export LD_LIBRARY_PATH=/export/umesh/utils/GCC-7.3.0/lib64 export CC=/export/umesh/utils/GCC-7.3.0/bin/gcc export CPP=/export/umesh/utils/GCC-7.3.0/bin/cpp export CXX=/export/umesh/utils/GCC-7.3.0/bin/c++ rm -rf bld/ mkdir bld && cd bld rm -rf CMakeCache.txt cmake .. \ -DBUILD_CONFIG=mysql_release \ -DINSTALL_LAYOUT=STANDALONE \ -DWITH_NDBCLUSTER_STORAGE_ENGINE=0 \ -DCMAKE_INSTALL_PREFIX=$PWD \ -DWITH_ASAN=ON \ -DWITH_BOOST=../boost \ -DCMAKE_BUILD_TYPE=Debug -DWITH_DEBUG=1 make -j32 make install cat docs/INFO_SRC commit: 219340a29ccb6522a108e6bf143be9c7e18164ed date: 2019-04-13 15:27:18 +0200 build-date: 2019-04-13 15:32:29 +0200 short: 219340a branch: mysql-5.7.26-release MySQL source 5.7.26 rm -rf 94580 bin/mysqld-debug --initialize-insecure --basedir=$PWD --datadir=$PWD/94580 --log-error-verbosity=3 bin/mysqld-debug --no-defaults --basedir=$PWD --datadir=$PWD/94580 --core-file --socket=/tmp/mysql_ushastry57.sock --port=6666 --log-error=$PWD/94580/log.err --log-error-verbosity=3 --secure-file-priv=/tmp/ 2>&1 & bin/mysql -uroot -S /tmp/mysql_ushastry57.sock Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 2 Server version: 5.7.26-debug-asan MySQL Community Server (GPL) Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> create database kz; Query OK, 1 row affected (0.00 sec) mysql> use kz; Database changed mysql> CREATE TABLE t1( -> a INT not null, -> b CHAR(4) not null, -> c TEXT GENERATED ALWAYS AS ((a <> b)) VIRTUAL, -> UNIQUE KEY i1 (a), -> UNIQUE KEY i2 (c(1)) -> ) ENGINE=INNODB; Query OK, 0 rows affected (0.02 sec) mysql>set sql_mode=''; mysql> insert into t1 set a=1; Query OK, 1 row affected, 1 warning (0.00 sec) mysql> insert into t1 set a=0; Query OK, 1 row affected, 1 warning (0.00 sec) mysql> mysql> replace into t1 set b ='1'; ERROR 2013 (HY000): Lost connection to MySQL server during query mysql> \q Bye [1]+ Exit 1 bin/mysqld-debug --no-defaults --basedir=$PWD --datadir=$PWD/94580 --core-file --socket=/tmp/mysql_ushastry57.sock --port=6666 --log-error=$PWD/94580/log.err --log-error-verbosity=3 --secure-file-priv=/tmp/ 2>&1 [umshastr@hod03]/export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/bld: cat 94580/log.err 2019-07-05T09:56:39.904772Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). 2019-07-05T09:56:39.943765Z 0 [Warning] Insecure configuration for --secure-file-priv: Location is accessible to all OS users. Consider choosing a different directory. 2019-07-05T09:56:39.944052Z 0 [Note] bin/mysqld-debug (mysqld 5.7.26-debug-asan) starting as process 10888 ... 2019-07-05T09:56:39.950622Z 0 [Warning] setrlimit could not change the size of core files to 'infinity'; We may not be able to generate a core file on signals 2019-07-05T09:56:39.958836Z 0 [Note] InnoDB: PUNCH HOLE support available 2019-07-05T09:56:39.958915Z 0 [Note] InnoDB: !!!!!!!! UNIV_DEBUG switched on !!!!!!!!! 2019-07-05T09:56:39.958950Z 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins 2019-07-05T09:56:39.958987Z 0 [Note] InnoDB: Uses event mutexes 2019-07-05T09:56:39.959037Z 0 [Note] InnoDB: GCC builtin __atomic_thread_fence() is used for memory barrier 2019-07-05T09:56:39.959069Z 0 [Note] InnoDB: Compressed tables use zlib 1.2.11 2019-07-05T09:56:39.959094Z 0 [Note] InnoDB: Using Linux native AIO 2019-07-05T09:56:39.961292Z 0 [Note] InnoDB: Number of pools: 1 2019-07-05T09:56:39.961762Z 0 [Note] InnoDB: Using CPU crc32 instructions 2019-07-05T09:56:39.966603Z 0 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M 2019-07-05T09:56:40.218019Z 0 [Note] InnoDB: Completed initialization of buffer pool 2019-07-05T09:56:40.567526Z 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority(). 