Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Duplicate
-
10.6.2, 10.5.13, 10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5, 10.6
-
None
-
Linux x64
Description
Reported by:
Yaoguang Chen of Ant Security Light-Year Lab
Steps to reproduce:
CREATE TEMPORARY TABLE v0 ( v4 SMALLINT , v3 TINYINT , v2 NCHAR BINARY GENERATED ALWAYS AS ( NULL NOT IN ( 'x' SOUNDS LIKE UTC_TIME ( ) IS NULL IS NULL IS FALSE ) IS NOT FALSE ) , v1 INT ) ; |
SELECT CONVERT ( CHAR ( 'x' IS FALSE ) * DEFAULT ( v2 ) * 'x' * 62721821.000000 , DATETIME ) REGEXP v1 'x' FROM v0 ; |
INSERT IGNORE INTO v0 VALUES ( 78470821.000000 , 'x' , -32768 , v1 IN ( 'x' , FALSE NOT REGEXP v3 IS FALSE ) ) ; |
backtrace:
Core was generated by `/home/supersix/fuzz/security/MariaDB/install_debug/bin/mysqld --defaults-file=/'.
|
Program terminated with signal SIGABRT, Aborted.
|
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=0x6)
|
at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
|
56 ../sysdeps/unix/sysv/linux/pthread_kill.c: No such file or directory.
|
[Current thread is 1 (Thread 0x7f8010296700 (LWP 1431325))]
|
gdb-peda$ bt
|
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=0x6)
|
at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
|
#1 0x000055ceeec1e94f in my_write_core (sig=sig@entry=0x6)
|
at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/mysys/stacktrace.c:424
|
#2 0x000055ceee729d60 in handle_fatal_signal (sig=0x6)
|
at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/signal_handler.cc:344
|
#3 <signal handler called>
|
#4 __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
#5 0x00007f8010d68859 in __GI_abort () at abort.c:79
|
#6 0x00007f801113f951 in ?? () from /lib/x86_64-linux-gnu/libstdc++.so.6
|
#7 0x00007f801114b47c in ?? () from /lib/x86_64-linux-gnu/libstdc++.so.6
|
#8 0x00007f801114b4e7 in std::terminate() () from /lib/x86_64-linux-gnu/libstdc++.so.6
|
#9 0x00007f801114c245 in __cxa_pure_virtual () from /lib/x86_64-linux-gnu/libstdc++.so.6
|
#10 0x000055ceee75d6ef in Arg_comparator::compare_real_fixed (this=0x7f7f88115bf0)
|
at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/item_cmpfunc.cc:897
|
#11 0x000055ceee76b464 in Arg_comparator::compare (this=0x7f7f88115bf0)
|
at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/item_cmpfunc.h:103
|
#12 Item_func_ne::val_int (this=0x7f7f88115b40)
|
at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/item_cmpfunc.cc:1788
|
#13 0x000055ceee67b604 in Type_handler_int_result::Item_val_bool (this=<optimized out>,
|
item=<optimized out>) at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_type.cc:5085
|
#14 0x000055ceee75de10 in Item_func_truth::val_bool (this=0x7f7f88115dc0)
|
at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/item_cmpfunc.cc:1165
|
#15 0x000055ceee75de81 in Item_func_truth::val_int (this=<optimized out>)
|
at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/item_cmpfunc.cc:1188
|
#16 0x000055ceee74f443 in Item::save_int_in_field (this=0x7f7f88115dc0, field=0x7f7f8801ac90,
|
no_conversions=<optimized out>)
|
at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/item.cc:6700
|
#17 0x000055ceee7412a7 in Item::save_in_field (this=0x7f7f88115dc0, field=0x7f7f8801ac90,
|
no_conversions=<optimized out>)
|
at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/item.cc:6710
|
#18 0x000055ceee5f87a0 in TABLE::update_virtual_fields (this=this@entry=0x7f7f8801a698,
|
h=<optimized out>, update_mode=update_mode@entry=VCOL_UPDATE_FOR_WRITE)
|
at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/table.cc:8718
|
