Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Major
-
Resolution: Unresolved
-
5.5(EOL), (14)
10.0(EOL), 10.1(EOL), 10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5, 10.6, 10.7(EOL), 10.8(EOL), 10.9(EOL), 10.10(EOL), 10.11, 11.4, 11.8 -
None
Description
testcase from MDEV-14526, run with --repeat=N
CREATE TABLE t1 ( |
`id` int(10) NOT NULL AUTO_INCREMENT, |
`k` int(10) NOT NULL default '0', |
PRIMARY KEY (`id`)) |
ENGINE=MyISAM;
|
|
INSERT IGNORE INTO t1 VALUES |
(NULL,1),(NULL,8),(NULL,NULL),(NULL,NULL),(NULL,4),(NULL,9),(NULL,7), |
(NULL,3),(NULL,NULL),(NULL,2),(NULL,3),(NULL,NULL),(NULL,2),(NULL,7), |
(NULL,1),(NULL,2),(NULL,4),(NULL,NULL),(NULL,1),(NULL,1),(NULL,4); |
|
SET GLOBAL query_cache_size= 1024*1024; |
SET GLOBAL query_cache_type= 1; |
|
--connect (con1,localhost,root,,test)
|
--send
|
SELECT DISTINCT id FROM t1 WHERE id BETWEEN 5603 AND 16218 ORDER BY k; |
|
--connection default
|
SET GLOBAL query_cache_type= 0; |
|
--connection con1
|
--reap
|
|
# Cleanup
|
--disconnect con1
|
--connection default
|
DROP TABLE t1; |
SEt GLOBAL query_cache_size= DEFAULT; |
SEt GLOBAL query_cache_type= DEFAULT; |
5.5 1ada4afb0a51f7283b6187a95019ec2cb80c8a0b
|
Thread 1 (Thread 0x7feb86778700 (LWP 21990)):
|
#0 __pthread_kill (threadid=<optimized out>, signo=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:62
|
#1 0x0000000000ce27b9 in my_write_core (sig=11) at /home/alice/git/5.5/mysys/stacktrace.c:457
|
#2 0x00000000007c7b14 in handle_fatal_signal (sig=11) at /home/alice/git/5.5/sql/signal_handler.cc:262
|
#3 <signal handler called>
|
#4 0x00000000005b9b0c in inline_mysql_rwlock_unlock (that=0x7fec6dfebcd0) at /home/alice/git/5.5/include/mysql/psi/mysql_thread.h:913
|
#5 0x00000000005c804b in Query_cache_query::unlock_writing (this=0x7fec6dfebcc8) at /home/alice/git/5.5/sql/sql_cache.cc:944
|
#6 0x00000000005bccd5 in Query_cache::store_query (this=0x15878e0 <query_cache>, thd=0x291a890, tables_used=0x7feb70004f90) at /home/alice/git/5.5/sql/sql_cache.cc:1566
|
#7 0x000000000060f41b in execute_sqlcom_select (thd=0x291a890, all_tables=0x7feb70004f90) at /home/alice/git/5.5/sql/sql_parse.cc:4677
|
#8 0x000000000060815c in mysql_execute_command (thd=0x291a890) at /home/alice/git/5.5/sql/sql_parse.cc:2224
|
#9 0x0000000000612268 in mysql_parse (thd=0x291a890, rawbuf=0x7feb70004d38 "SELECT DISTINCT id FROM t1 WHERE id BETWEEN 5603 AND 16218 ORDER BY k", length=69, parser_state=0x7feb867776b0) at /home/alice/git/5.5/sql/sql_parse.cc:5923
|
#10 0x00000000006055ff in dispatch_command (command=COM_QUERY, thd=0x291a890, packet=0x2920ce1 "SELECT DISTINCT id FROM t1 WHERE id BETWEEN 5603 AND 16218 ORDER BY k", packet_length=69) at /home/alice/git/5.5/sql/sql_parse.cc:1066
|
#11 0x00000000006047be in do_command (thd=0x291a890) at /home/alice/git/5.5/sql/sql_parse.cc:793
|
#12 0x0000000000713eee in do_handle_one_connection (thd_arg=0x291a890) at /home/alice/git/5.5/sql/sql_connect.cc:1268
|
#13 0x0000000000713c66 in handle_one_connection (arg=0x291a890) at /home/alice/git/5.5/sql/sql_connect.cc:1184
