Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
5.5(EOL), 10.0(EOL), 10.1(EOL), 10.2(EOL), 10.3(EOL), 10.4(EOL)
-
None
Description
The test case is non-deterministic, don't put it into the regression suite and run with --repeat=N. It usually fails for me within ~15 attempts, but it can vary on different machines and builds.
--connect (con1,localhost,root,,test)
|
BACKUP STAGE START;
|
BACKUP STAGE BLOCK_COMMIT;
|
BACKUP STAGE END; |
|
|
--connection default
|
CREATE TABLE t1 (f VARCHAR(32), KEY(f) USING BTREE) ENGINE=HEAP; |
|
|
--connection con1
|
INSERT IGNORE INTO t1 VALUES ('foo'),(NULL),('bar'),(NULL),('qux'); |
INSERT INTO t1 SELECT * FROM t1; |
INSERT INTO t1 SELECT * FROM t1; |
INSERT INTO t1 SELECT * FROM t1; |
INSERT INTO t1 SELECT * FROM t1; |
INSERT INTO t1 SELECT * FROM t1; |
BACKUP STAGE START;
|
|
|
--connection default
|
--send
|
DELETE FROM t1 WHERE f >= 'h'; |
|
|
--connection con1
|
BACKUP STAGE BLOCK_COMMIT;
|
|
|
# Cleanup
|
BACKUP STAGE END; |
--connection default
|
--reap
|
DROP TABLE t1; |
|
10.4 ASAN 5a087444 |
==18314==ERROR: AddressSanitizer: heap-use-after-free on address 0x60e0007b7a18 at pc 0x558d21fc8bbe bp 0x7f090f549240 sp 0x7f090f549238
|
READ of size 8 at 0x60e00040cdd8 thread T6
|
#0 0x55fed3ca1bbd in tree_search_next /data/src/10.4/mysys/tree.c:514
|
#1 0x55fed3ba0c60 in check_one_rb_key /data/src/10.4/storage/heap/_check.c:194
|
#2 0x55fed3b9fc73 in heap_check_heap /data/src/10.4/storage/heap/_check.c:55
|
#3 0x55fed3b9c247 in hp_close /data/src/10.4/storage/heap/hp_close.c:39
|
#4 0x55fed3b9c095 in heap_close /data/src/10.4/storage/heap/hp_close.c:28
|
#5 0x55fed3b7f2fe in ha_heap::close() /data/src/10.4/storage/heap/ha_heap.cc:140
|
#6 0x55fed2b51cf2 in handler::ha_close() /data/src/10.4/sql/handler.cc:2967
|
#7 0x55fed2676401 in closefrm(TABLE*) /data/src/10.4/sql/table.cc:3993
|
#8 0x55fed29376a8 in intern_close_table /data/src/10.4/sql/table_cache.cc:222
|
#9 0x55fed2937d0f in tc_purge(bool) /data/src/10.4/sql/table_cache.cc:335
|
#10 0x55fed294fdaf in backup_flush /data/src/10.4/sql/backup.cc:207
|
#11 0x55fed294f645 in run_backup_stage(THD*, backup_stages) /data/src/10.4/sql/backup.cc:110
|
#12 0x55fed23b75ea in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:5288
|
#13 0x55fed23ca56e in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:8157
|
#14 0x55fed23a2777 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1829
|
#15 0x55fed239f578 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1358
|
#16 0x55fed2732cab in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1399
|
#17 0x55fed27326a4 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1302
|
#18 0x55fed32fc93a in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1862
|
#19 0x7fcbcc362493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
#20 0x7fcbca74893e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)
|
|
|
0x60e00040cdd8 is located 120 bytes inside of 156-byte region [0x60e00040cd60,0x60e00040cdfc)
|
freed by thread T5 here:
|
#0 0x7fcbcc5cc527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527)
|
#1 0x55fed3cad5d9 in free_memory /data/src/10.4/mysys/safemalloc.c:279
|
#2 0x55fed3cacbdf in sf_free /data/src/10.4/mysys/safemalloc.c:197
|
#3 0x55fed3c7d628 in my_free /data/src/10.4/mysys/my_malloc.c:222
|
#4 0x55fed3ca0e20 in tree_delete /data/src/10.4/mysys/tree.c:374
|
#5 0x55fed3b858b1 in hp_rb_delete_key /data/src/10.4/storage/heap/hp_delete.c:81
|
#6 0x55fed3b85315 in heap_delete /data/src/10.4/storage/heap/hp_delete.c:41
|
#7 0x55fed3b80420 in ha_heap::delete_row(unsigned char const*) /data/src/10.4/storage/heap/ha_heap.cc:273
|
#8 0x55fed2b6f4e5 in handler::ha_delete_row(unsigned char const*) /data/src/10.4/sql/handler.cc:6775
|
#9 0x55fed2f68a07 in TABLE::delete_row() /data/src/10.4/sql/sql_delete.cc:297
|
#10 0x55fed2f61282 in mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) /data/src/10.4/sql/sql_delete.cc:843
|
#11 0x55fed23b5490 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:4985
|
#12 0x55fed23ca56e in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:8157
|
#13 0x55fed23a2777 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1829
|
#14 0x55fed239f578 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1358
|
#15 0x55fed2732cab in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1399
|
#16 0x55fed27326a4 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1302
|
#17 0x55fed32fc93a in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1862
|
#18 0x7fcbcc362493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
|
|
previously allocated by thread T6 here:
|
#0 0x7fcbcc5cc73f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
|
#1 0x55fed3cac34f in sf_malloc /data/src/10.4/mysys/safemalloc.c:118
|
#2 0x55fed3c7cc4a in my_malloc /data/src/10.4/mysys/my_malloc.c:101
|
#3 0x55fed3c9fe6f in tree_insert /data/src/10.4/mysys/tree.c:280
|
#4 0x55fed3b98630 in hp_rb_write_key /data/src/10.4/storage/heap/hp_write.c:123
|
#5 0x55fed3b97a1a in heap_write /data/src/10.4/storage/heap/hp_write.c:52
|
#6 0x55fed3b7ffbc in ha_heap::write_row(unsigned char*) /data/src/10.4/storage/heap/ha_heap.cc:239
|
#7 0x55fed2b6d9f1 in handler::ha_write_row(unsigned char*) /data/src/10.4/sql/handler.cc:6667
|
#8 0x55fed230dd8e in write_record(THD*, TABLE*, st_copy_info*) /data/src/10.4/sql/sql_insert.cc:2024
|
#9 0x55fed231c45d in select_insert::send_data(List<Item>&) /data/src/10.4/sql/sql_insert.cc:3870
|
#10 0x55fed24db182 in end_send /data/src/10.4/sql/sql_select.cc:21198
|
#11 0x55fed24d32cf in evaluate_join_record /data/src/10.4/sql/sql_select.cc:20229
|
#12 0x55fed250d113 in AGGR_OP::end_send() /data/src/10.4/sql/sql_select.cc:28239
|
#13 0x55fed24d1063 in sub_select_postjoin_aggr(JOIN*, st_join_table*, bool) /data/src/10.4/sql/sql_select.cc:19723
|
#14 0x55fed24d17be in sub_select(JOIN*, st_join_table*, bool) /data/src/10.4/sql/sql_select.cc:19958
