[MDEV-32458] ASAN unknown-crash in Inet6::ascii_to_fbt when casting character string to inet6 - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.5, 10.6, 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL), 11.1(EOL), 11.2(EOL), 11.3(EOL)
Fix Version/s: 11.3.2, 10.5.25, 10.11.8, 10.6.18, 11.0.6, 11.1.5, 11.2.4, 11.4.2, 11.5.1
Component/s: Data types
Labels:
None

Description

CREATE TABLE t (c CHAR(3));

INSERT INTO t VALUES ('1:0'),('00:');

SELECT * FROM t WHERE c>CAST('::1' AS INET6);

Leads to

11.3.0 5fc19e71375fb39eb85354321bf852d998aecf81 (Optimized, UBASAN)
==910426==ERROR: AddressSanitizer: unknown-crash on address 0x619000088ecc at pc 0x558cc8febba7 bp 0x14891b2a6750 sp 0x14891b2a6740
READ of size 1 at 0x619000088ecc thread T5
#0 0x558cc8febba6 in Inet6::ascii_to_fbt(char const*, unsigned long) /test/11.3_opt_san/plugin/type_inet/sql_type_inet.cc:232
#1 0x558cc8fa30f2 in Type_handler_fbt<Inet6, Type_collection_fbt<Inet6> >::Fbt::character_string_to_fbt(char const, unsigned long, charset_info_st const) /test/11.3_opt_san/sql/sql_type_fixedbin.h:75
#2 0x558cc8fa341e in Type_handler_fbt<Inet6, Type_collection_fbt<Inet6> >::character_or_binary_string_to_native(THD, String const, Native*) const (/test/UBASAN_MD101023-mariadb-11.3.0-linux-x86_64-opt/bin/mariadbd+0xc8f541e)
#3 0x558cc8fa5b26 in Type_handler_fbt<Inet6, Type_collection_fbt<Inet6> >::Item_val_native_with_conversion(THD, Item, Native*) const /test/11.3_opt_san/sql/sql_type_fixedbin.h:1593
#4 0x558cc640067b in Item::val_native_with_conversion(THD, Native, Type_handler const*) /test/11.3_opt_san/sql/item.h:1545
#5 0x558cc640067b in Arg_comparator::compare_native() /test/11.3_opt_san/sql/item_cmpfunc.cc:807
#6 0x558cc63e54cb in Arg_comparator::compare() /test/11.3_opt_san/sql/item_cmpfunc.h:104
#7 0x558cc63e54cb in Item_func_gt::val_int() /test/11.3_opt_san/sql/item_cmpfunc.cc:1820
#8 0x558cc4d6c48e in evaluate_join_record /test/11.3_opt_san/sql/sql_select.cc:23587
#9 0x558cc4dc1c6e in sub_select(JOIN, st_join_table, bool) /test/11.3_opt_san/sql/sql_select.cc:23523
#10 0x558cc4f9d8be in do_select /test/11.3_opt_san/sql/sql_select.cc:23003
#11 0x558cc4f9d8be in JOIN::exec_inner() /test/11.3_opt_san/sql/sql_select.cc:4949
#12 0x558cc4fa26a9 in JOIN::exec() /test/11.3_opt_san/sql/sql_select.cc:4726
#13 0x558cc4f8fa7c in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/11.3_opt_san/sql/sql_select.cc:5257
#14 0x558cc4f93713 in handle_select(THD, LEX, select_result*, unsigned long long) /test/11.3_opt_san/sql/sql_select.cc:628
#15 0x558cc4b6b43f in execute_sqlcom_select /test/11.3_opt_san/sql/sql_parse.cc:6021
#16 0x558cc4bba7f5 in mysql_execute_command(THD*, bool) /test/11.3_opt_san/sql/sql_parse.cc:3921
#17 0x558cc4b3a6a0 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/11.3_opt_san/sql/sql_parse.cc:7743
#18 0x558cc4b91750 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/11.3_opt_san/sql/sql_parse.cc:1893
#19 0x558cc4b9c9dd in do_command(THD*, bool) /test/11.3_opt_san/sql/sql_parse.cc:1406
#20 0x558cc54e281d in do_handle_one_connection(CONNECT*, bool) /test/11.3_opt_san/sql/sql_connect.cc:1445
#21 0x558cc54e4e8c in handle_one_connection /test/11.3_opt_san/sql/sql_connect.cc:1347
#22 0x148921893608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477
#23 0x148920b08132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132)

