================================================================= ==2804941==ERROR: AddressSanitizer: heap-use-after-free on address 0x61d00005fc28 at pc 0x000000f8f343 bp 0x7f6560161c30 sp 0x7f6560161c28 READ of size 8 at 0x61d00005fc28 thread T24 #0 0xf8f342 in Item_change_list::rollback_item_tree_changes() /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/sql_class.cc:2914:29 #1 0x1309079 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/sql_parse.cc:8086:28 #2 0x12f7242 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/sql_parse.cc:1889:7 #3 0x130cd18 in do_command(THD*) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/sql_parse.cc:1370:17 #4 0x2023c1c in do_handle_one_connection(CONNECT*, bool) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/sql_connect.cc:1410:11 #5 0x202215c in handle_one_connection /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/sql_connect.cc:1312:5 #6 0x46e90f2 in pfs_spawn_thread /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/storage/perfschema/pfs.cc:2201:3 #7 0x7f657f762608 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x9608) #8 0x7f657ead4292 in clone /build/glibc-eX1tMB/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95 0x61d00005fc28 is located 424 bytes inside of 1992-byte region [0x61d00005fa80,0x61d000060248) freed by thread T24 here: #0 0x95854d in free (/usr/local/mysql/bin/mariadbd+0x95854d) #1 0x6aa891b in my_free /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/mysys/my_malloc.c:211:3 #2 0x6a2fb47 in free_root /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/mysys/my_alloc.c:416:7 #3 0x1d89fa9 in closefrm(TABLE*) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/table.cc:4345:3 #4 0x2c71b1c in ha_create_table(THD*, char const*, char const*, char const*, HA_CREATE_INFO*, st_mysql_const_unsigned_lex_string*) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/handler.cc:5568:10 #5 0x1ade230 in create_table_impl(THD*, st_mysql_const_lex_string const&, st_mysql_const_lex_string const&, st_mysql_const_lex_string const&, st_mysql_const_lex_string const&, char const*, DDL_options_st, HA_CREATE_INFO*, Alter_info*, int, bool*, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/sql_table.cc:5376:11 #6 0x1ad8b73 in mysql_create_table_no_lock(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, Table_specification_st*, Alter_info*, bool*, int, TABLE_LIST*) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/sql_table.cc:5460:8 #7 0x1ae104c in mysql_create_table(THD*, TABLE_LIST*, Table_specification_st*, Alter_info*) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/sql_table.cc:5564:7 #8 0x1b81336 in Sql_cmd_create_table_like::execute(THD*) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/sql_table.cc:12142:12 #9 0x13789fe in mysql_execute_command(THD*) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/sql_parse.cc:6024:26 #10 0x1308592 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/sql_parse.cc:8063:18 #11 0x12f7242 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/sql_parse.cc:1889:7 #12 0x130cd18 in do_command(THD*) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/sql_parse.cc:1370:17 #13 0x2023c1c in do_handle_one_connection(CONNECT*, bool) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/sql_connect.cc:1410:11 #14 0x202215c in handle_one_connection /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/sql_connect.cc:1312:5 #15 0x46e90f2 in pfs_spawn_thread /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/storage/perfschema/pfs.cc:2201:3 #16 0x7f657f762608 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x9608) previously allocated by thread T24 here: #0 0x9587cd in malloc (/usr/local/mysql/bin/mariadbd+0x9587cd) #1 0x6aa65d2 in my_malloc /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/mysys/my_malloc.c:90:29 #2 0x6a2c068 in alloc_root /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/mysys/my_alloc.c:244:30 #3 0xa933d2 in Item::operator new(unsigned long, st_mem_root*) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/item.h:745:12 #4 0x2e5dccc in convert_const_to_int(THD*, Item_field*, Item**) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/item_cmpfunc.cc:358:20 #5 0x2ef077a in Item_func_in::value_list_convert_const_to_int(THD*) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/item_cmpfunc.cc:4501:16 #6 0x24c78b5 in Type_handler_real_result::Item_func_in_fix_comparator_compatible_types(THD*, Item_func_in*) const /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/sql_type.cc:5799:12 #7 0x2eee3c0 in Item_func_in::fix_length_and_dec() /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/item_cmpfunc.cc:4418:9 #8 0x301de33 in Item_func::fix_fields(THD*, Item**) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/item_func.cc:370:7 #9 0x2eeba1b in Item_func_in::fix_fields(THD*, Item**) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/item_cmpfunc.cc:4334:26 #10 0x1d7562d in