Summary

In __wt_update_obsolete_check, the GC pruning block (added for disaggregated ingest btrees) introduced a regression: the WT_UPDATE_PREPARE_ROLLBACK guard above it was left without resetting first = NULL before continue.

Root Cause

The loop in _wt_update_obsolete_check tracks first — the oldest update eligible to be freed. When a PREPARE_ROLLBACK tombstone is encountered, the loop must reset first = NULL to prevent _wt_free_obsolete_updates from sweeping past the tombstone and freeing it while it may still be live.

The original code (pre-GC pruning) had a single continue for this case, which was safe because no code set first before reaching that branch. After the GC pruning block was added below it, the PREPARE_ROLLBACK branch no longer resets first, allowing a previously-set first to survive the continue and cause __wt_free_obsolete_updates to free live updates.

Fix

if (F_ISSET(upd, WT_UPDATE_PREPARE_ROLLBACK)) {
    first = NULL;
    continue;
}

Discovered in

WT-17189 during review of the GC verify diagnostic feature.