--connect (con1,localhost,root,,)

CREATE OR REPLACE TABLE t1 (a INT DEFAULT @a:='');

--error ER_TRUNCATED_WRONG_VALUE_FOR_FIELD

INSERT INTO t1 VALUES ();

--disconnect con1

--connection default

--error ER_TRUNCATED_WRONG_VALUE_FOR_FIELD

INSERT INTO t1 VALUES ();

# Cleanup

DROP TABLE t1;

==679812==ERROR: AddressSanitizer: heap-use-after-free on address 0x611000040320 at pc 0x55821d28e1a0 bp 0x7fd74965ebc0 sp 0x7fd74965ebb0

READ of size 8 at 0x611000040320 thread T5

    #0 0x55821d28e19f in update_hash(user_var_entry*, bool, void*, unsigned long, Item_result, charset_info_st const*, bool) /data/src/10.5/sql/item_func.cc:4869

    #1 0x55821d28e96e in Item_func_set_user_var::update_hash(void*, unsigned long, Item_result, charset_info_st const*, bool) /data/src/10.5/sql/item_func.cc:4935

    #2 0x55821d290b00 in Item_func_set_user_var::update() /data/src/10.5/sql/item_func.cc:5191

    #3 0x55821d29238d in Item_func_set_user_var::save_in_field(Field*, bool, bool) /data/src/10.5/sql/item_func.cc:5390

    #4 0x55821d2ad8cd in Item_func_set_user_var::save_in_field(Field*, bool) /data/src/10.5/sql/item_func.h:3044

    #5 0x55821cc7ba12 in TABLE::update_default_fields(bool) /data/src/10.5/sql/table.cc:8707

    #6 0x55821c78b9ee in fill_record(THD*, TABLE*, List<Item>&, List<Item>&, bool, bool) /data/src/10.5/sql/sql_base.cc:8527

    #7 0x55821c78c734 in fill_record_n_invoke_before_triggers(THD*, TABLE*, List<Item>&, List<Item>&, bool, trg_event_type) /data/src/10.5/sql/sql_base.cc:8662

    #8 0x55821c8425bc in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /data/src/10.5/sql/sql_insert.cc:996

    #9 0x55821c90b95d in mysql_execute_command(THD*) /data/src/10.5/sql/sql_parse.cc:4596

    #10 0x55821c923e6b in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.5/sql/sql_parse.cc:8062

    #11 0x55821c8fa158 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.5/sql/sql_parse.cc:1889

    #12 0x55821c8f6a81 in do_command(THD*) /data/src/10.5/sql/sql_parse.cc:1370

    #13 0x55821cd3935b in do_handle_one_connection(CONNECT*, bool) /data/src/10.5/sql/sql_connect.cc:1410

    #14 0x55821cd38cbf in handle_one_connection /data/src/10.5/sql/sql_connect.cc:1312

    #15 0x55821da47200 in pfs_spawn_thread /data/src/10.5/storage/perfschema/pfs.cc:2201

    #16 0x7fd752d38608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477

    #17 0x7fd75290e292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)

0x611000040320 is located 160 bytes inside of 220-byte region [0x611000040280,0x61100004035c)

freed by thread T6 here:

    #0 0x7fd7532267cf in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)

    #1 0x55821e6e6974 in free_memory /data/src/10.5/mysys/safemalloc.c:280

    #2 0x55821e6e5f30 in sf_free /data/src/10.5/mysys/safemalloc.c:198

    #3 0x55821e6b3b0f in my_free /data/src/10.5/mysys/my_malloc.c:211

    #4 0x55821c7c8191 in free_user_var /data/src/10.5/sql/sql_class.cc:106

    #5 0x55821e64bd1a in my_hash_free_elements /data/src/10.5/mysys/hash.c:134

    #6 0x55821e64be54 in my_hash_free /data/src/10.5/mysys/hash.c:156

    #7 0x55821c7d3e33 in THD::cleanup(bool) /data/src/10.5/sql/sql_class.cc:1597

    #8 0x55821c5f5493 in unlink_thd(THD*) /data/src/10.5/sql/mysqld.cc:2605

    #9 0x55821cd3949f in do_handle_one_connection(CONNECT*, bool) /data/src/10.5/sql/sql_connect.cc:1421

    #10 0x55821cd38cbf in handle_one_connection /data/src/10.5/sql/sql_connect.cc:1312

    #11 0x55821da47200 in pfs_spawn_thread /data/src/10.5/storage/perfschema/pfs.cc:2201

    #12 0x7fd752d38608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477

previously allocated by thread T6 here:

    #0 0x7fd753226bc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)

