Description:
I encountered a segfault in row_search_for_mysql() when running RQG with the WL5004_sql grammar:
#0 0xb779f430 in __kernel_vsyscall ()
#1 0xb7778e93 in __pthread_kill (threadid=2840808304, signo=6)
at ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c:64
#2 0x086a7c7b in my_write_core (sig=6)
at /mysql/mysql-5.5-runtime-debugging_rqg/mysys/stacktrace.c:330
#3 0x08170c2a in handle_segfault (sig=6)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/mysqld.cc:2511
#4 <signal handler called>
#5 0xb779f430 in __kernel_vsyscall ()
#6 0xb74c64d1 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#7 0xb74c9932 in *__GI_abort () at abort.c:92
#8 0x08516342 in row_search_for_mysql (buf=0xa002fb0 "\377", mode=1, prebuilt=0xa2732a0,
match_mode=0, direction=0)
at /mysql/mysql-5.5-runtime-debugging_rqg/storage/innobase/row/row0sel.c:3684
#9 0x084ec689 in ha_innobase::index_read (this=0xa002e58, buf=0xa002fb0 "\377", key_ptr=0x0,
key_len=0, find_flag=HA_READ_AFTER_KEY)
at /mysql/mysql-5.5-runtime-debugging_rqg/storage/innobase/handler/ha_innodb.cc:5661
#10 0x084ed035 in ha_innobase::index_first (this=0xa002e58, buf=0xa002fb0 "\377")
at /mysql/mysql-5.5-runtime-debugging_rqg/storage/innobase/handler/ha_innodb.cc:5963
#11 0x0846a0ee in QUICK_GROUP_MIN_MAX_SELECT::next_prefix (this=0xa08b618)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/opt_range.cc:11088
#12 0x084699c1 in QUICK_GROUP_MIN_MAX_SELECT::get_next (this=0xa08b618)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/opt_range.cc:10823
#13 0x0847172a in rr_quick (info=0xa3de5a8)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/records.cc:335
#14 0x082588e2 in join_init_read_record (tab=0xa3de568)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/sql_select.cc:12417
#15 0x08256e30 in sub_select (join=0xa3dceb8, join_tab=0xa3de568, end_of_records=false)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/sql_select.cc:11686
#16 0x08256a15 in do_select (join=0xa3dceb8, fields=0xa3de01c, table=0x0, procedure=0x0)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/sql_select.cc:11452
#17 0x0824131b in JOIN::exec (this=0xa3dceb8)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/sql_select.cc:2396
#18 0x083f6bf6 in subselect_single_select_engine::exec (this=0xa213768)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/item_subselect.cc:1989
#19 0x083f16e1 in Item_subselect::exec (this=0xa2136d0)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/item_subselect.cc:288
#20 0x083f25b3 in Item_singlerow_subselect::val_int (this=0xa2136d0)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/item_subselect.cc:601
#21 0x0838b0b0 in Item::save_in_field (this=0xa2136d0, field=0xa211788, no_conversions=false)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/item.cc:5437
#22 0x08477fb2 in sp_eval_expr (thd=0xa6374a50, result_field=0xa211788, expr_item_ptr=0xa2137b0)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/sp_head.cc:405
#23 0x084846bb in sp_rcontext::set_return_value (this=0xa3f0c00, thd=0xa6374a50,
return_value_item=0xa2137b0)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/sp_rcontext.cc:166
#24 0x0847fa33 in sp_instr_freturn::exec_core (this=0xa213790, thd=0xa6374a50, nextp=0xa9532510)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/sp_head.cc:3453
#25 0x0847e77f in sp_lex_keeper::reset_lex_and_exec_core (this=0xa2137b8, thd=0xa6374a50,
nextp=0xa9532510, open_tables=true, instr=0xa213790)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/sp_head.cc:2957
#26 0x0847f9ef in sp_instr_freturn::execute (this=0xa213790, thd=0xa6374a50, nextp=0xa9532510)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/sp_head.cc:3431
#27 0x0847aa2d in sp_head::execute (this=0xa211948, thd=0xa6374a50, merge_da_on_success=true)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/sp_head.cc:1417
#28 0x0847bdc5 in sp_head::execute_function (this=0xa211948, thd=0xa6374a50, argp=0x0, argcount=0,
