[MDEV-25243] ASAN heap-use-after-free in Item_func_sp::execute_impl upon concurrent view DDL and I_S query with view and function - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5, 10.6, 10.7(EOL)
Fix Version/s: 10.2.44, 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4, 10.8.3
Component/s: Information Schema, Stored routines, Views
Labels:
None

Description

Note: Possibly the test case can be simplified, but I can't get rid of anything without involving more complicated structures instead.
The test case fails every time for me, but it is still non-deterministic by design.

CREATE TABLE t (a INT);

INSERT INTO t VALUES (1),(2);

CREATE FUNCTION f(b INT) RETURNS INT RETURN 1;

CREATE VIEW v AS SELECT f(SUM(a)) FROM t;

--connect (con1,localhost,root,,test)

--let $conid= `SELECT CONNECTION_ID()`

--delimiter $

--send

LOOP

  CREATE OR REPLACE VIEW vv AS SELECT 1;

END LOOP $

--delimiter ;

--connection default

SELECT v.* FROM v JOIN INFORMATION_SCHEMA.TABLES WHERE DATA_LENGTH = -1;

# Cleanup

--eval KILL $conid

DROP VIEW IF EXISTS vv;

DROP VIEW v;

DROP FUNCTION f;

DROP TABLE t;

10.2 3dae5647 ASAN
==3140542==ERROR: AddressSanitizer: heap-use-after-free on address 0x6250000cd298 at pc 0x5574b0508578 bp 0x7faab5ee5c50 sp 0x7faab5ee5c40
READ of size 8 at 0x6250000cd298 thread T5
#0 0x5574b0508577 in Item_func_sp::execute_impl(THD*) /data/src/10.2/sql/item_func.cc:6721
#1 0x5574b0508277 in Item_func_sp::execute() /data/src/10.2/sql/item_func.cc:6687
#2 0x5574b0511c57 in Item_func_sp::val_int() /data/src/10.2/sql/item_func.h:2412
#3 0x5574b0400a3e in Item::save_in_field(Field*, bool) /data/src/10.2/sql/item.cc:6419
#4 0x5574afc5a26f in fill_record(THD, TABLE, Field**, List<Item>&, bool, bool) /data/src/10.2/sql/sql_base.cc:8374
#5 0x5574affcd6b7 in select_union::send_data(List<Item>&) /data/src/10.2/sql/sql_union.cc:69
#6 0x5574afe8f9f9 in end_send_group(JOIN, st_join_table, bool) /data/src/10.2/sql/sql_select.cc:20183
#7 0x5574afe84d21 in sub_select(JOIN, st_join_table, bool) /data/src/10.2/sql/sql_select.cc:18814
#8 0x5574afe83682 in do_select /data/src/10.2/sql/sql_select.cc:18409
#9 0x5574afe1d636 in JOIN::exec_inner() /data/src/10.2/sql/sql_select.cc:3642
#10 0x5574afe1b14d in JOIN::exec() /data/src/10.2/sql/sql_select.cc:3437
#11 0x5574afe1e9d0 in mysql_select(THD, TABLE_LIST, unsigned int, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /data/src/10.2/sql/sql_select.cc:3840
#12 0x5574afce4942 in mysql_derived_fill(THD, LEX, TABLE_LIST*) /data/src/10.2/sql/sql_derived.cc:1085
#13 0x5574afcdefaf in mysql_handle_single_derived(LEX, TABLE_LIST, unsigned int) /data/src/10.2/sql/sql_derived.cc:198
#14 0x5574afe5913e in st_join_table::preread_init() /data/src/10.2/sql/sql_select.cc:12109
#15 0x5574afe84eea in sub_select(JOIN, st_join_table, bool) /data/src/10.2/sql/sql_select.cc:18831
#16 0x5574afe8358d in do_select /data/src/10.2/sql/sql_select.cc:18407
#17 0x5574afe1d636 in JOIN::exec_inner() /data/src/10.2/sql/sql_select.cc:3642
#18 0x5574afe1b14d in JOIN::exec() /data/src/10.2/sql/sql_select.cc:3437
#19 0x5574afe1e9d0 in mysql_select(THD, TABLE_LIST, unsigned int, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /data/src/10.2/sql/sql_select.cc:3840
#20 0x5574afdfb3f7 in handle_select(THD, LEX, select_result*, unsigned long) /data/src/10.2/sql/sql_select.cc:361
#21 0x5574afd720d8 in execute_sqlcom_select /data/src/10.2/sql/sql_parse.cc:6274
#22 0x5574afd5f477 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:3585
#23 0x5574afd7b669 in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7794
#24 0x5574afd5474b in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1827
#25 0x5574afd5150a in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1381
#26 0x5574b00d98c5 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1336
#27 0x5574b00d9188 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
#28 0x5574b14783b3 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1869
#29 0x7faac0c4a608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
#30 0x7faac0826292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)

0x6250000cd298 is located 408 bytes inside of 8332-byte region [0x6250000cd100,0x6250000cf18c)
freed by thread T5 here:
#0 0x7faac12157cf in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)
#1 0x5574b159602c in free_memory /data/src/10.2/mysys/safemalloc.c:279
#2 0x5574b1595578 in sf_free /data/src/10.2/mysys/safemalloc.c:197
#3 0x5574b15618e4 in my_free /data/src/10.2/mysys/my_malloc.c:218
#4 0x5574b153f748 in free_root /data/src/10.2/mysys/my_alloc.c:401
#5 0x5574afb9bde1 in sp_head::destroy(sp_head*) /data/src/10.2/sql/sp_head.cc:559
#6 0x5574afb987da in hash_free_sp_head /data/src/10.2/sql/sp_cache.cc:287
#7 0x5574b1504d53 in my_hash_delete /data/src/10.2/mysys/hash.c:632
#8 0x5574afb98a6c in sp_cache::remove(sp_head*) (/mnt-hd8t/bld/10.2-asan-nightly/bin/mysqld+0xc7aa6c)
#9 0x5574afb98696 in sp_cache_flush_obsolete(sp_cache, sp_head) /data/src/10.2/sql/sp_cache.cc:236
#10 0x5574b0769b6d in sp_cache_routine(THD, stored_procedure_type, sp_name, bool, sp_head**) /data/src/10.2/sql/sp.cc:2147
#11 0x5574b07697eb in sp_cache_routine(THD, Sroutine_hash_entry, bool, sp_head**) /data/src/10.2/sql/sp.cc:2105
#12 0x5574afc3c426 in open_and_process_routine /data/src/10.2/sql/sql_base.cc:3256
#13 0x5574afc40703 in open_tables(THD, DDL_options_st const&, TABLE_LIST, unsigned int, unsigned int, Prelocking_strategy*) /data/src/10.2/sql/sql_base.cc:4153
#14 0x5574afc2cf56 in open_tables /data/src/10.2/sql/sql_base.h:248
#15 0x5574afc44584 in open_normal_and_derived_tables(THD, TABLE_LIST, unsigned int, unsigned int) /data/src/10.2/sql/sql_base.cc:4943
#16 0x5574afeff696 in fill_schema_table_by_open /data/src/10.2/sql/sql_show.cc:4412
#17 0x5574aff032d4 in get_all_tables(THD, TABLE_LIST, Item*) /data/src/10.2/sql/sql_show.cc:5061
#18 0x5574aff3512a in get_schema_tables_result(JOIN*, enum_schema_table_state) /data/src/10.2/sql/sql_show.cc:8472
#19 0x5574afe1cf6b in JOIN::exec_inner() /data/src/10.2/sql/sql_select.cc:3606
#20 0x5574afe1b14d in JOIN::exec() /data/src/10.2/sql/sql_select.cc:3437
#21 0x5574afe1e9d0 in mysql_select(THD, TABLE_LIST, unsigned int, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /data/src/10.2/sql/sql_select.cc:3840
#22 0x5574afdfb3f7 in handle_select(THD, LEX, select_result*, unsigned long) /data/src/10.2/sql/sql_select.cc:361
#23 0x5574afd720d8 in execute_sqlcom_select /data/src/10.2/sql/sql_parse.cc:6274
#24 0x5574afd5f477 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:3585
#25 0x5574afd7b669 in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7794
#26 0x5574afd5474b in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1827
#27 0x5574afd5150a in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1381
#28 0x5574b00d98c5 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1336
#29 0x5574b00d9188 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241

previously allocated by thread T5 here:
#0 0x7faac1215bc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
#1 0x5574b1594eea in sf_malloc /data/src/10.2/mysys/safemalloc.c:118
#2 0x5574b1560e73 in my_malloc /data/src/10.2/mysys/my_malloc.c:101
#3 0x5574b153d3d6 in init_alloc_root /data/src/10.2/mysys/my_alloc.c:79
#4 0x5574b004b5f0 in init_sql_alloc(st_mem_root*, unsigned int, unsigned int, unsigned long) /data/src/10.2/sql/thr_malloc.cc:64
#5 0x5574afb9ba73 in sp_head::create() /data/src/10.2/sql/sp_head.cc:541
#6 0x5574b026f4ed in make_sp_head /data/src/10.2/sql/sql_yacc.yy:237
#7 0x5574b02bccd9 in MYSQLparse(THD*) /data/src/10.2/sql/sql_yacc.yy:16844
#8 0x5574afd896a8 in parse_sql(THD, Parser_state, Object_creation_ctx*, bool) /data/src/10.2/sql/sql_parse.cc:10095
#9 0x5574b075ea88 in sp_compile /data/src/10.2/sql/sp.cc:754
#10 0x5574b075f3d1 in db_load_routine /data/src/10.2/sql/sp.cc:881
#11 0x5574b075e430 in db_find_routine /data/src/10.2/sql/sp.cc:667
#12 0x5574b0769c19 in sp_cache_routine(THD, stored_procedure_type, sp_name, bool, sp_head**) /data/src/10.2/sql/sp.cc:2152
#13 0x5574b07697eb in sp_cache_routine(THD, Sroutine_hash_entry, bool, sp_head**) /data/src/10.2/sql/sp.cc:2105
#14 0x5574afc3c426 in open_and_process_routine /data/src/10.2/sql/sql_base.cc:3256
#15 0x5574afc40703 in open_tables(THD, DDL_options_st const&, TABLE_LIST, unsigned int, unsigned int, Prelocking_strategy*) /data/src/10.2/sql/sql_base.cc:4153
#16 0x5574afc43f78 in open_and_lock_tables(THD, DDL_options_st const&, TABLE_LIST, bool, unsigned int, Prelocking_strategy*) /data/src/10.2/sql/sql_base.cc:4880
#17 0x5574afbbb147 in open_and_lock_tables(THD, TABLE_LIST, bool, unsigned int) /data/src/10.2/sql/sql_base.h:507
#18 0x5574afd716f6 in execute_sqlcom_select /data/src/10.2/sql/sql_parse.cc:6195
#19 0x5574afd5f477 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:3585
#20 0x5574afd7b669 in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7794
#21 0x5574afd5474b in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1827
#22 0x5574afd5150a in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1381
#23 0x5574b00d98c5 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1336
#24 0x5574b00d9188 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
#25 0x5574b14783b3 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1869
#26 0x7faac0c4a608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477

Thread T5 created by T0 here:
#0 0x7faac1142805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
#1 0x5574b14787a4 in spawn_thread_v1 /data/src/10.2/storage/perfschema/pfs.cc:1919
#2 0x5574afaf6203 in inline_mysql_thread_create /data/src/10.2/include/mysql/psi/mysql_thread.h:1246
#3 0x5574afb0e0ce in create_thread_to_handle_connection(CONNECT*) /data/src/10.2/sql/mysqld.cc:6573
#4 0x5574afb0e869 in create_new_thread /data/src/10.2/sql/mysqld.cc:6643
#5 0x5574afb0f9fb in handle_connections_sockets() /data/src/10.2/sql/mysqld.cc:6901
#6 0x5574afb0d41f in mysqld_main(int, char**) /data/src/10.2/sql/mysqld.cc:6192
#7 0x5574afaf4abc in main /data/src/10.2/sql/main.cc:25
#8 0x7faac072b0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.2/sql/item_func.cc:6721 in Item_func_sp::execute_impl(THD*)
Shadow bytes around the buggy address:
0x0c4a80011a00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80011a10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80011a20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80011a30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80011a40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c4a80011a50: fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80011a60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80011a70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80011a80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80011a90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80011aa0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==3140542==ABORTING
210325 0:23:13 [ERROR] mysqld got signal 6 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.