#19 0x000055ceee4ba3a5 in fill_record (thd=thd@entry=0x7f7f88000c58,
|
table=table@entry=0x7f7f8801a698, ptr=0x7f7f8801aaf0, ptr@entry=0x7f7f8801aac8, values=...,
|
ignore_errors=ignore_errors@entry=0x0, use_value=use_value@entry=0x0)
|
at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_base.cc:8845
|
#20 0x000055ceee4ba444 in fill_record_n_invoke_before_triggers (thd=thd@entry=0x7f7f88000c58,
|
table=table@entry=0x7f7f8801a698, ptr=0x7f7f8801aac8, values=...,
|
ignore_errors=ignore_errors@entry=0x0, event=event@entry=TRG_EVENT_INSERT)
|
at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_base.cc:8888
|
#21 0x000055ceee4e6af6 in mysql_insert (thd=thd@entry=0x7f7f88000c58, table_list=<optimized out>,
|
fields=..., values_list=..., update_fields=..., update_values=..., duplic=<optimized out>,
|
ignore=<optimized out>, result=<optimized out>)
|
at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_insert.cc:1047
|
#22 0x000055ceee5204e7 in mysql_execute_command (thd=0x7f7f88000c58,
|
is_called_from_prepared_stmt=<optimized out>)
|
at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_parse.cc:4568
|
#23 0x000055ceee510287 in mysql_parse (thd=0x7f7f88000c58, rawbuf=<optimized out>,
|
length=<optimized out>, parser_state=<optimized out>)
|
at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_parse.cc:8028
|
#24 0x000055ceee51c285 in dispatch_command (command=COM_QUERY, thd=0x7f7f88000c58,
|
packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>)
|
at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_class.h:1340
|
#25 0x000055ceee51e1a8 in do_command (thd=0x7f7f88000c58, blocking=blocking@entry=0x1)
|
at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_parse.cc:1406
|
#26 0x000055ceee624317 in do_handle_one_connection (connect=<optimized out>, put_in_cache=0x1)
|
at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_connect.cc:1410
|
#27 0x000055ceee62467d in handle_one_connection (arg=arg@entry=0x55cef0328838)
|
at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_connect.cc:1312
|
#28 0x000055ceee96097d in pfs_spawn_thread (arg=0x55cef06008d8)
|
at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/storage/perfschema/pfs.cc:2201
|
#29 0x00007f8011291609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#30 0x00007f8010e65293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Attachments
Issue Links
- duplicates
-
-
- Closed
-
- links to
Activity
Thank you!
~ MDEV-26437
CREATE TABLE t1 (v2 varchar(50) AS ( NULL IN ( 'x' SOUNDS LIKE UTC_TIME()))); |
SELECT DEFAULT (v2) FROM t1 ; |
INSERT IGNORE INTO t1 VALUES ( 1 ) ; |
|
10.2 228630f61ac10240c36717 |
|
|
#3 <signal handler called>
|
#4 0x000055e8eab39044 in Arg_comparator::compare_real_fixed (this=0x7f0738035f60) at /10.2/src/sql/item_cmpfunc.cc:934
|
#5 0x000055e8eab4d554 in Arg_comparator::compare (this=0x7f0738035f60) at /10.2/src/sql/item_cmpfunc.h:87
|
#6 0x000055e8eab3b9a7 in Item_func_eq::val_int (this=0x7f0738035ea0) at /10.2/src/sql/item_cmpfunc.cc:1806
|
#7 0x000055e8eab1eaa8 in Item::save_in_field (this=0x7f0738035ea0, field=0x7f07380adb60, no_conversions=false) at /10.2/src/sql/item.cc:6429
|
#8 0x000055e8ea98b6b9 in TABLE::update_virtual_fields (this=0x7f0738176640, h=0x7f0738034a98, update_mode=VCOL_UPDATE_FOR_WRITE) at /10.2/src/sql/table.cc:7793
|
#9 0x000055e8ea80c8e9 in fill_record (thd=0x7f0738000d90, table=0x7f0738176640, ptr=0x7f07380adb60, values=..., ignore_errors=false, use_value=false) at /10.2/src/sql/sql_base.cc:8374
|
