Version: '10.4.32-MariaDB-debug-log' 5c5123dfe0ae0d162f135a43095dade008972b97
|
=================================================================
|
==553156==ERROR: AddressSanitizer: heap-use-after-free on address 0x6190000f75f0 at pc 0x55748ed502ba bp 0x7efdef29f8c0 sp 0x7efdef29f8b0
|
READ of size 8 at 0x6190000f75f0 thread T27
|
#0 0x55748ed502b9 in Item_field::register_field_in_read_map(void*) /10.4/src/sql/item.cc:849
|
#1 0x55748e279110 in Item::walk(bool (Item::*)(void*), bool, void*) /10.4/src/sql/item.h:1873
|
#2 0x55748eaf0fc8 in Item_cache::walk(bool (Item::*)(void*), bool, void*) /10.4/src/sql/item.h:6981
|
#3 0x55748eaf0fc8 in Item_cache::walk(bool (Item::*)(void*), bool, void*) /10.4/src/sql/item.h:6981
|
#4 0x55748e3d1365 in Item_ref::walk(bool (Item::*)(void*), bool, void*) /10.4/src/sql/item.h:5495
|
#5 0x55748e3cee34 in Item_args::walk_args(bool (Item::*)(void*), bool, void*) /10.4/src/sql/item.h:2603
|
#6 0x55748e3cfdcd in Item_func_or_sum::walk(bool (Item::*)(void*), bool, void*) /10.4/src/sql/item.h:5300
|
#7 0x55748edf4d1c in Item_cond::walk(bool (Item::*)(void*), bool, void*) /10.4/src/sql/item_cmpfunc.cc:5038
|
#8 0x55748e3cee34 in Item_args::walk_args(bool (Item::*)(void*), bool, void*) /10.4/src/sql/item.h:2603
|
#9 0x55748e3cfdcd in Item_func_or_sum::walk(bool (Item::*)(void*), bool, void*) /10.4/src/sql/item.h:5300
|
#10 0x55748edf4d1c in Item_cond::walk(bool (Item::*)(void*), bool, void*) /10.4/src/sql/item_cmpfunc.cc:5038
|
#11 0x55748ef2ddce in Item_subselect::walk(bool (Item::*)(void*), bool, void*) /10.4/src/sql/item_subselect.cc:698
|
#12 0x55748ef694d9 in Item_in_subselect::walk(bool (Item::*)(void*), bool, void*) /10.4/src/sql/item_subselect.h:759
|
#13 0x55748e3cee34 in Item_args::walk_args(bool (Item::*)(void*), bool, void*) /10.4/src/sql/item.h:2603
|
#14 0x55748e3cfdcd in Item_func_or_sum::walk(bool (Item::*)(void*), bool, void*) /10.4/src/sql/item.h:5300
|
#15 0x55748edaf359 in Item_cache_wrapper::walk(bool (Item::*)(void*), bool, void*) /10.4/src/sql/item.h:5794
|
#16 0x55748e3cee34 in Item_args::walk_args(bool (Item::*)(void*), bool, void*) /10.4/src/sql/item.h:2603
|
#17 0x55748e3cfdcd in Item_func_or_sum::walk(bool (Item::*)(void*), bool, void*) /10.4/src/sql/item.h:5300
|
#18 0x55748ecebaaf in find_all_keys /10.4/src/sql/filesort.cc:767
|
#19 0x55748ece7bd0 in filesort(THD*, TABLE*, Filesort*, Filesort_tracker*, JOIN*, unsigned long long) /10.4/src/sql/filesort.cc:262
|
#20 0x55748e69cfb8 in create_sort_index(THD*, JOIN*, st_join_table*, Filesort*) /10.4/src/sql/sql_select.cc:24246
|
#21 0x55748e68b3d6 in st_join_table::sort_table() /10.4/src/sql/sql_select.cc:21910
|
#22 0x55748e68a8d8 in join_init_read_record(st_join_table*) /10.4/src/sql/sql_select.cc:21849
|
#23 0x55748e6c6960 in AGGR_OP::end_send() /10.4/src/sql/sql_select.cc:29716
|
#24 0x55748e682e5e in sub_select_postjoin_aggr(JOIN*, st_join_table*, bool) /10.4/src/sql/sql_select.cc:20621
|
#25 0x55748e683959 in sub_select(JOIN*, st_join_table*, bool) /10.4/src/sql/sql_select.cc:20867
|