2019-07-05T09:56:40.577676Z 0 [Note] InnoDB: Highest supported file format is Barracuda. 2019-07-05T09:56:40.782460Z 0 [Note] InnoDB: Creating shared tablespace for temporary tables 2019-07-05T09:56:40.783073Z 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ... 2019-07-05T09:56:40.834451Z 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB. 2019-07-05T09:56:40.869060Z 0 [Note] InnoDB: 96 redo rollback segment(s) found. 96 redo rollback segment(s) are active. 2019-07-05T09:56:40.869134Z 0 [Note] InnoDB: 32 non-redo rollback segment(s) are active. 2019-07-05T09:56:40.912553Z 0 [Note] InnoDB: Waiting for purge to start 2019-07-05T09:56:40.963119Z 0 [Note] InnoDB: 5.7.26 started; log sequence number 2525400 2019-07-05T09:56:40.963789Z 0 [Note] InnoDB: Loading buffer pool(s) from /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/bld/94580/ib_buffer_pool 2019-07-05T09:56:40.965680Z 0 [Note] Plugin 'FEDERATED' is disabled. 2019-07-05T09:56:40.971613Z 0 [Note] InnoDB: Buffer pool(s) load completed at 190705 11:56:40 2019-07-05T09:56:40.990041Z 0 [Warning] Failed to set up SSL because of the following SSL library error: SSL context is not usable without certificate and private key 2019-07-05T09:56:40.990094Z 0 [Note] Server hostname (bind-address): '*'; port: 6666 2019-07-05T09:56:40.990167Z 0 [Note] IPv6 is available. 2019-07-05T09:56:40.990190Z 0 [Note] - '::' resolves to '::'; 2019-07-05T09:56:40.990311Z 0 [Note] Server socket created on IP: '::'. 2019-07-05T09:56:41.190645Z 0 [Note] Event Scheduler: Loaded 0 events 2019-07-05T09:56:41.259156Z 0 [Note] bin/mysqld-debug: ready for connections. Version: '5.7.26-debug-asan' socket: '/tmp/mysql_ushastry57.sock' port: 6666 MySQL Community Server (GPL) ================================================================= ==10888==ERROR: AddressSanitizer: heap-use-after-free on address 0x60600003dba0 at pc 0x7fc7058ef5a3 bp 0x7fc6dac06f20 sp 0x7fc6dac066d0 READ of size 1 at 0x60600003dba0 thread T28 #0 0x7fc7058ef5a2 in __interceptor_memcmp ../../.././libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:627 #1 0x2525c18 in calc_row_difference /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/storage/innobase/handler/ha_innodb.cc:7949 #2 0x253b74c in ha_innobase::update_row(unsigned char const*, unsigned char*) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/storage/innobase/handler/ha_innodb.cc:8221 #3 0x9316d7 in handler::ha_update_row(unsigned char const*, unsigned char*) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/handler.cc:8103 #4 0x2196e67 in write_record(THD*, TABLE*, COPY_INFO*, COPY_INFO*) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/sql_insert.cc:1816 #5 0x219b5a9 in Sql_cmd_insert::mysql_insert(THD*, TABLE_LIST*) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/sql_insert.cc:769 #6 0x219d279 in Sql_cmd_insert::execute(THD*) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/sql_insert.cc:3118 #7 0x1be1f5c in mysql_execute_command(THD*, bool) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/sql_parse.cc:3596 #8 0x1bf2b60 in mysql_parse(THD*, Parser_state*) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/sql_parse.cc:5570 #9 0x1bf74f9 in dispatch_command(THD*, COM_DATA const*, enum_server_command) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/sql_parse.cc:1484 #10 0x1bfd617 in do_command(THD*) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/sql_parse.cc:1025 #11 0x1edd916 in handle_connection /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/conn_handler/connection_handler_per_thread.cc:306 #12 0x2fd935f in pfs_spawn_thread /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/storage/perfschema/pfs.cc:2190 #13 