Details
-
Bug
-
Status: In Review (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.5, 10.6
-
None
-
clang-20 / CMAKE_BUILD_TYPE=Debug
Description
clang-19/20 showing the following msan error on bootstrap in mtr tests:
2025-03-18 6:33:53 0 [Note] InnoDB: Setting file './ibdata1' size to 12 MB. Physically writing the file full; Please wait ...
|
2025-03-18 6:33:53 0 [Note] InnoDB: File './ibdata1' size is now 12 MB.
|
2025-03-18 6:33:53 0 [Note] InnoDB: Renaming log file ./ib_logfile101 to ./ib_logfile0
|
2025-03-18 6:33:53 0 [Note] InnoDB: New log file created, LSN=10317
|
2025-03-18 6:33:53 0 [Note] InnoDB: Doublewrite buffer not found: creating new
|
2025-03-18 6:33:53 0 [Note] InnoDB: Doublewrite buffer created
|
2025-03-18 6:33:53 0 [Note] InnoDB: 128 rollback segments are active.
|
2025-03-18 6:33:53 0 [Note] InnoDB: Creating foreign key constraint system tables.
|
==8976==WARNING: MemorySanitizer: use-of-uninitialized-value
|
#0 0x55b3f5a61244 in mach_read_from_2(unsigned char const*) /source/storage/innobase/include/mach0data.inl:88:2
|
#1 0x55b3f5a6ce28 in rec_set_bit_field_2(unsigned char*, unsigned long, unsigned long, unsigned long, unsigned long) /source/storage/innobase/include/rem0rec.inl:202:5
|
#2 0x55b3f5a70639 in rec_set_n_fields_old(unsigned char*, unsigned long) /source/storage/innobase/include/rem0rec.inl:412:2
|
#3 0x55b3f5a1b972 in rec_convert_dtuple_to_rec_old(unsigned char*, dtuple_t const*, unsigned long) /source/storage/innobase/rem/rem0rec.cc:1377:2
|
#4 0x55b3f5a193d2 in rec_convert_dtuple_to_rec(unsigned char*, dict_index_t const*, dtuple_t const*, unsigned long) /source/storage/innobase/rem/rem0rec.cc:1741:9
|
#5 0x55b3f64bcdc7 in page_cur_tuple_insert(page_cur_t*, dtuple_t const*, dict_index_t*, unsigned short**, mem_block_info_t**, unsigned long, mtr_t*) /source/storage/innobase/include/page0cur.inl:272:8
|
#6 0x55b3f64b1d80 in btr_cur_optimistic_insert(unsigned long, btr_cur_t*, unsigned short**, mem_block_info_t**, dtuple_t*, unsigned char**, big_rec_t**, unsigned long, que_thr_t*, mtr_t*) /source/storage/innobase/btr/btr0cur.cc:3526:10
|
#7 0x55b3f5b7d2b5 in row_ins_clust_index_entry_low(unsigned long, unsigned long, dict_index_t*, unsigned long, dtuple_t*, unsigned long, que_thr_t*) /source/storage/innobase/row/row0ins.cc:2796:10
|
#8 0x55b3f5b972bb in row_ins_clust_index_entry(dict_index_t*, dtuple_t*, que_thr_t*, unsigned long) /source/storage/innobase/row/row0ins.cc:3276:8
|
#9 0x55b3f5bd5ea4 in row_ins_index_entry(dict_index_t*, dtuple_t*, que_thr_t*) /source/storage/innobase/row/row0ins.cc:3402:10
|
#10 0x55b3f5bd0105 in row_ins_index_entry_step(ins_node_t*, que_thr_t*) /source/storage/innobase/row/row0ins.cc:3568:8
|
#11 0x55b3f5ba0454 in row_ins(ins_node_t*, que_thr_t*) /source/storage/innobase/row/row0ins.cc:3705:18
|
#12 0x55b3f5b9ea5a in row_ins_step(que_thr_t*) /source/storage/innobase/row/row0ins.cc:3848:8
