[#MDEV-29322] ASAN heap-use-after-free in Query_log_event::do_apply_event, rpl.rpl

[MDEV-29322] ASAN heap-use-after-free in Query_log_event::do_apply_event, rpl.rpl_mdev10863 fails frequently Created: 2022-08-18 Updated: 2022-11-10 Resolved: 2022-09-07
Status:	Closed
Project:	MariaDB Server
Component/s:	Replication
Affects Version/s:	10.5, 10.6, 10.7, 10.8, 10.9, 10.10
Fix Version/s:	10.5.18, 10.6.10, 10.7.6, 10.8.5, 10.9.3

Type:

Bug

Priority:

Blocker

Reporter:

Elena Stepanova

Assignee:

Andrei Elkin

Resolution:

Fixed

Votes:

Labels:

regression

Issue Links:

Blocks
Problem/Incident
is caused by	~~MDEV-28632~~	Change default of explicit_defaults_f...	Closed
Relates
relates to	~~MDEV-29332~~	Tests in BB sometimes failing with ru...	Closed
relates to	~~MDEV-29439~~	MSAN use-of-unitialized-value errors ...	Closed

Description

10.5 5fc172fd
perl ./mtr rpl.rpl_mdev10863 --repeat=100

==1144805==ERROR: AddressSanitizer: heap-use-after-free on address 0x6120001955a0 at pc 0x55ed50ec571f bp 0x7f34bdc55a80 sp 0x7f34bdc55a78
READ of size 4 at 0x6120001955a0 thread T49
#0 0x55ed50ec571e in Query_log_event::do_apply_event(rpl_group_info, char const, unsigned int) /data/src/10.5/sql/log_event_server.cc:1721
#1 0x55ed5019deb8 in Log_event::apply_event(rpl_group_info*) /data/src/10.5/sql/log_event.h:1488
#2 0x55ed5019deb8 in apply_event_and_update_pos_apply /data/src/10.5/sql/slave.cc:3851
#3 0x55ed50856ecd in rpt_handle_event /data/src/10.5/sql/rpl_parallel.cc:62
#4 0x55ed50864e2a in handle_rpl_parallel_thread /data/src/10.5/sql/rpl_parallel.cc:1363
#5 0x55ed512a87d4 in pfs_spawn_thread /data/src/10.5/storage/perfschema/pfs.cc:2201
#6 0x7f34d80b0ea6 in start_thread nptl/pthread_create.c:477
#7 0x7f34d7caddee in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xfddee)

Reproducible on 10.5+.

The failure apparently started happening after the commits related to ~~MDEV-28632~~ (10.5+ part), specifically

commit 7b500f04fb0baf56b02583f82982508203e58d38

Author: Sergei Golubchik

Date:   Sat Jul 23 16:38:03 2022 +0200

    MDEV-29078 For old binary logs explicit_defaults_for_timestamp presumed to be OFF, server value ignored

Comments

Comment by Marko Mäkelä [ 2022-08-23 ]

The UBSAN race ~~MDEV-29332~~ could be share the root cause with this ASAN race.

Comment by Andrei Elkin [ 2022-09-01 ]

The patch is made into one commit 489a7fba324 as HEAD of bb-10.5-andrei-~~MDEV-29322~~ and ready
for review.

Comment by Andrei Elkin [ 2022-09-02 ]

Ditto to MENT-1590.

Comment by Andrei Elkin [ 2022-09-02 ]

The latest commit
8927a612581 HEAD ~~> bb-10.5-andreiMDEV-29322~~ (forced update)
addresses review discussion notes.

Comment by Sergei Golubchik [ 2022-09-02 ]

8927a612581 is ok to push

Generated at Thu Feb 08 10:07:37 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.