[MDEV-39747] SIGSEGV in get_new_handler | mysql_rename_table | mysql_alter_table - Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.6, 10.11, 11.4, 11.8, 12.3, 13.0
Fix Version/s: 10.6, 10.11, 11.4, 11.8, 12.3
Component/s: Storage Engine - Connect
Labels:
None

Bug Category:
Can result in hang or crash
Sprint:
Q3/2026 Server Maintenance

Description

--source include/have_innodb.inc

INSTALL SONAME 'ha_connect.so';

CREATE TABLE t1 (c1 INT) ENGINE=CONNECT TABLE_TYPE=FIX FILE_NAME='/tmp/c_fix';

--ERROR ER_GET_ERRMSG

UPDATE t1 SET c1=123;

UNINSTALL SONAME 'ha_connect.so';

ALTER IGNORE TABLE t1 ENGINE=InnoDB;

Leads to:

CS 10.11.17 6eda0af40fa7bf5097303d1e7eb8e30632228993 (Optimized, Clang 18.1.3-11) Build 12/05/2026
Core was generated by `/test/MD120526-mariadb-10.11.17-linux-x86_64-opt/bin/mariadbd --no-defaults --l'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000075eaa88eb710 in ?? ()
[Current thread is 1 (LWP 2121345)]
(gdb) bt
#0 0x000075eaa88eb710 in ?? ()
#1 0x0000649ad7f790c5 in get_new_handler (share=<optimized out>, alloc=<optimized out>, db_type=0x6dd37c02be88)at /test/10.11_opt/sql/handler.cc:388
#2 0x0000649ad7def3be in mysql_rename_table (base=base@entry=0x6dd37c02be88, old_db=old_db@entry=0x75eaa8a4cd00, old_name=old_name@entry=0x75eaa8a4cd10, new_db=new_db@entry=0x75eaa8a4cd00, new_name=new_name@entry=0x75eaa8a4c3e0, id=id@entry=0x75eaa8a4cda0, flags=2) at /test/10.11_opt/sql/sql_table.cc:5481
#3 0x0000649ad7df63f0 in mysql_alter_table (thd=thd@entry=0x6dd37c000c68, new_db=new_db@entry=0x6dd37c005848, new_name=new_name@entry=0x6dd37c005ca8, create_info=create_info@entry=0x75eaa8a4ec58, table_list=0x6dd37c010d78, recreate_info=recreate_info@entry=0x75eaa8a4e3c0, alter_info=0x75eaa8a4eae8, order_num=0, order=0x0, ignore=<optimized out>, if_exists=<optimized out>) at /test/10.11_opt/sql/sql_table.cc:11840
#4 0x0000649ad7e62a78 in Sql_cmd_alter_table::execute (this=<optimized out>, thd=0x6dd37c000c68) at /test/10.11_opt/sql/sql_alter.cc:688
#5 0x0000649ad7d479d1 in mysql_execute_command (thd=thd@entry=0x6dd37c000c68, is_called_from_prepared_stmt=false)at /test/10.11_opt/sql/sql_parse.cc:6201
#6 0x0000649ad7d433d2 in mysql_parse (thd=thd@entry=0x6dd37c000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x75eaa8a4f540)at /test/10.11_opt/sql/sql_parse.cc:8223
#7 0x0000649ad7d418db in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x6dd37c000c68, packet=packet@entry=0x6dd37c008709 "", packet_length=packet_length@entry=35, blocking=true)at /test/10.11_opt/sql/sql_parse.cc:1924
#8 0x0000649ad7d43851 in do_command (thd=thd@entry=0x6dd37c000c68, blocking=true) at /test/10.11_opt/sql/sql_parse.cc:1434
#9 0x0000649ad7e5ca2d in do_handle_one_connection (connect=<optimized out>, connect@entry=0x649af33cbcf8, put_in_cache=true)at /test/10.11_opt/sql/sql_connect.cc:1475
#10 0x0000649ad7e5c856 in handle_one_connection (arg=arg@entry=0x649af33cbcf8)at /test/10.11_opt/sql/sql_connect.cc:1387
#11 0x0000649ad819906e in pfs_spawn_thread (arg=0x649af33cbd68)at /test/10.11_opt/storage/perfschema/pfs.cc:2201
#12 0x000075eab1e9caa4 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
#13 0x000075eab1f29c6c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

