Bug#35037114 Server crash in old_index != nullptr at my_server_abort

Issue: When clearing AHI index from all pages of the buffer pool, the block state may change to BUF_BLOCK_MEMORY before acquiring the block mutex. In these cases the AHI index will be null, and we must skip this block and go to the next instead of trying to make it null using btr_search_set_block_not_cached function. Fix: Continue to next block after asserting that AHI index is null for blocks in other state (state other than BUF_BLOCK_FILE_PAGE and BUF_BLOCK_REMOVE_HASH). Background: As indicated by AHI index's documentation, index may be modified to nullptr if btr_search_enabled is false and block is held in private in BUF_BLOCK_REMOVE_HASH state in buf_LRU_free_page(). This is what has happended in this scenario. Change-Id: Ib0d07b1b1bf13c4cb8872bc06b97e95d86b74c40

Author: ram1048

mysql-test/suite/innodb/r/disable_ahi_other_blocks.result

@@ -0,0 +1,42 @@
+CREATE TABLE t1 (
+id INT PRIMARY KEY
+);
+INSERT INTO t1 (id) VALUES (1);
+INSERT INTO t1 (id) SELECT (SELECT MAX(id) FROM t1)+id FROM t1;
+INSERT INTO t1 (id) SELECT (SELECT MAX(id) FROM t1)+id FROM t1;
+INSERT INTO t1 (id) SELECT (SELECT MAX(id) FROM t1)+id FROM t1;
+INSERT INTO t1 (id) SELECT (SELECT MAX(id) FROM t1)+id FROM t1;
+CREATE TABLE t2 (
+id INT PRIMARY KEY,
+c1 CHAR(250) NOT NULL DEFAULT 'a',
+c2 CHAR(250) NOT NULL DEFAULT 'a',
+c3 CHAR(250) NOT NULL DEFAULT 'a',
+c4 CHAR(250) NOT NULL DEFAULT 'a',
+c5 CHAR(250) NOT NULL DEFAULT 'a',
+c6 CHAR(250) NOT NULL DEFAULT 'a',
+c7 CHAR(250) NOT NULL DEFAULT 'a',
+c8 CHAR(250) NOT NULL DEFAULT 'a',
+c9 CHAR(250) NOT NULL DEFAULT 'a'
+);
+INSERT INTO t2 (id) SELECT id FROM t1;
+# restart: --innodb_page_size=4k --innodb_buffer_pool_chunk_size=1048576 --innodb-buffer-pool-instances=1 --innodb-buffer-pool-size=6M
+# Populate the buffer pool with pages
+SELECT COUNT(*) FROM t2;
+COUNT(*)
+16
+# Connect now before updating the global system variable
+SET DEBUG_SYNC='buf_pool_clear_hash_index_will_process_block SIGNAL found_block WAIT_FOR process_block';
+SET GLOBAL DEBUG="+d,buf_pool_clear_hash_index_check_other_blocks";
+SET GLOBAL innodb_adaptive_hash_index=OFF;
+SET DEBUG_SYNC='now WAIT_FOR found_block';
+BEGIN;
+SELECT COUNT(*) FROM t2 FOR SHARE;
+COUNT(*)
+16
+# Wait for sometime to allow conn2 to bring new pages to the buffer pool
+SET DEBUG_SYNC='now SIGNAL process_block';
+COMMIT;
+SET GLOBAL DEBUG="-d,buf_pool_clear_hash_index_check_other_blocks";
+# restart:
+DROP TABLE t1;
+DROP TABLE t2;

