[#MDEV-32572] MSAN / Valgrind errors upon range query

10.6 b78b77e77db22321e2fa49afaea5564c083ca66a MSAN
Uninitialized bytes in __msan_check_mem_is_initialized at offset 54 inside [0x708000008c3c, 28515)
==432202==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x55c6318eb4f4 in dtuple_validate(dtuple_t const*) /data/src/10.6-msan/storage/innobase/data/data0data.cc:244:4
#1 0x55c6311997f8 in page_cur_search_with_match(dtuple_t const, page_cur_mode_t, unsigned long, unsigned long, page_cur_t, rtr_info*) /data/src/10.6-msan/storage/innobase/page/page0cur.cc:313:2
#2 0x55c631760f02 in btr_cur_t::search_leaf(dtuple_t const, page_cur_mode_t, btr_latch_mode, mtr_t) /data/src/10.6-msan/storage/innobase/btr/btr0cur.cc:1420:9
#3 0x55c6314e394b in btr_pcur_open_with_no_init(dtuple_t const, page_cur_mode_t, btr_latch_mode, btr_pcur_t, mtr_t*) /data/src/10.6-msan/storage/innobase/include/btr0pcur.inl:322:26
#4 0x55c6314e394b in row_search_mvcc(unsigned char, page_cur_mode_t, row_prebuilt_t, unsigned long, unsigned long) /data/src/10.6-msan/storage/innobase/row/row0sel.cc:4791:10
#5 0x55c630e24e2d in ha_innobase::index_read(unsigned char, unsigned char const, unsigned int, ha_rkey_function) /data/src/10.6-msan/storage/innobase/handler/ha_innodb.cc:9122:5
#6 0x55c62fdd9dbe in handler::ha_index_read_map(unsigned char, unsigned char const, unsigned long, ha_rkey_function) /data/src/10.6-msan/sql/handler.cc:3517:3
#7 0x55c62fe03bd9 in handler::read_range_first(st_key_range const, st_key_range const, bool, bool) /data/src/10.6-msan/sql/handler.cc:6663:13
#8 0x55c6304bb04e in QUICK_RANGE_SELECT::get_next_prefix(unsigned int, unsigned int, unsigned char*) /data/src/10.6-msan/sql/opt_range.cc:12847:19
#9 0x55c6304ca17d in QUICK_GROUP_MIN_MAX_SELECT::next_prefix() /data/src/10.6-msan/sql/opt_range.cc:15692:39
#10 0x55c6304c8b07 in QUICK_GROUP_MIN_MAX_SELECT::get_next() /data/src/10.6-msan/sql/opt_range.cc:15434:13
#11 0x55c630515c90 in rr_quick(READ_RECORD*) /data/src/10.6-msan/sql/records.cc:403:37
#12 0x55c62f24d8be in READ_RECORD::read_record() /data/src/10.6-msan/sql/records.h:81:30
#13 0x55c62f24d8be in join_init_read_record(st_join_table*) /data/src/10.6-msan/sql/sql_select.cc:22723:27
#14 0x55c62f1b7b21 in sub_select(JOIN, st_join_table, bool) /data/src/10.6-msan/sql/sql_select.cc:21725:12
#15 0x55c62f25811d in do_select(JOIN, Procedure) /data/src/10.6-msan/sql/sql_select.cc:21258:14
#16 0x55c62f25811d in JOIN::exec_inner() /data/src/10.6-msan/sql/sql_select.cc:4834:50
#17 0x55c62f253c97 in JOIN::exec() /data/src/10.6-msan/sql/sql_select.cc:4612:3
#18 0x55c62f1bacc0 in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /data/src/10.6-msan/sql/sql_select.cc:5091:9
#19 0x55c62f1b96d6 in handle_select(THD, LEX, select_result*, unsigned long) /data/src/10.6-msan/sql/sql_select.cc:559:10
