Bug #97804 Test innodb.innodb_mysql fails under valgrind
Submitted: 26 Nov 2019 17:52 Modified: 3 Dec 2019 7:58
Reporter: Herman Lee Email Updates:
Status: Closed Impact on me:
Category:MySQL Server: InnoDB storage engine Severity:S7 (Test Cases)
Version:8.0.18 OS:Any
Assigned to: CPU Architecture:Any

[26 Nov 2019 17:52] Herman Lee
Running the innodb.innodb_mysql test under valgrind reports "Conditional jump or move depends on uninitialised value"

worker[1] Test still running: innodb.innodb_mysql
[ 50%] innodb.innodb_mysql                       [ fail ]  Found warnings/errors in error log file!
        Test ended at 2019-11-26 09:40:15
==865547== Thread 39:
==865547== Conditional jump or move depends on uninitialised value(s)
==865547==    at 0x3EF1176: String::c_ptr() (sql_string.h:251)
==865547==    by 0x4035ADF: Item_func_get_user_var::val_str(String*) (item_func.cc:5973)
==865547==    by 0x4166EFE: Item::save_in_field_inner(Field*, bool) (item.cc:6025)
==865547==    by 0x4154893: Item::save_in_field(Field*, bool) (item.cc:5913)
==865547==    by 0x44CD915: fill_record(THD*, TABLE*, Field**, List<Item>&, MY_BITMAP*, MY_BITMAP*) (sql_base.cc:9423)
==865547==    by 0x44CDC2F: fill_record_n_invoke_before_triggers(THD*, Field**, List<Item>&, TABLE*, enum_trigger_event_type, int) (sql_base.cc:9502)
==865547==    by 0x4606092: Query_result_insert::store_values(THD*, List<Item>&) (sql_insert.cc:2169)
==865547==    by 0x4605D12: Query_result_insert::send_data(THD*, List<Item>&) (sql_insert.cc:2100)
==865547==    by 0x45C360A: end_send(JOIN*, QEP_TAB*, bool) (sql_executor.cc:4844)
==865547==    by 0x471156C: JOIN_CACHE::generate_full_extensions(unsigned char*) (sql_join_buffer.cc:2024)
==865547==    by 0x471141A: JOIN_CACHE_BNL::join_matching_records(bool) (sql_join_buffer.cc:1921)
==865547==    by 0x4710C83: JOIN_CACHE::join_records(bool) (sql_join_buffer.cc:1740)
==865547==    by 0x4710E78: JOIN_CACHE::join_records(bool) (sql_join_buffer.cc:1788)
==865547==    by 0x4714916: JOIN_CACHE::end_send() (sql_join_buffer.h:501)
==865547==    by 0x45BF853: sub_select_op(JOIN*, QEP_TAB*, bool) (sql_executor.cc:2811)
==865547==    by 0x45CC866: sub_select(JOIN*, QEP_TAB*, bool) (sql_executor.cc:2981)
^ Found warnings in /data/users/herman/rocks-mysql/8.0/_build-8.0-Valgrind/mysql-test/var/log/mysqld.1.err

 - the logfile can be found in '/data/users/herman/rocks-mysql/8.0/_build-8.0-Valgrind/mysql-test/var/log/innodb.innodb_mysql/innodb_mysql.log'

How to repeat:
mtr --valgrind --mem innodb.innodb_mysql
[28 Nov 2019 8:28] MySQL Verification Team
Hello Herman Lee,

Thank you for the report and feedback.
Observed that even in 8.0.18 innodb.innodb_mysql fails under valgrind but with different stack trace.

[2 Dec 2019 12:03] Erlend Dahl
We can't reproduce this internally (the issue reproduced by Umesh looks different).

Can you please share the following details:

- exact CMake options
- compiler version
- valgrind version
[3 Dec 2019 1:28] Herman Lee
Valgrind is version 3.15.0
Compiler is clang 8.0

Relevant cmake flags:

CFLAGS=-g -pipe -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fno-builtin-malloc -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -fno-strict-aliasing -fwrapv -fno-omit-frame-pointer -momit-leaf-frame-pointer -Wno-type-limits
CXXFLAGS=-g -pipe -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fno-builtin-malloc -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -fno-strict-aliasing -fwrapv -fno-omit-frame-pointer -momit-leaf-frame-pointer -Wno-type-limits
-DCURSES_LIBRARY=<curses library>
-DCURSES_INCLUDE_PATH=<curses include>
-DWITH_KRB=<krb version 1.12>
-DWITH_SSL=<open_ssl 1.1.0> 
-DWITH_ZLIB=<zlib 1.2.8>
-DWITH_ZSTD=<zstd 1.4>
-DWITH_GLIBC=<glibc 2.26>
-DWITH_BOOST=<boost 1.69 dir>
[3 Dec 2019 7:48] Tor Didriksen
Posted by developer:
8.0.17 does indeed have this valgrind bug.
It was fixed in 8.0.18 by this followup patch:
commit e924e238247ba3b42cf6a30d76a68a816b776e96
Author: Xing Zhang <xing.z.zhang@oracle.com>
Date:   Thu Apr 4 12:47:42 2019 +0800

    Bug#28960901: ASSERTION FAILED: (TLEN % 2) == 0
    Post-push fix: Valgrind complains String::c_ptr() might have memory leak
    problem. Change to use String::ptr().
    Change-Id: Ic2b67c6027ee1c5fcfd0502ca90ecb90ef326445

diff --git a/sql/item_func.cc b/sql/item_func.cc
index 3fa0d3cec47..63bac6e9941 100644
--- a/sql/item_func.cc
+++ b/sql/item_func.cc
@@ -5789,11 +5789,11 @@ String *Item_func_get_user_var::val_str(String *str) {
   if (res && !my_charset_same(res->charset(), collation.collation)) {
     String tmpstr;
     uint error;
-    if (tmpstr.copy(res->c_ptr(), res->length(), res->charset(),
+    if (tmpstr.copy(res->ptr(), res->length(), res->charset(),
                     collation.collation, &error) ||
         error > 0) {
       char tmp[32];
-      convert_to_printable(tmp, sizeof(tmp), res->c_ptr(), res->length(),
+      convert_to_printable(tmp, sizeof(tmp), res->ptr(), res->length(),
                            res->charset(), 6);
       my_error(ER_INVALID_CHARACTER_STRING, MYF(0), collation.collation->csname,
[3 Dec 2019 7:58] Erlend Dahl
I have verified that the issue repeats on 8.0.17, but not on 8.0.18.