To report this bug, see https://mariadb.com/kb/en/reporting-bugs

We will try our best to scrape up some info that will hopefully help
diagnose the problem, but since we have already crashed,
something is definitely wrong and this may fail.

Server version: 10.2.38-MariaDB-debug-log
key_buffer_size=1048576
read_buffer_size=131072
max_used_connections=2
max_threads=153
thread_count=2
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 63104 K bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

Thread pointer: 0x62a000060270
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 0x7faab5ee9d90 thread_stack 0x5b000
/lib/x86_64-linux-gnu/libasan.so.5(+0x6cd30)[0x7faac1174d30]
/mnt-hd8t/bld/10.2-asan-nightly/bin/mysqld(my_print_stacktrace+0xe4)[0x5574b15728a1]
mysys/stacktrace.c:172(my_print_stacktrace)[0x5574b039706f]
sigaction.c:0(__restore_rt)[0x7faac0c563c0]
/lib/x86_64-linux-gnu/libc.so.6(gsignal+0xcb)[0x7faac074a18b]
/lib/x86_64-linux-gnu/libc.so.6(abort+0x12b)[0x7faac0729859]
/lib/x86_64-linux-gnu/libasan.so.5(+0x12b6a2)[0x7faac12336a2]
/lib/x86_64-linux-gnu/libasan.so.5(+0x13624c)[0x7faac123e24c]
/lib/x86_64-linux-gnu/libasan.so.5(+0x1178ec)[0x7faac121f8ec]
/lib/x86_64-linux-gnu/libasan.so.5(+0x117363)[0x7faac121f363]
/lib/x86_64-linux-gnu/libasan.so.5(__asan_report_load8+0x3b)[0x7faac12201ab]
sql/item_func.cc:6721(Item_func_sp::execute_impl(THD*))[0x5574b0508578]
sql/item_func.cc:6687(Item_func_sp::execute())[0x5574b0508278]
sql/item_func.h:2412(Item_func_sp::val_int())[0x5574b0511c58]
sql/item.cc:6419(Item::save_in_field(Field*, bool))[0x5574b0400a3f]
sql/sql_base.cc:8374(fill_record(THD, TABLE, Field**, List<Item>&, bool, bool))[0x5574afc5a270]
sql/sql_union.cc:70(select_union::send_data(List<Item>&))[0x5574affcd6b8]
sql/sql_select.cc:20183(end_send_group(JOIN, st_join_table, bool))[0x5574afe8f9fa]
sql/sql_select.cc:18814(sub_select(JOIN, st_join_table, bool))[0x5574afe84d22]
sql/sql_select.cc:18409(do_select(JOIN, Procedure))[0x5574afe83683]
sql/sql_select.cc:3642(JOIN::exec_inner())[0x5574afe1d637]
sql/sql_select.cc:3438(JOIN::exec())[0x5574afe1b14e]
sql/sql_select.cc:3842(mysql_select(THD, TABLE_LIST, unsigned int, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex))[0x5574afe1e9d1]
sql/sql_derived.cc:1085(mysql_derived_fill(THD, LEX, TABLE_LIST*))[0x5574afce4943]
sql/sql_derived.cc:198(mysql_handle_single_derived(LEX, TABLE_LIST, unsigned int))[0x5574afcdefb0]
sql/sql_select.cc:12108(st_join_table::preread_init())[0x5574afe5913f]
sql/sql_select.cc:18831(sub_select(JOIN, st_join_table, bool))[0x5574afe84eeb]
sql/sql_select.cc:18407(do_select(JOIN, Procedure))[0x5574afe8358e]
sql/sql_select.cc:3642(JOIN::exec_inner())[0x5574afe1d637]
sql/sql_select.cc:3438(JOIN::exec())[0x5574afe1b14e]
sql/sql_select.cc:3842(mysql_select(THD, TABLE_LIST, unsigned int, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex))[0x5574afe1e9d1]
sql/sql_select.cc:361(handle_select(THD, LEX, select_result*, unsigned long))[0x5574afdfb3f8]
sql/sql_parse.cc:6274(execute_sqlcom_select(THD, TABLE_LIST))[0x5574afd720d9]
sql/sql_parse.cc:3585(mysql_execute_command(THD*))[0x5574afd5f478]
sql/sql_parse.cc:7794(mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool))[0x5574afd7b66a]
sql/sql_parse.cc:1830(dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool))[0x5574afd5474c]
sql/sql_parse.cc:1381(do_command(THD*))[0x5574afd5150b]
sql/sql_connect.cc:1336(do_handle_one_connection(CONNECT*))[0x5574b00d98c6]
sql/sql_connect.cc:1242(handle_one_connection)[0x5574b00d9189]
perfschema/pfs.cc:1871(pfs_spawn_thread)[0x5574b14783b4]
nptl/pthread_create.c:478(start_thread)[0x7faac0c4a609]
/lib/x86_64-linux-gnu/libc.so.6(clone+0x43)[0x7faac0826293]

Trying to get some variables.
Some pointers may be invalid and cause the dump to abort.
Query (0x62b000000290): SELECT v.* FROM v JOIN INFORMATION_SCHEMA.TABLES WHERE DATA_LENGTH = -1

Connection ID (thread ID): 4
Status: NOT_KILLED

Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=off,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on

The manual page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mysqld/ contains
information that should help you find out what is causing the crash.
Writing a core file...
Working directory at /mnt-hd8t/bld/10.2-asan-nightly/mysql-test/var/mysqld.1/data
Resource Limits:
Limit Soft Limit Hard Limit Units
Max cpu time unlimited unlimited seconds
Max file size unlimited unlimited bytes
Max data size unlimited unlimited bytes
Max stack size 8388608 unlimited bytes
Max core file size unlimited unlimited bytes
Max resident set unlimited unlimited bytes
Max processes 385874 385874 processes
Max open files 1024 1024 files
Max locked memory 67108864 67108864 bytes
Max address space unlimited unlimited bytes
Max file locks unlimited unlimited locks
Max pending signals 385874 385874 signals
Max msgqueue size 819200 819200 bytes
Max nice priority 0 0
Max realtime priority 0 0
Max realtime timeout unlimited unlimited us
Core pattern: \|/usr/share/apport/apport %p %s %c %d %P %E

----------SERVER LOG END-------------


- found 'core' (0/5)

Trying 'dbx' to get a backtrace

Trying 'gdb' to get a backtrace from coredump /mnt-hd8t/bld/10.2-asan-nightly/mysql-test/var/log/bug2.dacess2/mysqld.1/data/core
Core generated by '/mnt-hd8t/bld/10.2-asan-nightly/bin/mysqld'
Output from gdb follows. The first stack trace is from the failing thread.
The following stack traces are from all threads (so the failing one is
duplicated).
--------------------------
[New LWP 3140550]
[New LWP 3140545]
[New LWP 3140544]
[New LWP 3140546]
[New LWP 3140554]
[New LWP 3140547]
[New LWP 3140542]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/mnt-hd8t/bld/10.2-asan-nightly/bin/mysqld --defaults-group-suffix=.1 --default'.
Program terminated with signal SIGABRT, Aborted.
#0 __pthread_kill (threadid=<optimized out>, signo=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
56 ../sysdeps/unix/sysv/linux/pthread_kill.c: No such file or directory.
[Current thread is 1 (Thread 0x7faab5eea700 (LWP 3140550))]
#0 __pthread_kill (threadid=<optimized out>, signo=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
#1 0x00005574b1572a23 in my_write_core (sig=6) at /data/src/10.2/mysys/stacktrace.c:382
#2 0x00005574b0397665 in handle_fatal_signal (sig=6) at /data/src/10.2/sql/signal_handler.cc:343
#3 <signal handler called>
#4 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#5 0x00007faac0729859 in __GI_abort () at abort.c:79
#6 0x00007faac12336a2 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#7 0x00007faac123e24c in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#8 0x00007faac121f8ec in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#9 0x00007faac121f363 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#10 0x00007faac12201ab in __asan_report_load8 () from /lib/x86_64-linux-gnu/libasan.so.5
#11 0x00005574b0508578 in Item_func_sp::execute_impl (this=0x62b000003ae0, thd=0x62a000060270) at /data/src/10.2/sql/item_func.cc:6721
#12 0x00005574b0508278 in Item_func_sp::execute (this=0x62b000003ae0) at /data/src/10.2/sql/item_func.cc:6687
#13 0x00005574b0511c58 in Item_func_sp::val_int (this=0x62b000003ae0) at /data/src/10.2/sql/item_func.h:2412
#14 0x00005574b0400a3f in Item::save_in_field (this=0x62b000003ae0, field=0x619000088f10, no_conversions=false) at /data/src/10.2/sql/item.cc:6419
#15 0x00005574afc5a270 in fill_record (thd=0x62a000060270, table=0x622000021190, ptr=0x622000022210, values=..., ignore_errors=true, use_value=false) at /data/src/10.2/sql/sql_base.cc:8374
#16 0x00005574affcd6b8 in select_union::send_data (this=0x62900009ceb8, values=...) at /data/src/10.2/sql/sql_union.cc:69
#17 0x00005574afe8f9fa in end_send_group (join=0x62900009cf90, join_tab=0x62900009ec70, end_of_records=true) at /data/src/10.2/sql/sql_select.cc:20183
#18 0x00005574afe84d22 in sub_select (join=0x62900009cf90, join_tab=0x62900009e8c0, end_of_records=true) at /data/src/10.2/sql/sql_select.cc:18814
#19 0x00005574afe83683 in do_select (join=0x62900009cf90, procedure=0x0) at /data/src/10.2/sql/sql_select.cc:18409
#20 0x00005574afe1d637 in JOIN::exec_inner (this=0x62900009cf90) at /data/src/10.2/sql/sql_select.cc:3642
#21 0x00005574afe1b14e in JOIN::exec (this=0x62900009cf90) at /data/src/10.2/sql/sql_select.cc:3437
#22 0x00005574afe1e9d1 in mysql_select (thd=0x62a000060270, tables=0x62b000004d98, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2416184064, result=0x62900009ceb8, unit=0x62b000001ed0, select_lex=0x62b000002610) at /data/src/10.2/sql/sql_select.cc:3840
#23 0x00005574afce4943 in mysql_derived_fill (thd=0x62a000060270, lex=0x62a000063da8, derived=0x62b000000520) at /data/src/10.2/sql/sql_derived.cc:1085
#24 0x00005574afcdefb0 in mysql_handle_single_derived (lex=0x62a000063da8, derived=0x62b000000520, phases=96) at /data/src/10.2/sql/sql_derived.cc:198
#25 0x00005574afe5913f in st_join_table::preread_init (this=0x62900004d290) at /data/src/10.2/sql/sql_select.cc:12109
#26 0x00005574afe84eeb in sub_select (join=0x62900009c958, join_tab=0x62900004d290, end_of_records=false) at /data/src/10.2/sql/sql_select.cc:18831
#27 0x00005574afe8358e in do_select (join=0x62900009c958, procedure=0x0) at /data/src/10.2/sql/sql_select.cc:18407
#28 0x00005574afe1d637 in JOIN::exec_inner (this=0x62900009c958) at /data/src/10.2/sql/sql_select.cc:3642
#29 0x00005574afe1b14e in JOIN::exec (this=0x62900009c958) at /data/src/10.2/sql/sql_select.cc:3437
#30 0x00005574afe1e9d1 in mysql_select (thd=0x62a000060270, tables=0x62b000000520, wild_num=1, fields=..., conds=0x62b000001ab0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2684619520, result=0x62900009c930, unit=0x62a000063e68, select_lex=0x62a0000645a8) at /data/src/10.2/sql/sql_select.cc:3840
#31 0x00005574afdfb3f8 in handle_select (thd=0x62a000060270, lex=0x62a000063da8, result=0x62900009c930, setup_tables_done_option=0) at /data/src/10.2/sql/sql_select.cc:361
#32 0x00005574afd720d9 in execute_sqlcom_select (thd=0x62a000060270, all_tables=0x62b000000520) at /data/src/10.2/sql/sql_parse.cc:6274
#33 0x00005574afd5f478 in mysql_execute_command (thd=0x62a000060270) at /data/src/10.2/sql/sql_parse.cc:3585
#34 0x00005574afd7b66a in mysql_parse (thd=0x62a000060270, rawbuf=0x62b000000290 "SELECT v.* FROM v JOIN INFORMATION_SCHEMA.TABLES WHERE DATA_LENGTH = -1", length=71, parser_state=0x7faab5ee8c90, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7794
#35 0x00005574afd5474c in dispatch_command (command=COM_QUERY, thd=0x62a000060270, packet=0x6290000eb271 "", packet_length=71, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1827
#36 0x00005574afd5150b in do_command (thd=0x62a000060270) at /data/src/10.2/sql/sql_parse.cc:1381
#37 0x00005574b00d98c6 in do_handle_one_connection (connect=0x611000006870) at /data/src/10.2/sql/sql_connect.cc:1336
#38 0x00005574b00d9189 in handle_one_connection (arg=0x611000006870) at /data/src/10.2/sql/sql_connect.cc:1241
#39 0x00005574b14783b4 in pfs_spawn_thread (arg=0x616000009ff0) at /data/src/10.2/storage/perfschema/pfs.cc:1869
#40 0x00007faac0c4a609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#41 0x00007faac0826293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 7 (Thread 0x7faac06f6300 (LWP 3140542)):
#0 0x00007faac0819aff in __GI___poll (fds=0x7fff434c7270, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1 0x00007faac11445ba in poll () from /lib/x86_64-linux-gnu/libasan.so.5
#2 0x00005574afb0f035 in handle_connections_sockets () at /data/src/10.2/sql/mysqld.cc:6724
#3 0x00005574afb0d420 in mysqld_main (argc=<error reading variable: Cannot access memory at address 0x3d60>, argv=<error reading variable: Cannot access memory at address 0x3d70>) at /data/src/10.2/sql/mysqld.cc:6192
#4 0x00005574afaf4abd in main (argc=6, argv=0x7fff434c76a8) at /data/src/10.2/sql/main.cc:25