    #1 0x55821e6e58e4 in sf_malloc /data/src/10.5/mysys/safemalloc.c:121

    #2 0x55821e6b2ce9 in my_malloc /data/src/10.5/mysys/my_malloc.c:90

    #3 0x55821d28c7de in get_variable(st_hash*, st_mysql_const_lex_string*, bool) /data/src/10.5/sql/item_func.cc:4624

    #4 0x55821d28cc04 in Item_func_set_user_var::set_entry(THD*, bool) /data/src/10.5/sql/item_func.cc:4670

    #5 0x55821d28cec4 in Item_func_set_user_var::fix_fields(THD*, Item**) /data/src/10.5/sql/item_func.cc:4696

    #6 0x55821cc518fb in fix_vcol_expr /data/src/10.5/sql/table.cc:3495

    #7 0x55821cc526c5 in fix_and_check_vcol_expr /data/src/10.5/sql/table.cc:3580

    #8 0x55821cc535b3 in unpack_vcol_info_from_frm /data/src/10.5/sql/table.cc:3706

    #9 0x55821cc3d939 in parse_vcol_defs(THD*, st_mem_root*, TABLE*, bool*, vcol_init_mode) /data/src/10.5/sql/table.cc:1234

    #10 0x55821cc5701d in open_table_from_share(THD*, TABLE_SHARE*, st_mysql_const_lex_string const*, unsigned int, unsigned int, unsigned int, TABLE*, bool, List<String>*) /data/src/10.5/sql/table.cc:4085

    #11 0x55821d13276b in ha_create_table(THD*, char const*, char const*, char const*, HA_CREATE_INFO*, st_mysql_const_unsigned_lex_string*) /data/src/10.5/sql/handler.cc:5547

    #12 0x55821cb909c4 in create_table_impl /data/src/10.5/sql/sql_table.cc:5379

    #13 0x55821cb91350 in mysql_create_table_no_lock(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, Table_specification_st*, Alter_info*, bool*, int, TABLE_LIST*) /data/src/10.5/sql/sql_table.cc:5463

    #14 0x55821cb91f6e in mysql_create_table(THD*, TABLE_LIST*, Table_specification_st*, Alter_info*) /data/src/10.5/sql/sql_table.cc:5564

    #15 0x55821cbc2324 in Sql_cmd_create_table_like::execute(THD*) /data/src/10.5/sql/sql_table.cc:12149

    #16 0x55821c9163c2 in mysql_execute_command(THD*) /data/src/10.5/sql/sql_parse.cc:6023

    #17 0x55821c923e6b in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.5/sql/sql_parse.cc:8062

    #18 0x55821c8fa158 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.5/sql/sql_parse.cc:1889

    #19 0x55821c8f6a81 in do_command(THD*) /data/src/10.5/sql/sql_parse.cc:1370

    #20 0x55821cd3935b in do_handle_one_connection(CONNECT*, bool) /data/src/10.5/sql/sql_connect.cc:1410

    #21 0x55821cd38cbf in handle_one_connection /data/src/10.5/sql/sql_connect.cc:1312

    #22 0x55821da47200 in pfs_spawn_thread /data/src/10.5/storage/perfschema/pfs.cc:2201

    #23 0x7fd752d38608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477

Thread T5 created by T0 here:

    #0 0x7fd753153805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)

    #1 0x55821da421a4 in my_thread_create /data/src/10.5/storage/perfschema/my_thread.h:38

    #2 0x55821da475f3 in pfs_spawn_thread_v1 /data/src/10.5/storage/perfschema/pfs.cc:2252

    #3 0x55821c5ea4fe in inline_mysql_thread_create /data/src/10.5/include/mysql/psi/mysql_thread.h:1323

    #4 0x55821c600512 in create_thread_to_handle_connection(CONNECT*) /data/src/10.5/sql/mysqld.cc:6028

    #5 0x55821c600b91 in create_new_thread(CONNECT*) /data/src/10.5/sql/mysqld.cc:6087

    #6 0x55821c600eee in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.5/sql/mysqld.cc:6152

    #7 0x55821c601b0d in handle_connections_sockets() /data/src/10.5/sql/mysqld.cc:6279

    #8 0x55821c5ffd1f in mysqld_main(int, char**) /data/src/10.5/sql/mysqld.cc:5674

    #9 0x55821c5e8d9c in main /data/src/10.5/sql/main.cc:25

    #10 0x7fd7528130b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

Thread T6 created by T0 here:

    #0 0x7fd753153805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)

    #1 0x55821da421a4 in my_thread_create /data/src/10.5/storage/perfschema/my_thread.h:38

