==1679948==ERROR: AddressSanitizer: heap-use-after-free on address 0x604000005168 at pc 0x560b08dd818a bp 0x7f222995ba70 sp 0x7f222995ba68
|
READ of size 1 at 0x604000005168 thread T5
|
#0 0x560b08dd8189 in my_mb_wc_bin /data/src/10.5/strings/ctype-bin.c:269
|
#1 0x560b07e3768a in charset_info_st::mb_wc(unsigned long*, unsigned char const*, unsigned char const*) const /data/src/10.5/include/m_ctype.h:710
|
#2 0x560b07e3768a in Item_func_soundex::val_str(String*) /data/src/10.5/sql/item_strfunc.cc:2560
|
#3 0x560b079ef382 in Type_handler::Item_send_str(Item*, Protocol*, st_value*) const /data/src/10.5/sql/sql_type.cc:7453
|
#4 0x560b072a7e85 in Protocol::send_result_set_row(List<Item>*) /data/src/10.5/sql/protocol.cc:1087
|
#5 0x560b073f4ab9 in select_send::send_data(List<Item>&) /data/src/10.5/sql/sql_class.cc:3124
|
#6 0x560b07630a9e in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /data/src/10.5/sql/sql_class.h:5390
|
#7 0x560b07630a9e in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /data/src/10.5/sql/sql_class.h:5380
|
#8 0x560b07630a9e in end_send /data/src/10.5/sql/sql_select.cc:22142
|
#9 0x560b07682133 in do_select /data/src/10.5/sql/sql_select.cc:20402
|
#10 0x560b07682133 in JOIN::exec_inner() /data/src/10.5/sql/sql_select.cc:4540
|
#11 0x560b07683312 in JOIN::exec() /data/src/10.5/sql/sql_select.cc:4320
|
#12 0x560b0767ae52 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.5/sql/sql_select.cc:4797
|
#13 0x560b0767d99d in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.5/sql/sql_select.cc:444
|
#14 0x560b074ef094 in execute_sqlcom_select /data/src/10.5/sql/sql_parse.cc:6314
|
#15 0x560b0751869b in mysql_execute_command(THD*) /data/src/10.5/sql/sql_parse.cc:4005
|
#16 0x560b0751d69b in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.5/sql/sql_parse.cc:8100
|
#17 0x560b075239b4 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.5/sql/sql_parse.cc:1891
|
#18 0x560b075292b2 in do_command(THD*) /data/src/10.5/sql/sql_parse.cc:1375
|
#19 0x560b0788b0be in do_handle_one_connection(CONNECT*, bool) /data/src/10.5/sql/sql_connect.cc:1418
|
#20 0x560b0788b76c in handle_one_connection /data/src/10.5/sql/sql_connect.cc:1312
|
#21 0x560b083d82b4 in pfs_spawn_thread /data/src/10.5/storage/perfschema/pfs.cc:2201
|
#22 0x7f2232d01ea6 in start_thread nptl/pthread_create.c:477
|
#23 0x7f22328fedee in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xfddee)
|
|
0x604000005168 is located 24 bytes inside of 48-byte region [0x604000005150,0x604000005180)
|
freed by thread T5 here:
|
#0 0x7f2233295b6f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:123
|
#1 0x560b072ab016 in Binary_string::free() /data/src/10.5/sql/sql_string.h:630
|
#2 0x560b07b7c3db in Binary_string::set_alloced(char*, unsigned long, unsigned long) /data/src/10.5/sql/sql_string.h:457
|
#3 0x560b07b7c3db in Binary_string::operator=(Binary_string const&) /data/src/10.5/sql/sql_string.h:521
|
#4 0x560b07b7c3db in Binary_string::operator=(Binary_string const&) /data/src/10.5/sql/sql_string.h:512
|
#5 0x560b07b7c3db in String::operator=(String const&) /data/src/10.5/sql/sql_string.h:816
|
#6 0x560b07b7c3db in Field_set::val_str(String*, String*) /data/src/10.5/sql/field.cc:9425
|
#7 0x560b07d5fd88 in Item_func_min_max::val_str_native(String*) /data/src/10.5/sql/item_func.cc:2963
|
#8 0x560b07e3744a in Item_func_soundex::val_str(String*) /data/src/10.5/sql/item_strfunc.cc:2541
|
#9 0x560b079ef382 in Type_handler::Item_send_str(Item*, Protocol*, st_value*) const /data/src/10.5/sql/sql_type.cc:7453
|
#10 0x560b072a7e85 in Protocol::send_result_set_row(List<Item>*) /data/src/10.5/sql/protocol.cc:1087
