[MDEV-32572] MSAN / Valgrind errors upon range query - Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.4(EOL), 10.5, 10.6, 10.10(EOL), 10.11, 11.0(EOL), 11.1(EOL), 11.2(EOL)
Fix Version/s: 10.5, 10.6, 10.11
Component/s: Storage Engine - InnoDB
Labels:
None

Description

--source include/have_innodb.inc

CREATE TABLE t (a INT, b VARCHAR(64), c INT, PRIMARY KEY (b), KEY(a,c)) ENGINE=InnoDB;

INSERT INTO t VALUES (1,'Arkansas',1),(2,'Iowa',2);

SELECT DISTINCT * FROM t WHERE (a = 1 OR c < 2) AND (b = 'Arizona' OR b = 'Nebraska') OR (b = 'Utah' OR b != 'Colorado') AND (b = 'Idaho' OR b = 'New Mexico');

# Cleanup

DROP TABLE t;

10.6 b78b77e77db22321e2fa49afaea5564c083ca66a MSAN
Uninitialized bytes in __msan_check_mem_is_initialized at offset 54 inside [0x708000008c3c, 28515)
==432202==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x55c6318eb4f4 in dtuple_validate(dtuple_t const*) /data/src/10.6-msan/storage/innobase/data/data0data.cc:244:4
#1 0x55c6311997f8 in page_cur_search_with_match(dtuple_t const, page_cur_mode_t, unsigned long, unsigned long, page_cur_t, rtr_info*) /data/src/10.6-msan/storage/innobase/page/page0cur.cc:313:2
#2 0x55c631760f02 in btr_cur_t::search_leaf(dtuple_t const, page_cur_mode_t, btr_latch_mode, mtr_t) /data/src/10.6-msan/storage/innobase/btr/btr0cur.cc:1420:9
#3 0x55c6314e394b in btr_pcur_open_with_no_init(dtuple_t const, page_cur_mode_t, btr_latch_mode, btr_pcur_t, mtr_t*) /data/src/10.6-msan/storage/innobase/include/btr0pcur.inl:322:26
#4 0x55c6314e394b in row_search_mvcc(unsigned char, page_cur_mode_t, row_prebuilt_t, unsigned long, unsigned long) /data/src/10.6-msan/storage/innobase/row/row0sel.cc:4791:10
#5 0x55c630e24e2d in ha_innobase::index_read(unsigned char, unsigned char const, unsigned int, ha_rkey_function) /data/src/10.6-msan/storage/innobase/handler/ha_innodb.cc:9122:5
#6 0x55c62fdd9dbe in handler::ha_index_read_map(unsigned char, unsigned char const, unsigned long, ha_rkey_function) /data/src/10.6-msan/sql/handler.cc:3517:3
#7 0x55c62fe03bd9 in handler::read_range_first(st_key_range const, st_key_range const, bool, bool) /data/src/10.6-msan/sql/handler.cc:6663:13
#8 0x55c6304bb04e in QUICK_RANGE_SELECT::get_next_prefix(unsigned int, unsigned int, unsigned char*) /data/src/10.6-msan/sql/opt_range.cc:12847:19
#9 0x55c6304ca17d in QUICK_GROUP_MIN_MAX_SELECT::next_prefix() /data/src/10.6-msan/sql/opt_range.cc:15692:39
#10 0x55c6304c8b07 in QUICK_GROUP_MIN_MAX_SELECT::get_next() /data/src/10.6-msan/sql/opt_range.cc:15434:13
#11 0x55c630515c90 in rr_quick(READ_RECORD*) /data/src/10.6-msan/sql/records.cc:403:37
#12 0x55c62f24d8be in READ_RECORD::read_record() /data/src/10.6-msan/sql/records.h:81:30
#13 0x55c62f24d8be in join_init_read_record(st_join_table*) /data/src/10.6-msan/sql/sql_select.cc:22723:27
#14 0x55c62f1b7b21 in sub_select(JOIN, st_join_table, bool) /data/src/10.6-msan/sql/sql_select.cc:21725:12
#15 0x55c62f25811d in do_select(JOIN, Procedure) /data/src/10.6-msan/sql/sql_select.cc:21258:14
#16 0x55c62f25811d in JOIN::exec_inner() /data/src/10.6-msan/sql/sql_select.cc:4834:50
#17 0x55c62f253c97 in JOIN::exec() /data/src/10.6-msan/sql/sql_select.cc:4612:3
#18 0x55c62f1bacc0 in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /data/src/10.6-msan/sql/sql_select.cc:5091:9
#19 0x55c62f1b96d6 in handle_select(THD, LEX, select_result*, unsigned long) /data/src/10.6-msan/sql/sql_select.cc:559:10
#20 0x55c62f0eeb3a in execute_sqlcom_select(THD, TABLE_LIST) /data/src/10.6-msan/sql/sql_parse.cc:6285:12
#21 0x55c62f0c87ee in mysql_execute_command(THD*, bool) /data/src/10.6-msan/sql/sql_parse.cc:3961:12
#22 0x55c62f0b024a in mysql_parse(THD, char, unsigned int, Parser_state*) /data/src/10.6-msan/sql/sql_parse.cc:8050:18
#23 0x55c62f0a4790 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /data/src/10.6-msan/sql/sql_parse.cc:1896:7
#24 0x55c62f0b2640 in do_command(THD*, bool) /data/src/10.6-msan/sql/sql_parse.cc:1409:17
#25 0x55c62f6e2e7f in do_handle_one_connection(CONNECT*, bool) /data/src/10.6-msan/sql/sql_connect.cc:1416:11
#26 0x55c62f6e2465 in handle_one_connection /data/src/10.6-msan/sql/sql_connect.cc:1318:5
#27 0x55c630b5a18a in pfs_spawn_thread /data/src/10.6-msan/storage/perfschema/pfs.cc:2201:3
#28 0x7fed4c127fd3 in start_thread nptl/./nptl/pthread_create.c:442:8
#29 0x7fed4c1a85bb in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Uninitialized value was stored to memory at
#0 0x55c62eb9da79 in __msan_memcpy (/mnt8t/src/10.6-msan/sql/mariadbd+0x793a79)
#1 0x55c631e4de6c in memdup_root /data/src/10.6-msan/mysys/my_alloc.c:499:5

