Bug #45548 XA transaction without access to InnoDB tables crashes the server
Submitted: 17 Jun 2009 5:59 Modified: 22 Jul 2009 23:56
Reporter: Yuan WANG Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: General Severity:S1 (Critical)
Version:5.1.35, 5.4 bzr OS:Linux
Assigned to: Davi Arnaut
Tags: regression, xa
Triage: Triaged: D1 (Critical)

[17 Jun 2009 5:59] Yuan WANG
Description:
If a XA transtion ends without access to InnoDB tables, it will leave the server into invalid state. Then if you start another XA transaction, the server will crash.

How to repeat:
Execute the following SQL:

mysql> xa start 'a'; xa end 'a'; xa prepare 'a'; xa commit 'a';
mysql> xa start 'a';

Or the following SQL:

mysql> create table test(a int) engine = myisam;
mysql> xa start 'a'; insert into test values(1); xa end 'a'; xa prepare 'a'; xa commit 'a';
mysql> xa start 'a';

The gdb stacktrace is as follows.

(gdb) bt
#0  0xb8000430 in __kernel_vsyscall ()
#1  0xb7e106d0 in raise () from /lib/tls/i686/cmov/libc.so.6
#2  0xb7e12098 in abort () from /lib/tls/i686/cmov/libc.so.6
#3  0xb7e095ce in __assert_fail () from /lib/tls/i686/cmov/libc.so.6
#4  0x082d9dc0 in mysql_execute_command (thd=0x9d39670) at sql_parse.cc:4675
#5  0x082db000 in mysql_parse (thd=0x9d39670, inBuf=0x9d86248 "xa start 'a'", 
    length=12, found_semicolon=0xaff6f084) at sql_parse.cc:5929
#6  0x082dbdc0 in dispatch_command (command=COM_QUERY, thd=0x9d39670, 
    packet=0x9d7e1e9 "xa start 'a'", packet_length=12) at sql_parse.cc:1216
#7  0x082dd226 in do_command (thd=0x9d39670) at sql_parse.cc:857
#8  0x082c8c5f in handle_one_connection (arg=0x9d39670) at sql_connect.cc:1115
#9  0xb7fda4ff in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#10 0xb7ec949e in clone () from /lib/tls/i686/cmov/libc.so.6
[17 Jun 2009 6:58] Sveta Smirnova
Thank you for the report.

Verified as described.

Version 5.0 is not affected.
[25 Jun 2009 15:25] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/77228

2978 Davi Arnaut	2009-06-25
      Bug#45548: XA transaction without access to InnoDB tables crashes the server
      
      The problem is that the one phase commit function failed to
      properly end a empty transaction. The solution is to ensure
      that the transaction cleanup procedure is invoked even for
      empty transactions.
     @ mysql-test/r/xa.result
        Add test case result for Bug#45548
     @ mysql-test/t/xa.test
        Add test case for Bug#45548
     @ sql/handler.cc
        Invoke transaction cleanup function whenever a transaction is ended.
[26 Jun 2009 15:19] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/77361

2980 Davi Arnaut	2009-06-25
      Bug#45548: XA transaction without access to InnoDB tables crashes the server
      
      The problem is that the one phase commit function failed to
      properly end a empty transaction. The solution is to ensure
      that the transaction cleanup procedure is invoked even for
      empty transactions.
     @ mysql-test/r/xa.result
        Add test case result for Bug#45548
     @ mysql-test/t/xa.test
        Add test case for Bug#45548
     @ sql/handler.cc
        Invoke transaction cleanup function whenever a transaction is ended.
[26 Jun 2009 15:24] Davi Arnaut
Queued to 5.1-bugteam
[8 Jul 2009 13:30] Bugs System
Pushed into 5.1.37 (revid:joro@sun.com-20090708131116-kyz8iotbum8w9yic) (version source revid:davi.arnaut@sun.com-20090625152523-d5k8ntkzlgwwuks1) (merge vers: 5.1.37) (pib:11)
[9 Jul 2009 7:37] Bugs System
Pushed into 5.1.37 (revid:joro@sun.com-20090708131116-kyz8iotbum8w9yic) (version source revid:davi.arnaut@sun.com-20090625152523-d5k8ntkzlgwwuks1) (merge vers: 5.1.37) (pib:11)
[10 Jul 2009 11:21] Bugs System
Pushed into 5.4.4-alpha (revid:anozdrin@bk-internal.mysql.com-20090710111017-bnh2cau84ug1hvei) (version source revid:davi.arnaut@sun.com-20090626154819-6nelwm6dxqkc3cds) (merge vers: 5.4.4-alpha) (pib:11)
[22 Jul 2009 23:56] Paul Dubois
Noted in 5.1.37, 5.4.4 changelog.

Performing an empty XA transaction caused the server to crash for the 
next XA transaction.
[12 Aug 2009 22:15] Paul Dubois
Noted in 5.4.2 changelog because next 5.4 version will be 5.4.2 and not 5.4.4.
[14 Aug 2009 23:06] Paul Dubois
Ignore previous comment about 5.4.2.
[26 Aug 2009 13:46] Bugs System
Pushed into 5.1.37-ndb-7.0.8 (revid:jonas@mysql.com-20090826132541-yablppc59e3yb54l) (version source revid:jonas@mysql.com-20090826132541-yablppc59e3yb54l) (merge vers: 5.1.37-ndb-7.0.8) (pib:11)
[26 Aug 2009 13:46] Bugs System
Pushed into 5.1.37-ndb-6.3.27 (revid:jonas@mysql.com-20090826105955-bkj027t47gfbamnc) (version source revid:jonas@mysql.com-20090826105955-bkj027t47gfbamnc) (merge vers: 5.1.37-ndb-6.3.27) (pib:11)
[26 Aug 2009 13:48] Bugs System
Pushed into 5.1.37-ndb-6.2.19 (revid:jonas@mysql.com-20090825194404-37rtosk049t9koc4) (version source revid:jonas@mysql.com-20090825194404-37rtosk049t9koc4) (merge vers: 5.1.37-ndb-6.2.19) (pib:11)
[27 Aug 2009 16:33] Bugs System
Pushed into 5.1.35-ndb-7.1.0 (revid:magnus.blaudd@sun.com-20090827163030-6o3kk6r2oua159hr) (version source revid:jonas@mysql.com-20090826132541-yablppc59e3yb54l) (merge vers: 5.1.37-ndb-7.0.8) (pib:11)
[7 Oct 2009 18:32] Paul Dubois
The 5.4 fix has been pushed to 5.4.2.