return_value_fld=0xa211788)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/sp_head.cc:1938
#29 0x083d63a0 in Item_func_sp::execute_impl (this=0xa2102d0, thd=0xa6374a50)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/item_func.cc:6369
#30 0x083d6190 in Item_func_sp::execute (this=0xa2102d0)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/item_func.cc:6298
#31 0x083d8e2f in Item_func_sp::val_int (this=0xa2102d0)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/item_func.h:1724
#32 0x0839d648 in Arg_comparator::compare_int_signed (this=0xa210d70)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/item_cmpfunc.cc:1471
#33 0x083aacbe in Arg_comparator::compare (this=0xa210d70)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/item_cmpfunc.h:88
#34 0x0839e87f in Item_func_eq::val_int (this=0xa210cf8)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/item_cmpfunc.cc:1958
#35 0x0837c8e4 in Item::val_bool (this=0xa210cf8)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/item.cc:199
#36 0x083a6e73 in Item_cond_and::val_int (this=0xa210ff0)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/item_cmpfunc.cc:4515
#37 0x0825688f in do_select (join=0xa3db270, fields=0xa6386cd0, table=0x0, procedure=0x0)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/sql_select.cc:11421
#38 0x0824131b in JOIN::exec (this=0xa3db270)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/sql_select.cc:2396
#39 0x08241a08 in mysql_select (thd=0xa6374a50, rref_pointer_array=0xa6386d34, tables=0xa20fd00,
wild_num=0, fields=..., conds=0xa210ff0, og_num=0, order=0x0, group=0x0, having=0x0,
proc_param=0x0, select_options=2416184064, result=0xa211638, unit=0xa6386804,
select_lex=0xa6386c3c)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/sql_select.cc:2598
#40 0x081f0cc0 in mysql_derived_filling (thd=0xa6374a50, lex=0xa6375eec, orig_table_list=0xa63854e0)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/sql_derived.cc:298
#41 0x081f05e7 in mysql_handle_derived (lex=0xa6375eec,
processor=0x81f0ad1 <mysql_derived_filling(THD*, LEX*, TABLE_LIST*)>)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/sql_derived.cc:60
#42 0x081c28de in open_and_lock_tables (thd=0xa6374a50, tables=0xa63854e0, derived=true, flags=0,
prelocking_strategy=0xa9532dac)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/sql_base.cc:5381
#43 0x081b67b9 in open_and_lock_tables (thd=0xa6374a50, tables=0xa63854e0, derived=true, flags=0)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/sql_base.h:475
#44 0x082115e0 in mysql_execute_command (thd=0xa6374a50)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/sql_parse.cc:2879
#45 0x08219126 in mysql_parse (thd=0xa6374a50,
rawbuf=0xa63852d0 "INSERT INTO testdb_S . t1_view1_N ( `col_int` , `col_int_key` , `pk` ) SELECT `col_int` , `col_int_key` , `pk` FROM testdb_S . t1_base1_S AS A WHERE `pk` BETWEEN 2 AND 2 + 1 LIMIT 1", length=189, parser_state=0xa9533b90)
at /mysql/mysql-5.5-runtime-debugging_rqg/sql/sql_parse.cc:5528
----------------------------------------
(gdb) f 8
#8 0x08516342 in row_search_for_mysql (buf=0xa002fb0 "\377", mode=1, prebuilt=0xa2732a0,
match_mode=0, direction=0)
at /mysql/mysql-5.5-runtime-debugging_rqg/storage/innobase/row/row0sel.c:3684
3684 ut_ad(prebuilt->sql_stat_start || trx->conc_state == TRX_ACTIVE);
(gdb) l
3679 if (trx->has_search_latch) {
3680 rw_lock_s_unlock(&btr_search_latch);
3681 trx->has_search_latch = FALSE;
3682 }
3683
3684 ut_ad(prebuilt->sql_stat_start || trx->conc_state == TRX_ACTIVE);
3685 ut_ad(trx->conc_state == TRX_NOT_STARTED
3686 || trx->conc_state == TRX_ACTIVE);
3687 ut_ad(prebuilt->sql_stat_start
3688 || prebuilt->select_lock_type != LOCK_NONE
(gdb) p prebuilt->sql_stat_start
$1 = 0
(gdb) p trx->conc_state
$2 = 0
How to repeat:
Run random query generator with the WL5004_sql.yy grammar found in the RQG repository. The segfault hit me after about a week of testing, so likelihood is pretty low.
At the moment, I have no reproducible test case other than running the RQG tests.