#20 0x55c62f0eeb3a in execute_sqlcom_select(THD, TABLE_LIST) /data/src/10.6-msan/sql/sql_parse.cc:6285:12
#21 0x55c62f0c87ee in mysql_execute_command(THD*, bool) /data/src/10.6-msan/sql/sql_parse.cc:3961:12
#22 0x55c62f0b024a in mysql_parse(THD, char, unsigned int, Parser_state*) /data/src/10.6-msan/sql/sql_parse.cc:8050:18
#23 0x55c62f0a4790 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /data/src/10.6-msan/sql/sql_parse.cc:1896:7
#24 0x55c62f0b2640 in do_command(THD*, bool) /data/src/10.6-msan/sql/sql_parse.cc:1409:17
#25 0x55c62f6e2e7f in do_handle_one_connection(CONNECT*, bool) /data/src/10.6-msan/sql/sql_connect.cc:1416:11
#26 0x55c62f6e2465 in handle_one_connection /data/src/10.6-msan/sql/sql_connect.cc:1318:5
#27 0x55c630b5a18a in pfs_spawn_thread /data/src/10.6-msan/storage/perfschema/pfs.cc:2201:3
#28 0x7fed4c127fd3 in start_thread nptl/./nptl/pthread_create.c:442:8
#29 0x7fed4c1a85bb in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Uninitialized value was stored to memory at
#0 0x55c62eb9da79 in __msan_memcpy (/mnt8t/src/10.6-msan/sql/mariadbd+0x793a79)
#1 0x55c631e4de6c in memdup_root /data/src/10.6-msan/mysys/my_alloc.c:499:5

Memory was marked as uninitialized
#0 0x55c62eba421e in __msan_allocated_memory (/mnt8t/src/10.6-msan/sql/mariadbd+0x79a21e)
#1 0x55c631e7acd9 in my_malloc /data/src/10.6-msan/mysys/my_malloc.c:114:7

SUMMARY: MemorySanitizer: use-of-uninitialized-value /data/src/10.6-msan/storage/innobase/data/data0data.cc:244:4 in dtuple_validate(dtuple_t const*)

10.4 0c7af6a2 Valgrind
==430082== Thread 27:
==430082== Conditional jump or move depends on uninitialised value(s)
==430082== at 0x1280A8A: mach_write_to_2(unsigned char*, unsigned long) (mach0data.inl:58)
==430082== by 0x1282A8D: rec_set_bit_field_2(unsigned char*, unsigned long, unsigned long, unsigned long, unsigned long) (rem0rec.inl:220)
==430082== by 0x1282DD3: rec_set_n_fields_old(unsigned char*, unsigned long) (rem0rec.inl:431)
==430082== by 0x128811B: rec_convert_dtuple_to_rec_old(unsigned char, dtuple_t const, unsigned long) (rem0rec.cc:1425)
==430082== by 0x1288971: rec_convert_dtuple_to_rec(unsigned char, dict_index_t const, dtuple_t const*, unsigned long) (rem0rec.cc:1776)
==430082== by 0x1411B68: page_cur_tuple_insert(page_cur_t, dtuple_t const, dict_index_t, unsigned short, mem_block_info_t, unsigned long, mtr_t) (page0cur.inl:272)
==430082== by 0x142136A: btr_cur_optimistic_insert(unsigned long, btr_cur_t, unsigned short, mem_block_info_t, dtuple_t, unsigned char, big_rec_t, unsigned long, que_thr_t, mtr_t) (btr0cur.cc:3597)
==430082== by 0x12C1DE6: row_ins_clust_index_entry_low(unsigned long, unsigned long, dict_index_t, unsigned long, dtuple_t, unsigned long, que_thr_t*) (row0ins.cc:2805)
==430082== by 0x12C37CC: row_ins_clust_index_entry(dict_index_t, dtuple_t, que_thr_t*, unsigned long) (row0ins.cc:3281)
==430082== by 0x12C3D67: row_ins_index_entry(dict_index_t, dtuple_t, que_thr_t*) (row0ins.cc:3407)
