Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Cannot Reproduce
-
10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5, 10.6, 10.7(EOL), 10.8(EOL), 10.9(EOL)
Description
Unlike MDEV-14557 or MDEV-19178, this one doesn't have an (obvious) invalidation.
CREATE FUNCTION f (i INT) RETURNS INT RETURN 3; |
CREATE TABLE t1 (a INT); |
CREATE TABLE t2 (b INT); |
CREATE VIEW v AS WITH cte AS ( SELECT * FROM t1 ) SELECT * FROM cte; |
CREATE PROCEDURE p () SELECT 1 FROM v WHERE f(a) < 9; |
LOCK TABLE t2 WRITE; |
--error ER_TABLE_NOT_LOCKED
|
CALL p();
|
UNLOCK TABLES;
|
CALL p();
|
CALL p();
|
|
|
# Cleanup
|
DROP PROCEDURE p; |
DROP FUNCTION f; |
DROP VIEW v; |
DROP TABLE t1, t2; |
|
10.4 release c5bc0ced |
pure virtual method called
|
terminate called without an active exception
|
190823 2:36:53 [ERROR] mysqld got signal 6 ;
|
|
|
#5 0x00007fa82534542a in __GI_abort () at abort.c:89
|
#6 0x00007fa825c5c0ad in __gnu_cxx::__verbose_terminate_handler() () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
|
#7 0x00007fa825c5a066 in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
|
#8 0x00007fa825c5a0b1 in std::terminate() () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
|
#9 0x00007fa825c5ab8f in __cxa_pure_virtual () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
|
#10 0x0000561392ee1891 in Item_ref::set_properties (this=this@entry=0x7fa8040d4b10) at /data/src/10.4/sql/item.cc:7928
|
#11 0x0000561392ee1937 in Item_ref::Item_ref (this=0x7fa8040d4b10, thd=<optimized out>, context_arg=<optimized out>, item=0x7fa804035768, table_name_arg=<optimized out>, field_name_arg=<optimized out>, alias_name_used_arg=false) at /data/src/10.4/sql/item.cc:7567
|
#12 0x0000561392d7bac9 in Item_direct_ref::Item_direct_ref (alias_name_used_arg=false, field_name_arg=0x7fa804035770, table_name_arg=<optimized out>, item=0x7fa804035768, context_arg=0x7fa804036718, thd=0x7fa8040009a8, this=0x7fa8040d4b10) at /data/src/10.4/sql/item.h:5377
|
#13 Item_direct_view_ref::Item_direct_view_ref (view_arg=0x7fa8040d7710, field_name_arg=0x7fa804035770, table_name_arg=<optimized out>, item=0x7fa804035768, context_arg=0x7fa804036718, thd=0x7fa8040009a8, this=0x7fa8040d4b10) at /data/src/10.4/sql/item.h:5619
|
#14 create_view_field (thd=thd@entry=0x7fa8040009a8, view=0x7fa8040d7710, field_ref=0x7fa804035768, name=0x7fa804035770) at /data/src/10.4/sql/table.cc:6405
|
#15 0x0000561392d7bd17 in Field_iterator_view::create_item (this=this@entry=0x7fa81b4f59a0, thd=thd@entry=0x7fa8040009a8) at /data/src/10.4/sql/table.cc:6363
|
#16 0x0000561392c73b15 in find_field_in_view (length=1, item_name=<optimized out>, register_tree_change=true, ref=0x7fa8040d81b0, name=0x7fa8040d7de8 "a", table_list=0x7fa8040d7710, thd=0x7fa8040009a8) at /data/src/10.4/sql/sql_base.cc:5779
|
#17 find_field_in_table_ref (thd=thd@entry=0x7fa8040009a8, table_list=table_list@entry=0x7fa8040d7710, name=name@entry=0x7fa8040d7de8 "a", length=length@entry=1, item_name=<optimized out>, db_name=<optimized out>, db_name@entry=0x0, table_name=0x0, ref=0x7fa8040d81b0, check_privileges=true, allow_rowid=true, cached_field_index_ptr=0x7fa8040d7ec4, register_tree_change=true, actual_table=0x7fa81b4f5ac8) at /data/src/10.4/sql/sql_base.cc:6118