|
#13 0x55b3f5990062 in que_thr_step(que_thr_t*) /source/storage/innobase/que/que0que.cc:844:9
|
#14 0x55b3f598b085 in que_run_threads_low(que_thr_t*) /source/storage/innobase/que/que0que.cc:927:14
|
#15 0x55b3f598a544 in que_run_threads(que_thr_t*) /source/storage/innobase/que/que0que.cc:967:2
|
#16 0x55b3f598cba8 in que_eval_sql(pars_info_t*, char const*, bool, trx_t*) /source/storage/innobase/que/que0que.cc:1044:2
|
#17 0x55b3f680ffe3 in dict_create_or_check_foreign_constraint_tables() /source/storage/innobase/dict/dict0crea.cc:1471:8
|
#18 0x55b3f6020759 in srv_start(bool) /source/storage/innobase/srv/srv0start.cc:1911:8
|
#19 0x55b3f5051812 in innodb_init(void*) /source/storage/innobase/handler/ha_innodb.cc:4070:8
|
#20 0x55b3f2cfd58c in ha_initialize_handlerton(void*) /source/sql/handler.cc:648:37
|
#21 0x55b3f11d4e72 in plugin_do_initialize(st_plugin_int*, unsigned int&) /source/sql/sql_plugin.cc:1452:18
|
#22 0x55b3f11d2948 in plugin_initialize(st_mem_root*, st_plugin_int*, int*, char**, bool) /source/sql/sql_plugin.cc:1506:10
|
#23 0x55b3f11cf22e in plugin_init(int*, char**, int) /source/sql/sql_plugin.cc:1761:18
|
#24 0x55b3f06929fb in init_server_components() /source/sql/mysqld.cc:4954:7
|
#25 0x55b3f067e1cd in mysqld_main(int, char**) /source/sql/mysqld.cc:5562:7
|
#26 0x55b3f06693cb in main /source/sql/main.cc:25:10
|
#27 0x7f7cc56f0249 (/lib/x86_64-linux-gnu/libc.so.6+0x27249) (BuildId: c047672cae7964324658491e7dee26748ae5d2f8)
|
#28 0x7f7cc56f0304 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x27304) (BuildId: c047672cae7964324658491e7dee26748ae5d2f8)
|
#29 0x55b3f05cddf0 in _start (/build/sql/mariadbd+0x83cdf0) (BuildId: 37bb3d53c27f7e246ce11e0b2d4fcbf2d73c74f7)
|
|
|
Memory was marked as uninitialized
|
#0 0x55b3f060b1fd in __msan_allocated_memory (/build/sql/mariadbd+0x87a1fd) (BuildId: 37bb3d53c27f7e246ce11e0b2d4fcbf2d73c74f7)
|
#1 0x55b3f6534609 in mem_heap_alloc(mem_block_info_t*, unsigned long) /source/storage/innobase/include/mem0mem.inl:206:2
|
#2 0x55b3f64bcc96 in page_cur_tuple_insert(page_cur_t*, dtuple_t const*, dict_index_t*, unsigned short**, mem_block_info_t**, unsigned long, mtr_t*) /source/storage/innobase/include/page0cur.inl:272:42
|
#3 0x55b3f64b1d80 in btr_cur_optimistic_insert(unsigned long, btr_cur_t*, unsigned short**, mem_block_info_t**, dtuple_t*, unsigned char**, big_rec_t**, unsigned long, que_thr_t*, mtr_t*) /source/storage/innobase/btr/btr0cur.cc:3526:10
|
#4 0x55b3f5b7d2b5 in row_ins_clust_index_entry_low(unsigned long, unsigned long, dict_index_t*, unsigned long, dtuple_t*, unsigned long, que_thr_t*) /source/storage/innobase/row/row0ins.cc:2796:10
|
#5 0x55b3f5b972bb in row_ins_clust_index_entry(dict_index_t*, dtuple_t*, que_thr_t*, unsigned long) /source/storage/innobase/row/row0ins.cc:3276:8
|
#6 0x55b3f5bd5ea4 in row_ins_index_entry(dict_index_t*, dtuple_t*, que_thr_t*) /source/storage/innobase/row/row0ins.cc:3402:10
