Segementation fault in rollback #6140

EvgenyMekhanik · 2021-06-10T11:01:43Z

Reproducer:
os.execute("rm -rf *.snap *.xlog")

box.cfg {
memtx_use_mvcc_engine = true
}

s = box.schema.space.create('test', { engine = 'memtx' })
_ = s:create_index('primary')

txn_proxy = require('txn_proxy')
tx = txn_proxy:new()
tx:begin()
tx('s:replace{2}')
tx('s:select{}')
s:drop()
tx:rollback()

alyapunov · 2021-06-10T12:22:26Z

It's strange. I cannot get seg fault, but I see strange 'transaction rolled back during snapshot recovery'.

olegrok · 2021-06-10T12:39:09Z

Tarantool Enterprise 2.8.1-0-ge2a1ec0c2-r407-macos
type 'help' for interactive help
tarantool> 
---
...

tarantool> box.cfg {
         > memtx_use_mvcc_engine = true
         > }
2021-06-10 15:37:54.272 [89206] main/103/interactive C> Tarantool Enterprise 2.8.1-0-ge2a1ec0c2-r407-macos
2021-06-10 15:37:54.272 [89206] main/103/interactive C> log level 5
2021-06-10 15:37:54.272 [89206] main/103/interactive I> wal/engine cleanup is paused
2021-06-10 15:37:54.272 [89206] main/103/interactive I> mapping 268435456 bytes for memtx tuple arena...
2021-06-10 15:37:54.273 [89206] main/103/interactive I> Actual slab_alloc_factor calculated on the basis of desired slab_alloc_factor = 1.044274
2021-06-10 15:37:54.273 [89206] main/103/interactive I> mapping 134217728 bytes for vinyl tuple arena...
2021-06-10 15:37:54.273 [89206] main/103/interactive I> instance uuid 15226549-6808-419e-9263-92508a4df6e1
2021-06-10 15:37:54.274 [89206] main/103/interactive I> initializing an empty data directory
2021-06-10 15:37:54.282 [89206] main/103/interactive I> assigned id 1 to replica 15226549-6808-419e-9263-92508a4df6e1
2021-06-10 15:37:54.282 [89206] main/103/interactive I> cluster uuid 42120fad-5209-4714-b9a0-27346a21dc94
2021-06-10 15:37:54.282 [89206] snapshot/101/main I> saving snapshot `./00000000000000000000.snap.inprogress'
2021-06-10 15:37:54.283 [89206] snapshot/101/main I> done
2021-06-10 15:37:54.284 [89206] main/103/interactive I> ready to accept requests
2021-06-10 15:37:54.284 [89206] main/104/gc I> wal/engine cleanup is resumed
2021-06-10 15:37:54.284 [89206] main/103/interactive I> set 'log_level' configuration option to 5
2021-06-10 15:37:54.284 [89206] main/105/checkpoint_daemon I> scheduled next checkpoint for Thu Jun 10 17:23:17 2021
2021-06-10 15:37:54.284 [89206] main/103/interactive I> set 'log_format' configuration option to "plain"
---
...

tarantool> s = box.schema.space.create('test', { engine = 'memtx' })
---
...

tarantool> _ = s:create_index('primary')
---
...

tarantool> box.begin()
---
...

tarantool> s:replace{2}
---
- [2]
...

tarantool> s:select{}
---
- - [2]
...

tarantool> require('fiber').new(s.drop, s)
---
- status: suspended
  name: lua
  id: 118
...

tarantool> box.rollback()
Segmentation fault
  code: 0
  addr: 0x0
  context: 0xd9ffd18
  siginfo: 0xd9ffcb0
Current time: 1623328714
Please file a bug at http://github.com/tarantool/tarantool/issues
Attempting backtrace... Note: since the server has already crashed, 
this may fail as well
#0  0x10d688fd2 in crash_signal_cb+92
#1  0x7fff2055ed7d in _sigtramp+1d
#2  0x10d551401 in memtx_engine_rollback_statement+111
#3  0x10d5c88a7 in txn_complete_fail+87
#4  0x10d5ca434 in box_txn_rollback+184
#5  0x10d65134e in lbox_rollback+e
#6  0x10d6ba8d3 in lj_BC_FUNCC+44
#7  0x10d6c2438 in lua_pcall+a8
#8  0x10d675e33 in luaT_call+13
#9  0x10d66fdc9 in run_script_f+399
#10 0x10d5193bc in _ZL16fiber_cxx_invokePFiP13__va_list_tagES0_+c
#11 0x10d68ea53 in fiber_loop+43
#12 0x10dec90fb in coro_init+4b
[1]    89206 abort      tarantool

With MVCC a case may happen: TX1 does something with some space and yields. TX2 deletes the space and commits. TX1 rolls back. The problem was that TX1 does something with already deleted space. This commit fixes that. Closes: #6140

alyapunov · 2021-06-16T08:33:38Z

Actually it's not always a crash. A deleted space was used, that could lead to any result.
I also added TRASHing of spaces upon destruction, that made the behavior stable al least in DEBUG. BTW that make subject case to panic, not crash.