|
#18 0x0000561392c74323 in find_field_in_tables (thd=thd@entry=0x7fa8040009a8, item=item@entry=0x7fa8040d7df0, first_table=0x7fa8040d7710, last_table=0x0, ref=ref@entry=0x7fa8040d81b0, report_error=IGNORE_EXCEPT_NON_UNIQUE, check_privileges=true, register_tree_change=true) at /data/src/10.4/sql/sql_base.cc:6356
|
#19 0x0000561392ee2c00 in Item_field::fix_fields (this=0x7fa8040d7df0, thd=0x7fa8040009a8, reference=0x7fa8040d81b0) at /data/src/10.4/sql/item.cc:5718
|
#20 0x0000561392f1bae3 in Item::fix_fields_if_needed (ref=0x7fa8040d81b0, thd=0x7fa8040009a8, this=0x7fa8040d7df0) at /data/src/10.4/sql/item.h:956
|
#21 Item_func::fix_fields (this=0x7fa8040d8120, thd=0x7fa8040009a8, ref=<optimized out>) at /data/src/10.4/sql/item_func.cc:351
|
#22 0x0000561392f26752 in Item_func_sp::fix_fields (this=0x7fa8040d8120, thd=0x7fa8040009a8, ref=0x7fa8040da4d8) at /data/src/10.4/sql/item_func.cc:6397
|
#23 0x0000561392f1bae3 in Item::fix_fields_if_needed (ref=0x7fa8040da4d8, thd=0x7fa8040009a8, this=0x7fa8040d8120) at /data/src/10.4/sql/item.h:956
|
#24 Item_func::fix_fields (this=0x7fa8040da448, thd=0x7fa8040009a8, ref=<optimized out>) at /data/src/10.4/sql/item_func.cc:351
|
#25 0x0000561392c7696f in Item::fix_fields_if_needed (ref=0x7fa8040d48b8, thd=0x7fa8040009a8, this=0x7fa8040da448) at /data/src/10.4/sql/item.h:956
|
#26 Item::fix_fields_if_needed_for_scalar (ref=0x7fa8040d48b8, thd=0x7fa8040009a8, this=0x7fa8040da448) at /data/src/10.4/sql/item.h:960
|
#27 Item::fix_fields_if_needed_for_bool (ref=0x7fa8040d48b8, thd=0x7fa8040009a8, this=0x7fa8040da448) at /data/src/10.4/sql/item.h:964
|
#28 setup_conds (thd=thd@entry=0x7fa8040009a8, tables=tables@entry=0x7fa8040d7710, leaves=..., conds=conds@entry=0x7fa8040d48b8) at /data/src/10.4/sql/sql_base.cc:8372
|
#29 0x0000561392d12b23 in setup_without_group (reserved=0x7fa8040d74c4, hidden_group_fields=0x7fa8040d4797, win_funcs=..., win_specs=..., group=0x0, order=0x0, conds=0x7fa8040d48b8, all_fields=..., fields=..., leaves=..., tables=0x7fa8040d7710, ref_pointer_array=..., thd=0x7fa8040009a8) at /data/src/10.4/sql/sql_select.cc:689
|
#30 JOIN::prepare (this=this@entry=0x7fa8040d44b0, tables_init=tables_init@entry=0x7fa8040d7710, wild_num=wild_num@entry=0, conds_init=conds_init@entry=0x7fa8040da448, og_num=og_num@entry=0, order_init=order_init@entry=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7fa8040d71c0, unit_arg=0x7fa8040d89f8) at /data/src/10.4/sql/sql_select.cc:1231
|
#31 0x0000561392d21df2 in mysql_select (thd=thd@entry=0x7fa8040009a8, tables=0x7fa8040d7710, wild_num=0, fields=..., conds=0x7fa8040da448, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147749632, result=0x7fa8040d4488, unit=0x7fa8040d89f8, select_lex=0x7fa8040d71c0) at /data/src/10.4/sql/sql_select.cc:4596
|