==430082== by 0x12C46AC: row_ins_index_entry_step(ins_node_t, que_thr_t) (row0ins.cc:3576)
==430082== by 0x12C4BA4: row_ins(ins_node_t, que_thr_t) (row0ins.cc:3713)
==430082== by 0x12C5437: row_ins_step(que_thr_t*) (row0ins.cc:3856)
==430082== by 0x1276DC8: que_thr_step(que_thr_t*) (que0que.cc:945)
==430082== by 0x12771CD: que_run_threads_low(que_thr_t*) (que0que.cc:1028)
==430082== by 0x1277467: que_run_threads(que_thr_t*) (que0que.cc:1068)
==430082== Conditional jump or move depends on uninitialised value(s)
==430082== at 0x12809EC: mach_write_to_1(unsigned char*, unsigned long) (mach0data.inl:41)
==430082== by 0x12824A4: rec_set_bit_field_1(unsigned char*, unsigned long, unsigned long, unsigned long, unsigned long) (rem0rec.inl:178)
==430082== by 0x1282FDD: rec_set_info_bits_old(unsigned char*, unsigned long) (rem0rec.inl:575)
==430082== by 0x128813E: rec_convert_dtuple_to_rec_old(unsigned char, dtuple_t const, unsigned long) (rem0rec.cc:1428)
==430082== by 0x1288971: rec_convert_dtuple_to_rec(unsigned char, dict_index_t const, dtuple_t const*, unsigned long) (rem0rec.cc:1776)
==430082== by 0x1411B68: page_cur_tuple_insert(page_cur_t, dtuple_t const, dict_index_t, unsigned short, mem_block_info_t, unsigned long, mtr_t) (page0cur.inl:272)
==430082== by 0x142136A: btr_cur_optimistic_insert(unsigned long, btr_cur_t, unsigned short, mem_block_info_t, dtuple_t, unsigned char, big_rec_t, unsigned long, que_thr_t, mtr_t) (btr0cur.cc:3597)
==430082== by 0x12C1DE6: row_ins_clust_index_entry_low(unsigned long, unsigned long, dict_index_t, unsigned long, dtuple_t, unsigned long, que_thr_t*) (row0ins.cc:2805)
==430082== by 0x12C37CC: row_ins_clust_index_entry(dict_index_t, dtuple_t, que_thr_t*, unsigned long) (row0ins.cc:3281)
==430082== by 0x12C3D67: row_ins_index_entry(dict_index_t, dtuple_t, que_thr_t*) (row0ins.cc:3407)
==430082== by 0x12C46AC: row_ins_index_entry_step(ins_node_t, que_thr_t) (row0ins.cc:3576)
==430082== by 0x12C4BA4: row_ins(ins_node_t, que_thr_t) (row0ins.cc:3713)
==430082== by 0x12C5437: row_ins_step(que_thr_t*) (row0ins.cc:3856)
==430082== by 0x1276DC8: que_thr_step(que_thr_t*) (que0que.cc:945)
==430082== by 0x12771CD: que_run_threads_low(que_thr_t*) (que0que.cc:1028)
==430082== by 0x1277467: que_run_threads(que_thr_t*) (que0que.cc:1068)
==430082== Conditional jump or move depends on uninitialised value(s)
==430082== at 0x1280A8A: mach_write_to_2(unsigned char*, unsigned long) (mach0data.inl:58)
==430082== by 0x1282A8D: rec_set_bit_field_2(unsigned char*, unsigned long, unsigned long, unsigned long, unsigned long) (rem0rec.inl:220)
==430082== by 0x128311A: rec_set_heap_no_new(unsigned char*, unsigned long) (rem0rec.inl:764)
==430082== by 0x1291B9A: void rec_convert_dtuple_to_rec_comp<false, false>(unsigned char, dict_index_t const, dfield_t const*, unsigned long, rec_comp_status_t, bool) (rem0rec.cc:1562)