Thread 6 (Thread 0x7faab5f6d700 (LWP 3140547)):
#0 futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x5574b2aa8348 <COND_manager+40>) at ../sysdeps/nptl/futex-internal.h:183
#1 __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x5574b2aa8268 <LOCK_manager+40>, cond=0x5574b2aa8320 <COND_manager>) at pthread_cond_wait.c:508
#2 __pthread_cond_wait (cond=0x5574b2aa8320 <COND_manager>, mutex=0x5574b2aa8268 <LOCK_manager+40>) at pthread_cond_wait.c:638
#3 0x00005574b15809cc in safe_cond_wait (cond=0x5574b2aa8320 <COND_manager>, mp=0x5574b2aa8240 <LOCK_manager>, file=0x5574b171ab60 "/data/src/10.2/include/mysql/psi/mysql_thread.h", line=1145) at /data/src/10.2/mysys/thr_mutex.c:491
#4 0x00005574afd48fb9 in inline_mysql_cond_wait (that=0x5574b2aa8320 <COND_manager>, mutex=0x5574b2aa8240 <LOCK_manager>, src_file=0x5574b171b300 "/data/src/10.2/sql/sql_manager.cc", src_line=102) at /data/src/10.2/include/mysql/psi/mysql_thread.h:1145
#5 0x00005574afd49a26 in handle_manager (arg=0x0) at /data/src/10.2/sql/sql_manager.cc:102
#6 0x00005574b14783b4 in pfs_spawn_thread (arg=0x6160000087f0) at /data/src/10.2/storage/perfschema/pfs.cc:1869
#7 0x00007faac0c4a609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#8 0x00007faac0826293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 5 (Thread 0x7faab5b68700 (LWP 3140554)):
#0 0x00007faac122f6d4 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#1 0x00007faac12325e1 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#2 0x00007faac1133a8b in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#3 0x00007faac1133fef in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#4 0x00007faac113053b in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#5 0x00007faac1215c8f in malloc () from /lib/x86_64-linux-gnu/libasan.so.5
#6 0x00005574b1594eeb in sf_malloc (size=131072, my_flags=0) at /data/src/10.2/mysys/safemalloc.c:118
#7 0x00005574b1560e74 in my_malloc (size=131072, my_flags=0) at /data/src/10.2/mysys/my_malloc.c:101
#8 0x00005574b150bc35 in init_io_cache (info=0x7faab5b60b60, file=75, cachesize=131072, type=WRITE_CACHE, seek_offset=0, use_async_io=0 '\000', cache_myflags=16) at /data/src/10.2/mysys/mf_iocache.c:247
#9 0x00005574afb33257 in sql_create_definition_file (dir=0x7faab5b612c0, file_name=0x7faab5b612e0, type=0x5574b23d7c00 <view_file_type>, base=0x6250000f0d78 "", parameters=0x5574b23d79e0 <view_parameters>) at /data/src/10.2/sql/parse_file.cc:290
#10 0x00005574afffc609 in mysql_register_view (thd=0x62a00006c270, view=0x6250000f0d78, mode=VIEW_CREATE_OR_REPLACE) at /data/src/10.2/sql/sql_view.cc:1118
#11 0x00005574afff92a0 in mysql_create_view (thd=0x62a00006c270, views=0x6250000f0d78, mode=VIEW_CREATE_OR_REPLACE) at /data/src/10.2/sql/sql_view.cc:634
#12 0x00005574afd6eea2 in mysql_execute_command (thd=0x62a00006c270) at /data/src/10.2/sql/sql_parse.cc:5846
#13 0x00005574afbad430 in sp_instr_stmt::exec_core (this=0x6250000f1480, thd=0x62a00006c270, nextp=0x7faab5b653b0) at /data/src/10.2/sql/sp_head.cc:3332
#14 0x00005574afbabf5d in sp_lex_keeper::reset_lex_and_exec_core (this=0x6250000f14c0, thd=0x62a00006c270, nextp=0x7faab5b653b0, open_tables=false, instr=0x6250000f1480) at /data/src/10.2/sql/sp_head.cc:3095
#15 0x00005574afbacca4 in sp_instr_stmt::execute (this=0x6250000f1480, thd=0x62a00006c270, nextp=0x7faab5b653b0) at /data/src/10.2/sql/sp_head.cc:3248
#16 0x00005574afba1004 in sp_head::execute (this=0x6250000f0190, thd=0x62a00006c270, merge_da_on_success=true) at /data/src/10.2/sql/sp_head.cc:1326
#17 0x00005574afba57cf in sp_head::execute_procedure (this=0x6250000f0190, thd=0x62a00006c270, args=0x62a000070bb0) at /data/src/10.2/sql/sp_head.cc:2202
#18 0x00005574afd5b0f2 in do_execute_sp (thd=0x62a00006c270, sp=0x6250000f0190) at /data/src/10.2/sql/sql_parse.cc:2981
#19 0x00005574afd6d541 in mysql_execute_command (thd=0x62a00006c270) at /data/src/10.2/sql/sql_parse.cc:5635
#20 0x00005574afd7b66a in mysql_parse (thd=0x62a00006c270, rawbuf=0x62b00002a290 "LOOP\nCREATE OR REPLACE VIEW vv AS SELECT 1;\nEND LOOP", length=52, parser_state=0x7faab5b66c90, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7794
#21 0x00005574afd5474c in dispatch_command (command=COM_QUERY, thd=0x62a00006c270, packet=0x6290000f0271 "LOOP\nCREATE OR REPLACE VIEW vv AS SELECT 1;\nEND LOOP ", packet_length=53, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1827
#22 0x00005574afd5150b in do_command (thd=0x62a00006c270) at /data/src/10.2/sql/sql_parse.cc:1381
#23 0x00005574b00d98c6 in do_handle_one_connection (connect=0x611000006af0) at /data/src/10.2/sql/sql_connect.cc:1336
#24 0x00005574b00d9189 in handle_one_connection (arg=0x611000006af0) at /data/src/10.2/sql/sql_connect.cc:1241
#25 0x00005574b14783b4 in pfs_spawn_thread (arg=0x61600000a8f0) at /data/src/10.2/storage/perfschema/pfs.cc:1869
#26 0x00007faac0c4a609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#27 0x00007faac0826293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 4 (Thread 0x7faab6000700 (LWP 3140546)):
#0 0x00007faac074b322 in __GI___sigtimedwait (set=set@entry=0x7faab5fffd50, info=info@entry=0x7faab5fff350, timeout=timeout@entry=0x0) at ../sysdeps/unix/sysv/linux/sigtimedwait.c:29
#1 0x00007faac0c55f6c in __sigwait (set=0x7faab5fffd50, sig=0x7faab5fffcd0) at ../sysdeps/unix/sysv/linux/sigwait.c:28
#2 0x00007faac11536f1 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#3 0x00005574afb04cac in signal_hand (arg=0x0) at /data/src/10.2/sql/mysqld.cc:3557
#4 0x00005574b14783b4 in pfs_spawn_thread (arg=0x6160000072f0) at /data/src/10.2/storage/perfschema/pfs.cc:1869
#5 0x00007faac0c4a609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#6 0x00007faac0826293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 3 (Thread 0x7faab920e700 (LWP 3140544)):
#0 futex_abstimed_wait_cancelable (private=<optimized out>, abstime=0x7faab920ddd0, clockid=<optimized out>, expected=0, futex_word=0x5574b3352768 <COND_timer+40>) at ../sysdeps/nptl/futex-internal.h:320
#1 __pthread_cond_wait_common (abstime=0x7faab920ddd0, clockid=<optimized out>, mutex=0x5574b3352688 <LOCK_timer+40>, cond=0x5574b3352740 <COND_timer>) at pthread_cond_wait.c:520
#2 __pthread_cond_timedwait (cond=0x5574b3352740 <COND_timer>, mutex=0x5574b3352688 <LOCK_timer+40>, abstime=0x7faab920ddd0) at pthread_cond_wait.c:656
#3 0x00005574b1581305 in safe_cond_timedwait (cond=0x5574b3352740 <COND_timer>, mp=0x5574b3352660 <LOCK_timer>, abstime=0x7faab920ddd0, file=0x5574b1e939e0 "/data/src/10.2/include/mysql/psi/mysql_thread.h", line=1182) at /data/src/10.2/mysys/thr_mutex.c:545
#4 0x00005574b158403d in inline_mysql_cond_timedwait (that=0x5574b3352740 <COND_timer>, mutex=0x5574b3352660 <LOCK_timer>, abstime=0x7faab920ddd0, src_file=0x5574b1e93a80 "/data/src/10.2/mysys/thr_timer.c", src_line=292) at /data/src/10.2/include/mysql/psi/mysql_thread.h:1182
#5 0x00005574b1585e1a in timer_handler (arg=0x0) at /data/src/10.2/mysys/thr_timer.c:292
#6 0x00005574b14783b4 in pfs_spawn_thread (arg=0x6160000021f0) at /data/src/10.2/storage/perfschema/pfs.cc:1869
