MySQL Bugs: #116369: rpl.rpl_semi_sync_alias crashes under AddressSanitizer

Bug #116369	rpl.rpl_semi_sync_alias crashes under AddressSanitizer
Submitted:	16 Oct 2024 11:18	Modified:	28 Oct 8:05
Reporter:	Laurynas Biveinis (OCA)	Email Updates:
Status:	Verified	Impact on me:	None
Category:	MySQL Server: Replication	Severity:	S6 (Debug Builds)
Version:	8.0.44, 8.4.7, 9.3.0	OS:	MacOS (15.0.1)
Assigned to:		CPU Architecture:	ARM

Description:
./mtr rpl.rpl_semi_sync_alias
...

2024-10-16T11:14:18.927998Z 17 [Note] [MY-010733] [Server] Shutting down plugin 'rpl_semi_sync_replica'
AddressSanitizer:DEADLYSIGNAL
=================================================================
==90200==ERROR: AddressSanitizer: SEGV on unknown address 0x000133be6460 (pc 0x00011cd09c2c bp 0x0001713ed5c0 sp 0x0001713ec510 T52)
==90200==The signal is caused by a READ memory access.
    #0 0x11cd09c2c in __asan_register_globals+0x628 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x15c2c)
    #1 0x11cd47124 in __asan::AsanApplyToGlobals(void (*)(__asan_global*, unsigned long), void const*)+0x70 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x53124)
    #2 0x11cd095ec in __asan_register_image_globals+0x3c (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x155ec)
    #3 0x129b33698 in asan.module_ctor+0x18 (semisync_slave.so:arm64+0x3698)
    #4 0x18f4a7b84 in invocation function for block in dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const+0x24c (dyld:arm64e+0xfffffffffff57b84)
    #5 0x18f4e63b8  (<unknown module>)
    #6 0x18f4d9b20  (<unknown module>)
    #7 0x18f48c2d8  (<unknown module>)
    #8 0x18f4d8ab4  (<unknown module>)
    #9 0x18f4e5ecc  (<unknown module>)
    #10 0x18f4a78a8 in dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const+0xac (dyld:arm64e+0xfffffffffff578a8)
    #11 0x18f4aee84  (<unknown module>)
    #12 0x18f4a7f64 in dyld4::Loader::runInitializersBottomUp(dyld4::RuntimeState&, dyld3::Array<dyld4::Loader const*>&, dyld3::Array<dyld4::Loader const*>&) const+0x134 (dyld:arm64e+0xfffffffffff57f64)
    #13 0x18f4ac254  (<unknown module>)
    #14 0x18f4a8154 in dyld4::Loader::runInitializersBottomUpPlusUpwardLinks(dyld4::RuntimeState&) const+0x198 (dyld:arm64e+0xfffffffffff58154)
    #15 0x18f4c0484  (<unknown module>)
    #16 0x11cd34d28 in dlopen+0x108 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x40d28)
    #17 0x102af99b8 in plugin_dl_add(MYSQL_LEX_STRING const*, int, bool) sql_plugin.cc:687
    #18 0x102af80b0 in plugin_add(MEM_ROOT*, MYSQL_LEX_CSTRING, MYSQL_LEX_STRING const*, int*, char**, int, bool) sql_plugin.cc:1047
    #19 0x102ae56dc in mysql_install_plugin(THD*, MYSQL_LEX_CSTRING, MYSQL_LEX_STRING const*) sql_plugin.cc:2358
    #20 0x102ae49f8 in Sql_cmd_install_plugin::execute(THD*) sql_plugin.cc:3689
    #21 0x102a0d73c in mysql_execute_command(THD*, bool) sql_parse.cc:4722
    #22 0x102a014cc in dispatch_sql_command(THD*, Parser_state*) sql_parse.cc:5371
    #23 0x1029ec1d4 in dispatch_command(THD*, COM_DATA const*, enum_server_command) sql_parse.cc:2055
    #24 0x1029f955c in do_command(THD*) sql_parse.cc:1440
    #25 0x10330a408 in handle_connection(void*) connection_handler_per_thread.cc:303
    #26 0x107b2bbcc in pfs_spawn_thread(void*) pfs.cc:3050
    #27 0x11cd45858 in asan_thread_start(void*)+0x40 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x51858)
    #28 0x18f8132e0 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x72e0)
    #29 0x18f80e0f8 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x20f8)

