Valgrind: During server startup: Conditional jump or move depends on uninitialised value(s) at BN_bin2bn, BN_num_bits_word | Use of uninitialised value of size 8 at BN_num_bits_word, BN_mod_exp_mont_consttime

Any connection with bug 1169505?

Looks like an upstream bug to me. Should be reproducible with Oracle MySQL compiled with the same SSL-related options.

qablock; it makes many runs result in Valgrind status. Could also be fixed by adding suppression (need dev input), but if fix is easy,... | discussed with Laurynas.

They are either SSL errors (hence in openssl) or false positives (in which case they need to be added to supp). I am inclined to believe it is the latter.

Incidentally, there used to be suppress patterns for this kind of Valgrind errors, but they were removed in 5.6.10:

"Several OpenSSL-related Valgrind warnings were corrected. (Bug #15908967)"

http://lists.mysql.com/commits/145376

I miss few things and not able to repeat as a result:

...
2013-06-21 21:46:10 23919 [Note] bin/mysqld: ready for connections.
Version: '5.6.11-rc60.3' socket: '/tmp/mysql.sock' port: 3306 Percona Server with XtraDB (GPL), Release rc60.3, Revision 387-valgrind
==23919== Thread 22:
==23919== Conditional jump or move depends on uninitialised value(s)
==23919== at 0x83D5FA4: create_tmp_table(THD*, TMP_TABLE_PARAM*, List<Item>&, st_order*, bool, bool, unsigned long long, unsigned long long, char const*) (sql_tmp_table.cc:626)
==23919== by 0x83B382D: create_schema_table(THD*, TABLE_LIST*) (sql_show.cc:7299)
==23919== by 0x83B8376: mysql_schema_table(THD*, LEX*, TABLE_LIST*) (sql_show.cc:7528)
==23919== by 0x83367CD: open_and_process_table(THD*, LEX*, TABLE_LIST*, unsigned int*, unsigned int, Prelocking_strategy*, bool, Open_table_context*) (sql_base.cc:4457)
==23919== by 0x8337F30: open_tables(THD*, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) (sql_base.cc:5069)
==23919== by 0x8338336: open_normal_and_derived_tables(THD*, TABLE_LIST*, unsigned int) (sql_base.cc:5769)
==23919== by 0x8221574: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5253)
==23919== by 0x837F30F: mysql_execute_command(THD*) (sql_parse.cc:2749)
==23919== by 0x838222F: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:6451)
==23919== by 0x838338A: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1376)
==23919== by 0x8383B20: do_command(THD*) (sql_parse.cc:1051)
==23919== by 0x835130C: do_handle_one_connection(THD*) (sql_connect.cc:1615)
==23919==
2013-06-21 21:47:11 23919 [Note] bin/mysqld: Normal shutdown
...

So, how exactly this version was built and started?

I had used the following commands:

406 ~/bzr/percona-5.6/build/build-binary.sh --valgrind
407 ls
408 tar -zxvf Percona-Server-5.6.11-rc60.3-387-valgrind.Linux.i686.tar.gz
409 cd Percona-Server-5.6.11-rc60.3-387-valgrind.Linux.i686/
410 scripts/mysql_install_db --no-defaults
...
413 valgrind bin/mysqld --no-defaults --basedir=`pwd` --datadir=`pwd`/data

on Debian 7:

openxs@debian7:~$ valgrind --version
valgrind-3.7.0
openxs@debian7:~$ uname -a
Linux debian7 3.2.0-4-486 #1 Debian 3.2.41-2+deb7u2 i686 GNU/Linux

#5, this bug is duplicate of lp:1049076 reported earlier. Either the suppressions have to be added or the cleanup at end. That is the reason the suppressions were removed.

#7, if you are sure this is a duplicate, maybe you have to set it this way? If some additional checks are needed I'd like to find out what I missed n my attempts to repeat mentioned above.

After looking into this I think we should open an upstream bug and add suppressions. I am not an expert of SSL API and crypto in general, and it needs reproducing with OpenSSL compiled for debug at least. Googling gives conflicting advice.