#7 0x00007faac0c4a609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#8 0x00007faac0826293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 2 (Thread 0x7faab7b0c700 (LWP 3140545)):
#0 futex_abstimed_wait_cancelable (private=<optimized out>, abstime=0x7faab7b0bc80, clockid=<optimized out>, expected=0, futex_word=0x5574b333b3a8 <COND_checkpoint+40>) at ../sysdeps/nptl/futex-internal.h:320
#1 __pthread_cond_wait_common (abstime=0x7faab7b0bc80, clockid=<optimized out>, mutex=0x5574b333b2c8 <LOCK_checkpoint+40>, cond=0x5574b333b380 <COND_checkpoint>) at pthread_cond_wait.c:520
#2 __pthread_cond_timedwait (cond=0x5574b333b380 <COND_checkpoint>, mutex=0x5574b333b2c8 <LOCK_checkpoint+40>, abstime=0x7faab7b0bc80) at pthread_cond_wait.c:656
#3 0x00005574b1581305 in safe_cond_timedwait (cond=0x5574b333b380 <COND_checkpoint>, mp=0x5574b333b2a0 <LOCK_checkpoint>, abstime=0x7faab7b0bc80, file=0x5574b1dbe060 "/data/src/10.2/include/mysql/psi/mysql_thread.h", line=1182) at /data/src/10.2/mysys/thr_mutex.c:545
#4 0x00005574b1141de2 in inline_mysql_cond_timedwait (that=0x5574b333b380 <COND_checkpoint>, mutex=0x5574b333b2a0 <LOCK_checkpoint>, abstime=0x7faab7b0bc80, src_file=0x5574b1dbe0e0 "/data/src/10.2/storage/maria/ma_servicethread.c", src_line=115) at /data/src/10.2/include/mysql/psi/mysql_thread.h:1182
#5 0x00005574b1142c38 in my_service_thread_sleep (control=0x5574b27fd1a0 <checkpoint_control>, sleep_time=29000000000) at /data/src/10.2/storage/maria/ma_servicethread.c:115
#6 0x00005574b1125ffd in ma_checkpoint_background (arg=0x1e) at /data/src/10.2/storage/maria/ma_checkpoint.c:709
#7 0x00005574b14783b4 in pfs_spawn_thread (arg=0x616000005af0) at /data/src/10.2/storage/perfschema/pfs.cc:1869
#8 0x00007faac0c4a609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#9 0x00007faac0826293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 0x7faab5eea700 (LWP 3140550)):
#0 __pthread_kill (threadid=<optimized out>, signo=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
#1 0x00005574b1572a23 in my_write_core (sig=6) at /data/src/10.2/mysys/stacktrace.c:382
#2 0x00005574b0397665 in handle_fatal_signal (sig=6) at /data/src/10.2/sql/signal_handler.cc:343
#3 <signal handler called>
#4 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#5 0x00007faac0729859 in __GI_abort () at abort.c:79
#6 0x00007faac12336a2 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#7 0x00007faac123e24c in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#8 0x00007faac121f8ec in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#9 0x00007faac121f363 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#10 0x00007faac12201ab in __asan_report_load8 () from /lib/x86_64-linux-gnu/libasan.so.5
#11 0x00005574b0508578 in Item_func_sp::execute_impl (this=0x62b000003ae0, thd=0x62a000060270) at /data/src/10.2/sql/item_func.cc:6721
#12 0x00005574b0508278 in Item_func_sp::execute (this=0x62b000003ae0) at /data/src/10.2/sql/item_func.cc:6687
#13 0x00005574b0511c58 in Item_func_sp::val_int (this=0x62b000003ae0) at /data/src/10.2/sql/item_func.h:2412
#14 0x00005574b0400a3f in Item::save_in_field (this=0x62b000003ae0, field=0x619000088f10, no_conversions=false) at /data/src/10.2/sql/item.cc:6419
#15 0x00005574afc5a270 in fill_record (thd=0x62a000060270, table=0x622000021190, ptr=0x622000022210, values=..., ignore_errors=true, use_value=false) at /data/src/10.2/sql/sql_base.cc:8374
#16 0x00005574affcd6b8 in select_union::send_data (this=0x62900009ceb8, values=...) at /data/src/10.2/sql/sql_union.cc:69
#17 0x00005574afe8f9fa in end_send_group (join=0x62900009cf90, join_tab=0x62900009ec70, end_of_records=true) at /data/src/10.2/sql/sql_select.cc:20183
#18 0x00005574afe84d22 in sub_select (join=0x62900009cf90, join_tab=0x62900009e8c0, end_of_records=true) at /data/src/10.2/sql/sql_select.cc:18814
#19 0x00005574afe83683 in do_select (join=0x62900009cf90, procedure=0x0) at /data/src/10.2/sql/sql_select.cc:18409
#20 0x00005574afe1d637 in JOIN::exec_inner (this=0x62900009cf90) at /data/src/10.2/sql/sql_select.cc:3642
#21 0x00005574afe1b14e in JOIN::exec (this=0x62900009cf90) at /data/src/10.2/sql/sql_select.cc:3437
#22 0x00005574afe1e9d1 in mysql_select (thd=0x62a000060270, tables=0x62b000004d98, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2416184064, result=0x62900009ceb8, unit=0x62b000001ed0, select_lex=0x62b000002610) at /data/src/10.2/sql/sql_select.cc:3840
#23 0x00005574afce4943 in mysql_derived_fill (thd=0x62a000060270, lex=0x62a000063da8, derived=0x62b000000520) at /data/src/10.2/sql/sql_derived.cc:1085
#24 0x00005574afcdefb0 in mysql_handle_single_derived (lex=0x62a000063da8, derived=0x62b000000520, phases=96) at /data/src/10.2/sql/sql_derived.cc:198
#25 0x00005574afe5913f in st_join_table::preread_init (this=0x62900004d290) at /data/src/10.2/sql/sql_select.cc:12109
#26 0x00005574afe84eeb in sub_select (join=0x62900009c958, join_tab=0x62900004d290, end_of_records=false) at /data/src/10.2/sql/sql_select.cc:18831
#27 0x00005574afe8358e in do_select (join=0x62900009c958, procedure=0x0) at /data/src/10.2/sql/sql_select.cc:18407
#28 0x00005574afe1d637 in JOIN::exec_inner (this=0x62900009c958) at /data/src/10.2/sql/sql_select.cc:3642
#29 0x00005574afe1b14e in JOIN::exec (this=0x62900009c958) at /data/src/10.2/sql/sql_select.cc:3437
#30 0x00005574afe1e9d1 in mysql_select (thd=0x62a000060270, tables=0x62b000000520, wild_num=1, fields=..., conds=0x62b000001ab0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2684619520, result=0x62900009c930, unit=0x62a000063e68, select_lex=0x62a0000645a8) at /data/src/10.2/sql/sql_select.cc:3840
#31 0x00005574afdfb3f8 in handle_select (thd=0x62a000060270, lex=0x62a000063da8, result=0x62900009c930, setup_tables_done_option=0) at /data/src/10.2/sql/sql_select.cc:361
#32 0x00005574afd720d9 in execute_sqlcom_select (thd=0x62a000060270, all_tables=0x62b000000520) at /data/src/10.2/sql/sql_parse.cc:6274
#33 0x00005574afd5f478 in mysql_execute_command (thd=0x62a000060270) at /data/src/10.2/sql/sql_parse.cc:3585
#34 0x00005574afd7b66a in mysql_parse (thd=0x62a000060270, rawbuf=0x62b000000290 "SELECT v.* FROM v JOIN INFORMATION_SCHEMA.TABLES WHERE DATA_LENGTH = -1", length=71, parser_state=0x7faab5ee8c90, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7794
#35 0x00005574afd5474c in dispatch_command (command=COM_QUERY, thd=0x62a000060270, packet=0x6290000eb271 "", packet_length=71, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1827
#36 0x00005574afd5150b in do_command (thd=0x62a000060270) at /data/src/10.2/sql/sql_parse.cc:1381
#37 0x00005574b00d98c6 in do_handle_one_connection (connect=0x611000006870) at /data/src/10.2/sql/sql_connect.cc:1336
#38 0x00005574b00d9189 in handle_one_connection (arg=0x611000006870) at /data/src/10.2/sql/sql_connect.cc:1241
#39 0x00005574b14783b4 in pfs_spawn_thread (arg=0x616000009ff0) at /data/src/10.2/storage/perfschema/pfs.cc:1869
#40 0x00007faac0c4a609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#41 0x00007faac0826293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