#10 0x000055e8ea80ca10 in fill_record_n_invoke_before_triggers (thd=0x7f0738000d90, table=0x7f0738176640, ptr=0x7f07380adb50, values=..., ignore_errors=false, event=TRG_EVENT_INSERT) at /10.2/src/sql/sql_base.cc:8415
|
#11 0x000055e8ea84ce29 in mysql_insert (thd=0x7f0738000d90, table_list=0x7f07380127e8, fields=..., values_list=..., update_fields=..., update_values=..., duplic=DUP_ERROR, ignore=false) at /10.2/src/sql/sql_insert.cc:1010
|
#12 0x000055e8ea874638 in mysql_execute_command (thd=0x7f0738000d90) at /10.2/src/sql/sql_parse.cc:4217
|
#13 0x000055e8ea87fb42 in mysql_parse (thd=0x7f0738000d90, rawbuf=0x7f0738012708 "INSERT INTO t1 VALUES ( 1 )", length=28, parser_state=0x7f078ded6560, is_com_multi=false, is_next_command=false) at /10.2/src/sql/sql_parse.cc:7793
|
#14 0x000055e8ea86dd9d in dispatch_command (command=COM_QUERY, thd=0x7f0738000d90, packet=0x7f0738008b61 "INSERT INTO t1 VALUES ( 1 ) ", packet_length=29, is_com_multi=false, is_next_command=false) at /10.2/src/sql/sql_parse.cc:1827
|
#15 0x000055e8ea86c898 in do_command (thd=0x7f0738000d90) at /10.2/src/sql/sql_parse.cc:1381
|
#16 0x000055e8ea9c8661 in do_handle_one_connection (connect=0x55e8eda49d10) at /10.2/src/sql/sql_connect.cc:1336
|
#17 0x000055e8ea9c83c6 in handle_one_connection (arg=0x55e8eda49d10) at /10.2/src/sql/sql_connect.cc:1241
|
#18 0x000055e8eb1f1ec4 in pfs_spawn_thread (arg=0x55e8eda2cfd0) at /10.2/src/storage/perfschema/pfs.cc:1869
|
#19 0x00007f07940b1609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#20 0x00007f0793c8c293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
|
Thank you Yaoguang Chen for your bug report.
Can you include the minor version number also in the Affected Versions of your bug report. I'm going off your backtrace as 10.6.2.
My confirmation:
10.5.13-0268b871228-debug-asan
2021-08-13 18:14:51 0 [Note] InnoDB: 10.5.13 started; log sequence number 85119; transaction id 1392021-08-13 18:14:51 0 [Note] InnoDB: Loading buffer pool(s) from /tmp/build-mariadb-server-10.5-asan-debug-datadir/ib_buffer_pool2021-08-13 18:14:51 0 [Note] Plugin 'FEEDBACK' is disabled.2021-08-13 18:14:51 0 [Note] InnoDB: Buffer pool(s) load completed at 210813 18:14:51[New Thread 0x7fffd84d0640 (LWP 790752)][New Thread 0x7fffcd082640 (LWP 790753)]2021-08-13 18:14:51 0 [Note] Reading of all Master_info entries succeeded2021-08-13 18:14:51 0 [Note] Added new Master_info '' to hash table2021-08-13 18:14:51 0 [Note] /home/dan/repos/build-mariadb-server-10.5-asan-debug/sql/mysqld: ready for connections.Version: '10.5.13-MariaDB-debug' socket: '/tmp/build-mariadb-server-10.5-asan-debug.sock' port: 0 Source distribution[New Thread 0x7fffccf80640 (LWP 790762)][Thread 0x7fffd2419640 (LWP 790744) exited][Thread 0x7fffd6cf0640 (LWP 790735) exited][Thread 0x7fffd4c94640 (LWP 790739) exited][Thread 0x7fffd64d9640 (LWP 790736) exited][Thread 0x7fffd13f3640 (LWP 790746) exited][Thread 0x7fffd74ff640 (LWP 790734) exited][Thread 0x7fffcf397640 (LWP 790750) exited][Thread 0x7fffcfbae640 (LWP 790749) exited][Thread 0x7fffd0bdc640 (LWP 790747) exited][Thread 0x7fffd447d640 (LWP 790740) exited][Thread 0x7fffd54ab640 (LWP 790738) exited][Thread 0x7fffd5cc2640 (LWP 790737) exited][Thread 0x7fffd03c5640 (LWP 790748) exited][Thread 0x7fffd2c38640 (LWP 790743) exited][Thread 0x7fffd1c0a640 (LWP 790745) exited][Thread 0x7fffd344f640 (LWP 790742) exited][New Thread 0x7fffd1c0a640 (LWP 790836)][New Thread 0x7fffd344f640 (LWP 790837)][New Thread 0x7fffd2c38640 (LWP 790838)]===================================================================790726==ERROR: AddressSanitizer: use-after-poison on address 0x62b0000a3f28 at pc 0x000000adb2ad bp 0x7fffccf76830 