Memory was marked as uninitialized
#0 0x55c62eba421e in __msan_allocated_memory (/mnt8t/src/10.6-msan/sql/mariadbd+0x79a21e)
#1 0x55c631e7acd9 in my_malloc /data/src/10.6-msan/mysys/my_malloc.c:114:7

SUMMARY: MemorySanitizer: use-of-uninitialized-value /data/src/10.6-msan/storage/innobase/data/data0data.cc:244:4 in dtuple_validate(dtuple_t const*)

10.4 0c7af6a2 Valgrind
==430082== Thread 27:
==430082== Conditional jump or move depends on uninitialised value(s)
==430082== at 0x1280A8A: mach_write_to_2(unsigned char*, unsigned long) (mach0data.inl:58)
==430082== by 0x1282A8D: rec_set_bit_field_2(unsigned char*, unsigned long, unsigned long, unsigned long, unsigned long) (rem0rec.inl:220)
==430082== by 0x1282DD3: rec_set_n_fields_old(unsigned char*, unsigned long) (rem0rec.inl:431)
==430082== by 0x128811B: rec_convert_dtuple_to_rec_old(unsigned char, dtuple_t const, unsigned long) (rem0rec.cc:1425)
==430082== by 0x1288971: rec_convert_dtuple_to_rec(unsigned char, dict_index_t const, dtuple_t const*, unsigned long) (rem0rec.cc:1776)
==430082== by 0x1411B68: page_cur_tuple_insert(page_cur_t, dtuple_t const, dict_index_t, unsigned short, mem_block_info_t, unsigned long, mtr_t) (page0cur.inl:272)
==430082== by 0x142136A: btr_cur_optimistic_insert(unsigned long, btr_cur_t, unsigned short, mem_block_info_t, dtuple_t, unsigned char, big_rec_t, unsigned long, que_thr_t, mtr_t) (btr0cur.cc:3597)
==430082== by 0x12C1DE6: row_ins_clust_index_entry_low(unsigned long, unsigned long, dict_index_t, unsigned long, dtuple_t, unsigned long, que_thr_t*) (row0ins.cc:2805)
==430082== by 0x12C37CC: row_ins_clust_index_entry(dict_index_t, dtuple_t, que_thr_t*, unsigned long) (row0ins.cc:3281)
==430082== by 0x12C3D67: row_ins_index_entry(dict_index_t, dtuple_t, que_thr_t*) (row0ins.cc:3407)
==430082== by 0x12C46AC: row_ins_index_entry_step(ins_node_t, que_thr_t) (row0ins.cc:3576)
==430082== by 0x12C4BA4: row_ins(ins_node_t, que_thr_t) (row0ins.cc:3713)
==430082== by 0x12C5437: row_ins_step(que_thr_t*) (row0ins.cc:3856)
==430082== by 0x1276DC8: que_thr_step(que_thr_t*) (que0que.cc:945)
==430082== by 0x12771CD: que_run_threads_low(que_thr_t*) (que0que.cc:1028)
==430082== by 0x1277467: que_run_threads(que_thr_t*) (que0que.cc:1068)
==430082== Conditional jump or move depends on uninitialised value(s)
==430082== at 0x12809EC: mach_write_to_1(unsigned char*, unsigned long) (mach0data.inl:41)
==430082== by 0x12824A4: rec_set_bit_field_1(unsigned char*, unsigned long, unsigned long, unsigned long, unsigned long) (rem0rec.inl:178)
==430082== by 0x1282FDD: rec_set_info_bits_old(unsigned char*, unsigned long) (rem0rec.inl:575)
==430082== by 0x128813E: rec_convert_dtuple_to_rec_old(unsigned char, dtuple_t const, unsigned long) (rem0rec.cc:1428)
