==18166== Invalid read of size 8 ==18166== at 0x536A4C: free_io_cache(TABLE*) (sql_base.cc:883) ==18166== by 0x59BF2A: JOIN::cleanup(bool) (sql_select.cc:7113) ==18166== by 0x59C767: JOIN::destroy() (sql_select.cc:2417) ==18166== by 0x5E1957: st_select_lex_unit::cleanup() (sql_union.cc:801) ==18166== by 0x5E1A17: st_select_lex_unit::cleanup() (sql_union.cc:808) ==18166== by 0x575AEC: mysql_execute_command(THD*) (sql_parse.cc:4360) ==18166== by 0x579E59: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5496) ==18166== by 0x57ADC2: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1032) ==18166== by 0x61295A: do_handle_one_connection(THD*) (sql_connect.cc:745) ==18166== by 0x612A5B: handle_one_connection (sql_connect.cc:684) ==18166== by 0x30E1807760: start_thread (pthread_create.c:301) ==18166== by 0x1A54F70F: ??? ==18166== Address 0x1a2f7600 is 2,144 bytes inside a block of size 3,560 free'd ==18166== at 0x4A04D72: free (vg_replace_malloc.c:325) ==18166== by 0x918530: free_root (my_alloc.c:365) ==18166== by 0x592FBD: free_tmp_table(THD*, TABLE*) (sql_select.cc:11145) ==18166== by 0x53CE1B: close_thread_tables(THD*) (sql_base.cc:1436) ==18166== by 0x5410FB: open_and_lock_tables(THD*, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) (sql_base.cc:5421) ==18166== by 0x572818: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_base.h:475) ==18166== by 0x57793E: mysql_execute_command(THD*) (sql_parse.cc:2046) ==18166== by 0x579E59: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5496) ==18166== by 0x57ADC2: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1032) ==18166== by 0x61295A: do_handle_one_connection(THD*) (sql_connect.cc:745) ==18166== by 0x612A5B: handle_one_connection (sql_connect.cc:684) ==18166== by 0x30E1807760: start_thread (pthread_create.c:301) ==18166== by 0x1A54F70F: ??? ==18166== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- y ==18166== starting debugger with cmd: /usr/bin/gdb -nw /proc/20531/fd/10000 20531 GNU gdb (GDB) Fedora (7.1-18.fc13) Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: ... Reading symbols from /proc/20531/fd/10000...done. Attaching to program: /proc/20531/fd/10000, process 20531 Reading symbols from /usr/lib64/valgrind/vgpreload_core-amd64-linux.so...done. Loaded symbols for /usr/lib64/valgrind/vgpreload_core-amd64-linux.so Reading symbols from /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so...done. Loaded symbols for /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so Reading symbols from /lib64/libpthread.so.0...Reading symbols from /usr/lib/debug/lib64/libpthread-2.12.so.debug...done. [Thread debugging using libthread_db enabled] done. Loaded symbols for /lib64/libpthread.so.0 Reading symbols from /lib64/libz.so.1...Reading symbols from /usr/lib/debug/lib64/libz.so.1.2.3.debug...done. done. Loaded symbols for /lib64/libz.so.1 Reading symbols from /lib64/libm.so.6...Reading symbols from /usr/lib/debug/lib64/libm-2.12.so.debug...done. done. Loaded symbols for /lib64/libm.so.6 Reading symbols from /lib64/librt.so.1...Reading symbols from /usr/lib/debug/lib64/librt-2.12.so.debug...done. done. Loaded symbols for /lib64/librt.so.1 Reading symbols from /lib64/libcrypt.so.1...Reading symbols from /usr/lib/debug/lib64/libcrypt-2.12.so.debug...done. done. Loaded symbols for /lib64/libcrypt.so.1 Reading symbols from /lib64/libdl.so.2...Reading symbols from /usr/lib/debug/lib64/libdl-2.12.so.debug...done. done. Loaded symbols for /lib64/libdl.so.2 Reading symbols from /lib64/libc.so.6...Reading symbols from /usr/lib/debug/lib64/libc-2.12.so.debug...done. done. Loaded symbols for /lib64/libc.so.6 Reading symbols from /lib64/ld-linux-x86-64.so.2...Reading symbols from /usr/lib/debug/lib64/ld-2.12.so.debug...done. done. Loaded symbols for /lib64/ld-linux-x86-64.so.2 Reading symbols from /lib64/libfreebl3.so...Reading symbols from /usr/lib/debug/lib64/libfreebl3.so.debug...done. done. Loaded symbols for /lib64/libfreebl3.so Reading symbols from /lib64/libgcc_s.so.1...Reading symbols from /usr/lib/debug/lib64/libgcc_s-4.4.4-20100630.so.1.debug...done. done. Loaded symbols for /lib64/libgcc_s.so.1 free_io_cache (table=0x1a2f6db0) at /home/sbester/build/bzr/mysql-5.5-security/sql/sql_base.cc:883 883 if (table->sort.io_cache) (gdb) bt #0 free_io_cache (table=0x1a2f6db0) at /home/sbester/build/bzr/mysql-5.5-security/sql/sql_base.cc:883 #1 0x000000000059bf2b in JOIN::cleanup (this=0x19cb3a20, full=true) at /home/sbester/build/bzr/mysql-5.5-security/sql/sql_select.cc:7113 #2 0x000000000059c768 in JOIN::destroy (this=) at /home/sbester/build/bzr/mysql-5.5-security/sql/sql_select.cc:2417 #3 0x00000000005e1958 in cleanup (this=0x19fb3708) at /home/sbester/build/bzr/mysql-5.5-security/sql/sql_union.cc:801 #4 st_select_lex_unit::cleanup (this=0x19fb3708) at /home/sbester/build/bzr/mysql-5.5-security/sql/sql_union.cc:667 #5 0x00000000005e1a18 in cleanup (this=0x159c1e18) at /home/sbester/build/bzr/mysql-5.5-security/sql/sql_union.cc:808 #6 st_select_lex_unit::cleanup (this=0x159c1e18) at /home/sbester/build/bzr/mysql-5.5-security/sql/sql_union.cc:667 #7 0x0000000000575aed in mysql_execute_command (thd=0x159c0440) at /home/sbester/build/bzr/mysql-5.5-security/sql/sql_parse.cc:4360 #8 0x0000000000579e5a in mysql_parse (thd=0x159c0440, rawbuf=, length=1175, parser_state=0x1a54e990) at /home/sbester/build/bzr/mysql-5.5-security/sql/sql_parse.cc:5496 #9 0x000000000057adc3 in dispatch_command (command=COM_QUERY, thd=0x159c0440, packet=, packet_length=) at /home/sbester/build/bzr/mysql-5.5-security/sql/sql_parse.cc:1032 #10 0x000000000061295b in do_handle_one_connection (thd_arg=) at /home/sbester/build/bzr/mysql-5.5-security/sql/sql_connect.cc:745 #11 0x0000000000612a5c in handle_one_connection (arg=0x159c0440) at /home/sbester/build/bzr/mysql-5.5-security/sql/sql_connect.cc:684 #12 0x00000030e1807761 in start_thread (arg=0x1a54f710) at pthread_create.c:301 #13 0x00000030e14e14ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 (gdb) list 878 /* Free resources allocated by filesort() and read_record() */ 879 880 void free_io_cache(TABLE *table) 881 { 882 DBUG_ENTER("free_io_cache"); 883 if (table->sort.io_cache) 884 { 885 close_cached_file(table->sort.io_cache); 886 my_free(table->sort.io_cache); 887 table->sort.io_cache=0; (gdb) print table $1 = (TABLE *) 0x1a2f6db0 (gdb) print *table $2 = { s = 0x1a2f7668, file = 0x1b02a920, next = 0x15927070, prev = 0x0, share_next = 0x0, share_prev = 0x0, in_use = 0x159c0440, field = 0x1a2f7990, record = {[0] = 0x1b02aab0 "\377\001", [1] = 0x1b02aac0 ""}, write_row_record = 0x0, insert_values = 0x0, covering_keys = { map = 0 }, quick_keys = { map = 0 }, merge_keys = { map = 0 }, keys_in_use_for_query = { map = 0 }, keys_in_use_for_group_by = { map = 0 }, keys_in_use_for_order_by = { map = 0 }, key_info = 