==72655==ERROR: AddressSanitizer: heap-use-after-free on address 0x61f000052808 at pc 0x7f000f6983f0 bp 0x7f00055e2470 sp 0x7f00055e2460
|
READ of size 4 at 0x61f000052808 thread T35
|
#0 0x7f000f6983ef in ha_spider::index_last_internal(unsigned char*) /home/nayuta_mariadb/repo/mariadb-server/10.5/storage/spider/ha_spider.cc:3403
|
#1 0x7f000f69bc6a in ha_spider::index_last(unsigned char*) /home/nayuta_mariadb/repo/mariadb-server/10.5/storage/spider/ha_spider.cc:3606
|
#2 0x7f000f6e0a7c in ha_spider::get_auto_increment(unsigned long long, unsigned long long, unsigned long long, unsigned long long*, unsigned long long*) /home/nayuta_mariadb/repo/mariadb-server/10.5/storage/spider/ha_spider.cc:9713
|
#3 0x55e26f4d0fd3 in handler::update_auto_increment() /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/handler.cc:3654
|
#4 0x7f000f6dfd09 in ha_spider::update_auto_increment() /home/nayuta_mariadb/repo/mariadb-server/10.5/storage/spider/ha_spider.cc:9656
|
#5 0x7f000f6e2f89 in ha_spider::write_row(unsigned char const*) /home/nayuta_mariadb/repo/mariadb-server/10.5/storage/spider/ha_spider.cc:9915
|
#6 0x55e26f4ede55 in handler::ha_write_row(unsigned char const*) /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/handler.cc:7196
|
#7 0x55e26ebc63c1 in write_record(THD*, TABLE*, st_copy_info*, select_result*) /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/sql_insert.cc:2145
|
#8 0x55e26ebd148e in Delayed_insert::handle_inserts() /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/sql_insert.cc:3600
|
#9 0x55e26ebcee19 in handle_delayed_insert /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/sql_insert.cc:3329
|
#10 0x55e26fd5d650 in pfs_spawn_thread /home/nayuta_mariadb/repo/mariadb-server/10.5/storage/perfschema/pfs.cc:2201
|
#11 0x7f001da08b42 (/lib/x86_64-linux-gnu/libc.so.6+0x94b42)
|
#12 0x7f001da9a9ff (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)
|
|
0x61f000052808 is located 904 bytes inside of 3236-byte region [0x61f000052480,0x61f000053124)
|
freed by thread T35 here:
|
#0 0x7f001e177517 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127
|
#1 0x55e270a42fe1 in free_memory /home/nayuta_mariadb/repo/mariadb-server/10.5/mysys/safemalloc.c:280
|
#2 0x55e270a42586 in sf_free /home/nayuta_mariadb/repo/mariadb-server/10.5/mysys/safemalloc.c:198
|
#3 0x55e270a0fd4a in my_free /home/nayuta_mariadb/repo/mariadb-server/10.5/mysys/my_malloc.c:211
|
#4 0x7f000f64f115 in spider_free_mem(st_spider_transaction*, void*, unsigned long) /home/nayuta_mariadb/repo/mariadb-server/10.5/storage/spider/spd_malloc.cc:188
|
#5 0x7f000f569ab4 in spider_free_conn(st_spider_conn*) /home/nayuta_mariadb/repo/mariadb-server/10.5/storage/spider/spd_conn.cc:1404
|
#6 0x7f000f562128 in spider_free_conn_from_trx(st_spider_transaction*, st_spider_conn*, bool, bool, int*) /home/nayuta_mariadb/repo/mariadb-server/10.5/storage/spider/spd_conn.cc:420
|
#7 0x7f000f49899f in spider_free_trx_conn(st_spider_transaction*, bool) /home/nayuta_mariadb/repo/mariadb-server/10.5/storage/spider/spd_trx.cc:117
|
#8 0x7f000f4b60cf in spider_commit(handlerton*, THD*, bool) /home/nayuta_mariadb/repo/mariadb-server/10.5/storage/spider/spd_trx.cc:3486
|
#9 0x55e26f4bda3c in commit_one_phase_2 /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/handler.cc:1971
|
#10 0x55e26f4bd74a in ha_commit_one_phase(THD*, bool) /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/handler.cc:1950
|
#11 0x55e26f4bba11 in ha_commit_trans(THD*, bool) /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/handler.cc:1744
|
#12 0x55e26f10fa3e in trans_commit_stmt(THD*) /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/transaction.cc:472
|
#13 0x55e26ebcf128 in handle_delayed_insert /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/sql_insert.cc:3351
|
#14 0x55e26fd5d650 in pfs_spawn_thread /home/nayuta_mariadb/repo/mariadb-server/10.5/storage/perfschema/pfs.cc:2201
|
#15 0x7f001da08b42 (/lib/x86_64-linux-gnu/libc.so.6+0x94b42)
|
|
previously allocated by thread T35 here:
|
#0 0x7f001e177867 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
|
#1 0x55e270a41f2d in sf_malloc /home/nayuta_mariadb/repo/mariadb-server/10.5/mysys/safemalloc.c:121
|
#2 0x55e270a0eed5 in my_malloc /home/nayuta_mariadb/repo/mariadb-server/10.5/mysys/my_malloc.c:90
|
#3 0x7f000f64f880 in spider_bulk_alloc_mem(st_spider_transaction*, unsigned int, char const*, char const*, unsigned long, unsigned long, ...) /home/nayuta_mariadb/repo/mariadb-server/10.5/storage/spider/spd_malloc.cc:236
|
#4 0x7f000f5631de in spider_create_conn(st_spider_share*, ha_spider*, int, int, unsigned int, int*) /home/nayuta_mariadb/repo/mariadb-server/10.5/storage/spider/spd_conn.cc:593
|
#5 0x7f000f5688c7 in spider_get_conn(st_spider_share*, int, char*, st_spider_transaction*, ha_spider*, bool, bool, unsigned int, int*) /home/nayuta_mariadb/repo/mariadb-server/10.5/storage/spider/spd_conn.cc:1218
|
#6 0x7f000f4b9dcf in spider_check_trx_and_get_conn(THD*, ha_spider*, bool) /home/nayuta_mariadb/repo/mariadb-server/10.5/storage/spider/spd_trx.cc:3896
