Bug #93046 Syscall param pwrite64(buf) points to uninitialised byte(s): os_fusionio_get_sec
Submitted: 1 Nov 2018 16:12 Modified: 2 Nov 2018 5:04
Reporter: Yura Sorokin (OCA) Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: InnoDB storage engine Severity:S3 (Non-critical)
Version:5.7.23, 5.7.24 OS:Any
Assigned to: CPU Architecture:Any

[1 Nov 2018 16:12] Yura Sorokin 
Description:
The following two MTR test cases generate
'Syscall param pwrite64(buf) points to uninitialised byte(s)'

Valgrind error

innodb.check_sector_size
innodb.create_isl_with_direct

**************************************************************************
Syscall param pwrite64(buf) points to uninitialised byte(s)
   at 0x5F8104F: pwrite (pwrite64.c:29)
   by 0x1A70E49: os_fusionio_get_sector_size() (os0file.cc:6676)
   by 0x1A71258: os_aio_init(unsigned long, unsigned long, unsigned long) (os0file.cc:6746)
   by 0x1B9B28E: innobase_start_or_create_for_mysql() (srv0start.cc:1788)
   by 0x1995B9C: innobase_init(void*) (ha_innodb.cc:4056)
   by 0xF370E6: ha_initialize_handlerton(st_plugin_int*) (handler.cc:840)
   by 0x15E38BC: plugin_initialize(st_plugin_int*) (sql_plugin.cc:1225)
   by 0x15E45D3: plugin_register_builtin_and_init_core_se(int*, char**) (sql_plugin.cc:1588)
   by 0xEA0A5E: init_server_components() (mysqld.cc:4074)
   by 0xEA20FF: mysqld_main(int, char**) (mysqld.cc:4768)
   by 0xE99119: main (main.cc:25)
 Address 0xa1e8800 is 128 bytes inside a block of size 8,216 alloc'd
   at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
   by 0x19BB25D: ut_allocator<unsigned char>::allocate(unsigned long, unsigned char const*, char const*, bool, bool) (ut0new.h:351)
   by 0x1A70DF5: os_fusionio_get_sector_size() (os0file.cc:6671)
   by 0x1A71258: os_aio_init(unsigned long, unsigned long, unsigned long) (os0file.cc:6746)
   by 0x1B9B28E: innobase_start_or_create_for_mysql() (srv0start.cc:1788)
   by 0x1995B9C: innobase_init(void*) (ha_innodb.cc:4056)
   by 0xF370E6: ha_initialize_handlerton(st_plugin_int*) (handler.cc:840)
   by 0x15E38BC: plugin_initialize(st_plugin_int*) (sql_plugin.cc:1225)
   by 0x15E45D3: plugin_register_builtin_and_init_core_se(int*, char**) (sql_plugin.cc:1588)
   by 0xEA0A5E: init_server_components() (mysqld.cc:4074)
   by 0xEA20FF: mysqld_main(int, char**) (mysqld.cc:4768)
   by 0xE99119: main (main.cc:25)

**************************************************************************

How to repeat:
Build MySQL Server 5.7.23 on Ubuntu 18.10 (Bionic) with Valgrind cmake option
(Using default GCC 7.3.0 and Valgring 3.13.0)

cmake ... -DWITH_VALGRIND=ON

then run
./mtr --debug-server --valgrind innodb.check_sector_size

Suggested fix:
In 'os_fusionio_get_sector_size()' in 'os0file.cc' change

ptr = static_cast<byte*>(ut_malloc_nokey(2 * MAX_SECTOR_SIZE));

to

ptr = static_cast<byte*>(ut_zalloc_nokey(2 * MAX_SECTOR_SIZE));

Probably conditionally, depending on UNIV_DEBUG_VALGRIND preprocessor definition.
[1 Nov 2018 16:17] Yura Sorokin 
Suggested patch for 5.7

(*) I confirm the code being submitted is offered under the terms of the OCA, and that I am authorized to contribute it.

Contribution: bug93046_5_7.diff (application/octet-stream, text), 575 bytes.
[2 Nov 2018 5:04] MySQL Verification Team 
Hello Yura Sorokin,

Thank you for the report and contribution.
Also, observed this with 5.7.24 build.

regards,
Umesh
[3 Nov 2018 18:07] Laurynas Biveinis 
Bug 85986, only in 5.7?