2022-05-08 17:05:09 0 [Note] InnoDB: Using Linux native AIO
2022-05-08 17:05:09 0 [Note] InnoDB: !!!!!!!! UNIV_DEBUG switched on !!!!!!!!!
2022-05-08 17:05:09 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2022-05-08 17:05:09 0 [Note] InnoDB: Uses event mutexes
2022-05-08 17:05:09 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2022-05-08 17:05:09 0 [Note] InnoDB: Number of pools: 1
2022-05-08 17:05:09 0 [Note] InnoDB: Using SSE2 crc32 instructions
2022-05-08 17:05:10 0 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
2022-05-08 17:05:10 0 [Note] InnoDB: Completed initialization of buffer pool
2022-05-08 17:05:10 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
2022-05-08 17:05:10 0 [Note] InnoDB: Starting crash recovery from checkpoint LSN=8137215257
2022-05-08 17:05:10 0 [Note] InnoDB: Starting final batch to recover 14 pages from redo log.
2022-05-08 17:05:10 0 [Note] InnoDB: 128 out of 128 rollback segments are active.
2022-05-08 17:05:10 0 [Note] InnoDB: Removed temporary tablespace data file: "ibtmp1"
2022-05-08 17:05:10 0 [Note] InnoDB: Creating shared tablespace for temporary tables
2022-05-08 17:05:10 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
2022-05-08 17:05:10 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
2022-05-08 17:05:10 0 [Note] InnoDB: Waiting for purge to start
2022-05-08 17:05:10 0 [Note] InnoDB: 10.3.35 started; log sequence number 8137223368; transaction id 23604607
2022-05-08 17:05:10 0 [Note] InnoDB: Loading buffer pool(s) from /usr/local/mysql/data/ib_buffer_pool
2022-05-08 17:05:10 0 [Note] InnoDB: Buffer pool(s) load completed at 220508 17:05:10
2022-05-08 17:05:10 0 [Note] Plugin 'FEEDBACK' is disabled.
2022-05-08 17:05:10 0 [Note] Recovering after a crash using tc.log
2022-05-08 17:05:10 0 [Note] Starting crash recovery...
2022-05-08 17:05:10 0 [Note] Crash recovery finished.
2022-05-08 17:05:10 0 [Note] Server socket created on IP: '::'.
2022-05-08 17:05:10 0 [Note] Reading of all Master_info entries succeeded
2022-05-08 17:05:10 0 [Note] Added new Master_info '' to hash table
2022-05-08 17:05:10 0 [Note] /usr/local/mysql/bin/mysqld: ready for connections.
Version: '10.3.35-MariaDB-debug'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution
ASAN:DEADLYSIGNAL
=================================================================
==26033==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000ac (pc 0x555556e765de bp 0x7fffffff87a0 sp 0x7fffffff8700 T0)
==26033==The signal is caused by a READ memory access.
==26033==Hint: address points to the zero page.
    #0 0x555556e765dd in Item_field::fix_outer_field(THD*, Field**, Item**) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/item.cc:5866
    #1 0x555556e7a145 in Item_field::fix_fields(THD*, Item**) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/item.cc:6283
    #2 0x5555563c34de in Item::fix_fields_if_needed(THD*, Item**) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/item.h:829
    #3 0x555556f476e4 in Item_func::fix_fields(THD*, Item**) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/item_func.cc:352
    #4 0x5555563c34de in Item::fix_fields_if_needed(THD*, Item**) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/item.h:829
    #5 0x5555563c350c in Item::fix_fields_if_needed_for_scalar(THD*, Item**) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/item.h:833
    #6 0x5555567d9924 in Item::fix_fields_if_needed_for_order_by(THD*, Item**) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/item.h:841
    #7 0x5555567b23c8 in find_order_in_list /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_select.cc:23710
    #8 0x5555567b28b7 in setup_order(THD*, Bounds_checked_array<Item*>, TABLE_LIST*, List<Item>&, List<Item>&, st_order*, bool) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_select.cc:23757
    #9 0x5555566f99eb in setup_without_group /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_select.cc:676
    #10 0x5555566ff752 in JOIN::prepare(TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_select.cc:1157
    #11 0x555556908554 in st_select_lex_unit::prepare(TABLE_LIST*, select_result*, unsigned long) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_union.cc:1331
    #12 0x555556bc5c59 in With_element::prepare_unreferenced(THD*) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_cte.cc:1255
    #13 0x555556bc4209 in With_clause::prepare_unreferenced_elements(THD*) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_cte.cc:932
    #14 0x5555567008b4 in JOIN::prepare(TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_select.cc:1246
    #15 0x555556901806 in st_select_lex_unit::prepare_join(THD*, st_select_lex*, select_result*, unsigned long, bool) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_union.cc:647
    #16 0x55555690502c in st_select_lex_unit::prepare(TABLE_LIST*, select_result*, unsigned long) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_union.cc:993
    #17 0x555556586ccc in mysql_derived_prepare(THD*, LEX*, TABLE_LIST*) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_derived.cc:793
    #18 0x5555565832b3 in mysql_handle_single_derived(LEX*, TABLE_LIST*, unsigned int) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_derived.cc:193
    #19 0x55555698df86 in TABLE_LIST::handle_derived(LEX*, unsigned int) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/table.cc:8535
    #20 0x5555565cc30b in LEX::handle_list_of_derived(TABLE_LIST*, unsigned int) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_lex.h:4041
    #21 0x5555565edfb0 in st_select_lex::handle_derived(LEX*, unsigned int) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_lex.cc:4197
    #22 0x5555566fe363 in JOIN::prepare(TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_select.cc:1066
    #23 0x555556901806 in st_select_lex_unit::prepare_join(THD*, st_select_lex*, select_result*, unsigned long, bool) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_union.cc:647
    #24 0x55555690502c in st_select_lex_unit::prepare(TABLE_LIST*, select_result*, unsigned long) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_union.cc:993
    #25 0x555556935915 in mysql_create_view(THD*, TABLE_LIST*, enum_view_create_mode) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_view.cc:539
    #26 0x55555665ebfe in mysql_execute_command(THD*) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_parse.cc:5898
    #27 0x55555666c414 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_parse.cc:7870
    #28 0x555556643319 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_parse.cc:1941
    #29 0x55555663f168 in do_command(THD*) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_parse.cc:1398
    #30 0x555556a3c56a in do_handle_one_connection(CONNECT*) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_connect.cc:1403
    #31 0x55555636771e in handle_connection_in_main_thread(CONNECT*) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/mysqld.cc:6631
    #32 0x5555563681de in create_new_thread /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/mysqld.cc:6738
    #33 0x5555563693a1 in handle_connections_sockets() /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/mysqld.cc:6996
    #34 0x555556366d45 in mysqld_main(int, char**) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/mysqld.cc:6290
    #35 0x55555634ca79 in main /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/main.cc:25
    #36 0x7ffff3d35c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
    #37 0x55555634c979 in _start (/usr/local/mysql/bin/mysqld+0xdf8979)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/item.cc:5866 in Item_field::fix_outer_field(THD*, Field**, Item**)
==26033==ABORTING