ramesh@galapq:/test$ cat /test/mtest/UBASAN_MD160321-mariadb-10.6.0-linux-x86_64-dbg/log/master.err 2021-03-16 11:54:34 0 [Note] InnoDB: !!!!!!!! UNIV_DEBUG switched on !!!!!!!!! 2021-03-16 11:54:34 0 [Note] InnoDB: Compressed tables use zlib 1.2.11 2021-03-16 11:54:34 0 [Note] InnoDB: Number of pools: 1 2021-03-16 11:54:34 0 [Note] InnoDB: Using crc32 + pclmulqdq instructions 2021-03-16 11:54:34 0 [Note] mysqld: O_TMPFILE is not supported on /test/mtest/UBASAN_MD160321-mariadb-10.6.0-linux-x86_64-dbg/data (disabling future attempts) 2021-03-16 11:54:34 0 [Note] InnoDB: Using Linux native AIO 2021-03-16 11:54:34 0 [Note] InnoDB: Initializing buffer pool, total size = 134217728, chunk size = 134217728 2021-03-16 11:54:34 0 [Note] InnoDB: Completed initialization of buffer pool 2021-03-16 11:54:34 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority(). 2021-03-16 11:54:34 0 [Note] InnoDB: 128 rollback segments are active. 2021-03-16 11:54:34 0 [Note] InnoDB: Creating shared tablespace for temporary tables 2021-03-16 11:54:34 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ... 2021-03-16 11:54:34 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB. 2021-03-16 11:54:34 0 [Note] InnoDB: 10.6.0 started; log sequence number 43206; transaction id 18 2021-03-16 11:54:34 0 [Note] InnoDB: Loading buffer pool(s) from /test/mtest/UBASAN_MD160321-mariadb-10.6.0-linux-x86_64-dbg/data/ib_buffer_pool 2021-03-16 11:54:34 0 [Note] Plugin 'FEEDBACK' is disabled. 2021-03-16 11:54:34 0 [Note] Server socket created on IP: '0.0.0.0'. 2021-03-16 11:54:34 0 [Note] Server socket created on IP: '::'. 2021-03-16 11:54:34 0 [Note] InnoDB: Buffer pool(s) load completed at 210316 11:54:34 2021-03-16 11:54:34 0 [Note] Reading of all Master_info entries succeeded 2021-03-16 11:54:34 0 [Note] Added new Master_info '' to hash table 2021-03-16 11:54:34 0 [Note] /test/mtest/UBASAN_MD160321-mariadb-10.6.0-linux-x86_64-dbg/bin/mysqld: ready for connections. Version: '10.6.0-MariaDB-debug' socket: '/test/mtest/UBASAN_MD160321-mariadb-10.6.0-linux-x86_64-dbg/socket.sock' port: 14856 MariaDB Server 2021-03-16 11:54:34 0 [Note] /test/mtest/UBASAN_MD160321-mariadb-10.6.0-linux-x86_64-dbg/bin/mysqld (initiated by: root[root] @ localhost []): Normal shutdown 2021-03-16 11:54:34 0 [Note] Event Scheduler: Purging the queue. 0 events 2021-03-16 11:54:34 0 [Note] InnoDB: FTS optimize thread exiting. 2021-03-16 11:54:34 0 [Note] InnoDB: Starting shutdown... 2021-03-16 11:54:34 0 [Note] InnoDB: Dumping buffer pool(s) to /test/mtest/UBASAN_MD160321-mariadb-10.6.0-linux-x86_64-dbg/data/ib_buffer_pool 2021-03-16 11:54:34 0 [Note] InnoDB: Buffer pool(s) dump completed at 210316 11:54:34 2021-03-16 11:54:35 0 [Note] InnoDB: Removed temporary tablespace data file: "ibtmp1" 2021-03-16 11:54:35 0 [Note] InnoDB: Shutdown completed; log sequence number 43218; transaction id 19 2021-03-16 11:54:35 0 [Note] /test/mtest/UBASAN_MD160321-mariadb-10.6.0-linux-x86_64-dbg/bin/mysqld: Shutdown complete AddressSanitizer exit stats: Stats: 73M malloced (1M for red zones) by 9913 calls Stats: 0M realloced by 6 calls Stats: 73M freed by 9887 calls Stats: 0M really freed by 0 calls Stats: 86M (86M-0M) mmaped; 365 maps, 0 unmaps mallocs by size class: 2:519; 3:138; 4:131; 6:144; 7:59; 8:13; 11:54; 12:8; 14:196; 15:127; 16:45; 17:540; 18:130; 19:554; 20:131; 21:50; 22:5784; 23:45; 24:30; 25:181; 26:102; 27:48; 