Bug #115229 pwrite(buf) points to uninitialised byte(s) in os_fusionio_get_sector_size()
Submitted: 5 Jun 12:29 Modified: 27 Sep 20:30
Reporter: Laurynas Biveinis (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: InnoDB storage engine Severity:S3 (Non-critical)
Version:8.4.0 OS:Any
Assigned to: CPU Architecture:Any

[5 Jun 12:29] Laurynas Biveinis
Description:
The Return of the Son of bug 85986, seen on aarch64 and x86_64.

Every test under Valgrind has an error:
$ mtr main.1st
...
[ 33%] main.1st                                  [ fail ]  Found warnings/errors in error log file!
        Test ended at 2024-06-05 12:24:58
include/load_error_log.inc
line
==29233== Thread 2 boot:
==29233== Syscall param pwrite64(buf) points to uninitialised byte(s)
==29233==    at 0xAF85F80: __libc_pwrite64 (pwrite64.c:25)
==29233==    by 0xAF85F80: pwrite (pwrite64.c:23)
==29233==    by 0x541EC57: os_fusionio_get_sector_size() (os0file.cc:6427)
==29233==    by 0x541EFA3: os_aio_init(unsigned long, unsigned long) (os0file.cc:6511)
==29233==    by 0x557A4D3: srv_start(bool) (srv0start.cc:1743)
==29233==    by 0x521927F: innobase_init_files(dict_init_mode_t, List<Plugin_tablespace const>*) (ha_innodb.cc:5744)
==29233==    by 0x522A633: innobase_ddse_dict_init(dict_init_mode_t, unsigned int, List<dd::Object_table const>*, List<Plugin_tablespace const>*) (ha_innodb.cc:13133)
==29233==    by 0x4F10C93: dd::bootstrap::DDSE_dict_init(THD*, dict_init_mode_t, unsigned int) (bootstrapper.cc:746)
==29233==    by 0x4F1199F: dd::bootstrap::restart_dictionary(THD*) (bootstrapper.cc:907)
==29233==    by 0x3D14A8B: handle_bootstrap (bootstrap.cc:340)
==29233==    by 0x5F0D587: pfs_spawn_thread (pfs.cc:3051)
==29233==    by 0xAF2D5C7: start_thread (pthread_create.c:442)
==29233==    by 0xAF95EDB: thread_start (clone.S:79)
==29233==  Address 0x15f5b000 is on thread 2's stack
==29233==  in frame #1, created by os_fusionio_get_sector_size() (os0file.cc:6370)
^ Found warnings in /home/laurynas/vilniusdb/mysql-8.4.0/_build-debug-valgrind/mysql-test/var/log/mysqld.1.err

How to repeat:
Server built with -DCMAKE_EXPORT_COMPILE_COMMANDS=ON -DCMAKE_BUILD_TYPE=Debug -DWITH_DEBUG=ON -DMYSQL_MAINTAINER_MODE=ON -DWITH_SYSTEM_LIBS=ON -DFORCE_COLORED_OUTPUT=ON -DWITH_VALGRIND=ON on Ubuntu 20.04
[5 Jun 12:57] MySQL Verification Team
Hi Mr. Biveinis,

Thank you very much for your bug report.

Can you share with us all information on the cmake command line and other important details.
[5 Jun 13:00] MySQL Verification Team
HI,

Also, please provide us with your compiler and linker details. Then, full details on the OS,  versions / releases of all system libraries that mysqld has been dynamically linked with. Next, your Valgrind version as well.

Also, please confirm that (literally) all tests from mysql-test/t/ fail with the 100 % exactly same output.

Many thanks in advance.
[6 Jun 8:48] Laurynas Biveinis
All the important details:

1) The CMake options already have been provided above

2) Compiler:
-- The C compiler identification is GNU 11.4.0
-- The CXX compiler identification is GNU 11.4.0
$ gcc -v 
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/aarch64-linux-gnu/11/lto-wrapper
Target: aarch64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu 11.4.0-1ubuntu1~22.04' --with-bugurl=file:///usr/share/doc/gcc-11/README.Bugs --enable-languages=c,ada,c++,go,d,fortran,objc,obj-c++,m2 --prefix=/usr --with-gcc-major-version-only --program-suffix=-11 --program-prefix=aarch64-linux-gnu- --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --enable-bootstrap --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-libquadmath --disable-libquadmath-support --enable-plugin --enable-default-pie --with-system-zlib --enable-libphobos-checking=release --with-target-system-zlib=auto --enable-objc-gc=auto --enable-multiarch --enable-fix-cortex-a53-843419 --disable-werror --enable-checking=release --build=aarch64-linux-gnu --host=aarch64-linux-gnu --target=aarch64-linux-gnu --with-build-config=bootstrap-lto-lean --enable-link-serialization=2
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04) 

3) Linker (note the absence of linker-related flags in the CMake invocation):
$ ld --version
GNU ld (GNU Binutils for Ubuntu) 2.38
Copyright (C) 2022 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License version 3 or (at your option) a later version.
This program has absolutely no warranty.