|
#7 0x55b3f5bd0105 in row_ins_index_entry_step(ins_node_t*, que_thr_t*) /source/storage/innobase/row/row0ins.cc:3568:8
|
#8 0x55b3f5ba0454 in row_ins(ins_node_t*, que_thr_t*) /source/storage/innobase/row/row0ins.cc:3705:18
|
#9 0x55b3f5b9ea5a in row_ins_step(que_thr_t*) /source/storage/innobase/row/row0ins.cc:3848:8
|
#10 0x55b3f5990062 in que_thr_step(que_thr_t*) /source/storage/innobase/que/que0que.cc:844:9
|
#11 0x55b3f598b085 in que_run_threads_low(que_thr_t*) /source/storage/innobase/que/que0que.cc:927:14
|
#12 0x55b3f598a544 in que_run_threads(que_thr_t*) /source/storage/innobase/que/que0que.cc:967:2
|
#13 0x55b3f598cba8 in que_eval_sql(pars_info_t*, char const*, bool, trx_t*) /source/storage/innobase/que/que0que.cc:1044:2
|
#14 0x55b3f680ffe3 in dict_create_or_check_foreign_constraint_tables() /source/storage/innobase/dict/dict0crea.cc:1471:8
|
#15 0x55b3f6020759 in srv_start(bool) /source/storage/innobase/srv/srv0start.cc:1911:8
|
#16 0x55b3f5051812 in innodb_init(void*) /source/storage/innobase/handler/ha_innodb.cc:4070:8
|
#17 0x55b3f2cfd58c in ha_initialize_handlerton(void*) /source/sql/handler.cc:648:37
|
#18 0x55b3f11d4e72 in plugin_do_initialize(st_plugin_int*, unsigned int&) /source/sql/sql_plugin.cc:1452:18
|
#19 0x55b3f11d2948 in plugin_initialize(st_mem_root*, st_plugin_int*, int*, char**, bool) /source/sql/sql_plugin.cc:1506:10
|
|
|
SUMMARY: MemorySanitizer: use-of-uninitialized-value /source/storage/innobase/include/mach0data.inl:88:2 in mach_read_from_2(unsigned char const*)
|
Exiting
|
Attachments
Issue Links
- blocks
-
MDBF-793 Retire MSAN clang-15 builder, upgrade to clang-19
-
- Stalled
-
Activity
further on error is just overrunning the stack - the call function triggers the MSAN:
(rr) disassemble
|
Dump of assembler code for function _Z10MYSQLparseP3THD:
|
0x000055d302ff0680 <+0>: push %rbp
|
0x000055d302ff0681 <+1>: mov %rsp,%rbp
|
0x000055d302ff0684 <+4>: push %r15
|
0x000055d302ff0686 <+6>: push %r14
|
0x000055d302ff0688 <+8>: push %r13
|
0x000055d302ff068a <+10>: push %r12
|
0x000055d302ff068c <+12>: push %rbx
|
0x000055d302ff068d <+13>: sub $0x3cee8,%rsp
|
0x000055d302ff0694 <+20>: mov %rdi,-0x4380(%rbp)
|
0x000055d302ff069b <+27>: lea -0x2c(%rbp),%rdi
|
0x000055d302ff069f <+31>: movabs $0x500000000000,%rax
|
0x000055d302ff06a9 <+41>: xor %rax,%rdi
|
0x000055d302ff06ac <+44>: mov $0xff,%esi
|
0x000055d302ff06b1 <+49>: mov $0x4,%edx
|
=> 0x000055d302ff06b6 <+54>: call 0x55d300f11f99 <memset>
|
Passes with more stack:
$ MSAN_OPTIONS=abort_on_error=1:poison_in_dtor=1 mysql-test/mtr --mysqld=--thread-stack=$(( 1024 * 1024 )) main.select
|
Logging: /source/mysql-test/mysql-test-run.pl --mysqld=--thread-stack=1048576 main.select
|
VS config:
|
vardir: /build/mysql-test/var
|
Checking leftover processes...
|
Removing old var directory...
|
Creating var directory '/build/mysql-test/var'...
|
Checking supported features...
