Bug #70205 Valgrind: Invalid write of size 4 in memset from init_key_cache
Submitted: 31 Aug 2013 1:37 Modified: 28 Mar 2015 12:27
Reporter: Roel Van de Paar Email Updates:
Status: Can't repeat Impact on me:
None 
Category:MySQL Server: MyISAM storage engine Severity:S2 (Serious)
Version:5.6 OS:Any
Assigned to: CPU Architecture:Any

[31 Aug 2013 1:37] Roel Van de Paar
Description:
==21764== Thread 41:
==21764== Invalid write of size 4
==21764==    at 0x4C2A97C: memset (mc_replace_strmem.c:1007)
==21764==    by 0xA9F446: init_key_cache (mf_keycache.c:461)
==21764==    by 0x63F008: ha_init_key_cache (handler.cc:5048)
==21764==    by 0x879DD9: update_buffer_size(THD*, st_key_cache*, long, unsigned long long) (sys_vars.cc:119)
==21764==    by 0x88F7C6: Sys_var_keycache::global_update(THD*, set_var*) (sys_vars.h:768)
==21764==    by 0x7281D1: sys_var::update(THD*, set_var*) (set_var.cc:194)
==21764==    by 0x72930B: set_var::update(THD*) (set_var.cc:670)
==21764==    by 0x728EDD: sql_set_variables(THD*, List<set_var_base>*) (set_var.cc:573)
==21764==    by 0x7DD512: mysql_execute_command(THD*) (sql_parse.cc:3666)
==21764==    by 0x7E4115: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:6187)
==21764==    by 0x7D7521: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1334)
==21764==    by 0x7D6683: do_command(THD*) (sql_parse.cc:1036)
==21764==    by 0x79C18C: do_handle_one_connection(THD*) (sql_connect.cc:977)
==21764==    by 0x79BC68: handle_one_connection (sql_connect.cc:893)
==21764==    by 0xB12039: pfs_spawn_thread (pfs.cc:1855)
==21764==    by 0x4E36850: start_thread (in /lib64/libpthread-2.12.so)
==21764==  Address 0x44be3254 is not stack'd, malloc'd or (recently) free'd
==21764==

How to repeat:
May be related to USE <db> then INSERT query.

Suggested fix:
Review code, find bug
[31 Aug 2013 1:38] Roel Van de Paar
Adding version
[31 Aug 2013 6:44] MySQL Verification Team
what was the exact statement to cause this?  Looks like some SET global key_buffer_size = ...  statement.  Had previous ones failed?
[31 Aug 2013 9:22] MySQL Verification Team
I'd think this could happen if linux is returning a non-null pointer from my_malloc but in fact is out of memory (overcommit?) ?
[31 Aug 2013 15:53] MySQL Verification Team
would be nice to know how this was triggered. simple random tests here didn't show any problems. also, try trigger crash without using valgrind. last time i checked, it didn't like large malloc unless you recompiled it with increased variables.
[5 Sep 2013 0:02] Roel Van de Paar
Command used on debug Valgrind instrumented build (ref lp:percona_qa/build_mysql.sh and use the "val" one)

Attachment: cmd619 (application/octet-stream, text), 868 bytes.

[5 Sep 2013 0:03] Roel Van de Paar
yy file

Attachment: 87.yy (application/octet-stream, text), 1.31 MiB.

[5 Sep 2013 0:03] Roel Van de Paar
Thanks Shane!
[5 Sep 2013 0:06] Roel Van de Paar
(Script needs CR before cd /sdd/randgen, bad edit)
[10 Dec 2013 7:43] Roel Van de Paar
Hi Shane,

Any more success?
[10 Mar 2014 7:17] MySQL Verification Team
Seen this related crash once on a test also (5.6.18)

mysqld.exe!unlink_block()[mf_keycache.c:1242]
mysqld.exe!reg_requests()[mf_keycache.c:1293]
mysqld.exe!flush_key_blocks_int()[mf_keycache.c:3929]
mysqld.exe!flush_key_blocks()[mf_keycache.c:4052]
mysqld.exe!flush_blocks()[mi_check.c:1923]
mysqld.exe!mi_repair_by_sort()[mi_check.c:2546]
mysqld.exe!ha_myisam::repair()[ha_myisam.cc:1105]
mysqld.exe!ha_myisam::enable_indexes()[ha_myisam.cc:1405]
mysqld.exe!ha_myisam::end_bulk_insert()[ha_myisam.cc:1540]
mysqld.exe!copy_data_between_tables()[sql_table.cc:8971]
mysqld.exe!mysql_alter_table()[sql_table.cc:8440]
mysqld.exe!Sql_cmd_alter_table::execute()[sql_alter.cc:313]
mysqld.exe!mysql_execute_command()[sql_parse.cc:4937]
mysqld.exe!mysql_parse()[sql_parse.cc:6240]
mysqld.exe!dispatch_command()[sql_parse.cc:1337]
mysqld.exe!do_command()[sql_parse.cc:1042]
mysqld.exe!do_handle_one_connection()[sql_connect.cc:982]
mysqld.exe!handle_one_connection()[sql_connect.cc:900]
mysqld.exe!pthread_start()[my_winthread.c:63]
mysqld.exe!_callthreadstartex()[threadex.c:314]
mysqld.exe!_threadstartex()[threadex.c:292]
[19 May 2014 2:12] Roel Van de Paar
Hi Shane, how is this one going? See status is set to analyzing. Thanks
[28 Mar 2015 12:27] MySQL Verification Team
never seen this particular crash, even after running a full grammar test workload.
if it happens again, please try reduce a testcase and see if it crashes outside of valgrind