#32 0x0000561392d21f4e in handle_select (thd=thd@entry=0x7fa8040009a8, lex=lex@entry=0x7fa8040d8930, result=result@entry=0x7fa8040d4488, setup_tables_done_option=setup_tables_done_option@entry=0) at /data/src/10.4/sql/sql_select.cc:425
|
#33 0x0000561392be4bb2 in execute_sqlcom_select (thd=thd@entry=0x7fa8040009a8, all_tables=0x7fa8040d7710) at /data/src/10.4/sql/sql_parse.cc:6356
|
#34 0x0000561392ccbc70 in mysql_execute_command (thd=thd@entry=0x7fa8040009a8) at /data/src/10.4/sql/sql_parse.cc:3898
|
#35 0x0000561392c3ec33 in sp_instr_stmt::exec_core (this=0x7fa8040d8360, thd=0x7fa8040009a8, nextp=0x7fa81b4f9cc4) at /data/src/10.4/sql/sp_head.cc:3607
|
#36 0x0000561392c451c8 in sp_lex_keeper::reset_lex_and_exec_core (this=this@entry=0x7fa8040d83a8, thd=thd@entry=0x7fa8040009a8, nextp=nextp@entry=0x7fa81b4f9cc4, open_tables=open_tables@entry=false, instr=instr@entry=0x7fa8040d8360) at /data/src/10.4/sql/sp_head.cc:3335
|
#37 0x0000561392c45be4 in sp_instr_stmt::execute (this=0x7fa8040d8360, thd=0x7fa8040009a8, nextp=0x7fa81b4f9cc4) at /data/src/10.4/sql/sp_head.cc:3513
|
#38 0x0000561392c413e2 in sp_head::execute (this=this@entry=0x7fa8040d6540, thd=thd@entry=0x7fa8040009a8, merge_da_on_success=merge_da_on_success@entry=true) at /data/src/10.4/sql/sp_head.cc:1346
|
#39 0x0000561392c4258c in sp_head::execute_procedure (this=0x7fa8040d6540, thd=thd@entry=0x7fa8040009a8, args=0x7fa8040055d0) at /data/src/10.4/sql/sp_head.cc:2288
|
#40 0x0000561392cc357f in do_execute_sp (thd=0x7fa8040009a8, sp=<optimized out>) at /data/src/10.4/sql/sql_parse.cc:3019
|
#41 0x0000561392cc4956 in Sql_cmd_call::execute (this=this@entry=0x7fa80400fdf0, thd=thd@entry=0x7fa8040009a8) at /data/src/10.4/sql/sql_parse.cc:3261
|
#42 0x0000561392cc51fa in Sql_cmd_call::execute (this=0x7fa80400fdf0, thd=0x7fa8040009a8) at /data/src/10.4/sql/sql_parse.cc:3215
|
#43 0x0000561392ccbcd0 in mysql_execute_command (thd=thd@entry=0x7fa8040009a8) at /data/src/10.4/sql/sql_parse.cc:6098
|
#44 0x0000561392cd2e79 in mysql_parse (thd=thd@entry=0x7fa8040009a8, rawbuf=<optimized out>, length=8, parser_state=parser_state@entry=0x7fa81b4fd1b0, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.4/sql/sql_parse.cc:7908
|
#45 0x0000561392cd5208 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7fa8040009a8, packet=packet@entry=0x7fa804007999 "CALL p()", packet_length=packet_length@entry=8, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.4/sql/sql_parse.cc:1843
|
#46 0x0000561392cd6959 in do_command (thd=0x7fa8040009a8) at /data/src/10.4/sql/sql_parse.cc:1360
|
#47 0x0000561392da523e in do_handle_one_connection (connect=connect@entry=0x5613958fbe98) at /data/src/10.4/sql/sql_connect.cc:1404
|
#48 0x0000561392da5354 in handle_one_connection (arg=arg@entry=0x5613958fbe98) at /data/src/10.4/sql/sql_connect.cc:1306
|
#49 0x000056139334e3f4 in pfs_spawn_thread (arg=0x5613958926b8) at /data/src/10.4/storage/perfschema/pfs.cc:1862
|
#50 0x00007fa826eb14a4 in start_thread (arg=0x7fa81b4fe700) at pthread_create.c:456
|
#51 0x00007fa8253f9d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
|
|
10.4 debug c5bc0ced |
#3 <signal handler called>
|