mysql-test/suite/innodb/t/disable_ahi_other_blocks-master.opt

@@ -0,0 +1 @@
+--initialize --innodb_page_size=4k

mysql-test/suite/innodb/t/disable_ahi_other_blocks.test

@@ -0,0 +1,78 @@
+--source include/have_debug.inc
+--source include/have_debug_sync.inc
+
+CREATE TABLE t1 (
+ id INT PRIMARY KEY
+);
+INSERT INTO t1 (id) VALUES (1);
+
+--let $i=0
+--let $k=4
+while($i < $k){
+ INSERT INTO t1 (id) SELECT (SELECT MAX(id) FROM t1)+id FROM t1;
+ --inc $i
+}
+
+CREATE TABLE t2 (
+ id INT PRIMARY KEY,
+ c1 CHAR(250) NOT NULL DEFAULT 'a',
+ c2 CHAR(250) NOT NULL DEFAULT 'a',
+ c3 CHAR(250) NOT NULL DEFAULT 'a',
+ c4 CHAR(250) NOT NULL DEFAULT 'a',
+ c5 CHAR(250) NOT NULL DEFAULT 'a',
+ c6 CHAR(250) NOT NULL DEFAULT 'a',
+ c7 CHAR(250) NOT NULL DEFAULT 'a',
+ c8 CHAR(250) NOT NULL DEFAULT 'a',
+ c9 CHAR(250) NOT NULL DEFAULT 'a'
+);
+INSERT INTO t2 (id) SELECT id FROM t1;
+
+--let $restart_parameters=restart: --innodb_page_size=4k --innodb_buffer_pool_chunk_size=1048576 --innodb-buffer-pool-instances=1 --innodb-buffer-pool-size=6M
+--source include/restart_mysqld.inc
+
+--echo # Populate the buffer pool with pages
+SELECT COUNT(*) FROM t2;
+
+--echo # Connect now before updating the global system variable
+--connect (conn2,localhost,root,,)
+
+# This is required here because of the `global_system_variables`
+# object which is protected using `LOCK_global_system_variables`
+# mutex. Ongoing update of the global variable will hold the
+# mutex until completion - making the new sessions wait for it
+
+# The code paths where the mutex is acquired:
+# 1. A new session is started:
+# New session's THD::init (via plugin_thdvar_init) reads object
+# 2. A global variable is updated:
+# sys_var::update updates the object's members
+
+--connect (conn1,localhost,root,,)
+ SET DEBUG_SYNC='buf_pool_clear_hash_index_will_process_block SIGNAL found_block WAIT_FOR process_block';
+ SET GLOBAL DEBUG="+d,buf_pool_clear_hash_index_check_other_blocks";
+ --send SET GLOBAL innodb_adaptive_hash_index=OFF
+
+--connection conn2
+ SET DEBUG_SYNC='now WAIT_FOR found_block';
+ BEGIN;
+ SELECT COUNT(*) FROM t2 FOR SHARE;
+
+--connection default
+ --echo # Wait for sometime to allow conn2 to bring new pages to the buffer pool
+ --sleep 5
+ SET DEBUG_SYNC='now SIGNAL process_block';
+
+--connection conn1
+ --reap
+
+--connection conn2
+ COMMIT;
+
+--connection default
+SET GLOBAL DEBUG="-d,buf_pool_clear_hash_index_check_other_blocks";
+
+--let $restart_parameters=restart:
+--source include/restart_mysqld.inc
+
+DROP TABLE t1;
+DROP TABLE t2;

storage/innobase/buf/buf0buf.cc

@@ -2652,6 +2652,9 @@ void buf_pool_clear_hash_index(void) {
 
  DEBUG_SYNC_C("purge_wait_for_btr_search_latch");
 
+ bool pause_before_processing = DBUG_EVALUATE_IF(
+ "buf_pool_clear_hash_index_check_other_blocks", true, false);
+
  for (ulong p = 0; p < srv_buf_pool_instances; p++) {
  buf_pool_t *const buf_pool = buf_pool_from_array(p);
  buf_chunk_t *const chunks = buf_pool->chunks;
@@ -2673,6 +2676,13 @@ void buf_pool_clear_hash_index(void) {
  continue;
  }
 
+ /* Identify target block and sync with test */
+ if (pause_before_processing && block->page.old &&
+ !block->page.is_dirty()) {
+ DEBUG_SYNC_C("buf_pool_clear_hash_index_will_process_block");
+ pause_before_processing = false;
+ }
+
  /* This latch will prevent block state transitions. It is important for
  us to not change blocks that are kept in private in
  BUF_BLOCK_REMOVE_HASH state by some concurrently executed
@@ -2706,6 +2716,8 @@ void buf_pool_clear_hash_index(void) {
  /* No other state should have AHI */
  ut_ad(block->ahi.index == nullptr);
  ut_ad(block->ahi.n_pointers == 0);
+ /* Go to next block as AHI is already nullptr */
+ continue;
  }
 
 #if defined UNIV_AHI_DEBUG || defined UNIV_DEBUG
@@ -2718,6 +2730,13 @@ void buf_pool_clear_hash_index(void) {
  }
  }
  }
+
+ /* Main intent was to identify target block. Due to rare race conditions, such
+ block is not found. To prevent timeout, unblock in case target block is not
+ found */
+ if (pause_before_processing) {
+ DEBUG_SYNC_C("buf_pool_clear_hash_index_will_process_block");
+ }
 }
 
 /** Relocate a buffer control block. Relocates the block on the LRU list