[MDEV-30936] clang 15.0.7 -fsanitize=memory fails massively - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.5, 10.6, 10.7(EOL), 10.8(EOL), 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL), 11.1(EOL)
Fix Version/s: 11.1.1, 10.11.3, 11.0.2, 10.5.20, 10.6.13, 10.7.8, 10.8.8, 10.9.6, 10.10.4
Component/s: Server, Storage Engine - InnoDB
Labels:
- MSAN

Description

It appears that since fairly recently, MSAN is marking memory uninitialized in destructors. Here is a simple example of something that needs to be adjusted in response to this:

diff --git a/storage/innobase/que/que0que.cc b/storage/innobase/que/que0que.cc

index 5f5f527e06b..d910ee2a881 100644

--- a/storage/innobase/que/que0que.cc

+++ b/storage/innobase/que/que0que.cc

@@ -236,9 +236,9 @@ que_graph_free_stat_list(

 	que_node_t*	node)	/*!< in: first query graph node in the list */

 	while (node) {

+		que_node_t* next = que_node_get_next(node);

 		que_graph_free_recursive(node);

-		node = que_node_get_next(node);

+		node = next;

All such code needs to be fixed before it is meaningful to upgrade to a newer MSAN environment on our CI systems.

On my local system, for some reason, I am not getting correct diagnostics, but something like this:

==3567352==WARNING: MemorySanitizer: use-of-uninitialized-value

/usr/bin/llvm-symbolizer-15: symbol lookup error: /home/marko/libmsan-15/libgmp.so.10: undefined symbol: __msan_va_arg_overflow_size_tls

==3567352==WARNING: Can't read from symbolizer at fd 84

==3567352==WARNING: Can't write to symbolizer at fd 87

/usr/bin/llvm-symbolizer-15: symbol lookup error: /home/marko/libmsan-15/libgmp.so.10: undefined symbol: __msan_va_arg_overflow_size_tls

==3567352==WARNING: Can't read from symbolizer at fd 84

==3567352==WARNING: Can't write to symbolizer at fd 87

/usr/bin/llvm-symbolizer-15: symbol lookup error: /home/marko/libmsan-15/libgmp.so.10: undefined symbol: __msan_va_arg_overflow_size_tls

==3567352==WARNING: Can't read from symbolizer at fd 84

==3567352==WARNING: Can't write to symbolizer at fd 87

/usr/bin/llvm-symbolizer-15: symbol lookup error: /home/marko/libmsan-15/libgmp.so.10: undefined symbol: __msan_va_arg_overflow_size_tls

==3567352==WARNING: Can't read from symbolizer at fd 84

==3567352==WARNING: Can't write to symbolizer at fd 87

==3567352==WARNING: Failed to use and restart external symbolizer!

    #0 0x5628a93c7759  (/dev/shm/10.6m/sql/mariadbd+0x3188759) (BuildId: bc73951134da47d9)

    #1 0x5628a9736471  (/dev/shm/10.6m/sql/mariadbd+0x34f7471) (BuildId: bc73951134da47d9)

    #2 0x5628a9966d5e  (/dev/shm/10.6m/sql/mariadbd+0x3727d5e) (BuildId: bc73951134da47d9)

    #3 0x5628a9967236  (/dev/shm/10.6m/sql/mariadbd+0x3728236) (BuildId: bc73951134da47d9)

    #4 0x5628a8555f2d  (/dev/shm/10.6m/sql/mariadbd+0x2316f2d) (BuildId: bc73951134da47d9)

    #5 0x5628a852378a  (/dev/shm/10.6m/sql/mariadbd+0x22e478a) (BuildId: bc73951134da47d9)

    #6 0x5628a87c2ce0  (/dev/shm/10.6m/sql/mariadbd+0x2583ce0) (BuildId: bc73951134da47d9)

    #7 0x5628a81208d4  (/dev/shm/10.6m/sql/mariadbd+0x1ee18d4) (BuildId: bc73951134da47d9)

    #8 0x5628a8109b71  (/dev/shm/10.6m/sql/mariadbd+0x1ecab71) (BuildId: bc73951134da47d9)

    #9 0x5628a8100316  (/dev/shm/10.6m/sql/mariadbd+0x1ec1316) (BuildId: bc73951134da47d9)

    #10 0x5628a810b33a  (/dev/shm/10.6m/sql/mariadbd+0x1ecc33a) (BuildId: bc73951134da47d9)

    #11 0x5628a87a294c  (/dev/shm/10.6m/sql/mariadbd+0x256394c) (BuildId: bc73951134da47d9)

    #12 0x5628a87a1f37  (/dev/shm/10.6m/sql/mariadbd+0x2562f37) (BuildId: bc73951134da47d9)

    #13 0x5628a8ff6ae7  (/dev/shm/10.6m/sql/mariadbd+0x2db7ae7) (BuildId: bc73951134da47d9)

    #14 0x7f320caa7fd3  (/lib/x86_64-linux-gnu/libc.so.6+0x88fd3) (BuildId: 4aff0f9d796e67d413e44f332edace9ac0ca2401)

    #15 0x7f320cb278cf  (/lib/x86_64-linux-gnu/libc.so.6+0x1088cf) (BuildId: 4aff0f9d796e67d413e44f332edace9ac0ca2401)

  Memory was marked as uninitialized

    #0 0x5628a7216ded  (/dev/shm/10.6m/sql/mariadbd+0xfd7ded) (BuildId: bc73951134da47d9)

    #1 0x5628a93c758a  (/dev/shm/10.6m/sql/mariadbd+0x318858a) (BuildId: bc73951134da47d9)

SUMMARY: MemorySanitizer: use-of-uninitialized-value (/dev/shm/10.6m/sql/mariadbd+0x3188759) (BuildId: bc73951134da47d9)

Exiting

The thread local symbol in question is defined in the global BSS of mariadbd. Luckily, ./mtr --rr works, and it suffices to me to set a breakpoint in __msan_warning_with_origin_noreturn to diagnose the failures, with proper stack traces in rr replay.

Attachments

Issue Links

is blocked by

MDEV-20377 Make WITH_MSAN more usable

Closed

relates to

MDEV-30942 MSAN_OPTIONS=poison_in_dtor=1 causes failures in free_root()

Open

Activity

People

Assignee:: Marko Mäkelä

Reporter:: Marko Mäkelä

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2023-03-27 16:16

Updated:: 2023-03-29 15:52

Resolved:: 2023-03-28 12:52

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.