0x0, next_number_field = 0x0, found_next_number_field = 0x0, timestamp_field = 0x0, triggers = 0x0, pos_in_table_list = 0x1b9cc130, pos_in_locked_tables = 0x0, group = 0x0, alias = 0x1b9cc110 "v1_2", null_flags = 0x1b02aab0 "\377\001", bitmap_init_value = 0x0, def_read_set = { bitmap = 0x1a2f7b80, n_bits = 1, last_word_mask = 4294967294, last_word_ptr = 0x1a2f7b80, mutex = 0x0 }, def_write_set = { bitmap = 0x1a2f7b80, n_bits = 1, last_word_mask = 4294967294, last_word_ptr = 0x1a2f7b80, mutex = 0x0 }, tmp_set = { bitmap = 0x1a2f7b84, n_bits = 1, last_word_mask = 4294967294, last_word_ptr = 0x1a2f7b84, mutex = 0x0 }, read_set = 0x1a2f6e98, write_set = 0x1a2f6eb8, query_id = 0, quick_rows = {[0] = 0 }, const_key_parts = {[0] = 0 }, quick_key_parts = {[0] = 0 }, quick_n_ranges = {[0] = 0 }, quick_condition_rows = 10, timestamp_field_type = TIMESTAMP_NO_AUTO_SET, map = 8, lock_position = 0, lock_data_start = 0, lock_count = 0, tablenr = 3, used_fields = 0, temp_pool_slot = 10, status = 2, db_stat = 3, derived_select_number = 16, current_lock = 0, copy_blobs = 1 '\001', maybe_null = 0, null_row = 0 '\000', force_index = 0 '\000', force_index_order = 0 '\000', force_index_group = 0 '\000', distinct = 0 '\000', const_table = 0 '\000', no_rows = 0 '\000', key_read = 0 '\000', no_keyread = 0 '\000', locked_by_logger = 0 '\000', no_replicate = 0 '\000', locked_by_name = 0 '\000', fulltext_searched = 0 '\000', no_cache = 0 '\000', open_by_handler = 0 '\000', auto_increment_field_not_null = 0 '\000', insert_or_update = 0 '\000', alias_name_used = 0 '\000', get_fields_in_item_tree = 0 '\000', m_needs_reopen = 0 '\000', reginfo = { join_tab = 0x1a21ddb8, lock_type = TL_WRITE, not_exists_optimize = false, impossible_range = false }, mem_root = { free = 0x1b02a890, used = 0x1a2f6da0, pre_alloc = 0x0, min_malloc = 32, block_size = 992, block_num = 6, first_block_usage = 0, error_handler = 0x5f8180 }, grant = { grant_table = 0x0, version = 0, privilege = 18446744072635809791, want_privilege = 1, orig_want_privilege = 1, m_internal = { m_schema_lookup_done = true, m_schema_access = 0x0, m_table_lookup_done = true, m_table_access = 0x0 } }, sort = { io_cache = 0x0, sort_keys = 0x0, buffpek = 0x0, buffpek_len = 0, addon_buf = 0x0, addon_length = 0, addon_field = 0x0, unpack = 0, record_pointers = 0x0, found_records = 0 }, part_info = 0x0, no_partitions_used = false, mdl_ticket = 0x0 } (gdb) frame 7 #7 0x0000000000575aed in mysql_execute_command (thd=0x159c0440) at /home/sbester/build/bzr/mysql-5.5-security/sql/sql_parse.cc:4360 4360 lex->unit.cleanup(); (gdb) print thd->query_string $3 = { string = { str = 0x15750cf0 "explain partitions select 1 from `t1` as `t1_0` \njoin `v2` as `v2_1` \nleft join `v0` as `v0_2` on `v2_1`.`1` not like `t1_0`.`col1` xor\n\t`t1_0`.`col4` > `v0_2`.`1` and\n\t`t1_0`.`col3` >= '1%' \ncross join `v4` as `v4_3` on `t1_0`.`a1` <> null xor\n\t`v0_2`.`1` >= `v4_3`.`1` <> ( select 1 from `t1` as `t1_0` \nstraight_join `v0` as `v0_1` on `v0_1`.`1` like `v0_1`.`1` or\n\t`t1_0`.`col0` <= `t1_0`.`col1` \ncross join `v1` as `v1_2` on `v0_1`.`1` <> `v1_2`.`1` or\n\t`v0_1`.`1` > `t1_0`.`col4` or\n\t`v1_2`.`1` = `t1_0`.`col4` xor\n\t`v0_1`.`1` is not null limit 1 )and\n\t`t1_0`.`col0` <> `v4_3`.`1` union select 1 from `t1` as `t1_0` \njoin `v2` as `v2_1` \nleft join `v0` as `v0_2` on `v2_1`.`1` not like `t1_0`.`col1` xor\n\t`t1_0`.`col4` > `v0_2`.`1` and\n\t`t1_0`.