==430082== by 0x1288971: rec_convert_dtuple_to_rec(unsigned char, dict_index_t const, dtuple_t const*, unsigned long) (rem0rec.cc:1776)
==430082== by 0x1411B68: page_cur_tuple_insert(page_cur_t, dtuple_t const, dict_index_t, unsigned short, mem_block_info_t, unsigned long, mtr_t) (page0cur.inl:272)
==430082== by 0x142136A: btr_cur_optimistic_insert(unsigned long, btr_cur_t, unsigned short, mem_block_info_t, dtuple_t, unsigned char, big_rec_t, unsigned long, que_thr_t, mtr_t) (btr0cur.cc:3597)
==430082== by 0x12C1DE6: row_ins_clust_index_entry_low(unsigned long, unsigned long, dict_index_t, unsigned long, dtuple_t, unsigned long, que_thr_t*) (row0ins.cc:2805)
==430082== by 0x12C37CC: row_ins_clust_index_entry(dict_index_t, dtuple_t, que_thr_t*, unsigned long) (row0ins.cc:3281)
==430082== by 0x12C3D67: row_ins_index_entry(dict_index_t, dtuple_t, que_thr_t*) (row0ins.cc:3407)
==430082== by 0x12C46AC: row_ins_index_entry_step(ins_node_t, que_thr_t) (row0ins.cc:3576)
==430082== by 0x12C4BA4: row_ins(ins_node_t, que_thr_t) (row0ins.cc:3713)
==430082== by 0x12C5437: row_ins_step(que_thr_t*) (row0ins.cc:3856)
==430082== by 0x1276DC8: que_thr_step(que_thr_t*) (que0que.cc:945)
==430082== by 0x12771CD: que_run_threads_low(que_thr_t*) (que0que.cc:1028)
==430082== by 0x1277467: que_run_threads(que_thr_t*) (que0que.cc:1068)
==430082== Conditional jump or move depends on uninitialised value(s)
==430082== at 0x1280A8A: mach_write_to_2(unsigned char*, unsigned long) (mach0data.inl:58)
==430082== by 0x1282A8D: rec_set_bit_field_2(unsigned char*, unsigned long, unsigned long, unsigned long, unsigned long) (rem0rec.inl:220)
==430082== by 0x128311A: rec_set_heap_no_new(unsigned char*, unsigned long) (rem0rec.inl:764)
==430082== by 0x1291B9A: void rec_convert_dtuple_to_rec_comp<false, false>(unsigned char, dict_index_t const, dfield_t const*, unsigned long, rec_comp_status_t, bool) (rem0rec.cc:1562)
==430082== by 0x1288669: rec_convert_dtuple_to_rec_new(unsigned char, dict_index_t const, dtuple_t const*) (rem0rec.cc:1742)
==430082== by 0x1288954: rec_convert_dtuple_to_rec(unsigned char, dict_index_t const, dtuple_t const*, unsigned long) (rem0rec.cc:1774)
==430082== by 0x1411B68: page_cur_tuple_insert(page_cur_t, dtuple_t const, dict_index_t, unsigned short, mem_block_info_t, unsigned long, mtr_t) (page0cur.inl:272)
==430082== by 0x142136A: btr_cur_optimistic_insert(unsigned long, btr_cur_t, unsigned short, mem_block_info_t, dtuple_t, unsigned char, big_rec_t, unsigned long, que_thr_t, mtr_t) (btr0cur.cc:3597)
==430082== by 0x12C1DE6: row_ins_clust_index_entry_low(unsigned long, unsigned long, dict_index_t, unsigned long, dtuple_t, unsigned long, que_thr_t*) (row0ins.cc:2805)