#26 0x55748e682059 in do_select /10.4/src/sql/sql_select.cc:20445
|
#27 0x55748e60fa9b in JOIN::exec_inner() /10.4/src/sql/sql_select.cc:4625
|
#28 0x55748e60d0cb in JOIN::exec() /10.4/src/sql/sql_select.cc:4407
|
#29 0x55748e6112a7 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /10.4/src/sql/sql_select.cc:4846
|
#30 0x55748e5e1b1d in handle_select(THD*, LEX*, select_result*, unsigned long) /10.4/src/sql/sql_select.cc:442
|
#31 0x55748e54d885 in execute_sqlcom_select /10.4/src/sql/sql_parse.cc:6475
|
#32 0x55748e53affc in mysql_execute_command(THD*) /10.4/src/sql/sql_parse.cc:3978
|
#33 0x55748e556dc4 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /10.4/src/sql/sql_parse.cc:8013
|
#34 0x55748e52d186 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /10.4/src/sql/sql_parse.cc:1857
|
#35 0x55748e529cb1 in do_command(THD*) /10.4/src/sql/sql_parse.cc:1378
|
#36 0x55748e9395b4 in do_handle_one_connection(CONNECT*) /10.4/src/sql/sql_connect.cc:1420
|
#37 0x55748e938e58 in handle_one_connection /10.4/src/sql/sql_connect.cc:1324
|
#38 0x55748f5d547d in pfs_spawn_thread /10.4/src/storage/perfschema/pfs.cc:1869
|
#39 0x7efe05e70608 in start_thread /build/glibc-BHL3KM/glibc-2.31/nptl/pthread_create.c:477
|
#40 0x7efe05a41132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132)
|
|
0x6190000f75f0 is located 624 bytes inside of 1100-byte region [0x6190000f7380,0x6190000f77cc)
|
freed by thread T27 here:
|
#0 0x7efe0646e40f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122
|
#1 0x55749015ca5a in free_memory /10.4/src/mysys/safemalloc.c:279
|
#2 0x55749015c016 in sf_free /10.4/src/mysys/safemalloc.c:197
|
#3 0x55749012ac0e in my_free /10.4/src/mysys/my_malloc.c:222
|
#4 0x557490107954 in free_root /10.4/src/mysys/my_alloc.c:437
|
#5 0x55748e68069d in free_tmp_table(THD*, TABLE*) /10.4/src/sql/sql_select.cc:20209
|
#6 0x55748e654e81 in JOIN::cleanup(bool) /10.4/src/sql/sql_select.cc:14166
|
#7 0x55748e6541a4 in JOIN::join_free() /10.4/src/sql/sql_select.cc:14054
|
#8 0x55748e68257f in do_select /10.4/src/sql/sql_select.cc:20490
|
#9 0x55748e60fa9b in JOIN::exec_inner() /10.4/src/sql/sql_select.cc:4625
|
#10 0x55748e60d0cb in JOIN::exec() /10.4/src/sql/sql_select.cc:4407
|
#11 0x55748ef53b7b in subselect_single_select_engine::exec() /10.4/src/sql/item_subselect.cc:4032
|
#12 0x55748ef2ebe3 in Item_subselect::exec() /10.4/src/sql/item_subselect.cc:758
|
#13 0x55748ef34252 in Item_singlerow_subselect::bring_value() /10.4/src/sql/item_subselect.cc:1358
|
#14 0x55748eda56e0 in Item_cache_row::cache_value() /10.4/src/sql/item.cc:10511
|
#15 0x55748edcff8b in Item_in_optimizer::fix_left(THD*) /10.4/src/sql/item_cmpfunc.cc:1369
|
#16 0x55748ef4cf8a in Item_in_subselect::select_in_like_transformer(JOIN*) /10.4/src/sql/item_subselect.cc:3351
|
#17 0x55748ef45910 in Item_in_subselect::select_transformer(JOIN*) /10.4/src/sql/item_subselect.cc:2659
|
#18 0x55748ea166ce in check_and_do_in_subquery_rewrites(JOIN*) /10.4/src/sql/opt_subselect.cc:750
|
#19 0x55748e5ec91e in JOIN::prepare(TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /10.4/src/sql/sql_select.cc:1454
