Bug #16620 Valgrind errors in sp* tests
Submitted: 18 Jan 2006 22:04 Modified: 7 Feb 2006 13:59
Reporter: Guilhem Bichot Email Updates:
Status: Duplicate Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:5.0-bk OS:Linux (linux)
Assigned to: Assigned Account CPU Architecture:Any

[18 Jan 2006 22:04] Guilhem Bichot 
Description:
linux FC4 x86_64, valgrind 3.0.1. Seeing a crash of glibc in sp-threads:
./mysql-test-run --skip-ndb --start-from=ps:
*** glibc detected *** /m/mysql-5.0-van/sql/mysqld: realloc(): invalid next size: 0x0000000001677800 ***
======= Backtrace: =========
/lib64/libc.so.6[0x31ffa6c8b0]
/lib64/libc.so.6(__libc_realloc+0x129)[0x31ffa6d399]
/m/mysql-5.0-van/sql/mysqld(my_realloc+0xb7)[0x87a067]
/m/mysql-5.0-van/sql/mysqld(_ZN6String7reallocEj+0x33)[0x575e13]
/m/mysql-5.0-van/sql/mysqld(_ZN22sp_instr_set_case_expr5printEP6String+0x4d)[0x6b908f]
/m/mysql-5.0-van/sql/mysqld(_ZN7sp_head6createEP3THD+0xf1)[0x6bd6d9]
/m/mysql-5.0-van/sql/mysqld(_Z21mysql_execute_commandP3THD+0x3dc2)[0x5932d4]
/m/mysql-5.0-van/sql/mysqld(_Z11mysql_parseP3THDPcj+0x134)[0x5954de]
/m/mysql-5.0-van/sql/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcj+0x661)[0x595c2f]
/m/mysql-5.0-van/sql/mysqld(_Z10do_commandP3THD+0x1e7)[0x596d45]
/m/mysql-5.0-van/sql/mysqld(handle_one_connection+0xb8d)[0x597985]
/lib64/libpthread.so.0[0x320070697c]
/lib64/libc.so.6(__clone+0x6e)[0x31ffac9c2e]
I run some tests in Valgrind:
./mysql-test-run --valgrind --skip-ndb sp-big sp-code sp-destruct sp-dynamic sp-error sp-prelocking sp-security sp-threads sp-vars
Tests pass but var/log/master.err shows errors:
1) for sp-big:
==5931== Thread 10:
==5931== Syscall param write(buf) points to uninitialised byte(s)
==5931==    at 0x122E015B: (within /lib64/libpthread-2.3.5.so)
==5931==    by 0x873A4A: my_write (my_write.c:35)
==5931==    by 0x878D31: my_b_flush_io_cache (mf_iocache.c:1163)
==5931==    by 0x5F61A3: MYSQL_LOG::flush_and_sync() (log.cc:1554)
==5931==    by 0x5FAF02: MYSQL_LOG::write(Log_event*) (log.cc:1737)
==5931==    by 0x5E74EC: mysql_insert(THD*, st_table_list*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_
duplicates, bool) (sql_insert.cc:568)
==5931==    by 0x5911D6: mysql_execute_command(THD*) (sql_parse.cc:3277)
==5931==    by 0x6B8A76: sp_instr_stmt::exec_core(THD*, unsigned*) (sp_head.cc:2281)
==5931==    by 0x6B938B: sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned*, bool, sp_instr*) (sp_head.cc:2160)
==5931==    by 0x6BE794: sp_instr_stmt::execute(THD*, unsigned*) (sp_head.cc:2234)
==5931==    by 0x6BC27F: sp_head::execute(THD*) (sp_head.cc:1042)
==5931==    by 0x6BCA6F: sp_head::execute_procedure(THD*, List<Item>*) (sp_head.cc:1482)
==5931==    by 0x5936FB: mysql_execute_command(THD*) (sql_parse.cc:4323)
==5931==    by 0x5954DD: mysql_parse(THD*, char*, unsigned) (sql_parse.cc:5630)
==5931==    by 0x595C2E: dispatch_command(enum_server_command, THD*, char*, unsigned) (sql_parse.cc:1719)
==5931==    by 0x596D44: do_command(THD*) (sql_parse.cc:1515)
==5931==  Address 0x170CE7C8 is 112 bytes inside a block of size 8192 alloc'd
==5931==    at 0x11B1FE96: malloc (vg_replace_malloc.c:149)
==5931==    by 0x879DB2: my_malloc (my_malloc.c:35)
==5931==    by 0x8779DD: init_io_cache (mf_iocache.c:215)
==5931==    by 0x5F954D: MYSQL_LOG::open(char const*, enum_log_type, char const*, cache_type, bool, unsigned long, bool) (lo
g.cc:548)
==5931==    by 0x579099: init_server_components() (mysqld.cc:3097)
