the recovery the .frm file is no longer there, but .ibd still is:

$ ls -l workdirs/worker7/vardir1_65/data/test/tt11*

-rw-rw---- 1 mdbe mdbe 65536 Apr 24 14:17 workdirs/worker7/vardir1_65/data/test/tt11.ibd

And the table cannot be either dropped or created:

MariaDB [test]> create table tt11 (a int);

ERROR 1813 (HY000): Tablespace for table '`test`.`tt11`' exists. Please DISCARD the tablespace before IMPORT

MariaDB [test]> drop table tt11;

ERROR 1051 (42S02): Unknown table 'test.tt11'

MariaDB [test]> create table tt11 (a int);

ERROR 1813 (HY000): Tablespace for table '`test`.`tt11`' exists. Please DISCARD the tablespace before IMPORT

The "before" and "after" datadirs, logs and rr profiles are available.

Attachments

Issue Links

blocks

MDEV-372 Table gets fatally corrupted if server crashes during ALTER TABLE, "table doesn't exist" is reported

Closed

MDEV-6642 Server crashed with assertion failure in file ha_innodb.cc line 8619

Closed

MDEV-25646 Atomic DDL: InnoDB: Datafile './test/<tablename>.ibd' is corrupted. Cannot determine the space ID from the first 64 pages

Closed

causes

MDEV-25902 Unexpected ER_LOCK_WAIT_TIMEOUT and result after timeout, assertion failure err != DB_DUPLICATE_KEY

Closed

MDEV-25919 InnoDB reports misleading lock wait timeout on DDL operations

Closed

MDEV-25936 Crash during DDL that involves FULLTEXT INDEX

Closed

MDEV-25950 InnoDB: Ignoring strange row from mysql.innodb_index_stats after valid DDL.

Closed

MDEV-26012 InnoDB purge and shutdown hangs after failed ALTER TABLE

Closed

MDEV-26041 Recovery failure due to delete-marked SYS_FIELDS record

Closed

MDEV-27017 Assertion failure 'table->get_ref_count() == 0' on DDL that involves FULLTEXT INDEX

Closed

MDEV-27234 InnoDB dictionary recovery wrongly uses READ UNCOMMITTED isolation level instead of READ COMMITTED

Closed

MDEV-27274 DROP TABLE after failed IMPORT TABLESPACE fails to delete files

Closed

MDEV-27973 SIGSEGV in ha_innobase::reset from THD::mark_tmp_table_as_free_for_reuse (opt builds) and handler::ha_reset (dbg builds) on TRUNCATE

Closed

MDEV-28079 Shutdown hangs after altering innodb partition fts table

Closed

MDEV-28240 InnoDB Temporary Tablespace (ibtmp1) is continuously growing

Closed

includes

MDEV-21602 CREATE TABLE…PRIMARY KEY…SELECT workaround causes DROP TABLE to ignore locks

Closed

is blocked by

MDEV-18518 Implement atomic multi-table (or multi-partition) CREATE TABLE for InnoDB

Closed

MDEV-25691 Simplify handlerton::drop_database for InnoDB

Closed

MDEV-25743 Unnecessary copying of table names in InnoDB dictionary operations

Closed

relates to

MDEV-22409 Draft: 1932: Table 'test.t1' doesn't exist in engine after crash recovery

Closed

MDEV-23484 Rollback unnecessarily acquires dict_operation_lock for every row

Closed

MDEV-23721 Assertion ‘node->table->is_temporary() || lock_table_has_locks(node->table)’ failed in row_undo_ins

Closed

MDEV-25850 CREATE FULLTEXT INDEX unnecessarily writes undo log

Stalled

MDEV-25852 Orphan #sql*.ibd files are occasionally left behind after killed ALTER TABLE

Closed

MDEV-25935 Misleading error message due to FOREIGN KEY on RENAME TABLE

Open

MDEV-26578 ERROR: AddressSanitizer: heap-use-after-free around dict_table_t::is_temporary_name