    #2 0x55821da475f3 in pfs_spawn_thread_v1 /data/src/10.5/storage/perfschema/pfs.cc:2252

    #3 0x55821c5ea4fe in inline_mysql_thread_create /data/src/10.5/include/mysql/psi/mysql_thread.h:1323

    #4 0x55821c600512 in create_thread_to_handle_connection(CONNECT*) /data/src/10.5/sql/mysqld.cc:6028

    #5 0x55821c600b91 in create_new_thread(CONNECT*) /data/src/10.5/sql/mysqld.cc:6087

    #6 0x55821c600eee in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.5/sql/mysqld.cc:6152

    #7 0x55821c601b0d in handle_connections_sockets() /data/src/10.5/sql/mysqld.cc:6279

    #8 0x55821c5ffd1f in mysqld_main(int, char**) /data/src/10.5/sql/mysqld.cc:5674

    #9 0x55821c5e8d9c in main /data/src/10.5/sql/main.cc:25

    #10 0x7fd7528130b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.5/sql/item_func.cc:4869 in update_hash(user_var_entry*, bool, void*, unsigned long, Item_result, charset_info_st const*, bool)

Shadow bytes around the buggy address:

  0x0c2280000010: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa

  0x0c2280000020: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd

  0x0c2280000030: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c2280000040: fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

  0x0c2280000050: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

=>0x0c2280000060: fd fd fd fd[fd]fd fd fd fd fd fd fd fa fa fa fa

  0x0c2280000070: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd

  0x0c2280000080: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c2280000090: fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa

  0x0c22800000a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  0x0c22800000b0: 00 00 00 00 00 00 00 00 04 fa fa fa fa fa fa fa

Shadow byte legend (one shadow byte represents 8 application bytes):

  Addressable:           00

  Partially addressable: 01 02 03 04 05 06 07 

  Heap left redzone:       fa

  Freed heap region:       fd

  Stack left redzone:      f1

  Stack mid redzone:       f2

  Stack right redzone:     f3

  Stack after return:      f5

  Stack use after scope:   f8

  Global redzone:          f9

  Global init order:       f6

  Poisoned by user:        f7

  Container overflow:      fc

  Array cookie:            ac

  Intra object redzone:    bb

  ASan internal:           fe

  Left alloca redzone:     ca

  Right alloca redzone:    cb

  Shadow gap:              cc

==679812==ABORTING

210215 14:31:02 [ERROR] mysqld got signal 6 ;

This could be because you hit a bug. It is also possible that this binary

or one of the libraries it was linked against is corrupt, improperly built,

or misconfigured. This error can also be caused by malfunctioning hardware.

To report this bug, see https://mariadb.com/kb/en/reporting-bugs

We will try our best to scrape up some info that will hopefully help

diagnose the problem, but since we have already crashed, 

something is definitely wrong and this may fail.

Server version: 10.5.9-MariaDB-debug-log

key_buffer_size=1048576

read_buffer_size=131072

max_used_connections=2

max_threads=153

thread_count=3

It is possible that mysqld could use up to 

key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 63744 K  bytes of memory

Hope that's ok; if not, decrease some variables in the equation.

Thread pointer: 0x62b000069288

Attempting backtrace. You can use the following information to find out

where mysqld died. If you see no messages after this, something went

terribly wrong...

stack_bottom = 0x7fd749661950 thread_stack 0x5fc00

??:0(__interceptor_tcgetattr)[0x7fd753185d30]

mysys/stacktrace.c:212(my_print_stacktrace)[0x55821e6c3331]

sql/signal_handler.cc:211(handle_fatal_signal)[0x55821d10114c]

sigaction.c:0(__restore_rt)[0x7fd752d443c0]

??:0(gsignal)[0x7fd75283218b]

??:0(abort)[0x7fd752811859]

??:0(__sanitizer_set_report_fd)[0x7fd7532446a2]

??:0(__sanitizer_get_module_and_offset_for_pc)[0x7fd75324f24c]

??:0(__sanitizer_ptr_cmp)[0x7fd7532308ec]

??:0(__asan_on_error)[0x7fd753230363]

