[MDEV-20316] InnoDB writes uninitialised tail of XID buffer - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.4.5
Fix Version/s: 10.4.8
Component/s: Storage Engine - InnoDB
Labels:
None
Environment:
BUILD/compile-pentium64-valgrind-max

Description

mtr --valgrind main.xa_binlog

==10964== Syscall param pwrite64(buf) points to uninitialised byte(s)
==10964== at 0x4E4CA83: ??? (in /lib64/libpthread-2.26.so)
==10964== by 0x1064216: SyncFileIO::execute(IORequest const&) (os0file.cc:1481)
==10964== by 0x1067E32: os_file_io(IORequest const&, int, void*, unsigned long, u
nsigned long, dberr_t*) (os0file.cc:4726)
==10964== by 0x1068348: os_file_pwrite(IORequest const&, int, unsigned char const*, unsigned long, unsigned long, dberr_t*) (os0file.cc:4811)
==10964== by 0x10684AC: os_file_write_func(IORequest const&, char const*, int, void const*, unsigned long, unsigned long) (os0file.cc:4842)
==10964== by 0x106B477: os_aio_func(IORequest&, unsigned long, char const*, pfs_os_file_t, void*, unsigned long, unsigned long, bool, fil_node_t*, void*) (os0file.cc:6504)
==10964== by 0x12B7E87: pfs_os_aio_func(IORequest&, unsigned long, char const*, pfs_os_file_t, void*, unsigned long, unsigned long, bool, fil_node_t*, void*, char const*, unsigned int) (os0file.ic:254)
==10964== by 0x12C5319: fil_io(IORequest const&, bool, page_id_t, unsigned long, unsigned long, unsigned long, void*, void*, bool) (fil0fil.cc:4299)
==10964== by 0x103CAC5: log_write_buf(unsigned char*, unsigned long, unsigned long, unsigned long, unsigned long) (log0log.cc:759)
==10964== by 0x103D47C: log_write_up_to(unsigned long, bool, bool) (log0log.cc:1009)
==10964== by 0x11B3D91: trx_flush_log_if_needed_low(unsigned long) (trx0trx.cc:1201)
==10964== by 0x11B3DDA: trx_flush_log_if_needed(unsigned long, trx_t*) (trx0trx.cc:1223)
==10964== by 0x11B671D: trx_prepare(trx_t*) (trx0trx.cc:2075)
==10964== by 0x11B677B: trx_prepare_for_mysql(trx_t*) (trx0trx.cc:2087)
==10964== by 0xF9D0BA: innobase_xa_prepare(handlerton*, THD*, bool) (ha_innodb.cc:16789)
=10964== by 0xBA3E11: prepare_or_error(handlerton*, THD*, bool) (handler.cc:1223)
==10964== Address 0x1166e1e4 is in a rw- anonymous segment

saving '/home/my/maria-10.5/mysql-test/var/log/main.xa_binlog-innodb/' to '/home/my/maria-10.5/mysql-test/var/log/main.xa_binlog-innodb/'
***Warnings generated in error logs during shutdown after running tests: main.xa_binlog