For the sake of JIRA search – slightly different stack trace on 10.3+:

10.3 7d5ec9f1 ASAN
==3140690==ERROR: AddressSanitizer: heap-use-after-free on address 0x6250000fcb10 at pc 0x5567c36036b5 bp 0x7f6afbaf9390 sp 0x7f6afbaf9380
READ of size 4 at 0x6250000fcb10 thread T5
#0 0x5567c36036b4 in sp_head::daccess() const /data/src/10.3/sql/sp_head.h:205
#1 0x5567c35b238f in Item_sp::execute_impl(THD, Item*, unsigned int) /data/src/10.3/sql/item.cc:2936
#2 0x5567c35b20b6 in Item_sp::execute(THD, bool, Item**, unsigned int) /data/src/10.3/sql/item.cc:2905
#3 0x5567c36dc4d2 in Item_func_sp::execute() /data/src/10.3/sql/item_func.cc:6412
#4 0x5567c36eae5d in Item_func_sp::val_int() /data/src/10.3/sql/item_func.h:2927
#5 0x5567c35d2b2c in Item::save_int_in_field(Field*, bool) /data/src/10.3/sql/item.cc:6878
#6 0x5567c32eec91 in Type_handler_int_result::Item_save_in_field(Item, Field, bool) const /data/src/10.3/sql/sql_type.cc:2592
#7 0x5567c35d2d10 in Item::save_in_field(Field*, bool) /data/src/10.3/sql/item.cc:6888
#8 0x5567c2c944ce in fill_record(THD, TABLE, Field**, List<Item>&, bool, bool) /data/src/10.3/sql/sql_base.cc:8685
#9 0x5567c3072a5c in select_unit::send_data(List<Item>&) /data/src/10.3/sql/sql_union.cc:128
#10 0x5567c2f26f81 in end_send_group(JOIN, st_join_table, bool) /data/src/10.3/sql/sql_select.cc:21131
#11 0x5567c2f1bc08 in sub_select(JOIN, st_join_table, bool) /data/src/10.3/sql/sql_select.cc:19754
#12 0x5567c2f1a629 in do_select /data/src/10.3/sql/sql_select.cc:19345
#13 0x5567c2eadb44 in JOIN::exec_inner() /data/src/10.3/sql/sql_select.cc:4125
#14 0x5567c2eab4c1 in JOIN::exec() /data/src/10.3/sql/sql_select.cc:3919
#15 0x5567c2eaefa9 in mysql_select(THD, TABLE_LIST, unsigned int, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /data/src/10.3/sql/sql_select.cc:4327
#16 0x5567c2d27c5c in mysql_derived_fill(THD, LEX, TABLE_LIST*) /data/src/10.3/sql/sql_derived.cc:1157
#17 0x5567c2d215e7 in mysql_handle_single_derived(LEX, TABLE_LIST, unsigned int) /data/src/10.3/sql/sql_derived.cc:199
#18 0x5567c2eeca34 in st_join_table::preread_init() /data/src/10.3/sql/sql_select.cc:12851
#19 0x5567c2f1bdd1 in sub_select(JOIN, st_join_table, bool) /data/src/10.3/sql/sql_select.cc:19771
#20 0x5567c2f1a523 in do_select /data/src/10.3/sql/sql_select.cc:19343
#21 0x5567c2eadb44 in JOIN::exec_inner() /data/src/10.3/sql/sql_select.cc:4125
#22 0x5567c2eab4c1 in JOIN::exec() /data/src/10.3/sql/sql_select.cc:3919
#23 0x5567c2eaefa9 in mysql_select(THD, TABLE_LIST, unsigned int, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /data/src/10.3/sql/sql_select.cc:4327
#24 0x5567c2e85abc in handle_select(THD, LEX, select_result*, unsigned long) /data/src/10.3/sql/sql_select.cc:370
#25 0x5567c2df73f1 in execute_sqlcom_select /data/src/10.3/sql/sql_parse.cc:6342
#26 0x5567c2de5430 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:3873
#27 0x5567c2e01177 in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:7871
#28 0x5567c2dd7f6c in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1852
#29 0x5567c2dd4aa3 in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1398
#30 0x5567c31a0760 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1403
#31 0x5567c31a001a in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
#32 0x5567c47c40d4 in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1869
#33 0x7f6b069b0608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
#34 0x7f6b0658c292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)

0x6250000fcb10 is located 528 bytes inside of 8332-byte region [0x6250000fc900,0x6250000fe98c)
freed by thread T5 here:
#0 0x7f6b06f7b7cf in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)
#1 0x5567c490f77b in free_memory /data/src/10.3/mysys/safemalloc.c:279
#2 0x5567c490ed37 in sf_free /data/src/10.3/mysys/safemalloc.c:197
#3 0x5567c48dd06e in my_free /data/src/10.3/mysys/my_malloc.c:223
#4 0x5567c48b97de in free_root /data/src/10.3/mysys/my_alloc.c:430
#5 0x5567c2bb40b2 in sp_head::destroy(sp_head*) /data/src/10.3/sql/sp_head.cc:504
#6 0x5567c2bb0cdb in hash_free_sp_head /data/src/10.3/sql/sp_cache.cc:286
#7 0x5567c4878b33 in my_hash_delete /data/src/10.3/mysys/hash.c:632
#8 0x5567c2bb10ba in sp_cache::remove(sp_head*) (/mnt-hd8t/bld/10.3-asan-nightly/bin/mysqld+0xe0f0ba)
#9 0x5567c2bb0b97 in sp_cache_flush_obsolete(sp_cache, sp_head) /data/src/10.3/sql/sp_cache.cc:236
#10 0x5567c3974d9c in Sp_handler::sp_cache_routine(THD, Database_qualified_name const, bool, sp_head**) const /data/src/10.3/sql/sp.cc:2783
#11 0x5567c3974994 in Sroutine_hash_entry::sp_cache_routine(THD, bool, sp_head*) const /data/src/10.3/sql/sp.cc:2741
#12 0x5567c2c73604 in open_and_process_routine /data/src/10.3/sql/sql_base.cc:3352
#13 0x5567c2c78060 in open_tables(THD, DDL_options_st const&, TABLE_LIST, unsigned int, unsigned int, Prelocking_strategy*) /data/src/10.3/sql/sql_base.cc:4271
#14 0x5567c2c6234a in open_tables /data/src/10.3/sql/sql_base.h:250
#15 0x5567c2c7d490 in open_normal_and_derived_tables(THD, TABLE_LIST, unsigned int, unsigned int) /data/src/10.3/sql/sql_base.cc:5191
#16 0x5567c2c7d9c1 in open_tables_only_view_structure(THD, TABLE_LIST, bool) /data/src/10.3/sql/sql_base.cc:5242
#17 0x5567c2f999fc in fill_schema_table_by_open /data/src/10.3/sql/sql_show.cc:4631
#18 0x5567c2f9d8eb in get_all_tables(THD, TABLE_LIST, Item*) /data/src/10.3/sql/sql_show.cc:5273
#19 0x5567c2fd2301 in get_schema_tables_result(JOIN*, enum_schema_table_state) /data/src/10.3/sql/sql_show.cc:8894
#20 0x5567c2ead3ce in JOIN::exec_inner() /data/src/10.3/sql/sql_select.cc:4088
#21 0x5567c2eab4c1 in JOIN::exec() /data/src/10.3/sql/sql_select.cc:3919
#22 0x5567c2eaefa9 in mysql_select(THD, TABLE_LIST, unsigned int, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /data/src/10.3/sql/sql_select.cc:4327
#23 0x5567c2e85abc in handle_select(THD, LEX, select_result*, unsigned long) /data/src/10.3/sql/sql_select.cc:370
#24 0x5567c2df73f1 in execute_sqlcom_select /data/src/10.3/sql/sql_parse.cc:6342
#25 0x5567c2de5430 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:3873
#26 0x5567c2e01177 in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:7871
#27 0x5567c2dd7f6c in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1852
#28 0x5567c2dd4aa3 in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1398
#29 0x5567c31a0760 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1403

previously allocated by thread T5 here:
#0 0x7f6b06f7bbc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
#1 0x5567c490e6eb in sf_malloc /data/src/10.3/mysys/safemalloc.c:118
#2 0x5567c48dc577 in my_malloc /data/src/10.3/mysys/my_malloc.c:101
#3 0x5567c48b754e in init_alloc_root /data/src/10.3/mysys/my_alloc.c:82
#4 0x5567c3108b3e in init_sql_alloc(st_mem_root, char const, unsigned int, unsigned int, unsigned long) /data/src/10.3/sql/thr_malloc.cc:65
#5 0x5567c2bb3cf4 in sp_head::create(sp_package, Sp_handler const) /data/src/10.3/sql/sp_head.cc:483
#6 0x5567c2d974a7 in LEX::make_sp_head(THD, sp_name const, Sp_handler const*) /data/src/10.3/sql/sql_lex.cc:6254
#7 0x5567c2d9774c in LEX::make_sp_head_no_recursive(THD, sp_name const, Sp_handler const*) /data/src/10.3/sql/sql_lex.cc:6295
#8 0x5567c3408817 in LEX::make_sp_head_no_recursive(THD, DDL_options_st, sp_name, Sp_handler const*) /data/src/10.3/sql/sql_lex.h:3437
#9 0x5567c33f2be0 in MYSQLparse(THD*) /data/src/10.3/sql/sql_yacc.yy:17996
#10 0x5567c2e0f66c in parse_sql(THD, Parser_state, Object_creation_ctx*, bool) /data/src/10.3/sql/sql_parse.cc:10160
#11 0x5567c39665c4 in sp_compile /data/src/10.3/sql/sp.cc:854
#12 0x5567c3966f0a in Sp_handler::db_load_routine(THD, Database_qualified_name const, sp_head*, unsigned long long, st_mysql_const_lex_string const&, st_mysql_const_lex_string const&, st_mysql_const_lex_string const&, st_sp_chistics const&, AUTHID const&, long long, long long, sp_package, Stored_program_creation_ctx*) const /data/src/10.3/sql/sp.cc:978
#13 0x5567c3965d5c in Sp_handler::db_find_routine(THD, Database_qualified_name const, sp_head**) const /data/src/10.3/sql/sp.cc:746
#14 0x5567c3965fbe in Sp_handler::db_find_and_cache_routine(THD, Database_qualified_name const, sp_head**) const /data/src/10.3/sql/sp.cc:767
#15 0x5567c3974e49 in Sp_handler::sp_cache_routine(THD, Database_qualified_name const, bool, sp_head**) const /data/src/10.3/sql/sp.cc:2788
#16 0x5567c3974994 in Sroutine_hash_entry::sp_cache_routine(THD, bool, sp_head*) const /data/src/10.3/sql/sp.cc:2741
#17 0x5567c2c73604 in open_and_process_routine /data/src/10.3/sql/sql_base.cc:3352
#18 0x5567c2c78060 in open_tables(THD, DDL_options_st const&, TABLE_LIST, unsigned int, unsigned int, Prelocking_strategy*) /data/src/10.3/sql/sql_base.cc:4271
#19 0x5567c2c7ce41 in open_and_lock_tables(THD, DDL_options_st const&, TABLE_LIST, bool, unsigned int, Prelocking_strategy*) /data/src/10.3/sql/sql_base.cc:5128
#20 0x5567c2be1235 in open_and_lock_tables(THD, TABLE_LIST, bool, unsigned int) /data/src/10.3/sql/sql_base.h:503
#21 0x5567c2df698e in execute_sqlcom_select /data/src/10.3/sql/sql_parse.cc:6263
#22 0x5567c2de5430 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:3873
#23 0x5567c2e01177 in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:7871
#24 0x5567c2dd7f6c in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1852
#25 0x5567c2dd4aa3 in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1398
#26 0x5567c31a0760 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1403
#27 0x5567c31a001a in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
#28 0x5567c47c40d4 in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1869
#29 0x7f6b069b0608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477

Thread T5 created by T0 here:
#0 0x7f6b06ea8805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
#1 0x5567c47c44c5 in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1919
#2 0x5567c2aff2de in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1275
#3 0x5567c2b1803f in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6664
#4 0x5567c2b187da in create_new_thread /data/src/10.3/sql/mysqld.cc:6734
#5 0x5567c2b1996c in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6992
#6 0x5567c2b17330 in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6286
#7 0x5567c2afdadc in main /data/src/10.3/sql/main.cc:25
#8 0x7f6b064910b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.3/sql/sp_head.h:205 in sp_head::daccess() const
Shadow bytes around the buggy address:
0x0c4a80017910: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80017920: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80017930: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80017940: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80017950: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c4a80017960: fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80017970: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80017980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80017990: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a800179a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a800179b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==3140690==ABORTING
210325 0:24:38 [ERROR] mysqld got signal 6 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.

To report this bug, see https://mariadb.com/kb/en/reporting-bugs

We will try our best to scrape up some info that will hopefully help
diagnose the problem, but since we have already crashed,
something is definitely wrong and this may fail.