|
#7 0x7f000f67c6f5 in ha_spider::check_access_kind_for_connection(THD*, bool) /home/nayuta_mariadb/repo/mariadb-server/10.5/storage/spider/ha_spider.cc:884
|
#8 0x7f000f71deab in ha_spider::dml_init() /home/nayuta_mariadb/repo/mariadb-server/10.5/storage/spider/ha_spider.cc:16395
|
#9 0x7f000f6c1063 in ha_spider::rnd_init(bool) /home/nayuta_mariadb/repo/mariadb-server/10.5/storage/spider/ha_spider.cc:7232
|
#10 0x55e26ebb5d39 in handler::ha_rnd_init(bool) /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/handler.h:3358
|
#11 0x55e26f4cfa16 in handler::ha_rnd_init_with_error(bool) /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/handler.cc:3314
|
#12 0x55e26ebd00be in Delayed_insert::handle_inserts() /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/sql_insert.cc:3490
|
#13 0x55e26ebcee19 in handle_delayed_insert /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/sql_insert.cc:3329
|
#14 0x55e26fd5d650 in pfs_spawn_thread /home/nayuta_mariadb/repo/mariadb-server/10.5/storage/perfschema/pfs.cc:2201
|
#15 0x7f001da08b42 (/lib/x86_64-linux-gnu/libc.so.6+0x94b42)
|
|
Thread T35 created by T14 here:
|
#0 0x7f001e11b685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
|
#1 0x55e26fd590da in my_thread_create /home/nayuta_mariadb/repo/mariadb-server/10.5/storage/perfschema/my_thread.h:52
|
#2 0x55e26fd5da43 in pfs_spawn_thread_v1 /home/nayuta_mariadb/repo/mariadb-server/10.5/storage/perfschema/pfs.cc:2252
|
#3 0x55e26ebb6ed3 in inline_mysql_thread_create /home/nayuta_mariadb/repo/mariadb-server/10.5/include/mysql/psi/mysql_thread.h:1323
|
#4 0x55e26ebc7c4a in delayed_get_table /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/sql_insert.cc:2527
|
#5 0x55e26ebba663 in open_and_lock_for_insert_delayed /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/sql_insert.cc:574
|
#6 0x55e26ebbb5c5 in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/sql_insert.cc:752
|
#7 0x55e26ec8a47d in mysql_execute_command(THD*) /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/sql_parse.cc:4624
|
#8 0x55e26eca2cea in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/sql_parse.cc:8100
|
#9 0x55e26ec784a6 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/sql_parse.cc:1891
|
#10 0x55e26ec74dba in do_command(THD*) /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/sql_parse.cc:1375
|
#11 0x55e26f0cbc0a in do_handle_one_connection(CONNECT*, bool) /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/sql_connect.cc:1418
|
#12 0x55e26f0cb446 in handle_one_connection /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/sql_connect.cc:1312
|
#13 0x55e26fd5d650 in pfs_spawn_thread /home/nayuta_mariadb/repo/mariadb-server/10.5/storage/perfschema/pfs.cc:2201
|
#14 0x7f001da08b42 (/lib/x86_64-linux-gnu/libc.so.6+0x94b42)
|
|
Thread T14 created by T0 here:
|
#0 0x7f001e11b685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
|
#1 0x55e26fd590da in my_thread_create /home/nayuta_mariadb/repo/mariadb-server/10.5/storage/perfschema/my_thread.h:52
|
#2 0x55e26fd5da43 in pfs_spawn_thread_v1 /home/nayuta_mariadb/repo/mariadb-server/10.5/storage/perfschema/pfs.cc:2252
|
#3 0x55e26e95a742 in inline_mysql_thread_create /home/nayuta_mariadb/repo/mariadb-server/10.5/include/mysql/psi/mysql_thread.h:1323
|
#4 0x55e26e971313 in create_thread_to_handle_connection(CONNECT*) /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/mysqld.cc:6051
|
#5 0x55e26e9719a9 in create_new_thread(CONNECT*) /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/mysqld.cc:6110
|
#6 0x55e26e971d0c in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/mysqld.cc:6175
|
#7 0x55e26e972957 in handle_connections_sockets() /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/mysqld.cc:6302
|
#8 0x55e26e970aec in mysqld_main(int, char**) /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/mysqld.cc:5697
|
#9 0x55e26e95920c in main /home/nayuta_mariadb/repo/mariadb-server/10.5/sql/main.cc:25
|
#10 0x7f001d99dd8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
|
|
SUMMARY: AddressSanitizer: heap-use-after-free /home/nayuta_mariadb/repo/mariadb-server/10.5/storage/spider/ha_spider.cc:3403 in ha_spider::index_last_internal(unsigned char*)
|
Shadow bytes around the buggy address:
|
0x0c3e800024b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c3e800024c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c3e800024d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c3e800024e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c3e800024f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
=>0x0c3e80002500: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c3e80002510: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c3e80002520: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c3e80002530: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c3e80002540: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c3e80002550: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
Shadow gap: cc
|
==72655==ABORTING
|