Bug #21477 Segfault in valgrind when running "func_in" test
Submitted: 7 Aug 2006 11:52 Modified: 19 Sep 2006 16:31
Reporter: Magnus Blåudd Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Tests Severity:S7 (Test Cases)
Version:5.0.25 OS:
Assigned to: Sergey Petrunya CPU Architecture:Any

[7 Aug 2006 11:52] Magnus Blåudd
Description:
When running mysqld in valgrind on nocona, a segfault will occur in valgrind, and thus the client will loose contact with the mysqld.

This can be seen in PushBuild for mysql-5.0 where func_in test fails every time.

This is from the master.log file
CURRENT_TEST: func_in
--5944-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
--5944-- si_code=1;  Faulting address: 0xF9C2E38;  sp: 0x406B25E20

valgrind: the 'impossible' happened:
   Killed by fatal signal
==5944==    at 0x38020956: vgPlain_arena_free (m_mallocfree.c:177)
==5944==    by 0x38034354: vgPlain_cli_free (replacemalloc_core.c:108)
==5944==    by 0x380013EA: add_to_freed_queue (mc_malloc_wrappers.c:111)
==5944==    by 0x380362A1: do_client_request (scheduler.c:1158)
==5944==    by 0x38035BDA: vgPlain_scheduler (scheduler.c:869)
==5944==    by 0x38046656: thread_wrapper (syswrap-linux.c:87)
==5944==    by 0x3804672F: run_a_thread_NORETURN (syswrap-linux.c:120)
==5944==    by 0x38046849: vgModuleLocal_start_thread_NORETURN (syswrap-linux.c:207)
==5944==    by 0x3805124A: (within /usr/local/lib/valgrind/amd64-linux/memcheck)==5944==    by 0x4066F7BFF: ???
==5944==    by 0x0: ???
==5944==    by 0x4066F7BFF: ???
==5944==    by 0x38134223: (within /usr/local/lib/valgrind/amd64-linux/memcheck)==5944==    by 0x380187A5: send_bytes_to_logging_sink (m_libcprint.c:62)

sched status:

How to repeat:
This happens everytime in PushBuild but I compiled on nocona and executed mysql-test-run.pl as below.

mysqldev@nocona:~/users/magnus/mysql-5.0.25-pb802/mysql-test> perl ./mysql-test-run.pl --timer --force --valgrind "--valgrind-options=--gen-suppressions=all --show-reachable=yes" --do-test=func
[7 Aug 2006 12:09] Magnus Blåudd
Moved the build to "mysqldev@nocona:~/users/magnus/mysql-5.0.25-bug21477" and leaving it there.
[22 Aug 2006 20:41] Magnus Blåudd
Crash is also seen on maint1 valgrind server
[1 Sep 2006 9:28] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/11236

ChangeSet@1.2251, 2006-09-01 13:23:43+04:00, sergefp@mysql.com +4 -0
  BUG#21477 "memory overruns for certain kinds of subqueries":
  make st_select_lex::setup_ref_array() take into account that 
  Item_sum-descendant objects located within descendant SELECTs
  may be added into ref_pointer_array.
[4 Sep 2006 14:29] Magnus Blåudd
Pushed to 5.0.25
[6 Sep 2006 23:48] Jon Stephens
Documented bugfix in 5.0.25 changelog.

Placed in NDI status since this is tagged for 5.1 as well.
[7 Sep 2006 11:37] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/11530

ChangeSet@1.2251, 2006-09-01 13:23:43+04:00, sergefp@mysql.com +4 -0
  BUG#21477 "memory overruns for certain kinds of subqueries":
  make st_select_lex::setup_ref_array() take into account that 
  Item_sum-descendant objects located within descendant SELECTs
  may be added into ref_pointer_array.
[7 Sep 2006 14:50] Sergey Petrunya
The previous commit message is a duplicate of a past commit.
[15 Sep 2006 15:55] Magnus Blåudd
Will write a new bug report if func_in still fails  with valgrind if it fails after this bugfix
[18 Sep 2006 21:42] Timothy Smith
Pushed into 5.1.12
[19 Sep 2006 16:31] Paul Dubois
Noted in 5.1.12 changelog.