MySQL Bugs: #48480: crash in sp_lex_keeper::reset_lex_and_exec_core called by sp_instr

Bug #48480	crash in sp_lex_keeper::reset_lex_and_exec_core called by sp_instr_stmt::execute
Submitted:	2 Nov 2009 17:13	Modified:	8 Jan 2010 13:37
Reporter:	Matthias Leich	Email Updates:
Status:	Can't repeat	Impact on me:	None
Category:	MySQL Server: Locking	Severity:	S3 (Non-critical)
Version:	mysql-6.0-codebase-bugfixing, mysql-next-4284	OS:	Any
Assigned to:	Jon Olav Hauglid	CPU Architecture:	Any

Description:
The crash happens in sp_head.cc:2757 :
   if (m_lex->query_tables_own_last)
   {
     /*
      We've entered and left prelocking mode when executing statement
      stored in m_lex.
      m_lex->query_tables(->next_global)* list now has a 'tail' - a list
      of tables that are added for prelocking. (If this is the first
      execution, the 'tail' was added by open_tables(), otherwise we've
      attached it above in this function).
      Now we'll save the 'tail', and detach it.
     */  
   ....
therefore I took the category locking and not "Stored programs".

RQG test with 30 threads using the grammar WL5004_sql.yy

Result on mysql-6.0-codebase-bugfixing
revno: 3692 2009-10-31
--------------------------------------
Thread 1 (process 22804):
#0  pthread_kill () from /lib/libpthread.so.0
#1  my_write_core (sig=11) at stacktrace.c:309
#2  handle_segfault (sig=11) at mysqld.cc:2765
#3  <signal handler called>
#4  sp_lex_keeper::reset_lex_and_exec_core (this=0x2bba5d8, thd=0x28e5c68, nextp=0x7f9c51a7b7d8, open_tables=false, instr=0x2bba598) at sp_head.cc:2757
#5  sp_instr_stmt::execute (this=0x2bba598, thd=0x28e5c68, nextp=0x7f9c51a7b7d8) at sp_head.cc:2861
#6  sp_head::execute (this=0x2bb8910, thd=0x28e5c68) at sp_head.cc:1243
#7  sp_head::execute_trigger (this=0x2bb8910, thd=0x28e5c68, db_name=0x2855bf8, table_name=0x2855c08, grant_info=0x284e110) at sp_head.cc:1552
#8  Table_triggers_list::process_triggers (this=0x284e060, thd=0x28e5c68, event=TRG_EVENT_INSERT, time_type=TRG_ACTION_BEFORE, old_row_is_record1=true) at sql_trigger.cc:2016
#9  fill_record_n_invoke_before_triggers (thd=0x28e5c68, fields=@0x2cad6f8, values=@0x2cae4b0, ignore_errors=false, triggers=0x284e060, event=TRG_EVENT_INSERT) at sql_base.cc:7980
#10 mysql_insert (thd=0x28e5c68, table_list=0x2cade10, fields=@0x2cad6f8, values_list=@0x2cad740, update_fields=@0x2cad728, update_values=@0x2cad710, duplic=DUP_ERROR, ignore=false) at sql_insert.cc:787
#11 mysql_execute_command (thd=0x28e5c68) at sql_parse.cc:3267
#12 Prepared_statement::execute (this=0x28ff4a8, expanded_query=0x7f9c51a7d8a0, open_cursor=false) at sql_prepare.cc:3765
#13 Prepared_statement::execute_loop (this=0x28ff4a8, expanded_query=0x7f9c51a7d8a0, open_cursor=false, packet=0x0, packet_end=0x0) at sql_prepare.cc:3398
#14 mysql_sql_stmt_execute (thd=0x28e5c68) at sql_prepare.cc:2571
#15 mysql_execute_command (thd=0x28e5c68) at sql_parse.cc:2166
#16 mysql_parse (thd=0x28e5c68, inBuf=0x28f07f0 "EXECUTE st1", length=11, found_semicolon=0x7f9c51a7f8f8) at sql_parse.cc:5979
#17 dispatch_command (command=COM_QUERY, thd=0x28e5c68, packet=0x2959459 " EXECUTE st1 ", packet_length=13) at sql_parse.cc:1076
#18 do_command (thd=0x28e5c68) at sql_parse.cc:758
#19 handle_one_connection (arg=0x28e5c68) at sql_connect.cc:1164
#20 start_thread () from /lib/libpthread.so.0
#21 clone () from /lib/libc.so.6
#22 ?? ()

My environment:
- MySQL compiled from source with
  ./BUILD/compile-pentium64-debug-max
- Linux OpenSuSE 11.0 (64 Bit)
- Intel Core2Duo

How to repeat:
I will come up with a simplified testcase soon.

The grammar simplification failed I will restart it
somewhere in future.

This is still seen, in mysql-next-4284 backporting tree.

Core and binary:

http://mysql-systemqa.s3.amazonaws.com/var-bug48480.zip

source:

revision-id: kostja@sun.com-20091211122423-pac1pwe6q8nd08zg
date: 2009-12-11 15:24:23 +0300
build-date: 2009-12-15 13:39:13 +0200
revno: 3032
branch-nick: mysql-next-4284

Closing the bug as "Can't repeat" after discussion with Philip.
Likely a duplicate of Bug#48246.