Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-31816

buf_LRU_free_page() does not preserve ROW_FORMAT=COMPRESSED block state

    XMLWordPrintable

Details

    Description

      mleich reproduced what looks like the bug MDEV-31386, in a branch where the fix is present:

      ssh pluto
      		 
      rr replay /data/results/1690818484/MDEV-31386-Rebirth/1/rr/latest-trace


      2023-07-31 17:25:55 0x70d307fff700  InnoDB: Assertion failure in file /data/Server/bb-11.2-MDEV-14795_1D/storage/innobase/handler/i_s.cc line 3842
      		 
      InnoDB: Failing assertion: page_type == i_s_page_type[page_type].type_value

      The block descriptor state had been last modified by buf_LRU_free_page(), which had discarded the uncompressed page frame of a ROW_FORMAT=COMPRESSED page. The block descriptor state at that point was buf_page_t::FREED, but it got lost due to an assignment that had better be an increment of the buffer-fix count:

      diff --git a/storage/innobase/buf/buf0lru.cc b/storage/innobase/buf/buf0lru.cc
      		 
      index 6cc4f1c3987..3ba31da2ffc 100644
      		 
      --- a/storage/innobase/buf/buf0lru.cc
      		 
      +++ b/storage/innobase/buf/buf0lru.cc
      		 
      @@ -851,7 +851,12 @@ bool buf_LRU_free_page(buf_page_t *bpage, bool zip)
      		 
       		mysql_mutex_lock(&buf_pool.flush_list_mutex);
      		 
       		new (b) buf_page_t(*bpage);
      		 
       		b->frame = nullptr;
      		 
      -		b->set_state(buf_page_t::UNFIXED + 1);
      		 
      +		{
      		 
      +			ut_d(uint32_t s=) b->fix();
      		 
      +			ut_ad(s == buf_page_t::FREED
      		 
      +			      || s == buf_page_t::UNFIXED
      		 
      +			      || s == buf_page_t::REINIT);
      		 
      +		}
      		 
       		break;
      		 
       	default:
      		 
       		if (zip || !bpage->zip.data || !bpage->frame) {

      For testing, I added a statement that would output of the value s (the state of the block descriptor before incrementing the buffer-fix count). All three values (FREED, UNFIXED, REINIT) were observed while executing the test innodb_zip.wl5522_zip.

      As far as I can tell, the main impact of this bug is that a crash like MDEV-31386 is possible when accessing the views INFORMATION_SCHEMA.INNODB_BUFFER_PAGE or INFORMATION_SCHEMA.INNODB_BUFFER_PAGE_LRU at an unfortunate moment. A minor performance impact is that there may be unnecessary writes (MDEV-15528) or doublewrites (MDEV-19738) of affected ROW_FORMAT=COMPRESSED pages.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-15528 Avoid writing freed InnoDB pages

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-19738 Doublewrite buffer is unnecessarily used for newly (re)initialized pages

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-27058 Buffer page descriptors are too large

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-31386 InnoDB: Failing assertion: page_type == i_s_page_type[page_type].type_value

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

          Activity

            People

              marko Marko Mäkelä
              marko Marko Mäkelä
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.