|
#15 0x55fed24d02b6 in do_select /data/src/10.4/sql/sql_select.cc:19549
|
#16 0x55fed246950a in JOIN::exec_inner() /data/src/10.4/sql/sql_select.cc:4364
|
#17 0x55fed2466e05 in JOIN::exec() /data/src/10.4/sql/sql_select.cc:4146
|
#18 0x55fed246a8e2 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.4/sql/sql_select.cc:4578
|
#19 0x55fed2440f52 in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.4/sql/sql_select.cc:424
|
#20 0x55fed23b485e in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:4896
|
#21 0x55fed23ca56e in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:8157
|
#22 0x55fed23a2777 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1829
|
#23 0x55fed239f578 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1358
|
#24 0x55fed2732cab in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1399
|
#25 0x55fed27326a4 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1302
|
#26 0x55fed32fc93a in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1862
|
#27 0x7fcbcc362493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
|
|
Thread T6 created by T0 here:
|
#0 0x7fcbcc59bbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
|
#1 0x55fed32fcf02 in spawn_thread_v1 /data/src/10.4/storage/perfschema/pfs.cc:1912
|
#2 0x55fed20ed2e6 in inline_mysql_thread_create /data/src/10.4/include/mysql/psi/mysql_thread.h:1268
|
#3 0x55fed21023f2 in create_thread_to_handle_connection(CONNECT*) /data/src/10.4/sql/mysqld.cc:6133
|
#4 0x55fed2102af7 in create_new_thread(CONNECT*) /data/src/10.4/sql/mysqld.cc:6203
|
#5 0x55fed2102e87 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.4/sql/mysqld.cc:6301
|
#6 0x55fed2103ad3 in handle_connections_sockets() /data/src/10.4/sql/mysqld.cc:6459
|
#7 0x55fed2101c2d in mysqld_main(int, char**) /data/src/10.4/sql/mysqld.cc:5791
|
#8 0x55fed20eb16f in main /data/src/10.4/sql/main.cc:25
|
#9 0x7fcbca6802b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
|
|
|
Thread T5 created by T0 here:
|
#0 0x7fcbcc59bbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
|
#1 0x55fed32fcf02 in spawn_thread_v1 /data/src/10.4/storage/perfschema/pfs.cc:1912
|
#2 0x55fed20ed2e6 in inline_mysql_thread_create /data/src/10.4/include/mysql/psi/mysql_thread.h:1268
|
#3 0x55fed21023f2 in create_thread_to_handle_connection(CONNECT*) /data/src/10.4/sql/mysqld.cc:6133
|
#4 0x55fed2102af7 in create_new_thread(CONNECT*) /data/src/10.4/sql/mysqld.cc:6203
|
#5 0x55fed2102e87 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.4/sql/mysqld.cc:6301
|
#6 0x55fed2103ad3 in handle_connections_sockets() /data/src/10.4/sql/mysqld.cc:6459
|
#7 0x55fed2101c2d in mysqld_main(int, char**) /data/src/10.4/sql/mysqld.cc:5791
|
#8 0x55fed20eb16f in main /data/src/10.4/sql/main.cc:25
|
#9 0x7fcbca6802b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
|
|
|
SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.4/mysys/tree.c:514 tree_search_next
|
Shadow bytes around the buggy address:
|
0x0c1c80079960: 00 00 00 00 00 00 00 00 00 00 00 04 fa fa fa fa
|
0x0c1c80079970: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c1c80079980: 00 00 00 00 00 00 00 04 fa fa fa fa fa fa fa fa
|
0x0c1c80079990: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c1c800799a0: 00 00 00 04 fa fa fa fa fa fa fa fa fd fd fd fd
|
=>0x0c1c800799b0: fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd
|
0x0c1c800799c0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
|
0x0c1c800799d0: 00 00 00 00 00 00 00 00 00 00 00 04 fa fa fa fa
|
0x0c1c800799e0: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c1c800799f0: 00 00 00 00 00 00 00 04 fa fa fa fa fa fa fa fa
|
0x0c1c80079a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Heap right redzone: fb
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack partial redzone: f4
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Contiguous container OOB:fc
|
ASan internal: fe
|
==23015==ABORTING
|
|
10.4 5a087444 debug |
#3 <signal handler called>
|
#4 0x0000557f3f737aaf in hp_rb_make_key (keydef=0x7fcd1c1498a0, key=0x7fcd180d815c "\003qux", rec=0x708f8f8f8f142352 <error: Cannot access memory at address 0x708f8f8f8f142352>, recpos=0x0) at /data/src/10.4/storage/heap/hp_hash.c:617
|
#5 0x0000557f3f73db1c in check_one_rb_key (info=0x7fcd180d7e50, keynr=0, records=160, print_status=0 '\000') at /data/src/10.4/storage/heap/_check.c:184
|
#6 0x0000557f3f73d3e9 in heap_check_heap (info=0x7fcd180d7e50, print_status=0 '\000') at /data/src/10.4/storage/heap/_check.c:55
|
#7 0x0000557f3f73c182 in hp_close (info=0x7fcd180d7e50) at /data/src/10.4/storage/heap/hp_close.c:39
|
#8 0x0000557f3f73c0f9 in heap_close (info=0x7fcd180d7e50) at /data/src/10.4/storage/heap/hp_close.c:28
|
#9 0x0000557f3f73375b in ha_heap::close (this=0x7fcd1817c058) at /data/src/10.4/storage/heap/ha_heap.cc:140
|
#10 0x0000557f3efccc3a in handler::ha_close (this=0x7fcd1817c058) at /data/src/10.4/sql/handler.cc:2967
|
#11 0x0000557f3eda707e in closefrm (table=0x7fcd1817b1f0) at /data/src/10.4/sql/table.cc:3993
|
#12 0x0000557f3eeeedcf in intern_close_table (table=0x7fcd1817b1f0) at /data/src/10.4/sql/table_cache.cc:222
|
#13 0x0000557f3eeef1d7 in tc_purge (mark_flushed=false) at /data/src/10.4/sql/table_cache.cc:335
|
#14 0x0000557f3eef9516 in backup_flush (thd=0x7fcd18000b00) at /data/src/10.4/sql/backup.cc:207
|
#15 0x0000557f3eef91a2 in run_backup_stage (thd=0x7fcd18000b00, stage=BACKUP_LOCK_COMMIT) at /data/src/10.4/sql/backup.cc:110
|
#16 0x0000557f3ec896c8 in mysql_execute_command (thd=0x7fcd18000b00) at /data/src/10.4/sql/sql_parse.cc:5288
|
#17 0x0000557f3ec9348c in mysql_parse (thd=0x7fcd18000b00, rawbuf=0x7fcd180154a8 "BACKUP STAGE BLOCK_COMMIT", length=25, parser_state=0x7fcd34385180, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:8157
|
