Bug #24089 Race condition in fil_flush_file_spaces()
Submitted: 8 Nov 2006 13:30 Modified: 18 Jun 2010 12:50
Reporter: Marko Mäkelä Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: InnoDB storage engine Severity:S1 (Critical)
Version:4.1, 5.0, 5.1 OS:Any (all)
Assigned to: Marko Mäkelä CPU Architecture:Any

[8 Nov 2006 13:30] Marko Mäkelä 
Description:
The fix of Bug #15653 (incorrectly noted as Bug #16582 in the MySQL 4.1 change log) introduced a race condition that will lead to a crash if a table is dropped while fil_flush_file_spaces() is executing.

How to repeat:
Set up a small buffer pool (innodb_buffer_pool_size=5M) and enable innodb_file_per_table.  Set up a workload that creates and drops tables and runs all sorts of inserts, updates and deletes.  Wait a couple of minutes or hours, depending on luck.

Suggested fix:
Read the space ids from the unflushed_spaces list to an array without releasing the mutex, and invoke fil_flush() on the ids from the array.
[11 Nov 2006 3:19] Paul DuBois 
Noted in 5.0.30 (not 5.0.29), 5.1.13 changelogs.

There was a race condition in the InnoDB fil_flush_file_spaces()
function.

Setting bug report back to NDI pending push into 4.1 tree.
[11 Dec 2006 4:27] Paul DuBois 
Noted in 4.1.23 changelog.
[5 May 2010 15:08] Bugs System 
Pushed into 5.1.47 (revid:joro@sun.com-20100505145753-ivlt4hclbrjy8eye) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[6 May 2010 2:31] Paul DuBois 
Push resulted from incorporation of InnoDB tree. No changes pertinent to this bug. Re-closing.
[28 May 2010 5:49] Bugs System 
Pushed into mysql-next-mr (revid:alik@sun.com-20100524190136-egaq7e8zgkwb9aqi) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (pib:16)
[28 May 2010 6:18] Bugs System 
Pushed into 6.0.14-alpha (revid:alik@sun.com-20100524190941-nuudpx60if25wsvx) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[28 May 2010 6:46] Bugs System 
Pushed into 5.5.5-m3 (revid:alik@sun.com-20100524185725-c8k5q7v60i5nix3t) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[29 May 2010 2:51] Paul DuBois 
Push resulted from incorporation of InnoDB tree. No changes pertinent to this bug.
Re-closing.
[17 Jun 2010 11:50] Bugs System 
Pushed into 5.1.47-ndb-7.0.16 (revid:martin.skold@mysql.com-20100617114014-bva0dy24yyd67697) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[17 Jun 2010 12:27] Bugs System 
Pushed into 5.1.47-ndb-6.2.19 (revid:martin.skold@mysql.com-20100617115448-idrbic6gbki37h1c) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[17 Jun 2010 13:15] Bugs System 
Pushed into 5.1.47-ndb-6.3.35 (revid:martin.skold@mysql.com-20100617114611-61aqbb52j752y116) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)