0x619000088ecc is located 76 bytes inside of 1040-byte region [0x619000088e80,0x619000089290)
allocated by thread T5 here:
#0 0x558cc431d5c8 in malloc (/test/UBASAN_MD101023-mariadb-11.3.0-linux-x86_64-opt/bin/mariadbd+0x7c6f5c8)
#1 0x558cc8842ff4 in my_malloc /test/11.3_opt_san/mysys/my_malloc.c:89
#2 0x558cc881f1f0 in root_alloc /test/11.3_opt_san/mysys/my_alloc.c:71
#3 0x558cc881f1f0 in alloc_root /test/11.3_opt_san/mysys/my_alloc.c:339
#4 0x558cc8820f7f in strmake_root /test/11.3_opt_san/mysys/my_alloc.c:598
#5 0x558cc535802f in open_table_from_share(THD, TABLE_SHARE, st_mysql_const_lex_string const, unsigned int, unsigned int, unsigned int, TABLE, bool, List<String>*) /test/11.3_opt_san/sql/table.cc:4270
#6 0x558cc47852b1 in open_table(THD, TABLE_LIST, Open_table_context*) /test/11.3_opt_san/sql/sql_base.cc:2228
#7 0x558cc479ba29 in open_and_process_table /test/11.3_opt_san/sql/sql_base.cc:4158
#8 0x558cc479ba29 in open_tables(THD, DDL_options_st const&, TABLE_LIST, unsigned int, unsigned int, Prelocking_strategy*) /test/11.3_opt_san/sql/sql_base.cc:4643
#9 0x558cc47a0130 in open_and_lock_tables(THD, DDL_options_st const&, TABLE_LIST, bool, unsigned int, Prelocking_strategy*) /test/11.3_opt_san/sql/sql_base.cc:5617
#10 0x558cc49b28a4 in open_and_lock_tables(THD, TABLE_LIST, bool, unsigned int) /test/11.3_opt_san/sql/sql_base.h:525
#11 0x558cc49b28a4 in mysql_insert(THD, TABLE_LIST, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /test/11.3_opt_san/sql/sql_insert.cc:768
#12 0x558cc4badca1 in mysql_execute_command(THD*, bool) /test/11.3_opt_san/sql/sql_parse.cc:4426
#13 0x558cc4b3a6a0 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/11.3_opt_san/sql/sql_parse.cc:7743
#14 0x558cc4b91750 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/11.3_opt_san/sql/sql_parse.cc:1893
#15 0x558cc4b9c9dd in do_command(THD*, bool) /test/11.3_opt_san/sql/sql_parse.cc:1406
#16 0x558cc54e281d in do_handle_one_connection(CONNECT*, bool) /test/11.3_opt_san/sql/sql_connect.cc:1445
#17 0x558cc54e4e8c in handle_one_connection /test/11.3_opt_san/sql/sql_connect.cc:1347
#18 0x148921893608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477

Thread T5 created by T0 here:
#0 0x558cc424a605 in pthread_create (/test/UBASAN_MD101023-mariadb-11.3.0-linux-x86_64-opt/bin/mariadbd+0x7b9c605)
#1 0x558cc436e153 in create_thread_to_handle_connection(CONNECT*) /test/11.3_opt_san/sql/mysqld.cc:6147
#2 0x558cc437f7df in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /test/11.3_opt_san/sql/mysqld.cc:6271
#3 0x558cc43807f7 in handle_connections_sockets() /test/11.3_opt_san/sql/mysqld.cc:6395
#4 0x558cc4383774 in mysqld_main(int, char**) /test/11.3_opt_san/sql/mysqld.cc:6042
#5 0x148920a0d082 in __libc_start_main ../csu/libc-start.c:308

SUMMARY: AddressSanitizer: unknown-crash /test/11.3_opt_san/plugin/type_inet/sql_type_inet.cc:232 in Inet6::ascii_to_fbt(char const*, unsigned long)

Attachments

Issue Links

is duplicated by

MDEV-32677 mariadb crash when i enter a sql query

Closed

Activity

Alice Sherepa added a comment - 2023-11-06 13:18 - edited

Version: '10.5.23-MariaDB-debug-log'  b06ac9a8cd2146e89270cc2150d306d8ed1b33fb

=================================================================

==335947==ERROR: AddressSanitizer: unknown-crash on address 0x6190000e023c at pc 0x562e363099e1 bp 0x7fb03f1b6550 sp 0x7fb03f1b6540

