Bug #59875 Valgrind warning in buf0buddy.c
Submitted: 1 Feb 2011 18:04 Modified: 10 Feb 2011 19:55
Reporter: Vasil Dimov Email Updates:
Status: Closed Impact on me:
Category:MySQL Server: InnoDB storage engine Severity:S3 (Non-critical)
Version:5.5, trunk OS:Any
Assigned to: Vasil Dimov CPU Architecture:Any

[1 Feb 2011 18:04] Vasil Dimov
After InnoDB valgrind instrumentation got enabled on PB2/valgrind runs we got the following failure:

in 5.5 and trunk innodb.innodb_bug52745

fails with:

==28332== Invalid read of size 1
==28332==    at 0xA95BD2: mach_read_from_4 (mach0data.ic:182)
==28332==    by 0xA9571B: buf_buddy_relocate (buf0buddy.c:450)
==28332==    by 0xA968C3: buf_buddy_free_low (buf0buddy.c:646)
==28332==    by 0x9BEA4F: buf_buddy_free (buf0buddy.ic:131)
==28332==    by 0x9BF6F3: buf_LRU_block_remove_hashed_page (buf0lru.c:1888)
==28332==    by 0x9B9A71: buf_LRU_invalidate_tablespace_buf_pool_instance (buf0lru.c:454)
==28332==    by 0x9B9DB9: buf_LRU_invalidate_tablespace (buf0lru.c:520)
==28332==    by 0x9EE7F9: fil_delete_tablespace (fil0fil.c:2325)
==28332==    by 0x9166B4: row_drop_table_for_mysql (row0mysql.c:3393)
==28332==    by 0x8F863E: ha_innobase::delete_table(char const*) (ha_innodb.cc:7210)
==28332==    by 0x73D0CE: handler::ha_delete_table(char const*) (handler.cc:3416)
==28332==    by 0x74318F: ha_delete_table(THD*, handlerton*, char const*, char const*, char const*, bool) (handler.cc:2039)
==28332==    by 0x65FFC8: mysql_rm_table_no_locks(THD*, TABLE_LIST*, bool, bool, bool, bool) (sql_table.cc:2227)
==28332==    by 0x6608F9: mysql_rm_table(THD*, TABLE_LIST*, char, char) (sql_table.cc:1932)
==28332==    by 0x5D9873: mysql_execute_command(THD*) (sql_parse.cc:2975)
==28332==    by 0x5DE146: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5509)
==28332==  Address 0x96f5422 is 5,154 bytes inside a  of size 16,384 client-defined
==28332==    at 0x9A3A15: buf_block_init (buf0buf.c:857)
==28332==    by 0x9A3EC1: buf_chunk_init (buf0buf.c:975)
==28332==    by 0x9A4AF5: buf_pool_init_instance (buf0buf.c:1220)
==28332==    by 0x9A5479: buf_pool_init (buf0buf.c:1310)
==28332==    by 0x940C9E: innobase_start_or_create_for_mysql (srv0start.c:1361)
==28332==    by 0x8ECA95: innobase_init(void*) (ha_innodb.cc:2494)
==28332==    by 0x741041: ha_initialize_handlerton(st_plugin_int*) (handler.cc:462)
==28332==    by 0x5E9F5B: plugin_initialize(st_plugin_int*) (sql_plugin.cc:1063)
==28332==    by 0x5EC78E: plugin_init(int*, char**, int) (sql_plugin.cc:1349)
==28332==    by 0x53F71E: init_server_components() (mysqld.cc:3868)
==28332==    by 0x540438: mysqld_main(int, char**) (mysqld.cc:4436)
==28332==    by 0x534722: main (main.cc:24)

How to repeat:
[2 Feb 2011 8:52] Marko Mäkelä
This is a duplicate of Bug #58582 and needs a suppression. Quoting buf_buddy_relocate():

		/* The src block may be split into smaller blocks,
		some of which may be free.  Thus, the
		mach_read_from_4() calls below may attempt to read
		from free memory.  The memory is "owned" by the buddy
		allocator (and it has been allocated from the buffer
		pool), so there is nothing wrong about this.  The
		mach_read_from_4() calls here will only trigger bogus
		Valgrind memcheck warnings in UNIV_DEBUG_VALGRIND builds. */
		ulint		space	= mach_read_from_4(
			(const byte*) src + FIL_PAGE_ARCH_LOG_NO_OR_SPACE_ID);
		ulint		page_no	= mach_read_from_4(
			(const byte*) src + FIL_PAGE_OFFSET);

The warning is caused by UNIV_MEM_FREE instrumentation in buf0buddy.c. buf0buddy.c declares the memory 'free' so that the rest of InnoDB will get Valgrind warnings for attempting to access memory that they have not allocated. But buf0buddy.c is a legitimate owner of this free memory; it is within the block->frame of a BUF_BLOCK_MEMORY block that it got from the buffer pool via buf_LRU_get_free_block() or buf_LRU_get_free_only().
[4 Feb 2011 17:44] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:


3305 Vasil Dimov	2011-02-04
      Fix Bug#59875 Valgrind warning in buf0buddy.c
      Suppress a bogus valgrind warning.
[7 Feb 2011 14:46] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:


3703 Vasil Dimov	2011-02-07
      Backport the fix for Bug#59875 Valgrind warning in buf0buddy.c from 5.5
      This warning also happens in 5.1 with a slightly different codepath.
[8 Feb 2011 17:36] Bugs System
Pushed into mysql-5.1 5.1.56 (revid:vasil.dimov@oracle.com-20110208172642-ekjin6otzuy47vn9) (version source revid:vasil.dimov@oracle.com-20110208172642-ekjin6otzuy47vn9) (merge vers: 5.1.56) (pib:24)
[8 Feb 2011 17:37] Bugs System
Pushed into mysql-trunk 5.6.2 (revid:vasil.dimov@oracle.com-20110208173442-ocy58fdcuew3xvex) (version source revid:vasil.dimov@oracle.com-20110208173331-fu0j2s14jbg915zu) (merge vers: 5.6.2) (pib:24)
[8 Feb 2011 17:38] Bugs System
Pushed into mysql-5.5 5.5.10 (revid:vasil.dimov@oracle.com-20110208173046-qsmzbrw1gppahx5o) (version source revid:vasil.dimov@oracle.com-20110208172800-tls70r2ot1i0dub7) (merge vers: 5.5.10) (pib:24)