Details
-
Bug
-
Status: Open (View Workflow)
-
Critical
-
Resolution: Unresolved
-
12.3
-
Can result in hang or crash
-
Q3/2026 Server Maintenance
Description
Failure in MSAN build
--source include/have_innodb.inc
|
--source include/have_partition.inc
|
CREATE TABLE t2 (c1 SMALLINT,c2 TINYINT UNSIGNED,c3 INT AS(c1) VIRTUAL) ENGINE=InnoDB PARTITION BY HASH(c2) PARTITIONS 565; |
SET GLOBAL innodb_adaptive_hash_index=1; |
ALTER TABLE t2 CHANGE c1 c1_renamed INT FIRST; |
|
CS 12.3.2 66b3c6784689fbb65110a5b21efcb815a8bcde24 (Debug, MSAN, Clang 20.1.8-20250708) Build 03/06/2026 |
|
|
==2460374==WARNING: MemorySanitizer: use-of-uninitialized-value
|
2026-06-04 11:43:18 0 [Note] InnoDB: FTS optimize thread exiting.
|
#0 0x555557f266f1 in btr_sea::hash_table::lock_get(btr_sea::hash_chain&) /test/12.3/storage/innobase/include/btr0sea.h:211:7
|
#1 0x555557f266f1 in btr_sea::partition::cleanup_after_erase(ahi_node*, page_hash_latch*) /test/12.3/storage/innobase/btr/btr0sea.cc:874:32
|
#2 0x555557f38240 in btr_sea::partition::erase_status btr_sea::partition::erase<false>(btr_sea::hash_chain&, unsigned char const*) /test/12.3/storage/innobase/btr/btr0sea.cc:945:14
|
#3 0x555557f2e2c0 in btr_search_update_hash_on_delete(btr_cur_t*) /test/12.3/storage/innobase/btr/btr0sea.cc:1814:12
|
#4 0x555557f053db in btr_cur_pessimistic_delete(dberr_t*, unsigned long, btr_cur_t*, unsigned long, bool, mtr_t*) /test/12.3/storage/innobase/btr/btr0cur.cc:4619:4
|
#5 0x555557d43408 in row_purge_remove_clust_if_poss_low(purge_node_t*, btr_latch_mode) /test/12.3/storage/innobase/row/row0purge.cc:231:3
|
#6 0x555557d36091 in row_purge_remove_clust_if_poss(purge_node_t*) /test/12.3/storage/innobase/row/row0purge.cc:271:7
|
#7 0x555557d36091 in row_purge_del_mark(purge_node_t*) /test/12.3/storage/innobase/row/row0purge.cc:1021:16
|
#8 0x555557d36091 in row_purge_record(purge_node_t*, unsigned char const*, que_thr_t const*, bool) /test/12.3/storage/innobase/row/row0purge.cc:1430:12
|
#9 0x555557d36091 in row_purge(purge_node_t*, unsigned char const*, que_thr_t*) /test/12.3/storage/innobase/row/row0purge.cc:1481:18
|
#10 0x555557d36091 in row_purge_step(que_thr_t*) /test/12.3/storage/innobase/row/row0purge.cc:1544:3
|
#11 0x555557c0511a in que_thr_step(que_thr_t*) /test/12.3/storage/innobase/que/que0que.cc:553:9
|
#12 0x555557c0511a in que_run_threads_low(que_thr_t*) /test/12.3/storage/innobase/que/que0que.cc:609:25
|
#13 0x555557c0511a in que_run_threads(que_thr_t*) /test/12.3/storage/innobase/que/que0que.cc:629:2
|
#14 0x555557ded5ba in srv_task_execute(THD*) /test/12.3/storage/innobase/srv/srv0srv.cc:1356:3
|
#15 0x555557ded5ba in srv_purge_worker_task_low /test/12.3/storage/innobase/srv/srv0srv.cc:1488:10
|
#16 0x555557deb005 in purge_worker_callback(void*) /test/12.3/storage/innobase/srv/srv0srv.cc:1502:3
|
#17 0x5555581e59c6 in tpool::task_group::execute(tpool::task*) /test/12.3/tpool/task_group.cc:73:9
|
#18 0x5555581dce92 in tpool::thread_pool_generic::worker_main(tpool::worker_data*) /test/12.3/tpool/tpool_generic.cc:531:11
|
#19 0x5555581e391e in decltype(*std::declval<tpool::thread_pool_generic*>().*std::declval<void (tpool::thread_pool_generic::*)(tpool::worker_data*)>()(std::declval<tpool::worker_data*>())) std::__1::__invoke[abi:ne200100]<void (tpool::thread_pool_generic::*)(tpool::worker_data*), tpool::thread_pool_generic*, tpool::worker_data*, void>(void (tpool::thread_pool_generic::*&&)(tpool::worker_data*), tpool::thread_pool_generic*&&, tpool::worker_data*&&) /usr/lib/llvm-20/bin/../include/c++/v1/__type_traits/invoke.h:147:25
|
#20 0x5555581e391e in void std::__1::__thread_execute[abi:ne200100]<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void (tpool::thread_pool_generic::*)(tpool::worker_data*), tpool::thread_pool_generic*, tpool::worker_data*, 2ul, 3ul>(std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void (tpool::thread_pool_generic::*)(tpool::worker_data*), tpool::thread_pool_generic*, tpool::worker_data*>&, std::__1::__tuple_indices<2ul, 3ul>) /usr/lib/llvm-20/bin/../include/c++/v1/__thread/thread.h:199:3
|
#21 0x5555581e391e in void* std::__1::__thread_proxy[abi:ne200100]<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void (tpool::thread_pool_generic::*)(tpool::worker_data*), tpool::thread_pool_generic*, tpool::worker_data*>>(void*) /usr/lib/llvm-20/bin/../include/c++/v1/__thread/thread.h:208:3
|
#22 0x7fffe669caa3 in start_thread nptl/pthread_create.c:447:8
|
#23 0x7fffe6729c6b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
|
Uninitialized value was stored to memory at
|
#0 0x555557f266ea in btr_sea::hash_table::cell_get(unsigned long) const /test/12.3/storage/innobase/include/btr0sea.h:218:14
|
#1 0x555557f266ea in btr_sea::partition::cleanup_after_erase(ahi_node*, page_hash_latch*) /test/12.3/storage/innobase/btr/btr0sea.cc:873:32
|
|
|
Memory was marked as uninitialized
|
#0 0x555555ecec7d in __msan_allocated_memory (/test/MSAN_MD030626-mariadb-12.3.2-linux-x86_64-dbg/bin/mariadbd+0x97ac7d) (BuildId: f3b9920826568bb57c9d09893df6cf12338c1873)
|
#1 0x555557f25054 in btr_sea::partition::insert(unsigned int, unsigned char const*, buf_block_t*) /test/12.3/storage/innobase/btr/btr0sea.cc:531:7
|
|
|
SUMMARY: MemorySanitizer: use-of-uninitialized-value /test/12.3/storage/innobase/include/btr0sea.h:211:7 in btr_sea::hash_table::lock_get(btr_sea::hash_chain&)
|
|
Bug Signature |
MSAN|use-of-uninitialized-value|include/btr0sea.h|btr_sea::hash_table::lock_get|btr_sea::partition::cleanup_after_erase|btr_sea::partition::erase_status|btr_search_update_hash_on_delete
|