|
#11 0x560b073f4ab9 in select_send::send_data(List<Item>&) /data/src/10.5/sql/sql_class.cc:3124
|
#12 0x560b07630a9e in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /data/src/10.5/sql/sql_class.h:5390
|
#13 0x560b07630a9e in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /data/src/10.5/sql/sql_class.h:5380
|
#14 0x560b07630a9e in end_send /data/src/10.5/sql/sql_select.cc:22142
|
#15 0x560b07682133 in do_select /data/src/10.5/sql/sql_select.cc:20402
|
#16 0x560b07682133 in JOIN::exec_inner() /data/src/10.5/sql/sql_select.cc:4540
|
#17 0x560b07683312 in JOIN::exec() /data/src/10.5/sql/sql_select.cc:4320
|
#18 0x560b0767ae52 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.5/sql/sql_select.cc:4797
|
#19 0x560b0767d99d in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.5/sql/sql_select.cc:444
|
#20 0x560b074ef094 in execute_sqlcom_select /data/src/10.5/sql/sql_parse.cc:6314
|
#21 0x560b0751869b in mysql_execute_command(THD*) /data/src/10.5/sql/sql_parse.cc:4005
|
#22 0x560b0751d69b in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.5/sql/sql_parse.cc:8100
|
#23 0x560b075239b4 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.5/sql/sql_parse.cc:1891
|
#24 0x560b075292b2 in do_command(THD*) /data/src/10.5/sql/sql_parse.cc:1375
|
#25 0x560b0788b0be in do_handle_one_connection(CONNECT*, bool) /data/src/10.5/sql/sql_connect.cc:1418
|
#26 0x560b0788b76c in handle_one_connection /data/src/10.5/sql/sql_connect.cc:1312
|
#27 0x560b083d82b4 in pfs_spawn_thread /data/src/10.5/storage/perfschema/pfs.cc:2201
|
#28 0x7f2232d01ea6 in start_thread nptl/pthread_create.c:477
|
|
previously allocated by thread T5 here:
|
#0 0x7f2233295e8f in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
|
#1 0x560b08d88fb8 in my_malloc /data/src/10.5/mysys/my_malloc.c:90
|
#2 0x560b0770b085 in Binary_string::real_alloc(unsigned long) /data/src/10.5/sql/sql_string.cc:44
|
#3 0x560b0770b55b in Binary_string::alloc(unsigned long) /data/src/10.5/sql/sql_string.h:639
|
#4 0x560b0770b55b in String::set_int(long long, bool, charset_info_st const*) /data/src/10.5/sql/sql_string.cc:126
|
#5 0x560b07c0dd16 in Item_int::val_str(String*) /data/src/10.5/sql/item.cc:3684
|
#6 0x560b07f296da in Item_char_typecast::val_str_generic(String*) /data/src/10.5/sql/item_timefunc.cc:2365
|
#7 0x560b07d5fc56 in Item_func_min_max::val_str_native(String*) /data/src/10.5/sql/item_func.cc:2959
|
#8 0x560b07e3744a in Item_func_soundex::val_str(String*) /data/src/10.5/sql/item_strfunc.cc:2541
|
#9 0x560b079ef382 in Type_handler::Item_send_str(Item*, Protocol*, st_value*) const /data/src/10.5/sql/sql_type.cc:7453
|
#10 0x560b072a7e85 in Protocol::send_result_set_row(List<Item>*) /data/src/10.5/sql/protocol.cc:1087
|
#11 0x560b073f4ab9 in select_send::send_data(List<Item>&) /data/src/10.5/sql/sql_class.cc:3124
|
#12 0x560b07630a9e in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /data/src/10.5/sql/sql_class.h:5390
|
#13 0x560b07630a9e in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /data/src/10.5/sql/sql_class.h:5380
|
#14 0x560b07630a9e in end_send /data/src/10.5/sql/sql_select.cc:22142
|
#15 0x560b07682133 in do_select /data/src/10.5/sql/sql_select.cc:20402
|
#16 0x560b07682133 in JOIN::exec_inner() /data/src/10.5/sql/sql_select.cc:4540
|
#17 0x560b07683312 in JOIN::exec() /data/src/10.5/sql/sql_select.cc:4320
|
#18 0x560b0767ae52 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.5/sql/sql_select.cc:4797
|
#19 0x560b0767d99d in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.5/sql/sql_select.cc:444
|
