MySQL Bugs: #41919: select_jcl6 fails with valgrind errors

Bug #41919	select_jcl6 fails with valgrind errors
Submitted:	7 Jan 2009 11:08	Modified:	22 Nov 2010 0:43
Reporter:	Georgi Kodinov	Email Updates:
Status:	Closed	Impact on me:	None
Category:	MySQL Server: Optimizer	Severity:	S3 (Non-critical)
Version:	6.0-bugteam	OS:	Linux
Assigned to:	Igor Babaev	CPU Architecture:	Any
Tags:	disabled, valgrind

Description:
select_jcl6 fails after merging the 6.0-main into 6.0-bugteam. There are few new tests that were merged from 5.x into this file that may have caused the failure.
Here's a dump of the valgrind reports:
==2070== Thread 15:
==2070== Invalid write of size 4
==2070==    at 0x6D5A2C: Field::fill_cache_field(st_cache_field*) (field.cc:1740)
==2070==    by 0x76F594: add_table_data_fields_to_join_cache(st_join_table*, st_bitmap*, unsigned int*, st_cac
he_field**, st_cache_field***) (sql_join_cache.cc:117)
==2070==    by 0x76F70C: JOIN_CACHE::create_remaining_fields(bool) (sql_join_cache.cc:347)
==2070==    by 0x76F839: JOIN_CACHE_BNL::init() (sql_join_cache.cc:486)
==2070==    by 0x79379D: check_join_cache_usage(st_join_table*, JOIN*, unsigned long long, unsigned int) (sql_
select.cc:9902)
==2070==    by 0x7BC815: make_join_readinfo(JOIN*, unsigned long long, unsigned int) (sql_select.cc:10112)
==2070==    by 0x7BEBEB: JOIN::optimize() (sql_select.cc:1918)
==2070==    by 0x7C20C5: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned i
nt, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select
_lex*) (sql_select.cc:3038)
==2070==    by 0x7C78FC: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:314)
==2070==    by 0x724DD5: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4747)
==2070==    by 0x7267C6: mysql_execute_command(THD*) (sql_parse.cc:2062)
==2070==    by 0x72EACC: mysql_parse(THD*, char const*, unsigned int, char const**) (sql_parse.cc:5735)
==2070==    by 0x72F680: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1007)
==2070==    by 0x730B2F: do_command(THD*) (sql_parse.cc:690)
==2070==    by 0x71DBAC: handle_one_connection (sql_connect.cc:1145)
==2070==    by 0x31230073D9: start_thread (in /lib64/libpthread-2.9.so)
==2070==  Address 0x60d71f0 is 0 bytes after a block of size 192 alloc'd
==2070==    at 0x4A0764E: malloc (vg_replace_malloc.c:207)
==2070==    by 0xD3581C: my_malloc (my_malloc.c:34)
==2070==    by 0xD4392D: alloc_root (my_alloc.c:158)
==2070==    by 0x6AD358: sql_alloc(unsigned long) (thr_malloc.cc:65)
==2070==    by 0x76F2A6: JOIN_CACHE::alloc_fields(unsigned int) (sql_join_cache.cc:211)
==2070==    by 0x76F802: JOIN_CACHE_BNL::init() (sql_join_cache.cc:481)
==2070==    by 0x79379D: check_join_cache_usage(st_join_table*, JOIN*, unsigned long long, unsigned int) (sql_
select.cc:9902)
==2070==    by 0x7BC815: make_join_readinfo(JOIN*, unsigned long long, unsigned int) (sql_select.cc:10112)
==2070==    by 0x7BEBEB: JOIN::optimize() (sql_select.cc:1918)
==2070==    by 0x7C20C5: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned i
nt, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select
_lex*) (sql_select.cc:3038)
==2070==    by 0x7C78FC: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:314)
==2070==    by 0x724DD5: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4747)
==2070==    by 0x7267C6: mysql_execute_command(THD*) (sql_parse.cc:2062)
==2070==    by 0x72EACC: mysql_parse(THD*, char const*, unsigned int, char const**) (sql_parse.cc:5735)
==2070==    by 0x72F680: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1007)
==2070==    by 0x730B2F: do_command(THD*) (sql_parse.cc:690)