Closed

MDEV-26966 The parameter innodb_force_load_corrupted makes no sense

Closed

MDEV-30286 InnoDB: Failing assertion: sym_node->table != NULL

Closed

MDEV-31132 Deadlock between a DDL operation and a purge of InnoDB history

Closed

MDEV-32786 Support NBO for DROP TABLE in Galera

Open

MDEV-34789 Assertion `thd->mdl_context.is_lock_owner(MDL_key::TABLE, db.str, table_name.str, MDL_SHARED)' failed in mysql_rm_table_no_locks on DROP TABLE, including via scripts/mariadb-install-db

Closed

MDEV-35854 Clean up some DDL code around FOREIGN KEY constraints

Closed

MDEV-21175 Remove dict_table_t::n_foreign_key_checks_running from InnoDB

Closed

MDEV-24408 Crash-safe DROP DATABASE

Closed

MDEV-26127 Assertion `err != DB_DUPLICATE_KEY' failed or InnoDB: Failing assertion: id != 0 on ALTER ... REBUILD PARTITION

Closed

MDEV-29846 deadlock on dict_sys.mutex on database drop

Open

mentioned in: Page Loading...

(10 causes, 1 includes, 3 is blocked by, 17 relates to, 1 mentioned in)

Activity

Ascending order - Click to sort in descending order

View 13 older comments

Marko Mäkelä added a comment - 2021-05-18 14:21

I think that row_drop_table_for_mysql() must be replaced with a function that takes the table as a parameter. Perhaps already the caller should check that the table can actually be dropped. The metadata would be evicted and the table detached from other subsystems in a new member function

void trx_t::commit(std::vector<pfs_os_file_t> &deleted)

whose caller would invoke

for (auto d : deleted) os_file_close(d);

after releasing the dict_sys latches. Continuously holding exclusive latch on dict_sys will prevent the table from being used by any other thread until we have committed or rolled back. In this way, we should avoid any ‘rollback in the cache’ activity.

Marko Mäkelä added a comment - 2021-05-18 14:21 I think that row_drop_table_for_mysql() must be replaced with a function that takes the table as a parameter. Perhaps already the caller should check that the table can actually be dropped. The metadata would be evicted and the table detached from other subsystems in a new member function void trx_t::commit(std::vector<pfs_os_file_t> &deleted) whose caller would invoke for (auto d : deleted) os_file_close(d); after releasing the dict_sys latches. Continuously holding exclusive latch on dict_sys will prevent the table from being used by any other thread until we have committed or rolled back. In this way, we should avoid any ‘rollback in the cache’ activity.

Marko Mäkelä added a comment - 2021-05-20 14:39

The fix of the remaining part of file system and InnoDB inconsistency will need some more days.

Marko Mäkelä added a comment - 2021-05-20 14:39 The fix of the remaining part of file system and InnoDB inconsistency will need some more days.

Marko Mäkelä added a comment - 2021-05-29 08:42

I have now finished the bulk of the refactoring of DROP TABLE operations, also when they are part of other operations, such as DROP DATABASE, TRUNCATE TABLE, ALTER TABLE.

In the data dictionary cache, we will not modify anything before DROP TABLE is committed. The dict_table_t::to_be_dropped flag has been replaced by a flag in trx_t::mod_tables. This makes rollback trivial.
Before acquiring locks on any data dictionary tables, DDL operations will first acquire exclusive locks on the to-be-dropped tables and ensure that all other threads that would access the tables have ceased doing so. The dict_sys will be exclusively locked until transaction commit.
After writing the log record that marks the transaction committed, we will durably write a FILE_DELETE record and only then unlink the file.
Also the purge of a delete-mark of a SYS_INDEXES record may initiate the file deletion (which could compete with the DDL thread mentioned above). Purge is what will guarantee file removal in case the server is killed after the commit.
After the file has been unlinked, we will release latches and only then close the file handle, to have delete-on-close happen outside the critical section (~~MDEV-8069~~).