#4 0x00005618aef14269 in create_view_field (thd=0x7fc664000b00, view=0x7fc664145748, field_ref=0x7fc6640523b0, name=0x7fc6640523b8) at /data/src/10.4/sql/table.cc:6386
|
#5 0x00005618aef14117 in Field_iterator_view::create_item (this=0x7fc6742b7030, thd=0x7fc664000b00) at /data/src/10.4/sql/table.cc:6363
|
#6 0x00005618aed53b47 in find_field_in_view (thd=0x7fc664000b00, table_list=0x7fc664145748, name=0x7fc664145e20 "a", length=1, item_name=0x7fc664145e20 "a", ref=0x7fc6641461e8, register_tree_change=true) at /data/src/10.4/sql/sql_base.cc:5779
|
#7 0x00005618aed549bc in find_field_in_table_ref (thd=0x7fc664000b00, table_list=0x7fc664145748, name=0x7fc664145e20 "a", length=1, item_name=0x7fc664145e20 "a", db_name=0x0, table_name=0x0, ref=0x7fc6641461e8, check_privileges=true, allow_rowid=true, cached_field_index_ptr=0x7fc664145efc, register_tree_change=true, actual_table=0x7fc6742b7220) at /data/src/10.4/sql/sql_base.cc:6118
|
#8 0x00005618aed552d6 in find_field_in_tables (thd=0x7fc664000b00, item=0x7fc664145e28, first_table=0x7fc664145748, last_table=0x0, ref=0x7fc6641461e8, report_error=IGNORE_EXCEPT_NON_UNIQUE, check_privileges=true, register_tree_change=true) at /data/src/10.4/sql/sql_base.cc:6356
|
#9 0x00005618af15143a in Item_field::fix_fields (this=0x7fc664145e28, thd=0x7fc664000b00, reference=0x7fc6641461e8) at /data/src/10.4/sql/item.cc:5718
|
#10 0x00005618aecdf057 in Item::fix_fields_if_needed (this=0x7fc664145e28, thd=0x7fc664000b00, ref=0x7fc6641461e8) at /data/src/10.4/sql/item.h:956
|
#11 0x00005618af1a8e80 in Item_func::fix_fields (this=0x7fc664146158, thd=0x7fc664000b00, ref=0x7fc664042c30) at /data/src/10.4/sql/item_func.cc:351
|
#12 0x00005618af1be3c3 in Item_func_sp::fix_fields (this=0x7fc664146158, thd=0x7fc664000b00, ref=0x7fc664042c30) at /data/src/10.4/sql/item_func.cc:6397
|
#13 0x00005618aecdf057 in Item::fix_fields_if_needed (this=0x7fc664146158, thd=0x7fc664000b00, ref=0x7fc664042c30) at /data/src/10.4/sql/item.h:956
|
#14 0x00005618af1a8e80 in Item_func::fix_fields (this=0x7fc664042ba0, thd=0x7fc664000b00, ref=0x7fc66404c0c0) at /data/src/10.4/sql/item_func.cc:351
|
#15 0x00005618aecdf057 in Item::fix_fields_if_needed (this=0x7fc664042ba0, thd=0x7fc664000b00, ref=0x7fc66404c0c0) at /data/src/10.4/sql/item.h:956
|
#16 0x00005618aecdf085 in Item::fix_fields_if_needed_for_scalar (this=0x7fc664042ba0, thd=0x7fc664000b00, ref=0x7fc66404c0c0) at /data/src/10.4/sql/item.h:960
|
#17 0x00005618aed5debf in Item::fix_fields_if_needed_for_bool (this=0x7fc664042ba0, thd=0x7fc664000b00, ref=0x7fc66404c0c0) at /data/src/10.4/sql/item.h:964
|
#18 0x00005618aed5a707 in setup_conds (thd=0x7fc664000b00, tables=0x7fc664145748, leaves=..., conds=0x7fc66404c0c0) at /data/src/10.4/sql/sql_base.cc:8372
|
#19 0x00005618aee2b8df in setup_without_group (thd=0x7fc664000b00, ref_pointer_array=..., tables=0x7fc664145748, leaves=..., fields=..., all_fields=..., conds=0x7fc66404c0c0, order=0x0, group=0x0, win_specs=..., win_funcs=..., hidden_group_fields=0x7fc66404bf9f, reserved=0x7fc6641454fc) at /data/src/10.4/sql/sql_select.cc:689
|