|
#14 0x0000000000c8f24e in pfs_spawn_thread (arg=0x28ddcd0) at /home/alice/git/5.5/storage/perfschema/pfs.cc:1015
|
#15 0x00007feb8a3096ba in start_thread (arg=0x7feb86778700) at pthread_create.c:333
|
#16 0x00007feb899b441d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
|
Attachments
Issue Links
- relates to
-
-
- Confirmed
-
-
-
- Closed
-
-
-
- Closed
-
Activity
In a pile of mostly outdated comments to MDEV-10826 I found an apparently deterministic test case with a sync point which is still applicable at least to the current 10.1 (I checked on 10.1 05e72a33) and produces the same stack trace. I'll add it here so it's not lost, while MDEV-10826 will be about the assertion which it was initially filed for.
|
Sync point for 10.1 |
diff --git a/sql/sql_cache.cc b/sql/sql_cache.cc
|
index 91dd8ad..c677f8e 100644
|
--- a/sql/sql_cache.cc
|
+++ b/sql/sql_cache.cc
|
@@ -826,6 +826,7 @@ void Query_cache_block::init(ulong block_length)
|
used = 0;
|
type = Query_cache_block::FREE;
|
n_tables = 0;
|
+ DEBUG_SYNC(current_thd,"in_qc_block_init");
|
DBUG_VOID_RETURN;
|
}
|
|
Test case using the sync point above |
--source include/have_debug_sync.inc
|
--enable_connect_log
|
|
set @save_qc_type=@@global.query_cache_type;
|
set @save_qc_size=@@global.query_cache_size;
|
set global query_cache_type=1, query_cache_size=1024*1024;
|
|
CREATE TABLE t1 (id int(10) NOT NULL auto_increment PRIMARY KEY);
|
INSERT INTO t1 VALUES (NULL),(NULL);
|
|
--connect (con8,localhost,root,,test)
|
set debug_sync='in_qc_block_init SIGNAL set_free WAIT_FOR proceed';
|
--send
|
SELECT * FROM t1;
|
|
--connection default
|
set debug_sync='now WAIT_FOR set_free';
|
SET GLOBAL query_cache_type = 0;
|
set debug_sync='now SIGNAL proceed';
|
|
--connection con8
|
--reap
|
--disconnect con8
|
|
--connection default
|
drop table t1;
|
set debug_sync='RESET';
|
set global query_cache_type=@save_qc_type, query_cache_size=@save_qc_size;
|
|
10.1 05e72a33 |
#3 <signal handler called>
|
#4 0x00007fe9ae770c43 in _xend () at pthread_rwlock_unlock.c:38
|
#5 __GI___pthread_rwlock_unlock (rwlock=0x7fe9a4680290) at pthread_rwlock_unlock.c:38
|
#6 0x0000564754622dc1 in inline_mysql_rwlock_unlock (that=0x7fe9a4680290) at /data/src/10.1-bug/include/mysql/psi/mysql_thread.h:1071
|
#7 0x0000564754630e4b in Query_cache_query::unlock_writing (this=0x7fe9a4680288) at /data/src/10.1-bug/sql/sql_cache.cc:952
|
#8 0x0000564754625ced in Query_cache::store_query (this=0x5647559be8c0 <query_cache>, thd=0x7fe9a63d4070, tables_used=0x7fe9a4821260) at /data/src/10.1-bug/sql/sql_cache.cc:1563
|
#9 0x0000564754681de7 in execute_sqlcom_select (thd=0x7fe9a63d4070, all_tables=0x7fe9a4821260) at /data/src/10.1-bug/sql/sql_parse.cc:5690
|
#10 0x0000564754678c21 in mysql_execute_command (thd=0x7fe9a63d4070) at /data/src/10.1-bug/sql/sql_parse.cc:3038
|
#11 0x0000564754685a81 in mysql_parse (thd=0x7fe9a63d4070, rawbuf=0x7fe9a4821088 "SELECT * FROM t1", length=16, parser_state=0x7fe9aeaa21e0) at /data/src/10.1-bug/sql/sql_parse.cc:7209