??:0(__asan_report_load8)[0x7fd7532311ab]

sql/item_func.cc:4869(update_hash(user_var_entry*, bool, void*, unsigned long, Item_result, charset_info_st const*, bool))[0x55821d28e1a0]

sql/item_func.cc:4935(Item_func_set_user_var::update_hash(void*, unsigned long, Item_result, charset_info_st const*, bool))[0x55821d28e96f]

sql/item_func.cc:5191(Item_func_set_user_var::update())[0x55821d290b01]

sql/item_func.cc:5392(Item_func_set_user_var::save_in_field(Field*, bool, bool))[0x55821d29238e]

sql/item_func.h:3045(Item_func_set_user_var::save_in_field(Field*, bool))[0x55821d2ad8ce]

sql/table.cc:8707(TABLE::update_default_fields(bool))[0x55821cc7ba13]

sql/sql_base.cc:8526(fill_record(THD*, TABLE*, List<Item>&, List<Item>&, bool, bool))[0x55821c78b9ef]

sql/sql_base.cc:8662(fill_record_n_invoke_before_triggers(THD*, TABLE*, List<Item>&, List<Item>&, bool, trg_event_type))[0x55821c78c735]

sql/sql_insert.cc:996(mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*))[0x55821c8425bd]

sql/sql_parse.cc:4596(mysql_execute_command(THD*))[0x55821c90b95e]

sql/sql_parse.cc:8062(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x55821c923e6c]

sql/sql_parse.cc:1892(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x55821c8fa159]

sql/sql_parse.cc:1370(do_command(THD*))[0x55821c8f6a82]

sql/sql_connect.cc:1410(do_handle_one_connection(CONNECT*, bool))[0x55821cd3935c]

sql/sql_connect.cc:1314(handle_one_connection)[0x55821cd38cc0]

perfschema/pfs.cc:2203(pfs_spawn_thread)[0x55821da47201]

nptl/pthread_create.c:478(start_thread)[0x7fd752d38609]

??:0(clone)[0x7fd75290e293]

Trying to get some variables.

Some pointers may be invalid and cause the dump to abort.

Query (0x62b000038440): INSERT INTO t1 VALUES ()

Connection ID (thread ID): 4

Status: NOT_KILLED

Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off

The manual page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mysqld/ contains

information that should help you find out what is causing the crash.

Writing a core file...

Working directory at /dev/shm/var_auto_7SxN/mysqld.1/data

Resource Limits:

Limit                     Soft Limit           Hard Limit           Units     

Max cpu time              unlimited            unlimited            seconds   

Max file size             unlimited            unlimited            bytes     

Max data size             unlimited            unlimited            bytes     

Max stack size            8388608              unlimited            bytes     

Max core file size        0                    0                    bytes     

Max resident set          unlimited            unlimited            bytes     

Max processes             385883               385883               processes 

Max open files            1024                 1024                 files     

Max locked memory         67108864             67108864             bytes     

Max address space         unlimited            unlimited            bytes     

Max file locks            unlimited            unlimited            locks     

Max pending signals       385883               385883               signals   

Max msgqueue size         819200               819200               bytes     

Max nice priority         0                    0                    

Max realtime priority     0                    0                    

Max realtime timeout      unlimited            unlimited            us        

Core pattern: |/usr/share/apport/apport %p %s %c %d %P %E

CREATE TABLE t (a VARCHAR(10), b BLOB AS (@x := 'foobarqux'));

INSERT INTO t (a) VALUES ('');

SELECT * FROM t;

--connect (con1,localhost,root,,test)

--send

SELECT * FROM t;

--connection default

--source include/restart_mysqld.inc

DROP TABLE t;

mysys/my_malloc.c:141, sql/item_func.cc:4891, sql/item_func.cc:4942, sql/item_func.cc:5198, sql/item_func.cc:5399, sql/item_func.h:3397, sql/table.cc:8844, sql/handler.cc:3434

mariadbd: /data/src/10.6/mysys/safemalloc.c:275: free_memory: Assertion `irem->marker == 0x14235296' failed.

220723  0:12:09 [ERROR] mysqld got signal 6 ;

#7  0x00007fd980a30662 in __GI___assert_fail (assertion=0x5592ab7f0d7e "irem->marker == 0x14235296", file=0x5592ab7f0ca0 "/data/src/10.6/mysys/safemalloc.c", line=275, function=0x5592ab7f0f10 <__PRETTY_FUNCTION__.0> "free_memory") at assert.c:101

No locals.

#8  0x00005592ab295fa7 in free_memory (ptr=0x7fd960057b30) at /data/src/10.6/mysys/safemalloc.c:275

        irem = 0x7fd960057ac0

        end_offset = 94088416647628

        __PRETTY_FUNCTION__ = "free_memory"

#9  0x00005592ab295c4c in sf_realloc (ptr=0x7fd960057b30, size=40, my_flags=69712) at /data/src/10.6/mysys/safemalloc.c:193

        irem = 0x7fd960057ac0

        data = 0x7fd964008220 ""

#10 0x00005592ab282fd1 in my_realloc (key=37, old_point=0x7fd960057b48, size=16, my_flags=69712) at /data/src/10.6/mysys/my_malloc.c:151

        old_mh = 0x7fd960057b30

        mh = 0x0

        point = 0x0

        old_size = 16

        old_flags = 1 '\001'

