[MDEV-37136] sql/wsrep_allowlist_service.cc:40:27: runtime error: member call on null pointer of type 'Wsrep_schema' - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.11.13
Fix Version/s: 10.11.15, 11.4.9, 11.8.4, 12.1.2
Component/s: Galera
Labels:
- UBSAN
- null-pointer-use
Environment:
f42 x86_64 with server ASAN/UBSAN compiled.

Bug Category:
Can result in hang or crash
Sprint:
Q3/2025 Galera Development

Description

in testing galera - dc2953740d2a8f4ef918b3783723028c0f1ba7e6 (PR packaging changes only ~~MDEV-35108~~).

10.11-bfbba94eadc277f7b35034a7757cf8ff907ae1d8
WSREP_PROVIDER=/usr/lib64/galera-4/libgalera_smm.so mysql-test/mtr --suite=galera --parallel=auto

galera.galera_log_output_csv w16 [ fail ] Found warnings/errors in server log file!
Test ended at 2025-07-02 10:07:29
line
/home/dan/repos/mariadb-server-10.11/sql/wsrep_allowlist_service.cc:40:27: runtime error: member call on null pointer of type 'Wsrep_schema'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/dan/repos/mariadb-server-10.11/sql/wsrep_allowlist_service.cc:40:27
^ Found warnings in /home/dan/repos/build-mariadb-server-10.11/mysql-test/var/16/log/mysqld.2.err