sp 0x7fffccf76828READ of size 8 at 0x62b0000a3f28 thread T25[Detaching after fork from child process 790839]#0 0xadb2ac in Item_args::walk_args(bool (Item::*)(void*), bool, void*) /home/dan/repos/mariadb-server-10.5/sql/item.h:2609:20#1 0xad8424 in Item_func_or_sum::walk(bool (Item::*)(void*), bool, void*) /home/dan/repos/mariadb-server-10.5/sql/item.h:5270:9#2 0xadb2f9 in Item_args::walk_args(bool (Item::*)(void*), bool, void*) /home/dan/repos/mariadb-server-10.5/sql/item.h:2609:20#3 0xad8424 in Item_func_or_sum::walk(bool (Item::*)(void*), bool, void*) /home/dan/repos/mariadb-server-10.5/sql/item.h:5270:9#4 0xadb2f9 in Item_args::walk_args(bool (Item::*)(void*), bool, void*) /home/dan/repos/mariadb-server-10.5/sql/item.h:2609:20#5 0xad8424 in Item_func_or_sum::walk(bool (Item::*)(void*), bool, void*) /home/dan/repos/mariadb-server-10.5/sql/item.h:5270:9#6 0xadb2f9 in Item_args::walk_args(bool (Item::*)(void*), bool, void*) /home/dan/repos/mariadb-server-10.5/sql/item.h:2609:20#7 0xad8424 in Item_func_or_sum::walk(bool (Item::*)(void*), bool, void*) /home/dan/repos/mariadb-server-10.5/sql/item.h:5270:9#8 0xadb2f9 in Item_args::walk_args(bool (Item::*)(void*), bool, void*) /home/dan/repos/mariadb-server-10.5/sql/item.h:2609:20#9 0xad8424 in Item_func_or_sum::walk(bool (Item::*)(void*), bool, void*) /home/dan/repos/mariadb-server-10.5/sql/item.h:5270:9#10 0xadb2f9 in Item_args::walk_args(bool (Item::*)(void*), bool, void*) /home/dan/repos/mariadb-server-10.5/sql/item.h:2609:20#11 0xad8424 in Item_func_or_sum::walk(bool (Item::*)(void*), bool, void*) /home/dan/repos/mariadb-server-10.5/sql/item.h:5270:9#12 0x9e6c60 in TABLE::mark_virtual_column_deps(Field*) /home/dan/repos/mariadb-server-10.5/sql/item.h:7582:27#13 0x1115650 in TABLE::mark_virtual_column_with_deps(Field*) /home/dan/repos/mariadb-server-10.5/sql/item.h:7574:5#14 0x10f7c67 in TABLE::mark_virtual_columns_for_write(bool) /home/dan/repos/mariadb-server-10.5/sql/table.cc:7600:24#15 0x10f85d0 in TABLE::mark_columns_needed_for_insert() /home/dan/repos/mariadb-server-10.5/sql/table.cc:7429:5#16 0xbb3136 in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /home/dan/repos/mariadb-server-10.5/sql/sql_insert.cc:945:10#17 0xcb7ac0 in mysql_execute_command(THD*) /home/dan/repos/mariadb-server-10.5/sql/sql_parse.cc:4624:10#18 0xc9aa04 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/dan/repos/mariadb-server-10.5/sql/sql_parse.cc:8100:18#19 0xc92fa1 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/dan/repos/mariadb-server-10.5/sql/sql_parse.cc:1891:7#20 0xc9d07f in do_command(THD*) /home/dan/repos/mariadb-server-10.5/sql/sql_parse.cc:1370:17#21 0x11f33b0 in do_handle_one_connection(CONNECT*, bool) /home/dan/repos/mariadb-server-10.5/sql/sql_connect.cc:1418:11#22 0x11f299e in handle_one_connection /home/dan/repos/mariadb-server-10.5/sql/sql_connect.cc:1312:5#23 0x21e17b8 in pfs_spawn_thread /home/dan/repos/mariadb-server-10.5/storage/perfschema/pfs.cc:2201:3#24 0x7ffff78ad298 in start_thread /usr/src/debug/glibc-2.33-20.fc34.x86_64/nptl/pthread_create.c:481:8#25 0x7ffff7587352 in clone ../sysdeps/unix/sysv/linux/x86_64/clone.S:950x62b0000a3f28 is located 11560 bytes inside of 24740-byte region [0x62b0000a1200,0x62b0000a72a4)allocated by thread T25 here:#0 0x86a85f in malloc (/home/dan/repos/build-mariadb-server-10.5-asan-debug/sql/mariadbd+0x86a85f)#1 0x31f2373 in sf_malloc /home/dan/repos/mariadb-server-10.5/mysys/safemalloc.c:121:34#2 0x31af41f in my_malloc /home/dan/repos/mariadb-server-10.5/mysys/my_malloc.c:90:29#3 0x317e6ca in reset_root_defaults /home/dan/repos/mariadb-server-10.5/mysys/my_alloc.c:148:30#4 0xb236a6 in THD::init_for_queries() /home/dan/repos/mariadb-server-10.5/sql/sql_class.cc:1401:3#5 0x11f20b1 in prepare_new_connection_state(THD*) /home/dan/repos/mariadb-server-10.5/sql/sql_connect.cc:1240:8#6 0x11f3b19 in thd_prepare_connection(THD*) /home/dan/repos/mariadb-server-10.5/sql/sql_connect.cc:1333:3#7 0x11f32b1 in do_handle_one_connection(CONNECT*, bool) /home/dan/repos/mariadb-server-10.5/sql/sql_connect.cc:1408:9#8 0x11f299e in handle_one_connection /home/dan/repos/mariadb-server-10.5/sql/sql_connect.cc:1312:5#9 0x21e17b8 in pfs_spawn_thread /home/dan/repos/mariadb-server-10.5/storage/perfschema/pfs.cc:2201:3#10 0x7ffff78ad298 in start_thread /usr/src/debug/glibc-2.33-20.fc34.x86_64/nptl/pthread_create.c:481:8Thread T25 created by T0 here:#0 0x7db136 in pthread_create (/home/dan/repos/build-mariadb-server-10.5-asan-debug/sql/mariadbd+0x7db136)#1 0x21e1dcc in my_thread_create(unsigned long*, pthread_attr_t const*, void* (*)(void*), void*) /home/dan/repos/mariadb-server-10.5/storage/perfschema/my_thread.h:48:10#2 0x21e1d5b in pfs_spawn_thread_v1 /home/dan/repos/mariadb-server-10.5/storage/perfschema/pfs.cc:2252:15#3 0x8ab442 in inline_mysql_thread_create(unsigned int, unsigned long*, pthread_attr_t const*, void* (*)(void*), void*) /home/dan/repos/mariadb-server-10.5/include/mysql/psi/mysql_thread.h:1323:11#4 0x8bc00e in create_thread_to_handle_connection(CONNECT*) /home/dan/repos/mariadb-server-10.5/sql/mysqld.cc:6010:19#5 0x8bc89d in create_new_thread(CONNECT*) /home/dan/repos/mariadb-server-10.5/sql/mysqld.cc:6069:3#6 0x8bd27f in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /home/dan/repos/mariadb-server-10.5/sql/mysqld.cc:6134:5#7 0x8ba768 in handle_connections_sockets() /home/dan/repos/mariadb-server-10.5/sql/mysqld.cc:6261:9#8 0x8af2dd in mysqld_main(int, char**) /home/dan/repos/mariadb-server-10.5/sql/mysqld.cc:5656:3#9 0x8a4a01 in main /home/dan/repos/mariadb-server-10.5/sql/main.cc:25:10#10 0x7ffff74aeb74 in __libc_start_main /usr/src/debug/glibc-2.33-20.fc34.x86_64/csu/../csu/libc-start.c:332:16SUMMARY: AddressSanitizer: use-after-poison /home/dan/repos/mariadb-server-10.5/sql/item.h:2609:20 in Item_args::walk_args(bool (Item::*)(void*), bool, void*)Shadow bytes around the buggy address:0x0c568000c790: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f70x0c568000c7a0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f70x0c568000c7b0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f70x0c568000c7c0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f70x0c568000c7d0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7=>0x0c568000c7e0: f7 f7 f7 f7 f7[f7]f7 f7 f7 f7 f7 f7 f7 f7 f7 f70x0c568000c7f0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f70x0c568000c800: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f70x0c568000c810: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f70x0c568000c820: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f70x0c568000c830: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7Shadow byte legend (one shadow byte represents 8 application bytes):Addressable: 00Partially addressable: 01 02 03 04 05 06 07Heap left redzone: faFreed heap region: fdStack left redzone: f1Stack mid redzone: f2Stack right redzone: f3Stack after return: f5Stack use after scope: f8Global redzone: f9Global init order: f6Poisoned by user: f7Container overflow: fcArray cookie: acIntra object redzone: bbASan internal: feLeft alloca redzone: caRight alloca redzone: cbShadow gap: cc==790726==ABORTING