        _db_stack_frame_ = {func = 0x5592ab59e978 "Item_func_set_user_var::update", file = 0x5592ab59c5e0 "/data/src/10.6/sql/item_func.cc", level = 2147483662, line = -1, prev = 0x7fd97c32cb70}

        __PRETTY_FUNCTION__ = "my_realloc"

#11 0x00005592aaa6c055 in update_hash (entry=0x7fd96020ee68, set_null=false, ptr=0x7fd9600fc078, length=10, type=STRING_RESULT, cs=0x5592abe45600 <my_charset_latin1>, unsigned_arg=false) at /data/src/10.6/sql/item_func.cc:4891

        pos = 0x7fd96020eea8 '\217' <repeats 24 times>, "\360"

#12 0x00005592aaa6c1f7 in Item_func_set_user_var::update_hash (this=0x7fd9600fc1f0, ptr=0x7fd9600fc078, length=9, res_type=STRING_RESULT, cs=0x5592abe45600 <my_charset_latin1>, unsigned_arg=false) at /data/src/10.6/sql/item_func.cc:4942

No locals.

#13 0x00005592aaa6cd73 in Item_func_set_user_var::update (this=0x7fd9600fc1f0) at /data/src/10.6/sql/item_func.cc:5198

        res = false

        _db_stack_frame_ = {func = 0x5592ab3d648b "TABLE::update_virtual_fields", file = 0x5592ab3d2d38 "/data/src/10.6/sql/table.cc", level = 2147483661, line = -1, prev = 0x7fd97c32d010}

        __PRETTY_FUNCTION__ = "bool Item_func_set_user_var::update()"

#14 0x00005592aaa6d9cc in Item_func_set_user_var::save_in_field (this=0x7fd9600fc1f0, field=0x7fd9600fbeb0, no_conversions=false, can_use_result_field=true) at /data/src/10.6/sql/item_func.cc:5397

        use_result_field = false

        error = 32729

#15 0x00005592aaa78f4c in Item_func_set_user_var::save_in_field (this=0x7fd9600fc1f0, field=0x7fd9600fbeb0, no_conversions=false) at /data/src/10.6/sql/item_func.h:3396

No locals.

#16 0x00005592aa7a3d5e in TABLE::update_virtual_fields (this=0x7fd9600fb8d8, h=0x7fd96010c870, update_mode=VCOL_UPDATE_FOR_READ) at /data/src/10.6/sql/table.cc:8844

        _write_set_fixed = true

        field_error = 0

        vcol_info = 0x7fd9600fc338

        update = true

        swap_values = true

        _db_stack_frame_ = {func = 0x5592ab586c79 "handler::ha_rnd_next", file = 0x5592ab58521c "/data/src/10.6/sql/handler.cc", level = 2147483660, line = -1, prev = 0x7fd97c32d0a0}

        vfield_ptr = 0x7fd9600fbfd0

        vf = 0x7fd9600fbeb0

        backup_arena = {_vptr.Query_arena = 0x5592abc08780 <vtable for Query_arena+16>, free_list = 0x7fd964015e88, mem_root = 0x7fd964006bf0, is_backup_arena = true, is_reprepared = false, state = Query_arena::STMT_CONVENTIONAL_EXECUTION}

        Suppress_errors = {<Internal_error_handler> = {_vptr.Internal_error_handler = 0x5592abc142b8 <vtable for Turn_errors_to_warnings_handler+16>, m_prev_internal_handler = 0x0}, <No data fields>}

        handler_pushed = true

        update_all_columns = true

        __PRETTY_FUNCTION__ = "int TABLE::update_virtual_fields(handler*, enum_vcol_update_mode)"

#17 0x00005592aa9da6f5 in handler::ha_rnd_next (this=0x7fd96010c870, buf=0x7fd9600fbd88 "\376") at /data/src/10.6/sql/handler.cc:3432

        result = 0

        _db_stack_frame_ = {func = 0x5592ab586fac "handler::read_first_row", file = 0x5592ab58521c "/data/src/10.6/sql/handler.cc", level = 2147483659, line = -1, prev = 0x7fd97c32d150}

        __PRETTY_FUNCTION__ = "int handler::ha_rnd_next(uchar*)"

#18 0x00005592aa9dd390 in handler::read_first_row (this=0x7fd96010c870, buf=0x7fd9600fbd88 "\376", primary_key=64) at /data/src/10.6/sql/handler.cc:3664

        end_error = 0

        error = 0

        _db_stack_frame_ = {func = 0x5592ab3b55b5 "join_read_const_table", file = 0x5592ab3b1a10 "/data/src/10.6/sql/sql_select.cc", level = 2147483658, line = -1, prev = 0x7fd97c32d250}