That's a good practice in general. In particular it makes test case from #6140 to be stable. Part of #6140

With MVCC a case may happen: TX1 does something with some space and yields. TX2 deletes the space and commits. TX1 rolls back. The problem was that TX1 does something with already deleted space. This commit fixes that. Closes: #6140

With MVCC a case may happen: TX1 does something with some space and yields. TX2 deletes the space and commits. TX1 rolls back. The problem was that TX1 does something with already deleted space. This commit fixes that. Part of #6140

Korablev77 · 2021-07-05T09:07:02Z

A few more buggy examples connected with rollback and schema changes:

tx1:begin()
tx1('s3:replace{2}')
tx1('s3:select{}')
tx2("s3:drop()")
tx1:commit()
tx2:rollback()
s3:select()
---
- error: 'No index #0 is defined in space ''test3'''

format = {{name = 'field1', type = 'unsigned'}}
tx1:begin()
tx1('s3:replace{2}')
tx1('s3:select{}')
s3:alter({format = format})
tx1:rollback()
s3:select()
- - [2]

That's a good practice in general. In particular it makes test case from #6140 to be stable. Part of #6140

With MVCC a case may happen: TX1 does something with some space and yields. TX2 deletes the space and commits. TX1 rolls back. The problem was that TX1 does something with already deleted space. This commit fixes that. Part of #6140

That's a good practice in general. In particular it makes test case from #6140 to be stable. Part of #6140

With MVCC a case may happen: TX1 does something with some space and yields. TX2 deletes the space and commits. TX1 rolls back. The problem was that TX1 does something with already deleted space. This commit fixes that. Part of #6140

That's a good practice in general. In particular it makes test case from #6140 to be stable. Part of #6140 (cherry picked from commit 15f5a2c)

With MVCC a case may happen: TX1 does something with some space and yields. TX2 deletes the space and commits. TX1 rolls back. The problem was that TX1 does something with already deleted space. This commit fixes that. Part of #6140 (cherry picked from commit 8620e61)

That's a good practice in general. In particular it makes test case from #6140 to be stable. Part of #6140 (cherry picked from commit 15f5a2c)

With MVCC a case may happen: TX1 does something with some space and yields. TX2 deletes the space and commits. TX1 rolls back. The problem was that TX1 does something with already deleted space. This commit fixes that. Part of #6140 (cherry picked from commit 8620e61)

Korablev77 · 2021-07-05T13:44:31Z

Hm it's strange that PR closed this issue even despite the fact that commit contains only "Part of" label...

To avoid sharing (ergo phantom reads) for different transaction in MVCC mode, let's do following things. Firstly, after modification of any shared objects (like space/user/function caches) disallow transaction to yield to prevent other transactions see that changes. Yield is permitted til the transaction is committed. Secondly, on committing transaction that provides DDL changes let's abort all other transaction since they may refer to obsolete schema. The last restriction may seem too strict, but it is OK as primitive workaround until transactional DDL is introduced. Closes #5998 Closes #6140 Workaround for #6138

To avoid sharing (ergo phantom reads) metadata object for different transactions in MVCC mode, let's do following things. Firstly, after modification of any shared objects (like space/user/function caches) disallow transaction to yield in order to prevent other transactions see that changes. Yield is permitted til the transaction is committed. In case yield occurs, transaction is aborted. Secondly, on committing transaction that provides DDL changes let's abort all other transaction since they may refer to obsolete schema objects. The last restriction may seem too strict, but it is OK as primitive workaround until transactional DDL is introduced. In fact we should only abort transactions that have read dirty (i.e. modified) objects. Closes #5998 Closes #6140 Workaround for #6138

