[MDEV-19303] Valgrind warnings about uninitialised values in dtuple_validate or mi_rrnd or ma_rrnd upon UPDATE/DELETE .. ORDER BY from sequence Created: 2019-04-22  Updated: 2023-11-28

Status: Open
Project: MariaDB Server
Component/s: Sequences
Affects Version/s: 10.3, 10.4, 10.5, 10.6, 10.9, 10.10, 10.11, 11.0, 11.1
Fix Version/s: 10.4, 10.5, 10.6, 10.11, 11.0, 11.1

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Oleksandr Byelkin
Resolution: Unresolved Votes: 0
Labels: valgrind
Environment:

gcc (Debian 4.9.2-10) 4.9.2 valgrind-3.12.0.SVN

Issue Links:
Relates
relates to MDEV-19320 Sequence gets corrupted and produces ... Closed

 Description   

Remember to run with --valgrind.

CREATE SEQUENCE s ENGINE=MyISAM;
 
DELETE IGNORE FROM s ORDER BY cache_size;
 
 
 
# Cleanup
 
DROP SEQUENCE s;

10.3 765ae6e8

 
==25702== Thread 6:
 
==25702== Conditional jump or move depends on uninitialised value(s)
 
==25702==    at 0x123E5F4: mi_rrnd (mi_rrnd.c:40)
 
==25702==    by 0x1201E01: ha_myisam::rnd_pos(unsigned char*, unsigned char*) (ha_myisam.cc:1975)
 
==25702==    by 0x128F699: ha_sequence::rnd_pos(unsigned char*, unsigned char*) (ha_sequence.h:121)
 
==25702==    by 0xAD4339: handler::ha_rnd_pos(unsigned char*, unsigned char*) (handler.cc:2846)
 
==25702==    by 0xC5A42E: rr_from_pointers(READ_RECORD*) (records.cc:547)
 
==25702==    by 0x728E64: READ_RECORD::read_record() (records.h:73)
 
==25702==    by 0xC7870D: mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) (sql_delete.cc:730)
 
==25702==    by 0x7C8591: mysql_execute_command(THD*) (sql_parse.cc:4927)
 
==25702==    by 0x7D273E: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:8091)
 
==25702==    by 0x7BF8C5: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1857)
 
==25702==    by 0x7BE2AF: do_command(THD*) (sql_parse.cc:1403)
 
==25702==    by 0x92CBF0: do_handle_one_connection(CONNECT*) (sql_connect.cc:1402)
 
==25702==    by 0x92C974: handle_one_connection (sql_connect.cc:1308)
 
==25702==    by 0xD2438E: pfs_spawn_thread (pfs.cc:1862)
 
==25702==    by 0x4E3F493: start_thread (pthread_create.c:333)
 
==25702==    by 0x6EB893E: clone (clone.S:97)
 
==25702== Conditional jump or move depends on uninitialised value(s)
 
==25702==    at 0x1245367: _mi_read_rnd_static_record (mi_statrec.c:250)
 
==25702==    by 0x123E6DE: mi_rrnd (mi_rrnd.c:59)
 
==25702==    by 0x1201E01: ha_myisam::rnd_pos(unsigned char*, unsigned char*) (ha_myisam.cc:1975)
 
==25702==    by 0x128F699: ha_sequence::rnd_pos(unsigned char*, unsigned char*) (ha_sequence.h:121)
 
==25702==    by 0xAD4339: handler::ha_rnd_pos(unsigned char*, unsigned char*) (handler.cc:2846)
 
==25702==    by 0xC5A42E: rr_from_pointers(READ_RECORD*) (records.cc:547)
 
==25702==    by 0x728E64: READ_RECORD::read_record() (records.h:73)
 
==25702==    by 0xC7870D: mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) (sql_delete.cc:730)
 
==25702==    by 0x7C8591: mysql_execute_command(THD*) (sql_parse.cc:4927)
 
==25702==    by 0x7D273E: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:8091)
 
==25702==    by 0x7BF8C5: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1857)
 
==25702==    by 0x7BE2AF: do_command(THD*) (sql_parse.cc:1403)
 
==25702==    by 0x92CBF0: do_handle_one_connection(CONNECT*) (sql_connect.cc:1402)
 
==25702==    by 0x92C974: handle_one_connection (sql_connect.cc:1308)
 
==25702==    by 0xD2438E: pfs_spawn_thread (pfs.cc:1862)
 
==25702==    by 0x4E3F493: start_thread (pthread_create.c:333)


--source include/have_innodb.inc
 
 
 
CREATE SEQUENCE s ENGINE=InnoDB;
 
DELETE IGNORE FROM s ORDER BY cache_size;
 
 
 
# Cleanup
 
DROP SEQUENCE s;

10.3 765ae6e8

 
==25926== Thread 27:
 
==25926== Uninitialised byte(s) found during client check request
 
==25926==    at 0x1023053: dtuple_validate(dtuple_t const*) (data0data.cc:261)
 
==25926==    by 0xE1E84D: page_cur_search_with_match_bytes(buf_block_t const*, dict_index_t const*, dtuple_t const*, page_cur_mode_t, unsigned long*, unsigned long*, unsigned long*, unsigned long*, page_cur_t*) (page0cur.cc:599)
 
==25926==    by 0xFAFF11: btr_cur_search_to_nth_level_func(dict_index_t*, unsigned long, dtuple_t const*, page_cur_mode_t, unsigned long, btr_cur_t*, rw_lock_t*, char const*, unsigned int, mtr_t*, unsigned long) (btr0cur.cc:1841)
 
==25926==    by 0xEDC446: btr_pcur_open_with_no_init_func(dict_index_t*, dtuple_t const*, page_cur_mode_t, unsigned long, btr_pcur_t*, rw_lock_t*, char const*, unsigned int, mtr_t*) (btr0pcur.ic:527)
 
==25926==    by 0xEE842D: row_search_mvcc(unsigned char*, page_cur_mode_t, row_prebuilt_t*, unsigned long, unsigned long) (row0sel.cc:4602)
 
==25926==    by 0xD48B82: ha_innobase::index_read(unsigned char*, unsigned char const*, unsigned int, ha_rkey_function) (ha_innodb.cc:9332)
 
==25926==    by 0xD49CFC: ha_innobase::rnd_pos(unsigned char*, unsigned char*) (ha_innodb.cc:9834)
 
==25926==    by 0x128F699: ha_sequence::rnd_pos(unsigned char*, unsigned char*) (ha_sequence.h:121)
 
==25926==    by 0xAD4339: handler::ha_rnd_pos(unsigned char*, unsigned char*) (handler.cc:2846)
 
==25926==    by 0xC5A42E: rr_from_pointers(READ_RECORD*) (records.cc:547)
 
==25926==    by 0x728E64: READ_RECORD::read_record() (records.h:73)
 
==25926==    by 0xC7870D: mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) (sql_delete.cc:730)
 
==25926==    by 0x7C8591: mysql_execute_command(THD*) (sql_parse.cc:4927)
 
==25926==    by 0x7D273E: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:8091)
 
==25926==    by 0x7BF8C5: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1857)
 
==25926==    by 0x7BE2AF: do_command(THD*) (sql_parse.cc:1403)
 
==25926==  Address 0x19c1e0d8 is 8 bytes inside a block of size 16 alloc'd
 
==25926==    at 0x4C2BBAF: malloc (vg_replace_malloc.c:299)
 
==25926==    by 0x12C0E31: my_malloc (my_malloc.c:101)
 
==25926==    by 0xAC92C7: save_index(Sort_param*, unsigned int, SORT_INFO*) (filesort.cc:1288)
 
==25926==    by 0xAC62C1: filesort(THD*, TABLE*, Filesort*, Filesort_tracker*, JOIN*, unsigned long long) (filesort.cc:283)
 
==25926==    by 0xC77E30: mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) (sql_delete.cc:636)
 
==25926==    by 0x7C8591: mysql_execute_command(THD*) (sql_parse.cc:4927)
 
==25926==    by 0x7D273E: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:8091)
 
==25926==    by 0x7BF8C5: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1857)
 
==25926==    by 0x7BE2AF: do_command(THD*) (sql_parse.cc:1403)
 
==25926==    by 0x92CBF0: do_handle_one_connection(CONNECT*) (sql_connect.cc:1402)
 
==25926==    by 0x92C974: handle_one_connection (sql_connect.cc:1308)
 
==25926==    by 0xD2438E: pfs_spawn_thread (pfs.cc:1862)
 
==25926==    by 0x4E3F493: start_thread (pthread_create.c:333)
 
==25926==    by 0x6EB893E: clone (clone.S:97)
 
==25926== Conditional jump or move depends on uninitialised value(s)
 
==25926==    at 0xE5657E: cmp_dtuple_rec_with_match_bytes(dtuple_t const*, unsigned char const*, dict_index_t const*, unsigned long const*, unsigned long*, unsigned long*) (rem0cmp.cc:916)
 
==25926==    by 0xE1EEE0: page_cur_search_with_match_bytes(buf_block_t const*, dict_index_t const*, dtuple_t const*, page_cur_mode_t, unsigned long*, unsigned long*, unsigned long*, unsigned long*, page_cur_t*) (page0cur.cc:749)
 
==25926==    by 0xFAFF11: btr_cur_search_to_nth_level_func(dict_index_t*, unsigned long, dtuple_t const*, page_cur_mode_t, unsigned long, btr_cur_t*, rw_lock_t*, char const*, unsigned int, mtr_t*, unsigned long) (btr0cur.cc:1841)
 
==25926==    by 0xEDC446: btr_pcur_open_with_no_init_func(dict_index_t*, dtuple_t const*, page_cur_mode_t, unsigned long, btr_pcur_t*, rw_lock_t*, char const*, unsigned int, mtr_t*) (btr0pcur.ic:527)
 
==25926==    by 0xEE842D: row_search_mvcc(unsigned char*, page_cur_mode_t, row_prebuilt_t*, unsigned long, unsigned long) (row0sel.cc:4602)
 
==25926==    by 0xD48B82: ha_innobase::index_read(unsigned char*, unsigned char const*, unsigned int, ha_rkey_function) (ha_innodb.cc:9332)
 
==25926==    by 0xD49CFC: ha_innobase::rnd_pos(unsigned char*, unsigned char*) (ha_innodb.cc:9834)
 
==25926==    by 0x128F699: ha_sequence::rnd_pos(unsigned char*, unsigned char*) (ha_sequence.h:121)
 
==25926==    by 0xAD4339: handler::ha_rnd_pos(unsigned char*, unsigned char*) (handler.cc:2846)
 
==25926==    by 0xC5A42E: rr_from_pointers(READ_RECORD*) (records.cc:547)
 
==25926==    by 0x728E64: READ_RECORD::read_record() (records.h:73)
 
==25926==    by 0xC7870D: mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) (sql_delete.cc:730)
 
==25926==    by 0x7C8591: mysql_execute_command(THD*) (sql_parse.cc:4927)
 
==25926==    by 0x7D273E: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:8091)
 
==25926==    by 0x7BF8C5: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1857)
 
==25926==    by 0x7BE2AF: do_command(THD*) (sql_parse.cc:1403)
 
==25926== Conditional jump or move depends on uninitialised value(s)
 
==25926==    at 0xE56591: cmp_dtuple_rec_with_match_bytes(dtuple_t const*, unsigned char const*, dict_index_t const*, unsigned long const*, unsigned long*, unsigned long*) (rem0cmp.cc:919)
 
==25926==    by 0xE1EEE0: page_cur_search_with_match_bytes(buf_block_t const*, dict_index_t const*, dtuple_t const*, page_cur_mode_t, unsigned long*, unsigned long*, unsigned long*, unsigned long*, page_cur_t*) (page0cur.cc:749)
 
==25926==    by 0xFAFF11: btr_cur_search_to_nth_level_func(dict_index_t*, unsigned long, dtuple_t const*, page_cur_mode_t, unsigned long, btr_cur_t*, rw_lock_t*, char const*, unsigned int, mtr_t*, unsigned long) (btr0cur.cc:1841)
 
==25926==    by 0xEDC446: btr_pcur_open_with_no_init_func(dict_index_t*, dtuple_t const*, page_cur_mode_t, unsigned long, btr_pcur_t*, rw_lock_t*, char const*, unsigned int, mtr_t*) (btr0pcur.ic:527)
 
==25926==    by 0xEE842D: row_search_mvcc(unsigned char*, page_cur_mode_t, row_prebuilt_t*, unsigned long, unsigned long) (row0sel.cc:4602)
 
==25926==    by 0xD48B82: ha_innobase::index_read(unsigned char*, unsigned char const*, unsigned int, ha_rkey_function) (ha_innodb.cc:9332)
 
==25926==    by 0xD49CFC: ha_innobase::rnd_pos(unsigned char*, unsigned char*) (ha_innodb.cc:9834)
 
==25926==    by 0x128F699: ha_sequence::rnd_pos(unsigned char*, unsigned char*) (ha_sequence.h:121)
 
==25926==    by 0xAD4339: handler::ha_rnd_pos(unsigned char*, unsigned char*) (handler.cc:2846)
 
==25926==    by 0xC5A42E: rr_from_pointers(READ_RECORD*) (records.cc:547)
 
==25926==    by 0x728E64: READ_RECORD::read_record() (records.h:73)
 
==25926==    by 0xC7870D: mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) (sql_delete.cc:730)
 
==25926==    by 0x7C8591: mysql_execute_command(THD*) (sql_parse.cc:4927)
 
==25926==    by 0x7D273E: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:8091)
 
==25926==    by 0x7BF8C5: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1857)
 
==25926==    by 0x7BE2AF: do_command(THD*) (sql_parse.cc:1403)

Aria additionally produces an unexpected error, so it needs to be masked in order to get Valgrind errors:

CREATE SEQUENCE s ENGINE=Aria;
 
--error ER_GET_ERRNO
 
DELETE FROM s ORDER BY cache_size;
 
 
 
# Cleanup
 
 
 
DROP SEQUENCE s;

10.4 d18ef804

 
ERROR HY000: Got error 175 "File too short; Expected more data in file" from storage engine Aria
 
...
 
==5883== Thread 6:
 
==5883== Conditional jump or move depends on uninitialised value(s)
 
==5883==    at 0x126FB91: maria_rrnd (ma_rrnd.c:36)
 
==5883==    by 0x1214E27: ha_maria::rnd_pos(unsigned char*, unsigned char*) (ha_maria.cc:2552)
 
==5883==    by 0x13CC983: ha_sequence::rnd_pos(unsigned char*, unsigned char*) (ha_sequence.h:121)
 
==5883==    by 0xBE3B5F: handler::ha_rnd_pos(unsigned char*, unsigned char*) (handler.cc:2841)
 
==5883==    by 0xD76FE0: rr_from_pointers(READ_RECORD*) (records.cc:547)
 
==5883==    by 0x7EB208: READ_RECORD::read_record() (records.h:73)
 
==5883==    by 0xD958C6: mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) (sql_delete.cc:804)
 
==5883==    by 0x89A778: mysql_execute_command(THD*) (sql_parse.cc:4977)
 
==5883==    by 0x8A58FA: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:8149)
 
==5883==    by 0x890E85: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1828)
 
==5883==    by 0x88F645: do_command(THD*) (sql_parse.cc:1361)
 
==5883==    by 0xA0D0BA: do_handle_one_connection(CONNECT*) (sql_connect.cc:1398)
 
==5883==    by 0xA0CE1E: handle_one_connection (sql_connect.cc:1301)
 
==5883==    by 0x1393800: pfs_spawn_thread (pfs.cc:1862)
 
==5883==    by 0x4E3F4A3: start_thread (pthread_create.c:456)
 
==5883==    by 0x6937D0E: clone (clone.S:97)
 
==5883== Conditional jump or move depends on uninitialised value(s)
 
==5883==    at 0x1271377: _ma_read_static_record (ma_statrec.c:175)
 
==5883==    by 0x126FC42: maria_rrnd (ma_rrnd.c:44)
 
==5883==    by 0x1214E27: ha_maria::rnd_pos(unsigned char*, unsigned char*) (ha_maria.cc:2552)
 
==5883==    by 0x13CC983: ha_sequence::rnd_pos(unsigned char*, unsigned char*) (ha_sequence.h:121)
 
==5883==    by 0xBE3B5F: handler::ha_rnd_pos(unsigned char*, unsigned char*) (handler.cc:2841)
 
==5883==    by 0xD76FE0: rr_from_pointers(READ_RECORD*) (records.cc:547)
 
==5883==    by 0x7EB208: READ_RECORD::read_record() (records.h:73)
 
==5883==    by 0xD958C6: mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) (sql_delete.cc:804)
 
==5883==    by 0x89A778: mysql_execute_command(THD*) (sql_parse.cc:4977)
 
==5883==    by 0x8A58FA: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:8149)
 
==5883==    by 0x890E85: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1828)
 
==5883==    by 0x88F645: do_command(THD*) (sql_parse.cc:1361)
 
==5883==    by 0xA0D0BA: do_handle_one_connection(CONNECT*) (sql_connect.cc:1398)
 
==5883==    by 0xA0CE1E: handle_one_connection (sql_connect.cc:1301)
 
==5883==    by 0x1393800: pfs_spawn_thread (pfs.cc:1862)
 
==5883==    by 0x4E3F4A3: start_thread (pthread_create.c:456)
 
==5883== Syscall param pread64(offset) contains uninitialised byte(s)
 
==5883==    at 0x4E48923: ??? (syscall-template.S:84)
 
==5883==    by 0x1400867: my_pread (my_pread.c:66)
 
==5883==    by 0x11FFFBB: inline_mysql_file_pread (mysql_file.h:1206)
 
==5883==    by 0x12004B1: _ma_nommap_pread (ma_dynrec.c:162)
 
==5883==    by 0x12713F1: _ma_read_static_record (ma_statrec.c:183)
 
==5883==    by 0x126FC42: maria_rrnd (ma_rrnd.c:44)
 
==5883==    by 0x1214E27: ha_maria::rnd_pos(unsigned char*, unsigned char*) (ha_maria.cc:2552)
 
==5883==    by 0x13CC983: ha_sequence::rnd_pos(unsigned char*, unsigned char*) (ha_sequence.h:121)
 
==5883==    by 0xBE3B5F: handler::ha_rnd_pos(unsigned char*, unsigned char*) (handler.cc:2841)
 
==5883==    by 0xD76FE0: rr_from_pointers(READ_RECORD*) (records.cc:547)
 
==5883==    by 0x7EB208: READ_RECORD::read_record() (records.h:73)
 
==5883==    by 0xD958C6: mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) (sql_delete.cc:804)
 
==5883==    by 0x89A778: mysql_execute_command(THD*) (sql_parse.cc:4977)
 
==5883==    by 0x8A58FA: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:8149)
 
==5883==    by 0x890E85: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1828)
 
==5883==    by 0x88F645: do_command(THD*) (sql_parse.cc:1361)



 Comments   
Comment by Elena Stepanova [ 2019-07-27 ]

Things have changed a little bit, at least for Aria. The same test case doesn't produce error 175 "File too short; Expected more data in file" anymore, but instead

10.4 e9c1701e

 
DELETE FROM t1 ORDER BY cache_size;
 
ERROR HY000: Storage engine SEQUENCE of the table `test`.`t1` doesn't have this option

The valgrind errors are still in place.

Comment by Elena Stepanova [ 2023-07-02 ]

The situation has become even more confusing with time.
The basic scenario is the same:

create sequence s;
 
delete from s order by `increment`;
 
drop sequence s;

It causes different effects, depending on the build, engine, and luck.

On a valgrind build with valgrind and MyISAM or Aria DELETE fails ER_ILLEGAL_HA (Storage engine doesn't have this option), and the test further fails with similar valgrind warnings as initially reported:

10.4 e146940a

 
==1597233== Thread 6:
 
==1597233== Conditional jump or move depends on uninitialised value(s)
 
==1597233==    at 0x160E32A: _mi_read_rnd_static_record (mi_statrec.c:250)
 
==1597233==    by 0x1607436: mi_rrnd (mi_rrnd.c:59)
 
==1597233==    by 0x15C8D35: ha_myisam::rnd_pos(unsigned char*, unsigned char*) (ha_myisam.cc:2088)
 
==1597233==    by 0x10B1F58: ha_sequence::rnd_pos(unsigned char*, unsigned char*) (ha_sequence.h:121)
 
==1597233==    by 0xCF9E2A: handler::ha_rnd_pos(unsigned char*, unsigned char*) (handler.cc:2920)
 
==1597233==    by 0xEB8D99: rr_from_pointers(READ_RECORD*) (records.cc:551)
 
==1597233==    by 0x8CD724: READ_RECORD::read_record() (records.h:70)
 
==1597233==    by 0xEDB3DC: mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) (sql_delete.cc:794)
 
==1597233==    by 0x98A98C: mysql_execute_command(THD*) (sql_parse.cc:4815)
 
==1597233==    by 0x995736: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:8008)
 
==1597233==    by 0x980FBF: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1857)
 
==1597233==    by 0x97F826: do_command(THD*) (sql_parse.cc:1378)
 
==1597233==    by 0xB2732B: do_handle_one_connection(CONNECT*) (sql_connect.cc:1420)
 
==1597233==    by 0xB27093: handle_one_connection (sql_connect.cc:1324)
 
==1597233==    by 0x109D6A5: pfs_spawn_thread (pfs.cc:1869)
 
==1597233==    by 0x4D7DFD3: start_thread (pthread_create.c:442)
 
==1597233== Syscall param pread64(offset) contains uninitialised byte(s)
 
==1597233==    at 0x4DEB1A7: __libc_pread64 (pread64.c:25)
 
==1597233==    by 0x4DEB1A7: pread (pread64.c:23)
 
==1597233==    by 0x1669760: my_pread (my_pread.c:66)
 
==1597233==    by 0x15E6DA6: inline_mysql_file_pread (mysql_file.h:1213)
 
==1597233==    by 0x15E7541: mi_nommap_pread (mi_dynrec.c:202)
 
==1597233==    by 0x160E090: _mi_read_static_record (mi_statrec.c:178)
 
==1597233==    by 0x160E413: _mi_read_rnd_static_record (mi_statrec.c:263)
 
==1597233==    by 0x1607436: mi_rrnd (mi_rrnd.c:59)
 
==1597233==    by 0x15C8D35: ha_myisam::rnd_pos(unsigned char*, unsigned char*) (ha_myisam.cc:2088)
 
==1597233==    by 0x10B1F58: ha_sequence::rnd_pos(unsigned char*, unsigned char*) (ha_sequence.h:121)
 
==1597233==    by 0xCF9E2A: handler::ha_rnd_pos(unsigned char*, unsigned char*) (handler.cc:2920)
 
==1597233==    by 0xEB8D99: rr_from_pointers(READ_RECORD*) (records.cc:551)
 
==1597233==    by 0x8CD724: READ_RECORD::read_record() (records.h:70)
 
==1597233==    by 0xEDB3DC: mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) (sql_delete.cc:794)
 
==1597233==    by 0x98A98C: mysql_execute_command(THD*) (sql_parse.cc:4815)
 
==1597233==    by 0x995736: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:8008)
 
==1597233==    by 0x980FBF: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1857)

with Aria

 
==1597574== Thread 6:
 
==1597574== Syscall param pread64(offset) contains uninitialised byte(s)
 
==1597574==    at 0x4DEB1A7: __libc_pread64 (pread64.c:25)
 
==1597574==    by 0x4DEB1A7: pread (pread64.c:23)
 
==1597574==    by 0x1669760: my_pread (my_pread.c:66)
 
==1597574==    by 0xF45CB6: inline_mysql_file_pread (mysql_file.h:1213)
 
==1597574==    by 0xF461D0: _ma_nommap_pread (ma_dynrec.c:162)
 
==1597574==    by 0xFC1930: _ma_read_static_record (ma_statrec.c:183)
 
==1597574==    by 0xFC0099: maria_rrnd (ma_rrnd.c:44)
 
==1597574==    by 0xF5B29F: ha_maria::rnd_pos(unsigned char*, unsigned char*) (ha_maria.cc:2521)
 
==1597574==    by 0x10B1F58: ha_sequence::rnd_pos(unsigned char*, unsigned char*) (ha_sequence.h:121)
 
==1597574==    by 0xCF9E2A: handler::ha_rnd_pos(unsigned char*, unsigned char*) (handler.cc:2920)
 
==1597574==    by 0xEB8D99: rr_from_pointers(READ_RECORD*) (records.cc:551)
 
==1597574==    by 0x8CD724: READ_RECORD::read_record() (records.h:70)
 
==1597574==    by 0xEDB3DC: mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) (sql_delete.cc:794)
 
==1597574==    by 0x98A98C: mysql_execute_command(THD*) (sql_parse.cc:4815)
 
==1597574==    by 0x995736: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:8008)
 
==1597574==    by 0x980FBF: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1857)
 
==1597574==    by 0x97F826: do_command(THD*) (sql_parse.cc:1378)

On a valgrind build with valgrind and InnoDB DELETE also fails ER_ILLEGAL_HA, and DROP hangs, or at least it doesn't end in several minutes.

On a debug/ASAN/UBSAN build with MyISAM or InnoDB DELETE always succeeds, no other errors occur. At least I haven't seen it fail even once in numerous attempts.

On a debug/ASAN/UBSAN build with Aria DELETE always fails with ER_GET_ERRNO (1030, Got error from storage engine, Got error 175 "File too short; Expected more data in file"). At least I haven't seen it fail once in numerous attempts.

create sequence s;
 
delete from s order by `increment`;
 
ERROR HY000: Got error 175 "File too short; Expected more data in file" from storage engine Aria
 
# 1030
 
drop sequence s;

On a non-debug, non-instrumented build with MyISAM DELETE succeeds the first time and fails the 2nd time with ER_ILLEGAL_HA

create sequence s;
 
delete from s order by `increment`;
 
drop sequence s;
 
bug.t2                                   [ pass ]      1
 
create sequence s;
 
delete from s order by `increment`;
 
bug.t2                                   [ 2 fail ]
 
        Test ended at 2023-07-02 22:50:02
 
 
 
CURRENT_TEST: bug.t2
 
mysqltest: At line 2: query 'delete from s order by `increment`' failed: 1031: Storage engine SEQUENCE of the table `test`.`s` doesn't have this option

On a non-debug, non-instrumented build with Aria DELETE fails interchangeably with ER_ILLEGAL_HA or ER_GET_ERRNO, but always fails.

On a non-debug, non-instrumented build with InnoDB DELETE fails sporadically with ER_ILLEGAL_HA or succeeds.

All results in this comment are from builds by gcc 12.2.0.

Comment by Elena Stepanova [ 2023-10-12 ]

Starting from 11.0, there is an additional valgrind error upon the same test case (and the only error in MSAN):

11.2 872ed5342 MSAN

 
==2835297==WARNING: MemorySanitizer: use-of-uninitialized-value
 
    #0 0x5614675297c2 in Sort_costs::compute_fastest_sort() /data/src/11.2-msan/sql/filesort_utils.cc:194:9
 
    #1 0x5614675297c2 in Sort_costs::compute_sort_costs(Sort_param*, unsigned long long, unsigned long, bool) /data/src/11.2-msan/sql/filesort_utils.cc:312:3
 
    #2 0x561467531095 in filesort(THD*, TABLE*, Filesort*, Filesort_tracker*, JOIN*, unsigned long long) /data/src/11.2-msan/sql/filesort.cc:290:9
 
    #3 0x5614665c610b in Sql_cmd_delete::delete_from_single_table(THD*) /data/src/11.2-msan/sql/sql_delete.cc:656:24
 
    #4 0x5614665d9ee9 in Sql_cmd_delete::execute_inner(THD*) /data/src/11.2-msan/sql/sql_delete.cc:1797:28
 
    #5 0x561466a1a7b8 in Sql_cmd_dml::execute(THD*) /data/src/11.2-msan/sql/sql_select.cc:33407:9
 
    #6 0x561466748d94 in mysql_execute_command(THD*, bool) /data/src/11.2-msan/sql/sql_parse.cc:4404:27
 
    #7 0x56146672f78a in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/src/11.2-msan/sql/sql_parse.cc:7810:18
 
    #8 0x561466723cd7 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/src/11.2-msan/sql/sql_parse.cc:1893:7
 
    #9 0x561466731b80 in do_command(THD*, bool) /data/src/11.2-msan/sql/sql_parse.cc:1406:17
 
    #10 0x561466de9adf in do_handle_one_connection(CONNECT*, bool) /data/src/11.2-msan/sql/sql_connect.cc:1445:11
 
    #11 0x561466de90b5 in handle_one_connection /data/src/11.2-msan/sql/sql_connect.cc:1347:5
 
    #12 0x5614681f9aba in pfs_spawn_thread /data/src/11.2-msan/storage/perfschema/pfs.cc:2201:3
 
    #13 0x7fd53420cfd3 in start_thread nptl/./nptl/pthread_create.c:442:8
 
    #14 0x7fd53428d5bb in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
 
 
 
  Uninitialized value was stored to memory at
 
    #0 0x561467529462 in Sort_costs::compute_merge_sort_costs(Sort_param*, unsigned long long, unsigned long, bool) /data/src/11.2-msan/sql/filesort_utils.cc:276:38
 
 
 
  Memory was marked as uninitialized
 
    #0 0x5614661179ce in __msan_allocated_memory (/mnt8t/src/11.2-msan/sql/mariadbd+0x7c49ce)
 
    #1 0x5614675790b2 in handler::ha_open(TABLE*, char const*, int, unsigned int, st_mem_root*, List<String>*) /data/src/11.2-msan/sql/handler.cc:3550:20
 
 
 
SUMMARY: MemorySanitizer: use-of-uninitialized-value /data/src/11.2-msan/sql/filesort_utils.cc:194:9 in Sort_costs::compute_fastest_sort()

11.0 5e2d08b5 Valgrind

 
==2835019== Thread 6:
 
==2835019== Conditional jump or move depends on uninitialised value(s)
 
==2835019==    at 0xF0D25E: Sort_costs::compute_fastest_sort() (filesort_utils.cc:194)
 
==2835019==    by 0xF0D65B: Sort_costs::compute_sort_costs(Sort_param*, unsigned long long, unsigned long, bool) (filesort_utils.cc:312)
 
==2835019==    by 0xF0F60B: filesort(THD*, TABLE*, Filesort*, Filesort_tracker*, JOIN*, unsigned long long) (filesort.cc:290)
 
==2835019==    by 0xAB5DCD: mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) (sql_delete.cc:685)
 