#18 0x0000557f3ec7eb7a in dispatch_command (command=COM_QUERY, thd=0x7fcd18000b00, packet=0x7fcd1800a761 "BACKUP STAGE BLOCK_COMMIT", packet_length=25, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1829
|
#19 0x0000557f3ec7d34e in do_command (thd=0x7fcd18000b00) at /data/src/10.4/sql/sql_parse.cc:1358
|
#20 0x0000557f3edf6e59 in do_handle_one_connection (connect=0x557f413cdc50) at /data/src/10.4/sql/sql_connect.cc:1399
|
#21 0x0000557f3edf6bca in handle_one_connection (arg=0x557f413cdc50) at /data/src/10.4/sql/sql_connect.cc:1302
|
#22 0x0000557f3f2edb51 in pfs_spawn_thread (arg=0x557f414c02c0) at /data/src/10.4/storage/perfschema/pfs.cc:1862
|
#23 0x00007fcd3af3c494 in start_thread (arg=0x7fcd34386700) at pthread_create.c:333
|
#24 0x00007fcd3932293f in clone () from /lib/x86_64-linux-gnu/libc.so.6
|
Couldn't reproduce on a non-debug build, but it can be a timing issue.
Variation of the test case (the difference is the absence of WHERE clause in DELETE) and variation of the stack trace:
--connect (con1,localhost,root,,test)
|
BACKUP STAGE START;
|
BACKUP STAGE BLOCK_COMMIT;
|
BACKUP STAGE END; |
|
|
--connection default
|
CREATE TABLE t1 (f VARCHAR(32), KEY(f) USING BTREE) ENGINE=HEAP; |
|
|
--connection con1
|
INSERT IGNORE INTO t1 VALUES ('foo'),(NULL),('bar'),(NULL),('qux'); |
INSERT INTO t1 SELECT * FROM t1; |
INSERT INTO t1 SELECT * FROM t1; |
INSERT INTO t1 SELECT * FROM t1; |
INSERT INTO t1 SELECT * FROM t1; |
INSERT INTO t1 SELECT * FROM t1; |
BACKUP STAGE START;
|
|
|
--connection default
|
--send
|
DELETE FROM t1; |
|
|
--connection con1
|
BACKUP STAGE BLOCK_COMMIT;
|
|
|
# Cleanup
|
BACKUP STAGE END; |
--connection default
|
--reap
|
DROP TABLE t1; |
==26799==ERROR: AddressSanitizer: heap-use-after-free on address 0x60e0001f24d0 at pc 0x5591ce8be6b2 bp 0x7f6e09c7d240 sp 0x7f6e09c7d238
|
READ of size 8 at 0x60e0001f24d0 thread T6
|
#0 0x5591ce8be6b1 in tree_search_edge /data/src/10.4/mysys/tree.c:488
|
#1 0x5591ce7bda2c in check_one_rb_key /data/src/10.4/storage/heap/_check.c:178
|
#2 0x5591ce7bcc73 in heap_check_heap /data/src/10.4/storage/heap/_check.c:55
|
#3 0x5591ce7b9247 in hp_close /data/src/10.4/storage/heap/hp_close.c:39
|
#4 0x5591ce7b9095 in heap_close /data/src/10.4/storage/heap/hp_close.c:28
|
#5 0x5591ce79c2fe in ha_heap::close() /data/src/10.4/storage/heap/ha_heap.cc:140
|
#6 0x5591cd76ecf2 in handler::ha_close() /data/src/10.4/sql/handler.cc:2967
|
#7 0x5591cd293401 in closefrm(TABLE*) /data/src/10.4/sql/table.cc:3993
|
#8 0x5591cd5546a8 in intern_close_table /data/src/10.4/sql/table_cache.cc:222
|
#9 0x5591cd554d0f in tc_purge(bool) /data/src/10.4/sql/table_cache.cc:335
|
#10 0x5591cd56cdaf in backup_flush /data/src/10.4/sql/backup.cc:207
|
#11 0x5591cd56c645 in run_backup_stage(THD*, backup_stages) /data/src/10.4/sql/backup.cc:110
|
#12 0x5591ccfd45ea in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:5288
|
#13 0x5591ccfe756e in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:8157
|
#14 0x5591ccfbf777 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1829
|
#15 0x5591ccfbc578 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1358
|
#16 0x5591cd34fcab in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1399
|
#17 0x5591cd34f6a4 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1302
|
#18 0x5591cdf1993a in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1862
|
#19 0x7f6e154dc493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
#20 0x7f6e138c293e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)
|
|
|
0x60e0001f24d0 is located 112 bytes inside of 156-byte region [0x60e0001f2460,0x60e0001f24fc)
|
freed by thread T5 here:
|
#0 0x7f6e15746527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527)
|
#1 0x5591ce8ca5d9 in free_memory /data/src/10.4/mysys/safemalloc.c:279
|
#2 0x5591ce8c9bdf in sf_free /data/src/10.4/mysys/safemalloc.c:197
|
#3 0x5591ce89a628 in my_free /data/src/10.4/mysys/my_malloc.c:222
|
#4 0x5591ce8bc991 in delete_tree_element /data/src/10.4/mysys/tree.c:226
|
#5 0x5591ce8bc798 in delete_tree_element /data/src/10.4/mysys/tree.c:212
|
#6 0x5591ce8bc798 in delete_tree_element /data/src/10.4/mysys/tree.c:212
|
#7 0x5591ce8bc34d in free_tree /data/src/10.4/mysys/tree.c:150
|
#8 0x5591ce8bc709 in delete_tree /data/src/10.4/mysys/tree.c:196
|
#9 0x5591ce7b8621 in hp_clear_keys /data/src/10.4/storage/heap/hp_clear.c:94
|
#10 0x5591ce7b81dc in hp_clear /data/src/10.4/storage/heap/hp_clear.c:38
|
#11 0x5591ce7b8043 in heap_clear /data/src/10.4/storage/heap/hp_clear.c:27
|
#12 0x5591ce79e7eb in ha_heap::delete_all_rows() /data/src/10.4/storage/heap/ha_heap.cc:411
|
#13 0x5591cd77af0e in handler::ha_delete_all_rows() /data/src/10.4/sql/handler.cc:4510
|
#14 0x5591cdb7c026 in mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) /data/src/10.4/sql/sql_delete.cc:502
|
#15 0x5591ccfd2490 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:4985
|
#16 0x5591ccfe756e in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:8157
|
#17 0x5591ccfbf777 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1829
|
#18 0x5591ccfbc578 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1358
|
#19 0x5591cd34fcab in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1399
|
#20 0x5591cd34f6a4 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1302
|
#21 0x5591cdf1993a in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1862
|
#22 0x7f6e154dc493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
|
|
previously allocated by thread T6 here:
|
#0 0x7f6e1574673f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
|
#1 0x5591ce8c934f in sf_malloc /data/src/10.4/mysys/safemalloc.c:118
|
#2 0x5591ce899c4a in my_malloc /data/src/10.4/mysys/my_malloc.c:101
|
#3 0x5591ce8bce6f in tree_insert /data/src/10.4/mysys/tree.c:280
|
#4 0x5591ce7b5630 in hp_rb_write_key /data/src/10.4/storage/heap/hp_write.c:123
|
#5 0x5591ce7b4a1a in heap_write /data/src/10.4/storage/heap/hp_write.c:52
