Bug #96242 rec==NULL of lock_rec_restore_from_page_infimum causes assertion
Submitted: 18 Jul 2019 5:36 Modified: 22 Jul 2019 3:38
Reporter: Guangbao Ni Email Updates:
Status: Not a Bug Impact on me:
Category:MySQL Server: InnoDB storage engine Severity:S3 (Non-critical)
Version: OS:Any
Assigned to: CPU Architecture:Any

[18 Jul 2019 5:36] Guangbao Ni
when rec parameter is null, it will cause the segment fault when dereference it in lock_rec_restore_from_page_infimum. 

in ibuf_insert_to_index_page(), if some record can't insert successfully for a ibuf entry, then rec can be NULL, so if should check if the rec is null before calling lock_rec_store_on_page_infimum().

snippet of source codes:

                /* btr_cur_update_alloc_zip() may have changed this */
                rec = page_cur_get_rec(&page_cur);


                lock_rec_store_on_page_infimum(block, rec); // should check if rec is null before calling the function
                page_cur_delete_rec(&page_cur, index, offsets, mtr);

How to repeat:
[18 Jul 2019 10:04] Guangbao Ni
rec = ibuf_insert_to_index_page_low(entry, block, index,
                                &offsets, heap, mtr, 

       // ibuf_insert_to_index_page_low can return NULL, which mean rec can be NULL
       // So rec should check if it is NULL before the following lock_rec_restore_from_page_infimum()
        ut_ad(!cmp_dtuple_rec(entry, rec, offsets));
        lock_rec_restore_from_page_infimum(block, rec, block);
[18 Jul 2019 13:34] MySQL Verification Team
Hi Mr. Ni,

Thank you for your bug report.

However, this is not a bug. There are several macros and functions that are called by cmp_dtuple_rec() function that check for the NULLness of the `rec` pointer.

Yes, these are all debug assertions , so that we check each of our release heavily, with many tests , on whether this can be encountered in the production.

If you have a detailed scenario in which this could happen in production, then we would be happy to change one of those assertions from debug to non-debug assertions. But, it must be detailed scenario with a fully reproducible test case.
[19 Jul 2019 9:59] Guangbao Ni
Yes, we saw it in release version. 
Just as reported by https://bugs.mysql.com/bug.php?id=96240
[19 Jul 2019 12:44] MySQL Verification Team
Hello Mr. Ni,

This is just to inform you that bug # 96240 is totally unrelated to this one. Hence, please, be so kind and reply to the questions that we asked in our previous comment.
[22 Jul 2019 3:38] Guangbao Ni
It is related to bug # 96240. You can see that ibuf_insert_to_index_page_low
(the insert buffer entry to index page) can return NULL when inserting a entry fails, then the NULL as 2nd parameter passed into lock_rec_restore_from_page_infimum
() which cause the assertion.
[22 Jul 2019 11:58] MySQL Verification Team

Once again ......

We have a debug assert() at that point, which means that a production binary would crash if `rec` pointer is NULL.

However, as we test, very very thoroughly, all our binaries in debug mode as well, what we need from you is the exact scenario under which that pointer can be NULL. In short, we need a repeatable test case.