2025-07-02 10:07:11 0 [Note] Starting MariaDB 10.11.14-MariaDB-asan-log source revision d09eabb84f2bb9038492756fa36c32bfbb7ed02e server_uid H5y5rHuwmWCLkTll2UZXICTH0xw= as process 79523
2025-07-02 10:07:11 0 [Note] WSREP: Loading provider /usr/lib64/galera-4/libgalera_smm.so initial position: 00000000-0000-0000-0000-000000000000:-1
2025-07-02 10:07:11 0 [Note] WSREP: wsrep_load(): loading provider library '/usr/lib64/galera-4/libgalera_smm.so'
2025-07-02 10:07:11 0 [Note] WSREP: wsrep_load(): Galera 26.4.22(rdc295374) by Codership Oy <info@codership.com> loaded successfully.
2025-07-02 10:07:11 0 [Note] WSREP: Initializing allowlist service v1
2025-07-02 10:07:11 0 [Note] WSREP: Resolved symbol 'wsrep_node_isolation_mode_set_v1'
2025-07-02 10:07:11 0 [Note] WSREP: Resolved symbol 'wsrep_certify_v1'
2025-07-02 10:07:11 0 [Note] WSREP: CRC-32C: using 64-bit x86 acceleration.
2025-07-02 10:07:11 0 [Warning] WSREP: Could not open state file for reading: '/home/dan/repos/build-mariadb-server-10.11/mysql-test/var/16/mysqld.2/data//grastate.dat'
2025-07-02 10:07:11 0 [Note] WSREP: Found saved state: 00000000-0000-0000-0000-000000000000:-1, safe_to_bootstrap: 1
2025-07-02 10:07:11 0 [Note] WSREP: GCache DEBUG: opened preamble:
Version: 0
UUID: 00000000-0000-0000-0000-000000000000
Seqno: -1 - -1
Offset: -1
Synced: 0
2025-07-02 10:07:11 0 [Note] WSREP: Skipped GCache ring buffer recovery: could not determine history UUID.
2025-07-02 10:07:11 0 [Note] WSREP: Passing config to GCS: base_dir = /home/dan/repos/build-mariadb-server-10.11/mysql-test/var/16/mysqld.2/data/; base_host = 127.0.0.1; base_port = 19425; cert.log_conflicts = no; cert.optimistic_pa = yes; debug = no; evs.auto_evict = 0; evs.delay_margin = PT1S; evs.delayed_keep_period = PT30S; evs.inactive_check_period = PT0.5S; evs.inactive_timeout = PT30S; evs.install_timeout = PT15S; evs.join_retrans_period = PT1S; evs.max_install_timeouts = 3; evs.send_window = 4; evs.stats_report_period = PT1M; evs.suspect_timeout = PT10S; evs.user_send_window = 2; evs.view_forget_timeout = PT24H; gcache.dir = /home/dan/repos/build-mariadb-server-10.11/mysql-test/var/16/mysqld.2/data/; gcache.keep_pages_size = 0; gcache.keep_plaintext_size = 128M; gcache.mem_size = 0; gcache.name = galera.cache; gcache.page_size = 128M; gcache.recover = yes; gcache.size = 10M; gcomm.thread_prio = ; gcs.fc_debug = 0; gcs.fc_factor = 1.0; gcs.fc_limit = 16; gcs.fc_master_slave = no; gcs.fc_single_primary = no; gcs.max_packet_size =
2025-07-02 10:07:11 0 [Note] WSREP: Start replication
2025-07-02 10:07:11 0 [Note] WSREP: Connecting with bootstrap option: 0
2025-07-02 10:07:11 0 [Note] WSREP: Setting GCS initial position to 00000000-0000-0000-0000-000000000000:-1
2025-07-02 10:07:11 0 [Note] WSREP: protonet asio version 0
2025-07-02 10:07:11 0 [Note] WSREP: Using CRC-32C for message checksums.
2025-07-02 10:07:11 0 [Note] WSREP: backend: asio
2025-07-02 10:07:11 0 [Note] WSREP: gcomm thread scheduling priority set to other:0
2025-07-02 10:07:11 0 [Note] WSREP: access file(/home/dan/repos/build-mariadb-server-10.11/mysql-test/var/16/mysqld.2/data//gvwstate.dat) failed(No such file or directory)
2025-07-02 10:07:11 0 [Note] WSREP: restore pc from disk failed
2025-07-02 10:07:11 0 [Note] WSREP: GMCast version 0
2025-07-02 10:07:11 0 [Note] WSREP: (80615a2e-85fc, 'tcp://0.0.0.0:19425') listening at tcp://0.0.0.0:19425
2025-07-02 10:07:11 0 [Note] WSREP: (80615a2e-85fc, 'tcp://0.0.0.0:19425') multicast: , ttl: 1
2025-07-02 10:07:11 0 [Note] WSREP: EVS version 1
