Bug #85986 pwrite64(buf) points to uninitialised byte(s) in os_fusionio_get_sector_size()
Submitted: 18 Apr 2017 13:55 Modified: 5 Jun 12:29
Reporter: Laurynas Biveinis (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: InnoDB storage engine Severity:S3 (Non-critical)
Version:8.0.1, 8.0.2 OS:Linux (Ubuntu 17.04)
Assigned to: CPU Architecture:Any
Tags: innodb, valgrind

[18 Apr 2017 13:55] Laurynas Biveinis 
Description:
innodb.check_sector_size                 [ fail ]  Found warnings/errors in server log file!
        Test ended at 2017-04-18 16:22:58
line
==31631== Thread 3:
==31631== Syscall param pwrite64(buf) points to uninitialised byte(s)
==31631==    at 0x50BCEB3: ??? (syscall-template.S:84)
==31631==    by 0x271B57B: os_fusionio_get_sector_size() (os0file.cc:6457)
==31631==    by 0x271B953: os_aio_init(unsigned long, unsigned long, unsigned long) (os0file.cc:6526)
==31631==    by 0x282AB9C: srv_start(bool) (srv0start.cc:1739)
==31631==    by 0x2627E8E: innobase_init_files(dict_init_mode_t) (ha_innodb.cc:4397)
==31631==    by 0x2636D57: innobase_dict_init(dict_init_mode_t, unsigned int, List<Plugin_table const>*, List<Plugin_tablespace const>*) (ha_innodb.cc:11916)
==31631==    by 0x1A5B3EC: (anonymous namespace)::DDSE_dict_init(THD*, dict_init_mode_t, unsigned int) (bootstrapper.cc:330)
==31631==    by 0x1A5F6B8: dd::bootstrap::upgrade_do_pre_checks_and_initialize_dd(THD*) (bootstrapper.cc:1332)
==31631==    by 0x1CEE9C1: handle_bootstrap (bootstrap.cc:333)
==31631==    by 0x2AEB2E2: pfs_spawn_thread (pfs.cc:2407)
==31631==    by 0x50B36D9: start_thread (pthread_create.c:456)
==31631==    by 0x6B6D17E: clone (clone.S:105)
==31631==  Address 0xcb26400 is 192 bytes inside a block of size 8,216 alloc'd
==31631==    at 0x4E9FB2F: malloc (vg_replace_malloc.c:299)
==31631==    by 0x264FBE9: ut_allocator<unsigned char>::allocate(unsigned long, unsigned char const*, char const*, bool, bool) (ut0new.h:354)
==31631==    by 0x271B527: os_fusionio_get_sector_size() (os0file.cc:6451)
==31631==    by 0x271B953: os_aio_init(unsigned long, unsigned long, unsigned long) (os0file.cc:6526)
==31631==    by 0x282AB9C: srv_start(bool) (srv0start.cc:1739)
==31631==    by 0x2627E8E: innobase_init_files(dict_init_mode_t) (ha_innodb.cc:4397)
==31631==    by 0x2636D57: innobase_dict_init(dict_init_mode_t, unsigned int, List<Plugin_table const>*, List<Plugin_tablespace const>*) (ha_innodb.cc:11916)
==31631==    by 0x1A5B3EC: (anonymous namespace)::DDSE_dict_init(THD*, dict_init_mode_t, unsigned int) (bootstrapper.cc:330)
==31631==    by 0x1A5F6B8: dd::bootstrap::upgrade_do_pre_checks_and_initialize_dd(THD*) (bootstrapper.cc:1332)
==31631==    by 0x1CEE9C1: handle_bootstrap (bootstrap.cc:333)
==31631==    by 0x2AEB2E2: pfs_spawn_thread (pfs.cc:2407)
==31631==    by 0x50B36D9: start_thread (pthread_create.c:456)
==31631==    by 0x6B6D17E: clone (clone.S:105)

How to repeat:
cmake ... -DWITH_DEBUG=ON -DWITH_VALGRIND=ON

./mtr --debug-server check_sector_size --valgrind
[18 Apr 2017 15:09] Laurynas Biveinis 
Likewise on sys_vars.innodb_flush_method_unix
[18 Apr 2017 23:55] MySQL Verification Team 
Thank you for the bug report.

[miguel@vbcentos7 mysql-test]$ ./mtr --debug-server check_sector_size --valgrind
Logging: ./mtr  --debug-server check_sector_size --valgrind
2017-04-18T20:50:30.895726Z 0 [Warning] Changed limits: max_open_files: 1024 (requested 5000)
2017-04-18T20:50:30.895791Z 0 [Warning] Changed limits: table_open_cache: 431 (requested 2000)
MySQL Version 8.0.1
Turning on valgrind for all executables
Running valgrind with options " --tool=memcheck --num-callers=16 --show-reachable=yes --suppressions=/home/miguel/Downloads/mysql-8.0.1-dmr/mysql-test/valgrind.supp "
Turning off --check-testcases to save time when valgrinding
Checking supported features...
 - SSL connections supported
 - binaries are debug compiled
Collecting tests...
Removing old var directory...
Creating var directory '/home/miguel/Downloads/mysql-8.0.1-dmr/mysql-test/var'...
Installing system database...
Using parallel: 1

==============================================================================

TEST                                      RESULT   TIME (ms) or COMMENT
--------------------------------------------------------------------------

worker[1] Using MTR_BUILD_THREAD 300, with reserved ports 13000..13009
innodb.check_sector_size                 [ fail ]  Found warnings/errors in server log file!
        Test ended at 2017-04-18 17:53:35

line
==23488== Thread 3:
==23488== Syscall param pwrite64(buf) points to uninitialised byte(s)
==23488==    at 0x527BD63: ??? (in /usr/lib64/libpthread-2.17.so)
==23488==    by 0x27A588B: os_fusionio_get_sector_size() (os0file.cc:6457)
==23488==    by 0x27A5C1B: os_aio_init(unsigned long, unsigned long, unsigned long) (os0file.cc:6526)
==23488==    by 0x28A6002: srv_start(bool) (srv0start.cc:1741)
==23488==    by 0x26C110C: innobase_init_files(dict_init_mode_t) (ha_innodb.cc:4397)
==23488==    by 0x26CF277: innobase_dict_init(dict_init_mode_t, unsigned int, List<Plugin_table const>*, List<Plugin_tablespace const>*) (ha_innodb.cc:11916)
==23488==    by 0x1BBDB31: (anonymous namespace)::DDSE_dict_init(THD*, dict_init_mode_t, unsigned int) (bootstrapper.cc:331)
==23488==    by 0x1BC191E: dd::bootstrap::upgrade_do_pre_checks_and_initialize_dd(THD*) (bootstrapper.cc:1332)
==23488==    by 0x1E2C762: handle_bootstrap (bootstrap.cc:333)
==23488==    by 0x2B291E9: pfs_spawn_thread (pfs.cc:2407)
[18 Apr 2017 23:56] MySQL Verification Team 
Thank you for the bug report.
[26 Jul 2017 2:21] Laurynas Biveinis 
Seen the same on 8.0.2
[27 Jul 2017 11:24] Daniel Price 
Posted by developer:
 
Fixed as of the upcoming 8.0.3 release, and here's the changelog entry:

Allocated memory was not initialized before it was written to a file,
resulting in a Valgrind error.
[5 Jun 12:29] Laurynas Biveinis 
Seen again in bug 115229