Bug #48197 Concurrent rw_lock_free may cause assertion failure
Submitted: 21 Oct 2009 7:44 Modified: 14 Oct 2010 13:42
Reporter: Yasufumi Kinoshita Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: InnoDB storage engine Severity:S3 (Non-critical)
Version:5.0, 5.1, Plugin-1.0.4 OS:Any
Assigned to: Marko Mäkelä CPU Architecture:Any
Tags: Contribution

[21 Oct 2009 7:44] Yasufumi Kinoshita 
Description:
"lock->magic_n = 0" should not be done before the lock removed from the lock list.
The other rw_lock_free() may cause the assertion error about the magic_n.

How to repeat:
It may be rare case.

Suggested fix:
move "lock->magic_n = 0;" to after the removing from rw_lock_list like mutex_free() does.

--- innodb_plugin-1.0.4/sync/sync0rw.c     2009-05-26 22:28:49.000000000 +0900
+++ innodb_plugin-1.0.4/sync/sync0rw.c     2009-10-20 15:55:22.000000000 +0900
@@ -304,8 +304,6 @@
        ut_ad(rw_lock_validate(lock));
        ut_a(lock->lock_word == X_LOCK_DECR);

-       lock->magic_n = 0;
-
 #ifndef INNODB_RW_LOCKS_USE_ATOMICS
        mutex_free(rw_lock_get_mutex(lock));
 #endif /* INNODB_RW_LOCKS_USE_ATOMICS */
@@ -325,6 +323,8 @@
        UT_LIST_REMOVE(list, rw_lock_list, lock);

        mutex_exit(&rw_lock_list_mutex);
+
+       lock->magic_n = 0;
 }

 #ifdef UNIV_DEBUG
[22 Oct 2009 4:58] Yasufumi Kinoshita 
It is problem for all InnoDB.
[23 Oct 2009 11:27] MySQL Verification Team 
Thank you for the bug report.
[1 Jun 2010 13:44] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/109763
[1 Jun 2010 13:44] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/109764
[1 Jun 2010 13:58] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/109766
[1 Jun 2010 13:58] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/109767
[19 Jul 2010 14:37] Bugs System 
Pushed into 5.1.49 (revid:build@mysql.com-20100719143034-omcma40sblwmay3x) (version source revid:vasil.dimov@oracle.com-20100704071244-3lo4okzels3kvy1p) (merge vers: 5.1.49) (pib:16)
[20 Jul 2010 18:50] John Russell 
As this is a relatively minor internal code issue, it won't be listed in the public change log.
[23 Jul 2010 12:24] Bugs System 
Pushed into mysql-trunk 5.5.6-m3 (revid:alik@sun.com-20100723121820-jryu2fuw3pc53q9w) (version source revid:alik@sun.com-20100723121820-jryu2fuw3pc53q9w) (merge vers: 5.5.6-m3) (pib:18)
[23 Jul 2010 12:31] Bugs System 
Pushed into mysql-next-mr (revid:alik@sun.com-20100723121929-90e9zemk3jkr2ocy) (version source revid:alik@sun.com-20100723121827-3bsh51m5sj6g4oma) (pib:18)
[14 Oct 2010 8:29] Bugs System 
Pushed into mysql-5.1-telco-7.0 5.1.51-ndb-7.0.20 (revid:martin.skold@mysql.com-20101014082627-jrmy9xbfbtrebw3c) (version source revid:martin.skold@mysql.com-20101014082627-jrmy9xbfbtrebw3c) (merge vers: 5.1.51-ndb-7.0.20) (pib:21)
[14 Oct 2010 8:44] Bugs System 
Pushed into mysql-5.1-telco-6.3 5.1.51-ndb-6.3.39 (revid:martin.skold@mysql.com-20101014083757-5qo48b86d69zjvzj) (version source revid:martin.skold@mysql.com-20101014083757-5qo48b86d69zjvzj) (merge vers: 5.1.51-ndb-6.3.39) (pib:21)
[14 Oct 2010 8:59] Bugs System 
Pushed into mysql-5.1-telco-6.2 5.1.51-ndb-6.2.19 (revid:martin.skold@mysql.com-20101014084420-y54ecj85j5we27oa) (version source revid:martin.skold@mysql.com-20101014084420-y54ecj85j5we27oa) (merge vers: 5.1.51-ndb-6.2.19) (pib:21)
[14 Oct 2010 13:42] Jon Stephens 
No changelog entry required (see above). Set back to Closed state.