|
#6 0x5591ce79cfbc in ha_heap::write_row(unsigned char*) /data/src/10.4/storage/heap/ha_heap.cc:239
|
#7 0x5591cd78a9f1 in handler::ha_write_row(unsigned char*) /data/src/10.4/sql/handler.cc:6667
|
#8 0x5591ccf2ad8e in write_record(THD*, TABLE*, st_copy_info*) /data/src/10.4/sql/sql_insert.cc:2024
|
#9 0x5591ccf3945d in select_insert::send_data(List<Item>&) /data/src/10.4/sql/sql_insert.cc:3870
|
#10 0x5591cd0f8182 in end_send /data/src/10.4/sql/sql_select.cc:21198
|
#11 0x5591cd0f02cf in evaluate_join_record /data/src/10.4/sql/sql_select.cc:20229
|
#12 0x5591cd12a113 in AGGR_OP::end_send() /data/src/10.4/sql/sql_select.cc:28239
|
#13 0x5591cd0ee063 in sub_select_postjoin_aggr(JOIN*, st_join_table*, bool) /data/src/10.4/sql/sql_select.cc:19723
|
#14 0x5591cd0ee7be in sub_select(JOIN*, st_join_table*, bool) /data/src/10.4/sql/sql_select.cc:19958
|
#15 0x5591cd0ed2b6 in do_select /data/src/10.4/sql/sql_select.cc:19549
|
#16 0x5591cd08650a in JOIN::exec_inner() /data/src/10.4/sql/sql_select.cc:4364
|
#17 0x5591cd083e05 in JOIN::exec() /data/src/10.4/sql/sql_select.cc:4146
|
#18 0x5591cd0878e2 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.4/sql/sql_select.cc:4578
|
#19 0x5591cd05df52 in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.4/sql/sql_select.cc:424
|
#20 0x5591ccfd185e in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:4896
|
#21 0x5591ccfe756e in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:8157
|
#22 0x5591ccfbf777 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1829
|
#23 0x5591ccfbc578 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1358
|
#24 0x5591cd34fcab in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1399
|
#25 0x5591cd34f6a4 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1302
|
#26 0x5591cdf1993a in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1862
|
#27 0x7f6e154dc493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
|
|
Thread T6 created by T0 here:
|
#0 0x7f6e15715bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
|
#1 0x5591cdf19f02 in spawn_thread_v1 /data/src/10.4/storage/perfschema/pfs.cc:1912
|
#2 0x5591ccd0a2e6 in inline_mysql_thread_create /data/src/10.4/include/mysql/psi/mysql_thread.h:1268
|
#3 0x5591ccd1f3f2 in create_thread_to_handle_connection(CONNECT*) /data/src/10.4/sql/mysqld.cc:6133
|
#4 0x5591ccd1faf7 in create_new_thread(CONNECT*) /data/src/10.4/sql/mysqld.cc:6203
|
#5 0x5591ccd1fe87 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.4/sql/mysqld.cc:6301
|
#6 0x5591ccd20ad3 in handle_connections_sockets() /data/src/10.4/sql/mysqld.cc:6459
|
#7 0x5591ccd1ec2d in mysqld_main(int, char**) /data/src/10.4/sql/mysqld.cc:5791
|
#8 0x5591ccd0816f in main /data/src/10.4/sql/main.cc:25
|
#9 0x7f6e137fa2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
|
|
|
Thread T5 created by T0 here:
|
#0 0x7f6e15715bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
|
#1 0x5591cdf19f02 in spawn_thread_v1 /data/src/10.4/storage/perfschema/pfs.cc:1912
|
#2 0x5591ccd0a2e6 in inline_mysql_thread_create /data/src/10.4/include/mysql/psi/mysql_thread.h:1268
|
#3 0x5591ccd1f3f2 in create_thread_to_handle_connection(CONNECT*) /data/src/10.4/sql/mysqld.cc:6133
|
#4 0x5591ccd1faf7 in create_new_thread(CONNECT*) /data/src/10.4/sql/mysqld.cc:6203
|
#5 0x5591ccd1fe87 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.4/sql/mysqld.cc:6301
|
#6 0x5591ccd20ad3 in handle_connections_sockets() /data/src/10.4/sql/mysqld.cc:6459
|
#7 0x5591ccd1ec2d in mysqld_main(int, char**) /data/src/10.4/sql/mysqld.cc:5791
|
#8 0x5591ccd0816f in main /data/src/10.4/sql/main.cc:25
|
#9 0x7f6e137fa2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
|
|
|
SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.4/mysys/tree.c:488 tree_search_edge
|
Shadow bytes around the buggy address:
|
0x0c1c80036440: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
|
0x0c1c80036450: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c1c80036460: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
|
0x0c1c80036470: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c1c80036480: fd fd fd fd fa fa fa fa fa fa fa fa fd fd fd fd
|
=>0x0c1c80036490: fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd
|
0x0c1c800364a0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
|
0x0c1c800364b0: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
|
0x0c1c800364c0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c1c800364d0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
|
0x0c1c800364e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Heap right redzone: fb
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack partial redzone: f4
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Contiguous container OOB:fc
|
ASan internal: fe
|
==26799==ABORTING
|
Another variation of the test case with two variations of the stack trace:
--connect (con1,localhost,root,,test)
|
BACKUP STAGE START;
|
BACKUP STAGE BLOCK_COMMIT;
|
UNLOCK TABLES;
|
BACKUP STAGE END; |
|
|
--connection default
|
CREATE TABLE t1 (f1 VARCHAR(32), f2 VARCHAR (32), KEY (f1) USING HASH, KEY (f2) USING BTREE) ENGINE=HEAP; |
|
|
--connection con1
|
INSERT INTO t1 VALUES ('foo','bar'),(NULL,NULL),(NULL,'foobar'),('a',NULL),(NULL,'qux'); |
INSERT INTO t1 SELECT * FROM t1; |
INSERT INTO t1 SELECT * FROM t1; |
INSERT INTO t1 SELECT * FROM t1; |
INSERT INTO t1 SELECT * FROM t1; |
|
|
BACKUP STAGE START;
|
|
|
--connection default
|
--send
|
DELETE FROM t1; |
--connection con1
|
BACKUP STAGE BLOCK_COMMIT;
|
|
|
# Cleanup
|
--connection con1
|
BACKUP STAGE END; |
--disconnect con1
|
--connection default
|
--reap
|
DROP TABLE t1; |
==15871==ERROR: AddressSanitizer: heap-use-after-free on address 0x62b000134280 at pc 0x56043f28244f bp 0x7fb5c0ace300 sp 0x7fb5c0ace2f8
|
READ of size 8 at 0x62b000134280 thread T6
|
#0 0x56043f28244e in check_one_key /data/src/10.4/storage/heap/_check.c:114