|
MariaDB Version 10.5.29-MariaDB-debug
|
- SSL connections supported
|
- binaries are debug compiled
|
- binaries built with wsrep patch
|
Collecting tests...
|
Installing system database...
|
|
|
==============================================================================
|
|
|
TEST RESULT TIME (ms) or COMMENT
|
--------------------------------------------------------------------------
|
|
|
worker[01] Using MTR_BUILD_THREAD 300, with reserved ports 19000..19029
|
main.select [ pass ] 91927
|
--------------------------------------------------------------------------
|
diff --git a/storage/innobase/include/rem0rec.inl b/storage/innobase/include/rem0rec.inl
|
index 30c72a7415a..e6d84aa2cd2 100644
|
--- a/storage/innobase/include/rem0rec.inl
|
+++ b/storage/innobase/include/rem0rec.inl
|
@@ -156,6 +156,9 @@ rec_set_bit_field_1(
|
ut_ad(((mask >> shift) << shift) == mask);
|
ut_ad(((val << shift) & mask) == (val << shift));
|
|
+#ifndef DBUG_OFF
|
+ MEM_MAKE_DEFINED(rec - offs, 1);
|
+#endif
|
mach_write_to_1(rec - offs,
|
(mach_read_from_1(rec - offs) & ~mask)
|
| (val << shift));
|
@@ -198,6 +201,9 @@ rec_set_bit_field_2(
|
ut_ad(((mask >> shift) << shift) == mask);
|
ut_ad(((val << shift) & mask) == (val << shift));
|
|
+#ifndef DBUG_OFF
|
+ MEM_MAKE_DEFINED(rec - offs, 2);
|
+#endif
|
mach_write_to_2(rec - offs,
|
(mach_read_from_2(rec - offs) & ~mask)
|
| (val << shift));
|
page0cur.inl:272
rec = rec_convert_dtuple_to_rec((byte*) mem_heap_alloc(*heap, size), > C-style pointer castingindex, tuple, n_ext);Discrepancy between mem_heap_alloc and use in rec_convert_dtuple_to_rec.
201 mach_write_to_2(rec - offs,202 (mach_read_from_2(rec - offs) & ~mask)203 | (val << shift));204 }205(rr) s202 (mach_read_from_2(rec - offs) & ~mask)(rr) smach_read_from_2 (b=0x71100001dbac "") at /source/storage/innobase/include/mach0data.inl:8888 return(uint16_t(uint16_t(b[0]) << 8 | b[1]));(rr) sThread 1 hit Breakpoint 1, 0x00005592d746f6f4 in __msan_warning_with_origin_noreturn ()A read of an undefined memory (mem_heap_alloc didn't init) and then or-ed to a value is undefined.
diff --git a/storage/innobase/include/page0cur.inl b/storage/innobase/include/page0cur.inlindex 828be6840d2..8375335cf51 100644--- a/storage/innobase/include/page0cur.inl+++ b/storage/innobase/include/page0cur.inl@@ -269,7 +269,7 @@ page_cur_tuple_insert(* sizeof **offsets);}- rec = rec_convert_dtuple_to_rec((byte*) mem_heap_alloc(*heap, size),+ rec = rec_convert_dtuple_to_rec((byte*) mem_heap_zalloc(*heap, size),index, tuple, n_ext);*offsets = rec_get_offsets(rec, index, *offsets,Resolve bootstrap and fails further on:
mysqltest: Start processing test commands from './include/check-testcase.test' ...mysqltest: At line 91: query 'select count(*) from mysql.proc' failed: 2013: Lost connection to MySQL server during query#1 0x000055d301a9563a in parse_sql (thd=0x72b00001c088, parser_state=0x7fe976519f00, creation_ctx=0x0, do_pfs_digest=false) at /source/sql/sql_parse.cc:1068410684 MYSQLparse(thd)) != 0;(rr) list10679 /* Parse the query. */1068010681 bool mysql_parse_status=10682 ((thd->variables.sql_mode & MODE_ORACLE) ?10683 ORAparse(thd) :10684 