#20 0x00005618aee2e507 in JOIN::prepare (this=0x7fc66404bcb8, tables_init=0x7fc664145748, wild_num=0, conds_init=0x7fc664042ba0, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7fc6641451f8, unit_arg=0x7fc664041150) at /data/src/10.4/sql/sql_select.cc:1231
|
#21 0x00005618aee3a9a5 in mysql_select (thd=0x7fc664000b00, tables=0x7fc664145748, wild_num=0, fields=..., conds=0x7fc664042ba0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147749632, result=0x7fc66404bc90, unit=0x7fc664041150, select_lex=0x7fc6641451f8) at /data/src/10.4/sql/sql_select.cc:4596
|
#22 0x00005618aee2af2a in handle_select (thd=0x7fc664000b00, lex=0x7fc664041088, result=0x7fc66404bc90, setup_tables_done_option=0) at /data/src/10.4/sql/sql_select.cc:425
|
#23 0x00005618aedf4549 in execute_sqlcom_select (thd=0x7fc664000b00, all_tables=0x7fc664145748) at /data/src/10.4/sql/sql_parse.cc:6356
|
#24 0x00005618aedea390 in mysql_execute_command (thd=0x7fc664000b00) at /data/src/10.4/sql/sql_parse.cc:3898
|
#25 0x00005618aed053d5 in sp_instr_stmt::exec_core (this=0x7fc664146398, thd=0x7fc664000b00, nextp=0x7fc6742b96b4) at /data/src/10.4/sql/sp_head.cc:3607
|
#26 0x00005618aed04732 in sp_lex_keeper::reset_lex_and_exec_core (this=0x7fc6641463e0, thd=0x7fc664000b00, nextp=0x7fc6742b96b4, open_tables=false, instr=0x7fc664146398) at /data/src/10.4/sql/sp_head.cc:3335
|
#27 0x00005618aed04f7a in sp_instr_stmt::execute (this=0x7fc664146398, thd=0x7fc664000b00, nextp=0x7fc6742b96b4) at /data/src/10.4/sql/sp_head.cc:3513
|
#28 0x00005618aecfeb9a in sp_head::execute (this=0x7fc664144578, thd=0x7fc664000b00, merge_da_on_success=true) at /data/src/10.4/sql/sp_head.cc:1346
|
#29 0x00005618aed01511 in sp_head::execute_procedure (this=0x7fc664144578, thd=0x7fc664000b00, args=0x7fc6640058e8) at /data/src/10.4/sql/sp_head.cc:2288
|
#30 0x00005618aede798b in do_execute_sp (thd=0x7fc664000b00, sp=0x7fc664144578) at /data/src/10.4/sql/sql_parse.cc:3019
|
#31 0x00005618aede857e in Sql_cmd_call::execute (this=0x7fc6640131d8, thd=0x7fc664000b00) at /data/src/10.4/sql/sql_parse.cc:3261
|
#32 0x00005618aedf306d in mysql_execute_command (thd=0x7fc664000b00) at /data/src/10.4/sql/sql_parse.cc:6098
|
#33 0x00005618aedf82dd in mysql_parse (thd=0x7fc664000b00, rawbuf=0x7fc664013128 "CALL p()", length=8, parser_state=0x7fc6742bb170, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:7908
|
#34 0x00005618aede4586 in dispatch_command (command=COM_QUERY, thd=0x7fc664000b00, packet=0x7fc664008331 "CALL p()", packet_length=8, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1843
|
#35 0x00005618aede2ccc in do_command (thd=0x7fc664000b00) at /data/src/10.4/sql/sql_parse.cc:1360
|
#36 0x00005618aef5ce00 in do_handle_one_connection (connect=0x5618b2d38040) at /data/src/10.4/sql/sql_connect.cc:1404
|
#37 0x00005618aef5cb4f in handle_one_connection (arg=0x5618b2d38040) at /data/src/10.4/sql/sql_connect.cc:1306
|
#38 0x00005618af888f65 in pfs_spawn_thread (arg=0x5618b2d6d430) at /data/src/10.4/storage/perfschema/pfs.cc:1862
|
#39 0x00007fc67bc5e4a4 in start_thread (arg=0x7fc6742bc700) at pthread_create.c:456