`col3` >= '1%' \ncross join `v4` as `v4_3` on `t1_0`.`a1` <> null xor\n\t`v0_2`.`1` >= `v4_3`.`1` <> ( select 1 from `t1` as `t1_0` \nstraight_join `v0` as `v0_1` on `v0_1`.`1` like `v0_1`.`1` or\n\t`t1_0`.`col0` <= `t1_0`.`col1` \ncross join `v1` as `v1_2` on `v"..., length = 1175 }, cs = 0xfa8520 } (gdb) set print elements 5000 (gdb) print thd->query_string $4 = { string = { str = 0x15750cf0 "explain partitions select 1 from `t1` as `t1_0` \njoin `v2` as `v2_1` \nleft join `v0` as `v0_2` on `v2_1`.`1` not like `t1_0`.`col1` xor\n\t`t1_0`.`col4` > `v0_2`.`1` and\n\t`t1_0`.`col3` >= '1%' \ncross join `v4` as `v4_3` on `t1_0`.`a1` <> null xor\n\t`v0_2`.`1` >= `v4_3`.`1` <> ( select 1 from `t1` as `t1_0` \nstraight_join `v0` as `v0_1` on `v0_1`.`1` like `v0_1`.`1` or\n\t`t1_0`.`col0` <= `t1_0`.`col1` \ncross join `v1` as `v1_2` on `v0_1`.`1` <> `v1_2`.`1` or\n\t`v0_1`.`1` > `t1_0`.`col4` or\n\t`v1_2`.`1` = `t1_0`.`col4` xor\n\t`v0_1`.`1` is not null limit 1 )and\n\t`t1_0`.`col0` <> `v4_3`.`1` union select 1 from `t1` as `t1_0` \njoin `v2` as `v2_1` \nleft join `v0` as `v0_2` on `v2_1`.`1` not like `t1_0`.`col1` xor\n\t`t1_0`.`col4` > `v0_2`.`1` and\n\t`t1_0`.`col3` >= '1%' \ncross join `v4` as `v4_3` on `t1_0`.`a1` <> null xor\n\t`v0_2`.`1` >= `v4_3`.`1` <> ( select 1 from `t1` as `t1_0` \nstraight_join `v0` as `v0_1` on `v0_1`.`1` like `v0_1`.`1` or\n\t`t1_0`.`col0` <= `t1_0`.`col1` \ncross join `v1` as `v1_2` on `v0_1`.`1` <> `v1_2`.`1` or\n\t`v0_1`.`1` > `t1_0`.`col4` or\n\t`v1_2`.`1` = `t1_0`.`col4` xor\n\t`v0_1`.`1` is not null limit 1 )and\n\t`t1_0`.`col0` <> `v4_3`.`1`", length = 1175 }, cs = 0xfa8520 } (gdb) bt full #0 free_io_cache (table=0x1a2f6db0) at /home/sbester/build/bzr/mysql-5.5-security/sql/sql_base.cc:883 No locals. #1 0x000000000059bf2b in JOIN::cleanup (this=0x19cb3a20, full=true) at /home/sbester/build/bzr/mysql-5.5-security/sql/sql_select.cc:7113 tab = end = #2 0x000000000059c768 in JOIN::destroy (this=) at /home/sbester/build/bzr/mysql-5.5-security/sql/sql_select.cc:2417 No locals. #3 0x00000000005e1958 in cleanup (this=0x19fb3708) at /home/sbester/build/bzr/mysql-5.5-security/sql/sql_union.cc:801 error = false #4 st_select_lex_unit::cleanup (this=0x19fb3708) at /home/sbester/build/bzr/mysql-5.5-security/sql/sql_union.cc:667 sl = 0x19fb3d28 error = #5 0x00000000005e1a18 in cleanup (this=0x159c1e18) at /home/sbester/build/bzr/mysql-5.5-security/sql/sql_union.cc:808 lex_unit = 0x19fb3708 error = false #6 st_select_lex_unit::cleanup (this=0x159c1e18) at /home/sbester/build/bzr/mysql-5.5-security/sql/sql_union.cc:667 sl = 0x159c2438 error = #7 0x0000000000575aed in mysql_execute_command (thd=0x159c0440) at /home/sbester/build/bzr/mysql-5.5-security/sql/sql_parse.cc:4360 up_result = lex = 0x159c1d68 select_lex = 0x159c2438 first_table = unit = 0x159c1e18 __FUNCTION__ = "mysql_execute_command" res = 1 all_tables = 0x15751788 have_table_map_for_update = false #8 0x0000000000579e5a in mysql_parse (thd=0x159c0440, rawbuf=, length=1175, parser_state=0x1a54e990) at /home/sbester/build/bzr/mysql-5.5-security/sql/sql_parse.cc:5496 found_semicolon = lex = 0x159c1d68 __FUNCTION__ = "mysql_parse" #9 0x000000000057adc3 in dispatch_command (command=COM_QUERY, thd=0x159c0440, packet=, packet_length=) at /home/sbester/build/bzr/mysql-5.5-security/sql/sql_parse.cc:1032 packet_end = parser_state = { m_lip = { m_thd = 0x159c0440, yylineno = 27, yytoklen = 1, yylval = 0x1a54dd20, lookahead_token = -1, lookahead_yylval = 0x0, m_ptr = 0x15751188 "xor\n\t`v0_1`.