2025-07-02 10:07:11 0 [Note] WSREP: gcomm: connecting to group 'my_wsrep_cluster', peer '127.0.0.1:19422'
2025-07-02 10:07:11 0 [Note] WSREP: (80615a2e-85fc, 'tcp://0.0.0.0:19425') connection established to 7ff4ad1d-ac1a tcp://127.0.0.1:19422
2025-07-02 10:07:12 0 [Note] WSREP: EVS version upgrade 0 -> 1
2025-07-02 10:07:12 0 [Note] WSREP: declaring 7ff4ad1d-ac1a at tcp://127.0.0.1:19422 stable
2025-07-02 10:07:12 0 [Note] WSREP: PC protocol upgrade 0 -> 1
2025-07-02 10:07:12 0 [Note] WSREP: Node 7ff4ad1d-ac1a state prim
2025-07-02 10:07:12 0 [Note] WSREP: view(view_id(PRIM,7ff4ad1d-ac1a,2) memb {
7ff4ad1d-ac1a,0
80615a2e-85fc,0
} joined {
} left {
} partitioned {
})
2025-07-02 10:07:12 0 [Note] WSREP: save pc into disk
2025-07-02 10:07:12 0 [Note] WSREP: gcomm: connected
2025-07-02 10:07:12 0 [Note] WSREP: Changing maximum packet size to 64500, resulting msg size: 32636
2025-07-02 10:07:12 0 [Note] WSREP: Shifting CLOSED -> OPEN (TO: 0)
2025-07-02 10:07:12 0 [Note] WSREP: Opened channel 'my_wsrep_cluster'
2025-07-02 10:07:12 0 [Note] WSREP: New COMPONENT: primary = yes, bootstrap = no, my_idx = 1, memb_num = 2
2025-07-02 10:07:12 0 [Note] WSREP: STATE EXCHANGE: Waiting for state UUID.
2025-07-02 10:07:12 0 [Note] WSREP: STATE EXCHANGE: sent state msg: 80af77f2-56d8-11f0-a5f7-1267cf2037ec
2025-07-02 10:07:12 0 [Note] WSREP: STATE EXCHANGE: got state msg: 80af77f2-56d8-11f0-a5f7-1267cf2037ec from 0 (bark)
2025-07-02 10:07:12 0 [Note] WSREP: STATE EXCHANGE: got state msg: 80af77f2-56d8-11f0-a5f7-1267cf2037ec from 1 (bark)
2025-07-02 10:07:12 0 [Note] WSREP: Quorum results:
version = 6,
component = PRIMARY,
conf_id = 1,
members = 1/2 (joined/total),
act_id = 1,
last_appl. = 0,
protocols = 5/11/4 (gcs/repl/appl),
vote policy= 0,
group UUID = 7ff56792-56d8-11f0-9aaa-f3f0e78a99ab
2025-07-02 10:07:12 0 [Note] WSREP: Flow-control interval: [23, 23]
2025-07-02 10:07:12 0 [Note] WSREP: Shifting OPEN -> PRIMARY (TO: 2)
2025-07-02 10:07:12 2 [Note] WSREP: Starting applier thread 2
2025-07-02 10:07:12 2 [Note] WSREP: ####### processing CC 2, local, ordered
2025-07-02 10:07:12 2 [Note] WSREP: Process first view: 7ff56792-56d8-11f0-9aaa-f3f0e78a99ab my uuid: 80615a2e-56d8-11f0-85fc-8a2b4ff876ea
2025-07-02 10:07:12 2 [Note] WSREP: Server bark connected to cluster at position 7ff56792-56d8-11f0-9aaa-f3f0e78a99ab:2 with ID 80615a2e-56d8-11f0-85fc-8a2b4ff876ea
2025-07-02 10:07:12 2 [Note] WSREP: Server status change disconnected -> connected
2025-07-02 10:07:12 2 [Note] WSREP: ####### My UUID: 80615a2e-56d8-11f0-85fc-8a2b4ff876ea
2025-07-02 10:07:12 2 [Note] WSREP: Cert index reset to 00000000-0000-0000-0000-000000000000:-1 (proto: 11), state transfer needed: yes
2025-07-02 10:07:12 0 [Note] WSREP: Service thread queue flushed.
2025-07-02 10:07:12 2 [Note] WSREP: ####### Assign initial position for certification: 00000000-0000-0000-0000-000000000000:-1, protocol version: -1
2025-07-02 10:07:12 1 [Note] WSREP: Starting rollbacker thread 1
2025-07-02 10:07:12 2 [Note] WSREP: State transfer required:
Group state: 7ff56792-56d8-11f0-9aaa-f3f0e78a99ab:2
Local state: 00000000-0000-0000-0000-000000000000:-1
2025-07-02 10:07:12 2 [Note] WSREP: Server status change connected -> joiner
2025-07-02 10:07:12 0 [Note] WSREP: Joiner monitor thread started to monitor
