Bug #27294 | crash with innodb_locks_unsafe_for_binlog=1 | ||
---|---|---|---|
Submitted: | 20 Mar 2007 14:58 | Modified: | 18 Dec 2009 20:26 |
Reporter: | Shane Bester (Platinum Quality Contributor) | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server: InnoDB storage engine | Severity: | S1 (Critical) |
Version: | 4.1-bk | OS: | Any (All) |
Assigned to: | Timothy Smith | CPU Architecture: | Any |
Tags: | crash, innodb, innodb_locks_unsafe_for_binlog, lock |
[20 Mar 2007 14:58]
Shane Bester
[20 Mar 2007 15:33]
Heikki Tuuri
Shane, is prebuilt->trx NULL? Heikki
[20 Mar 2007 15:47]
MySQL Verification Team
prebuilt value i can't get from debugger, but assembler shows garbage pointer being dereferenced. debug build didn't crash yet..
Attachment: some_5.0.38_debugger_output.txt (text/plain), 3.25 KiB.
[20 Mar 2007 15:51]
Heikki Tuuri
This is actually the 5.0 and 4.1 bug that I already found in http://bugs.mysql.com/bug.php?id=21322 but forgot to fix then!
[20 Mar 2007 15:59]
Heikki Tuuri
The fix is to add this code to the start of ::store_lock() also in 5.0 (and 4.1): ha_innodb.cc: " trx_t* trx; /* Note that trx in this function is NOT necessarily prebuilt->trx because we call update_thd() later, in ::external_lock()! Failure to understand this caused a serious memory corruption bug in 5.1.11. */ trx = check_trx_exists(ht, thd); " and use trx->isolation_level in subsequent code in ::store_lock(). Assigning this to Vasil. This bug should be fixed in 5.0. In 5.1 it has been fixed already. A fix in 4.1 might make sense, if MySQL AB wants to apply the fix there.
[20 Mar 2007 17:23]
Heikki Tuuri
Matthias, if you do not use the Embedded Server Library, then it is enough to edit ha_innodb.cc in /sql. You should add my code snippet to the start of ha_innobase::store_lock(), and replace the use of 'prebuilt->trx' by plain 'trx' in that function. There seems to be just 1 use of prebuilt->trx, if I looked carefully enough. Regards, Heikki
[20 Mar 2007 17:27]
Heikki Tuuri
Oops, in 5.0, the code should be: trx = check_trx_exists(thd);
[20 Mar 2007 17:37]
MySQL Verification Team
i confirm the patch in 5.0 stops this specific crash. just tested it twice, successfully.
[21 Mar 2007 7:54]
Matthias Albert
is this correct?
Attachment: mysql-5.0.37-patch.txt (text/plain), 1.53 KiB.
[21 Mar 2007 11:08]
Matthias Albert
Shane, and my patch is correct? (see my attachment 4 comments before). I will build a new mysql rpm with 5.0.37 for me, if the attached patch is correct. Regards, Matthias
[21 Mar 2007 14:03]
Heikki Tuuri
Matthias, your patch is otherwise correct, but you should make trx a local variable, not a parameter in the function call. Regards, Heikki
[12 Jul 2007 17:27]
Timothy Smith
Queued to 5.0-maint team tree
[19 Jul 2007 15:48]
Bugs System
Pushed into 5.1.21-beta
[19 Jul 2007 15:49]
Bugs System
Pushed into 5.0.48
[22 Jul 2007 18:15]
Paul DuBois
Noted in 5.0.48, 5.1.21 changelogs. INSERT INTO ... SELECT caused a crash if innodb_locks_unsafe_for_binlog was enabled.
[26 Jul 2007 18:01]
MySQL Verification Team
crash is not limited to only insert .. select. It can happen on most queries which modify table.
[7 Aug 2007 14:57]
Paul DuBois
Patch applies to 5.0 only. Removing 5.1.21 changelog entry.