`1` is not null limit 1 )and\n\t`t1_0`.`col0` <> `v4_3`.`1`", m_tok_start = 0x15751188 "xor\n\t`v0_1`.`1` is not null limit 1 )and\n\t`t1_0`.`col0` <> `v4_3`.`1`", m_tok_end = 0x15751188 "xor\n\t`v0_1`.`1` is not null limit 1 )and\n\t`t1_0`.`col0` <> `v4_3`.`1`", m_end_of_query = 0x15751187 "", m_tok_start_prev = 0x15751187 "", m_buf = 0x15750cf0 "explain partitions select 1 from `t1` as `t1_0` \njoin `v2` as `v2_1` \nleft join `v0` as `v0_2` on `v2_1`.`1` not like `t1_0`.`col1` xor\n\t`t1_0`.`col4` > `v0_2`.`1` and\n\t`t1_0`.`col3` >= '1%' \ncross join `v4` as `v4_3` on `t1_0`.`a1` <> null xor\n\t`v0_2`.`1` >= `v4_3`.`1` <> ( select 1 from `t1` as `t1_0` \nstraight_join `v0` as `v0_1` on `v0_1`.`1` like `v0_1`.`1` or\n\t`t1_0`.`col0` <= `t1_0`.`col1` \ncross join `v1` as `v1_2` on `v0_1`.`1` <> `v1_2`.`1` or\n\t`v0_1`.`1` > `t1_0`.`col4` or\n\t`v1_2`.`1` = `t1_0`.`col4` xor\n\t`v0_1`.`1` is not null limit 1 )and\n\t`t1_0`.`col0` <> `v4_3`.`1` union select 1 from `t1` as `t1_0` \njoin `v2` as `v2_1` \nleft join `v0` as `v0_2` on `v2_1`.`1` not like `t1_0`.`col1` xor\n\t`t1_0`.`col4` > `v0_2`.`1` and\n\t`t1_0`.`col3` >= '1%' \ncross join `v4` as `v4_3` on `t1_0`.`a1` <> null xor\n\t`v0_2`.`1` >= `v4_3`.`1` <> ( select 1 from `t1` as `t1_0` \nstraight_join `v0` as `v0_1` on `v0_1`.`1` like `v0_1`.`1` or\n\t`t1_0`.`col0` <= `t1_0`.`col1` \ncross join `v1` as `v1_2` on `v0_1`.`1` <> `v1_2`.`1` or\n\t`v0_1`.`1` > `t1_0`.`col4` or\n\t`v1_2`.`1` = `t1_0`.`col4` xor\n\t`v0_1`.`1` is not null limit 1 )and\n\t`t1_0`.`col0` <> `v4_3`.`1`", m_buf_length = 1175, m_echo = true, m_echo_saved = false, m_cpp_buf = 0x157511e8 "explain partitions select 1 from `t1` as `t1_0` \njoin `v2` as `v2_1` \nleft join `v0` as `v0_2` on `v2_1`.`1` not like `t1_0`.`col1` xor\n\t`t1_0`.`col4` > `v0_2`.`1` and\n\t`t1_0`.`col3` >= '1%' \ncross join `v4` as `v4_3` on `t1_0`.`a1` <> null xor\n\t`v0_2`.`1` >= `v4_3`.`1` <> ( select 1 from `t1` as `t1_0` \nstraight_join `v0` as `v0_1` on `v0_1`.`1` like `v0_1`.`1` or\n\t`t1_0`.`col0` <= `t1_0`.`col1` \ncross join `v1` as `v1_2` on `v0_1`.`1` <> `v1_2`.`1` or\n\t`v0_1`.`1` > `t1_0`.`col4` or\n\t`v1_2`.`1` = `t1_0`.`col4` xor\n\t`v0_1`.`1` is not null limit 1 )and\n\t`t1_0`.`col0` <> `v4_3`.`1` union select 1 from `t1` as `t1_0` \njoin `v2` as `v2_1` \nleft join `v0` as `v0_2` on `v2_1`.`1` not like `t1_0`.`col1` xor\n\t`t1_0`.`col4` > `v0_2`.`1` and\n\t`t1_0`.`col3` >= '1%' \ncross join `v4` as `v4_3` on `t1_0`.`a1` <> null xor\n\t`v0_2`.`1` >= `v4_3`.`1` <> ( select 1 from `t1` as `t1_0` \nstraight_join `v0` as `v0_1` on `v0_1`.`1` like `v0_1`.`1` or\n\t`t1_0`.`col0` <= `t1_0`.`col1` \ncross join `v1` as `v1_2` on `v0_1`.`1` <> `v1_2`.`1` or\n\t`v0_1`.`1` > `t1_0`.`col4` or\n\t`v1_2`.`1` = `t1_0`.`col4` xor\n\t`v0_1`.`1` is not null limit 1 )and\n\t`t1_0`.`col0` <> `v4_3`.`1`", m_cpp_ptr = 0x1575167f "", m_cpp_tok_start = 0x1575167f "", m_cpp_tok_start_prev = 0x1575167f "", m_cpp_tok_end = 0x1575167f "", m_body_utf8 = 0x0, m_body_utf8_ptr = 0xffffffffffffffd8