28:18; 29:582; 30:31; 31:7; 32:2; 33:69; 34:7; 35:2; 36:1; 37:24; 38:4; 39:3; 41:46; 42:10; 43:18; 44:10; 45:16; 48:2; 49:2; 50:3; 51:1; Stats: malloc large: 26 Stats: StackDepot: 6541 ids; 0M allocated Stats: SizeClassAllocator64: 18M mapped (11M rss) in 25362 allocations; remains 11190 02 ( 32): mapped: 64K allocs: 1024 frees: 456 inuse: 568 num_freed_chunks 1480 avail: 2048 rss: 32K releases: 0 last released: 0K region: 0x602000000000 03 ( 48): mapped: 128K allocs: 1920 frees: 1728 inuse: 192 num_freed_chunks 2538 avail: 2730 rss: 64K releases: 0 last released: 0K region: 0x603000000000 04 ( 64): mapped: 64K allocs: 896 frees: 688 inuse: 208 num_freed_chunks 816 avail: 1024 rss: 28K releases: 0 last released: 0K region: 0x604000000000 06 ( 96): mapped: 192K allocs: 1792 frees: 1619 inuse: 173 num_freed_chunks 1875 avail: 2048 rss: 68K releases: 0 last released: 0K region: 0x606000000000 07 ( 112): mapped: 128K allocs: 768 frees: 627 inuse: 141 num_freed_chunks 1029 avail: 1170 rss: 28K releases: 0 last released: 0K region: 0x607000000000 08 ( 128): mapped: 64K allocs: 512 frees: 380 inuse: 132 num_freed_chunks 380 avail: 512 rss: 16K releases: 0 last released: 0K region: 0x608000000000 11 ( 176): mapped: 192K allocs: 768 frees: 619 inuse: 149 num_freed_chunks 968 avail: 1117 rss: 40K releases: 0 last released: 0K region: 0x60b000000000 12 ( 192): mapped: 64K allocs: 256 frees: 127 inuse: 129 num_freed_chunks 212 avail: 341 rss: 8K releases: 0 last released: 0K region: 0x60c000000000 14 ( 224): mapped: 256K allocs: 1152 frees: 860 inuse: 292 num_freed_chunks 878 avail: 1170 rss: 88K releases: 0 last released: 0K region: 0x60e000000000 15 ( 240): mapped: 128K allocs: 512 frees: 377 inuse: 135 num_freed_chunks 411 avail: 546 rss: 40K releases: 0 last released: 0K region: 0x60f000000000 16 ( 256): mapped: 128K allocs: 384 frees: 250 inuse: 134 num_freed_chunks 378 avail: 512 rss: 20K releases: 0 last released: 0K region: 0x610000000000 17 ( 320): mapped: 512K allocs: 1664 frees: 1079 inuse: 585 num_freed_chunks 1053 avail: 1638 rss: 228K releases: 0 last released: 0K region: 0x611000000000 18 ( 384): mapped: 384K allocs: 896 frees: 753 inuse: 143 num_freed_chunks 881 avail: 1024 rss: 88K releases: 0 last released: 0K region: 0x612000000000 19 ( 448): mapped: 960K allocs: 2176 frees: 1607 inuse: 569 num_freed_chunks 1625 avail: 2194 rss: 328K releases: 0 last released: 0K region: 0x613000000000 20 ( 512): mapped: 448K allocs: 896 frees: 731 inuse: 165 num_freed_chunks 731 avail: 896 rss: 80K releases: 0 last released: 0K region: 0x614000000000 21 ( 640): mapped: 192K allocs: 306 frees: 201 inuse: 105 num_freed_chunks 202 avail: 307 rss: 48K releases: 0 last released: 0K region: 0x615000000000 22 ( 768): mapped: 4800K allocs: 6460 frees: 628 inuse: 5832 num_freed_chunks 568 avail: 6400 rss: 4408K releases: 0 last released: 0K region: 0x616000000000 23 ( 896): mapped: 128K allocs: 146 frees: 71 inuse: 75 num_freed_chunks 71 avail: 146 rss: 48K releases: 0 last released: 0K region: 0x617000000000 24 ( 1024): mapped: 320K allocs: 320 frees: 250 inuse: 70 num_freed_chunks 250 avail: 320 rss: 40K releases: 0 last released: 0K region: 0x618000000000 25 ( 1280): mapped: 640K allocs: 510 frees: 296 inuse: 214 num_freed_chunks 298 avail: 512 rss: 264K releases: 0 last released: 0K region: 0x619000000000 26 ( 1536): mapped: 576K allocs: 378 frees: 273 inuse: 105 num_freed_chunks 279 avail: 384 rss: 184K releases: 0 last released: 0K region: 0x61a000000000 27 ( 1792): mapped: 320K allocs: 180 frees: 103 inuse: 77 num_freed_chunks 105 avail: 182 rss: 100K releases: 0 last released: 0K region: 0x61b000000000 28 ( 2048): mapped: 256K allocs: 128 frees: 93 inuse: 35 num_freed_chunks 93 avail: 128 rss: 44K releases: 0 last released: 0K region: 0x61c000000000 29 ( 2560): mapped: 1792K allocs: 750 frees: 145 inuse: 605 num_freed_chunks 111 avail: 716 rss: 1484K releases: 0 last released: 0K region: 0x61d000000000 30 ( 3072): mapped: 192K allocs: 84 frees: 40 inuse: 44 num_freed_chunks 20 avail: 64 rss: 96K releases: 0 last released: 0K region: 0x61e000000000 31 ( 3584): mapped: 64K allocs: 18 frees: 0 inuse: 18 num_freed_chunks 0 avail: 18 rss: 28K releases: 0 last released: 0K region: 0x61f000000000 32 ( 4096): mapped: 128K allocs: 32 frees: 15 inuse: 17 num_freed_chunks 15 avail: 32 rss: 8K releases: 0 last released: 0K region: 0x620000000000 33 ( 5120): mapped: 640K allocs: 120 frees: 43 inuse: 77 num_freed_chunks 51 avail: 128 rss: 372K releases: 0 last released: 0K region: 0x621000000000 34 ( 6144): mapped: 64K allocs: 10 frees: 0 inuse: 10 num_freed_chunks 0 avail: 10 rss: 44K releases: 0 last released: 0K region: 0x622000000000 35 ( 7168): mapped: 64K allocs: 9 frees: 0 inuse: 9 num_freed_chunks 0 avail: 9 rss: 16K releases: 0 last released: 0K region: 0x623000000000 36 ( 8192): mapped: 1024K allocs: 136 frees: 98 inuse: 38 num_freed_chunks 90 avail: 128 rss: 172K releases: 0 last released: 0K region: 0x624000000000 37 ( 10240): mapped: 320K allocs: 30 frees: 5 inuse: 25 num_freed_chunks 7 avail: 32 rss: 244K releases: 0 last released: 0K region: 0x625000000000 38 ( 12288): mapped: 64K allocs: 5 frees: 0 inuse: 5 num_freed_chunks 0 avail: 5 rss: 48K releases: 0 last released: 0K region: 0x626000000000 39 ( 14336): mapped: 64K allocs: 4 frees: 0 inuse: 4 num_freed_chunks 0 avail: 4 rss: 40K releases: 0 last released: 0K region: 0x627000000000 41 ( 20480): mapped: 960K allocs: 48 frees: 2 inuse: 46 num_freed_chunks 2 avail: 48 rss: 760K releases: 0 last released: 0K region: 0x629000000000 42 ( 24576): mapped: 256K allocs: 10 frees: 0 inuse: 10 num_freed_chunks 0 avail: 10 rss: 156K releases: 0 last released: 0K region: 0x62a000000000 43 ( 28672): mapped: 704K allocs: 24 frees: 5 inuse: 19 num_freed_chunks 6 avail: 25 rss: 496K releases: 0 last released: 0K region: 0x62b000000000 44 ( 32768): mapped: 448K allocs: 14 frees: 3 inuse: 11 num_freed_chunks 3 avail: 14 rss: 176K releases: 0 last released: 0K region: 0x62c000000000 45 ( 40960): mapped: 640K allocs: 16 frees: 0 inuse: 16 num_freed_chunks 0 avail: 16 rss: 300K releases: 0 last released: 0K region: 0x62d000000000 48 ( 65536): mapped: 128K allocs: 2 frees: 0 inuse: 2 num_freed_chunks 0 avail: 2 rss: 116K releases: 0 last released: 0K region: 0x630000000000 49 ( 81920): mapped: 192K allocs: 2 frees: 0 inuse: 2 num_freed_chunks 0 avail: 2 rss: 76K releases: 0 last released: 0K region: 0x631000000000 50 ( 98304): mapped: 320K allocs: 3 frees: 0 inuse: 3 num_freed_chunks 0 avail: 3 rss: 240K releases: 0 last released: 0K region: 0x632000000000 51 (114688): mapped: 128K allocs: 1 frees: 0 inuse: 1 num_freed_chunks 0 avail: 1 rss: 108K releases: 0 last released: 0K region: 0x633000000000 Stats: LargeMmapAllocator: allocated 26 times, remains 26 (67164 K) max 65 M; by size logs: 17:5; 18:8; 19:6; 21:3; 22:2; 24:2; Quarantine limits: global: 512Mb; thread local: 1024Kb Global quarantine stats: batches: 32; bytes: 76857935 (user: 76595791); chunks: 9632 (capacity: 32672); 29% chunks used; 0% memory overhead 2021-03-16 11:54:36 0 [Note] InnoDB: !!!!!!!! UNIV_DEBUG switched on !!!!!!!!! 2021-03-16 11:54:36 0 [Note] InnoDB: Compressed tables use zlib 1.2.11 2021-03-16 11:54:36 0 [Note] InnoDB: Number of pools: 1 2021-03-16 11:54:36 0 [Note] InnoDB: Using crc32 + pclmulqdq instructions 2021-03-16 11:54:36 0 [Note] mysqld: O_TMPFILE is not supported on /test/mtest/UBASAN_MD160321-mariadb-10.6.0-linux-x86_64-dbg/data (disabling future attempts) 2021-03-16 11:54:36 0 [Note] InnoDB: Using Linux native AIO 2021-03-16 11:54:36 0 [Note] InnoDB: Initializing buffer pool, total size = 134217728, chunk size = 134217728 2021-03-16 11:54:36 0 [Note] InnoDB: Completed initialization of buffer pool 2021-03-16 11:54:36 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority(). 2021-03-16 11:54:36 0 [Note] InnoDB: 128 rollback segments are active. 2021-03-16 11:54:36 0 [Note] InnoDB: Creating shared tablespace for temporary tables 2021-03-16 11:54:36 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ... 2021-03-16 11:54:36 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB. 2021-03-16 11:54:36 0 [Note] InnoDB: 10.6.0 started; log sequence number 43218; transaction id 18 2021-03-16 11:54:36 0 [Note] InnoDB: Loading buffer pool(s) from /test/mtest/UBASAN_MD160321-mariadb-10.6.0-linux-x86_64-dbg/data/ib_buffer_pool 2021-03-16 11:54:36 0 [Note] Plugin 'FEEDBACK' is disabled. 2021-03-16 11:54:36 0 [Note] Server socket created on IP: '0.0.0.0'. 2021-03-16 11:54:36 0 [Note] Server socket created on IP: '::'. 2021-03-16 11:54:36 0 [Note] InnoDB: Buffer pool(s) load completed at 210316 11:54:36 2021-03-16 11:54:36 0 [Note] Reading of all Master_info entries succeeded 2021-03-16 11:54:36 0 [Note] Added new Master_info '' to hash table 2021-03-16 11:54:36 0 [Note] /test/mtest/UBASAN_MD160321-mariadb-10.6.0-linux-x86_64-dbg/bin/mysqld: ready for connections. Version: '10.6.0-MariaDB-debug' socket: '/test/mtest/UBASAN_MD160321-mariadb-10.6.0-linux-x86_64-dbg/socket.sock' port: 14856 MariaDB Server ================================================================= ==2746434==ERROR: AddressSanitizer: heap-use-after-free on address 0x6340000208a8 at pc 0x55c0992376a5 bp 0x1492c20e8960 sp 0x1492c20e8950 READ of size 8 at 0x6340000208a8 thread T14 #0 0x55c0992376a4 in ha_heap::find_unique_row(unsigned char*, unsigned int) /test/mtest/10.6_dbg_san/storage/heap/ha_heap.cc:813 #1 0x55c096622e31 in select_unit_ext::send_data(List&) /test/mtest/10.6_dbg_san/sql/sql_union.cc:670 #2 0x55c0961f90d7 in select_result_sink::send_data_with_check(List&, st_select_lex_unit*, unsigned long long) /test/mtest/10.6_dbg_san/sql/sql_class.h:5554 #3 0x55c0961f90d7 in end_send /test/mtest/10.6_dbg_san/sql/sql_select.cc:21952 #4 0x55c09609e7f2 in evaluate_join_record /test/mtest/10.6_dbg_san/sql/sql_select.cc:20975 #5 0x55c09612df4d in sub_select(JOIN*, st_join_table*, bool) /test/mtest/10.6_dbg_san/sql/sql_select.cc:20752 #6 0x55c0962f08ab in do_select /test/mtest/10.6_dbg_san/sql/sql_select.cc:20299 #7 0x55c0962f08ab in JOIN::exec_inner() /test/mtest/10.6_dbg_san/sql/sql_select.cc:4477 #8 0x55c0962f214c in JOIN::exec() /test/mtest/10.6_dbg_san/sql/sql_select.cc:4257 #9 0x55c09663aca9 in st_select_lex_unit::exec() /test/mtest/10.6_dbg_san/sql/sql_union.cc:2235 #10 0x55c096664417 in mysql_union(THD*, LEX*, select_result*, st_select_lex_unit*, unsigned long) /test/mtest/10.6_dbg_san/sql/sql_union.cc:41 #11 0x55c0962e4236 in handle_select(THD*, LEX*, select_result*, unsigned long) /test/mtest/10.6_dbg_san/sql/sql_select.cc:407 #12 0x55c095efa791 in execute_sqlcom_select /test/mtest/10.6_dbg_san/sql/sql_parse.cc:6230 #13 0x55c095f5bec5 in mysql_execute_command(THD*) /test/mtest/10.6_dbg_san/sql/sql_parse.cc:3926 #14 0x55c095ec0bd3 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/mtest/10.6_dbg_san/sql/sql_parse.cc:7998 #15 0x55c095f36a31 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/mtest/10.6_dbg_san/sql/sql_parse.cc:1886 #16 0x55c095f4c419 in do_command(THD*, bool) /test/mtest/10.6_dbg_san/sql/sql_parse.cc:1397 #17 0x55c0969226ef in do_handle_one_connection(CONNECT*, bool) /test/mtest/10.6_dbg_san/sql/sql_connect.cc:1410 #18 0x55c09692558d in handle_one_connection /test/mtest/10.6_dbg_san/sql/sql_connect.cc:1312 #19 0x55c098e0518d in pfs_spawn_thread /test/mtest/10.6_dbg_san/storage/perfschema/pfs.cc:2201 #20 0x1492e4fd5608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477 #21 0x1492e4129292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292) 0x6340000208a8 is located 168 bytes inside of 127124-byte region [0x634000020800,0x63400003f894) freed by thread T14 here: #0 0x55c0956b01df in __interceptor_free (/test/mtest/UBASAN_MD160321-mariadb-10.6.0-linux-x86_64-dbg/bin/mariadbd+0x7bf11df) #1 0x55c09a4f8e87 in free_memory /test/mtest/10.6_dbg_san/mysys/safemalloc.c:280 #2 0x55c09a4f9867 in sf_free /test/mtest/10.6_dbg_san/mysys/safemalloc.c:198 #3 0x55c09a4b9cce in my_free /test/mtest/10.6_dbg_san/mysys/my_malloc.c:211 #4 0x55c0992589c7 in hp_free_level /test/mtest/10.6_dbg_san/storage/heap/hp_block.c:151 #5 0x55c099258c98 in hp_clear_keys /test/mtest/10.6_dbg_san/storage/heap/hp_clear.c:100 #6 0x55c099259513 in heap_disable_indexes /test/mtest/10.6_dbg_san/storage/heap/hp_clear.c:131 #7 0x55c09923a9d7 in ha_heap::disable_indexes(unsigned int) /test/mtest/10.6_dbg_san/storage/heap/ha_heap.cc:468 #8 0x55c09752eece in handler::ha_disable_indexes(unsigned int) /test/mtest/10.6_dbg_san/sql/handler.cc:4791 #9 0x55c09661a15e in select_unit_ext::disable_index_if_needed(st_select_lex*) /test/mtest/10.6_dbg_san/sql/sql_union.cc:465 #10 0x55c096624b39 in select_unit_ext::send_eof() /test/mtest/10.6_dbg_san/sql/sql_union.cc:752 #11 0x55c0962f1294 in do_select /test/mtest/10.6_dbg_san/sql/sql_select.cc:20354 #12 0x55c0962f1294 in JOIN::exec_inner() /test/mtest/10.6_dbg_san/sql/sql_select.cc:4477 #13 0x55c0962f214c in JOIN::exec() /test/mtest/10.6_dbg_san/sql/sql_select.cc:4257 #14 0x55c09663aca9 in st_select_lex_unit::exec() /test/mtest/10.6_dbg_san/sql/sql_union.cc:2235 #15 0x55c096664417 in mysql_union(THD*, LEX*, select_result*, st_select_lex_unit*, unsigned long) /test/mtest/10.6_dbg_san/sql/sql_union.cc:41 #16 0x55c0962e4236 in handle_select(THD*, LEX*, select_result*, unsigned long) /test/mtest/10.6_dbg_san/sql/sql_select.cc:407 #17 0x55c095efa791 in execute_sqlcom_select /test/mtest/10.6_dbg_san/sql/sql_parse.cc:6230 #18 0x55c095f5bec5 in mysql_execute_command(THD*) /test/mtest/10.6_dbg_san/sql/sql_parse.cc:3926 #19 0x55c095ec0bd3 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/mtest/10.6_dbg_san/sql/sql_parse.cc:7998 #20 0x55c095f36a31 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/mtest/10.6_dbg_san/sql/sql_parse.cc:1886 #21 0x55c095f4c419 in do_command(THD*, bool) /test/mtest/10.6_dbg_san/sql/sql_parse.cc:1397 #22 0x55c0969226ef in do_handle_one_connection(CONNECT*, bool) /test/mtest/10.6_dbg_san/sql/sql_connect.cc:1410 #23 0x55c09692558d in handle_one_connection /test/mtest/10.6_dbg_san/sql/sql_connect.cc:1312 #24 0x55c098e0518d in pfs_spawn_thread /test/mtest/10.6_dbg_san/storage/perfschema/pfs.cc:2201 #25 0x1492e4fd5608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477 previously allocated by thread T14 here: #0 0x55c0956b05d8 in malloc (/test/mtest/UBASAN_MD160321-mariadb-10.6.0-linux-x86_64-dbg/bin/mariadbd+0x7bf15d8) #1 0x55c09a4f90a3 in sf_malloc /test/mtest/10.6_dbg_san/mysys/safemalloc.c:121 #2 0x55c09a4b95ad in my_malloc /test/mtest/10.6_dbg_san/mysys/my_malloc.c:90 #3 0x55c099258017 in hp_get_new_block /test/mtest/10.6_dbg_san/storage/heap/hp_block.c:81 #4 0x55c0992551d5 in hp_find_free_hash /test/mtest/10.6_dbg_san/storage/heap/hp_write.c:409 #5 0x55c0992551d5 in hp_write_key /test/mtest/10.6_dbg_san/storage/heap/hp_write.c:212 #6 0x55c099253a18 in heap_write /test/mtest/10.6_dbg_san/storage/heap/hp_write.c:52 #7 0x55c09922fb79 in ha_heap::write_row(unsigned char const*) /test/mtest/10.6_dbg_san/storage/heap/ha_heap.cc:239 #8 0x55c096618d9b in handler::ha_write_tmp_row(unsigned char*) /test/mtest/10.6_dbg_san/sql/sql_class.h:7259 #9 0x55c096618d9b in select_unit::write_record() /test/mtest/10.6_dbg_san/sql/sql_union.cc:395 #10 0x55c096621c35 in select_unit_ext::send_data(List&) /test/mtest/10.6_dbg_san/sql/sql_union.cc:640 #11 0x55c0961f90d7 in select_result_sink::send_data_with_check(List&, st_select_lex_unit*, unsigned long long) /test/mtest/10.6_dbg_san/sql/sql_class.h:5554 #12 0x55c0961f90d7 in end_send /test/mtest/10.6_dbg_san/sql/sql_select.cc:21952 #13 0x55c09609e7f2 in evaluate_join_record /test/mtest/10.6_dbg_san/sql/sql_select.cc:20975 #14 0x55c09612df4d in sub_select(JOIN*, st_join_table*, bool) /test/mtest/10.6_dbg_san/sql/sql_select.cc:20752 #15 0x55c0962f08ab in do_select /test/mtest/10.6_dbg_san/sql/sql_select.cc:20299 #16 0x55c0962f08ab in JOIN::exec_inner() /test/mtest/10.6_dbg_san/sql/sql_select.cc:4477 #17 0x55c0962f214c in JOIN::exec() /test/mtest/10.6_dbg_san/sql/sql_select.cc:4257 #18 0x55c09663aca9 in st_select_lex_unit::exec() /test/mtest/10.6_dbg_san/sql/sql_union.cc:2235 #19 0x55c096664417 in mysql_union(THD*, LEX*, select_result*, st_select_lex_unit*, unsigned long) /test/mtest/10.6_dbg_san/sql/sql_union.cc:41 #20 0x55c0962e4236 in handle_select(THD*, LEX*, select_result*, unsigned long) /test/mtest/10.6_dbg_san/sql/sql_select.cc:407 #21 0x55c095efa791 in execute_sqlcom_select /test/mtest/10.6_dbg_san/sql/sql_parse.cc:6230 #22 0x55c095f5bec5 in mysql_execute_command(THD*) /test/mtest/10.6_dbg_san/sql/sql_parse.cc:3926 #23 0x55c095ec0bd3 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/mtest/10.6_dbg_san/sql/sql_parse.cc:7998 #24 0x55c095f36a31 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/mtest/10.6_dbg_san/sql/sql_parse.cc:1886 #25 0x55c095f4c419 in do_command(THD*, bool) /test/mtest/10.6_dbg_san/sql/sql_parse.cc:1397 #26 0x55c0969226ef in do_handle_one_connection(CONNECT*, bool) /test/mtest/10.6_dbg_san/sql/sql_connect.cc:1410 #27 0x55c09692558d in handle_one_connection /test/mtest/10.6_dbg_san/sql/sql_connect.cc:1312 #28 0x55c098e0518d in pfs_spawn_thread /test/mtest/10.6_dbg_san/storage/perfschema/pfs.cc:2201 #29 0x1492e4fd5608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477 Thread T14 created by T0 here: #0 0x55c0955dd245 in __interceptor_pthread_create (/test/mtest/UBASAN_MD160321-mariadb-10.6.0-linux-x86_64-dbg/bin/mariadbd+0x7b1e245) #1 0x55c098e15ca5 in my_thread_create /test/mtest/10.6_dbg_san/storage/perfschema/my_thread.h:38 #2 0x55c098e15ca5 in pfs_spawn_thread_v1 /test/mtest/10.6_dbg_san/storage/perfschema/pfs.cc:2252 #3 0x55c095708fa0 in inline_mysql_thread_create /test/mtest/10.6_dbg_san/include/mysql/psi/mysql_thread.h:1139 #4 0x55c095708fa0 in create_thread_to_handle_connection(CONNECT*) /test/mtest/10.6_dbg_san/sql/mysqld.cc:5780 #5 0x55c09571c8c3 in create_new_thread(CONNECT*) /test/mtest/10.6_dbg_san/sql/mysqld.cc:5839 #6 0x55c09571d03c in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /test/mtest/10.6_dbg_san/sql/mysqld.cc:5901 #7 0x55c09571eb42 in handle_connections_sockets() /test/mtest/10.6_dbg_san/sql/mysqld.cc:6023 #8 0x55c095722c28 in mysqld_main(int, char**) /test/mtest/10.6_dbg_san/sql/mysqld.cc:5675 #9 0x55c0956f1b8a in main /test/mtest/10.6_dbg_san/sql/main.cc:25 #10 0x1492e402e0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) SUMMARY: AddressSanitizer: heap-use-after-free /test/mtest/10.6_dbg_san/storage/heap/ha_heap.cc:813 in ha_heap::find_unique_row(unsigned char*, unsigned int) Shadow bytes around the buggy address: 0x0c687fffc0c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c687fffc0d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c687fffc0e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c687fffc0f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c687fffc100: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x0c687fffc110: fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd 0x0c687fffc120: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c687fffc130: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c687fffc140: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c687fffc150: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c687fffc160: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==2746434==ABORTING 210316 11:54:54 [ERROR] mysqld got signal 6 ; This could be because you hit a bug. It is also possible that this binary or one of the libraries it was linked against is corrupt, improperly built, or misconfigured. This error can also be caused by malfunctioning hardware. To report this bug, see https://mariadb.com/kb/en/reporting-bugs We will try our best to scrape up some info that will hopefully help diagnose the problem, but since we have already crashed, something is definitely wrong and this may fail. Server version: 10.6.0-MariaDB-debug key_buffer_size=134217728 read_buffer_size=131072 max_used_connections=1 max_threads=153 thread_count=1 It is possible that mysqld could use up to key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 468024 K bytes of memory Hope that's ok; if not, decrease some variables in the equation. Thread pointer: 0x62b00009a288 Attempting backtrace. You can use the following information to find out where mysqld died. If you see no messages after this, something went terribly wrong... stack_bottom = 0x1492c20ec890 thread_stack 0x5fc00 asan_interceptors.o:0(__interceptor_backtrace.part.0)[0x55c09560f770] mysys/stacktrace.c:212(my_print_stacktrace)[0x55c09a4cd3c6] sql/signal_handler.cc:209(handle_fatal_signal)[0x55c0974c6f5d] sigaction.c:0(__restore_rt)[0x1492e4fe13c0] linux/raise.c:51(__GI_raise)[0x1492e404d18b] stdlib/abort.c:81(__GI_abort)[0x1492e402c859] :0(__sanitizer::Abort())[0x55c0956ce0c2] :0(__sanitizer::Die())[0x55c0956d8c6c] :0(__asan::ScopedInErrorReport::~ScopedInErrorReport())[0x55c0956ba2fc] :0(__asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool))[0x55c0956b9d73] ??:0(__asan_report_load8)[0x55c0956babbb] heap/ha_heap.cc:813(ha_heap::find_unique_row(unsigned char*, unsigned int))[0x55c0992376a5] sql/sql_union.cc:670(select_unit_ext::send_data(List&))[0x55c096622e32] sql/sql_class.h:5554(select_result_sink::send_data_with_check(List&, st_select_lex_unit*, unsigned long long))[0x55c0961f90d8] sql/sql_select.cc:20975(evaluate_join_record(JOIN*, st_join_table*, int))[0x55c09609e7f3] sql/sql_select.cc:20752(sub_select(JOIN*, st_join_table*, bool))[0x55c09612df4e] sql/sql_select.cc:20299(JOIN::exec_inner())[0x55c0962f08ac] sql/sql_select.cc:4258(JOIN::exec())[0x55c0962f214d] sql/sql_union.cc:2235(st_select_lex_unit::exec())[0x55c09663acaa] sql/sql_union.cc:41(mysql_union(THD*, LEX*, select_result*, st_select_lex_unit*, unsigned long))[0x55c096664418] sql/sql_select.cc:407(handle_select(THD*, LEX*, select_result*, unsigned long))[0x55c0962e4237] sql/sql_parse.cc:6230(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55c095efa792] sql/sql_parse.cc:3926(mysql_execute_command(THD*))[0x55c095f5bec6] sql/sql_parse.cc:7998(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x55c095ec0bd4] sql/sql_parse.cc:1886(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x55c095f36a32] sql/sql_parse.cc:1397(do_command(THD*, bool))[0x55c095f4c41a] sql/sql_connect.cc:1410(do_handle_one_connection(CONNECT*, bool))[0x55c0969226f0] sql/sql_connect.cc:1312(handle_one_connection)[0x55c09692558e] perfschema/pfs.cc:2204(pfs_spawn_thread)[0x55c098e0518e] nptl/pthread_create.c:478(start_thread)[0x1492e4fd5609] x86_64/clone.S:97(__GI___clone)[0x1492e4129293] Trying to get some variables. Some pointers may be invalid and cause the dump to abort. Query (0x62b0000a12a8): SELECT * FROM t UNION SELECT * FROM t INTERSECT ALL SELECT * FROM t Connection ID (thread ID): 4 Status: NOT_KILLED Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off The manual page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mysqld/ contains information that should help you find out what is causing the crash. Writing a core file... Working directory at /test/mtest/UBASAN_MD160321-mariadb-10.6.0-linux-x86_64-dbg/data Resource Limits: Limit Soft Limit Hard Limit Units Max cpu time unlimited unlimited seconds Max file size unlimited unlimited bytes Max data size unlimited unlimited bytes Max stack size unlimited unlimited bytes Max core file size 0 0 bytes Max resident set unlimited unlimited bytes Max processes unlimited unlimited processes Max open files 1048576 1048576 files Max locked memory unlimited unlimited bytes Max address space unlimited unlimited bytes Max file locks unlimited unlimited locks Max pending signals unlimited unlimited signals Max msgqueue size unlimited unlimited bytes Max nice priority 0 0 Max realtime priority 0 0 Max realtime timeout unlimited unlimited us Core pattern: |/usr/share/apport/apport %p %s %c %d %P %E ramesh@galapq:/test$