CS 10.11.17 6eda0af40fa7bf5097303d1e7eb8e30632228993 (Debug, Clang 18.1.3-11) Build 12/05/2026
Core was generated by `/test/MD120526-mariadb-10.11.17-linux-x86_64-dbg/bin/mariadbd --no-defaults --l'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000056bb799e43d6 in get_new_handler (share=0x0, alloc=0x6b5944006c80, db_type=0x6b5944033f98) at /test/10.11_dbg/sql/handler.cc:388

[Current thread is 1 (LWP 2115333)]
(gdb) bt
#0 0x000056bb799e43d6 in get_new_handler (share=0x0, alloc=0x6b5944006c80, db_type=0x6b5944033f98) at /test/10.11_dbg/sql/handler.cc:388
#1 0x000056bb7971c90a in mysql_rename_table (base=0x6b5944033f98, old_db=0x736c94048108, old_name=0x736c94048118, new_db=0x736c94048108, new_name=0x736c94047250, id=0x736c940481a8, flags=2)at /test/10.11_dbg/sql/sql_table.cc:5481
#2 0x000056bb79727f31 in mysql_alter_table (thd=0x6b5944000d58, new_db=0x6b5944005908, new_name=0x6b5944005d68, create_info=0x736c9404a1d0, table_list=0x6b5944013578, recreate_info=0x736c940498b0, alter_info=0x736c9404a060, order_num=0, order=0x0, ignore=true, if_exists=false)at /test/10.11_dbg/sql/sql_table.cc:11840
#3 0x000056bb797e787e in Sql_cmd_alter_table::execute (this=0x6b5944013ca0, thd=0x6b5944000d58) at /test/10.11_dbg/sql/sql_alter.cc:688
#4 0x000056bb7960f614 in mysql_execute_command (thd=0x6b5944000d58, is_called_from_prepared_stmt=false)at /test/10.11_dbg/sql/sql_parse.cc:6201
#5 0x000056bb795fd2e4 in mysql_parse (thd=0x6b5944000d58, rawbuf=0x6b5944013480 "ALTER IGNORE TABLE t1 ENGINE=InnoDB", length=35, parser_state=0x736c9404ba20) at /test/10.11_dbg/sql/sql_parse.cc:8223
#6 0x000056bb795fa739 in dispatch_command (command=COM_QUERY, thd=0x6b5944000d58, packet=0x6b594400af09 "", packet_length=35, blocking=true) at /test/10.11_dbg/sql/sql_parse.cc:1924
#7 0x000056bb795fde93 in do_command (thd=0x6b5944000d58, blocking=true)at /test/10.11_dbg/sql/sql_parse.cc:1434
#8 0x000056bb797dc789 in do_handle_one_connection (connect=0x56bba6db2fc8, put_in_cache=true) at /test/10.11_dbg/sql/sql_connect.cc:1475
#9 0x000056bb797dc522 in handle_one_connection (arg=0x56bba6e92198)at /test/10.11_dbg/sql/sql_connect.cc:1387
#10 0x000073707209caa4 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
#11 0x0000737072129c6c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