==5931==    by 0x57CD23: main (mysqld.cc:3385)
2) for sp-vars:
==5931== Invalid write of size 1
==5931==    at 0x896583: int10_to_str (int2str.c:159)
==5931==    by 0x576500: String::qs_append(unsigned) (sql_string.cc:697)
==5931==    by 0x6B906A: sp_instr_set_case_expr::print(String*) (sp_head.cc:3072)
==5931==    by 0x6BD6D8: sp_head::create(THD*) (sp_head.cc:601)
==5931==    by 0x5932D3: mysql_execute_command(THD*) (sql_parse.cc:4162)
==5931==    by 0x5954DD: mysql_parse(THD*, char*, unsigned) (sql_parse.cc:5630)
==5931==    by 0x595C2E: dispatch_command(enum_server_command, THD*, char*, unsigned) (sql_parse.cc:1719)
==5931==    by 0x596D44: do_command(THD*) (sql_parse.cc:1515)
==5931==    by 0x597984: handle_one_connection (sql_parse.cc:1158)
==5931==    by 0x122DB97B: start_thread (in /lib64/libpthread-2.3.5.so)
==5931==    by 0x12884C2D: clone (in /lib64/libc-2.3.5.so)
==5931==  Address 0x13EA4B88 is 0 bytes after a block of size 216 alloc'd
==5931==    at 0x11B212F2: realloc (vg_replace_malloc.c:306)
==5931==    by 0x87A066: my_realloc (my_realloc.c:52)
==5931==    by 0x575E12: String::realloc(unsigned) (sql_string.cc:75)
==5931==    by 0x6BAEE7: sp_instr_stmt::print(String*) (sql_string.h:274)
==5931==    by 0x6BD6D8: sp_head::create(THD*) (sp_head.cc:601)
==5931==    by 0x5932D3: mysql_execute_command(THD*) (sql_parse.cc:4162)
==5931==    by 0x5954DD: mysql_parse(THD*, char*, unsigned) (sql_parse.cc:5630)
==5931==    by 0x595C2E: dispatch_command(enum_server_command, THD*, char*, unsigned) (sql_parse.cc:1719)
==5931==    by 0x596D44: do_command(THD*) (sql_parse.cc:1515)
==5931==    by 0x597984: handle_one_connection (sql_parse.cc:1158)
==5931==    by 0x122DB97B: start_thread (in /lib64/libpthread-2.3.5.so)
==5931==    by 0x12884C2D: clone (in /lib64/libc-2.3.5.so)
and
==5931== Source and destination overlap in memcpy(0x13EBE02A, 0x13EBE02A, 3)
==5931==    at 0x11B21E72: memcpy (mac_replace_strmem.c:394)
==5931==    by 0x5619D5: Field_varstring::store(char const*, unsigned, charset_info_st*) (field.cc:6269)
==5931==    by 0x502794: Item::save_in_field(Field*, bool) (item.cc:3977)
==5931==    by 0x6B83C5: sp_eval_expr(THD*, Field*, Item*) (sp_head.cc:335)
==5931==    by 0x6C05D3: sp_rcontext::set_variable(THD*, Field*, Item*) (sp_rcontext.cc:267)
==5931==    by 0x6C05F2: sp_rcontext::set_variable(THD*, unsigned, Item*) (sp_rcontext.cc:254)
==5931==    by 0x6B9825: sp_instr_set::exec_core(THD*, unsigned*) (sp_head.cc:2304)
==5931==    by 0x6B938B: sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned*, bool, sp_instr*) (sp_head.cc:2160)
==5931==    by 0x6B97F8: sp_instr_set::execute(THD*, unsigned*) (sp_head.cc:2297)
==5931==    by 0x6BC27F: sp_head::execute(THD*) (sp_head.cc:1042)
==5931==    by 0x6BCA6F: sp_head::execute_procedure(THD*, List<Item>*) (sp_head.cc:1482)
==5931==    by 0x5936FB: mysql_execute_command(THD*) (sql_parse.cc:4323)
==5931==    by 0x5954DD: mysql_parse(THD*, char*, unsigned) (sql_parse.cc:5630)
==5931==    by 0x595C2E: dispatch_command(enum_server_command, THD*, char*, unsigned) (sql_parse.cc:1719)
==5931==    by 0x596D44: do_command(THD*) (sql_parse.cc:1515)
==5931==    by 0x597984: handle_one_connection (sql_parse.cc:1158)

How to repeat:
see description
[19 Jan 2006 14:12] Guilhem Bichot 
*maybe* a duplicate of BUG#15588; recheck when BUG#15588 is fixed.
[7 Feb 2006 13:59] Alexander Nozdrin 
This bug is a duplicate of BUG#15588.