==430082== by 0x1288669: rec_convert_dtuple_to_rec_new(unsigned char, dict_index_t const, dtuple_t const*) (rem0rec.cc:1742)
==430082== by 0x1288954: rec_convert_dtuple_to_rec(unsigned char, dict_index_t const, dtuple_t const*, unsigned long) (rem0rec.cc:1774)
==430082== by 0x1411B68: page_cur_tuple_insert(page_cur_t, dtuple_t const, dict_index_t, unsigned short, mem_block_info_t, unsigned long, mtr_t) (page0cur.inl:272)
==430082== by 0x142136A: btr_cur_optimistic_insert(unsigned long, btr_cur_t, unsigned short, mem_block_info_t, dtuple_t, unsigned char, big_rec_t, unsigned long, que_thr_t, mtr_t) (btr0cur.cc:3597)
==430082== by 0x12C1DE6: row_ins_clust_index_entry_low(unsigned long, unsigned long, dict_index_t, unsigned long, dtuple_t, unsigned long, que_thr_t*) (row0ins.cc:2805)
==430082== by 0x12C37CC: row_ins_clust_index_entry(dict_index_t, dtuple_t, que_thr_t*, unsigned long) (row0ins.cc:3281)
==430082== by 0x12C3D67: row_ins_index_entry(dict_index_t, dtuple_t, que_thr_t*) (row0ins.cc:3407)
==430082== by 0x12C46AC: row_ins_index_entry_step(ins_node_t, que_thr_t) (row0ins.cc:3576)
==430082== by 0x12C4BA4: row_ins(ins_node_t, que_thr_t) (row0ins.cc:3713)
==430082== by 0x12C5437: row_ins_step(que_thr_t*) (row0ins.cc:3856)
==430082== by 0x12EDBB0: row_insert_for_mysql(unsigned char const, row_prebuilt_t, ins_mode_t) (row0mysql.cc:1395)
==430082== by 0x111F5A3: ha_innobase::write_row(unsigned char const*) (ha_innodb.cc:8171)
==430082== Conditional jump or move depends on uninitialised value(s)
==430082== at 0x12809EC: mach_write_to_1(unsigned char*, unsigned long) (mach0data.inl:41)
==430082== by 0x12824A4: rec_set_bit_field_1(unsigned char*, unsigned long, unsigned long, unsigned long, unsigned long) (rem0rec.inl:178)
==430082== by 0x1283010: rec_set_info_bits_new(unsigned char*, unsigned long) (rem0rec.inl:587)
==430082== by 0x1288686: rec_convert_dtuple_to_rec_new(unsigned char, dict_index_t const, dtuple_t const*) (rem0rec.cc:1747)
==430082== by 0x1288954: rec_convert_dtuple_to_rec(unsigned char, dict_index_t const, dtuple_t const*, unsigned long) (rem0rec.cc:1774)
==430082== by 0x1411B68: page_cur_tuple_insert(page_cur_t, dtuple_t const, dict_index_t, unsigned short, mem_block_info_t, unsigned long, mtr_t) (page0cur.inl:272)
==430082== by 0x142136A: btr_cur_optimistic_insert(unsigned long, btr_cur_t, unsigned short, mem_block_info_t, dtuple_t, unsigned char, big_rec_t, unsigned long, que_thr_t, mtr_t) (btr0cur.cc:3597)
==430082== by 0x12C1DE6: row_ins_clust_index_entry_low(unsigned long, unsigned long, dict_index_t, unsigned long, dtuple_t, unsigned long, que_thr_t*) (row0ins.cc:2805)
==430082== by 0x12C37CC: row_ins_clust_index_entry(dict_index_t, dtuple_t, que_thr_t*, unsigned long) (row0ins.cc:3281)
==430082== by 0x12C3D67: row_ins_index_entry(dict_index_t, dtuple_t, que_thr_t*) (row0ins.cc:3407)
