• Marko Mäkelä's avatar
    MDEV-30009 InnoDB shutdown hangs when the change buffer is corrupted · 165564d3
    Marko Mäkelä authored
    The InnoDB change buffer (ibuf.index, stored in the system tablespace)
    and the change buffer bitmaps in persistent tablespaces could get out
    of sync with each other: According to the bitmap, no changes exist for
    a page, while there actually exist buffered entries in ibuf.index.
    
    InnoDB performs lazy deletion of buffered changes. When a secondary
    index leaf page is freed (possibly as part of DROP INDEX), any
    buffered changes will not be deleted. Instead, they would be deleted
    on a subsequent buf_page_create_low().
    
    One scenario where InnoDB failed to delete buffered changes is
    as follows:
    1. Some changes were buffered for a secondary index leaf page.
    2. The index page had been freed.
    3. ibuf_read_merge_pages() invoked ibuf_merge_or_delete_for_page(),
    which noticed that the page had been freed, and reset the change buffer
    bits, but did not delete the records from ibuf.index.
    4. The index page was reallocated for something else.
    5. The index page was removed from the buffer pool.
    6. Some changes were buffered for the newly created page.
    7. Finally, the buffered changes from both 1. and 6. were merged.
    8. The index is corrupted.
    
    An alternative outcome is:
    4. Shutdown with innodb_fast_shutdown=0 gets into an infinite loop.
    
    An alternative scenario is:
    3. ibuf_set_bitmap_for_bulk_load() reset the IBUF_BITMAP_BUFFERED bit
    but did not delete the ibuf.index records for that page number.
    
    The shutdown hang was already once fixed in
    commit d7a24017, refactored for
    10.5 in commit 77e8a311 and
    disabled in commit 310dff5d
    due to corruption.
    
    We will fix this as follows:
    
    ibuf_delete_recs(): Delete all ibuf.index entries for the specified page.
    
    ibuf_merge_or_delete_for_page(): When the change buffer bitmap bits
    were set and the page had been freed, and the page does not belong
    to ibuf.index itself, invoke ibuf_delete_recs(). This prevents the
    corruption from occurring when a DML operation is allocating a
    previously freed page for which changes had been buffered.
    
    ibuf_set_bitmap_for_bulk_load(): When the change buffer bitmap bits
    were set, invoke ibuf_delete_recs(). This prevents the corruption
    from occurring when CREATE INDEX is reusing a previously freed page.
    
    ibuf_read_merge_pages(): On slow shutdown, remove the orphan records
    by invoking ibuf_delete_recs(). This fixes the hang when the change
    buffer had become corrupted. We also remove the dops[] accounting,
    because nothing can monitor it during shutdown. We invoke
    ibuf_delete_recs() if:
    (a) buf_page_get_gen() failed to load the page or merge changes
    (b) the page is not a valid index leaf page
    (c) the page number is out of tablespace bounds
    
    srv_shutdown(): Invoke ibuf_max_size_update(0) to ensure that
    the race condition that motivated us to disable the code in
    ibuf_read_merge_pages() in commit 310dff5d
    is no longer possible. That is, during slow shutdown, both the
    rollback of transactions and the purge of history will return
    early from ibuf_insert_low().
    
    ibuf_merge_space(), ibuf_delete_for_discarded_space(): Cleanup:
    Do not allocate a memory heap.
    
    This was implemented by Thirunarayanan Balathandayuthapani
    and tested with innodb_change_buffering_debug=1 by Matthias Leich.
    165564d3
srv0srv.cc 62.5 KB