|
#1 0x56043f281d4d in heap_check_heap /data/src/10.4/storage/heap/_check.c:57
|
#2 0x56043f27e247 in hp_close /data/src/10.4/storage/heap/hp_close.c:39
|
#3 0x56043f27e095 in heap_close /data/src/10.4/storage/heap/hp_close.c:28
|
#4 0x56043f2612fe in ha_heap::close() /data/src/10.4/storage/heap/ha_heap.cc:140
|
#5 0x56043e233cf2 in handler::ha_close() /data/src/10.4/sql/handler.cc:2967
|
#6 0x56043dd58401 in closefrm(TABLE*) /data/src/10.4/sql/table.cc:3993
|
#7 0x56043e0196a8 in intern_close_table /data/src/10.4/sql/table_cache.cc:222
|
#8 0x56043e019d0f in tc_purge(bool) /data/src/10.4/sql/table_cache.cc:335
|
#9 0x56043e031daf in backup_flush /data/src/10.4/sql/backup.cc:207
|
#10 0x56043e031645 in run_backup_stage(THD*, backup_stages) /data/src/10.4/sql/backup.cc:110
|
#11 0x56043da995ea in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:5288
|
#12 0x56043daac56e in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:8157
|
#13 0x56043da84777 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1829
|
#14 0x56043da81578 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1358
|
#15 0x56043de14cab in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1399
|
#16 0x56043de146a4 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1302
|
#17 0x56043e9de93a in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1862
|
#18 0x7fb5cc32d493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
#19 0x7fb5ca71393e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)
|
|
|
0x62b000134280 is located 128 bytes inside of 24116-byte region [0x62b000134200,0x62b00013a034)
|
freed by thread T5 here:
|
#0 0x7fb5cc597527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527)
|
#1 0x56043f38f5d9 in free_memory /data/src/10.4/mysys/safemalloc.c:279
|
#2 0x56043f38ebdf in sf_free /data/src/10.4/mysys/safemalloc.c:197
|
#3 0x56043f35f628 in my_free /data/src/10.4/mysys/my_malloc.c:222
|
#4 0x56043f27cff0 in hp_free_level /data/src/10.4/storage/heap/hp_block.c:151
|
#5 0x56043f27d6d6 in hp_clear_keys /data/src/10.4/storage/heap/hp_clear.c:100
|
#6 0x56043f27d1dc in hp_clear /data/src/10.4/storage/heap/hp_clear.c:38
|
#7 0x56043f27d043 in heap_clear /data/src/10.4/storage/heap/hp_clear.c:27
|
#8 0x56043f2637eb in ha_heap::delete_all_rows() /data/src/10.4/storage/heap/ha_heap.cc:411
|
#9 0x56043e23ff0e in handler::ha_delete_all_rows() /data/src/10.4/sql/handler.cc:4510
|
#10 0x56043e641026 in mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) /data/src/10.4/sql/sql_delete.cc:502
|
#11 0x56043da97490 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:4985
|
#12 0x56043daac56e in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:8157
|
#13 0x56043da84777 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1829
|
#14 0x56043da81578 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1358
|
#15 0x56043de14cab in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1399
|
#16 0x56043de146a4 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1302
|
#17 0x56043e9de93a in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1862
|
#18 0x7fb5cc32d493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
|
|
previously allocated by thread T6 here:
|
#0 0x7fb5cc59773f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
|
#1 0x56043f38e34f in sf_malloc /data/src/10.4/mysys/safemalloc.c:118
|
#2 0x56043f35ec4a in my_malloc /data/src/10.4/mysys/my_malloc.c:101
|
#3 0x56043f27c91b in hp_get_new_block /data/src/10.4/storage/heap/hp_block.c:81
|
#4 0x56043f27c032 in hp_find_free_hash /data/src/10.4/storage/heap/hp_write.c:411
|
#5 0x56043f27b06e in hp_write_key /data/src/10.4/storage/heap/hp_write.c:214
|
#6 0x56043f279a1a in heap_write /data/src/10.4/storage/heap/hp_write.c:52
|
#7 0x56043f261fbc in ha_heap::write_row(unsigned char*) /data/src/10.4/storage/heap/ha_heap.cc:239
|
#8 0x56043e24f9f1 in handler::ha_write_row(unsigned char*) /data/src/10.4/sql/handler.cc:6667
|
#9 0x56043d9efd8e in write_record(THD*, TABLE*, st_copy_info*) /data/src/10.4/sql/sql_insert.cc:2024
|
#10 0x56043d9e87cf in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool) /data/src/10.4/sql/sql_insert.cc:1067
|
#11 0x56043da957cc in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:4791
|
#12 0x56043daac56e in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:8157
|
#13 0x56043da84777 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1829
|
#14 0x56043da81578 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1358
|
#15 0x56043de14cab in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1399
|
#16 0x56043de146a4 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1302
|
#17 0x56043e9de93a in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1862
|
#18 0x7fb5cc32d493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
|
|
Thread T6 created by T0 here:
|
#0 0x7fb5cc566bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
|
#1 0x56043e9def02 in spawn_thread_v1 /data/src/10.4/storage/perfschema/pfs.cc:1912
|
#2 0x56043d7cf2e6 in inline_mysql_thread_create /data/src/10.4/include/mysql/psi/mysql_thread.h:1268
|
#3 0x56043d7e43f2 in create_thread_to_handle_connection(CONNECT*) /data/src/10.4/sql/mysqld.cc:6133
|
#4 0x56043d7e4af7 in create_new_thread(CONNECT*) /data/src/10.4/sql/mysqld.cc:6203
|
#5 0x56043d7e4e87 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.4/sql/mysqld.cc:6301
|
#6 0x56043d7e5ad3 in handle_connections_sockets() /data/src/10.4/sql/mysqld.cc:6459
|
#7 0x56043d7e3c2d in mysqld_main(int, char**) /data/src/10.4/sql/mysqld.cc:5791
|
#8 0x56043d7cd16f in main /data/src/10.4/sql/main.cc:25
|
#9 0x7fb5ca64b2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
|
|
|
Thread T5 created by T0 here:
|
#0 0x7fb5cc566bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
|
#1 0x56043e9def02 in spawn_thread_v1 /data/src/10.4/storage/perfschema/pfs.cc:1912
|