|
#12 0x0000564754674c33 in dispatch_command (command=COM_QUERY, thd=0x7fe9a63d4070, packet=0x7fe9a63da071 "SELECT * FROM t1", packet_length=16) at /data/src/10.1-bug/sql/sql_parse.cc:1499
|
#13 0x00005647546739f1 in do_command (thd=0x7fe9a63d4070) at /data/src/10.1-bug/sql/sql_parse.cc:1131
|
#14 0x00005647547b164b in do_handle_one_connection (thd_arg=0x7fe9a63d4070) at /data/src/10.1-bug/sql/sql_connect.cc:1331
|
#15 0x00005647547b137c in handle_one_connection (arg=0x7fe9a63d4070) at /data/src/10.1-bug/sql/sql_connect.cc:1242
|
#16 0x0000564754be6e3c in pfs_spawn_thread (arg=0x7fe9ac83a170) at /data/src/10.1-bug/storage/perfschema/pfs.cc:1861
|
#17 0x00007fe9ae76b4a4 in start_thread (arg=0x7fe9aeaa3700) at pthread_create.c:456
|
#18 0x00007fe9ad181d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
|
still reproducible:
Server version: 11.8.1-MariaDB-debug-log source revision: 01cf1cb84bd6b4f12a515e63bb8e540ee3f9dc24
|
|
|
CURRENT_TEST: main.1_my
|
mysqltest: At line 26: query 'reap' failed: <Unknown> (2013): Lost connection to server during query
|
|
|
|
|
Server [mysqld.1 - pid: 2045831, winpid: 2045831, exit: 256] failed during test run
|
Server log from this test:
|
----------SERVER LOG START-----------
|
=================================================================
|
==2045832==ERROR: AddressSanitizer: heap-use-after-free on address 0x7f2b92b66a98 at pc 0x563beb8da993 bp 0x7f2b9668bea0 sp 0x7f2b9668be90
|
READ of size 4 at 0x7f2b92b66a98 thread T11 (one_connection)
|
#0 0x563beb8da992 in Query_cache_block::query() /11.8/src/sql/sql_cache.cc:856
|
#1 0x563beb8dee25 in Query_cache::store_query(THD*, TABLE_LIST*) /11.8/src/sql/sql_cache.cc:1578
|
#2 0x563beba81fd9 in execute_sqlcom_select /11.8/src/sql/sql_parse.cc:6190
|
#3 0x563beba71ba7 in mysql_execute_command(THD*, bool) /11.8/src/sql/sql_parse.cc:3979
|
#4 0x563beba8d09f in mysql_parse(THD*, char*, unsigned int, Parser_state*) /11.8/src/sql/sql_parse.cc:7915
|
#5 0x563beba634c3 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /11.8/src/sql/sql_parse.cc:1902
|
#6 0x563beba6015a in do_command(THD*, bool) /11.8/src/sql/sql_parse.cc:1415
|
#7 0x563bebf7a6e9 in do_handle_one_connection(CONNECT*, bool) /11.8/src/sql/sql_connect.cc:1415
|
#8 0x563bebf7a23c in handle_one_connection /11.8/src/sql/sql_connect.cc:1327
|
#9 0x563becca6167 in pfs_spawn_thread /11.8/src/storage/perfschema/pfs.cc:2198
|
#10 0x7f2bb384a608 in start_thread /build/glibc-FcRMwW/glibc-2.31/nptl/pthread_create.c:477
|
#11 0x7f2bb3385352 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f352) (BuildId: 0323ab4806bee6f846d9ad4bccfc29afdca49a58)
|
|
|
0x7f2b92b66a98 is located 664 bytes inside of 1031636-byte region [0x7f2b92b66800,0x7f2b92c625d4)
|
freed by thread T11 (one_connection) here:
|
#0 0x7f2bb3da7440 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:52
|
#1 0x563bedabc91d in free_memory /11.8/src/mysys/safemalloc.c:297
|
#2 0x563bedabbd29 in sf_free /11.8/src/mysys/safemalloc.c:203
|