MYSQLparse(thd)) != 0;1068510686 if (mysql_parse_status)10687 {10688 /*(rr) p thd$1 = (THD *) 0x72b00001c088(rr) p/x *(char*)0x22b00001c088$2 = 0x0(rr) p/x *(char*)0x22b00001c088@10$3 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}#0 0x000055d302ff06b6 in MYSQLparse (thd=0x70e00002a268) at /build/sql/yy_mariadb.cc:28747#1 0x000055d301a9563a in parse_sql (thd=0x72b00001c088, parser_state=0x7fe976519f00, creation_ctx=0x0, do_pfs_digest=false) at /source/sql/sql_parse.cc:10684#2 0x000055d30248f8b2 in unpack_vcol_info_from_frm (thd=0x72b00001c088, table=0x719000030288, expr_str=0x7fe97651ba78, vcol_ptr=0x71200004d0e8,error_reported=0x7fe97651d73f) at /source/sql/table.cc:3812#3 0x000055d30248d0f6 in parse_vcol_defs (thd=0x72b00001c088, mem_root=0x719000030588, table=0x719000030288, error_reported=0x7fe97651d73f,mode=VCOL_INIT_DEPENDENCY_FAILURE_IS_WARNING) at /source/sql/table.cc:1314#4 0x000055d3024ba625 in open_table_from_share (thd=0x72b00001c088, share=0x71b00002f4a0, alias=0x71c0000100e8, db_stat=33, prgflag=8, ha_open_flags=16,outparam=0x719000030288, is_create_table=false, partitions_to_open=0x0) at /source/sql/table.cc:4216#5 0x000055d3014b2eae in open_table (thd=0x72b00001c088, table_list=0x71c0000100a0, ot_ctx=0x7fe976520958) at /source/sql/sql_base.cc:2044#6 0x000055d3014d4d88 in open_and_process_table (thd=0x72b00001c088, tables=0x71c0000100a0, counter=0x7fe976520c84, flags=0,prelocking_strategy=0x7fe976520d80, has_prelocking_list=false, ot_ctx=0x7fe976520958) at /source/sql/sql_base.cc:3839#7 0x000055d3014cb32c in open_tables (thd=0x72b00001c088, options=..., start=0x7fe976520c98, counter=0x7fe976520c84, flags=0,prelocking_strategy=0x7fe976520d80) at /source/sql/sql_base.cc:4323#8 0x000055d3014ea7a8 in open_and_lock_tables (thd=0x72b00001c088, options=..., tables=0x71c0000100a0, derived=true, flags=0,prelocking_strategy=0x7fe976520d80) at /source/sql/sql_base.cc:5270#9 0x000055d301270644 in open_and_lock_tables (thd=0x72b00001c088, tables=0x71c0000100a0, derived=true, flags=0) at /source/sql/sql_base.h:509#10 0x000055d301a6ceeb in execute_sqlcom_select (thd=0x72b00001c088, all_tables=0x71c0000100a0) at /source/sql/sql_parse.cc:6373#11 0x000055d301a2a713 in mysql_execute_command (thd=0x72b00001c088) at /source/sql/sql_parse.cc:4043#12 0x000055d3019f2027 in mysql_parse (thd=0x72b00001c088, rawbuf=0x711000014320 "select count(*) from mysql.proc", length=31, parser_state=0x7fe97652e868,is_com_multi=false, is_next_command=false) at /source/sql/sql_parse.cc:8252#13 0x000055d3019ddbbc in dispatch_command (command=COM_QUERY, thd=0x72b00001c088, packet=0x729000069089 "select count(*) from mysql.proc", packet_length=31,is_com_multi=false, is_next_command=false) at /source/sql/sql_parse.cc:1891#14 0x000055d3019f688c in do_command (thd=0x72b00001c088) at /source/sql/sql_parse.cc:1375#15 0x000055d302785ac2 in do_handle_one_connection (connect=0x70e00001e708, put_in_cache=true) at /source/sql/sql_connect.cc:1386#16 0x000055d3027843ce in handle_one_connection (arg=0x70e00001e708) at /source/sql/sql_connect.cc:1298#17 0x000055d3051c6fc9 in pfs_spawn_thread (arg=0x715000005d08) at /source/storage/perfschema/pfs.cc:2201