|
#40 0x00007fc67a1a6d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
|
|
10.4 ASAN c5bc0ced |
==18836==ERROR: AddressSanitizer: heap-use-after-free on address 0x625000117218 at pc 0x55650977f22e bp 0x7fd5632b8e90 sp 0x7fd5632b8e88
|
READ of size 8 at 0x625000117218 thread T5
|
#0 0x55650977f22d in create_view_field(THD*, TABLE_LIST*, Item**, st_mysql_const_lex_string*) /data/src/10.4/sql/table.cc:6386
|
#1 0x55650977ee3b in Field_iterator_view::create_item(THD*) /data/src/10.4/sql/table.cc:6363
|
#2 0x556509366c44 in find_field_in_view /data/src/10.4/sql/sql_base.cc:5779
|
#3 0x556509368f59 in find_field_in_table_ref(THD*, TABLE_LIST*, char const*, unsigned long, char const*, char const*, char const*, Item**, bool, bool, unsigned int*, bool, TABLE_LIST**) /data/src/10.4/sql/sql_base.cc:6118
|
#4 0x55650936a238 in find_field_in_tables(THD*, Item_ident*, TABLE_LIST*, TABLE_LIST*, Item**, find_item_error_report_type, bool, bool) /data/src/10.4/sql/sql_base.cc:6356
|
#5 0x556509c61fc5 in Item_field::fix_fields(THD*, Item**) /data/src/10.4/sql/item.cc:5718
|
#6 0x556509272840 in Item::fix_fields_if_needed(THD*, Item**) /data/src/10.4/sql/item.h:956
|
#7 0x556509d229e4 in Item_func::fix_fields(THD*, Item**) /data/src/10.4/sql/item_func.cc:351
|
#8 0x556509d5f4a6 in Item_func_sp::fix_fields(THD*, Item**) /data/src/10.4/sql/item_func.cc:6397
|
#9 0x556509272840 in Item::fix_fields_if_needed(THD*, Item**) /data/src/10.4/sql/item.h:956
|
#10 0x556509d229e4 in Item_func::fix_fields(THD*, Item**) /data/src/10.4/sql/item_func.cc:351
|
#11 0x556509272840 in Item::fix_fields_if_needed(THD*, Item**) /data/src/10.4/sql/item.h:956
|
#12 0x55650927286e in Item::fix_fields_if_needed_for_scalar(THD*, Item**) /data/src/10.4/sql/item.h:960
|
#13 0x55650937dcf4 in Item::fix_fields_if_needed_for_bool(THD*, Item**) /data/src/10.4/sql/item.h:964
|
#14 0x556509375c47 in setup_conds(THD*, TABLE_LIST*, List<TABLE_LIST>&, Item**) /data/src/10.4/sql/sql_base.cc:8372
|
#15 0x55650954a040 in setup_without_group /data/src/10.4/sql/sql_select.cc:689
|
#16 0x556509550744 in JOIN::prepare(TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /data/src/10.4/sql/sql_select.cc:1231
|
#17 0x5565095719c0 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.4/sql/sql_select.cc:4596
|
#18 0x556509548490 in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.4/sql/sql_select.cc:425
|
#19 0x5565094ce0b5 in execute_sqlcom_select /data/src/10.4/sql/sql_parse.cc:6356
|
#20 0x5565094bc5ea in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:3898
|
#21 0x5565092bcf91 in sp_instr_stmt::exec_core(THD*, unsigned int*) /data/src/10.4/sql/sp_head.cc:3607
|
#22 0x5565092bb776 in sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*) /data/src/10.4/sql/sp_head.cc:3335
|
#23 0x5565092bc6d9 in sp_instr_stmt::execute(THD*, unsigned int*) /data/src/10.4/sql/sp_head.cc:3513
|
#24 0x5565092af958 in sp_head::execute(THD*, bool) /data/src/10.4/sql/sp_head.cc:1346
|
#25 0x5565092b4b5e in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.4/sql/sp_head.cc:2288