#2 0x56043d7cf2e6 in inline_mysql_thread_create /data/src/10.4/include/mysql/psi/mysql_thread.h:1268
|
#3 0x56043d7e43f2 in create_thread_to_handle_connection(CONNECT*) /data/src/10.4/sql/mysqld.cc:6133
|
#4 0x56043d7e4af7 in create_new_thread(CONNECT*) /data/src/10.4/sql/mysqld.cc:6203
|
#5 0x56043d7e4e87 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.4/sql/mysqld.cc:6301
|
#6 0x56043d7e5ad3 in handle_connections_sockets() /data/src/10.4/sql/mysqld.cc:6459
|
#7 0x56043d7e3c2d in mysqld_main(int, char**) /data/src/10.4/sql/mysqld.cc:5791
|
#8 0x56043d7cd16f in main /data/src/10.4/sql/main.cc:25
|
#9 0x7fb5ca64b2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
|
|
|
SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.4/storage/heap/_check.c:114 check_one_key
|
Shadow bytes around the buggy address:
|
0x0c568001e800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c568001e810: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c568001e820: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c568001e830: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c568001e840: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
=>0x0c568001e850:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c568001e860: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c568001e870: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c568001e880: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c568001e890: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c568001e8a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Heap right redzone: fb
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack partial redzone: f4
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Contiguous container OOB:fc
|
ASan internal: fe
|
==15871==ABORTING
|
==5683==ERROR: AddressSanitizer: heap-use-after-free on address 0x7fa55e003862 at pc 0x56427b37b707 bp 0x7fa55e8bd1b0 sp 0x7fa55e8bd1a8
|
READ of size 1 at 0x7fa55e003862 thread T6
|
#0 0x56427b37b706 in hp_rec_hashnr /data/src/10.4/storage/heap/hp_hash.c:315
|
#1 0x56427b392492 in check_one_key /data/src/10.4/storage/heap/_check.c:114
|
#2 0x56427b391d4d in heap_check_heap /data/src/10.4/storage/heap/_check.c:57
|
#3 0x56427b38e247 in hp_close /data/src/10.4/storage/heap/hp_close.c:39
|
#4 0x56427b38e095 in heap_close /data/src/10.4/storage/heap/hp_close.c:28
|
#5 0x56427b3712fe in ha_heap::close() /data/src/10.4/storage/heap/ha_heap.cc:140
|
#6 0x56427a343cf2 in handler::ha_close() /data/src/10.4/sql/handler.cc:2967
|
#7 0x564279e68401 in closefrm(TABLE*) /data/src/10.4/sql/table.cc:3993
|
#8 0x56427a1296a8 in intern_close_table /data/src/10.4/sql/table_cache.cc:222
|
#9 0x56427a129d0f in tc_purge(bool) /data/src/10.4/sql/table_cache.cc:335
|
#10 0x56427a141daf in backup_flush /data/src/10.4/sql/backup.cc:207
|
#11 0x56427a141645 in run_backup_stage(THD*, backup_stages) /data/src/10.4/sql/backup.cc:110
|
#12 0x564279ba95ea in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:5288
|
#13 0x564279bbc56e in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:8157
|
#14 0x564279b94777 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1829
|
#15 0x564279b91578 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1358
|
#16 0x564279f24cab in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1399
|
#17 0x564279f246a4 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1302
|
#18 0x56427aaee93a in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1862
|
#19 0x7fa56a11c493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
#20 0x7fa56850293e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)
|
|
|
0x7fa55e003862 is located 69730 bytes inside of 132836-byte region [0x7fa55dff2800,0x7fa55e012ee4)
|
freed by thread T5 here:
|
#0 0x7fa56a386527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527)
|
#1 0x56427b49f5d9 in free_memory /data/src/10.4/mysys/safemalloc.c:279
|
#2 0x56427b49ebdf in sf_free /data/src/10.4/mysys/safemalloc.c:197
|
#3 0x56427b46f628 in my_free /data/src/10.4/mysys/my_malloc.c:222
|
#4 0x56427b38cff0 in hp_free_level /data/src/10.4/storage/heap/hp_block.c:151
|
#5 0x56427b38cfca in hp_free_level /data/src/10.4/storage/heap/hp_block.c:146
|
#6 0x56427b38d17e in hp_clear /data/src/10.4/storage/heap/hp_clear.c:35
|
#7 0x56427b38d043 in heap_clear /data/src/10.4/storage/heap/hp_clear.c:27
|
#8 0x56427b3737eb in ha_heap::delete_all_rows() /data/src/10.4/storage/heap/ha_heap.cc:411
|
#9 0x56427a34ff0e in handler::ha_delete_all_rows() /data/src/10.4/sql/handler.cc:4510
|
#10 0x56427a751026 in mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) /data/src/10.4/sql/sql_delete.cc:502
|
#11 0x564279ba7490 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:4985
|
#12 0x564279bbc56e in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:8157
|
#13 0x564279b94777 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1829
|
#14 0x564279b91578 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1358
|
#15 0x564279f24cab in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1399
|
#16 0x564279f246a4 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1302
|
#17 0x56427aaee93a in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1862
|
#18 0x7fa56a11c493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
|
|
previously allocated by thread T6 here:
|
#0 0x7fa56a38673f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
|
#1 0x56427b49e34f in sf_malloc /data/src/10.4/mysys/safemalloc.c:118
|
#2 0x56427b46ec4a in my_malloc /data/src/10.4/mysys/my_malloc.c:101
|
#3 0x56427b38c91b in hp_get_new_block /data/src/10.4/storage/heap/hp_block.c:81
|
#4 0x56427b38acef in next_free_record_pos /data/src/10.4/storage/heap/hp_write.c:165
|
#5 0x56427b389868 in heap_write /data/src/10.4/storage/heap/hp_write.c:45
|
#6 0x56427b371fbc in ha_heap::write_row(unsigned char*) /data/src/10.4/storage/heap/ha_heap.cc:239
|