4) OS is Ubuntu 20.04, as stated above. Please elaborate what other "further details" on the OS you would like to receive

Other details in the next comment due to voluminous volume of them.
[6 Jun 8:49] Laurynas Biveinis
ldd -v mysqld

Attachment: ldd-v-mysqld.log (application/octet-stream, text), 9.32 KiB.

[6 Jun 8:50] Laurynas Biveinis
5) "versions / releases of all system libraries that mysqld has been dynamically linked with.":

In the attachment above

6) $ valgrind --version
valgrind-3.18.1

7) That is ongoing and will take a few weeks, because Valgrind is slow and so is this box. Here's some random output. Please also note that the stacktrace refers to universally-executed server bootstrap code.

[ 15%] rpl.rpl_heartbeat 'stmt'                 w2  [ fail ]  Found warnings/errors in error log file!
        Test ended at 2024-06-06 08:43:45
include/load_error_log.inc
line
==1154749== Thread 2 boot:
==1154749== Syscall param pwrite64(buf) points to uninitialised byte(s)
==1154749==    at 0xB07D83F: __libc_pwrite64 (pwrite64.c:25)
==1154749==    by 0xB07D83F: pwrite (pwrite64.c:23)
==1154749==    by 0x54EEEEE: os_fusionio_get_sector_size() (os0file.cc:6427)
==1154749==    by 0x54EF278: os_aio_init(unsigned long, unsigned long) (os0file.cc:6511)
==1154749==    by 0x56482A9: srv_start(bool) (srv0start.cc:1743)
==1154749==    by 0x52ECE47: innobase_init_files(dict_init_mode_t, List<Plugin_tablespace const>*) (ha_innodb.cc:5744)
==1154749==    by 0x52FF482: innobase_ddse_dict_init(dict_init_mode_t, unsigned int, List<dd::Object_table const>*, List<Plugin_tablespace const>*) (ha_innodb.cc:13133)
==1154749==    by 0x4FD9C74: dd::bootstrap::DDSE_dict_init(THD*, dict_init_mode_t, unsigned int) (bootstrapper.cc:746)
==1154749==    by 0x4FDAB62: dd::bootstrap::restart_dictionary(THD*) (bootstrapper.cc:907)
==1154749==    by 0x3D12C20: handle_bootstrap (bootstrap.cc:340)
==1154749==    by 0x5FD0A6D: pfs_spawn_thread (pfs.cc:3051)
==1154749==    by 0xAFFFAC2: start_thread (pthread_create.c:442)
==1154749==    by 0xB090A03: clone (clone.S:100)
==1154749==  Address 0x1605d000 is on thread 2's stack
==1154749==  in frame #1, created by os_fusionio_get_sector_size() (os0file.cc:6370)
^ Found warnings in /home/laurynas/vilniusdb/mysql-8.4.0/_build-debug-valgrind/mysql-test/var/2/log/mysqld.2.err
ok
[6 Jun 9:35] MySQL Verification Team
Hi Mr. Biveinis,

Thank you for your bug  report and all the info that you provided.

This is now a fully verified bug, only for version 8.4.0.

Thanks a lot.
[5 Jul 7:37] Laurynas Biveinis
Does not reproduce on 9.0.0, due to fusionio removal (?). Did not test the newer lower versions yet
[5 Jul 9:45] MySQL Verification Team
Hi Mr. Biveinis,

That is quite correct.

We did mention in our last comment that this is a bug specific to the version  8.4 only .......
[27 Sep 20:30] Philip Olson
Posted by developer:
 
Fixed as of the upcoming MySQL Server 8.0.40, 8.4.3, and 9.1.0 releases, and here's the proposed changelog entry from the documentation team for review:

An uninitialized buffer was being written to a temporary file when
checking if the system supports a different sector size for FusionIO. This
check is made when innodb_flush_method is set to O_DIRECT or
O_DIRECT_NO_FSYNC.

Thank you for the bug report.
[30 Sep 8:53] MySQL Verification Team
Thank you, Philip.