Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.6, 10.11, 11.4, 11.8, 12.1, 11.4.8
-
Can result in hang or crash
-
Q4/2025 Server Maintenance
Description
Running myisamchk -V aborts when it's freeing memory. This seems to be easily reproducible with all environment it tried (debian:stable and fedora:42).
Just untar mariadb-11.4.8-linux-systemd-x86_64.tar.gz and run:
root@aa067c4b5730:/work# ./mariadb-11.4.8-linux-systemd-x86_64/bin/myisamchk -V
|
./mariadb-11.4.8-linux-systemd-x86_64/bin/myisamchk from 11.4.8-MariaDB, client 2.7 for linux-systemd (x86_64)
|
double free or corruption (!prev)
|
Aborted (core dumped)
|
Backtrace:
[root@383b576c3f28 /]# gdb /usr/bin/myisamchk
|
GNU gdb ... 16.3-1 ...
|
|
|
...
|
|
|
(gdb) run -V
|
Starting program: /usr/bin/myisamchk -V
|
warning: Error disabling address space randomization: Function not implemented
|
[Thread debugging using libthread_db enabled]
|
Using host libthread_db library "/lib64/libthread_db.so.1".
|
/usr/bin/myisamchk from 11.4.8-MariaDB, client 2.7 for Linux (x86_64)
|
double free or corruption (!prev)
|
|
|
Program received signal SIGABRT, Aborted.
|
__pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
|
44 return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO (ret) : 0;
|
(gdb) bt
|
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
|
#1 0x00007f47a72860f3 in __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:89
|
#2 0x00007f47a722ca6e in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
|
#3 0x00007f47a72146d0 in __GI_abort () at abort.c:77
|
#4 0x00007f47a72156f3 in __libc_message_impl (fmt=fmt@entry=0x7f47a73c644c "%s\n") at ../sysdeps/posix/libc_fatal.c:134
|
#5 0x00007f47a72901f5 in malloc_printerr (str=str@entry=0x7f47a73c9640 "double free or corruption (!prev)") at malloc.c:5829
|
#6 0x00007f47a729250c in _int_free_merge_chunk (av=0x7f47a73faac0 <main_arena>, p=0x5629010f1370, size=12320) at malloc.c:4721
|
#7 0x00007f47a729266f in _int_free_chunk (av=<optimized out>, p=<optimized out>, size=<optimized out>, have_lock=<optimized out>, have_lock@entry=0) at malloc.c:4667
|
#8 0x00007f47a729548d in _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:4699
|
#9 __GI___libc_free (mem=<optimized out>) at malloc.c:3476
|
#10 0x00005628fbda6bf8 in my_free (ptr=<optimized out>) at /usr/src/debug/mariadb-11.4.8-1.x86_64/mysys/my_malloc.c:221
|
#11 0x00005628fbda8d09 in root_free (root=0x7ffd645f4680, ptr=<optimized out>, size=<optimized out>) at /usr/src/debug/mariadb-11.4.8-1.x86_64/mysys/my_alloc.c:77
|
#12 free_root (root=0x7ffd645f4680, MyFlags=<optimized out>) at /usr/src/debug/mariadb-11.4.8-1.x86_64/mysys/my_alloc.c:517
|
#13 0x00005628fbd9b92a in free_defaults (argv=<optimized out>) at /usr/src/debug/mariadb-11.4.8-1.x86_64/mysys/my_default.c:503
|
#14 0x00005628fbd62c67 in my_exit (exit_state=exit_state@entry=0) at /usr/src/debug/mariadb-11.4.8-1.x86_64/storage/myisam/myisamchk.c:138
|
#15 0x00005628fbd63ba8 in get_one_option (opt=<optimized out>, argument=<optimized out>, filename=<optimized out>) at /usr/src/debug/mariadb-11.4.8-1.x86_64/storage/myisam/myisamchk.c:748
|
#16 0x00005628fbdaf77b in handle_options.constprop.0 (argc=0x7ffd645f4a7c, argv=<optimized out>, longopts=<optimized out>, get_one_option=<optimized out>, get_one_option=<optimized out>, longopts=<optimized out>) at /usr/src/debug/mariadb-11.4.8-1.x86_64/mysys/my_getopt.c:611
|
#17 0x00005628fbd623f9 in get_options (argc=0x7ffd645f4a7c, argv=0x7ffd645f4a70) at /usr/src/debug/mariadb-11.4.8-1.x86_64/storage/myisam/myisamchk.c:763
|
#18 main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/mariadb-11.4.8-1.x86_64/storage/myisam/myisamchk.c:83
|
(gdb)
|