==430082== by 0x12C37CC: row_ins_clust_index_entry(dict_index_t, dtuple_t, que_thr_t*, unsigned long) (row0ins.cc:3281)
==430082== by 0x12C3D67: row_ins_index_entry(dict_index_t, dtuple_t, que_thr_t*) (row0ins.cc:3407)
==430082== by 0x12C46AC: row_ins_index_entry_step(ins_node_t, que_thr_t) (row0ins.cc:3576)
==430082== by 0x12C4BA4: row_ins(ins_node_t, que_thr_t) (row0ins.cc:3713)
==430082== by 0x12C5437: row_ins_step(que_thr_t*) (row0ins.cc:3856)
==430082== by 0x12EDBB0: row_insert_for_mysql(unsigned char const, row_prebuilt_t, ins_mode_t) (row0mysql.cc:1395)
==430082== by 0x111F5A3: ha_innobase::write_row(unsigned char const*) (ha_innodb.cc:8171)
==430082== Conditional jump or move depends on uninitialised value(s)
==430082== at 0x12809EC: mach_write_to_1(unsigned char*, unsigned long) (mach0data.inl:41)
==430082== by 0x12824A4: rec_set_bit_field_1(unsigned char*, unsigned long, unsigned long, unsigned long, unsigned long) (rem0rec.inl:178)
==430082== by 0x1283010: rec_set_info_bits_new(unsigned char*, unsigned long) (rem0rec.inl:587)
==430082== by 0x1288686: rec_convert_dtuple_to_rec_new(unsigned char, dict_index_t const, dtuple_t const*) (rem0rec.cc:1747)
==430082== by 0x1288954: rec_convert_dtuple_to_rec(unsigned char, dict_index_t const, dtuple_t const*, unsigned long) (rem0rec.cc:1774)
==430082== by 0x1411B68: page_cur_tuple_insert(page_cur_t, dtuple_t const, dict_index_t, unsigned short, mem_block_info_t, unsigned long, mtr_t) (page0cur.inl:272)
==430082== by 0x142136A: btr_cur_optimistic_insert(unsigned long, btr_cur_t, unsigned short, mem_block_info_t, dtuple_t, unsigned char, big_rec_t, unsigned long, que_thr_t, mtr_t) (btr0cur.cc:3597)
==430082== by 0x12C1DE6: row_ins_clust_index_entry_low(unsigned long, unsigned long, dict_index_t, unsigned long, dtuple_t, unsigned long, que_thr_t*) (row0ins.cc:2805)
==430082== by 0x12C37CC: row_ins_clust_index_entry(dict_index_t, dtuple_t, que_thr_t*, unsigned long) (row0ins.cc:3281)
==430082== by 0x12C3D67: row_ins_index_entry(dict_index_t, dtuple_t, que_thr_t*) (row0ins.cc:3407)
==430082== by 0x12C46AC: row_ins_index_entry_step(ins_node_t, que_thr_t) (row0ins.cc:3576)
==430082== by 0x12C4BA4: row_ins(ins_node_t, que_thr_t) (row0ins.cc:3713)
==430082== by 0x12C5437: row_ins_step(que_thr_t*) (row0ins.cc:3856)
==430082== by 0x12EDBB0: row_insert_for_mysql(unsigned char const, row_prebuilt_t, ins_mode_t) (row0mysql.cc:1395)
==430082== by 0x111F5A3: ha_innobase::write_row(unsigned char const*) (ha_innodb.cc:8171)
==430082== by 0xD0ACD9: handler::ha_write_row(unsigned char const*) (handler.cc:6860)

Attachments

Activity

People

Assignee:: Sergei Petrunia

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2023-10-25 10:37

Updated:: 2024-09-10 15:34

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.