#3 0x563beda8b384 in my_free /11.8/src/mysys/my_malloc.c:221
|
#4 0x563beb8e7bf4 in Query_cache::free_cache() /11.8/src/sql/sql_cache.cc:2834
|
#5 0x563beb8d9831 in Query_cache::unlock() /11.8/src/sql/sql_cache.cc:763
|
#6 0x563beb8dedb2 in Query_cache::store_query(THD*, TABLE_LIST*) /11.8/src/sql/sql_cache.cc:1573
|
#7 0x563beba81fd9 in execute_sqlcom_select /11.8/src/sql/sql_parse.cc:6190
|
#8 0x563beba71ba7 in mysql_execute_command(THD*, bool) /11.8/src/sql/sql_parse.cc:3979
|
#9 0x563beba8d09f in mysql_parse(THD*, char*, unsigned int, Parser_state*) /11.8/src/sql/sql_parse.cc:7915
|
#10 0x563beba634c3 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /11.8/src/sql/sql_parse.cc:1902
|
#11 0x563beba6015a in do_command(THD*, bool) /11.8/src/sql/sql_parse.cc:1415
|
#12 0x563bebf7a6e9 in do_handle_one_connection(CONNECT*, bool) /11.8/src/sql/sql_connect.cc:1415
|
#13 0x563bebf7a23c in handle_one_connection /11.8/src/sql/sql_connect.cc:1327
|
#14 0x563becca6167 in pfs_spawn_thread /11.8/src/storage/perfschema/pfs.cc:2198
|
#15 0x7f2bb384a608 in start_thread /build/glibc-FcRMwW/glibc-2.31/nptl/pthread_create.c:477
|
|
|
previously allocated by thread T10 (one_connection) here:
|
#0 0x7f2bb3da88ff in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
|
#1 0x563bedabb6f2 in sf_malloc /11.8/src/mysys/safemalloc.c:126
|
#2 0x563beda8a46a in my_malloc /11.8/src/mysys/my_malloc.c:93
|
#3 0x563beb8e6449 in Query_cache::init_cache() /11.8/src/sql/sql_cache.cc:2658
|
#4 0x563beb8dce4f in Query_cache::resize(unsigned long) /11.8/src/sql/sql_cache.cc:1335
|
#5 0x563bebfcf640 in fix_query_cache_size /11.8/src/sql/sys_vars.cc:3395
|
#6 0x563bebfcfad3 in fix_query_cache_type /11.8/src/sql/sys_vars.cc:3481
|
#7 0x563beb77f3e9 in sys_var::update(THD*, set_var*) /11.8/src/sql/set_var.cc:212
|
#8 0x563beb783cfd in set_var::update(THD*) /11.8/src/sql/set_var.cc:871
|
#9 0x563beb783057 in sql_set_variables(THD*, List<set_var_base>*, bool) /11.8/src/sql/set_var.cc:752
|
#10 0x563beba78481 in mysql_execute_command(THD*, bool) /11.8/src/sql/sql_parse.cc:4884
|
#11 0x563beba8d09f in mysql_parse(THD*, char*, unsigned int, Parser_state*) /11.8/src/sql/sql_parse.cc:7915
|
#12 0x563beba634c3 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /11.8/src/sql/sql_parse.cc:1902
|
#13 0x563beba6015a in do_command(THD*, bool) /11.8/src/sql/sql_parse.cc:1415
|
#14 0x563bebf7a6e9 in do_handle_one_connection(CONNECT*, bool) /11.8/src/sql/sql_connect.cc:1415
|
#15 0x563bebf7a23c in handle_one_connection /11.8/src/sql/sql_connect.cc:1327
|
#16 0x563becca6167 in pfs_spawn_thread /11.8/src/storage/perfschema/pfs.cc:2198
|
#17 0x7f2bb384a608 in start_thread /build/glibc-FcRMwW/glibc-2.31/nptl/pthread_create.c:477
|
|
|
Thread T11 (one_connection) created by T0 here:
|
#0 0x7f2bb3d14175 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:208
|
#1 0x563becca1d8b in my_thread_create /11.8/src/storage/perfschema/my_thread.h:38
|
#2 0x563becca655a in pfs_spawn_thread_v1 /11.8/src/storage/perfschema/pfs.cc:2249
|