==90200==Register values:
 x[0] = 0x0000000129b40b21   x[1] = 0x0000000000000020   x[2] = 0x0000000000000000   x[3] = 0x0000007025388164  
 x[4] = 0x00000000000002aa   x[5] = 0x000000000000001e   x[6] = 0x00000001712f0000   x[7] = 0x0000000000000001  
 x[8] = 0x0000000133be6460   x[9] = 0x0000000129b40b20  x[10] = 0x0000000000000100  x[11] = 0x0000007000020000  
x[12] = 0x0000007025388160  x[13] = 0x0000000000000000  x[14] = 0x000000702538815c  x[15] = 0x0000000000000010  
x[16] = 0x000000018f847ae0  x[17] = 0x000000011cd9c5e0  x[18] = 0x0000000000000000  x[19] = 0x0000000129b54f20  
x[20] = 0x000000011db5a800  x[21] = 0x0000000129b54ff0  x[22] = 0x0000000000000003  x[23] = 0x000000011d7849a0  
x[24] = 0x000000011cdb15d8  x[25] = 0x0000000129b54ff8  x[26] = 0x000000011cdb15c0  x[27] = 0x0000000129b54fe8  
x[28] = 0x0000000129b54fe0     fp = 0x00000001713ed5c0     lr = 0x000000011cd09bcc     sp = 0x00000001713ec510  
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x15c2c) in __asan_register_globals+0x628
Thread T52 created by T0 here:
    #0 0x11cd401c8 in pthread_create+0x5c (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x4c1c8)
    #1 0x107b2b540 in pfs_spawn_thread_vc(unsigned int, unsigned int, my_thread_handle*, _opaque_pthread_attr_t const*, void* (*)(void*), void*) pfs.cc:3096
    #2 0x103309bd8 in Per_thread_connection_handler::add_connection(Channel_info*) connection_handler_per_thread.cc:415
    #3 0x100f20124 in Connection_handler_manager::process_new_connection(Channel_info*) connection_handler_manager.cc:263
    #4 0x101f08010 in Connection_acceptor<Mysqld_socket_listener>::connection_event_loop() connection_acceptor.h:66
    #5 0x101ef5618 in mysqld_main(int, char**) mysqld.cc:8286
    #6 0x18f490270  (<unknown module>)

==90200==ABORTING
2024-10-16T11:14:19Z UTC - mysqld got signal 6 ;

How to repeat:
XCode 16
-DFORCE_UNSUPPORTED_COMPILER=ON -DCMAKE_BUILD_TYPE=Debug -DWITH_DEBUG=ON -DMYSQL_MAINTAINER_MODE=ON -DWITH_SYSTEM_LIBS=ON -DWITH_NDBCLUSTER_STORAGE_ENGINE=OFF -DDOWNLOAD_BOOST=ON -DWITH_BOOST=<path> -DFORCE_COLORED_OUTPUT=ON -DCMAKE_CXX_FLAGS=-g -DCMAKE_CXX_FLAGS_DEBUG=-g -DCMAKE_CXX_FLAGS_RELEASE=-O2 -DNDEBUG -g -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON

Thank you for your report, verified as described.

Same on 8.0.41

Same with 8.0.42

This test crashes with a different stacktrace under 9.3.0 too, posting it here instead of opening a new bug:

...
2025-05-16T10:37:29.919801Z 18 [Note] [MY-010733] [Server] Shutting down plugin 'rpl_semi_sync_slave'
=================================================================
==39503==ERROR: AddressSanitizer: unknown-crash on address 0x00012fd48d0b at pc 0x000121fb6bf4 bp 0x00016cd48e50 sp 0x00016cd48610
READ of size 22 at 0x00012fd48d0b thread T50
    #0 0x000121fb6bf0 in strlen+0x1b0 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x7abf0)
    #1 0x0001070bbfa0 in plugin_add(MEM_ROOT*, MYSQL_LEX_CSTRING, MYSQL_LEX_STRING const*, int*, char**, int, bool) sql_plugin.cc:1057
    #2 0x0001070a9fe4 in mysql_install_plugin(THD*, MYSQL_LEX_CSTRING, MYSQL_LEX_STRING const*) sql_plugin.cc:2339
    #3 0x0001070a94c4 in Sql_cmd_install_plugin::execute(THD*) sql_plugin.cc:3518
    #4 0x000106fdbce4 in mysql_execute_command(THD*, bool) sql_parse.cc:4757
    #5 0x000106fcef40 in dispatch_sql_command(THD*, Parser_state*, bool) sql_parse.cc:5431
    #6 0x000106fbd05c in dispatch_command(THD*, COM_DATA const*, enum_server_command) sql_parse.cc:2147
    #7 0x000106fc7564 in do_command(THD*) sql_parse.cc:1490
    #8 0x00010791aee0 in handle_connection(void*) connection_handler_per_thread.cc:304
    #9 0x00010bcef1fc in pfs_spawn_thread(void*) pfs.cc:3067
    #10 0x000121f764a4 in asan_thread_start(void*)+0x4c (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3a4a4)
    #11 0x000182982c08 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x6c08)
    #12 0x00018297db7c in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1b7c)

0x00012fd48d0b is located 53 bytes before global variable '.str.1' defined in '/Users/laurynas/vilniusdb/mysql-9.3.0/plugin/semisync/semisync_replica_plugin.cc' (0x00012fd48d40) of size 19
  '.str.1' is ascii string 'Oracle Corporation'
0x00012fd48d16 is located 0 bytes after global variable '.str' defined in '/Users/laurynas/vilniusdb/mysql-9.3.0/plugin/semisync/semisync_replica_plugin.cc' (0x00012fd48d00) of size 22
  '.str' is ascii string 'rpl_semi_sync_replica'
AddressSanitizer:DEADLYSIGNAL
AddressSanitizer: nested bug in the same thread, aborting.
...

Updating version field

Same on 8.0.44

No such test in 9.5.0

Same on 8.4.7