Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-39758

SIGSEGV in base_list_iterator::next|List_iterator<partition_element>::operator++|set_part_state

    XMLWordPrintable

Details

    • Can result in hang or crash
    • Q3/2026 Server Maintenance

    Description

      CREATE OR REPLACE TABLE t  AS SELECT 1 ;
      		 
      CREATE OR REPLACE TABLE t1 LIKE t;
      		 
      CREATE TEMPORARY TABLE t1 (c INT) ;
      		 
      ALTER TABLE t1 ENGINE=mrg_myisam UNION=(t);
      		 
      ALTER TABLE t1 REPAIR PARTITION ALL EXTENDED USE_FRM;
      		 
       
      		 
      #clean up 
      DROP TABLE t, t1;

      Leads to:

      CS 13.0.1 c8e8d33309606e682c98675d594dbd23ebc2ddf6 (Optimized, Clang 18.1.3-11) Build 21/05/2026

      		 
      Core was generated by `/test/MD210526-mariadb-13.0.1-linux-x86_64-opt/bin/mariadbd --no-defaults --loo'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  base_list_iterator::next (this=<optimized out>)at /test/13.0_opt/sql/sql_list.h:426
      		 
       
      		 
      [Current thread is 1 (LWP 2797688)]
      		 
      (gdb) bt
      		 
      #0  base_list_iterator::next (this=<optimized out>) at /test/13.0_opt/sql/sql_list.h:426
      		 
      #1  List_iterator<partition_element>::operator++ (this=<optimized out>) at /test/13.0_opt/sql/sql_list.h:608
      		 
      #2  set_part_state (alter_info=alter_info@entry=0x7f6714006bf8, tab_part_info=0x0, part_state=part_state@entry=PART_NORMAL) at /test/13.0_opt/sql/sql_partition.cc:4749
      		 
      #3  0x0000577c0b53d146 in mysql_admin_table (thd=thd@entry=0x7f6714000c68, tables=tables@entry=0x7f67140135f8, check_opt=check_opt@entry=0x7f6714006568, operator_name=0x577c0c58f828 <msg_repair>, lock_type=lock_type@entry=TL_WRITE, org_open_for_modify=true, no_errors_from_open=<optimized out>, extra_open_options=32, prepare_func=0x577c0b53e3a0 <prepare_for_repair(THD*, TABLE_LIST*, st_ha_check_opt*)>, operator_func=(int (handler::*)(class handler * const, class THD *, HA_CHECK_OPT *)) 0x577c0b6925b0 <handler::ha_repair(THD*, st_ha_check_opt*)>, view_operator_func=0x577c0b4eacd0 <view_repair(THD*, TABLE_LIST*, st_ha_check_opt*)>, is_cmd_replicated=<optimized out>) at /test/13.0_opt/sql/sql_admin.cc:954
      		 
      #4  0x0000577c0b53e374 in Sql_cmd_repair_table::execute (this=<optimized out>, thd=0x7f6714000c68) at /test/13.0_opt/sql/sql_admin.cc:1755
      		 
      #5  0x0000577c0b3ffd31 in mysql_execute_command (thd=thd@entry=0x7f6714000c68, is_called_from_prepared_stmt=false) at /test/13.0_opt/sql/sql_parse.cc:5902
      		 
      #6  0x0000577c0b3fb1a1 in mysql_parse (thd=thd@entry=0x7f6714000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7f674619b4d0) at /test/13.0_opt/sql/sql_parse.cc:7942
      		 
      #7  0x0000577c0b3f95bd in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7f6714000c68, packet=packet@entry=0x7f6714008cf9 "", packet_length=packet_length@entry=52, blocking=true) at /test/13.0_opt/sql/sql_parse.cc:1898
      		 
      #8  0x0000577c0b3fb5b1 in do_command (thd=thd@entry=0x7f6714000c68, blocking=true) at /test/13.0_opt/sql/sql_parse.cc:1432
      		 