READ of size 1 at 0x6190000e023c thread T27

    #0 0x562e363099e0 in Inet6::ascii_to_ipv6(char const*, unsigned long) /10.5/src/plugin/type_inet/sql_type_inet.cc:232

    #1 0x562e363079d2 in Inet6::character_string_to_ipv6(char const*, unsigned long, charset_info_st const*) /10.5/src/plugin/type_inet/sql_type_inet.h:153

    #2 0x562e36307e04 in Inet6_null::Inet6_null(char const*, unsigned long, charset_info_st const*) /10.5/src/plugin/type_inet/sql_type_inet.h:260

    #3 0x562e36307e77 in Inet6_null::Inet6_null(String const&) /10.5/src/plugin/type_inet/sql_type_inet.h:263

    #4 0x562e3630c157 in Type_handler_inet6::character_or_binary_string_to_native(THD*, String const*, Native*) const /10.5/src/plugin/type_inet/sql_type_inet.cc:1406

    #5 0x562e36311cf8 in Type_handler_inet6::Item_val_native_with_conversion(THD*, Item*, Native*) const /10.5/src/plugin/type_inet/sql_type_inet.h:781

    #6 0x562e34b13c72 in Item::val_native_with_conversion(THD*, Native*, Type_handler const*) /10.5/src/sql/item.h:1338

    #7 0x562e34d1ade2 in Arg_comparator::compare_native() /10.5/src/sql/item_cmpfunc.cc:815

    #8 0x562e34d61b13 in Arg_comparator::compare() /10.5/src/sql/item_cmpfunc.h:102

    #9 0x562e34d279be in Item_func_gt::val_int() /10.5/src/sql/item_cmpfunc.cc:1834

    #10 0x562e34568327 in evaluate_join_record /10.5/src/sql/sql_select.cc:21275

    #11 0x562e34567c63 in sub_select(JOIN*, st_join_table*, bool) /10.5/src/sql/sql_select.cc:21216

    #12 0x562e34565365 in do_select /10.5/src/sql/sql_select.cc:20696

    #13 0x562e344ef9b9 in JOIN::exec_inner() /10.5/src/sql/sql_select.cc:4602

    #14 0x562e344ecfc3 in JOIN::exec() /10.5/src/sql/sql_select.cc:4382

    #15 0x562e344f1408 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /10.5/src/sql/sql_select.cc:4859

    #16 0x562e344c20ba in handle_select(THD*, LEX*, select_result*, unsigned long) /10.5/src/sql/sql_select.cc:450

    #17 0x562e3442764c in execute_sqlcom_select /10.5/src/sql/sql_parse.cc:6343

    #18 0x562e344163b1 in mysql_execute_command(THD*) /10.5/src/sql/sql_parse.cc:4020

    #19 0x562e344329be in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /10.5/src/sql/sql_parse.cc:8120

    #20 0x562e344083ec in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /10.5/src/sql/sql_parse.cc:1891

    #21 0x562e34404d54 in do_command(THD*) /10.5/src/sql/sql_parse.cc:1375

    #22 0x562e348639a2 in do_handle_one_connection(CONNECT*, bool) /10.5/src/sql/sql_connect.cc:1416

    #23 0x562e34863306 in handle_one_connection /10.5/src/sql/sql_connect.cc:1318

    #24 0x562e354efb01 in pfs_spawn_thread /10.5/src/storage/perfschema/pfs.cc:2201

    #25 0x7fb0559bb608 in start_thread /build/glibc-BHL3KM/glibc-2.31/nptl/pthread_create.c:477

    #26 0x7fb05558c132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132)

0x6190000e023c is located 188 bytes inside of 1124-byte region [0x6190000e0180,0x6190000e05e4)

allocated by thread T27 here:

    #0 0x7fb055fd7808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144

    #1 0x562e361a95ec in sf_malloc /10.5/src/mysys/safemalloc.c:121

    #2 0x562e36176df1 in my_malloc /10.5/src/mysys/my_malloc.c:91

    #3 0x562e36152b6d in alloc_root /10.5/src/mysys/my_alloc.c:256

    #4 0x562e361541f6 in strmake_root /10.5/src/mysys/my_alloc.c:485

    #5 0x562e3477bb5e in open_table_from_share(THD*, TABLE_SHARE*, st_mysql_const_lex_string const*, unsigned int, unsigned int, unsigned int, TABLE*, bool, List<String>*) /10.5/src/sql/table.cc:4020