, m_cpp_utf8_processed_ptr = 0x0, next_state = MY_LEX_END, found_semicolon = 0x0, tok_bitmap = 55 '7', ignore_space = false, stmt_prepare_mode = false, multi_statements = true, in_comment = NO_COMMENT, in_comment_saved = PRESERVE_COMMENT, m_cpp_text_start = 0x1575167d "1`", m_cpp_text_end = 0x1575167e "`", m_underscore_cs = 0x0 }, m_yacc = { yacc_yyss = 0x0, yacc_yyvs = 0x0, m_set_signal_info = { m_item = {[0] = 0x0 } }, m_lock_type = TL_READ_DEFAULT, m_mdl_type = MDL_SHARED_READ } } net = 0x159c0628 error = false __FUNCTION__ = "dispatch_command" #10 0x000000000061295b in do_handle_one_connection (thd_arg=) at /home/sbester/build/bzr/mysql-5.5-security/sql/sql_connect.cc:745 net = 0x159c0628 thd = 0x159c0440 #11 0x0000000000612a5c in handle_one_connection (arg=0x159c0440) at /home/sbester/build/bzr/mysql-5.5-security/sql/sql_connect.cc:684 thd = 0x159c0440 #12 0x00000030e1807761 in start_thread (arg=0x1a54f710) at pthread_create.c:301 __res = pd = 0x1a54f710 now = unwind_buf = { cancel_jmp_buf = {[0] = { jmp_buf = {[0] = 441775888, [1] = 8693714844800478769, [2] = 16687296, [3] = 441776592, [4] = 0, [5] = 3, [6] = 8693762844356734513, [7] = 8703070592759197233}, mask_was_saved = 0 }}, priv = { pad = {[0] = 0x0, [1] = 0x0, [2] = 0x0, [3] = 0x0}, data = { prev = 0x0, cleanup = 0x0, canceltype = 0 } } } not_first_call = sp = freesize = #13 0x00000030e14e14ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. (gdb) q A debugging session is active. Inferior 1 [process 20531] will be detached. Quit anyway? (y or n) y Detaching from program: /proc/20531/fd/10000, process 20531 ==18166== ==18166== Debugger has detached. Valgrind regains control. We continue. ==18166== Invalid read of size 8 ==18166== at 0x670BBD: filesort_free_buffers(TABLE*, bool) (filesort.cc:349) ==18166== by 0x59BF3E: JOIN::cleanup(bool) (sql_select.cc:7114) ==18166== by 0x59C767: JOIN::destroy() (sql_select.cc:2417) ==18166== by 0x5E1957: st_select_lex_unit::cleanup() (sql_union.cc:801) ==18166== by 0x5E1A17: st_select_lex_unit::cleanup() (sql_union.cc:808) ==18166== by 0x575AEC: mysql_execute_command(THD*) (sql_parse.cc:4360) ==18166== by 0x579E59: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5496) ==18166== by 0x57ADC2: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1032) ==18166== by 0x61295A: do_handle_one_connection(THD*) (sql_connect.cc:745) ==18166== by 0x612A5B: handle_one_connection (sql_connect.cc:684) ==18166== by 0x30E1807760: start_thread (pthread_create.c:301) ==18166== by 0x1A54F70F: ??? ==18166== Address 0x1a2f7640 is 2,208 bytes inside a block of size 3,560 free'd ==18166== at 0x4A04D72: free (vg_replace_malloc.c:325) ==18166== by 0x918530: free_root (my_alloc.c:365) ==18166== by 0x592FBD: free_tmp_table(THD*, TABLE*) (sql_select.cc:11145) ==18166== by 0x53CE1B: close_thread_tables(THD*) (sql_base.cc:1436) ==18166== by 0x5410FB: open_and_lock_tables(THD*, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) (sql_base.cc:5421) ==18166== by 0x572818: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_base.h:475) ==18166== by 0x57793E: mysql_execute_command(THD*) (sql_parse.cc:2046) ==18166== by 0x579E59: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5496) ==18166== by 0x57ADC2: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1032) ==18166== by 0x61295A: do_handle_one_connection(THD*) (sql_connect.cc:745) ==18166== by 0x612A5B: handle_one_connection (sql_connect.cc:684) ==18166== by 0x30E1807760: start_thread (pthread_create.c:301) ==18166== by 0x1A54F70F: ??? ==18166== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- n ==18166== Invalid write of size 8 ==18166== at 0x670BC9: filesort_free_buffers(TABLE*, bool) (filesort.cc:350) ==18166== by 0x59BF3E: JOIN::cleanup(bool) (sql_select.cc:7114) ==18166== by 0x59C767: JOIN::destroy() (sql_select.cc:2417) ==18166== by 0x5E1957: st_select_lex_unit::cleanup() (sql_union.cc:801) ==18166== by 0x5E1A17: st_select_lex_unit::cleanup() (sql_union.cc:808) ==18166== by 0x575AEC: mysql_execute_command(THD*) (sql_parse.cc:4360) ==18166== by 0x579E59: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5496) ==18166== by 0x57ADC2: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1032) ==18166== by 0x61295A: do_handle_one_connection(THD*) (sql_connect.cc:745) ==18166== by 0x612A5B: handle_one_connection (sql_connect.cc:684) ==18166== by 0x30E1807760: start_thread (pthread_create.c:301) ==18166== by 0x1A54F70F: ??? ==18166== Address 0x1a2f7640 is 2,208 bytes inside a block of size 3,560 free'd ==18166== at 0x4A04D72: free (vg_replace_malloc.c:325) ==18166== by 0x918530: free_root (my_alloc.c:365) ==18166== by 0x592FBD: free_tmp_table(THD*, TABLE*) (sql_select.cc:11145) ==18166== by 0x53CE1B: close_thread_tables(THD*) (sql_base.cc:1436) ==18166== by 0x5410FB: open_and_lock_tables(THD*, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) (sql_base.cc:5421) ==18166== by 0x572818: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_base.h:475) ==18166== by 0x57793E: mysql_execute_command(THD*) (sql_parse.cc:2046) ==18166== by 0x579E59: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5496) ==18166== by 0x57ADC2: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1032) ==18166== by 0x61295A: do_handle_one_connection(THD*) (sql_connect.cc:745) ==18166== by 0x612A5B: handle_one_connection (sql_connect.cc:684) ==18166== by 0x30E1807760: start_thread (pthread_create.c:301) ==18166== by 0x1A54F70F: ??? ==18166== ==18166== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- n ==18166== Invalid read of size 8 ==18166== at 0x670BD9: filesort_free_buffers(TABLE*, bool) (filesort.cc:354) ==18166== by 0x59BF3E: JOIN::cleanup(bool) (sql_select.cc:7114) ==18166== by 0x59C767: JOIN::destroy() (sql_select.cc:2417) ==18166== by 0x5E1957: st_select_lex_unit::cleanup() (sql_union.cc:801) ==18166== by 0x5E1A17: st_select_lex_unit::cleanup() (sql_union.cc:808) ==18166== by 0x575AEC: mysql_execute_command(THD*) (sql_parse.cc:4360) ==18166== by 0x579E59: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5496) ==18166== by 0x57ADC2: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1032) ==18166== by 0x61295A: do_handle_one_connection(THD*) (sql_connect.cc:745) ==18166== by 0x612A5B: handle_one_connection (sql_connect.cc:684) ==18166== by 0x30E1807760: start_thread (pthread_create.c:301) ==18166== by 0x1A54F70F: ??? ==18166== Address 0x1a2f7608 is 2,152 bytes inside a block of size 3,560 free'd ==18166== at 0x4A04D72: free (vg_replace_malloc.c:325) ==18166== by 0x918530: free_root (my_alloc.c:365) ==18166== by 0x592FBD: free_tmp_table(THD*, TABLE*) (sql_select.cc:11145) ==18166== by 0x53CE1B: close_thread_tables(THD*) (sql_base.cc:1436) ==18166== by 0x5410FB: open_and_lock_tables(THD*, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) (sql_base.cc:5421) ==18166== by 0x572818: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_base.h:475) ==18166== by 0x57793E: mysql_execute_command(THD*) (sql_parse.cc:2046) ==18166== by 0x579E59: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5496) ==18166== by 