|
#26 0x5565094b6bad in do_execute_sp /data/src/10.4/sql/sql_parse.cc:3019
|
#27 0x5565094b84ee in Sql_cmd_call::execute(THD*) /data/src/10.4/sql/sql_parse.cc:3261
|
#28 0x5565094cbde4 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:6098
|
#29 0x5565094d6269 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:7908
|
#30 0x5565094b079d in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1843
|
#31 0x5565094ad6ab in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1360
|
#32 0x55650982298e in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1404
|
#33 0x556509822342 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1306
|
#34 0x55650aba2a7d in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1862
|
#35 0x7fd56dac24a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x74a3)
|
#36 0x7fd56c00ad0e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe8d0e)
|
|
|
0x625000117218 is located 6424 bytes inside of 8268-byte region [0x625000115900,0x62500011794c)
|
freed by thread T5 here:
|
#0 0x7fd56dd99a10 in free (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1a10)
|
#1 0x55650acccc00 in free_memory /data/src/10.4/mysys/safemalloc.c:279
|
#2 0x55650accc2e9 in sf_free /data/src/10.4/mysys/safemalloc.c:197
|
#3 0x55650ac9e8b5 in my_free /data/src/10.4/mysys/my_malloc.c:222
|
#4 0x55650ac7f7fa in free_root /data/src/10.4/mysys/my_alloc.c:429
|
#5 0x5565092afae6 in sp_head::execute(THD*, bool) /data/src/10.4/sql/sp_head.cc:1365
|
#6 0x5565092b4b5e in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.4/sql/sp_head.cc:2288
|
#7 0x5565094b6bad in do_execute_sp /data/src/10.4/sql/sql_parse.cc:3019
|
#8 0x5565094b84ee in Sql_cmd_call::execute(THD*) /data/src/10.4/sql/sql_parse.cc:3261
|
#9 0x5565094cbde4 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:6098
|
#10 0x5565094d6269 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:7908
|
#11 0x5565094b079d in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1843
|
#12 0x5565094ad6ab in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1360
|
#13 0x55650982298e in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1404
|
#14 0x556509822342 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1306
|
#15 0x55650aba2a7d in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1862
|
#16 0x7fd56dac24a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x74a3)
|
|
|
previously allocated by thread T5 here:
|
#0 0x7fd56dd99d28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
|
#1 0x55650accbd01 in sf_malloc /data/src/10.4/mysys/safemalloc.c:118
|
#2 0x55650ac9e014 in my_malloc /data/src/10.4/mysys/my_malloc.c:101
|
#3 0x55650ac7e985 in alloc_root /data/src/10.4/mysys/my_alloc.c:250
|
#4 0x5565094e5371 in Query_arena::memdup_w_gap(void const*, unsigned long, unsigned long) /data/src/10.4/sql/sql_class.h:1065
|
#5 0x5565094b54fd in alloc_query(THD*, char const*, unsigned long) /data/src/10.4/sql/sql_parse.cc:2754
|
#6 0x5565092bc5b6 in sp_instr_stmt::execute(THD*, unsigned int*) /data/src/10.4/sql/sp_head.cc:3500
|
