Bug #58582 | valgrind error in buf_buddy_relocate (buf0buddy.c:446) | ||
---|---|---|---|
Submitted: | 30 Nov 2010 7:40 | Modified: | 28 Dec 2010 14:06 |
Reporter: | Michael Widenius | Email Updates: | |
Status: | Not a Bug | Impact on me: | |
Category: | MySQL Server: InnoDB Plugin storage engine | Severity: | S2 (Serious) |
Version: | 5.1.53, 5.1.54 | OS: | Linux (OpenSuse 11.1, Ubuntu 10.04) |
Assigned to: | Marko Mäkelä | CPU Architecture: | Any |
Tags: | valgrind error |
[30 Nov 2010 7:40]
Michael Widenius
[30 Nov 2010 8:05]
Valeriy Kravchuk
Verified just as described on 32-bit Ubuntu 10.04: ... ==1797== Invalid read of size 1 ==1797== at 0x4EDA452: mach_read_from_4 (mach0data.ic:185) ==1797== by 0x4E80DB7: buf_buddy_relocate (buf0buddy.c:447) ==1797== by 0x4E815C9: buf_buddy_free_low (buf0buddy.c:639) ==1797== by 0x4E7FE63: buf_buddy_free (buf0buddy.ic:121) ==1797== by 0x4E8C900: buf_LRU_block_remove_hashed_page (buf0lru.c:1854) ==1797== by 0x4E8A029: buf_LRU_invalidate_tablespace (buf0lru.c:456) ==1797== by 0x4EA4D37: fil_delete_tablespace (fil0fil.c:2264) ==1797== by 0x4F10C7E: row_drop_table_for_mysql (row0mysql.c:3335) ==1797== by 0x4EBC1F7: ha_innodb::delete_table(char const*) (ha_innodb.cc:6993) ==1797== by 0x83C31F1: handler::ha_delete_table(char const*) (handler.cc:3373) ==1797== by 0x83C059B: ha_delete_table(THD*, handlerton*, char const*, char const*, char const*, bool) (handler.cc:1996) ==1797== by 0x83E3C6F: mysql_rm_table_part2(THD*, TABLE_LIST*, bool, bool, bool, bool) (sql_table.cc:2071) ==1797== by 0x83E31BE: mysql_rm_table(THD*, TABLE_LIST*, char, char) (sql_table.cc:1850) ==1797== by 0x8291133: mysql_execute_command(THD*) (sql_parse.cc:3460) ==1797== by 0x829921E: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6068) ==1797== by 0x828AF78: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1261) ==1797== Address 0x95df007 is 12,295 bytes inside a of size 16,384 client-defined ==1797== at 0x4E82D54: buf_block_init (buf0buf.c:650) ==1797== by 0x4E82F21: buf_chunk_init (buf0buf.c:752) ==1797== by 0x4E83404: buf_pool_init (buf0buf.c:967) ==1797== by 0x4F26C0B: innobase_start_or_create_for_mysql (srv0start.c:1289) ==1797== by 0x4EB47C8: innobase_init(void*) (ha_innodb.cc:2263) ==1797== by 0x83BD74B: ha_initialize_handlerton(st_plugin_int*) (handler.cc:435) ==1797== by 0x848B689: plugin_initialize(st_plugin_int*) (sql_plugin.cc:1019) ==1797== by 0x848BF09: plugin_init(int*, char**, int) (sql_plugin.cc:1246) ==1797== by 0x827DD30: init_server_components() (mysqld.cc:4003) ==1797== by 0x827E824: main (mysqld.cc:4474) ^ Found warnings in /home2/openxs/dbs/5.1/mysql-test/var/log/mysqld.1.err ok ... openxs@ubuntu:/home2/openxs/dbs/5.1/mysql-test$ valgrind --version valgrind-3.6.0.SVN-Debian
[28 Dec 2010 14:06]
Marko Mäkelä
Please read the source code comments in buf0buddy.c: /* The src block may be split into smaller blocks, some of which may be free. Thus, the mach_read_from_4() calls below may attempt to read from free memory. The memory is "owned" by the buddy allocator (and it has been allocated from the buffer pool), so there is nothing wrong about this. The mach_read_from_4() calls here will only trigger bogus Valgrind memcheck warnings in UNIV_DEBUG_VALGRIND builds. */ ulint space = mach_read_from_4( (const byte*) src + FIL_PAGE_ARCH_LOG_NO_OR_SPACE_ID); ulint page_no = mach_read_from_4( (const byte*) src + FIL_PAGE_OFFSET); Removing the UNIV_MEM_FREE and UNIV_MEM_ASSERT_AND_FREE instrumentation from buf0buddy.c should silence these warnings. But then we would lose the ability to warn about accessing memory that buf0buddy.c has allocated for itself but not given to 'consumers'.
[2 Feb 2011 8:57]
Marko Mäkelä
Bug #59875 was filed as a duplicate of this. The bug is that mysql-test/valgrind.supp is not suppressing this bogus error report.