#19 0x00005592aa6e3b61 in handler::ha_read_first_row (this=0x7fd96010c870, buf=0x7fd9600fbd88 "\376", primary_key=64) at /data/src/10.6/sql/sql_class.h:7386

        error = 21668

#20 0x00005592aa6c752e in join_read_system (tab=0x7fd964016228) at /data/src/10.6/sql/sql_select.cc:21798

        table = 0x7fd9600fb8d8

        error = 32729

#21 0x00005592aa6c7062 in join_read_const_table (thd=0x7fd964000db8, tab=0x7fd964016228, pos=0x7fd9640167e0) at /data/src/10.6/sql/sql_select.cc:21694

        error = 610

        tbl = 0x7fd97c32d260

        _db_stack_frame_ = {func = 0x5592ab3b2be3 "make_join_statistics", file = 0x5592ab3b1a10 "/data/src/10.6/sql/sql_select.cc", level = 2147483657, line = -1, prev = 0x7fd97c32d470}

        table = 0x7fd9600fb8d8

        __PRETTY_FUNCTION__ = "int join_read_const_table(THD*, JOIN_TAB*, POSITION*)"

#22 0x00005592aa69abb1 in make_join_statistics (join=0x7fd9640157a0, tables_list=@0x7fd9640143f0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7fd964015d48, last = 0x7fd964015d48, elements = 1}, <No data fields>}, keyuse_array=0x7fd964015ac0) at /data/src/10.6/sql/sql_select.cc:5445

        tmp = 21906

        p_pos = 0x7fd9640167e0

        p_end = 0x7fd964016918

        error = 0

        table = 0x7fd9600fb8d8

        i = 1

        table_count = 1

        const_count = 1

        key = 32729

        found_const_table_map = 0

        all_table_map = 1

        const_ref = {buffer = {94088425140904}}

        eq_part = {buffer = {140571662435216}}

        has_expensive_keyparts = false

        table_vector = 0x7fd9640167d0

        stat = 0x7fd964016228

        stat_end = 0x7fd9640165d8

        s = 0x7fd964016228

        stat_ref = 0x7fd9640165d8

        stat_vector = 0x7fd9640167c0

        keyuse = 0x0

        start_keyuse = 0x7fd980328690

        outer_join = 0

        no_rows_const_tables = 1

        sargables = 0x0

        ti = {<base_list_iterator> = {list = 0x7fd9640143f0, el = 0x5592abf64100 <end_of_list>, prev = 0x7fd964015d48, current = 0x5592abf64100 <end_of_list>}, <No data fields>}

        tables = 0x0

        thd = 0x7fd964000db8

        _db_stack_frame_ = {func = 0x5592ab3b2185 "JOIN::optimize_inner", file = 0x5592ab3b1a10 "/data/src/10.6/sql/sql_select.cc", level = 2147483656, line = -1, prev = 0x7fd97c32d5c0}

        ref_changed = 2083705616

        __PRETTY_FUNCTION__ = "bool make_join_statistics(JOIN*, List<TABLE_LIST>&, DYNAMIC_ARRAY*)"

#23 0x00005592aa690327 in JOIN::optimize_inner (this=0x7fd9640157a0) at /data/src/10.6/sql/sql_select.cc:2479

        _db_stack_frame_ = {func = 0x5592ab3b2b67 "mysql_select", file = 0x5592ab3b1a10 "/data/src/10.6/sql/sql_select.cc", level = 2147483655, line = -1, prev = 0x7fd97c32d720}

        trace_wrapper = {<Json_writer_struct> = {_vptr.Json_writer_struct = 0x5592abc05328 <vtable for Json_writer_object+16>, my_writer = 0x0, context = {writer = 0x0}, closed = false}, <No data fields>}

        trace_prepare = {<Json_writer_struct> = {_vptr.Json_writer_struct = 0x5592abc05328 <vtable for Json_writer_object+16>, my_writer = 0x0, context = {writer = 0x0}, closed = false}, <No data fields>}

        trace_steps = {<Json_writer_struct> = {_vptr.Json_writer_struct = 0x5592abc05308 <vtable for Json_writer_array+16>, my_writer = 0x0, context = {writer = 0x0}, closed = false}, <No data fields>}

        sel = 0x7fd9640141d8

        eq_list = {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x5592abf64100 <end_of_list>, last = 0x7fd97c32d5a0, elements = 0}, <No data fields>}