      #9  0x0000577c0b52dafd in do_handle_one_connection (connect=<optimized out>, connect@entry=0x577c1d778798, put_in_cache=true) at /test/13.0_opt/sql/sql_connect.cc:1503
      		 
      #10 0x0000577c0b52d8bf in handle_one_connection (arg=arg@entry=0x577c1d778798) at /test/13.0_opt/sql/sql_connect.cc:1415
      		 
      #11 0x0000577c0b8f2863 in pfs_spawn_thread (arg=0x577c1d6ea7c8) at /test/13.0_opt/storage/perfschema/pfs.cc:2198
      		 
      #12 0x00007f674c29caa4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:447
      		 
      #13 0x00007f674c329c6c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

      CS 13.0.1 c8e8d33309606e682c98675d594dbd23ebc2ddf6 (Debug, Clang 18.1.3-11) Build 21/05/2026

      		 
      Core was generated by `/test/MD210526-mariadb-13.0.1-linux-x86_64-dbg/bin/mariadbd --no-defaults --loo'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  0x000061bd889b16d8 in base_list_iterator::next (this=0x7dc47c28a958)at /test/13.0_dbg/sql/sql_list.h:426
      		 
       
      		 
      [Current thread is 1 (LWP 2796227)]
      		 
      (gdb) bt
      		 
      #0  0x000061bd889b16d8 in base_list_iterator::next (this=0x7dc47c28a958)at /test/13.0_dbg/sql/sql_list.h:426
      		 
      #1  0x000061bd88b63d28 in List_iterator<partition_element>::operator++ (this=0x7dc47c28a958) at /test/13.0_dbg/sql/sql_list.h:608
      		 
      #2  0x000061bd88b54c1d in set_part_state (alter_info=0x75c38c006cc0, tab_part_info=0x0, part_state=PART_NORMAL)at /test/13.0_dbg/sql/sql_partition.cc:4749
      		 
      #3  0x000061bd88d46522 in mysql_admin_table (thd=0x75c38c000d58, tables=0x75c38c01a268, check_opt=0x75c38c006630, operator_name=0x61bd8a566158 <msg_repair>, lock_type=TL_WRITE, org_open_for_modify=true, no_errors_from_open=true, extra_open_options=32, prepare_func=0x61bd88d49800 <prepare_for_repair(THD*, TABLE_LIST*, st_ha_check_opt*)>, operator_func=(int (handler::*)(handler * const, THD *, HA_CHECK_OPT *)) 0x61bd88f9f260 <handler::ha_repair(THD*, st_ha_check_opt*)>, view_operator_func=0x61bd88cb6e90 <view_repair(THD*, TABLE_LIST*, st_ha_check_opt*)>, is_cmd_replicated=true) at /test/13.0_dbg/sql/sql_admin.cc:954
      		 
      #4  0x000061bd88d497bb in Sql_cmd_repair_table::execute (this=0x75c38c01a9b8, thd=0x75c38c000d58) at /test/13.0_dbg/sql/sql_admin.cc:1755
      		 
      #5  0x000061bd88d30ef7 in Sql_cmd_alter_table_repair_partition::execute (this=0x75c38c01a9b8, thd=0x75c38c000d58)at /test/13.0_dbg/sql/sql_partition_admin.cc:836
      		 
      #6  0x000061bd88b3eb8d in mysql_execute_command (thd=0x75c38c000d58, is_called_from_prepared_stmt=false) at /test/13.0_dbg/sql/sql_parse.cc:5902
      		 
      #7  0x000061bd88b2dd74 in mysql_parse (thd=0x75c38c000d58, rawbuf=0x75c38c01a150 "ALTER TABLE t3 REPAIR PARTITION ALL EXTENDED USE_FRM", length=52, parser_state=0x7dc47c28dab0)at /test/13.0_dbg/sql/sql_parse.cc:7942
      		 
      #8  0x000061bd88b2b0bd in dispatch_command (command=COM_QUERY, thd=0x75c38c000d58, packet=0x75c38c00b4f9 "", packet_length=52, blocking=true) at /test/13.0_dbg/sql/sql_parse.cc:1898
      		 