    #6 0x562e3426c8f3 in open_table(THD*, TABLE_LIST*, Open_table_context*) /10.5/src/sql/sql_base.cc:2020

    #7 0x562e34276471 in open_and_process_table /10.5/src/sql/sql_base.cc:3812

    #8 0x562e342790c0 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /10.5/src/sql/sql_base.cc:4296

    #9 0x562e3427e28b in open_and_lock_tables(THD*, DDL_options_st const&, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) /10.5/src/sql/sql_base.cc:5243

    #10 0x562e341d1f64 in open_and_lock_tables(THD*, TABLE_LIST*, bool, unsigned int) /10.5/src/sql/sql_base.h:507

    #11 0x562e3434d6ad in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /10.5/src/sql/sql_insert.cc:758

    #12 0x562e3441a274 in mysql_execute_command(THD*) /10.5/src/sql/sql_parse.cc:4641

    #13 0x562e344329be in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /10.5/src/sql/sql_parse.cc:8120

    #14 0x562e344083ec in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /10.5/src/sql/sql_parse.cc:1891

    #15 0x562e34404d54 in do_command(THD*) /10.5/src/sql/sql_parse.cc:1375

    #16 0x562e348639a2 in do_handle_one_connection(CONNECT*, bool) /10.5/src/sql/sql_connect.cc:1416

    #17 0x562e34863306 in handle_one_connection /10.5/src/sql/sql_connect.cc:1318

    #18 0x562e354efb01 in pfs_spawn_thread /10.5/src/storage/perfschema/pfs.cc:2201

    #19 0x7fb0559bb608 in start_thread /build/glibc-BHL3KM/glibc-2.31/nptl/pthread_create.c:477

Thread T27 created by T0 here:

    #0 0x7fb055f04815 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cc:208

    #1 0x562e354eb6d6 in my_thread_create /10.5/src/storage/perfschema/my_thread.h:52

    #2 0x562e354efef4 in pfs_spawn_thread_v1 /10.5/src/storage/perfschema/pfs.cc:2252

    #3 0x562e340e9974 in inline_mysql_thread_create /10.5/src/include/mysql/psi/mysql_thread.h:1323

    #4 0x562e34100083 in create_thread_to_handle_connection(CONNECT*) /10.5/src/sql/mysqld.cc:6062

    #5 0x562e34100702 in create_new_thread(CONNECT*) /10.5/src/sql/mysqld.cc:6121

    #6 0x562e34100a5f in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /10.5/src/sql/mysqld.cc:6186

    #7 0x562e341016c1 in handle_connections_sockets() /10.5/src/sql/mysqld.cc:6313

    #8 0x562e340ff890 in mysqld_main(int, char**) /10.5/src/sql/mysqld.cc:5708

    #9 0x562e340e81bc in main /10.5/src/sql/main.cc:25

    #10 0x7fb055491082 in __libc_start_main ../csu/libc-start.c:308

SUMMARY: AddressSanitizer: unknown-crash /10.5/src/plugin/type_inet/sql_type_inet.cc:232 in Inet6::ascii_to_ipv6(char const*, unsigned long)

Shadow bytes around the buggy address:

  0x0c3280013ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  0x0c3280014000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  0x0c3280014010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04

  0x0c3280014020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

  0x0c3280014030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

=>0x0c3280014040: 00 00 00 00 f7 03 f7[04]04 f7 00 00 f7 f7 f7 f7

  0x0c3280014050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  0x0c3280014060: 00 00 00 00 00 00 00 00 00 00 00 00 00 f7 00 00

  0x0c3280014070: 00 04 f7 00 00 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7

  0x0c3280014080: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7

  0x0c3280014090: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7

Shadow byte legend (one shadow byte represents 8 application bytes):