|
#20 0x55748ef51611 in subselect_single_select_engine::prepare(THD*) /10.4/src/sql/item_subselect.cc:3815
|
#21 0x55748ef2b30c in Item_subselect::fix_fields(THD*, Item**) /10.4/src/sql/item_subselect.cc:289
|
#22 0x55748ef4e3d4 in Item_in_subselect::fix_fields(THD*, Item**) /10.4/src/sql/item_subselect.cc:3477
|
#23 0x55748e2965e4 in Item::fix_fields_if_needed(THD*, Item**) /10.4/src/sql/item.h:966
|
#24 0x55748ee560cd in Item_func::fix_fields(THD*, Item**) /10.4/src/sql/item_func.cc:355
|
#25 0x55748ee01012 in Item_func_not::fix_fields(THD*, Item**) /10.4/src/sql/item_cmpfunc.cc:6436
|
#26 0x55748e2965e4 in Item::fix_fields_if_needed(THD*, Item**) /10.4/src/sql/item.h:966
|
#27 0x55748e29661e in Item::fix_fields_if_needed_for_scalar(THD*, Item**) /10.4/src/sql/item.h:970
|
#28 0x55748e3ceb32 in Item::fix_fields_if_needed_for_bool(THD*, Item**) /10.4/src/sql/item.h:974
|
#29 0x55748e5ec168 in JOIN::prepare(TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /10.4/src/sql/sql_select.cc:1412
|
|
previously allocated by thread T27 here:
|
#0 0x7efe0646e808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
|
#1 0x55749015b9ca in sf_malloc /10.4/src/mysys/safemalloc.c:118
|
#2 0x55749012a117 in my_malloc /10.4/src/mysys/my_malloc.c:101
|
#3 0x55749010675a in alloc_root /10.4/src/mysys/my_alloc.c:258
|
#4 0x55748e6cb1b6 in Field::operator new(unsigned long, st_mem_root*) /10.4/src/sql/field.h:636
|
#5 0x55748eab4356 in Type_handler_long::make_table_field(st_mysql_const_lex_string const*, Record_addr const&, Type_all_attributes const&, TABLE*) const /10.4/src/sql/sql_type.cc:3209
|
#6 0x55748eab3d29 in Type_handler::make_and_init_table_field(st_mysql_const_lex_string const*, Record_addr const&, Type_all_attributes const&, TABLE*) const /10.4/src/sql/sql_type.cc:3156
|
#7 0x55748e276f35 in Item::tmp_table_field_from_field_type(TABLE*) /10.4/src/sql/item.h:809
|
#8 0x55748e66f155 in Item_result_field::create_tmp_field_ex(TABLE*, Tmp_field_src*, Tmp_field_param const*) /10.4/src/sql/sql_select.cc:18431
|
#9 0x55748e66f7d5 in create_tmp_field(TABLE*, Item*, Item***, Field**, Field**, bool, bool, bool, bool) /10.4/src/sql/sql_select.cc:18510
|
#10 0x55748e672ad6 in create_tmp_table(THD*, TMP_TABLE_PARAM*, List<Item>&, st_order*, bool, bool, unsigned long long, unsigned long long, st_mysql_const_lex_string const*, bool, bool) /10.4/src/sql/sql_select.cc:18894
|
#11 0x55748e607a81 in JOIN::create_postjoin_aggr_table(st_join_table*, List<Item>*, st_order*, bool, bool, bool) /10.4/src/sql/sql_select.cc:3916
|
#12 0x55748e6032dd in JOIN::make_aggr_tables_info() /10.4/src/sql/sql_select.cc:3504
|
#13 0x55748e5feb6d in JOIN::optimize_stage2() /10.4/src/sql/sql_select.cc:3128
|
#14 0x55748e5f73c1 in JOIN::optimize_inner() /10.4/src/sql/sql_select.cc:2414
|
#15 0x55748e5f00cc in JOIN::optimize() /10.4/src/sql/sql_select.cc:1731
|
#16 0x55748ef528e3 in subselect_single_select_engine::exec() /10.4/src/sql/item_subselect.cc:3948
|
#17 0x55748ef2ebe3 in Item_subselect::exec() /10.4/src/sql/item_subselect.cc:758
