Issue 8406 - LMDB: Assertion 'mc->mc_flags & C_INITIALIZED' with MDB_NEXT after mdb_cursor_del
Summary: LMDB: Assertion 'mc->mc_flags & C_INITIALIZED' with MDB_NEXT after mdb_cursor...
Status: UNCONFIRMED
Alias: None
Product: LMDB
Classification: Unclassified
Component: liblmdb (show other issues)
Version: unspecified
Hardware: All All
: --- normal
Target Milestone: ---
Assignee: OpenLDAP project
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-04-18 15:08 UTC by akyrtzi@gmail.com
Modified: 2020-03-12 15:56 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this issue.
Description akyrtzi@gmail.com 2016-04-18 15:08:44 UTC
Full_Name: Argyrios Kyrtzidis
Version: LMDB master
OS: OSX
URL: 
Submission from: (NULL) (2601:646:8900:3c89:b9af:5cb2:7292:8835)


With latest lmdb source (github mirror:
8fff90db7ed1e650395f39f9e8b22673aa74aa2b), there is an assertion hit when
deleting the cursor and then doing mdb_cursor_get(MDB_NEXT) and 'entering'
DUPSORT items.
To demonstrate see below diff which modifies mtest3.c. When run you see this:

mdb.c:6424: Assertion 'mc->mc_flags & C_INITIALIZED' failed in
mdb_cursor_next()

====
diff --git a/libraries/liblmdb/mtest3.c b/libraries/liblmdb/mtest3.c
dedex 73ee6e2..a9eb011 100644
--- a/libraries/liblmdb/mtest3.c
+++ b/libraries/liblmdb/mtest3.c
@@ -62,6 +62,19 @@ int main(int argc,char * argv[])
 	data.mv_size = sizeof(sval);
 	data.mv_data = sval;
 
+	memset(sval, sizeof(sval), 0);
+	memset(kval, sizeof(kval), 0);
+	kval[0] = 1;
+	mdb_put(txn, dbi, &key, &data, 0);
+	kval[0] = 2;
+	mdb_put(txn, dbi, &key, &data, 0);
+	sval[0] = 1;
+	mdb_put(txn, dbi, &key, &data, 0);
+	E(mdb_cursor_open(txn, dbi, &cursor));
+	E(mdb_cursor_get(cursor, &key, &data, MDB_NEXT));
+	E(mdb_cursor_del(cursor, 0));
+	E(mdb_cursor_get(cursor, &key, &data, MDB_NEXT)); // Assertion hit.
+
 	printf("Adding %d values\n", count);
 	for (i=0;i<count;i++) {
 		if (!(i & 0x0f))
Comment 1 Howard Chu 2016-04-18 15:19:43 UTC
akyrtzi@gmail.com wrote:
> Full_Name: Argyrios Kyrtzidis
> Version: LMDB master
> OS: OSX
> URL:
> Submission from: (NULL) (2601:646:8900:3c89:b9af:5cb2:7292:8835)
>
>
> With latest lmdb source (github mirror:
> 8fff90db7ed1e650395f39f9e8b22673aa74aa2b), there is an assertion hit when
> deleting the cursor and then doing mdb_cursor_get(MDB_NEXT) and 'entering'
> DUPSORT items.
> To demonstrate see below diff which modifies mtest3.c. When run you see this:

For reference, this bug was exposed by ITS#8321 
b5ce8108e8bb92df00b2d27ef0e37bfe756d3752

(But that is not the root cause.)

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Comment 2 Howard Chu 2016-04-18 17:10:37 UTC
hyc@symas.com wrote:
> akyrtzi@gmail.com wrote:
>> Full_Name: Argyrios Kyrtzidis
>> Version: LMDB master
>> OS: OSX
>> URL:
>> Submission from: (NULL) (2601:646:8900:3c89:b9af:5cb2:7292:8835)
>>
>>
>> With latest lmdb source (github mirror:
>> 8fff90db7ed1e650395f39f9e8b22673aa74aa2b), there is an assertion hit when
>> deleting the cursor and then doing mdb_cursor_get(MDB_NEXT) and 'entering'
>> DUPSORT items.
>> To demonstrate see below diff which modifies mtest3.c. When run you see this:
>
> For reference, this bug was exposed by ITS#8321
> b5ce8108e8bb92df00b2d27ef0e37bfe756d3752
>
> (But that is not the root cause.)
>
Fixed now in git mdb.master

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Comment 3 Howard Chu 2016-04-18 17:10:52 UTC
changed notes
changed state Open to Test
moved from Incoming to Software Bugs
Comment 4 Hallvard Furuseth 2016-10-18 00:26:53 UTC
[Copied from IRC chat]

The fix is wrong - this commit broke cursor tracking:
  37081325f7356587c5e6 "ITS#8406 fix xcursors after cursor_del"

Demo:
  mtest_rand -v -f700 -i3 -p0x1000 -r1276664687.3
It sets C_DEL on the wrong xcursor, one which is at
a different key than the deleted key.  Like this:
   put         key1, data1
   put[cursor] key2, data2
   del         key1, data1
Now [cursor].mx_cursor has C_DEL.

This also breaks - probably the same bug:
  mtest_rand -v -c7 -f326 -p0x800 -r2712746413

-- 
Hallvard

Comment 5 OpenLDAP project 2016-10-18 00:30:23 UTC
wrong fix in mdb.master, mdb.RE
Comment 6 Hallvard Furuseth 2016-10-18 00:30:23 UTC
changed notes
changed state Test to Open