        ignore_on_expr = false

        __PRETTY_FUNCTION__ = "int JOIN::optimize_inner()"

#24 0x00005592aa68dbf1 in JOIN::optimize (this=0x7fd9640157a0) at /data/src/10.6/sql/sql_select.cc:1821

        res = 0

        init_state = JOIN::NOT_OPTIMIZED

#25 0x00005592aa699552 in mysql_select (thd=0x7fd964000db8, tables=0x7fd9640147b0, fields=@0x7fd964014478: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7fd964014768, last = 0x7fd964015fb8, elements = 2}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7fd964015778, unit=0x7fd964005120, select_lex=0x7fd9640141d8) at /data/src/10.6/sql/sql_select.cc:5007

        err = 0

        free_join = true

        _db_stack_frame_ = {func = 0x5592ab3b1af8 "handle_select", file = 0x5592ab3b1a10 "/data/src/10.6/sql/sql_select.cc", level = 2147483654, line = -1, prev = 0x7fd97c32d7e0}

        join = 0x7fd9640157a0

#26 0x00005592aa688923 in handle_select (thd=0x7fd964000db8, lex=0x7fd964005058, result=0x7fd964015778, setup_tables_done_option=0) at /data/src/10.6/sql/sql_select.cc:554

        unit = 0x7fd964005120

        res = false

        select_lex = 0x7fd9640141d8

        _db_stack_frame_ = {func = 0x5592ab3a2cd0 "mysql_execute_command", file = 0x5592ab3a1fa8 "/data/src/10.6/sql/sql_parse.cc", level = 2147483653, line = -1, prev = 0x7fd97c32de30}

#27 0x00005592aa649e46 in execute_sqlcom_select (thd=0x7fd964000db8, all_tables=0x7fd9640147b0) at /data/src/10.6/sql/sql_parse.cc:6255

        save_protocol = 0x0

        lex = 0x7fd964005058

        result = 0x7fd964015778

        res = false

        __PRETTY_FUNCTION__ = "bool execute_sqlcom_select(THD*, TABLE_LIST*)"

#28 0x00005592aa641146 in mysql_execute_command (thd=0x7fd964000db8, is_called_from_prepared_stmt=false) at /data/src/10.6/sql/sql_parse.cc:3945

        privileges_requested = SELECT_ACL

        res = 0

        up_result = 0

        lex = 0x7fd964005058

        select_lex = 0x7fd9640141d8

        first_table = 0x7fd9640147b0

        all_tables = 0x7fd9640147b0

        unit = 0x7fd964005120

        have_table_map_for_update = false

        rpl_filter = 0x7fd97c32ddd0

        _db_stack_frame_ = {func = 0x5592ab3a4037 "mysql_parse", file = 0x5592ab3a1fa8 "/data/src/10.6/sql/sql_parse.cc", level = 2147483652, line = -1, prev = 0x7fd97c32e240}

        __PRETTY_FUNCTION__ = "int mysql_execute_command(THD*, bool)"

        ots = {ctx = 0x7fd964004d20, traceable = false}

        orig_binlog_format = BINLOG_FORMAT_MIXED

        orig_current_stmt_binlog_format = BINLOG_FORMAT_STMT

#29 0x00005592aa64ebb8 in mysql_parse (thd=0x7fd964000db8, rawbuf=0x7fd964014160 "SELECT * FROM t", length=15, parser_state=0x7fd97c32e3c0) at /data/src/10.6/sql/sql_parse.cc:8029

        found_semicolon = 0x0

        error = 32729

        lex = 0x7fd964005058

        err = false

        _db_stack_frame_ = {func = 0x5592ab3a2521 "dispatch_command", file = 0x5592ab3a1fa8 "/data/src/10.6/sql/sql_parse.cc", level = 2147483651, line = -1, prev = 0x7fd97c32e3a0}

        __PRETTY_FUNCTION__ = "void mysql_parse(THD*, char*, uint, Parser_state*)"

#30 0x00005592aa63b21b in dispatch_command (command=COM_QUERY, thd=0x7fd964000db8, packet=0x7fd96400b879 "SELECT * FROM t", packet_length=15, blocking=true) at /data/src/10.6/sql/sql_parse.cc:1896

        packet_end = 0x7fd96401416f ""