      #9  0x000061bd88b2e923 in do_command (thd=0x75c38c000d58, blocking=true)at /test/13.0_dbg/sql/sql_parse.cc:1432
      		 
      #10 0x000061bd88d2c7c9 in do_handle_one_connection (connect=0x61bdb51cd178, put_in_cache=true) at /test/13.0_dbg/sql/sql_connect.cc:1503
      		 
      #11 0x000061bd88d2c56e in handle_one_connection (arg=0x61bdb51cf9e8)at /test/13.0_dbg/sql/sql_connect.cc:1415
      		 
      #12 0x00007dc48629caa4 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
      		 
      #13 0x00007dc486329c6c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

      Bug Detection Matrix

      		 
          Rel    o/d  Build   Commit                                    UniqueID observed
      		 
      CS  10.6   dbg  210526  dae315a7b2bf8bd2fd0449467e711e5a2db26669  No bug found
      		 
      CS  10.6   opt  210526  dae315a7b2bf8bd2fd0449467e711e5a2db26669  No bug found
      		 
      CS  10.11  dbg  210526  6f1204ad849b72a997fd34ce44a522d76716c24d  No bug found
      		 
      CS  10.11  opt  210526  6f1204ad849b72a997fd34ce44a522d76716c24d  No bug found
      		 
      CS  11.4   dbg  210526  19c59f2c79637cc360cc6d6b219ed9131124500d  No bug found
      		 
      CS  11.4   opt  210526  19c59f2c79637cc360cc6d6b219ed9131124500d  No bug found
      		 
      CS  11.8   dbg  210526  b494164767979072713fdeccc175ce3b3f5b1983  SIGSEGV|base_list_iterator::next|List_iterator<partition_element>::operator++|set_part_state|mysql_admin_table
      		 
      CS  11.8   opt  210526  b494164767979072713fdeccc175ce3b3f5b1983  SIGSEGV|base_list_iterator::next|List_iterator<partition_element>::operator++|set_part_state|mysql_admin_table
      		 
      CS  12.3   dbg  210526  4c33c5e48e31cdbf8c71a91e121eb65bf6ef285a  SIGSEGV|base_list_iterator::next|List_iterator<partition_element>::operator++|set_part_state|mysql_admin_table
      		 
      CS  12.3   opt  210526  4c33c5e48e31cdbf8c71a91e121eb65bf6ef285a  SIGSEGV|base_list_iterator::next|List_iterator<partition_element>::operator++|set_part_state|mysql_admin_table
      		 
      CS  13.0   dbg  210526  c8e8d33309606e682c98675d594dbd23ebc2ddf6  SIGSEGV|base_list_iterator::next|List_iterator<partition_element>::operator++|set_part_state|mysql_admin_table
      		 
      CS  13.0   opt  210526  c8e8d33309606e682c98675d594dbd23ebc2ddf6  SIGSEGV|base_list_iterator::next|List_iterator<partition_element>::operator++|set_part_state|mysql_admin_table
      		 
      ES  11.4   dbg  060526  90f707057d44f1b5c013a0c3672fd12f32ea7085  SIGSEGV|base_list_iterator::next|List_iterator<partition_element>::operator++|set_part_state|mysql_admin_table
      		 
      ES  11.4   opt  060526  90f707057d44f1b5c013a0c3672fd12f32ea7085  SIGSEGV|base_list_iterator::next|List_iterator<partition_element>::operator++|set_part_state|mysql_admin_table
      		 
      ES  11.8   dbg  060526  1499789de285a8109d68d79347de0281865b28f4  SIGSEGV|base_list_iterator::next|List_iterator<partition_element>::operator++|set_part_state|mysql_admin_table
      		 
      ES  11.8   opt  060526  1499789de285a8109d68d79347de0281865b28f4  SIGSEGV|base_list_iterator::next|List_iterator<partition_element>::operator++|set_part_state|mysql_admin_table

      Attachments

        Activity

          People

            sanja Oleksandr Byelkin
            ramesh Ramesh Sivaraman
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.