2022-05-12 10:58:02 0 [Note] InnoDB: Using Linux native AIO 2022-05-12 10:58:02 0 [Note] InnoDB: !!!!!!!! UNIV_DEBUG switched on !!!!!!!!! 2022-05-12 10:58:02 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins 2022-05-12 10:58:02 0 [Note] InnoDB: Uses event mutexes 2022-05-12 10:58:02 0 [Note] InnoDB: Compressed tables use zlib 1.2.11 2022-05-12 10:58:02 0 [Note] InnoDB: Number of pools: 1 2022-05-12 10:58:02 0 [Note] InnoDB: Using SSE2 crc32 instructions 2022-05-12 10:58:02 0 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M 2022-05-12 10:58:02 0 [Note] InnoDB: Completed initialization of buffer pool 2022-05-12 10:58:02 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority(). 2022-05-12 10:58:02 0 [Note] InnoDB: Starting crash recovery from checkpoint LSN=3685050 2022-05-12 10:58:02 0 [Note] InnoDB: Starting final batch to recover 15 pages from redo log. 2022-05-12 10:58:03 0 [Note] InnoDB: 128 out of 128 rollback segments are active. 2022-05-12 10:58:03 0 [Note] InnoDB: Removed temporary tablespace data file: "ibtmp1" 2022-05-12 10:58:03 0 [Note] InnoDB: Creating shared tablespace for temporary tables 2022-05-12 10:58:03 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ... 2022-05-12 10:58:03 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB. 2022-05-12 10:58:03 0 [Note] InnoDB: 10.3.35 started; log sequence number 3693007; transaction id 6329 2022-05-12 10:58:03 0 [Note] InnoDB: Loading buffer pool(s) from /usr/local/mysql/data/ib_buffer_pool 2022-05-12 10:58:03 0 [Note] Plugin 'FEEDBACK' is disabled. 2022-05-12 10:58:03 0 [Note] Recovering after a crash using tc.log 2022-05-12 10:58:03 0 [Note] Starting crash recovery... 2022-05-12 10:58:03 0 [Note] InnoDB: Buffer pool(s) load completed at 220512 10:58:03 2022-05-12 10:58:03 0 [Note] Crash recovery finished. 2022-05-12 10:58:03 0 [Note] Server socket created on IP: '::'. 2022-05-12 10:58:03 0 [Note] Reading of all Master_info entries succeeded 2022-05-12 10:58:03 0 [Note] Added new Master_info '' to hash table 2022-05-12 10:58:03 0 [Note] /usr/local/mysql/bin/mysqld: ready for connections. Version: '10.3.35-MariaDB-debug' socket: '/tmp/mysql.sock' port: 3306 Source distribution ASAN:DEADLYSIGNAL ================================================================= ==32554==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000308 (pc 0x561a9bb8edfe bp 0x7ffc8afb0a60 sp 0x7ffc8afb0990 T0) ==32554==The signal is caused by a READ memory access. ==32554==Hint: address points to the zero page. #0 0x561a9bb8edfd in Item_subselect::get_cache_parameters(List&) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/item_subselect.cc:812 #1 0x561a9ba30e88 in Item_in_optimizer::get_cache_parameters(List&) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/item_cmpfunc.cc:1457 #2 0x561a9b9f6f26 in Item_cache_wrapper::init_on_demand() /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/item.cc:8737 #3 0x561a9b9f7d7d in Item_cache_wrapper::check_cache() /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/item.cc:8862 #4 0x561a9b9f828c in Item_cache_wrapper::save_val(Field*) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/item.cc:8898 #5 0x561a9ba11ccf in Item_cache_wrapper::save_in_result_field(bool) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/item.h:5257 #6 0x561a9b32325c in copy_funcs(Item**, THD const*) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_select.cc:24979 #7 0x561a9b307580 in end_write /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_select.cc:21302 #8 0x561a9b33b867 in AGGR_OP::put_record(bool) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_select.cc:27987 #9 0x561a9b34809c in AGGR_OP::put_record() (/usr/local/mysql/bin/mysqld+0x128d09c) #10 0x561a9b2f974e in sub_select_postjoin_aggr(JOIN*, st_join_table*, bool) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_select.cc:19606 #11 0x561a9b2fc440 in evaluate_join_record /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_select.cc:20111 #12 0x561a9b2fab84 in sub_select(JOIN*, st_join_table*, bool) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_select.cc:19884 #13 0x561a9b2f855e in do_select /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_select.cc:19422 #14 0x561a9b287241 in JOIN::exec_inner() /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_select.cc:4151 #15 0x561a9b284bcb in JOIN::exec() /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_select.cc:3945 #16 0x561a9bbb3b10 in subselect_single_select_engine::exec() /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/item_subselect.cc:4023 #17 0x561a9bb8e8e7 in Item_subselect::exec() /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/item_subselect.cc:791 #18 0x561a9bb98de0 in Item_exists_subselect::val_int() /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/item_subselect.cc:1729 #19 0x561a9ba3131e in Item_in_optimizer::val_int() /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/item_cmpfunc.cc:1541 #20 0x561a9b286319 in JOIN::exec_inner() /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_select.cc:4054 #21 0x561a9b284bcb in JOIN::exec() /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_select.cc:3945 #22 0x561a9b288683 in mysql_select(THD*, TABLE_LIST*, unsigned int, List&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_select.cc:4354 #23 0x561a9b25e585 in handle_select(THD*, LEX*, select_result*, unsigned long) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_select.cc:372 #24 0x561a9b1c91a3 in execute_sqlcom_select /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_parse.cc:6339 #25 0x561a9b1b717e in mysql_execute_command(THD*) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_parse.cc:3870 #26 0x561a9b1d3414 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_parse.cc:7870 #27 0x561a9b1aa319 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_parse.cc:1941 #28 0x561a9b1a6168 in do_command(THD*) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_parse.cc:1398 #29 0x561a9b5a356a in do_handle_one_connection(CONNECT*) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/sql_connect.cc:1403 #30 0x561a9aece71e in handle_connection_in_main_thread(CONNECT*) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/mysqld.cc:6631 #31 0x561a9aecf1de in create_new_thread /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/mysqld.cc:6738 #32 0x561a9aed03a1 in handle_connections_sockets() /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/mysqld.cc:6996 #33 0x561a9aecdd45 in mysqld_main(int, char**) /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/mysqld.cc:6290 #34 0x561a9aeb3a79 in main /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/main.cc:25 #35 0x7efc5a39ec86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) #36 0x561a9aeb3979 in _start (/usr/local/mysql/bin/mysqld+0xdf8979) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/wsh/test/database_fuzz/test_MariaDB/server_10.3/sql/item_subselect.cc:812 in Item_subselect::get_cache_parameters(List&) ==32554==ABORTING