Audit log worker thread may crash on write call writing fewer bytes than requested
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
MySQL Server |
Unknown
|
Unknown
|
||||
Percona Server moved to https://jira.percona.com/projects/PS | Status tracked in 5.7 | |||||
5.5 |
Invalid
|
Undecided
|
Unassigned | |||
5.6 |
Invalid
|
Undecided
|
Unassigned | |||
5.7 |
Fix Released
|
High
|
Laurynas Biveinis |
Bug Description
audit_log.
...
15:31:42 UTC - mysqld got signal 11 ;
...
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f1960740101 in __pthread_kill (threadid=
61 ../nptl/
#0 0x00007f1960740101 in __pthread_kill (threadid=
#1 0x000000000079549d in handle_fatal_signal (sig=11) at /mnt/workspace/
#2 <signal handler called>
#3 thd_killed (thd=<optimized out>) at /mnt/workspace/
#4 0x0000000000e7960a in my_write (Filedes=20, Buffer=
#5 0x00007f19300eb196 in logger_write (log=0x2e69560, buffer=0x2e68557 "<AUDIT_RECORD\n NAME=\"Query\"\n RECORD=
#6 0x00007f19300eb7c8 in audit_log_flush (log=0x2e68450) at /mnt/workspace/
#7 audit_log_
#8 0x00007f196073b0a4 in start_thread (arg=0x7f1907ff
#9 0x00007f195e98787d in clone () at ../sysdeps/
The issue here is my_b_write, if ::write returned fewer bytes than requested, will check thread kill status through a thd_killed call with a NULL arg. It will attempt to read a THD pointer from TLS, will receive NULL for this utility thread, and will dereference it.
tags: | added: audit |
tags: | added: upstream |
summary: |
- Audit log worker thread may crash on I/O returning an error + Audit log worker thread may crash on write call writing fewer bytes than + requested |
https:/ /github. com/percona/ percona- server/ pull/396