2025-07-02 10:07:12 0 [Note] WSREP: Running: 'wsrep_sst_rsync --role 'joiner' --address '127.0.0.1:19427' --datadir '/home/dan/repos/build-mariadb-server-10.11/mysql-test/var/16/mysqld.2/data/' --defaults-file '/home/dan/repos/build-mariadb-server-10.11/mysql-test/var/16/my.cnf' --defaults-group-suffix '.2' --parent 79523 --progress 0 --binlog-index 'mysqld-bin.index' --mysqld-args --defaults-group-suffix=.2 --defaults-file=/home/dan/repos/build-mariadb-server-10.11/mysql-test/var/16/my.cnf --log-output=file --innodb --innodb-cmpmem --innodb-cmp-per-index --innodb-trx --innodb-locks --innodb-lock-waits --innodb-metrics --innodb-buffer-pool-stats --innodb-buffer-page --innodb-buffer-page-lru --innodb-sys-columns --innodb-sys-fields --innodb-sys-foreign --innodb-sys-foreign-cols --innodb-sys-indexes --innodb-sys-tables --innodb-sys-virtual --innodb --innodb-cmpmem --innodb-cmp-per-index --innodb-trx --innodb-locks --innodb-lock-waits --innodb-metrics --innodb-buffer-pool-stats --innodb-buffer-page --innodb-buffer-page-lru --innodb-sys-col
WSREP_SST: [INFO] rsync SST started on joiner (20250702 10:07:12.577)
WSREP_SST: [INFO] 'ss' is selected as a socket information utility. (20250702 10:07:12.905)
2025-07-02 10:07:13 2 [Note] WSREP: ####### IST uuid:00000000-0000-0000-0000-000000000000 f: 0, l: 2, STRv: 3
2025-07-02 10:07:13 2 [Note] WSREP: IST receiver addr using tcp://127.0.0.1:19426
2025-07-02 10:07:13 2 [Note] WSREP: Prepared IST receiver for 0-2, listening at: tcp://127.0.0.1:19426
2025-07-02 10:07:13 0 [Note] WSREP: Member 1.0 (bark) requested state transfer from 'any'. Selected 0.0 (bark)(SYNCED) as donor.
2025-07-02 10:07:13 0 [Note] WSREP: Shifting PRIMARY -> JOINER (TO: 2)
2025-07-02 10:07:13 2 [Note] WSREP: Requesting state transfer: success, donor: 0
2025-07-02 10:07:13 2 [Note] WSREP: Resetting GCache seqno map due to different histories.
2025-07-02 10:07:13 2 [Note] WSREP: GCache history reset: 00000000-0000-0000-0000-000000000000:0 -> 7ff56792-56d8-11f0-9aaa-f3f0e78a99ab:2
/home/dan/repos/mariadb-server-10.11/sql/wsrep_allowlist_service.cc:40:27: runtime error: member call on null pointer of type 'Wsrep_schema'
#0 0x00000240a015 in Wsrep_allowlist_service::allowlist_cb(wsrep::allowlist_service::allowlist_key, wsrep::const_buffer const&) /home/dan/repos/mariadb-server-10.11/sql/wsrep_allowlist_service.cc:40:27
#1 0x00000306ce0e in wsrep_allowlist_service_v1::allowlist_cb(wsrep_allowlist_context, wsrep_allowlist_key_t, wsrep_buf const) /home/dan/repos/mariadb-server-10.11/wsrep-lib/src/allowlist_service_v1.cpp:60:37
#2 0x7bc46c69795b (/usr/lib64/galera-4/libgalera_smm.so+0x16895b) (BuildId: 7800305e18d0c207310694f007d6b090c20efb79)
#3 0x7bc46c6aa154 (/usr/lib64/galera-4/libgalera_smm.so+0x17b154) (BuildId: 7800305e18d0c207310694f007d6b090c20efb79)
#4 0x7bc46c5c5894 (/usr/lib64/galera-4/libgalera_smm.so+0x96894) (BuildId: 7800305e18d0c207310694f007d6b090c20efb79)
#5 0x7bc46c5c795c (/usr/lib64/galera-4/libgalera_smm.so+0x9895c) (BuildId: 7800305e18d0c207310694f007d6b090c20efb79)
#6 0x0000005b65fa in asan_thread_start(void*) asan_interceptors.cpp.o
#7 0x7fc473c7f1d3 in start_thread (/lib64/libc.so.6+0x711d3) (BuildId: c4b06a608071b2c9852fae62ca3b69cdc22cd022)
#8 0x7fc473d01ceb in __GI___clone3 (/lib64/libc.so.6+0xf3ceb) (BuildId: c4b06a608071b2c9852fae62ca3b69cdc22cd022)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/dan/repos/mariadb-server-10.11/sql/wsrep_allowlist_service.cc:40:27

So allowlist_cb is called before wsrep_schema is initialised or after wsrep_deinit_schema.

In galera allowlist_value_check is called on connection/acception

Attachments

Activity

People

Assignee:: Julius Goryavsky

Reporter:: Daniel Black

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2025-07-02 00:46

Updated:: 3 days ago 12:03

Resolved:: 2025-08-14 23:43

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.