Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-37839

UBSAN: float-cast-overflow in page_cleaner_flush_pages_recommendation

    XMLWordPrintable

Details

    Description

      CREATE TABLE t (c INT,c2 INT) PARTITION BY KEY(c) PARTITIONS 10;
      SET GLOBAL innodb_io_capacity=18446744073709551615;
      SET GLOBAL innodb_max_dirty_pages_pct=1;
      

      Leads to:

      CS 10.6.24 d891d23ec33fb8432b7cd9bf90b8a5b41fdbab42 (Debug, UBASAN, Clang 18.1.3-11) Build 29/09/2025

      /test/10.6_dbg_san/storage/innobase/buf/buf0flu.cc:2225:19: runtime error: 2.07523e+19 is outside the range of representable values of type 'unsigned long'
          #0 0x5e074c09919b in page_cleaner_flush_pages_recommendation(unsigned long, unsigned long, double, unsigned long, double) /test/10.6_dbg_san/storage/innobase/buf/buf0flu.cc:2225:19
          #1 0x5e074c09919b in buf_flush_page_cleaner() /test/10.6_dbg_san/storage/innobase/buf/buf0flu.cc:2542:18
          #2 0x79bb73eecdb3 in execute_native_thread_routine /build/gcc-14-ig5ci0/gcc-14-14.2.0/build/x86_64-linux-gnu/libstdc++-v3/src/c++11/../../../../../src/libstdc++-v3/src/c++11/thread.cc:104:18
          #3 0x5e0749c5547c in asan_thread_start(void*) crtstuff.c
          #4 0x79bb73a9caa3 in start_thread nptl/pthread_create.c:447:8
          #5 0x79bb73b29c6b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
       
      SUMMARY: UndefinedBehaviorSanitizer: float-cast-overflow /test/10.6_dbg_san/storage/innobase/buf/buf0flu.cc:2225:19 
      

      Setup:

      Compiled with a recent version of Clang and LLVM. Ubuntu instructions for Clang/LLVM 18:
        # Note: It is strongly recommended to uninstall all old Clang & LLVM packages (ref  dpkg --list | grep -iE 'clang|llvm'  and use  apt purge  and  dpkg --purge  to remove the packages), before installing Clang/LLVM 18
           sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev lld-18
      Compiled with: "-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DCMAKE_C{,XX}_FLAGS='-march=native -mtune=native'" and:
          -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON
      Set before execution:
          export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1   # And you may also want to supress UBSAN startup issues using 'suppressions=UBSAN.filter' in UBSAN_OPTIONS. For an example of UBSAN.filter, which includes current startup issues see: https://github.com/mariadb-corporation/mariadb-qa/blob/master/UBSAN.filter
      

      SAN Bug Detection Matrix

          Rel    o/d  Build   Commit                                    UniqueID observed             
      CS  10.6   dbg  290925  d891d23ec33fb8432b7cd9bf90b8a5b41fdbab42  UBSAN|X is outside the range of representable values of type 'unsigned long'|storage/innobase/buf/buf0flu.cc|page_cleaner_flush_pages_recommendation|buf_flush_page_cleaner|execute_native_thread_routine|asan_thread_start
      CS  10.6   opt  290925  d891d23ec33fb8432b7cd9bf90b8a5b41fdbab42  UBSAN|X is outside the range of representable values of type 'unsigned long'|storage/innobase/buf/buf0flu.cc|page_cleaner_flush_pages_recommendation|buf_flush_page_cleaner|execute_native_thread_routine|asan_thread_start
      CS  10.11  dbg  081025  63620ca6d88af5e3e758d768e7818ca1865736e6  No bug found                  
      CS  10.11  opt  081025  63620ca6d88af5e3e758d768e7818ca1865736e6  No bug found                  
      CS  11.4   dbg  290925  62c70a8ae9f12edca3633c2d415e90e26fe694e8  No bug found                  
      CS  11.4   opt  290925  62c70a8ae9f12edca3633c2d415e90e26fe694e8  No bug found                  
      CS  11.8   dbg  290925  d203a8a5df95e2c5778a304a885fb7aedfbc095e  No bug found                  
      CS  11.8   opt  290925  d203a8a5df95e2c5778a304a885fb7aedfbc095e  No bug found                  
      CS  12.1   dbg  290925  667c5e0b002a24bc595d60955950200a588f4fb7  No bug found                  
      CS  12.1   opt  290925  667c5e0b002a24bc595d60955950200a588f4fb7  No bug found                  
      CS  12.2   dbg  290925  b8a77289639a3b10ada64cf892f02b5cecdb1603  No bug found                  
      CS  12.2   opt  290925  b8a77289639a3b10ada64cf892f02b5cecdb1603  No bug found                  
      ES  10.6   dbg  290925  ed866636069dda51daa8570497926ae43af8aa24  UBSAN|X is outside the range of representable values of type 'unsigned long'|storage/innobase/buf/buf0flu.cc|page_cleaner_flush_pages_recommendation|buf_flush_page_cleaner|execute_native_thread_routine|asan_thread_start
      ES  10.6   opt  290925  ed866636069dda51daa8570497926ae43af8aa24  UBSAN|X is outside the range of representable values of type 'unsigned long'|storage/innobase/buf/buf0flu.cc|page_cleaner_flush_pages_recommendation|buf_flush_page_cleaner|execute_native_thread_routine|asan_thread_start
      ES  11.4   dbg  290925  9dbe002d95a46a7a92aaedd2a23c1c1cbcf8340c  No bug found                  
      ES  11.4   opt  290925  9dbe002d95a46a7a92aaedd2a23c1c1cbcf8340c  No bug found                  
      ES  11.8   dbg  290925  543157202acd67ac9b0bb50e0b35bf7790e5467d  No bug found                  
      ES  11.8   opt  290925  543157202acd67ac9b0bb50e0b35bf7790e5467d  No bug found                  
      

      Attachments

        Issue Links

          Activity

            People

              marko Marko Mäkelä
              saahil Saahil Alam
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.