|
#18 0x55748ef34252 in Item_singlerow_subselect::bring_value() /10.4/src/sql/item_subselect.cc:1358
|
#19 0x55748eda56e0 in Item_cache_row::cache_value() /10.4/src/sql/item.cc:10511
|
#20 0x55748edcff8b in Item_in_optimizer::fix_left(THD*) /10.4/src/sql/item_cmpfunc.cc:1369
|
#21 0x55748ef4cf8a in Item_in_subselect::select_in_like_transformer(JOIN*) /10.4/src/sql/item_subselect.cc:3351
|
#22 0x55748ef45910 in Item_in_subselect::select_transformer(JOIN*) /10.4/src/sql/item_subselect.cc:2659
|
#23 0x55748ea166ce in check_and_do_in_subquery_rewrites(JOIN*) /10.4/src/sql/opt_subselect.cc:750
|
#24 0x55748e5ec91e in JOIN::prepare(TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /10.4/src/sql/sql_select.cc:1454
|
#25 0x55748ef51611 in subselect_single_select_engine::prepare(THD*) /10.4/src/sql/item_subselect.cc:3815
|
#26 0x55748ef2b30c in Item_subselect::fix_fields(THD*, Item**) /10.4/src/sql/item_subselect.cc:289
|
#27 0x55748ef4e3d4 in Item_in_subselect::fix_fields(THD*, Item**) /10.4/src/sql/item_subselect.cc:3477
|
#28 0x55748e2965e4 in Item::fix_fields_if_needed(THD*, Item**) /10.4/src/sql/item.h:966
|
#29 0x55748ee560cd in Item_func::fix_fields(THD*, Item**) /10.4/src/sql/item_func.cc:355
|
|
Thread T27 created by T0 here:
|
#0 0x7efe0639b815 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cc:208
|
#1 0x55748f5d586e in spawn_thread_v1 /10.4/src/storage/perfschema/pfs.cc:1919
|
#2 0x55748e224f71 in inline_mysql_thread_create /10.4/src/include/mysql/psi/mysql_thread.h:1275
|
#3 0x55748e23d103 in create_thread_to_handle_connection(CONNECT*) /10.4/src/sql/mysqld.cc:6289
|
#4 0x55748e23d89e in create_new_thread(CONNECT*) /10.4/src/sql/mysqld.cc:6359
|
#5 0x55748e23dd84 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /10.4/src/sql/mysqld.cc:6457
|
#6 0x55748e23ec40 in handle_connections_sockets() /10.4/src/sql/mysqld.cc:6615
|
#7 0x55748e23c808 in mysqld_main(int, char**) /10.4/src/sql/mysqld.cc:5947
|
#8 0x55748e222f3c in main /10.4/src/sql/main.cc:25
|
#9 0x7efe05946082 in __libc_start_main ../csu/libc-start.c:308
|
|
SUMMARY: AddressSanitizer: heap-use-after-free /10.4/src/sql/item.cc:849 in Item_field::register_field_in_read_map(void*)
|
Shadow bytes around the buggy address:
|
0x0c3280016e60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c3280016e70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c3280016e80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c3280016e90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c3280016ea0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
=>0x0c3280016eb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd
|
0x0c3280016ec0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c3280016ed0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c3280016ee0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c3280016ef0: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
|
0x0c3280016f00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
Shadow gap: cc
|
==553156==ABORTING
|
----------SERVER LOG END-------------
|