0x7fc70562fdf4 in start_thread (/lib64/libpthread.so.0+0x7df4) #14 0x7fc703e6b60c in __clone (/lib64/libc.so.6+0xf660c) 0x60600003dba0 is located 32 bytes inside of 56-byte region [0x60600003db80,0x60600003dbb8) freed by thread T28 here: #0 0x7fc70591d5c8 in __interceptor_free ../../.././libsanitizer/asan/asan_malloc_linux.cc:45 #1 0x245ae78 in my_raw_free /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/mysys/my_malloc.c:290 #2 0x245ae78 in my_free /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/mysys/my_malloc.c:133 #3 0x1e6d133 in String::mem_free() /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/include/sql_string.h:337 #4 0x1e6d133 in String::takeover(String&) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/include/sql_string.h:410 #5 0x1e6d133 in Field_blob::keep_old_value() /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/field.h:3964 #6 0x1e6d133 in update_generated_read_fields(unsigned char*, TABLE*, unsigned int) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/table.cc:7762 #7 0x919598 in handler::ha_index_read_idx_map(unsigned char*, unsigned int, unsigned char const*, unsigned long, ha_rkey_function) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/handler.cc:3095 #8 0x2198105 in write_record(THD*, TABLE*, COPY_INFO*, COPY_INFO*) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/sql_insert.cc:1629 #9 0x219b5a9 in Sql_cmd_insert::mysql_insert(THD*, TABLE_LIST*) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/sql_insert.cc:769 #10 0x219d279 in Sql_cmd_insert::execute(THD*) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/sql_insert.cc:3118 #11 0x1be1f5c in mysql_execute_command(THD*, bool) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/sql_parse.cc:3596 #12 0x1bf2b60 in mysql_parse(THD*, Parser_state*) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/sql_parse.cc:5570 #13 0x1bf74f9 in dispatch_command(THD*, COM_DATA const*, enum_server_command) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/sql_parse.cc:1484 #14 0x1bfd617 in do_command(THD*) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/sql_parse.cc:1025 #15 0x1edd916 in handle_connection /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/conn_handler/connection_handler_per_thread.cc:306 #16 0x2fd935f in pfs_spawn_thread /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/storage/perfschema/pfs.cc:2190 #17 0x7fc70562fdf4 in start_thread (/lib64/libpthread.so.0+0x7df4) previously allocated by thread T28 here: #0 0x7fc70591d920 in __interceptor_malloc ../../.././libsanitizer/asan/asan_malloc_linux.cc:62 #1 0x245a889 in my_raw_malloc /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/mysys/my_malloc.c:191 #2 0x245a889 in my_malloc /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/mysys/my_malloc.c:54 #3 0x1ed6966 in String::real_alloc(unsigned long) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql-common/sql_string.cc:50 #4 0x1ed6ff8 in String::alloc(unsigned long) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/include/sql_string.h:347 #5 0x1ed6ff8 in String::set_int(long long, bool, charset_info_st const*) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql-common/sql_string.cc:185 #6 0x8988d3 in Field_blob::store(long long, bool) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/field.cc:8280 #7 0x9674f7 in Item::save_in_field_inner(Field*, bool) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/item.cc:6891 #8 0x993839 in Item::save_in_field(Field*, bool) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/item.cc:6757 #9 0x1e6de7f in update_generated_write_fields(st_bitmap const*, TABLE*) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/table.cc:7845 #10 0x1a8d3a8 in fill_record(THD*, TABLE*, List&, List&, st_bitmap*, st_bitmap*) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/sql_base.cc:9330 #11 0x1a8df4c in fill_record_n_invoke_before_triggers(THD*, COPY_INFO*, List&, List&, TABLE*, enum_trigger_event_type, int) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/sql_base.cc:9589 #12 0x219ae53 in Sql_cmd_insert::mysql_insert(THD*, TABLE_LIST*) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/sql_insert.cc:705 #13 0x219d279 in Sql_cmd_insert::execute(THD*) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/sql_insert.cc:3118 #14 0x1be1f5c in mysql_execute_command(THD*, bool) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/sql_parse.cc:3596 #15 0x1bf2b60 in mysql_parse(THD*, Parser_state*) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/sql_parse.cc:5570 #16 0x1bf74f9 in dispatch_command(THD*, COM_DATA const*, enum_server_command) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/sql_parse.cc:1484 #17 0x1bfd617 in do_command(THD*) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/sql_parse.cc:1025 #18 0x1edd916 in handle_connection /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/conn_handler/connection_handler_per_thread.cc:306 #19 0x2fd935f in pfs_spawn_thread /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/storage/perfschema/pfs.cc:2190 #20 0x7fc70562fdf4 in start_thread (/lib64/libpthread.so.0+0x7df4) Thread T28 created by T0 here: #0 0x7fc70587b090 in __interceptor_pthread_create ../../.././libsanitizer/asan/asan_interceptors.cc:243 #1 0x247c5b7 in my_thread_create /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/mysys/my_thread.c:92 #2 0x2fe0d5f in pfs_spawn_thread_v1 /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/storage/perfschema/pfs.cc:2241 #3 0x1ede942 in inline_mysql_thread_create /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/include/mysql/psi/mysql_thread.h:1297 #4 0x1ede942 in Per_thread_connection_handler::add_connection(Channel_info*) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/conn_handler/connection_handler_per_thread.cc:410 #5 0x848ba6 in Connection_handler_manager::process_new_connection(Channel_info*) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/conn_handler/connection_handler_manager.cc:268 #6 0x7c9cbb in Connection_acceptor::connection_event_loop() /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/conn_handler/connection_acceptor.h:68 #7 0x7c9cbb in mysqld_main(int, char**) /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/mysqld.cc:5149 #8 0x7add40 in main /export/umesh/server/source/bugs/src_build/fb_builds/96100/mysql-5.7.26/sql/main.cc:25 #9 0x7fc703d96af4 in __libc_start_main (/lib64/libc.so.6+0x21af4) SUMMARY: AddressSanitizer: heap-use-after-free ../../.././libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:627 in __interceptor_memcmp Shadow bytes around the buggy address: 0x0c0c7ffffb20: 00 00 02 fa fa fa fa fa 00 00 00 00 00 00 00 04 0x0c0c7ffffb30: fa fa fa fa 00 00 00 00 00 00 04 fa fa fa fa fa 0x0c0c7ffffb40: fd fd fd fd fd fd fd fa fa fa fa fa 00 00 00 00 0x0c0c7ffffb50: 00 00 00 00 fa fa fa fa fd fd fd fd fd fd fd fa 0x0c0c7ffffb60: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa =>0x0c0c7ffffb70: fd fd fd fd[fd]fd fd fa fa fa fa fa fd fd fd fd 0x0c0c7ffffb80: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fa 0x0c0c7ffffb90: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa 0x0c0c7ffffba0: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd 0x0c0c7ffffbb0: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd 0x0c0c7ffffbc0: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==10888==ABORTING