The commit referenced by Alexey's commit seems to handle shutdown cleanups only. I don't know why they removed the conditional jump warnings at the same time.

Roel, does RQG maintain its own suppressions or is it reusing MTR suppressions?

Roel, please test the linked branch (lp:~laurynas-biveinis/percona-server/bug1191582) directly if you need MTR suppressions, or copy the last commit to the necessary suppression list.

RQG uses the MTR suppressions

Testing new branch as per #11

Ok, these startup + shutdown scripts trigger the error in the mysqld error log;

[roel@qaserver 209184]$ cat start_mtr1000
cd /ssd/Percona-Server-5.6.12-rc60.4-405-debug-valgrind.Linux.x86_64/mysql-test/
perl lib/v1/mysql-test-run.pl --start-and-exit --valgrind --skip-ndb --mysqld=--core-file --mysqld=--loose-new --mysqld=--sql-mode=no_engine_substitution --mysqld=--relay-log=slave-relay-bin --mysqld=--loose-innodb --mysqld=--secure-file-priv= --mysqld=--max-allowed-packet=16Mb --mysqld=--loose-innodb-status-file=1 --mysqld=--master-retry-count=65535 --mysqld=--loose-debug-assert-if-crashed-table --mysqld=--loose-debug-assert-on-error --mysqld=--skip-name-resolve --vardir=/ssd/209184/vardir1_1000 --master_port=17003 --mysqld="--log-output=none" --mysqld="--sql_mode=ONLY_FULL_GROUP_BY" --mysqld="--slow_query_log" --mysqld="--userstat" 1st 2>&1
[roel@qaserver 209184]$ cat stop_mtr1000
/ssd/Percona-Server-5.6.12-rc60.4-405-debug-valgrind.Linux.x86_64/bin/mysqladmin -uroot -S/ssd/209184/vardir1_1000/tmp/master.sock shutdown

Confirmed suppression file is being used (note 4th option to Valgrind binary):

[roel@qaserver 209184]$ ps -ef | grep "\-406"
roel 5497 1 15 19:15 pts/2 00:00:07 valgrind --tool=memcheck --leak-check=yes --num-callers=16 --suppressions=/ssd/Percona-Server-5.6.12-rc60.4-406-debug-valgrind.Linux.x86_64/mysql-test/valgrind.supp --show-reachable=yes /ssd/Percona-Server-5.6.12-rc60.4-406-debug-valgrind.Linux.x86_64/bin/mysqld --no-defaults --basedir=/ssd/Percona-Server-5.6.12-rc60.4-406-debug-valgrind.Linux.x86_64 --character-sets-dir=/ssd/Percona-Server-5.6.12-rc60.4-406-debug-valgrind.Linux.x86_64/share/charsets --secure-file-priv=/ssd/209184/vardir1_1000 --log-bin-trust-function-creators --character-set-server=latin1 --lc-messages-dir=/ssd/Percona-Server-5.6.12-rc60.4-406-debug-valgrind.Linux.x86_64/share --tmpdir=/ssd/209184/vardir1_1000/tmp --connect-timeout=60 --pid-file=/ssd/209184/vardir1_1000/run/master.pid --port=17003 --socket=/ssd/209184/vardir1_1000/tmp/master.sock --datadir=/ssd/209184/vardir1_1000/master-data --log-output=table,file --general-log --general-log-file=/ssd/209184/vardir1_1000/log/master.log --slow-query-log --slow-query-log-file=/ssd/209184/vardir1_1000/log/master-slow.log --server-id=1 --loose-innodb_data_file_path=ibdata1:10M:autoextend --local-infile --loose-skip-ndbcluster --key_buffer_size=1M --sort_buffer=256K --max_heap_table_size=1M --ssl-ca=/ssd/Percona-Server-5.6.12-rc60.4-406-debug-valgrind.Linux.x86_64/mysql-test/std_data/cacert.pem --ssl-cert=/ssd/Percona-Server-5.6.12-rc60.4-406-debug-valgrind.Linux.x86_64/mysql-test/std_data/server-cert.pem --ssl-key=/ssd/Percona-Server-5.6.12-rc60.4-406-debug-valgrind.Linux.x86_64/mysql-test/std_data/server-key.pem --core-file --loose-new --sql-mode=no_engine_substitution --relay-log=slave-relay-bin --loose-innodb --secure-file-priv= --max-allowed-packet=16Mb --loose-innodb-status-file=1 --master-retry-count=65535 --loose-debug-assert-if-crashed-table --loose-debug-assert-on-error --skip-name-resolve --log-output=none --sql_mode=ONLY_FULL_GROUP_BY --slow_query_log --userstat --skip-log-bin --core-file --open-files-limit=1024

