[DocDB] Fix heap-use-after-free in yb::YBThreadPool #28297
Description
Jira Link: DB-17979
Description
The following test:
ybd asan --cxx-test integration-tests_cdcsdk_consumption_consistent_changes-test --gtest_filter CDCSDKConsumptionConsistentChangesTest.TestLSNDeterminismWithSpecialRecordOnRestartWithPartialAck --clang19
Finds the following issue:
==133714==ERROR: AddressSanitizer: heap-use-after-free on address 0x50e000055170 at pc 0x7f34157b8e4a bp 0x7f340d6f63f0 sp 0x7f340d6f63e8
READ of size 8 at 0x50e000055170 thread T7 (iotp_Master_1xx)
#0 0x7f34157b8e49 in yb::(anonymous namespace)::GetNext(yb::(anonymous namespace)::Worker&) ${YB_SRC_ROOT}/src/yb/util/thread_pool.cc:259:19
#1 0x7f34157b8e49 in yb::LockFreeStack<yb::(anonymous namespace)::Worker>::Pop() ${YB_SRC_ROOT}/src/yb/util/lockfree.h:206:21
#2 0x7f34157b8e49 in yb::YBThreadPool::Impl::NotifyWorker(yb::ThreadPoolTask*) ${YB_SRC_ROOT}/src/yb/util/thread_pool.cc:366:49
#3 0x7f34157b63b8 in yb::YBThreadPool::Impl::Enqueue(yb::ThreadPoolTask*) ${YB_SRC_ROOT}/src/yb/util/thread_pool.cc:306:9
0x50e000055170 is located 144 bytes inside of 152-byte region [0x50e0000550e0,0x50e000055178)
freed by thread T9 (iotp_Master_3xx) here:
#0 0x55dc57ca1992 in operator delete(void*, unsigned long) ${YB_LLVM_TOOLCHAIN_DIR}/src/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:155:3
#1 0x7f34157b26f1 in std::default_delete<yb::(anonymous namespace)::Worker>::operator()[abi:ne190100](yb::(anonymous namespace)::Worker*) const ${YB_THIRDPARTY_DIR}/installed/asan/libcxx/include/c++/v1/__memory/unique_ptr.h:80:5
#2 0x7f34157b8ccc in boost::intrusive::list_iterator<boost::intrusive::bhtraits<yb::(anonymous namespace)::Worker, boost::intrusive::list_node_traits<void*>, (boost::intrusive::link_mode_type)1, boost::intrusive::dft_tag, 1u>, false> boost::intrusive::list_impl<boost::intrusive::bhtraits<yb::(anonymous namespace)::Worker, boost::intrusive::list_node_traits<void*>, (boost::intrusive::link_mode_type)1, boost::intrusive::dft_tag, 1u>, unsigned long, true, void>::erase_and_dispose<std::default_delete<yb::(anonymous namespace)::Worker>>(boost::intrusive::list_iterator<boost::intrusive::bhtraits<yb::(anonymous namespace)::Worker, boost::intrusive::list_node_traits<void*>, (boost::intrusive::link_mode_type)1, boost::intrusive::dft_tag, 1u>, true>, std::default_delete<yb::(anonymous namespace)::Worker>) ${YB_THIRDPARTY_DIR}/installed/asan/include/boost/intrusive/list.hpp:677:7
#3 0x7f34157b8ccc in boost::intrusive::list_iterator<boost::intrusive::bhtraits<yb::(anonymous namespace)::Worker, boost::intrusive::list_node_traits<void*>, (boost::intrusive::link_mode_type)1, boost::intrusive::dft_tag, 1u>, false> boost::intrusive::list_impl<boost::intrusive::bhtraits<yb::(anonymous namespace)::Worker, boost::intrusive::list_node_traits<void*>, (boost::intrusive::link_mode_type)1, boost::intrusive::dft_tag, 1u>, unsigned long, true, void>::erase_and_dispose<std::default_delete<yb::(anonymous namespace)::Worker>>(boost::intrusive::list_iterator<boost::intrusive::bhtraits<yb::(anonymous namespace)::Worker, boost::intrusive::list_node_traits<void*>, (boost::intrusive::link_mode_type)1, boost::intrusive::dft_tag, 1u>, false>, std::default_delete<yb::(anonymous namespace)::Worker>) ${YB_THIRDPARTY_DIR}/installed/asan/include/boost/intrusive/list.hpp:684:20
#4 0x7f34157b8ccc in yb::YBThreadPool::Impl::NotifyWorker(yb::ThreadPoolTask*) ${YB_SRC_ROOT}/src/yb/util/thread_pool.cc:380:22
#5 0x7f34157b63b8 in yb::YBThreadPool::Impl::Enqueue(yb::ThreadPoolTask*) ${YB_SRC_ROOT}/src/yb/util/thread_pool.cc:306:9
Until this is fixed, I have muted the test for ASAN.
Issue Type
kind/bug
Warning: Please confirm that this issue does not contain any sensitive information
- I confirm this issue does not contain any sensitive information.