Server version: 10.3.29-MariaDB-debug-log
key_buffer_size=1048576
read_buffer_size=131072
max_used_connections=2
max_threads=153
thread_count=2
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 63291 K bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

Thread pointer: 0x62a000060270
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 0x7f6afbafd990 thread_stack 0x5fc00
/lib/x86_64-linux-gnu/libasan.so.5(+0x6cd30)[0x7f6b06edad30]
mysys/stacktrace.c:174(my_print_stacktrace)[0x5567c48ec3f1]
sql/signal_handler.cc:209(handle_fatal_signal)[0x5567c35522c6]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x153c0)[0x7f6b069bc3c0]
/lib/x86_64-linux-gnu/libc.so.6(gsignal+0xcb)[0x7f6b064b018b]
/lib/x86_64-linux-gnu/libc.so.6(abort+0x12b)[0x7f6b0648f859]
/lib/x86_64-linux-gnu/libasan.so.5(+0x12b6a2)[0x7f6b06f996a2]
/lib/x86_64-linux-gnu/libasan.so.5(+0x13624c)[0x7f6b06fa424c]
/lib/x86_64-linux-gnu/libasan.so.5(+0x1178ec)[0x7f6b06f858ec]
/lib/x86_64-linux-gnu/libasan.so.5(+0x117363)[0x7f6b06f85363]
/lib/x86_64-linux-gnu/libasan.so.5(__asan_report_load4+0x3b)[0x7f6b06f8608b]
sql/sp_head.h:205(sp_head::daccess() const)[0x5567c36036b5]
sql/item.cc:2936(Item_sp::execute_impl(THD, Item*, unsigned int))[0x5567c35b2390]
sql/item.cc:2905(Item_sp::execute(THD, bool, Item**, unsigned int))[0x5567c35b20b7]
sql/item_func.cc:6413(Item_func_sp::execute())[0x5567c36dc4d3]
sql/item_func.h:2927(Item_func_sp::val_int())[0x5567c36eae5e]
sql/item.cc:6878(Item::save_int_in_field(Field*, bool))[0x5567c35d2b2d]
sql/sql_type.cc:2593(Type_handler_int_result::Item_save_in_field(Item, Field, bool) const)[0x5567c32eec92]
sql/item.cc:6888(Item::save_in_field(Field*, bool))[0x5567c35d2d11]
sql/sql_base.cc:8685(fill_record(THD, TABLE, Field**, List<Item>&, bool, bool))[0x5567c2c944cf]
sql/sql_union.cc:129(select_unit::send_data(List<Item>&))[0x5567c3072a5d]
sql/sql_select.cc:21131(end_send_group(JOIN, st_join_table, bool))[0x5567c2f26f82]
sql/sql_select.cc:19754(sub_select(JOIN, st_join_table, bool))[0x5567c2f1bc09]
sql/sql_select.cc:19345(do_select(JOIN, Procedure))[0x5567c2f1a62a]
sql/sql_select.cc:4125(JOIN::exec_inner())[0x5567c2eadb45]
sql/sql_select.cc:3920(JOIN::exec())[0x5567c2eab4c2]
sql/sql_select.cc:4329(mysql_select(THD, TABLE_LIST, unsigned int, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex))[0x5567c2eaefaa]
sql/sql_derived.cc:1157(mysql_derived_fill(THD, LEX, TABLE_LIST*))[0x5567c2d27c5d]
sql/sql_derived.cc:199(mysql_handle_single_derived(LEX, TABLE_LIST, unsigned int))[0x5567c2d215e8]
sql/sql_select.cc:12850(st_join_table::preread_init())[0x5567c2eeca35]
sql/sql_select.cc:19771(sub_select(JOIN, st_join_table, bool))[0x5567c2f1bdd2]
sql/sql_select.cc:19343(do_select(JOIN, Procedure))[0x5567c2f1a524]
sql/sql_select.cc:4125(JOIN::exec_inner())[0x5567c2eadb45]
sql/sql_select.cc:3920(JOIN::exec())[0x5567c2eab4c2]
sql/sql_select.cc:4329(mysql_select(THD, TABLE_LIST, unsigned int, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex))[0x5567c2eaefaa]
sql/sql_select.cc:370(handle_select(THD, LEX, select_result*, unsigned long))[0x5567c2e85abd]
sql/sql_parse.cc:6342(execute_sqlcom_select(THD, TABLE_LIST))[0x5567c2df73f2]
sql/sql_parse.cc:3873(mysql_execute_command(THD*))[0x5567c2de5431]
sql/sql_parse.cc:7871(mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool))[0x5567c2e01178]
sql/sql_parse.cc:1855(dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool))[0x5567c2dd7f6d]
sql/sql_parse.cc:1398(do_command(THD*))[0x5567c2dd4aa4]
sql/sql_connect.cc:1403(do_handle_one_connection(CONNECT*))[0x5567c31a0761]
sql/sql_connect.cc:1309(handle_one_connection)[0x5567c31a001b]
perfschema/pfs.cc:1871(pfs_spawn_thread)[0x5567c47c40d5]
nptl/pthread_create.c:478(start_thread)[0x7f6b069b0609]
/lib/x86_64-linux-gnu/libc.so.6(clone+0x43)[0x7f6b0658c293]

Trying to get some variables.
Some pointers may be invalid and cause the dump to abort.
Query (0x62b000000290): SELECT v.* FROM v JOIN INFORMATION_SCHEMA.TABLES WHERE DATA_LENGTH = -1

Connection ID (thread ID): 4
Status: NOT_KILLED

Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=off,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on

The manual page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mysqld/ contains
information that should help you find out what is causing the crash.
Writing a core file...
Working directory at /mnt-hd8t/bld/10.3-asan-nightly/mysql-test/var/mysqld.1/data
Resource Limits:
Limit Soft Limit Hard Limit Units
Max cpu time unlimited unlimited seconds
Max file size unlimited unlimited bytes
Max data size unlimited unlimited bytes
Max stack size 8388608 unlimited bytes
Max core file size unlimited unlimited bytes
Max resident set unlimited unlimited bytes
Max processes 385874 385874 processes
Max open files 1024 1024 files
Max locked memory 67108864 67108864 bytes
Max address space unlimited unlimited bytes
Max file locks unlimited unlimited locks
Max pending signals 385874 385874 signals
Max msgqueue size 819200 819200 bytes
Max nice priority 0 0
Max realtime priority 0 0
Max realtime timeout unlimited unlimited us
Core pattern: \|/usr/share/apport/apport %p %s %c %d %P %E

----------SERVER LOG END-------------


- found 'core' (0/5)