Issue is still happening. Adding new error log for review. Also note some other SSL errors on shutdown, please review and let me know if these should be logged in a new bug report.

Note to self: /ssd/209184/vardir1_1000/log/master.err (start_mtr1000 has wipe vardir set)

Pushed updated branch. The new errors have to be handled separately.

Re-testing with new branch (still revno 406 but revision changed)

Excellent. The only one left is this one:

==32338== Use of uninitialised value of size 8
==32338== at 0x3417C8ACEC: BN_mod_exp_mont_consttime (in /usr/lib64/libcrypto.so.1.0.0)
==32338== by 0x3417CA59CB: ??? (in /usr/lib64/libcrypto.so.1.0.0)
==32338== by 0x341C822DF7: ssl3_ctx_ctrl (in /usr/lib64/libssl.so.1.0.0)
==32338== by 0xC79E0D: new_VioSSLFd (viosslfactories.c:286)
==32338== by 0xC7A336: new_VioSSLAcceptorFd (viosslfactories.c:336)
==32338== by 0x62607E: init_ssl() (mysqld.cc:4320)
==32338== by 0x630170: mysqld_main(int, char**) (mysqld.cc:5509)
==32338== by 0x340C41ECDC: (below main) (in /lib64/libc-2.12.so)

The CRYPTO_malloc errors at end are still there, but these are now logged in bug 1205196

The one left is because its intended suppression was wrong (handling conditional jump, not uninitialised read). Pushed the branch with updated suppressions again, please test. Overwrote the same commit.

Excellent. That fixed it. Please push.

I don't see exactly these errors, but I see many errors coming from vio_ssl_read on current trunk. Will try with compiled binaries. Should any specific options be used?

Sergei, I am using CentOS release 6.4 x64 which uses OpenSSL 1.0.0-fips 29 Mar 2010. I build using ./build/build-binary.sh --debug --valgrind and #14 has the testcase. Thanks.

Here is the valgrind output with all symbols resolved:

