2022-07-28 15:33:19 0 [Note] InnoDB: !!!!!!!! UNIV_DEBUG switched on !!!!!!!!! 2022-07-28 15:33:19 0 [Note] InnoDB: Compressed tables use zlib 1.2.11 2022-07-28 15:33:19 0 [Note] InnoDB: Number of transaction pools: 1 2022-07-28 15:33:19 0 [Note] InnoDB: Using crc32 + pclmulqdq instructions 2022-07-28 15:33:19 0 [Note] InnoDB: Initializing buffer pool, total size = 128.000MiB, chunk size = 2.000MiB 2022-07-28 15:33:19 0 [Note] InnoDB: Completed initialization of buffer pool 2022-07-28 15:33:19 0 [Note] InnoDB: File system buffers for log disabled (block size=512 bytes) 2022-07-28 15:33:19 0 [Note] InnoDB: Starting crash recovery from checkpoint LSN=21049945400 2022-07-28 15:33:19 0 [Note] InnoDB: Starting final batch to recover 245 pages from redo log. 2022-07-28 15:33:19 0 [Note] InnoDB: 128 rollback segments are active. 2022-07-28 15:33:19 0 [Note] InnoDB: Removed temporary tablespace data file: "./ibtmp1" 2022-07-28 15:33:19 0 [Note] InnoDB: Setting file './ibtmp1' size to 12.000MiB. Physically writing the file full; Please wait ... 2022-07-28 15:33:19 0 [Note] InnoDB: File './ibtmp1' size is now 12.000MiB. 2022-07-28 15:33:19 0 [Note] InnoDB: log sequence number 21054968325; transaction id 32653746 2022-07-28 15:33:19 0 [Note] InnoDB: Loading buffer pool(s) from /usr/local/mysql/data/ib_buffer_pool 2022-07-28 15:33:19 0 [Note] Plugin 'FEEDBACK' is disabled. 2022-07-28 15:33:19 0 [Note] InnoDB: Buffer pool(s) load completed at 220728 15:33:19 2022-07-28 15:33:19 0 [Note] Server socket created on IP: '0.0.0.0'. 2022-07-28 15:33:19 0 [Note] Server socket created on IP: '::'. 2022-07-28 15:33:19 0 [Note] /usr/local/mysql/bin/mysqld: ready for connections. Version: '10.10.0-MariaDB-debug' socket: '/tmp/mysql.sock' port: 3306 Source distribution ================================================================= ==2044==ERROR: AddressSanitizer: heap-use-after-free on address 0x61a0000d58e8 at pc 0x555556ede3db bp 0x7fffffff6900 sp 0x7fffffff68f0 READ of size 8 at 0x61a0000d58e8 thread T0 #0 0x555556ede3da in Field::is_null(long long) const /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/field.h:1389 #1 0x555557b30d50 in save_field_in_field /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item.cc:6684 #2 0x555557b31621 in Item_field::save_in_field(Field*, bool) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item.cc:6749 #3 0x55555706649f in fill_record(THD*, TABLE*, Field**, List&, bool, bool) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_base.cc:9123 #4 0x555557516fd9 in select_unit::send_data(List&) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_union.cc:119 #5 0x5555570bebbe in select_materialize_with_stats::send_data(List&) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_class.cc:4304 #6 0x5555573cc76a in select_result_sink::send_data_with_check(List&, st_select_lex_unit*, unsigned long long) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_class.h:5697 #7 0x555557388554 in end_send /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:22516 #8 0x5555573805dd in evaluate_join_record /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:21508 #9 0x55555737f526 in sub_select(JOIN*, st_join_table*, bool) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:21317 #10 0x55555737cee9 in do_select /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:20823 #11 0x555557309314 in JOIN::exec_inner() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:4787 #12 0x555557306849 in JOIN::exec() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:4565 #13 0x555557d512d6 in subselect_hash_sj_engine::exec() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_subselect.cc:5712 #14 0x555557d22c84 in Item_subselect::exec() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_subselect.cc:854 #15 0x555557d2423a in Item_in_subselect::exec() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_subselect.cc:1036 #16 0x555557d2ece8 in Item_in_subselect::val_bool() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_subselect.cc:1989 #17 0x555556e562e1 in Item::val_bool_result() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item.h:1783 #18 0x555557b7b927 in Item_in_optimizer::val_int() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_cmpfunc.cc:1637 #19 0x555556e56191 in Item::val_int_result() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item.h:1779 #20 0x555557b4ea87 in Item_cache_int::cache_value() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item.cc:10125 #21 0x555557b62e78 in Item_cache_wrapper::cache() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item.cc:8881 #22 