==2788089==ERROR: AddressSanitizer: use-after-poison on address 0x62b000093528 at pc 0x5632f52425f1 bp 0x7fc14300e560 sp 0x7fc14300e558
|
READ of size 8 at 0x62b000093528 thread T6
|
#0 0x5632f52425f0 in TABLE_LIST::get_table_name() const /data/src/10.4-mroonga/sql/table.h:2916
|
#1 0x7fc14a314c97 in ha_mroonga::create_share_for_create() const /data/src/10.4-mroonga/storage/mroonga/ha_mroonga.cpp:3045
|
#2 0x7fc14a313061 in ha_mroonga::table_flags() const /data/src/10.4-mroonga/storage/mroonga/ha_mroonga.cpp:2908
|
#3 0x5632f57431e1 in handler::init() /data/src/10.4-mroonga/sql/handler.h:3172
|
#4 0x5632f5b97021 in get_new_handler(TABLE_SHARE*, st_mem_root*, handlerton*) /data/src/10.4-mroonga/sql/handler.cc:317
|
#5 0x5632f59ea1ef in THD::rm_temporary_table(handlerton*, char const*) /data/src/10.4-mroonga/sql/temporary_tables.cc:697
|
#6 0x5632f59eefdf in THD::free_tmp_table_share(TMP_TABLE_SHARE*, bool) /data/src/10.4-mroonga/sql/temporary_tables.cc:1465
|
#7 0x5632f59e92e1 in THD::close_temporary_tables() /data/src/10.4-mroonga/sql/temporary_tables.cc:539
|
#8 0x5632f52cec65 in THD::cleanup() /data/src/10.4-mroonga/sql/sql_class.cc:1527
|
#9 0x5632f50fa1f3 in unlink_thd(THD*) /data/src/10.4-mroonga/sql/mysqld.cc:2633
|
#10 0x5632f50facf6 in one_thread_per_connection_end(THD*, bool) /data/src/10.4-mroonga/sql/mysqld.cc:2782
|
#11 0x5632f57e35c4 in do_handle_one_connection(CONNECT*) /data/src/10.4-mroonga/sql/sql_connect.cc:1431
|
#12 0x5632f57e2d12 in handle_one_connection /data/src/10.4-mroonga/sql/sql_connect.cc:1324
|
#13 0x5632f6453e7b in pfs_spawn_thread /data/src/10.4-mroonga/storage/perfschema/pfs.cc:1869
|
#14 0x7fc1533c8fd3 in start_thread nptl/pthread_create.c:442
|
#15 0x7fc1534495bb in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
|
|
0x62b000093528 is located 808 bytes inside of 24608-byte region [0x62b000093200,0x62b000099220)
|
allocated by thread T6 here:
|
#0 0x7fc153ab89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
|
#1 0x5632f6f9d9b8 in my_malloc /data/src/10.4-mroonga/mysys/my_malloc.c:101
|
#2 0x5632f6f79b54 in reset_root_defaults /data/src/10.4-mroonga/mysys/my_alloc.c:155
|
#3 0x5632f52cdd9a in THD::init_for_queries() /data/src/10.4-mroonga/sql/sql_class.cc:1388
|
#4 0x5632f57e262e in prepare_new_connection_state(THD*) /data/src/10.4-mroonga/sql/sql_connect.cc:1254
|
#5 0x5632f57e2d58 in thd_prepare_connection(THD*) /data/src/10.4-mroonga/sql/sql_connect.cc:1339
|
#6 0x5632f57e335a in do_handle_one_connection(CONNECT*) /data/src/10.4-mroonga/sql/sql_connect.cc:1410
|
#7 0x5632f57e2d12 in handle_one_connection /data/src/10.4-mroonga/sql/sql_connect.cc:1324
|
#8 0x5632f6453e7b in pfs_spawn_thread /data/src/10.4-mroonga/storage/perfschema/pfs.cc:1869
|
#9 0x7fc1533c8fd3 in start_thread nptl/pthread_create.c:442
|
|
Thread T6 created by T0 here:
|
#0 0x7fc153a49726 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:207
|
#1 0x5632f6454268 in spawn_thread_v1 /data/src/10.4-mroonga/storage/perfschema/pfs.cc:1919
|
#2 0x5632f50eef89 in inline_mysql_thread_create /data/src/10.4-mroonga/include/mysql/psi/mysql_thread.h:1275
|
#3 0x5632f5106690 in create_thread_to_handle_connection(CONNECT*) /data/src/10.4-mroonga/sql/mysqld.cc:6287
|
#4 0x5632f5106ddb in create_new_thread(CONNECT*) /data/src/10.4-mroonga/sql/mysqld.cc:6357
|
#5 0x5632f51072a9 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.4-mroonga/sql/mysqld.cc:6455
|
#6 0x5632f5108155 in handle_connections_sockets() /data/src/10.4-mroonga/sql/mysqld.cc:6613
|
#7 0x5632f5105df3 in mysqld_main(int, char**) /data/src/10.4-mroonga/sql/mysqld.cc:5945
|
#8 0x5632f50ed0b8 in main /data/src/10.4-mroonga/sql/main.cc:25
|
#9 0x7fc153367189 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
|
|
SUMMARY: AddressSanitizer: use-after-poison /data/src/10.4-mroonga/sql/table.h:2916 in TABLE_LIST::get_table_name() const
|
Shadow bytes around the buggy address:
|
0x0c568000a650: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c568000a660: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c568000a670: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c568000a680: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c568000a690: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
=>0x0c568000a6a0: f7 f7 f7 f7 f7[f7]f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c568000a6b0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c568000a6c0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c568000a6d0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c568000a6e0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c568000a6f0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
|