==2070== Invalid write of size 8
==2070==    at 0x6D5A37: Field::fill_cache_field(st_cache_field*) (field.cc:1741)
==2070==    by 0x76F594: add_table_data_fields_to_join_cache(st_join_table*, st_bitmap*, unsigned int*, st_cac
he_field**, st_cache_field***) (sql_join_cache.cc:117)
==2070==    by 0x76F70C: JOIN_CACHE::create_remaining_fields(bool) (sql_join_cache.cc:347)
==2070==    by 0x76F839: JOIN_CACHE_BNL::init() (sql_join_cache.cc:486)
==2070==    by 0x79379D: check_join_cache_usage(st_join_table*, JOIN*, unsigned long long, unsigned int) (sql_
select.cc:9902)
==2070==    by 0x7BC815: make_join_readinfo(JOIN*, unsigned long long, unsigned int) (sql_select.cc:10112)
==2070==    by 0x7BEBEB: JOIN::optimize() (sql_select.cc:1918)
==2070==    by 0x7C20C5: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned i
nt, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select
_lex*) (sql_select.cc:3038)
==2070==    by 0x7C78FC: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:314)
==2070==    by 0x724DD5: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4747)
==2070==    by 0x7267C6: mysql_execute_command(THD*) (sql_parse.cc:2062)
==2070==    by 0x72EACC: mysql_parse(THD*, char const*, unsigned int, char const**) (sql_parse.cc:5735)
==2070==    by 0x72F680: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1007)
==2070==    by 0x730B2F: do_command(THD*) (sql_parse.cc:690)
==2070==    by 0x71DBAC: handle_one_connection (sql_connect.cc:1145)
==2070==    by 0x31230073D9: start_thread (in /lib64/libpthread-2.9.so)
==2070==  Address 0x60d71f8 is 8 bytes after a block of size 192 alloc'd
==2070==    at 0x4A0764E: malloc (vg_replace_malloc.c:207)
==2070==    by 0xD3581C: my_malloc (my_malloc.c:34)
==2070==    by 0xD4392D: alloc_root (my_alloc.c:158)
==2070==    by 0x6AD358: sql_alloc(unsigned long) (thr_malloc.cc:65)
==2070==    by 0x76F2A6: JOIN_CACHE::alloc_fields(unsigned int) (sql_join_cache.cc:211)
==2070==    by 0x76F802: JOIN_CACHE_BNL::init() (sql_join_cache.cc:481)
==2070==    by 0x79379D: check_join_cache_usage(st_join_table*, JOIN*, unsigned long long, unsigned int) (sql_
select.cc:9902)
==2070==    by 0x7BC815: make_join_readinfo(JOIN*, unsigned long long, unsigned int) (sql_select.cc:10112)
==2070==    by 0x7BEBEB: JOIN::optimize() (sql_select.cc:1918)
==2070==    by 0x7C20C5: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned i
nt, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select
_lex*) (sql_select.cc:3038)
==2070==    by 0x7C78FC: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:314)
==2070==    by 0x724DD5: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4747)
==2070==    by 0x7267C6: mysql_execute_command(THD*) (sql_parse.cc:2062)
==2070==    by 0x72EACC: mysql_parse(THD*, char const*, unsigned int, char const**) (sql_parse.cc:5735)
==2070==    by 0x72F680: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1007)
==2070==    by 0x730B2F: do_command(THD*) (sql_parse.cc:690)
==2070== 

...

How to repeat:
compile 6.0-bugteam with BUILD/compile-pentium-valgrind-max

and run : mysql-test-run.pl --valgrind select_jcl6

Suggested fix:
probably some overflow of the allocated space for the join cache.

For the record,  pushbuild failures do not seem to have anything to do with BKA - they all occur on the client (and they are very odd).

I can repeat the failure on x86 though

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/62913

2957 Igor Babaev	2009-01-09
      Fixed a memory allocation problem reported in bug #41919.
      The number of structures allocated for descriptors of record
      fields put into a join buffer was underestimated in the case
      when among these fields there were bit fields with 'uneven' bits
      stored together with null bits and, at the same time, there were
      no nullable fields.
      Added the restiction that no key whose component is a bit field
      with 'uneven' bits can be used as an embedded key in join buffer.

Pushed into 6.0.10-alpha (revid:joro@sun.com-20090119171328-2hemf2ndc1dxl0et) (version source revid:igor@mysql.com-20090110004533-70uf1n2cs70a4hhv) (merge vers: 6.0.10-alpha) (pib:6)

Noted in 6.0.10 changelog.

The optimizer underestimated the number of field descriptors for the 
join buffer in some cases.

Pushed into mysql-next-mr (revid:alik@sun.com-20100816062819-bluwgdq8q4xysmlg) (version source revid:alik@sun.com-20100816062612-enatdwnv809iw3s9) (pib:20)

Pushed into mysql-trunk 5.6.99-m5 (revid:alexander.nozdrin@oracle.com-20101113155825-czmva9kg4n31anmu) (version source revid:vasil.dimov@oracle.com-20100629074804-359l9m9gniauxr94) (merge vers: 5.6.99-m4) (pib:21)

Noted in 5.6.1 changelog.

Correction: No 5.6.1 changelog entry. Bug does not appear in any released 5.6.x version.