#3 0x563beb6502bb in inline_mysql_thread_create /11.8/src/include/mysql/psi/mysql_thread.h:1139
|
#4 0x563beb669ef1 in create_thread_to_handle_connection(CONNECT*) /11.8/src/sql/mysqld.cc:6261
|
#5 0x563beb66a55c in create_new_thread(CONNECT*) /11.8/src/sql/mysqld.cc:6323
|
#6 0x563beb66a889 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /11.8/src/sql/mysqld.cc:6385
|
#7 0x563beb66b586 in handle_connections_sockets() /11.8/src/sql/mysqld.cc:6497
|
#8 0x563beb667f54 in run_main_loop /11.8/src/sql/mysqld.cc:5739
|
#9 0x563beb66973b in mysqld_main(int, char**) /11.8/src/sql/mysqld.cc:6162
|
#10 0x563beb64f55c in main /11.8/src/sql/main.cc:34
|
#11 0x7f2bb328a082 in __libc_start_main ../csu/libc-start.c:308
|
|
|
Thread T10 (one_connection) created by T0 here:
|
#0 0x7f2bb3d14175 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:208
|
#1 0x563becca1d8b in my_thread_create /11.8/src/storage/perfschema/my_thread.h:38
|
#2 0x563becca655a in pfs_spawn_thread_v1 /11.8/src/storage/perfschema/pfs.cc:2249
|
#3 0x563beb6502bb in inline_mysql_thread_create /11.8/src/include/mysql/psi/mysql_thread.h:1139
|
#4 0x563beb669ef1 in create_thread_to_handle_connection(CONNECT*) /11.8/src/sql/mysqld.cc:6261
|
#5 0x563beb66a55c in create_new_thread(CONNECT*) /11.8/src/sql/mysqld.cc:6323
|
#6 0x563beb66a889 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /11.8/src/sql/mysqld.cc:6385
|
#7 0x563beb66b586 in handle_connections_sockets() /11.8/src/sql/mysqld.cc:6497
|
#8 0x563beb667f54 in run_main_loop /11.8/src/sql/mysqld.cc:5739
|
#9 0x563beb66973b in mysqld_main(int, char**) /11.8/src/sql/mysqld.cc:6162
|
#10 0x563beb64f55c in main /11.8/src/sql/main.cc:34
|
#11 0x7f2bb328a082 in __libc_start_main ../csu/libc-start.c:308
|
|
|
SUMMARY: AddressSanitizer: heap-use-after-free /11.8/src/sql/sql_cache.cc:856 in Query_cache_block::query()
|
Shadow bytes around the buggy address:
|
0x7f2b92b66800: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x7f2b92b66880: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x7f2b92b66900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x7f2b92b66980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x7f2b92b66a00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
=>0x7f2b92b66a80: fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd
|
0x7f2b92b66b00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x7f2b92b66b80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x7f2b92b66c00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x7f2b92b66c80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x7f2b92b66d00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
==2045832==ABORTING
|
ASAN variation of it (also non-deterministic):
10.0 1fd84f9129
