Bug #24089 Race condition in fil_flush_file_spaces()
Submitted: 8 Nov 2006 14:30 Modified: 11 Dec 2006 5:27
Reporter: Marko Mäkelä
Status: Closed
Category:Server: InnoDB Severity:S1 (Critical)
Version:4.1, 5.0, 5.1 OS:Any (all)
Assigned to: Marko Mäkelä Target Version:

[8 Nov 2006 14:30] Marko Mäkelä 
Description:
The fix of Bug #15653 (incorrectly noted as Bug #16582 in the MySQL 4.1 change log)
introduced a race condition that will lead to a crash if a table is dropped while
fil_flush_file_spaces() is executing.

How to repeat:
Set up a small buffer pool (innodb_buffer_pool_size=5M) and enable innodb_file_per_table. 
Set up a workload that creates and drops tables and runs all sorts of inserts, updates and
deletes.  Wait a couple of minutes or hours, depending on luck.

Suggested fix:
Read the space ids from the unflushed_spaces list to an array without releasing the mutex,
and invoke fil_flush() on the ids from the array.
[11 Nov 2006 4:19] Paul DuBois 
Noted in 5.0.30 (not 5.0.29), 5.1.13 changelogs.

There was a race condition in the InnoDB fil_flush_file_spaces()
function.

Setting bug report back to NDI pending push into 4.1 tree.
[11 Dec 2006 5:27] Paul DuBois 
Noted in 4.1.23 changelog.