To avoid sharing (ergo phantom reads) metadata object for different transactions in MVCC mode, let's do following things. Firstly, let's set on replace trigger on all system spaces (content's change in system space is considered to be DDL operation) which disables yields until transaction is committed. The only exceptions are index build and space format check: during these operations yields are allowed since they may take a while (so without yields they block execution). Actually it is not a problem 'cause these two operations must be first-in-transaction: as a result transaction can't contain two yielding statements. So after any cache modification no yields take place for sure. Secondly, on committing transaction that provides DDL changes let's abort all other transaction since they may refer to obsolete schema objects. The last restriction may seem too strict, but it is OK as primitive workaround until transactional DDL is introduced. In fact we should only abort transactions that have read dirty (i.e. modified) objects. Closes #5998 Closes #6140 Workaround for #6138

To avoid sharing (ergo phantom reads) metadata object for different transactions in MVCC mode, let's do following things. Firstly, let's set on replace trigger on all system spaces (content's change in system space is considered to be DDL operation) which disables yields until transaction is committed. The only exceptions are index build and space format check: during these operations yields are allowed since they may take a while (so without yields they block execution). Actually it is not a problem 'cause these two operations must be first-in-transaction: as a result transaction can't contain two yielding statements. So after any cache modification no yields take place for sure. Secondly, on committing transaction that provides DDL changes let's abort all other transaction since they may refer to obsolete schema objects. The last restriction may seem too strict, but it is OK as primitive workaround until transactional DDL is introduced. In fact we should only abort transactions that have read dirty (i.e. modified) objects. Closes #5998 Closes #6140 Workaround for #6138 (cherry picked from commit 8f4be32)

EvgenyMekhanik added the bug Something isn't working label Jun 10, 2021

EvgenyMekhanik assigned alyapunov Jun 10, 2021

kyukhin added crash teamC labels Jun 10, 2021

kyukhin added this to the 2.7.3 milestone Jun 10, 2021

alyapunov added the 2sp label Jun 10, 2021

alyapunov mentioned this issue Jun 16, 2021

txm: fix a crash in rollback when the space was deleted #6148

Merged

alyapunov added a commit that referenced this issue Jun 16, 2021

debug: trash memory before freeing a space

c18e41f

That's a good practice in general. In particular it makes test case from #6140 to be stable. Part of #6140

Korablev77 linked a pull request Jul 5, 2021 that will close this issue

txm: fix a crash in rollback when the space was deleted #6148

Merged

Korablev77 pushed a commit that referenced this issue Jul 5, 2021

debug: trash memory before freeing a space

f117025

That's a good practice in general. In particular it makes test case from #6140 to be stable. Part of #6140

Korablev77 closed this as completed in #6148 Jul 5, 2021

Korablev77 pushed a commit that referenced this issue Jul 5, 2021

debug: trash memory before freeing a space

15f5a2c

That's a good practice in general. In particular it makes test case from #6140 to be stable. Part of #6140

Korablev77 pushed a commit that referenced this issue Jul 5, 2021

debug: trash memory before freeing a space

678c9b6

That's a good practice in general. In particular it makes test case from #6140 to be stable. Part of #6140 (cherry picked from commit 15f5a2c)

Korablev77 pushed a commit that referenced this issue Jul 5, 2021

debug: trash memory before freeing a space

10e194e

That's a good practice in general. In particular it makes test case from #6140 to be stable. Part of #6140 (cherry picked from commit 15f5a2c)

alyapunov reopened this Jul 5, 2021

alyapunov added the mvcc label Jul 12, 2021

alyapunov assigned Korablev77 and unassigned alyapunov Jul 16, 2021

Korablev77 mentioned this issue Jul 19, 2021

txm: disallow yields after finishing alter operation #6228

Merged

locker mentioned this issue Jul 28, 2021

DDL lock #6264

Closed

Korablev77 closed this as completed in #6228 Aug 16, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Segementation fault in rollback #6140

Segementation fault in rollback #6140

EvgenyMekhanik commented Jun 10, 2021 •

edited

alyapunov commented Jun 10, 2021

olegrok commented Jun 10, 2021

alyapunov commented Jun 16, 2021

Korablev77 commented Jul 5, 2021

Korablev77 commented Jul 5, 2021

Segementation fault in rollback #6140

Segementation fault in rollback #6140

Comments

EvgenyMekhanik commented Jun 10, 2021 • edited

alyapunov commented Jun 10, 2021

olegrok commented Jun 10, 2021

alyapunov commented Jun 16, 2021

Korablev77 commented Jul 5, 2021

Korablev77 commented Jul 5, 2021

EvgenyMekhanik commented Jun 10, 2021 •

edited