==430082== by 0x12C46AC: row_ins_index_entry_step(ins_node_t, que_thr_t) (row0ins.cc:3576)
==430082== by 0x12C4BA4: row_ins(ins_node_t, que_thr_t) (row0ins.cc:3713)
==430082== by 0x12C5437: row_ins_step(que_thr_t*) (row0ins.cc:3856)
==430082== by 0x12EDBB0: row_insert_for_mysql(unsigned char const, row_prebuilt_t, ins_mode_t) (row0mysql.cc:1395)
==430082== by 0x111F5A3: ha_innobase::write_row(unsigned char const*) (ha_innodb.cc:8171)
==430082== by 0xD0ACD9: handler::ha_write_row(unsigned char const*) (handler.cc:6860)

10.6 6f091434f313996436b4f01d7e7d62a9f3786958
#3 0x00005562f13a7448 in memdup_root (root=<optimized out>, str=0x708000008130, len=67) at /mariadb/10.6/mysys/my_alloc.c:499
#4 0x00005562eeaaaf68 in Query_arena::memdup (this=<optimized out>, str=0x208000008130, size=67) at /mariadb/10.6/sql/sql_class.h:1264
#5 QUICK_RANGE::QUICK_RANGE (this=0x706000019a70, thd=<optimized out>, min_key_arg=0x208000008130 "", min_length_arg=<optimized out>, min_keypart_map_arg=7, max_key_arg=0x7080000082b0 "\n",
max_length_arg=<optimized out>, max_keypart_map_arg=7, flag_arg=32) at /mariadb/10.6/sql/opt_range.h:770
#6 get_quick_keys (param=0x7efe93627f88, param@entry=0xdde, quick=quick@entry=0x712000082c80, key=0x70b000010c70, key@entry=0x0, key_tree=0x70a000035410, min_key=0x708000008130 "\n",
min_key_flag=min_key_flag@entry=0, max_key=<optimized out>, max_key_flag=<optimized out>) at /mariadb/10.6/sql/opt_range.cc:11995
#7 0x00005562eeaab422 in get_quick_keys (param=<optimized out>, param@entry=0xdde, quick=quick@entry=0x712000082c80, key=<optimized out>, key@entry=0x556200000000, key_tree=<optimized out>,
min_key=0x7efe935e3000 "", min_key_flag=<optimized out>, min_key_flag@entry=0, max_key=<optimized out>, max_key_flag=<optimized out>) at /mariadb/10.6/sql/opt_range.cc:12014
#8 0x00005562eeaab422 in get_quick_keys (param=<optimized out>, quick=quick@entry=0x712000082c80, key=<optimized out>, key@entry=0x70b000010c70, key_tree=<optimized out>, key_tree@entry=0x70a0000352d0,
min_key=0x7efe935e3000 "", min_key@entry=0x708000008130 "\n", min_key_flag=<optimized out>, min_key_flag@entry=0, max_key=<optimized out>, max_key_flag=<optimized out>)
at /mariadb/10.6/sql/opt_range.cc:12014
#9 0x00005562eea8a979 in get_quick_select (param=<optimized out>, param@entry=0x7efe93627f88, idx=1, key_tree=0x70a0000352d0, mrr_flags=mrr_flags@entry=64, mrr_buf_size=mrr_buf_size@entry=0,
parent_alloc=0x712000082c00) at /mariadb/10.6/sql/opt_range.cc:11873
#10 0x00005562eeabe472 in TRP_GROUP_MIN_MAX::make_quick (this=0x71f00000fc30, param=0x7efe93627f88, retrieve_full_rows=<optimized out>, parent_alloc=<optimized out>) at /mariadb/10.6/sql/opt_range.cc:14963
#11 0x00005562eea4e3b4 in SQL_SELECT::test_quick_select (this=0x714000020630, thd=0x72b00007e018, keys_to_use={buffer = {3}}, prev_tables=<optimized out>, limit=<optimized out>, force_quick_range=false,