Trying 'dbx' to get a backtrace

Trying 'gdb' to get a backtrace from coredump /mnt-hd8t/bld/10.3-asan-nightly/mysql-test/var/log/bug2.dacess2/mysqld.1/data/core
Core generated by '/mnt-hd8t/bld/10.3-asan-nightly/bin/mysqld'
Output from gdb follows. The first stack trace is from the failing thread.
The following stack traces are from all threads (so the failing one is
duplicated).
--------------------------
[New LWP 3140697]
[New LWP 3140693]
[New LWP 3140691]
[New LWP 3140702]
[New LWP 3140690]
[New LWP 3140694]
[New LWP 3140692]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/mnt-hd8t/bld/10.3-asan-nightly/bin/mysqld --defaults-group-suffix=.1 --default'.
Program terminated with signal SIGABRT, Aborted.
#0 __pthread_kill (threadid=<optimized out>, signo=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
56 ../sysdeps/unix/sysv/linux/pthread_kill.c: No such file or directory.
[Current thread is 1 (Thread 0x7f6afbafe300 (LWP 3140697))]
#0 __pthread_kill (threadid=<optimized out>, signo=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
#1 0x00005567c48ec573 in my_write_core (sig=6) at /data/src/10.3/mysys/stacktrace.c:386
#2 0x00005567c35528bd in handle_fatal_signal (sig=6) at /data/src/10.3/sql/signal_handler.cc:343
#3 <signal handler called>
#4 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#5 0x00007f6b0648f859 in __GI_abort () at abort.c:79
#6 0x00007f6b06f996a2 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#7 0x00007f6b06fa424c in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#8 0x00007f6b06f858ec in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#9 0x00007f6b06f85363 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#10 0x00007f6b06f8608b in __asan_report_load4 () from /lib/x86_64-linux-gnu/libasan.so.5
#11 0x00005567c36036b5 in sp_head::daccess (this=0x6250000fc990) at /data/src/10.3/sql/sp_head.h:205
#12 0x00005567c35b2390 in Item_sp::execute_impl (this=0x62b000003de8, thd=0x62a000060270, args=0x62b000003db8, arg_count=1) at /data/src/10.3/sql/item.cc:2936
#13 0x00005567c35b20b7 in Item_sp::execute (this=0x62b000003de8, thd=0x62a000060270, null_value=0x62b000003d9e, args=0x62b000003db8, arg_count=1) at /data/src/10.3/sql/item.cc:2905
#14 0x00005567c36dc4d3 in Item_func_sp::execute (this=0x62b000003d28) at /data/src/10.3/sql/item_func.cc:6412
#15 0x00005567c36eae5e in Item_func_sp::val_int (this=0x62b000003d28) at /data/src/10.3/sql/item_func.h:2927
#16 0x00005567c35d2b2d in Item::save_int_in_field (this=0x62b000003d28, field=0x61900008b210, no_conversions=false) at /data/src/10.3/sql/item.cc:6878
#17 0x00005567c32eec92 in Type_handler_int_result::Item_save_in_field (this=0x5567c59b38a0 <type_handler_long>, item=0x62b000003d28, field=0x61900008b210, no_conversions=false) at /data/src/10.3/sql/sql_type.cc:2592
#18 0x00005567c35d2d11 in Item::save_in_field (this=0x62b000003d28, field=0x61900008b210, no_conversions=false) at /data/src/10.3/sql/item.cc:6888
#19 0x00005567c2c944cf in fill_record (thd=0x62a000060270, table=0x622000021190, ptr=0x622000022278, values=..., ignore_errors=true, use_value=false) at /data/src/10.3/sql/sql_base.cc:8685
#20 0x00005567c3072a5d in select_unit::send_data (this=0x62900009d4a8, values=...) at /data/src/10.3/sql/sql_union.cc:128
#21 0x00005567c2f26f82 in end_send_group (join=0x62900009d598, join_tab=0x62900004c788, end_of_records=true) at /data/src/10.3/sql/sql_select.cc:21131
#22 0x00005567c2f1bc09 in sub_select (join=0x62900009d598, join_tab=0x62900004c3f8, end_of_records=true) at /data/src/10.3/sql/sql_select.cc:19754
#23 0x00005567c2f1a62a in do_select (join=0x62900009d598, procedure=0x0) at /data/src/10.3/sql/sql_select.cc:19345
#24 0x00005567c2eadb45 in JOIN::exec_inner (this=0x62900009d598) at /data/src/10.3/sql/sql_select.cc:4125
#25 0x00005567c2eab4c2 in JOIN::exec (this=0x62900009d598) at /data/src/10.3/sql/sql_select.cc:3919
#26 0x00005567c2eaefaa in mysql_select (thd=0x62a000060270, tables=0x62b0000050b8, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2416184064, result=0x62900009d4a8, unit=0x62b000001fb0, select_lex=0x62b000002738) at /data/src/10.3/sql/sql_select.cc:4327
#27 0x00005567c2d27c5d in mysql_derived_fill (thd=0x62a000060270, lex=0x62a000064078, derived=0x62b000000530) at /data/src/10.3/sql/sql_derived.cc:1157
#28 0x00005567c2d215e8 in mysql_handle_single_derived (lex=0x62a000064078, derived=0x62b000000530, phases=96) at /data/src/10.3/sql/sql_derived.cc:199
#29 0x00005567c2eeca35 in st_join_table::preread_init (this=0x6290000ff290) at /data/src/10.3/sql/sql_select.cc:12851
#30 0x00005567c2f1bdd2 in sub_select (join=0x62900009cf38, join_tab=0x6290000ff290, end_of_records=false) at /data/src/10.3/sql/sql_select.cc:19771
#31 0x00005567c2f1a524 in do_select (join=0x62900009cf38, procedure=0x0) at /data/src/10.3/sql/sql_select.cc:19343
#32 0x00005567c2eadb45 in JOIN::exec_inner (this=0x62900009cf38) at /data/src/10.3/sql/sql_select.cc:4125
#33 0x00005567c2eab4c2 in JOIN::exec (this=0x62900009cf38) at /data/src/10.3/sql/sql_select.cc:3919
#34 0x00005567c2eaefaa in mysql_select (thd=0x62a000060270, tables=0x62b000000530, wild_num=1, fields=..., conds=0x62b000001b90, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2684619520, result=0x62900009cf08, unit=0x62a000064138, select_lex=0x62a0000648c0) at /data/src/10.3/sql/sql_select.cc:4327
#35 0x00005567c2e85abd in handle_select (thd=0x62a000060270, lex=0x62a000064078, result=0x62900009cf08, setup_tables_done_option=0) at /data/src/10.3/sql/sql_select.cc:370
#36 0x00005567c2df73f2 in execute_sqlcom_select (thd=0x62a000060270, all_tables=0x62b000000530) at /data/src/10.3/sql/sql_parse.cc:6342
#37 0x00005567c2de5431 in mysql_execute_command (thd=0x62a000060270) at /data/src/10.3/sql/sql_parse.cc:3873
#38 0x00005567c2e01178 in mysql_parse (thd=0x62a000060270, rawbuf=0x62b000000290 "SELECT v.* FROM v JOIN INFORMATION_SCHEMA.TABLES WHERE DATA_LENGTH = -1", length=71, parser_state=0x7f6afbafc860, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:7871
#39 0x00005567c2dd7f6d in dispatch_command (command=COM_QUERY, thd=0x62a000060270, packet=0x6290000eb271 "", packet_length=71, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1852
#40 0x00005567c2dd4aa4 in do_command (thd=0x62a000060270) at /data/src/10.3/sql/sql_parse.cc:1398
#41 0x00005567c31a0761 in do_handle_one_connection (connect=0x611000007270) at /data/src/10.3/sql/sql_connect.cc:1403
#42 0x00005567c31a001b in handle_one_connection (arg=0x611000007270) at /data/src/10.3/sql/sql_connect.cc:1308
#43 0x00005567c47c40d5 in pfs_spawn_thread (arg=0x61600000baf0) at /data/src/10.3/storage/perfschema/pfs.cc:1869
#44 0x00007f6b069b0609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#45 0x00007f6b0658c293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 7 (Thread 0x7f6afd71a700 (LWP 3140692)):
#0 futex_abstimed_wait_cancelable (private=<optimized out>, abstime=0x7f6afd719c80, clockid=<optimized out>, expected=0, futex_word=0x5567c68ece08 <COND_checkpoint+40>) at ../sysdeps/nptl/futex-internal.h:320
#1 __pthread_cond_wait_common (abstime=0x7f6afd719c80, clockid=<optimized out>, mutex=0x5567c68ecd28 <LOCK_checkpoint+40>, cond=0x5567c68ecde0 <COND_checkpoint>) at pthread_cond_wait.c:520
#2 __pthread_cond_timedwait (cond=0x5567c68ecde0 <COND_checkpoint>, mutex=0x5567c68ecd28 <LOCK_checkpoint+40>, abstime=0x7f6afd719c80) at pthread_cond_wait.c:656
#3 0x00005567c48fb073 in safe_cond_timedwait (cond=0x5567c68ecde0 <COND_checkpoint>, mp=0x5567c68ecd00 <LOCK_checkpoint>, abstime=0x7f6afd719c80, file=0x5567c527b5c0 "/data/src/10.3/include/mysql/psi/mysql_thread.h", line=1211) at /data/src/10.3/mysys/thr_mutex.c:546
#4 0x00005567c447483e in inline_mysql_cond_timedwait (that=0x5567c68ecde0 <COND_checkpoint>, mutex=0x5567c68ecd00 <LOCK_checkpoint>, abstime=0x7f6afd719c80, src_file=0x5567c527b640 "/data/src/10.3/storage/maria/ma_servicethread.c", src_line=115) at /data/src/10.3/include/mysql/psi/mysql_thread.h:1211
#5 0x00005567c4475719 in my_service_thread_sleep (control=0x5567c5da0ba0 <checkpoint_control>, sleep_time=29000000000) at /data/src/10.3/storage/maria/ma_servicethread.c:115
#6 0x00005567c4457613 in ma_checkpoint_background (arg=0x1e) at /data/src/10.3/storage/maria/ma_checkpoint.c:707
#7 0x00005567c47c40d5 in pfs_spawn_thread (arg=0x616000006ff0) at /data/src/10.3/storage/perfschema/pfs.cc:1869
#8 0x00007f6b069b0609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#9 0x00007f6b0658c293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 6 (Thread 0x7f6afbb76300 (LWP 3140694)):
#0 futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x5567c60567c8 <COND_manager+40>) at ../sysdeps/nptl/futex-internal.h:183
#1 __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x5567c60566e8 <LOCK_manager+40>, cond=0x5567c60567a0 <COND_manager>) at pthread_cond_wait.c:508
#2 __pthread_cond_wait (cond=0x5567c60567a0 <COND_manager>, mutex=0x5567c60566e8 <LOCK_manager+40>) at pthread_cond_wait.c:638
#3 0x00005567c48fa73a in safe_cond_wait (cond=0x5567c60567a0 <COND_manager>, mp=0x5567c60566c0 <LOCK_manager>, file=0x5567c4aafa60 "/data/src/10.3/include/mysql/psi/mysql_thread.h", line=1174) at /data/src/10.3/mysys/thr_mutex.c:492
#4 0x00005567c2dcbe26 in inline_mysql_cond_wait (that=0x5567c60567a0 <COND_manager>, mutex=0x5567c60566c0 <LOCK_manager>, src_file=0x5567c4ab01e0 "/data/src/10.3/sql/sql_manager.cc", src_line=102) at /data/src/10.3/include/mysql/psi/mysql_thread.h:1174
#5 0x00005567c2dcc90c in handle_manager (arg=0x0) at /data/src/10.3/sql/sql_manager.cc:102
#6 0x00005567c47c40d5 in pfs_spawn_thread (arg=0x61600000a2f0) at /data/src/10.3/storage/perfschema/pfs.cc:1869
#7 0x00007f6b069b0609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#8 0x00007f6b0658c293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 5 (Thread 0x7f6b0645c480 (LWP 3140690)):
#0 0x00007f6b0657faff in __GI___poll (fds=0x7fff6f6ecdb0, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1 0x00007f6b06eaa5ba in poll () from /lib/x86_64-linux-gnu/libasan.so.5
#2 0x00005567c2b18fa6 in handle_connections_sockets () at /data/src/10.3/sql/mysqld.cc:6815
#3 0x00005567c2b17331 in mysqld_main (argc=<error reading variable: Cannot access memory at address 0x3d60>, argv=<error reading variable: Cannot access memory at address 0x3d70>) at /data/src/10.3/sql/mysqld.cc:6286
#4 0x00005567c2afdadd in main (argc=6, argv=0x7fff6f6ed1e8) at /data/src/10.3/sql/main.cc:25