[24 May 2008 13:28]
Domas Mituzas
the bug is still in 4.1
[1 Dec 2008 19:38]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/60323 2707 Timothy Smith 2008-12-01 Bug #27294: crash with innodb_locks_unsafe_for_binlog=1 Back-port 5.0 fix to 4.1. Fix Bug#27294 by using trx returned by check_trx_exists() instead of prebuilt->trx. This has been fixed in 5.1 in r782.
[1 Dec 2008 20:05]
Bugs System
Pushed into 4.1.26 (revid:timothy.smith@sun.com-20081201193704-n2cw456dybo8it9x) (version source revid:timothy.smith@sun.com-20081201193704-n2cw456dybo8it9x) (pib:5)
[1 Dec 2008 20:19]
Timothy Smith
A backport of the fix from MySQL 5.0 has been added to MySQL 4.1.25. (Despite what the comment from the bugs system says, it is fixed in 4.1.25, not 4.1.26.)
[1 Dec 2008 20:22]
Paul DuBois
Noted in 4.1.25 changelog.
[27 Jan 2009 6:50]
MySQL Verification Team
bug #22778 is a duplicate of this
[4 Nov 2009 9:16]
Bugs System
Pushed into 5.0.88 (revid:joro@sun.com-20091104091355-hpz6dwgkrfmokj3k) (version source revid:joro@sun.com-20091027131106-1w5i5wrb27oqewk2) (merge vers: 5.0.88) (pib:13)
[4 Nov 2009 9:26]
Bugs System
Pushed into 5.1.41 (revid:joro@sun.com-20091104092152-qz96bzlf2o1japwc) (version source revid:kristofer.pettersson@sun.com-20091103162305-08l4gkeuif2ozsoj) (merge vers: 5.1.41) (pib:13)
[4 Nov 2009 18:03]
Paul DuBois
Previous two pushes are null merges. Re-closing.
[11 Nov 2009 6:54]
Bugs System
Pushed into 6.0.14-alpha (revid:alik@sun.com-20091110093407-rw5g8dys2baqkt67) (version source revid:alik@sun.com-20091109080109-7dxapd5y5pxlu08w) (merge vers: 6.0.14-alpha) (pib:13)
[11 Nov 2009 7:02]
Bugs System
Pushed into 5.5.0-beta (revid:alik@sun.com-20091109115615-nuohp02h8mdrz8m2) (version source revid:alik@sun.com-20091105092041-sp6eyod7sdlfuj3b) (merge vers: 5.5.0-beta) (pib:13)
[12 Nov 2009 3:16]
Paul DuBois
Previous two pushes are null merges. Re-closing.
[18 Dec 2009 10:40]
Bugs System
Pushed into 5.1.41-ndb-7.1.0 (revid:jonas@mysql.com-20091218102229-64tk47xonu3dv6r6) (version source revid:jonas@mysql.com-20091218095730-26gwjidfsdw45dto) (merge vers: 5.1.41-ndb-7.1.0) (pib:15)
[18 Dec 2009 10:56]
Bugs System
Pushed into 5.1.41-ndb-6.2.19 (revid:jonas@mysql.com-20091218100224-vtzr0fahhsuhjsmt) (version source revid:jonas@mysql.com-20091217101452-qwzyaig50w74xmye) (merge vers: 5.1.41-ndb-6.2.19) (pib:15)
[18 Dec 2009 11:10]
Bugs System
Pushed into 5.1.41-ndb-6.3.31 (revid:jonas@mysql.com-20091218100616-75d9tek96o6ob6k0) (version source revid:jonas@mysql.com-20091217154335-290no45qdins5bwo) (merge vers: 5.1.41-ndb-6.3.31) (pib:15)
[18 Dec 2009 11:24]
Bugs System
Pushed into 5.1.41-ndb-7.0.11 (revid:jonas@mysql.com-20091218101303-ga32mrnr15jsa606) (version source revid:jonas@mysql.com-20091218064304-ezreonykd9f4kelk) (merge vers: 5.1.41-ndb-7.0.11) (pib:15)