Bug Detection Matrix
Rel o/d Build Commit UniqueID observed
CS 10.11 dbg 220526 6f1204ad849b72a997fd34ce44a522d76716c24d SIGSEGV\|get_new_handler\|mysql_rename_table\|mysql_alter_table\|Sql_cmd_alter_table::execute
CS 10.11 opt 220526 6f1204ad849b72a997fd34ce44a522d76716c24d SIGSEGV\|get_new_handler\|mysql_rename_table\|mysql_alter_table\|Sql_cmd_alter_table::execute
CS 11.4 dbg 220526 19c59f2c79637cc360cc6d6b219ed9131124500d SIGSEGV\|get_new_handler\|mysql_rename_table\|mysql_alter_table\|Sql_cmd_alter_table::execute
CS 11.4 opt 220526 19c59f2c79637cc360cc6d6b219ed9131124500d SIGSEGV\|get_new_handler\|mysql_rename_table\|mysql_alter_table\|Sql_cmd_alter_table::execute
CS 11.8 dbg 220526 b494164767979072713fdeccc175ce3b3f5b1983 SIGSEGV\|get_new_handler\|mysql_rename_table\|mysql_alter_table\|Sql_cmd_alter_table::execute
CS 11.8 opt 220526 b494164767979072713fdeccc175ce3b3f5b1983 SIGSEGV\|get_new_handler\|mysql_rename_table\|mysql_alter_table\|Sql_cmd_alter_table::execute
CS 12.3 dbg 220526 66b3c6784689fbb65110a5b21efcb815a8bcde24 SIGSEGV\|get_new_handler\|mysql_rename_table\|mysql_alter_table\|Sql_cmd_alter_table::execute
CS 12.3 opt 220526 66b3c6784689fbb65110a5b21efcb815a8bcde24 SIGSEGV\|get_new_handler\|mysql_rename_table\|mysql_alter_table\|Sql_cmd_alter_table::execute
CS 13.0 dbg 220526 c8e8d33309606e682c98675d594dbd23ebc2ddf6 SIGSEGV\|get_new_handler\|mysql_rename_table\|mysql_alter_table\|Sql_cmd_alter_table::execute
CS 13.0 opt 220526 c8e8d33309606e682c98675d594dbd23ebc2ddf6 SIGSEGV\|get_new_handler\|mysql_rename_table\|mysql_alter_table\|Sql_cmd_alter_table::execute
ES 10.6 dbg 040825 9b794f34b48fb7eee490b6da44edc0f33a947447 SIGSEGV\|get_new_handler\|mysql_rename_table\|mysql_alter_table\|Sql_cmd_alter_table::execute
ES 10.6 opt 040825 9b794f34b48fb7eee490b6da44edc0f33a947447 SIGSEGV\|get_new_handler\|mysql_rename_table\|mysql_alter_table\|Sql_cmd_alter_table::execute
ES 11.4 dbg 040825 a1c03ccd54b582e75506687ee19b273ca897f261 SIGSEGV\|get_new_handler\|mysql_rename_table\|mysql_alter_table\|Sql_cmd_alter_table::execute
ES 11.4 opt 040825 a1c03ccd54b582e75506687ee19b273ca897f261 SIGSEGV\|get_new_handler\|mysql_rename_table\|mysql_alter_table\|Sql_cmd_alter_table::execute
ES 11.8 dbg 151025 780565c207e9ce0ebf7d8e3d59f223801447b619 SIGSEGV\|get_new_handler\|mysql_rename_table\|mysql_alter_table\|Sql_cmd_alter_table::execute
ES 11.8 opt 151025 780565c207e9ce0ebf7d8e3d59f223801447b619 SIGSEGV\|get_new_handler\|mysql_rename_table\|mysql_alter_table\|Sql_cmd_alter_table::execute

----- UBASAN Execution of the testcase ----- (Builds used: /test/UBASAN_MD220526-mariadb-12.3.2-linux-x86_64-opt and _dbg)

 opt: ASAN|heap-use-after-free|sql/handler.h|ha_storage_engine_is_enabled|get_new_handler|mysql_rename_table|mysql_alter_table

 dbg: ASAN|heap-use-after-free|sql/handler.h|ha_storage_engine_is_enabled|get_new_handler|mysql_rename_table|mysql_alter_table

Attachments

Activity

People

Assignee:: Oleksandr Byelkin

Reporter:: Ramesh Sivaraman

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2026-05-25 06:16

Updated:: 46 minutes ago

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.