#7 0x56427a35f9f1 in handler::ha_write_row(unsigned char*) /data/src/10.4/sql/handler.cc:6667
|
#8 0x564279affd8e in write_record(THD*, TABLE*, st_copy_info*) /data/src/10.4/sql/sql_insert.cc:2024
|
#9 0x564279af87cf in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool) /data/src/10.4/sql/sql_insert.cc:1067
|
#10 0x564279ba57cc in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:4791
|
#11 0x564279bbc56e in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:8157
|
#12 0x564279b94777 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1829
|
#13 0x564279b91578 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1358
|
#14 0x564279f24cab in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1399
|
#15 0x564279f246a4 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1302
|
#16 0x56427aaee93a in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1862
|
#17 0x7fa56a11c493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
|
|
Thread T6 created by T0 here:
|
#0 0x7fa56a355bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
|
#1 0x56427aaeef02 in spawn_thread_v1 /data/src/10.4/storage/perfschema/pfs.cc:1912
|
#2 0x5642798df2e6 in inline_mysql_thread_create /data/src/10.4/include/mysql/psi/mysql_thread.h:1268
|
#3 0x5642798f43f2 in create_thread_to_handle_connection(CONNECT*) /data/src/10.4/sql/mysqld.cc:6133
|
#4 0x5642798f4af7 in create_new_thread(CONNECT*) /data/src/10.4/sql/mysqld.cc:6203
|
#5 0x5642798f4e87 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.4/sql/mysqld.cc:6301
|
#6 0x5642798f5ad3 in handle_connections_sockets() /data/src/10.4/sql/mysqld.cc:6459
|
#7 0x5642798f3c2d in mysqld_main(int, char**) /data/src/10.4/sql/mysqld.cc:5791
|
#8 0x5642798dd16f in main /data/src/10.4/sql/main.cc:25
|
#9 0x7fa56843a2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
|
|
|
Thread T5 created by T0 here:
|
#0 0x7fa56a355bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
|
#1 0x56427aaeef02 in spawn_thread_v1 /data/src/10.4/storage/perfschema/pfs.cc:1912
|
#2 0x5642798df2e6 in inline_mysql_thread_create /data/src/10.4/include/mysql/psi/mysql_thread.h:1268
|
#3 0x5642798f43f2 in create_thread_to_handle_connection(CONNECT*) /data/src/10.4/sql/mysqld.cc:6133
|
#4 0x5642798f4af7 in create_new_thread(CONNECT*) /data/src/10.4/sql/mysqld.cc:6203
|
#5 0x5642798f4e87 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.4/sql/mysqld.cc:6301
|
#6 0x5642798f5ad3 in handle_connections_sockets() /data/src/10.4/sql/mysqld.cc:6459
|
#7 0x5642798f3c2d in mysqld_main(int, char**) /data/src/10.4/sql/mysqld.cc:5791
|
#8 0x5642798dd16f in main /data/src/10.4/sql/main.cc:25
|
#9 0x7fa56843a2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
|
|
|
SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.4/storage/heap/hp_hash.c:315 hp_rec_hashnr
|
Shadow bytes around the buggy address:
|
0x0ff52bbf86b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0ff52bbf86c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0ff52bbf86d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0ff52bbf86e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0ff52bbf86f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
=>0x0ff52bbf8700: fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd
|
0x0ff52bbf8710: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0ff52bbf8720: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0ff52bbf8730: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0ff52bbf8740: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0ff52bbf8750: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Heap right redzone: fb
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack partial redzone: f4
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Contiguous container OOB:fc
|
ASan internal: fe
|
==5683==ABORTING
|
|
|
|
|
==6061==ERROR: AddressSanitizer: heap-use-after-free on address 0x62100022c580 at pc 0x55bc1a5b044f bp 0x7f7e41d5a300 sp 0x7f7e41d5a2f8
|
READ of size 8 at 0x62100022c580 thread T5
|
#0 0x55bc1a5b044e in check_one_key /data/src/10.4/storage/heap/_check.c:114
|
#1 0x55bc1a5afd4d in heap_check_heap /data/src/10.4/storage/heap/_check.c:57
|
#2 0x55bc1a5ac247 in hp_close /data/src/10.4/storage/heap/hp_close.c:39
|
#3 0x55bc1a5ac095 in heap_close /data/src/10.4/storage/heap/hp_close.c:28
|
#4 0x55bc1a58f2fe in ha_heap::close() /data/src/10.4/storage/heap/ha_heap.cc:140
|
#5 0x55bc19561cf2 in handler::ha_close() /data/src/10.4/sql/handler.cc:2967
|
#6 0x55bc19086401 in closefrm(TABLE*) /data/src/10.4/sql/table.cc:3993
|
#7 0x55bc193476a8 in intern_close_table /data/src/10.4/sql/table_cache.cc:222
|
#8 0x55bc19347d0f in tc_purge(bool) /data/src/10.4/sql/table_cache.cc:335
|
#9 0x55bc1935fdaf in backup_flush /data/src/10.4/sql/backup.cc:207
|
#10 0x55bc1935f645 in run_backup_stage(THD*, backup_stages) /data/src/10.4/sql/backup.cc:110
|
#11 0x55bc18dc75ea in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:5288
|
#12 0x55bc18dda56e in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:8157
|
#13 0x55bc18db2777 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1829
|
#14 0x55bc18daf578 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1358
|
#15 0x55bc19142cab in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1399
|
#16 0x55bc191426a4 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1302
|
#17 0x55bc19d0c93a in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1862
|
#18 0x7f7e4d0db493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
#19 0x7f7e4b4c193e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)
|
|
|
0x62100022c580 is located 128 bytes inside of 4028-byte region [0x62100022c500,0x62100022d4bc)
|
freed by thread T6 here:
|
#0 0x7f7e4d345527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527)
|
#1 0x55bc1a6bd5d9 in free_memory /data/src/10.4/mysys/safemalloc.c:279
|
#2 0x55bc1a6bcbdf in sf_free /data/src/10.4/mysys/safemalloc.c:197