Thread 4 (Thread 0x7f6afb8d5300 (LWP 3140702)):
#0 0x00007f6b06f956d4 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#1 0x00007f6b06f985e1 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#2 0x00007f6b06e99a8b in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#3 0x00007f6b06e99fef in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#4 0x00007f6b06e9653b in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#5 0x00007f6b06f7bc8f in malloc () from /lib/x86_64-linux-gnu/libasan.so.5
#6 0x00005567c490e6ec in sf_malloc (size=131072, my_flags=0) at /data/src/10.3/mysys/safemalloc.c:118
#7 0x00005567c48dc578 in my_malloc (size=131072, my_flags=0) at /data/src/10.3/mysys/my_malloc.c:101
#8 0x00005567c4880091 in init_io_cache (info=0x7f6afb8cbe20, file=75, cachesize=131072, type=WRITE_CACHE, seek_offset=0, use_async_io=0 '\000', cache_myflags=16) at /data/src/10.3/mysys/mf_iocache.c:247
#9 0x00005567c2b3f158 in sql_create_definition_file (dir=0x7f6afb8cc580, file_name=0x7f6afb8cc5a0, type=0x5567c590df80 <view_file_type>, base=0x6250000ffe40 "", parameters=0x5567c590dd60 <view_parameters>) at /data/src/10.3/sql/parse_file.cc:290
#10 0x00005567c30ac497 in mysql_register_view (thd=0x62a00006c270, view=0x6250000ffe40, mode=VIEW_CREATE_OR_REPLACE) at /data/src/10.3/sql/sql_view.cc:1130
#11 0x00005567c30a916b in mysql_create_view (thd=0x62a00006c270, views=0x6250000ffe40, mode=VIEW_CREATE_OR_REPLACE) at /data/src/10.3/sql/sql_view.cc:641
#12 0x00005567c2df3df3 in mysql_execute_command (thd=0x62a00006c270) at /data/src/10.3/sql/sql_parse.cc:5901
#13 0x00005567c2bc9bb0 in sp_instr_stmt::exec_core (this=0x625000100588, thd=0x62a00006c270, nextp=0x7f6afb8d0f60) at /data/src/10.3/sql/sp_head.cc:3702
#14 0x00005567c2bc83f2 in sp_lex_keeper::reset_lex_and_exec_core (this=0x6250001005d0, thd=0x62a00006c270, nextp=0x7f6afb8d0f60, open_tables=false, instr=0x625000100588) at /data/src/10.3/sql/sp_head.cc:3434
#15 0x00005567c2bc9336 in sp_instr_stmt::execute (this=0x625000100588, thd=0x62a00006c270, nextp=0x7f6afb8d0f60) at /data/src/10.3/sql/sp_head.cc:3608
#16 0x00005567c2bbab9c in sp_head::execute (this=0x6250000ff190, thd=0x62a00006c270, merge_da_on_success=true) at /data/src/10.3/sql/sp_head.cc:1377
#17 0x00005567c2bc0b89 in sp_head::execute_procedure (this=0x6250000ff190, thd=0x62a00006c270, args=0x62a000070f18) at /data/src/10.3/sql/sp_head.cc:2404
#18 0x00005567c2ddede6 in do_execute_sp (thd=0x62a00006c270, sp=0x6250000ff190) at /data/src/10.3/sql/sql_parse.cc:3019
#19 0x00005567c2df2538 in mysql_execute_command (thd=0x62a00006c270) at /data/src/10.3/sql/sql_parse.cc:5695
#20 0x00005567c2e01178 in mysql_parse (thd=0x62a00006c270, rawbuf=0x62b00003f290 "LOOP\nCREATE OR REPLACE VIEW vv AS SELECT 1;\nEND LOOP", length=52, parser_state=0x7f6afb8d3860, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:7871
#21 0x00005567c2dd7f6d in dispatch_command (command=COM_QUERY, thd=0x62a00006c270, packet=0x6290000f0271 "LOOP\nCREATE OR REPLACE VIEW vv AS SELECT 1;\nEND LOOP ", packet_length=53, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1852
#22 0x00005567c2dd4aa4 in do_command (thd=0x62a00006c270) at /data/src/10.3/sql/sql_parse.cc:1398
#23 0x00005567c31a0761 in do_handle_one_connection (connect=0x6110000074f0) at /data/src/10.3/sql/sql_connect.cc:1403
#24 0x00005567c31a001b in handle_one_connection (arg=0x6110000074f0) at /data/src/10.3/sql/sql_connect.cc:1308
#25 0x00005567c47c40d5 in pfs_spawn_thread (arg=0x61600000c3f0) at /data/src/10.3/storage/perfschema/pfs.cc:1869
#26 0x00007f6b069b0609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#27 0x00007f6b0658c293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 3 (Thread 0x7f6afee1c700 (LWP 3140691)):
#0 futex_abstimed_wait_cancelable (private=<optimized out>, abstime=0x7f6afee1bdd0, clockid=<optimized out>, expected=0, futex_word=0x5567c6904208 <COND_timer+40>) at ../sysdeps/nptl/futex-internal.h:320
#1 __pthread_cond_wait_common (abstime=0x7f6afee1bdd0, clockid=<optimized out>, mutex=0x5567c6904128 <LOCK_timer+40>, cond=0x5567c69041e0 <COND_timer>) at pthread_cond_wait.c:520
#2 __pthread_cond_timedwait (cond=0x5567c69041e0 <COND_timer>, mutex=0x5567c6904128 <LOCK_timer+40>, abstime=0x7f6afee1bdd0) at pthread_cond_wait.c:656
#3 0x00005567c48fb073 in safe_cond_timedwait (cond=0x5567c69041e0 <COND_timer>, mp=0x5567c6904100 <LOCK_timer>, abstime=0x7f6afee1bdd0, file=0x5567c535e280 "/data/src/10.3/include/mysql/psi/mysql_thread.h", line=1211) at /data/src/10.3/mysys/thr_mutex.c:546
#4 0x00005567c48fdec0 in inline_mysql_cond_timedwait (that=0x5567c69041e0 <COND_timer>, mutex=0x5567c6904100 <LOCK_timer>, abstime=0x7f6afee1bdd0, src_file=0x5567c535e320 "/data/src/10.3/mysys/thr_timer.c", src_line=292) at /data/src/10.3/include/mysql/psi/mysql_thread.h:1211
#5 0x00005567c48ffe44 in timer_handler (arg=0x0) at /data/src/10.3/mysys/thr_timer.c:292
#6 0x00005567c47c40d5 in pfs_spawn_thread (arg=0x6160000021f0) at /data/src/10.3/storage/perfschema/pfs.cc:1869
#7 0x00007f6b069b0609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#8 0x00007f6b0658c293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 2 (Thread 0x7f6afbc0e300 (LWP 3140693)):
#0 0x00007f6b064b1322 in __GI___sigtimedwait (set=set@entry=0x7f6afbc0d950, info=info@entry=0x7f6afbc0cf50, timeout=timeout@entry=0x0) at ../sysdeps/unix/sysv/linux/sigtimedwait.c:29
#1 0x00007f6b069bbf6c in __sigwait (set=0x7f6afbc0d950, sig=0x7f6afbc0d8d0) at ../sysdeps/unix/sysv/linux/sigwait.c:28
#2 0x00007f6b06eb96f1 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#3 0x00005567c2b0e474 in signal_hand (arg=0x0) at /data/src/10.3/sql/mysqld.cc:3590
#4 0x00005567c47c40d5 in pfs_spawn_thread (arg=0x616000008df0) at /data/src/10.3/storage/perfschema/pfs.cc:1869
#5 0x00007f6b069b0609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#6 0x00007f6b0658c293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 0x7f6afbafe300 (LWP 3140697)):
#0 __pthread_kill (threadid=<optimized out>, signo=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
#1 0x00005567c48ec573 in my_write_core (sig=6) at /data/src/10.3/mysys/stacktrace.c:386
#2 0x00005567c35528bd in handle_fatal_signal (sig=6) at /data/src/10.3/sql/signal_handler.cc:343
#3 <signal handler called>
#4 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#5 0x00007f6b0648f859 in __GI_abort () at abort.c:79
#6 0x00007f6b06f996a2 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#7 0x00007f6b06fa424c in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#8 0x00007f6b06f858ec in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#9 0x00007f6b06f85363 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#10 0x00007f6b06f8608b in __asan_report_load4 () from /lib/x86_64-linux-gnu/libasan.so.5
#11 0x00005567c36036b5 in sp_head::daccess (this=0x6250000fc990) at /data/src/10.3/sql/sp_head.h:205
#12 0x00005567c35b2390 in Item_sp::execute_impl (this=0x62b000003de8, thd=0x62a000060270, args=0x62b000003db8, arg_count=1) at /data/src/10.3/sql/item.cc:2936
#13 0x00005567c35b20b7 in Item_sp::execute (this=0x62b000003de8, thd=0x62a000060270, null_value=0x62b000003d9e, args=0x62b000003db8, arg_count=1) at /data/src/10.3/sql/item.cc:2905
#14 0x00005567c36dc4d3 in Item_func_sp::execute (this=0x62b000003d28) at /data/src/10.3/sql/item_func.cc:6412
#15 0x00005567c36eae5e in Item_func_sp::val_int (this=0x62b000003d28) at /data/src/10.3/sql/item_func.h:2927
#16 0x00005567c35d2b2d in Item::save_int_in_field (this=0x62b000003d28, field=0x61900008b210, no_conversions=false) at /data/src/10.3/sql/item.cc:6878
#17 0x00005567c32eec92 in Type_handler_int_result::Item_save_in_field (this=0x5567c59b38a0 <type_handler_long>, item=0x62b000003d28, field=0x61900008b210, no_conversions=false) at /data/src/10.3/sql/sql_type.cc:2592
#18 0x00005567c35d2d11 in Item::save_in_field (this=0x62b000003d28, field=0x61900008b210, no_conversions=false) at /data/src/10.3/sql/item.cc:6888
#19 0x00005567c2c944cf in fill_record (thd=0x62a000060270, table=0x622000021190, ptr=0x622000022278, values=..., ignore_errors=true, use_value=false) at /data/src/10.3/sql/sql_base.cc:8685
#20 0x00005567c3072a5d in select_unit::send_data (this=0x62900009d4a8, values=...) at /data/src/10.3/sql/sql_union.cc:128
#21 0x00005567c2f26f82 in end_send_group (join=0x62900009d598, join_tab=0x62900004c788, end_of_records=true) at /data/src/10.3/sql/sql_select.cc:21131
#22 0x00005567c2f1bc09 in sub_select (join=0x62900009d598, join_tab=0x62900004c3f8, end_of_records=true) at /data/src/10.3/sql/sql_select.cc:19754
#23 0x00005567c2f1a62a in do_select (join=0x62900009d598, procedure=0x0) at /data/src/10.3/sql/sql_select.cc:19345
#24 0x00005567c2eadb45 in JOIN::exec_inner (this=0x62900009d598) at /data/src/10.3/sql/sql_select.cc:4125
#25 0x00005567c2eab4c2 in JOIN::exec (this=0x62900009d598) at /data/src/10.3/sql/sql_select.cc:3919
#26 0x00005567c2eaefaa in mysql_select (thd=0x62a000060270, tables=0x62b0000050b8, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2416184064, result=0x62900009d4a8, unit=0x62b000001fb0, select_lex=0x62b000002738) at /data/src/10.3/sql/sql_select.cc:4327
#27 0x00005567c2d27c5d in mysql_derived_fill (thd=0x62a000060270, lex=0x62a000064078, derived=0x62b000000530) at /data/src/10.3/sql/sql_derived.cc:1157
#28 0x00005567c2d215e8 in mysql_handle_single_derived (lex=0x62a000064078, derived=0x62b000000530, phases=96) at /data/src/10.3/sql/sql_derived.cc:199
#29 0x00005567c2eeca35 in st_join_table::preread_init (this=0x6290000ff290) at /data/src/10.3/sql/sql_select.cc:12851
#30 0x00005567c2f1bdd2 in sub_select (join=0x62900009cf38, join_tab=0x6290000ff290, end_of_records=false) at /data/src/10.3/sql/sql_select.cc:19771
#31 0x00005567c2f1a524 in do_select (join=0x62900009cf38, procedure=0x0) at /data/src/10.3/sql/sql_select.cc:19343
#32 0x00005567c2eadb45 in JOIN::exec_inner (this=0x62900009cf38) at /data/src/10.3/sql/sql_select.cc:4125
#33 0x00005567c2eab4c2 in JOIN::exec (this=0x62900009cf38) at /data/src/10.3/sql/sql_select.cc:3919
#34 0x00005567c2eaefaa in mysql_select (thd=0x62a000060270, tables=0x62b000000530, wild_num=1, fields=..., conds=0x62b000001b90, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2684619520, result=0x62900009cf08, unit=0x62a000064138, select_lex=0x62a0000648c0) at /data/src/10.3/sql/sql_select.cc:4327
#35 0x00005567c2e85abd in handle_select (thd=0x62a000060270, lex=0x62a000064078, result=0x62900009cf08, setup_tables_done_option=0) at /data/src/10.3/sql/sql_select.cc:370
#36 0x00005567c2df73f2 in execute_sqlcom_select (thd=0x62a000060270, all_tables=0x62b000000530) at /data/src/10.3/sql/sql_parse.cc:6342
#37 0x00005567c2de5431 in mysql_execute_command (thd=0x62a000060270) at /data/src/10.3/sql/sql_parse.cc:3873
#38 0x00005567c2e01178 in mysql_parse (thd=0x62a000060270, rawbuf=0x62b000000290 "SELECT v.* FROM v JOIN INFORMATION_SCHEMA.TABLES WHERE DATA_LENGTH = -1", length=71, parser_state=0x7f6afbafc860, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:7871
#39 0x00005567c2dd7f6d in dispatch_command (command=COM_QUERY, thd=0x62a000060270, packet=0x6290000eb271 "", packet_length=71, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1852
#40 0x00005567c2dd4aa4 in do_command (thd=0x62a000060270) at /data/src/10.3/sql/sql_parse.cc:1398
#41 0x00005567c31a0761 in do_handle_one_connection (connect=0x611000007270) at /data/src/10.3/sql/sql_connect.cc:1403
#42 0x00005567c31a001b in handle_one_connection (arg=0x611000007270) at /data/src/10.3/sql/sql_connect.cc:1308
#43 0x00005567c47c40d5 in pfs_spawn_thread (arg=0x61600000baf0) at /data/src/10.3/storage/perfschema/pfs.cc:1869
#44 0x00007f6b069b0609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#45 0x00007f6b0658c293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

No obvious immediate problem on a non-ASAN build.

Attachments

Issue Links

relates to

MDEV-28267 ASAN heap-use-after-free in Item_sp::func_name_cstring

Closed

Activity

People

Assignee:: Alexander Barkov

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2021-03-24 22:26

Updated:: 2022-06-28 09:34

Resolved:: 2022-04-21 06:09

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.