ordered_output=<optimized out>, remove_false_parts_of_where=<optimized out>, only_single_index_range_scan=false, suppress_unusable_key_notes=<optimized out>) at /mariadb/10.6/sql/opt_range.cc:3090
#12 0x00005562ef3fc5e7 in get_quick_record_count (thd=<optimized out>, select=<optimized out>, table=table@entry=0x719000041f18, keys=keys@entry=0x71e0000115c0, limit=<optimized out>,
limit@entry=18446744073709551615, quick_count=<optimized out>, quick_count@entry=0x7efe93628d10) at /mariadb/10.6/sql/sql_select.cc:5171
#13 0x00005562ef2e5c33 in make_join_statistics (join=join@entry=0x71a000040230,
tables_list=@0x719000041c48: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x704000018170, last = 0x704000018170, elements = 1}, <No data fields>},
keyuse_array=keyuse_array@entry=0x71a000040558) at /mariadb/10.6/sql/sql_select.cc:5905
#14 0x00005562ef2d023d in JOIN::optimize_inner (this=this@entry=0x71a000040230) at /mariadb/10.6/sql/sql_select.cc:2537
#15 0x00005562ef2c08cb in JOIN::optimize (this=0x71a000040230) at /mariadb/10.6/sql/sql_select.cc:1870
#16 0x00005562ef2a15e8 in mysql_select (thd=0x72b00007e018, thd@entry=0x1, tables=0x71c000021830, tables@entry=0x2e9, fields=<error reading variable: Cannot access memory at address 0x0>, conds=0x711000086c70,
conds@entry=0x0, og_num=og_num@entry=0, order=order@entry=0x0, group=<optimized out>, having=<optimized out>, proc_param=<optimized out>, select_options=<optimized out>, result=<optimized out>,
unit=<optimized out>, select_lex=<optimized out>) at /mariadb/10.6/sql/sql_select.cc:5100
#17 0x00005562ef2a049f in handle_select (thd=<optimized out>, thd@entry=0x72b00007e018, lex=lex@entry=0x72b000082318, result=<optimized out>, result@entry=0x7060000197d0,
setup_tables_done_option=setup_tables_done_option@entry=0) at /mariadb/10.6/sql/sql_select.cc:561
#18 0x00005562ef183019 in execute_sqlcom_select (thd=thd@entry=0x72b00007e018, all_tables=0x71c000021830) at /mariadb/10.6/sql/sql_parse.cc:6285
#19 0x00005562ef163e71 in mysql_execute_command (thd=thd@entry=0x72b00007e018, is_called_from_prepared_stmt=false) at /mariadb/10.6/sql/sql_parse.cc:3961
#20 0x00005562ef14d052 in mysql_parse (thd=thd@entry=0x72b00007e018,
rawbuf=0x7110000863b0 "SELECT DISTINCT * FROM t WHERE (a = 1 OR c < 2) AND (b = 'Arizona' OR b = 'Nebraska') OR (b = 'Utah' OR b != 'Colorado') AND (b = 'Idaho' OR b = 'New Mexico')", length=158,
parser_state=parser_state@entry=0x7efe9362a1f0) at /mariadb/10.6/sql/sql_parse.cc:8050

[MDEV-32572] MSAN / Valgrind errors upon range query Created: 2023-10-25 Updated: 2023-11-28
Status:	Open
Project:	MariaDB Server
Component/s:	Storage Engine - InnoDB
Affects Version/s:	10.4, 10.5, 10.6, 10.10, 10.11, 11.0, 11.1, 11.2
Fix Version/s:	10.4, 10.5, 10.6, 10.11, 11.0, 11.1

[MDEV-32572] MSAN / Valgrind errors upon range query Created: 2023-10-25 Updated: 2023-11-28