|
#3 0x55bc1a68d628 in my_free /data/src/10.4/mysys/my_malloc.c:222
|
#4 0x55bc1a5aaff0 in hp_free_level /data/src/10.4/storage/heap/hp_block.c:151
|
#5 0x55bc1a5ab6d6 in hp_clear_keys /data/src/10.4/storage/heap/hp_clear.c:100
|
#6 0x55bc1a5ab1dc in hp_clear /data/src/10.4/storage/heap/hp_clear.c:38
|
#7 0x55bc1a5ab043 in heap_clear /data/src/10.4/storage/heap/hp_clear.c:27
|
#8 0x55bc1a5917eb in ha_heap::delete_all_rows() /data/src/10.4/storage/heap/ha_heap.cc:411
|
#9 0x55bc1956df0e in handler::ha_delete_all_rows() /data/src/10.4/sql/handler.cc:4510
|
#10 0x55bc1996f026 in mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) /data/src/10.4/sql/sql_delete.cc:502
|
#11 0x55bc18dc5490 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:4985
|
#12 0x55bc18dda56e in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:8157
|
#13 0x55bc18db2777 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1829
|
#14 0x55bc18daf578 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1358
|
#15 0x55bc19142cab in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1399
|
#16 0x55bc191426a4 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1302
|
#17 0x55bc19d0c93a in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1862
|
#18 0x7f7e4d0db493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
|
|
previously allocated by thread T5 here:
|
#0 0x7f7e4d34573f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
|
#1 0x55bc1a6bc34f in sf_malloc /data/src/10.4/mysys/safemalloc.c:118
|
#2 0x55bc1a68cc4a in my_malloc /data/src/10.4/mysys/my_malloc.c:101
|
#3 0x55bc1a5aa91b in hp_get_new_block /data/src/10.4/storage/heap/hp_block.c:81
|
#4 0x55bc1a5aa032 in hp_find_free_hash /data/src/10.4/storage/heap/hp_write.c:411
|
#5 0x55bc1a5a906e in hp_write_key /data/src/10.4/storage/heap/hp_write.c:214
|
#6 0x55bc1a5a7a1a in heap_write /data/src/10.4/storage/heap/hp_write.c:52
|
#7 0x55bc1a58ffbc in ha_heap::write_row(unsigned char*) /data/src/10.4/storage/heap/ha_heap.cc:239
|
#8 0x55bc1957d9f1 in handler::ha_write_row(unsigned char*) /data/src/10.4/sql/handler.cc:6667
|
#9 0x55bc18d1dd8e in write_record(THD*, TABLE*, st_copy_info*) /data/src/10.4/sql/sql_insert.cc:2024
|
#10 0x55bc18d167cf in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool) /data/src/10.4/sql/sql_insert.cc:1067
|
#11 0x55bc18dc37cc in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:4791
|
#12 0x55bc18dda56e in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:8157
|
#13 0x55bc18db2777 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1829
|
#14 0x55bc18daf578 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1358
|
#15 0x55bc19142cab in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1399
|
#16 0x55bc191426a4 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1302
|
#17 0x55bc19d0c93a in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1862
|
#18 0x7f7e4d0db493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
|
|
Thread T5 created by T0 here:
|
#0 0x7f7e4d314bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
|
#1 0x55bc19d0cf02 in spawn_thread_v1 /data/src/10.4/storage/perfschema/pfs.cc:1912
|
#2 0x55bc18afd2e6 in inline_mysql_thread_create /data/src/10.4/include/mysql/psi/mysql_thread.h:1268
|
#3 0x55bc18b123f2 in create_thread_to_handle_connection(CONNECT*) /data/src/10.4/sql/mysqld.cc:6133
|
#4 0x55bc18b12af7 in create_new_thread(CONNECT*) /data/src/10.4/sql/mysqld.cc:6203
|
#5 0x55bc18b12e87 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.4/sql/mysqld.cc:6301
|
#6 0x55bc18b13ad3 in handle_connections_sockets() /data/src/10.4/sql/mysqld.cc:6459
|
#7 0x55bc18b11c2d in mysqld_main(int, char**) /data/src/10.4/sql/mysqld.cc:5791
|
#8 0x55bc18afb16f in main /data/src/10.4/sql/main.cc:25
|
#9 0x7f7e4b3f92b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
|
|
|
Thread T6 created by T0 here:
|
#0 0x7f7e4d314bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
|
#1 0x55bc19d0cf02 in spawn_thread_v1 /data/src/10.4/storage/perfschema/pfs.cc:1912
|
#2 0x55bc18afd2e6 in inline_mysql_thread_create /data/src/10.4/include/mysql/psi/mysql_thread.h:1268
|
#3 0x55bc18b123f2 in create_thread_to_handle_connection(CONNECT*) /data/src/10.4/sql/mysqld.cc:6133
|
#4 0x55bc18b12af7 in create_new_thread(CONNECT*) /data/src/10.4/sql/mysqld.cc:6203
|
#5 0x55bc18b12e87 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.4/sql/mysqld.cc:6301
|
#6 0x55bc18b13ad3 in handle_connections_sockets() /data/src/10.4/sql/mysqld.cc:6459
|
#7 0x55bc18b11c2d in mysqld_main(int, char**) /data/src/10.4/sql/mysqld.cc:5791
|
#8 0x55bc18afb16f in main /data/src/10.4/sql/main.cc:25
|
#9 0x7f7e4b3f92b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
|
|
|
SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.4/storage/heap/_check.c:114 check_one_key
|
Shadow bytes around the buggy address:
|
0x0c428003d860: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c428003d870: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c428003d880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c428003d890: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c428003d8a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
=>0x0c428003d8b0:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c428003d8c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c428003d8d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c428003d8e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c428003d8f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c428003d900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Heap right redzone: fb
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack partial redzone: f4
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Contiguous container OOB:fc
|
ASan internal: fe
|
==6061==ABORTING
|
Attachments
Issue Links
- causes
-
-
- Closed
-
- duplicates
-
-
- Closed
-