fix_vcol_expr(THD*, Virtual_column_info*) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/table.cc:3495:26 #11 0x1e162b8 in fix_and_check_vcol_expr(THD*, TABLE*, Virtual_column_info*) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/table.cc:3580:7 #12 0x1d5bf23 in unpack_vcol_info_from_frm(THD*, st_mem_root*, TABLE*, String*, Virtual_column_info**, bool*) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/table.cc:3706:8 #13 0x1d53f27 in parse_vcol_defs(THD*, st_mem_root*, TABLE*, bool*, vcol_init_mode) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/table.cc:1242:13 #14 0x1d7f507 in open_table_from_share(THD*, TABLE_SHARE*, st_mysql_const_lex_string const*, unsigned int, unsigned int, unsigned int, TABLE*, bool, List*) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/table.cc:4085:9 #15 0x2c70ed0 in ha_create_table(THD*, char const*, char const*, char const*, HA_CREATE_INFO*, st_mysql_const_unsigned_lex_string*) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/handler.cc:5549:7 #16 0x1ade230 in create_table_impl(THD*, st_mysql_const_lex_string const&, st_mysql_const_lex_string const&, st_mysql_const_lex_string const&, st_mysql_const_lex_string const&, char const*, DDL_options_st, HA_CREATE_INFO*, Alter_info*, int, bool*, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/sql_table.cc:5376:11 #17 0x1ad8b73 in mysql_create_table_no_lock(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, Table_specification_st*, Alter_info*, bool*, int, TABLE_LIST*) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/sql_table.cc:5460:8 #18 0x1ae104c in mysql_create_table(THD*, TABLE_LIST*, Table_specification_st*, Alter_info*) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/sql_table.cc:5564:7 #19 0x1b81336 in Sql_cmd_create_table_like::execute(THD*) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/sql_table.cc:12142:12 #20 0x13789fe in mysql_execute_command(THD*) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/sql_parse.cc:6024:26 #21 0x1308592 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/sql_parse.cc:8063:18 #22 0x12f7242 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/sql_parse.cc:1889:7 #23 0x130cd18 in do_command(THD*) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/sql_parse.cc:1370:17 #24 0x2023c1c in do_handle_one_connection(CONNECT*, bool) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/sql_connect.cc:1410:11 #25 0x202215c in handle_one_connection /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/sql_connect.cc:1312:5 #26 0x46e90f2 in pfs_spawn_thread /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/storage/perfschema/pfs.cc:2201:3 #27 0x7f657f762608 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x9608) Thread T24 created by T0 here: #0 0x942f5a in pthread_create (/usr/local/mysql/bin/mariadbd+0x942f5a) #1 0x46ea170 in my_thread_create(unsigned long*, pthread_attr_t const*, void* (*)(void*), void*) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/storage/perfschema/my_thread.h:38:10 #2 0x46ea007 in pfs_spawn_thread_v1 /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/storage/perfschema/pfs.cc:2252:15 #3 0x999a30 in inline_mysql_thread_create(unsigned int, unsigned long*, pthread_attr_t const*, void* (*)(void*), void*) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/include/mysql/psi/mysql_thread.h:1323:11 #4 0x9c3c77 in create_thread_to_handle_connection(CONNECT*) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/mysqld.cc:6012:19 #5 0x9c4bb8 in create_new_thread(CONNECT*) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/mysqld.cc:6071:3 #6 0x9c624a in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/mysqld.cc:6136:5 #7 0x9c09f5 in handle_connections_sockets() /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/mysqld.cc:6263:9 #8 0x9a45d1 in mysqld_main(int, char**) /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/mysqld.cc:5658:3 #9 0x98a857 in main /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/main.cc:25:10 #10 0x7f657e9d90b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16 SUMMARY: AddressSanitizer: heap-use-after-free /home/ssr/research-project/dbms-test/target-dbms/mariadb-10.5.9/sql/sql_class.cc:2914:29 in Item_change_list::rollback_item_tree_changes() Shadow bytes around the buggy address: 0x0c3a80003f30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c3a80003f40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c3a80003f50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c3a80003f60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c3a80003f70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x0c3a80003f80: fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd 0x0c3a80003f90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c3a80003fa0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c3a80003fb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c3a80003fc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c3a80003fd0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==2804941==ABORTING