==22096==ERROR: AddressSanitizer: heap-use-after-free on address 0x6290000c8218 at pc 0x56373cec287d bp 0x7f74d99ec7f0 sp 0x7f74d99ec7e8
|
READ of size 8 at 0x6290000c8218 thread T6
|
#0 0x56373cec287c in ha_maria::implicit_commit(THD*, bool) /data/src/10.1/storage/maria/ha_maria.cc:2922
|
#1 0x56373caa3659 in ha_commit_trans(THD*, bool) /data/src/10.1/sql/handler.cc:1391
|
#2 0x56373c8e4f8c in trans_commit_implicit(THD*) /data/src/10.1/sql/transaction.cc:294
|
#3 0x56373c65bdf4 in mysql_execute_command(THD*) /data/src/10.1/sql/sql_parse.cc:5555
|
#4 0x56373c65d93e in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/src/10.1/sql/sql_parse.cc:7209
|
#5 0x56373c6640b5 in dispatch_command(enum_server_command, THD*, char*, unsigned int) /data/src/10.1/sql/sql_parse.cc:1499
|
#6 0x56373c66a696 in do_command(THD*) /data/src/10.1/sql/sql_parse.cc:1131
|
#7 0x56373c8be023 in do_handle_one_connection(THD*) /data/src/10.1/sql/sql_connect.cc:1331
|
#8 0x56373c8be5a9 in handle_one_connection /data/src/10.1/sql/sql_connect.cc:1242
|
#9 0x56373d101bad in pfs_spawn_thread /data/src/10.1/storage/perfschema/pfs.cc:1861
|
#10 0x7f74e500c4a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x74a3)
|
#11 0x7f74e3a22d0e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe8d0e)
|
|
0x6290000c8218 is located 24 bytes inside of 18224-byte region [0x6290000c8200,0x6290000cc930)
|
freed by thread T6 here:
|
#0 0x7f74e52e3a10 in free (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1a10)
|
#1 0x56373d6668ea in my_free /data/src/10.1/mysys/my_malloc.c:218
|
|
previously allocated by thread T6 here:
|
#0 0x7f74e52e3d28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
|
#1 0x56373d666708 in my_malloc /data/src/10.1/mysys/my_malloc.c:101
|
|
Thread T6 created by T0 here:
|
#0 0x7f74e5252f59 in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x30f59)
|
#1 0x56373d10c0bc in spawn_thread_v1 /data/src/10.1/storage/perfschema/pfs.cc:1911
|
|
SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.1/storage/maria/ha_maria.cc:2922 in ha_maria::implicit_commit(THD*, bool)
|
Shadow bytes around the buggy address:
|
0x0c5280010ff0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c5280011000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c5280011010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c5280011020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c5280011030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
=>0x0c5280011040: fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c5280011050: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c5280011060: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c5280011070: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c5280011080: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c5280011090: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Heap right redzone: fb
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack partial redzone: f4
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
==22096==ABORTING
|