0x555557b44975 in Item_cache_wrapper::val_real() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item.cc:8962 #23 0x555557b72871 in Arg_comparator::compare_real() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_cmpfunc.cc:834 #24 0x555557bb3e2f in Arg_comparator::compare() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_cmpfunc.h:103 #25 0x555557b7d520 in Item_func_eq::val_int() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_cmpfunc.cc:1762 #26 0x555557bf55af in Item_int_func::val_real() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_func.cc:750 #27 0x555557b41330 in Item_direct_ref::val_real() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item.cc:8638 #28 0x555557b72871 in Arg_comparator::compare_real() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_cmpfunc.cc:834 #29 0x555557bb3e2f in Arg_comparator::compare() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_cmpfunc.h:103 #30 0x555557b7d520 in Item_func_eq::val_int() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_cmpfunc.cc:1762 #31 0x5555578532e1 in Type_handler_int_result::Item_val_bool(Item*) const /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_type.cc:5100 #32 0x555556e55e29 in Item::val_bool() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item.h:1687 #33 0x555557b9e05b in Item_cond_or::val_int() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_cmpfunc.cc:5435 #34 0x55555737fbd8 in evaluate_join_record /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:21376 #35 0x55555737eeb5 in sub_select(JOIN*, st_join_table*, bool) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:21278 #36 0x55555737cee9 in do_select /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:20823 #37 0x555557309314 in JOIN::exec_inner() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:4787 #38 0x555557306849 in JOIN::exec() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:4565 #39 0x555557d467ad in subselect_single_select_engine::exec() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_subselect.cc:4144 #40 0x555557d22c84 in Item_subselect::exec() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_subselect.cc:854 #41 0x555557d2423a in Item_in_subselect::exec() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_subselect.cc:1036 #42 0x555557d2ece8 in Item_in_subselect::val_bool() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_subselect.cc:1989 #43 0x555556e562e1 in Item::val_bool_result() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item.h:1783 #44 0x555557b7b927 in Item_in_optimizer::val_int() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_cmpfunc.cc:1637 #45 0x555556e56191 in Item::val_int_result() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item.h:1779 #46 0x555557b4ea87 in Item_cache_int::cache_value() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item.cc:10125 #47 0x555557b62e78 in Item_cache_wrapper::cache() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item.cc:8881 #48 0x555557b461c3 in Item_cache_wrapper::val_bool() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item.cc:9067 #49 0x555557b6aa6c in Item_func_not::val_int() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_cmpfunc.cc:202 #50 0x55555737fbd8 in evaluate_join_record /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:21376 #51 0x55555737eeb5 in sub_select(JOIN*, st_join_table*, bool) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:21278 #52 0x55555737cee9 in do_select /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:20823 #53 0x555557309314 in JOIN::exec_inner() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:4787 #54 0x555557306849 in JOIN::exec() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:4565 #55 0x555557d467ad in subselect_single_select_engine::exec() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_subselect.cc:4144 #56 0x555557d22c84 in Item_subselect::exec() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_subselect.cc:854 #57 0x555557d28a60 in Item_singlerow_subselect::val_int() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_subselect.cc:1504 #58 0x555557bfbd06 in Item_func_mul::int_op() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_func.cc:1377 #59 0x555557881ef5 in Item_func_hybrid_field_type::val_int_from_int_op() (/usr/local/mysql/bin/mariadbd+0x232def5) #60 0x555557855f7f in Type_handler_int_result::Item_func_hybrid_field_type_val_int(Item_func_hybrid_field_type*) const /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_type.cc:5423 #61 0x5555571b47fe in Item_func_hybrid_field_type::val_int() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_func.h:905 #62 0x555557bf9323 in Item_func_plus::int_op() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_func.cc:1113 #63 0x555557881ef5 in Item_func_hybrid_field_type::val_int_from_int_op() (/usr/local/mysql/bin/mariadbd+0x232def5) #64 0x555557855f7f in Type_handler_int_result::Item_func_hybrid_field_type_val_int(Item_func_hybrid_field_type*) const /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_type.cc:5423 #65 0x5555571b47fe in Item_func_hybrid_field_type::val_int() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_func.h:905 #66 0x555556e56191 in Item::val_int_result() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item.h:1779 #67 0x555557b4ea87 in Item_cache_int::cache_value() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item.cc:10125 #68 0x555557888373 in Item_cache::has_value() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item.h:7099 #69 0x555557b4edc5 in Item_cache_int::val_real() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item.cc:10151 #70 0x555557bfabf9 in Item_func_minus::real_op() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_func.cc:1266 #71 0x555557881f5d in Item_func_hybrid_field_type::val_real_from_real_op() (/usr/local/mysql/bin/mariadbd+0x232df5d) #72 0x555557856457 in Type_handler_real_result::Item_func_hybrid_field_type_val_real(Item_func_hybrid_field_type*) const /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_type.cc:5475 #73 0x5555571b4704 in Item_func_hybrid_field_type::val_real() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_func.h:899 #74 0x555557853259 in Type_handler_real_result::Item_val_bool(Item*) const /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_type.cc:5095 #75 0x555556e55e29 in Item::val_bool() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item.h:1687 #76 0x555557b6aa6c in Item_func_not::val_int() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_cmpfunc.cc:202 #77 0x555557bb0b30 in Item::to_longlong_hybrid() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item.h:1440 #78 0x555557b82e4f in Item_func_between::val_int_cmp_int() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_cmpfunc.cc:2248 #79 0x555557856ff1 in Type_handler_int_result::Item_func_between_val_int(Item_func_between*) const /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_type.cc:5719 #80 0x555556ee3300 in Item_func_between::val_int() (/usr/local/mysql/bin/mariadbd+0x198f300) #81 0x555557bf55af in Item_int_func::val_real() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_func.cc:750 #82 0x555557b8432e in Item_func_between::val_int_cmp_real() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_cmpfunc.cc:2303 #83 0x55555785700f in Type_handler_real_result::Item_func_between_val_int(Item_func_between*) const /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_type.cc:5725 #84 0x555556ee3300 in Item_func_between::val_int() (/usr/local/mysql/bin/mariadbd+0x198f300) #85 0x55555737fbd8 in evaluate_join_record /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:21376 #86 0x55555737eeb5 in sub_select(JOIN*, st_join_table*, bool) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:21278 #87 0x55555737cee9 in do_select /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:20823 #88 0x555557309314 in JOIN::exec_inner() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:4787 #89 0x555557306849 in JOIN::exec() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:4565 #90 0x55555730ad30 in mysql_select(THD*, TABLE_LIST*, List&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:5045 #91 0x5555572db134 in handle_select(THD*, LEX*, select_result*, unsigned long) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:579 #92 0x555557202063 in execute_sqlcom_select /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_parse.cc:6260 #93 0x5555571f09e0 in mysql_execute_command(THD*, bool) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_parse.cc:3944 #94 0x55555720d0b1 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_parse.cc:8036 #95 0x5555571e3d10 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_parse.cc:1991 #96 0x5555571dffdb in do_command(THD*, bool) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_parse.cc:1407 #97 0x555557687a6f in do_handle_one_connection(CONNECT*, bool) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_connect.cc:1418 #98 0x555556e44cd8 in handle_connection_in_main_thread(CONNECT*) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/mysqld.cc:5994 #99 0x555556e45568 in create_new_thread(CONNECT*) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/mysqld.cc:6074 #100 0x555556e4589b in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/mysqld.cc:6136 #101 0x555556e46178 in handle_connections_sockets() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/mysqld.cc:6260 #102 0x555556e44763 in mysqld_main(int, char**) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/mysqld.cc:5910 #103 0x555556e2c8c9 in main /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/main.cc:34 #104 0x7ffff5139c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) #105 0x555556e2c7c9 in _start (/usr/local/mysql/bin/mariadbd+0x18d87c9) 0x61a0000d58e8 is located 616 bytes inside of 1156-byte region [0x61a0000d5680,0x61a0000d5b04) freed by thread T0 here: #0 0x7ffff6ef67a8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7a8) #1 0x555558f20923 in free_memory /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/mysys/safemalloc.c:297 #2 0x555558f1fdaa in sf_free /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/mysys/safemalloc.c:203 #3 0x555558eee361 in my_free /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/mysys/my_malloc.c:211 #4 0x555558ec86de in root_free /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/mysys/my_alloc.c:78 #5 0x555558ecae5b in free_root /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/mysys/my_alloc.c:495 #6 0x55555737b662 in free_tmp_table(THD*, TABLE*) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:20589 #7 0x55555734e613 in JOIN::cleanup(bool) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:14457 #8 0x55555734d8b4 in JOIN::join_free() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:14344 #9 0x55555737d511 in do_select /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:20870 #10 0x555557309314 in JOIN::exec_inner() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:4787 #11 0x555557306849 in JOIN::exec() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:4565 #12 0x555557d467ad in subselect_single_select_engine::exec() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_subselect.cc:4144 #13 0x555557d22c84 in Item_subselect::exec() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_subselect.cc:854 #14 0x555557d2cdf8 in Item_exists_subselect::val_int() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_subselect.cc:1838 #15 0x555557b7ae68 in Item_in_optimizer::val_int() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_cmpfunc.cc:1555 #16 0x5555578532e1 in Type_handler_int_result::Item_val_bool(Item*) const /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_type.cc:5100 #17 0x555556e55e29 in Item::val_bool() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item.h:1687 #18 0x5555573c7ce9 in Item::eval_const_cond() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item.h:1694 #19 0x5555573632ca in Item::remove_eq_conds(THD*, Item::cond_result*, bool) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:18126 #20 0x55555736082c in optimize_cond /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:17676 #21 0x5555572ed82c in JOIN::optimize_inner() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:2231 #22 0x5555572e947d in JOIN::optimize() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:1846 #23 0x55555710e21e in mysql_derived_optimize /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_derived.cc:1064 #24 0x555557108527 in mysql_handle_single_derived(LEX*, TABLE_LIST*, unsigned int) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_derived.cc:200 #25 0x5555572ee9e6 in JOIN::optimize_inner() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:2322 #26 0x5555572e947d in JOIN::optimize() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:1846 #27 0x555557178afa in st_select_lex::optimize_unflattened_subqueries(bool) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_lex.cc:4916 #28 0x55555779c181 in JOIN::optimize_constant_subqueries() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/opt_subselect.cc:5689 #29 0x5555572ec5cb in JOIN::optimize_inner() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:2166 previously allocated by thread T0 here: #0 0x7ffff6ef6b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x555558f1f794 in sf_malloc /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/mysys/safemalloc.c:126 #2 0x555558eed562 in my_malloc /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/mysys/my_malloc.c:90 #3 0x555558ec865a in root_alloc /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/mysys/my_alloc.c:66 #4 0x555558ec9e01 in alloc_root /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/mysys/my_alloc.c:332 #5 0x5555573c5e9e in Field::operator new(unsigned long, st_mem_root*) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/field.h:772 #6 0x555557865049 in Type_handler_long::make_table_field_from_def(TABLE_SHARE*, st_mem_root*, st_mysql_const_lex_string const*, Record_addr const&, Bit_addr const&, Column_definition_attributes const*, unsigned int) const /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_type.cc:8156 #7 0x55555784b958 in Type_handler_int_result::make_table_field(st_mem_root*, st_mysql_const_lex_string const*, Record_addr const&, Type_all_attributes const&, TABLE_SHARE*) const /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_type.cc:3580 #8 0x55555784b686 in Type_handler::make_and_init_table_field(st_mem_root*, st_mysql_const_lex_string const*, Record_addr const&, Type_all_attributes const&, TABLE*) const /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_type.cc:3564 #9 0x555557366e67 in Item_result_field::create_tmp_field_ex_from_handler(st_mem_root*, TABLE*, Tmp_field_src*, Tmp_field_param const*, Type_handler const*) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:18662 #10 0x555556edfafb in Item_result_field::create_tmp_field_ex(st_mem_root*, TABLE*, Tmp_field_src*, Tmp_field_param const*) (/usr/local/mysql/bin/mariadbd+0x198bafb) #11 0x555557367773 in create_tmp_field(TABLE*, Item*, Item***, Field**, Field**, bool, bool, bool, bool) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:18747 #12 0x55555736c284 in Create_tmp_table::add_fields(THD*, TABLE*, TMP_TABLE_PARAM*, List&) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:19196 #13 0x555557374fe1 in create_tmp_table(THD*, TMP_TABLE_PARAM*, List&, st_order*, bool, bool, unsigned long long, unsigned long long, st_mysql_const_lex_string const*, bool, bool) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:19827 #14 0x55555730109d in JOIN::create_postjoin_aggr_table(st_join_table*, List*, st_order*, bool, bool, bool) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:4068 #15 0x5555572fc8e7 in JOIN::make_aggr_tables_info() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:3643 #16 0x5555572f8256 in JOIN::optimize_stage2() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:3271 #17 0x5555572f0857 in JOIN::optimize_inner() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:2530 #18 0x5555572e947d in JOIN::optimize() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:1846 #19 0x555557178afa in st_select_lex::optimize_unflattened_subqueries(bool) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_lex.cc:4916 #20 0x55555779c181 in JOIN::optimize_constant_subqueries() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/opt_subselect.cc:5689 #21 0x5555572ec5cb in JOIN::optimize_inner() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:2166 #22 0x5555572e947d in JOIN::optimize() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:1846 #23 0x55555710e21e in mysql_derived_optimize /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_derived.cc:1064 #24 0x555557108527 in mysql_handle_single_derived(LEX*, TABLE_LIST*, unsigned int) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_derived.cc:200 #25 0x5555572ee9e6 in JOIN::optimize_inner() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:2322 #26 0x5555572e947d in JOIN::optimize() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:1846 #27 0x555557178afa in st_select_lex::optimize_unflattened_subqueries(bool) /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_lex.cc:4916 #28 0x55555779c181 in JOIN::optimize_constant_subqueries() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/opt_subselect.cc:5689 #29 0x5555572ec5cb in JOIN::optimize_inner() /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_select.cc:2166 SUMMARY: AddressSanitizer: heap-use-after-free /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/field.h:1389 in Field::is_null(long long) const Shadow bytes around the buggy address: 0x0c3480012ac0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c3480012ad0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c3480012ae0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c3480012af0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c3480012b00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x0c3480012b10: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd 0x0c3480012b20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c3480012b30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c3480012b40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c3480012b50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c3480012b60: fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==2044==ABORTING