==18331== Conditional jump or move depends on uninitialised value(s)
==18331== at 0x59756EA: BN_bin2bn (bn_lib.c:636)
==18331== by 0x5978F61: bnrand (bn_rand.c:199)
==18331== by 0x598E96C: generate_key (dh_key.c:153)
==18331== by 0x56AEDF7: ssl3_ctx_ctrl (s3_lib.c:2610)
==18331== by 0xC6047B: new_VioSSLFd (viosslfactories.c:286)
==18331== by 0xC607C6: new_VioSSLAcceptorFd (viosslfactories.c:336)
==18331== by 0x62241E: init_ssl() (mysqld.cc:4388)
==18331== by 0x62BDE0: mysqld_main(int, char**) (mysqld.cc:5577)
==18331== by 0x6645CDC: (below main) (libc-start.c:226)
==18331==
==18331== (action on error) vgdb me ...
==18331== Conditional jump or move depends on uninitialised value(s)
==18331== at 0x5974B2D: BN_num_bits_word (bn_lib.c:183)
==18331== by 0x5974C74: BN_num_bits (bn_lib.c:254)
==18331== by 0x59736C5: BN_mod_exp_mont_consttime (bn_exp.c:598)
==18331== by 0x598E9CB: generate_key (dh_key.c:169)
==18331== by 0x56AEDF7: ssl3_ctx_ctrl (s3_lib.c:2610)
==18331== by 0xC6047B: new_VioSSLFd (viosslfactories.c:286)
==18331== by 0xC607C6: new_VioSSLAcceptorFd (viosslfactories.c:336)
==18331== by 0x62241E: init_ssl() (mysqld.cc:4388)
==18331== by 0x62BDE0: mysqld_main(int, char**) (mysqld.cc:5577)
==18331== by 0x6645CDC: (below main) (libc-start.c:226)
==18331==
==18331== (action on error) vgdb me ...
==18331== Continuing ...
==18331== Conditional jump or move depends on uninitialised value(s)
==18331== at 0x5974B3C: BN_num_bits_word (bn_lib.c:185)
==18331== by 0x5974C74: BN_num_bits (bn_lib.c:254)
==18331== by 0x59736C5: BN_mod_exp_mont_consttime (bn_exp.c:598)
==18331== by 0x598E9CB: generate_key (dh_key.c:169)
==18331== by 0x56AEDF7: ssl3_ctx_ctrl (s3_lib.c:2610)
==18331== by 0xC6047B: new_VioSSLFd (viosslfactories.c:286)
==18331== by 0xC607C6: new_VioSSLAcceptorFd (viosslfactories.c:336)
==18331== by 0x62241E: init_ssl() (mysqld.cc:4388)
==18331== by 0x62BDE0: mysqld_main(int, char**) (mysqld.cc:5577)
==18331== by 0x6645CDC: (below main) (libc-start.c:226)
==18331==
==18331== (action on error) vgdb me ...
==18331== Continuing ...
==18331== Conditional jump or move depends on uninitialised value(s)
==18331== at 0x5974B4B: BN_num_bits_word (bn_lib.c:187)
==18331== by 0x5974C74: BN_num_bits (bn_lib.c:254)
==18331== by 0x59736C5: BN_mod_exp_mont_consttime (bn_exp.c:598)
==18331== by 0x598E9CB: generate_key (dh_key.c:169)
==18331== by 0x56AEDF7: ssl3_ctx_ctrl (s3_lib.c:2610)
==18331== by 0xC6047B: new_VioSSLFd (viosslfactories.c:286)
==18331== by 0xC607C6: new_VioSSLAcceptorFd (viosslfactories.c:336)
==18331== by 0x62241E: init_ssl() (mysqld.cc:4388)
==18331== by 0x62BDE0: mysqld_main(int, char**) (mysqld.cc:5577)
==18331== by 0x6645CDC: (below main) (libc-start.c:226)
==18331==
==18331== (action on error) vgdb me ...
==18331== Continuing ...
==18331== Use of uninitialised value of size 8
==18331== at 0x5974B5C: BN_num_bits_word (bn_lib.c:189)
==18331== by 0x5974C74: BN_num_bits (bn_lib.c:254)
==18331== by 0x59736C5: BN_mod_exp_mont_consttime (bn_exp.c:598)
==18331== ...

Sergei -

If this is an OpenSSL bug, what are its implications? I.e. the worst case could be that OpenSSL PRNG has some bug which causes resulting pseudorandom numbers to have less entropy than intended and generate crackable keys. Should we forbid or advice against linking with some OpenSSL versions? Or is it benign?

OK, now it all looks familiar. See http://research.swtch.com/openssl for example. As in, the OpenSSL code may use uninitialized memory intentionally as an additional source of entropy.

Sergei, can you check if it's the same issue as discussed at the link? If so, we should just add the corresponding Valgrind suppress patterns back.

This issue is similar to http://openssl.6102.n7.nabble.com/valgrind-warnings-for-0-9-8b-td6228.html,
for example I see million errors when run ./mtr ssl_connect --valgrind
Rebuilding openssl with -DPURIFY solves the issue.
I think it is better then to add many suppressions.

So threre is nothing we can do with it. It's a known openssl issue, it one want to use valrgind with OpenSSL, he must build it with -DPURIFY.

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PS-118