==22104== Thread 10:
==22104== Uninitialised byte(s) found during client check request
==22104== at 0x12422C9: buf_dblwr_add_to_batch(buf_page_t*) (buf0dblwr.cc:1147)
==22104== by 0x124A620: buf_flush_write_block_low(buf_page_t*, buf_flush_t, bool) (buf0flu.cc:1063)
==22104== by 0x124AD08: buf_flush_page(buf_pool_t*, buf_page_t*, buf_flush_t, bool) (buf0flu.cc:1211)
==22104== by 0x124B6A0: buf_flush_try_neighbors(page_id_t, buf_flush_t, unsigned long, unsigned long) (buf0flu.cc:1437)
==22104== by 0x124BADC: buf_flush_page_and_try_neighbors(buf_page_t*, buf_flush_t, unsigned long, unsigned long*) (buf0flu.cc:1511)
==22104== by 0x124C9C9: buf_do_flush_list_batch(buf_pool_t*, unsigned long, unsigned long) (buf0flu.cc:1770)
==22104== by 0x124D0E0: buf_flush_batch(buf_pool_t*, buf_flush_t, unsigned long, unsigned long, flush_counters_t*) (buf0flu.cc:1840)
==22104== by 0x124D798: buf_flush_do_batch(buf_pool_t*, buf_flush_t, unsigned long, unsigned long, flush_counters_t*) (buf0flu.cc:1998)
==22104== by 0x124DA4E: buf_flush_lists(unsigned long, unsigned long, unsigned long*) (buf0flu.cc:2100)
==22104== by 0x12526D6: buf_flush_page_cleaner_coordinator (buf0flu.cc:3256)
==22104== by 0x4E42568: start_thread (in /lib64/libpthread-2.26.so)
==22104== by 0x6ECBA2E: clone (in /lib64/libc-2.26.so)
==22104== Address 0x10ef4249 is 585 bytes inside a frame of size 16,384 client-defined
==22104== at 0x1227997: buf_block_init(buf_pool_t*, buf_block_t*, unsigned char*) (buf0buf.cc:1511)
==22104== by 0x1227E28: buf_chunk_init(buf_pool_t*, buf_chunk_t*, unsigned long) (buf0buf.cc:1657)
==22104== by 0x12288CD: buf_pool_init_instance(buf_pool_t*, unsigned long, unsigned long) (buf0buf.cc:1891)
==22104== by 0x12292E1: buf_pool_init(unsigned long, unsigned long) (buf0buf.cc:2087)
==22104== by 0x116C25A: srv_start(bool) (srv0start.cc:1512)
==22104== by 0xF83BA0: innodb_init(void*) (ha_innodb.cc:4127)
==22104== by 0xBA2FC4: ha_initialize_handlerton(st_plugin_int*) (handler.cc:550)
==22104== by 0x8A3030: plugin_initialize(st_mem_root*, st_plugin_int*, int*, char**, bool) (sql_plugin.cc:1437)
==22104== by 0x8A3C2C: plugin_init(int*, char**, int) (sql_plugin.cc:1719)
==22104== by 0x75C827: init_server_components() (mysqld.cc:5037)
==22104== by 0x75D99E: mysqld_main(int, char**) (mysqld.cc:5566)
==22104== by 0x7524A6: main (main.cc:25)
==22104== Syscall param io_submit(PWRITE) points to uninitialised byte(s)
==22104== at 0x5E6A787: io_submit (in /lib64/libaio.so.1.0.1)
==22104== by 0x106529A: AIO::linux_dispatch(Slot*) (os0file.cc:2035)
==22104== by 0x106B5B1: os_aio_func(IORequest&, unsigned long, char const*, pfs_os_file_t, void*, unsigned long, unsigned long, bool, fil_node_t*, void*) (os0file.cc:6548)
==22104== by 0x12B7E87: pfs_os_aio_func(IORequest&, unsigned long, char const*, pfs_os_file_t, void*, unsigned long, unsigned long, bool, fil_node_t*, void*, char const*, unsigned int) (os0file.ic:254)
==22104== by 0x12C5319: fil_io(IORequest const&, bool, page_id_t, unsigned long, unsigned long, unsigned long, void*, void*, bool) (fil0fil.cc:4299)
==22104== by 0x1241937: buf_dblwr_write_block_to_datafile(buf_page_t const*, bool) (buf0dblwr.cc:938)
==22104== by 0x1241F15: buf_dblwr_flush_buffered_writes() (buf0dblwr.cc:1082)
==22104== by 0x124D5E7: buf_flush_end(buf_pool_t*, buf_flush_t) (buf0flu.cc:1931)
==22104== by 0x124D7A9: buf_flush_do_batch(buf_pool_t*, buf_flush_t, unsigned long, unsigned long, flush_counters_t*) (buf0flu.cc:2000)
==22104== by 0x124DA4E: buf_flush_lists(unsigned long, unsigned long, unsigned long*) (buf0flu.cc:2100)
==22104== by 0x12526D6: buf_flush_page_cleaner_coordinator (buf0flu.cc:3256)
==22104== by 0x4E42568: start_thread (in /lib64/libpthread-2.26.so)
==22104== by 0x6ECBA2E: clone (in /lib64/libc-2.26.so)
==22104== Address 0x10ef4249 is 585 bytes inside a frame of size 16,384 client-defined
==22104== at 0x1227997: buf_block_init(buf_pool_t*, buf_block_t*, unsigned char*) (buf0buf.cc:1511)
==22104== by 0x1227E28: buf_chunk_init(buf_pool_t*, buf_chunk_t*, unsigned long) (buf0buf.cc:1657)
==22104== by 0x12288CD: buf_pool_init_instance(buf_pool_t*, unsigned long, unsigned long) (buf0buf.cc:1891)
==22104== by 0x12292E1: buf_pool_init(unsigned long, unsigned long) (buf0buf.cc:2087)
==22104== by 0x116C25A: srv_start(bool) (srv0start.cc:1512)
==22104== by 0xF83BA0: innodb_init(void*) (ha_innodb.cc:4127)
==22104== by 0xBA2FC4: ha_initialize_handlerton(st_plugin_int*) (handler.cc:550)
==22104== by 0x8A3030: plugin_initialize(st_mem_root*, st_plugin_int*, int*, char**, bool) (sql_plugin.cc:1437)
==22104== by 0x8A3C2C: plugin_init(int*, char**, int) (sql_plugin.cc:1719)
==22104== by 0x75C827: init_server_components() (mysqld.cc:5037)
==22104== by 0x75D99E: mysqld_main(int, char**) (mysqld.cc:5566)
==22104== by 0x7524A6: main (main.cc:25)

Attachments

Issue Links

is part of

MDEV-20310 valgrind bugs found in 10.5

Closed

relates to

MDEV-7974 backport fix for mysql bug#12161 (XA and binlog)

Closed

MDEV-20333 Uninitialized memory used in buf_flush_insert_into_flush_list

Closed

MariaDB Server

InnoDB writes uninitialised tail of XID buffer

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration