[MDEV-22070] MSAN use-of-uninitialized-value in encryption.innodb-redo-badkey Created: 2020-03-28  Updated: 2020-05-14  Resolved: 2020-05-14

Status: Closed
Project: MariaDB Server
Component/s: Storage Engine - InnoDB, Storage Engine - XtraDB
Affects Version/s: 10.5
Fix Version/s: 10.5.4, 10.1.46, 10.2.33, 10.3.24, 10.4.14

Type: Bug Priority: Major
Reporter: Marko Mäkelä Assignee: Marko Mäkelä
Resolution: Fixed Votes: 0
Labels: MSAN, undefined

Issue Links:
Relates
relates to MDEV-20377 Make WITH_MSAN more usable Closed

 Description   

The test encryption.innodb-redo-badkey fails with MemorySanitizer:

bb-10.5-msan 6be56dd1c8a37eb98f4b7bc1507ca5991a2a1f61

 
CURRENT_TEST: encryption.innodb-redo-badkey
 
 
 
 
 
Server [mysqld.1 - pid: 1415759, winpid: 1415759, exit: 256] failed during test run
 
Server log from this test:
 
2020-03-28 21:35:32 0 [Note] InnoDB: Page may be an index page where index id is 13171207888776047200
 
2020-03-28 21:35:32 0 [Note] InnoDB: It is also possible that your operating system has corrupted its own file cache and rebooting your computer removes the error. If the corrupt page is an index page. You can also try to fix the corruption by dumping, dropping, and reimporting the corrupt table. You can use CHECK TABLE to scan your table for corruption. Please refer to https://mariadb.com/kb/en/library/innodb-recovery-modes/ for information about forcing recovery.
 
==1415780==WARNING: MemorySanitizer: use-of-uninitialized-value
 
    #0 0x564e0a14070d in buf_LRU_block_remove_hashed(buf_page_t*, bool) /mariadb/10.5m/storage/innobase/buf/buf0lru.cc:1759:4
 
    #1 0x564e0a148041 in buf_LRU_free_one_page(buf_page_t*, page_id_t) /mariadb/10.5m/storage/innobase/buf/buf0lru.cc:1992:6
 
    #2 0x564e0a09eae5 in buf_corrupt_page_release(buf_page_t*, fil_space_t const*) /mariadb/10.5m/storage/innobase/buf/buf0buf.cc:4736:2
 
    #3 0x564e0a09a32f in buf_page_io_complete(buf_page_t*, bool, bool) /mariadb/10.5m/storage/innobase/buf/buf0buf.cc:5013:4
 
    #4 0x564e0a30809f in fil_aio_callback(os_aio_userdata_t*) /mariadb/10.5m/storage/innobase/fil/fil0fil.cc:4168:16
 
  Memory was marked as uninitialized
 
    #0 0x564e0715e3ae in __msan_allocated_memory (/dev/shm/10.5m/sql/mariadbd+0x6fe3ae)
 
    #1 0x564e0a12d823 in buf_LRU_get_free_only() /mariadb/10.5m/storage/innobase/buf/buf0lru.cc:843:4

Note: It appears that the page frame itself was initialized. For debugging, I would suggest to invoke __msan_print_shadow(), as noted in the MemorySanitizer wiki page.

This probably affects earlier versions as well, but I do not think that we can get MSAN to work well before version 10.5.

 Comments   
Comment by Marko Mäkelä [ 2020-05-14 ]

As far as I can tell, the server could crash in buf_LRU_block_remove_hashed() if a ROW_FORMAT=COMPRESSED page has a page checksum failure. As a fix, we will zero-fill the uncompressed page frame.

Generated at Thu Feb 08 09:11:58 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.