        parser_state = {m_lip = {lookahead_token = -1, lookahead_yylval = 0x0, m_thd = 0x7fd964000db8, m_ptr = 0x7fd964014170 "\004", m_tok_start = 0x7fd964014170 "\004", m_tok_end = 0x7fd964014170 "\004", m_end_of_query = 0x7fd96401416f "", m_tok_start_prev = 0x7fd96401416f "", m_buf = 0x7fd964014160 "SELECT * FROM t", m_buf_length = 15, m_echo = true, m_echo_saved = false, m_cpp_buf = 0x7fd9640141c8 "SELECT * FROM t", m_cpp_ptr = 0x7fd9640141d7 "", m_cpp_tok_start = 0x7fd9640141d7 "", m_cpp_tok_start_prev = 0x7fd9640141d7 "", m_cpp_tok_end = 0x7fd9640141d7 "", m_body_utf8 = 0x0, m_body_utf8_ptr = 0x0, m_cpp_utf8_processed_ptr = 0x0, next_state = MY_LEX_END, found_semicolon = 0x0, ignore_space = false, stmt_prepare_mode = false, multi_statements = true, yylineno = 1, m_digest = 0x0, in_comment = NO_COMMENT, in_comment_saved = NO_COMMENT, m_cpp_text_start = 0x7fd9640141d6 "t", m_cpp_text_end = 0x7fd9640141d7 "", m_underscore_cs = 0x0}, m_yacc = {yacc_yyss = 0x0, yacc_yyvs = 0x0, m_set_signal_info = {m_item = {0x0 <repeats 12 times>}}, m_lock_type = TL_READ_DEFAULT, m_mdl_type = MDL_SHARED_READ}, m_digest_psi = 0x7fd964004ab0}

        net = 0x7fd9640010f0

        error = false

        do_end_of_statement = true

        _db_stack_frame_ = {func = 0x5592ab3a21a5 "do_command", file = 0x5592ab3a1fa8 "/data/src/10.6/sql/sql_parse.cc", level = 2147483650, line = -1, prev = 0x7fd97c32ec80}

        drop_more_results = false

        __PRETTY_FUNCTION__ = "dispatch_command_return dispatch_command(enum_server_command, THD*, char*, uint, bool)"

        __FUNCTION__ = "dispatch_command"

        res = <optimized out>

#31 0x00005592aa639c16 in do_command (thd=0x7fd964000db8, blocking=true) at /data/src/10.6/sql/sql_parse.cc:1409

        return_value = (DISPATCH_COMMAND_CLOSE_CONNECTION | unknown: 0x80000000)

        packet = 0x7fd96400b878 "\003SELECT * FROM t"

        packet_length = 16

        net = 0x7fd9640010f0

        command = COM_QUERY

        _db_stack_frame_ = {func = 0x5592ab7f4e60 "?func", file = 0x5592ab7f4e66 "?file", level = 2147483649, line = -1, prev = 0x0}

        __PRETTY_FUNCTION__ = "dispatch_command_return do_command(THD*, bool)"

        __FUNCTION__ = "do_command"

#32 0x00005592aa7f3d20 in do_handle_one_connection (connect=0x5592adefdbe8, put_in_cache=true) at /data/src/10.6/sql/sql_connect.cc:1418

        create_user = true

        thr_create_utime = 4946441116846

        thd = 0x7fd964000db8

        __PRETTY_FUNCTION__ = "void do_handle_one_connection(CONNECT*, bool)"

#33 0x00005592aa7f39bf in handle_one_connection (arg=0x5592adefdbe8) at /data/src/10.6/sql/sql_connect.cc:1312

        connect = 0x5592adefdbe8

#34 0x00005592aad0f6fe in pfs_spawn_thread (arg=0x5592adefdcc8) at /data/src/10.6/storage/perfschema/pfs.cc:2201

        typed_arg = 0x5592adefdcc8

        user_arg = 0x5592adefdbe8

        user_start_routine = 0x5592aa7f3964 <handle_one_connection(void*)>

        pfs = 0x7fd980327240

        klass = 0x5592ad8dc900

#35 0x00007fd980efcea7 in start_thread (arg=<optimized out>) at pthread_create.c:477

        ret = <optimized out>

        pd = <optimized out>

        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140572068345600, -884027586515406014, 140720844611278, 140720844611279, 140572068343360, 311296, 867424505186382658, 867026798687318850}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}

        not_first_call = 0

#36 0x00007fd980af9def in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

0x561692cc0c12, mysys/my_malloc.c:141, sql/item_func.cc:4904, sql/item_func.cc:4955, sql/item_func.cc:5211, sql/item_func.cc:5412, sql/item_func.h:3045, sql/table.cc:8762

corrupted double-linked list

220723  0:11:22 [ERROR] mysqld got signal 6 ;

mariadbd: /data/src/10.10/sql/sql_class.cc:1734: virtual THD::~THD(): Assertion `status_var.local_memory_used == 0 || !debug_assert_on_not_freed_memory' failed.