  Addressable:           00

  Partially addressable: 01 02 03 04 05 06 07

  Heap left redzone:       fa

  Freed heap region:       fd

  Stack left redzone:      f1

  Stack mid redzone:       f2

  Stack right redzone:     f3

  Stack after return:      f5

  Stack use after scope:   f8

  Global redzone:          f9

  Global init order:       f6

  Poisoned by user:        f7

  Container overflow:      fc

  Array cookie:            ac

  Intra object redzone:    bb

  ASan internal:           fe

  Left alloca redzone:     ca

  Right alloca redzone:    cb

  Shadow gap:              cc

==335947==ABORTING

Alice Sherepa added a comment - 2023-11-06 13:18 - edited Version: '10.5.23-MariaDB-debug-log' b06ac9a8cd2146e89270cc2150d306d8ed1b33fb ================================================================= ==335947==ERROR: AddressSanitizer: unknown-crash on address 0x6190000e023c at pc 0x562e363099e1 bp 0x7fb03f1b6550 sp 0x7fb03f1b6540 READ of size 1 at 0x6190000e023c thread T27 #0 0x562e363099e0 in Inet6::ascii_to_ipv6(char const*, unsigned long) /10.5/src/plugin/type_inet/sql_type_inet.cc:232 #1 0x562e363079d2 in Inet6::character_string_to_ipv6(char const*, unsigned long, charset_info_st const*) /10.5/src/plugin/type_inet/sql_type_inet.h:153 #2 0x562e36307e04 in Inet6_null::Inet6_null(char const*, unsigned long, charset_info_st const*) /10.5/src/plugin/type_inet/sql_type_inet.h:260 #3 0x562e36307e77 in Inet6_null::Inet6_null(String const&) /10.5/src/plugin/type_inet/sql_type_inet.h:263 #4 0x562e3630c157 in Type_handler_inet6::character_or_binary_string_to_native(THD*, String const*, Native*) const /10.5/src/plugin/type_inet/sql_type_inet.cc:1406 #5 0x562e36311cf8 in Type_handler_inet6::Item_val_native_with_conversion(THD*, Item*, Native*) const /10.5/src/plugin/type_inet/sql_type_inet.h:781 #6 0x562e34b13c72 in Item::val_native_with_conversion(THD*, Native*, Type_handler const*) /10.5/src/sql/item.h:1338 #7 0x562e34d1ade2 in Arg_comparator::compare_native() /10.5/src/sql/item_cmpfunc.cc:815 #8 0x562e34d61b13 in Arg_comparator::compare() /10.5/src/sql/item_cmpfunc.h:102 #9 0x562e34d279be in Item_func_gt::val_int() /10.5/src/sql/item_cmpfunc.cc:1834 #10 0x562e34568327 in evaluate_join_record /10.5/src/sql/sql_select.cc:21275 #11 0x562e34567c63 in sub_select(JOIN*, st_join_table*, bool) /10.5/src/sql/sql_select.cc:21216 #12 0x562e34565365 in do_select /10.5/src/sql/sql_select.cc:20696 #13 0x562e344ef9b9 in JOIN::exec_inner() /10.5/src/sql/sql_select.cc:4602 #14 0x562e344ecfc3 in JOIN::exec() /10.5/src/sql/sql_select.cc:4382 #15 0x562e344f1408 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /10.5/src/sql/sql_select.cc:4859 #16 0x562e344c20ba in handle_select(THD*, LEX*, select_result*, unsigned long) /10.5/src/sql/sql_select.cc:450 #17 0x562e3442764c in execute_sqlcom_select /10.5/src/sql/sql_parse.cc:6343 #18 0x562e344163b1 in mysql_execute_command(THD*) /10.5/src/sql/sql_parse.cc:4020 #19 0x562e344329be in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /10.5/src/sql/sql_parse.cc:8120 #20 0x562e344083ec in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /10.5/src/sql/sql_parse.cc:1891 #21 0x562e34404d54 in do_command(THD*) /10.5/src/sql/sql_parse.cc:1375 #22 0x562e348639a2 in do_handle_one_connection(CONNECT*, bool) /10.5/src/sql/sql_connect.cc:1416 #23 0x562e34863306 in handle_one_connection /10.5/src/sql/sql_connect.cc:1318 #24 0x562e354efb01 in pfs_spawn_thread /10.5/src/storage/perfschema/pfs.cc:2201 #25 0x7fb0559bb608 in start_thread /build/glibc-BHL3KM/glibc-2.31/nptl/pthread_create.c:477 #26 0x7fb05558c132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132) 0x6190000e023c is located 188 bytes inside of 1124-byte region [0x6190000e0180,0x6190000e05e4) allocated by thread T27 here: #0 0x7fb055fd7808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0x562e361a95ec in sf_malloc /10.5/src/mysys/safemalloc.c:121 #2 0x562e36176df1 in my_malloc /10.5/src/mysys/my_malloc.c:91 #3 0x562e36152b6d in alloc_root /10.5/src/mysys/my_alloc.c:256 #4 0x562e361541f6 in strmake_root /10.5/src/mysys/my_alloc.c:485 #5 0x562e3477bb5e in open_table_from_share(THD*, TABLE_SHARE*, st_mysql_const_lex_string const*, unsigned int, unsigned int, unsigned int, TABLE*, bool, List<String>*) /10.5/src/sql/table.cc:4020 #6 0x562e3426c8f3 in open_table(THD*, TABLE_LIST*, Open_table_context*) /10.5/src/sql/sql_base.cc:2020 #7 0x562e34276471 in open_and_process_table /10.5/src/sql/sql_base.cc:3812 #8 0x562e342790c0 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /10.5/src/sql/sql_base.cc:4296 #9 0x562e3427e28b in open_and_lock_tables(THD*, DDL_options_st const&, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) /10.5/src/sql/sql_base.cc:5243 #10 0x562e341d1f64 in open_and_lock_tables(THD*, TABLE_LIST*, bool, unsigned int) /10.5/src/sql/sql_base.h:507 #11 0x562e3434d6ad in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /10.5/src/sql/sql_insert.cc:758 #12 0x562e3441a274 in mysql_execute_command(THD*) /10.5/src/sql/sql_parse.cc:4641 #13 0x562e344329be in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /10.5/src/sql/sql_parse.cc:8120 #14 0x562e344083ec in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /10.5/src/sql/sql_parse.cc:1891 #15 0x562e34404d54 in do_command(THD*) /10.5/src/sql/sql_parse.cc:1375 #16 0x562e348639a2 in do_handle_one_connection(CONNECT*, bool) /10.5/src/sql/sql_connect.cc:1416 #17 0x562e34863306 in handle_one_connection /10.5/src/sql/sql_connect.cc:1318 #18 0x562e354efb01 in pfs_spawn_thread /10.5/src/storage/perfschema/pfs.cc:2201 #19 0x7fb0559bb608 in start_thread /build/glibc-BHL3KM/glibc-2.31/nptl/pthread_create.c:477 Thread T27 created by T0 here: #0 0x7fb055f04815 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cc:208 #1 0x562e354eb6d6 in my_thread_create /10.5/src/storage/perfschema/my_thread.h:52 #2 0x562e354efef4 in pfs_spawn_thread_v1 /10.5/src/storage/perfschema/pfs.cc:2252 #3 0x562e340e9974 in inline_mysql_thread_create /10.5/src/include/mysql/psi/mysql_thread.h:1323 #4 0x562e34100083 in create_thread_to_handle_connection(CONNECT*) /10.5/src/sql/mysqld.cc:6062 #5 0x562e34100702 in create_new_thread(CONNECT*) /10.5/src/sql/mysqld.cc:6121 #6 0x562e34100a5f in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /10.5/src/sql/mysqld.cc:6186 #7 0x562e341016c1 in handle_connections_sockets() /10.5/src/sql/mysqld.cc:6313 #8 0x562e340ff890 in mysqld_main(int, char**) /10.5/src/sql/mysqld.cc:5708 #9 0x562e340e81bc in main /10.5/src/sql/main.cc:25 #10 0x7fb055491082 in __libc_start_main ../csu/libc-start.c:308 SUMMARY: AddressSanitizer: unknown-crash /10.5/src/plugin/type_inet/sql_type_inet.cc:232 in Inet6::ascii_to_ipv6(char const*, unsigned long) Shadow bytes around the buggy address: 0x0c3280013ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c3280014000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c3280014010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 0x0c3280014020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c3280014030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c3280014040: 00 00 00 00 f7 03 f7[04]04 f7 00 00 f7 f7 f7 f7 0x0c3280014050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c3280014060: 00 00 00 00 00 00 00 00 00 00 00 00 00 f7 00 00 0x0c3280014070: 00 04 f7 00 00 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 0x0c3280014080: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 0x0c3280014090: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==335947==ABORTING

People

Assignee:: Alexander Barkov

Reporter:: Ramesh Sivaraman

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2023-10-13 05:15

Updated:: 2024-04-11 02:28

Resolved:: 2024-04-11 02:28

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server