#20 0x560b074ef094 in execute_sqlcom_select /data/src/10.5/sql/sql_parse.cc:6314
|
#21 0x560b0751869b in mysql_execute_command(THD*) /data/src/10.5/sql/sql_parse.cc:4005
|
#22 0x560b0751d69b in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.5/sql/sql_parse.cc:8100
|
#23 0x560b075239b4 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.5/sql/sql_parse.cc:1891
|
#24 0x560b075292b2 in do_command(THD*) /data/src/10.5/sql/sql_parse.cc:1375
|
#25 0x560b0788b0be in do_handle_one_connection(CONNECT*, bool) /data/src/10.5/sql/sql_connect.cc:1418
|
#26 0x560b0788b76c in handle_one_connection /data/src/10.5/sql/sql_connect.cc:1312
|
#27 0x560b083d82b4 in pfs_spawn_thread /data/src/10.5/storage/perfschema/pfs.cc:2201
|
#28 0x7f2232d01ea6 in start_thread nptl/pthread_create.c:477
|
|
Thread T5 created by T0 here:
|
#0 0x7f22332412a2 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:214
|
#1 0x560b083d8542 in my_thread_create /data/src/10.5/storage/perfschema/my_thread.h:52
|
#2 0x560b083d8542 in pfs_spawn_thread_v1 /data/src/10.5/storage/perfschema/pfs.cc:2252
|
#3 0x560b0728268b in inline_mysql_thread_create /data/src/10.5/include/mysql/psi/mysql_thread.h:1323
|
#4 0x560b0728268b in create_thread_to_handle_connection(CONNECT*) /data/src/10.5/sql/mysqld.cc:6051
|
#5 0x560b0728df02 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.5/sql/mysqld.cc:6175
|
#6 0x560b0728e913 in handle_connections_sockets() /data/src/10.5/sql/mysqld.cc:6302
|
#7 0x560b072905fb in mysqld_main(int, char**) /data/src/10.5/sql/mysqld.cc:5697
|
#8 0x7f2232827d09 in __libc_start_main ../csu/libc-start.c:308
|
|
SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.5/strings/ctype-bin.c:269 in my_mb_wc_bin
|
Shadow bytes around the buggy address:
|
0x0c087fff89d0: fa fa fd fd fd fd fd fa fa fa 00 00 00 00 00 fa
|
0x0c087fff89e0: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 00
|
0x0c087fff89f0: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 fa
|
0x0c087fff8a00: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 fa
|
0x0c087fff8a10: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 00
|
=>0x0c087fff8a20: fa fa 00 00 00 00 00 fa fa fa fd fd fd[fd]fd fd
|
0x0c087fff8a30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c087fff8a40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c087fff8a50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c087fff8a60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c087fff8a70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
Shadow gap: cc
|
==1679948==ABORTING
|
220718 15:29:44 [ERROR] mysqld got signal 6 ;
|
This could be because you hit a bug. It is also possible that this binary
|
or one of the libraries it was linked against is corrupt, improperly built,
|
or misconfigured. This error can also be caused by malfunctioning hardware.
|
|
To report this bug, see https://mariadb.com/kb/en/reporting-bugs
|
|
We will try our best to scrape up some info that will hopefully help
|
diagnose the problem, but since we have already crashed,
|
something is definitely wrong and this may fail.
|
|
Server version: 10.5.17-MariaDB-log
|
key_buffer_size=1048576
|
read_buffer_size=131072
|
max_used_connections=1
|
max_threads=153
|
thread_count=1
|
It is possible that mysqld could use up to
|
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 63649 K bytes of memory
|
Hope that's ok; if not, decrease some variables in the equation.
|
|
Thread pointer: 0x62b000069218
|
Attempting backtrace. You can use the following information to find out
|
where mysqld died. If you see no messages after this, something went
|
terribly wrong...