==12901==ERROR: AddressSanitizer: heap-use-after-free on address 0x7f10d93b5a80 at pc 0x610c20 bp 0x7f10d90a9000 sp 0x7f10d90a8ff8READ of size 4 at 0x7f10d93b5a80 thread T7#0 0x610c1f in Query_cache_block::query() /data/src/10.0/sql/sql_cache.cc:855#1 0x61e49d in Query_cache::store_query(THD*, TABLE_LIST*) /data/src/10.0/sql/sql_cache.cc:1573#2 0x6b6584 in execute_sqlcom_select /data/src/10.0/sql/sql_parse.cc:5297#3 0x6ce43a in mysql_execute_command(THD*) /data/src/10.0/sql/sql_parse.cc:2554#4 0x6e4498 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/src/10.0/sql/sql_parse.cc:6634#5 0x6e80b7 in dispatch_command(enum_server_command, THD*, char*, unsigned int) /data/src/10.0/sql/sql_parse.cc:1297#6 0x6ec9b0 in do_command(THD*) /data/src/10.0/sql/sql_parse.cc:1000#7 0x97bbd9 in do_handle_one_connection(THD*) /data/src/10.0/sql/sql_connect.cc:1377#8 0x97be40 in handle_one_connection /data/src/10.0/sql/sql_connect.cc:1292#9 0x11b7e52 in pfs_spawn_thread /data/src/10.0/storage/perfschema/pfs.cc:1861#10 0x7f10e3f9c493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)#11 0x7f10e235593e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)0x7f10d93b5a80 is located 640 bytes inside of 1031676-byte region [0x7f10d93b5800,0x7f10d94b15fc)freed by thread T7 here:#0 0x7f10e4206527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527)#1 0x18f684d in free_memory /data/src/10.0/mysys/safemalloc.c:276previously allocated by thread T6 here:#0 0x7f10e420673f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)#1 0x18f691e in sf_malloc /data/src/10.0/mysys/safemalloc.c:115#2 0x19d9bca (/data/bld/10.0-asan/bin/mysqld+0x19d9bca)Thread T7 created by T0 here:#0 0x7f10e41d5bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)#1 0x11c36a9 in spawn_thread_v1 /data/src/10.0/storage/perfschema/pfs.cc:1911Thread T6 created by T0 here:#0 0x7f10e41d5bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)#1 0x11c36a9 in spawn_thread_v1 /data/src/10.0/storage/perfschema/pfs.cc:1911SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.0/sql/sql_cache.cc:855 Query_cache_block::query()Shadow bytes around the buggy address:0x0fe29b26eb00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd0x0fe29b26eb10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd0x0fe29b26eb20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd0x0fe29b26eb30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd0x0fe29b26eb40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd=>0x0fe29b26eb50:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd0x0fe29b26eb60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd0x0fe29b26eb70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd0x0fe29b26eb80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd0x0fe29b26eb90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd0x0fe29b26eba0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fdShadow byte legend (one shadow byte represents 8 application bytes):Addressable: 00Partially addressable: 01 02 03 04 05 06 07Heap left redzone: faHeap right redzone: fbFreed heap region: fdStack left redzone: f1Stack mid redzone: f2Stack right redzone: f3Stack partial redzone: f4Stack after return: f5Stack use after scope: f8Global redzone: f9Global init order: f6Poisoned by user: f7Contiguous container OOB:fcASan internal: fe==12901==ABORTING