Fix nil pointer dereference in backend state migration #38028
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixes a nil pointer dereference panic that occurs during backend migration when StateMgr returns an error other than ErrDefaultWorkspaceNotSupported. The bug occurred because the code only checked for the specific ErrDefaultWorkspaceNotSupported error. When any other error occurred (such as permission errors like storage.objects.get access denied), destinationState remained nil, but the code continued and attempted to call destinationState.RefreshState(), causing a panic. This fix adds an else clause to catch and return all other errors from StateMgr, preventing the nil pointer dereference and providing users with a clear error message instead of a crash. Fixes hashicorp#24100
|
|
|
Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement Learn more about why HashiCorp requires a CLA and what the CLA includes Have you signed the CLA already but the status is still pending? Recheck it. |
🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Contributor
|
Thanks for this submission! I will raise it in triage if it is not handled before then. |
radeksimko
reviewed
Dec 30, 2025
Member
radeksimko
left a comment
radeksimko
left a comment
There was a problem hiding this comment.
The implementation looks good to me, as I mentioned in the linked issue. I have raised some further changes (#38033) that should enable us to test this scenario more thoroughly and prevent similar issues in the future. I will let that PR be reviewed first by other maintainers and come back to this.
Thank you for the fix and for the patience.
| @@ -0,0 +1,5 @@ | |||
| kind: BUG FIXES | |||
| body: 'backend: Fix nil pointer dereference crash during `terraform init -migrate-state` when the destination backend returns a permission error' | |||
Member
There was a problem hiding this comment.
Suggested change
| body: 'backend: Fix nil pointer dereference crash during `terraform init -migrate-state` when the destination backend returns a permission error' | |
| body: 'backend: Fix nil pointer dereference crash during `terraform init` when the destination backend returns an error' |
As far as I can tell this is reproducible without the flag and applies to any kind of error.
radeksimko
approved these changes
Jan 14, 2026
radeksimko
added
the
1.14-backport
Contributor
Changelog WarningCurrently this PR would target a v1.14 release. Please add a changelog entry for in the .changes/v1.14 folder, or discuss which release you'd like to target with your reviewer. If you believe this change does not need a changelog entry, please add the 'no-changelog-needed' label. |
radeksimko
pushed a commit
that referenced
this pull request
Jan 14, 2026
#38028) * fix: handle all StateMgr errors during backend migration Fixes a nil pointer dereference panic that occurs during backend migration when StateMgr returns an error other than ErrDefaultWorkspaceNotSupported. The bug occurred because the code only checked for the specific ErrDefaultWorkspaceNotSupported error. When any other error occurred (such as permission errors like storage.objects.get access denied), destinationState remained nil, but the code continued and attempted to call destinationState.RefreshState(), causing a panic. This fix adds an else clause to catch and return all other errors from StateMgr, preventing the nil pointer dereference and providing users with a clear error message instead of a crash. Fixes #24100 * Add changelog entry for backend migration nil pointer fix 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]> --------- Co-authored-by: Claude <[email protected]>
radeksimko
added a commit
that referenced
this pull request
Jan 14, 2026
#38028) (#38058) * fix: handle all StateMgr errors during backend migration Fixes a nil pointer dereference panic that occurs during backend migration when StateMgr returns an error other than ErrDefaultWorkspaceNotSupported. The bug occurred because the code only checked for the specific ErrDefaultWorkspaceNotSupported error. When any other error occurred (such as permission errors like storage.objects.get access denied), destinationState remained nil, but the code continued and attempted to call destinationState.RefreshState(), causing a panic. This fix adds an else clause to catch and return all other errors from StateMgr, preventing the nil pointer dereference and providing users with a clear error message instead of a crash. Fixes #24100 * Add changelog entry for backend migration nil pointer fix 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Mark Hall <[email protected]> Co-authored-by: Claude <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Fixes a nil pointer dereference crash that occurs during
terraform init -migrate-statewhen the destination backend returns an error other thanErrDefaultWorkspaceNotSupported.Root Cause: In
meta_backend_migrate.go, whenStateMgr()returns an error, the code only handlesErrDefaultWorkspaceNotSupportedin the if-branch. For any other error (e.g., 403 permission denied),destinationStateremains nil, and the subsequent call todestinationState.RefreshState()causes a panic.Fix: Added an else clause to return the error immediately for any non-workspace-related errors, preventing the nil pointer dereference.
Fixes #38027
Test Plan
terraform initto create local stateterraform init -migrate-statepanic: runtime error: invalid memory address or nil pointer dereferenceError loading state: googleapi: Error 403: ... does not have storage.objects.list accessRelated Issues
🤖 Generated with Claude Code