|
stack_bottom = 0x7f222995e8f0 thread_stack 0x5fc00
|
sanitizer_common/sanitizer_common_interceptors.inc:4101(__interceptor_backtrace.part.0)[0x7f223322fdf1]
|
mysys/stacktrace.c:213(my_print_stacktrace)[0x560b08d921b6]
|
sql/signal_handler.cc:232(handle_fatal_signal)[0x560b07bc7444]
|
sigaction.c:0(__restore_rt)[0x7f2232d0d140]
|
linux/raise.c:51(__GI_raise)[0x7f223283cce1]
|
stdlib/abort.c:81(__GI_abort)[0x7f2232826537]
|
sanitizer_common/sanitizer_posix_libcdep.cpp:149(__sanitizer::Abort())[0x7f22332b111b]
|
sanitizer_common/sanitizer_termination.cpp:59(__sanitizer::Die())[0x7f22332bbce8]
|
asan/asan_report.cpp:186(__asan::ScopedInErrorReport::~ScopedInErrorReport())[0x7f223329e44c]
|
asan/asan_report.cpp:474(__asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool))[0x7f223329dd47]
|
asan/asan_rtl.cpp:117(__asan_report_load1)[0x7f223329e788]
|
strings/ctype-bin.c:269(my_mb_wc_bin)[0x560b08dd818a]
|
sql/item_strfunc.cc:2560(Item_func_soundex::val_str(String*))[0x560b07e3768b]
|
sql/sql_type.cc:7453(Type_handler::Item_send_str(Item*, Protocol*, st_value*) const)[0x560b079ef383]
|
sql/protocol.cc:1087(Protocol::send_result_set_row(List<Item>*))[0x560b072a7e86]
|
sql/sql_class.cc:3124(select_send::send_data(List<Item>&))[0x560b073f4aba]
|
sql/sql_select.cc:22142(end_send(JOIN*, st_join_table*, bool))[0x560b07630a9f]
|
sql/sql_select.cc:20402(JOIN::exec_inner())[0x560b07682134]
|
sql/sql_select.cc:4321(JOIN::exec())[0x560b07683313]
|
sql/sql_select.cc:4799(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x560b0767ae53]
|
sql/sql_select.cc:444(handle_select(THD*, LEX*, select_result*, unsigned long))[0x560b0767d99e]
|
sql/sql_parse.cc:6314(execute_sqlcom_select(THD*, TABLE_LIST*))[0x560b074ef095]
|
sql/sql_parse.cc:4005(mysql_execute_command(THD*))[0x560b0751869c]
|
sql/sql_parse.cc:8117(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x560b0751d69c]
|
sql/sql_parse.cc:1894(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x560b075239b5]
|
sql/sql_parse.cc:1375(do_command(THD*))[0x560b075292b3]
|
sql/sql_connect.cc:1418(do_handle_one_connection(CONNECT*, bool))[0x560b0788b0bf]
|
sql/sql_connect.cc:1312(handle_one_connection)[0x560b0788b76d]
|
perfschema/pfs.cc:2204(pfs_spawn_thread)[0x560b083d82b5]
|
nptl/pthread_create.c:478(start_thread)[0x7f2232d01ea7]
|
x86_64/clone.S:97(__GI___clone)[0x7f22328fedef]
|
|
Trying to get some variables.
|
Some pointers may be invalid and cause the dump to abort.
|
Query (0x62b000038238): SELECT SOUNDEX(GREATEST(BINARY 0, a)) FROM t
|
|
Connection ID (thread ID): 4
|
Status: NOT_KILLED
|
|
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off
|
|
The manual page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mysqld/ contains
|
information that should help you find out what is causing the crash.
|
Writing a core file...
|
Working directory at /dev/shm/var_auto_nx8h/mysqld.1/data
|
Resource Limits:
|
Limit Soft Limit Hard Limit Units
|
Max cpu time unlimited unlimited seconds
|
Max file size unlimited unlimited bytes
|
Max data size unlimited unlimited bytes
|
Max stack size 8388608 unlimited bytes
|
Max core file size unlimited unlimited bytes
|
Max resident set unlimited unlimited bytes
|
Max processes 385885 385885 processes
|
Max open files 1024 1024 files
|
Max locked memory 12659513344 12659513344 bytes
|
Max address space unlimited unlimited bytes
|
Max file locks unlimited unlimited locks
|
Max pending signals 385885 385885 signals
|
Max msgqueue size 819200 819200 bytes
|
Max nice priority 0 0
|
Max realtime priority 0 0
|
Max realtime timeout unlimited unlimited us
|
Core pattern: core
|
|
Kernel version: Linux version 5.10.0-14-amd64 (debian-kernel@lists.debian.org) (gcc-10 (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2) #1 SMP Debian 5.10.113-1 (2022-04-29)
|