0x57ADC2: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1032) ==18166== by 0x61295A: do_handle_one_connection(THD*) (sql_connect.cc:745) ==18166== by 0x612A5B: handle_one_connection (sql_connect.cc:684) ==18166== by 0x30E1807760: start_thread (pthread_create.c:301) ==18166== by 0x1A54F70F: ??? ==18166== ==18166== ==18166== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- ==18166== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- n ==18166== Invalid write of size 8 ==18166== at 0x670BE5: filesort_free_buffers(TABLE*, bool) (filesort.cc:355) ==18166== by 0x59BF3E: JOIN::cleanup(bool) (sql_select.cc:7114) ==18166== by 0x59C767: JOIN::destroy() (sql_select.cc:2417) ==18166== by 0x5E1957: st_select_lex_unit::cleanup() (sql_union.cc:801) ==18166== by 0x5E1A17: st_select_lex_unit::cleanup() (sql_union.cc:808) ==18166== by 0x575AEC: mysql_execute_command(THD*) (sql_parse.cc:4360) ==18166== by 0x579E59: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5496) ==18166== by 0x57ADC2: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1032) ==18166== by 0x61295A: do_handle_one_connection(THD*) (sql_connect.cc:745) ==18166== by 0x612A5B: handle_one_connection (sql_connect.cc:684) ==18166== by 0x30E1807760: start_thread (pthread_create.c:301) ==18166== by 0x1A54F70F: ??? ==18166== Address 0x1a2f7608 is 2,152 bytes inside a block of size 3,560 free'd ==18166== at 0x4A04D72: free (vg_replace_malloc.c:325) ==18166== by 0x918530: free_root (my_alloc.c:365) ==18166== by 0x592FBD: free_tmp_table(THD*, TABLE*) (sql_select.cc:11145) ==18166== by 0x53CE1B: close_thread_tables(THD*) (sql_base.cc:1436) ==18166== by 0x5410FB: open_and_lock_tables(THD*, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) (sql_base.cc:5421) ==18166== by 0x572818: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_base.h:475) ==18166== by 0x57793E: mysql_execute_command(THD*) (sql_parse.cc:2046) ==18166== by 0x579E59: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5496) ==18166== by 0x57ADC2: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1032) ==18166== by 0x61295A: do_handle_one_connection(THD*) (sql_connect.cc:745) ==18166== by 0x612A5B: handle_one_connection (sql_connect.cc:684) ==18166== by 0x30E1807760: start_thread (pthread_create.c:301) ==18166== by 0x1A54F70F: ??? explain partitions select 1 from `t1` as `t1_0` join `v2` as `v2_1` left join `v0` as `v0_2` on `v2_1`.`1` not like `t1_0`.`col1` xor `t1_0`.`col4` > `v0_2`.`1` and `t1_0`.`col3` >= '1%' cross join `v4` as `v4_3` on `t1_0`.`a1` <> null xor `v0_2`.`1` >= `v4_3`.`1` <> ( select 1 from `t1` as `t1_0` straight_join `v0` as `v0_1` on `v0_1`.`1` like `v0_1`.`1` or `t1_0`.`col0` <= `t1_0`.`col1` cross join `v1` as `v1_2` on `v0_1`.`1` <> `v1_2`.`1` or `v0_1`.`1` > `t1_0`.`col4` or `v1_2`.`1` = `t1_0`.`col4` xor `v0_1`.`1` is not null limit 1 )and `t1_0`.`col0` <> `v4_3`.`1` union select 1 from `t1` as `t1_0` join `v2` as `v2_1` left join `v0` as `v0_2` on `v2_1`.`1` not like `t1_0`.`col1` xor `t1_0`.`col4` > `v0_2`.`1` and `t1_0`.`col3` >= '1%' cross join `v4` as `v4_3` on `t1_0`.`a1` <> null xor `v0_2`.`1` >= `v4_3`.`1` <> ( select 1 from `t1` as `t1_0` straight_join `v0` as `v0_1` on `v0_1`.`1` like `v0_1`.`1` or `t1_0`.`col0` <= `t1_0`.`col1` cross join `v1` as `v1_2` on `v0_1`.`1` <> `v1_2`.`1` or `v0_1`.`1` > `t1_0`.`col4` or `v1_2`.`1` = `t1_0`.`col4` xor `v0_1`.`1` is not null limit 1 )and `t1_0`.`col0` <> `v4_3`.`1` ;