Bug #58582 valgrind error in buf_buddy_relocate (buf0buddy.c:446)
Submitted: 30 Nov 2010 7:40 Modified: 28 Dec 2010 14:06
Reporter: Michael Widenius Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Server: InnoDB Plugin storage engine Severity:S2 (Serious)
Version:5.1.53, 5.1.54 OS:Linux (OpenSuse 11.1, Ubuntu 10.04)
Assigned to: Marko Mäkelä CPU Architecture:Any
Tags: valgrind error

[30 Nov 2010 7:40] Michael Widenius
Description:
mysql-test-run --valgrind innodb_plugin.innodb_bug56680 gives the following error trace:

==23290== Invalid read of size 1
==23290==    at 0x6CF9857: mach_read_from_4 (mach0data.ic:182)
==23290==    by 0x6C9AE7F: buf_buddy_relocate (buf0buddy.c:446)
==23290==    by 0x6C9B817: buf_buddy_free_low (buf0buddy.c:612)
==23290==    by 0x6C99BB3: buf_buddy_free (buf0buddy.ic:121)
==23290==    by 0x6CA85B1: buf_LRU_block_remove_hashed_page (buf0lru.c:1854)
==23290==    by 0x6CA569E: buf_LRU_invalidate_tablespace (buf0lru.c:456)
==23290==    by 0x6CC26DE: fil_delete_tablespace (fil0fil.c:2264)
==23290==    by 0x6D38AE3: row_drop_table_for_mysql (row0mysql.c:3335)
==23290==    by 0x6CDD354: ha_innodb::delete_table(char const*) (ha_innodb.cc:6993)
==23290==    by 0x815F7A: handler::ha_delete_table(char const*) (handler.cc:3373)
==23290==    by 0x81BE81: ha_delete_table(THD*, handlerton*, char const*, char const*, char const*, bool) (handler.cc:1996)
==23290==    by 0x844DAE: mysql_rm_table_part2(THD*, TABLE_LIST*, bool, bool, bool, bool) (sql_table.cc:2071)
==23290==    by 0x84536E: mysql_rm_table(THD*, TABLE_LIST*, char, char) (sql_table.cc:1850)
==23290==    by 0x6D9398: mysql_execute_command(THD*) (sql_parse.cc:3460)
==23290==    by 0x6DE93F: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6068)
==23290==    by 0x6DF7CA: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1261)
==23290==  Address 0x7dde022 is 8,226 bytes inside a  of size 16,384 client-defined
==23290==    at 0x6C9D46A: buf_block_init (buf0buf.c:650)
==23290==    by 0x6C9D65B: buf_chunk_init (buf0buf.c:752)
==23290==    by 0x6C9DBB6: buf_pool_init (buf0buf.c:967)
==23290==    by 0x6D515D7: innobase_start_or_create_for_mysql (srv0start.c:1289)
==23290==    by 0x6CD8402: innobase_init(void*) (ha_innodb.cc:2263)

This error occurs multiple times, so it looks like a general problem. 

How to repeat:
BUILD/compile-amd64-valgrind-max
cd mysql-test
mysql-test-run --valgrind innodb_plugin.innodb_bug56680

Note that this has to be done on OpenSuse 11.1 with valgrind 3.4.1

On OpenSuse 11.3 this warning doesn't happen.
[30 Nov 2010 8:05] Valeriy Kravchuk
Verified just as described on 32-bit Ubuntu 10.04:

...
==1797== Invalid read of size 1
==1797==    at 0x4EDA452: mach_read_from_4 (mach0data.ic:185)
==1797==    by 0x4E80DB7: buf_buddy_relocate (buf0buddy.c:447)
==1797==    by 0x4E815C9: buf_buddy_free_low (buf0buddy.c:639)
==1797==    by 0x4E7FE63: buf_buddy_free (buf0buddy.ic:121)
==1797==    by 0x4E8C900: buf_LRU_block_remove_hashed_page (buf0lru.c:1854)
==1797==    by 0x4E8A029: buf_LRU_invalidate_tablespace (buf0lru.c:456)
==1797==    by 0x4EA4D37: fil_delete_tablespace (fil0fil.c:2264)
==1797==    by 0x4F10C7E: row_drop_table_for_mysql (row0mysql.c:3335)
==1797==    by 0x4EBC1F7: ha_innodb::delete_table(char const*) (ha_innodb.cc:6993)
==1797==    by 0x83C31F1: handler::ha_delete_table(char const*) (handler.cc:3373)
==1797==    by 0x83C059B: ha_delete_table(THD*, handlerton*, char const*, char const*, char const*, bool) (handler.cc:1996)
==1797==    by 0x83E3C6F: mysql_rm_table_part2(THD*, TABLE_LIST*, bool, bool, bool, bool) (sql_table.cc:2071)
==1797==    by 0x83E31BE: mysql_rm_table(THD*, TABLE_LIST*, char, char) (sql_table.cc:1850)
==1797==    by 0x8291133: mysql_execute_command(THD*) (sql_parse.cc:3460)
==1797==    by 0x829921E: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6068)
==1797==    by 0x828AF78: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1261)
==1797==  Address 0x95df007 is 12,295 bytes inside a  of size 16,384 client-defined
==1797==    at 0x4E82D54: buf_block_init (buf0buf.c:650)
==1797==    by 0x4E82F21: buf_chunk_init (buf0buf.c:752)
==1797==    by 0x4E83404: buf_pool_init (buf0buf.c:967)
==1797==    by 0x4F26C0B: innobase_start_or_create_for_mysql (srv0start.c:1289)
==1797==    by 0x4EB47C8: innobase_init(void*) (ha_innodb.cc:2263)
==1797==    by 0x83BD74B: ha_initialize_handlerton(st_plugin_int*) (handler.cc:435)
==1797==    by 0x848B689: plugin_initialize(st_plugin_int*) (sql_plugin.cc:1019)
==1797==    by 0x848BF09: plugin_init(int*, char**, int) (sql_plugin.cc:1246)
==1797==    by 0x827DD30: init_server_components() (mysqld.cc:4003)
==1797==    by 0x827E824: main (mysqld.cc:4474)
^ Found warnings in /home2/openxs/dbs/5.1/mysql-test/var/log/mysqld.1.err
ok
...
openxs@ubuntu:/home2/openxs/dbs/5.1/mysql-test$ valgrind --version
valgrind-3.6.0.SVN-Debian
[28 Dec 2010 14:06] Marko Mäkelä
Please read the source code comments in buf0buddy.c:

		/* The src block may be split into smaller blocks,
		some of which may be free.  Thus, the
		mach_read_from_4() calls below may attempt to read
		from free memory.  The memory is "owned" by the buddy
		allocator (and it has been allocated from the buffer
		pool), so there is nothing wrong about this.  The
		mach_read_from_4() calls here will only trigger bogus
		Valgrind memcheck warnings in UNIV_DEBUG_VALGRIND builds. */
		ulint		space	= mach_read_from_4(
			(const byte*) src + FIL_PAGE_ARCH_LOG_NO_OR_SPACE_ID);
		ulint		page_no	= mach_read_from_4(
			(const byte*) src + FIL_PAGE_OFFSET);

Removing the UNIV_MEM_FREE and UNIV_MEM_ASSERT_AND_FREE instrumentation from buf0buddy.c should silence these warnings. But then we would lose the ability to warn about accessing memory that buf0buddy.c has allocated for itself but not given to 'consumers'.
[2 Feb 2011 8:57] Marko Mäkelä
Bug #59875 was filed as a duplicate of this. The bug is that mysql-test/valgrind.supp is not suppressing this bogus error report.