#7 0x5565092af958 in sp_head::execute(THD*, bool) /data/src/10.4/sql/sp_head.cc:1346
|
#8 0x5565092b4b5e in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.4/sql/sp_head.cc:2288
|
#9 0x5565094b6bad in do_execute_sp /data/src/10.4/sql/sql_parse.cc:3019
|
#10 0x5565094b84ee in Sql_cmd_call::execute(THD*) /data/src/10.4/sql/sql_parse.cc:3261
|
#11 0x5565094cbde4 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:6098
|
#12 0x5565094d6269 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:7908
|
#13 0x5565094b079d in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1843
|
#14 0x5565094ad6ab in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1360
|
#15 0x55650982298e in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1404
|
#16 0x556509822342 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1306
|
#17 0x55650aba2a7d in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1862
|
#18 0x7fd56dac24a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x74a3)
|
|
|
Thread T5 created by T0 here:
|
#0 0x7fd56dd08f59 in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x30f59)
|
#1 0x55650aba2e6a in spawn_thread_v1 /data/src/10.4/storage/perfschema/pfs.cc:1912
|
#2 0x556509214d88 in inline_mysql_thread_create /data/src/10.4/include/mysql/psi/mysql_thread.h:1268
|
#3 0x556509228eba in create_thread_to_handle_connection(CONNECT*) /data/src/10.4/sql/mysqld.cc:6238
|
#4 0x55650922959d in create_new_thread(CONNECT*) /data/src/10.4/sql/mysqld.cc:6308
|
#5 0x556509229928 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.4/sql/mysqld.cc:6406
|
#6 0x55650922a57a in handle_connections_sockets() /data/src/10.4/sql/mysqld.cc:6564
|
#7 0x55650922873b in mysqld_main(int, char**) /data/src/10.4/sql/mysqld.cc:5896
|
#8 0x556509212c6f in main /data/src/10.4/sql/main.cc:25
|
#9 0x7fd56bf422e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
|
|
|
SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.4/sql/table.cc:6386 in create_view_field(THD*, TABLE_LIST*, Item**, st_mysql_const_lex_string*)
|
Shadow bytes around the buggy address:
|
0x0c4a8001adf0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c4a8001ae00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c4a8001ae10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c4a8001ae20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c4a8001ae30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
=>0x0c4a8001ae40: fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c4a8001ae50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c4a8001ae60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c4a8001ae70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c4a8001ae80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c4a8001ae90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Heap right redzone: fb
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack partial redzone: f4
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
==18836==ABORTING
|
Attachments
Issue Links
- relates to
-
-
- Stalled
-
-
-
- Closed
-
-
-
- Confirmed
-
-
-
- Confirmed
-