==2835019==    by 0xB225DB: mysql_execute_command(THD*, bool) (sql_parse.cc:4827)
 
==2835019==    by 0xB2D311: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:8030)
 
==2835019==    by 0xB18D9E: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) (sql_parse.cc:1894)
 
==2835019==    by 0xB176F7: do_command(THD*, bool) (sql_parse.cc:1407)
 
==2835019==    by 0xD1448F: do_handle_one_connection(CONNECT*, bool) (sql_connect.cc:1416)
 
==2835019==    by 0xD14204: handle_one_connection (sql_connect.cc:1318)
 
==2835019==    by 0x124ADED: pfs_spawn_thread (pfs.cc:2201)
 
==2835019==    by 0x522EFD3: start_thread (pthread_create.c:442)
 
==2835019==    by 0x52AE81F: clone (clone.S:100)
 
==2835019== Conditional jump or move depends on uninitialised value(s)
 
==2835019==    at 0x17DE92F: _mi_read_rnd_static_record (mi_statrec.c:250)
 
==2835019==    by 0x17D79C9: mi_rrnd (mi_rrnd.c:59)
 
==2835019==    by 0x179972B: ha_myisam::rnd_pos(unsigned char*, unsigned char*) (ha_myisam.cc:2097)
 
==2835019==    by 0x12D79BE: ha_sequence::rnd_pos(unsigned char*, unsigned char*) (ha_sequence.h:121)
 
==2835019==    by 0xF2677A: handler::ha_rnd_pos(unsigned char*, unsigned char*) (handler.cc:3651)
 
==2835019==    by 0x9D9772: rr_from_pointers(READ_RECORD*) (records.cc:610)
 
==2835019==    by 0x9C3408: READ_RECORD::read_record() (records.h:81)
 
==2835019==    by 0xAB6A6E: mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) (sql_delete.cc:822)
 
==2835019==    by 0xB225DB: mysql_execute_command(THD*, bool) (sql_parse.cc:4827)
 
==2835019==    by 0xB2D311: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:8030)
 
==2835019==    by 0xB18D9E: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) (sql_parse.cc:1894)
 
==2835019==    by 0xB176F7: do_command(THD*, bool) (sql_parse.cc:1407)
 
==2835019==    by 0xD1448F: do_handle_one_connection(CONNECT*, bool) (sql_connect.cc:1416)
 
==2835019==    by 0xD14204: handle_one_connection (sql_connect.cc:1318)
 
==2835019==    by 0x124ADED: pfs_spawn_thread (pfs.cc:2201)
 
==2835019==    by 0x522EFD3: start_thread (pthread_create.c:442)
 
==2835019== Syscall param pread64(offset) contains uninitialised byte(s)
 
==2835019==    at 0x529C1A7: __libc_pread64 (pread64.c:25)
 
==2835019==    by 0x529C1A7: pread (pread64.c:23)
 
==2835019==    by 0x183A7AF: my_pread (my_pread.c:66)
 
==2835019==    by 0x17B7842: inline_mysql_file_pread (mysql_file.h:1196)
 
==2835019==    by 0x17B7FA7: mi_nommap_pread (mi_dynrec.c:202)
 
==2835019==    by 0x17DE695: _mi_read_static_record (mi_statrec.c:178)
 
==2835019==    by 0x17DEA18: _mi_read_rnd_static_record (mi_statrec.c:263)
 
==2835019==    by 0x17D79C9: mi_rrnd (mi_rrnd.c:59)
 
==2835019==    by 0x179972B: ha_myisam::rnd_pos(unsigned char*, unsigned char*) (ha_myisam.cc:2097)
 
==2835019==    by 0x12D79BE: ha_sequence::rnd_pos(unsigned char*, unsigned char*) (ha_sequence.h:121)
 
==2835019==    by 0xF2677A: handler::ha_rnd_pos(unsigned char*, unsigned char*) (handler.cc:3651)
 
==2835019==    by 0x9D9772: rr_from_pointers(READ_RECORD*) (records.cc:610)
 
==2835019==    by 0x9C3408: READ_RECORD::read_record() (records.h:81)
 
==2835019==    by 0xAB6A6E: mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) (sql_delete.cc:822)
 
==2835019==    by 0xB225DB: mysql_execute_command(THD*, bool) (sql_parse.cc:4827)
 
==2835019==    by 0xB2D311: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:8030)
 
==2835019==    by 0xB18D9E: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) (sql_parse.cc:1894)

Generated at Thu Feb 08 08:50:37 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.