This mostly works now. Known problems include the following:

Persistent statistics are still not being deleted as part of the same transaction.
For the internal tables related to FULLTEXT indexes, purge will not (yet) acquire correct MDL (~~MDEV-16678~~). This causes a race condition between purge and a DROP of those tables. We need to acquire MDL for the main table, which should be guaranteed to exist in the dict_sys cache, identified by the table_id portion of the FTS_ table name.

Marko Mäkelä added a comment - 2021-05-29 08:42 I have now finished the bulk of the refactoring of DROP TABLE operations, also when they are part of other operations, such as DROP DATABASE , TRUNCATE TABLE , ALTER TABLE . In the data dictionary cache, we will not modify anything before DROP TABLE is committed. The dict_table_t::to_be_dropped flag has been replaced by a flag in trx_t::mod_tables . This makes rollback trivial. Before acquiring locks on any data dictionary tables, DDL operations will first acquire exclusive locks on the to-be-dropped tables and ensure that all other threads that would access the tables have ceased doing so. The dict_sys will be exclusively locked until transaction commit. After writing the log record that marks the transaction committed, we will durably write a FILE_DELETE record and only then unlink the file. Also the purge of a delete-mark of a SYS_INDEXES record may initiate the file deletion (which could compete with the DDL thread mentioned above). Purge is what will guarantee file removal in case the server is killed after the commit. After the file has been unlinked, we will release latches and only then close the file handle, to have delete-on-close happen outside the critical section ( MDEV-8069 ). This mostly works now. Known problems include the following: Persistent statistics are still not being deleted as part of the same transaction. For the internal tables related to FULLTEXT indexes, purge will not (yet) acquire correct MDL ( MDEV-16678 ). This causes a race condition between purge and a DROP of those tables. We need to acquire MDL for the main table, which should be guaranteed to exist in the dict_sys cache, identified by the table_id portion of the FTS_ table name.

Marko Mäkelä added a comment - 2021-06-03 15:18

As part of this change, I will also make the updates of InnoDB persistent statistics an atomic part of the DDL operation. That is, statistics will be dropped or renamed.

The background DROP TABLE queue will be removed, and ~~MDEV-21602~~ will essentially be fixed too.

Marko Mäkelä added a comment - 2021-06-03 15:18 As part of this change, I will also make the updates of InnoDB persistent statistics an atomic part of the DDL operation. That is, statistics will be dropped or renamed. The background DROP TABLE queue will be removed, and MDEV-21602 will essentially be fixed too.

Marko Mäkelä added a comment - 2021-06-09 15:20

With part 3 of the fix, InnoDB no longer deletes any .ibd files before the DDL transaction has been durably committed. If the server is killed before the commit, the transaction will be rolled back without any problems. Also the persistent statistics will be dropped or renamed as part of the DDL transaction.

If the server is killed between the durable commit and file deletion, the purge of history will remove the .ibd file after recovery.

Orphan files were also caused due to ~~MDEV-25852~~, but by far the bigger cause was the fact that DDL operations inside InnoDB were not executed in a single atomic transaction.

Marko Mäkelä added a comment - 2021-06-09 15:20 With part 3 of the fix , InnoDB no longer deletes any .ibd files before the DDL transaction has been durably committed. If the server is killed before the commit, the transaction will be rolled back without any problems. Also the persistent statistics will be dropped or renamed as part of the DDL transaction. If the server is killed between the durable commit and file deletion, the purge of history will remove the .ibd file after recovery. Orphan files were also caused due to MDEV-25852 , but by far the bigger cause was the fact that DDL operations inside InnoDB were not executed in a single atomic transaction.

People

Assignee:: Marko Mäkelä

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2021-04-24 16:14

Updated:: 2025-01-15 11:36

Resolved:: 2021-06-09 15:20

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server