Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
N/A
Description
SELECT * FROM JSON_TABLE(CONVERT('{"x":1}' USING utf8mb4), '$' COLUMNS(a INT PATH '$', b CHAR(64) PATH '$.*', c INT EXISTS PATH '$**.*')) AS jt; |
|
bb-10.6-mdev17399-hf 3530463bc2 |
==3804278==ERROR: AddressSanitizer: use-after-poison on address 0x61900008abdf at pc 0x55996dcdba92 bp 0x7f6cfeb33e50 sp 0x7f6cfeb33e40
|
WRITE of size 1 at 0x61900008abdf thread T5
|
#0 0x55996dcdba91 in Field_long::reset() /data/src/bb-10.6-mdev17399-hf/sql/field.h:2696
|
#1 0x55996db6977b in Table_function_json_table::setup(THD*, TABLE_LIST*, st_select_lex*) /data/src/bb-10.6-mdev17399-hf/sql/json_table.cc:1157
|
#2 0x55996d5b65b9 in JOIN::prepare(TABLE_LIST*, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /data/src/bb-10.6-mdev17399-hf/sql/sql_select.cc:1249
|
#3 0x55996d5dc222 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/bb-10.6-mdev17399-hf/sql/sql_select.cc:4723
|
#4 0x55996d5ad821 in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/bb-10.6-mdev17399-hf/sql/sql_select.cc:417
|
#5 0x55996d5179c1 in execute_sqlcom_select /data/src/bb-10.6-mdev17399-hf/sql/sql_parse.cc:6230
|
#6 0x55996d506ca3 in mysql_execute_command(THD*) /data/src/bb-10.6-mdev17399-hf/sql/sql_parse.cc:3926
|
#7 0x55996d522c6c in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/src/bb-10.6-mdev17399-hf/sql/sql_parse.cc:8000
|
#8 0x55996d4f96a7 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/src/bb-10.6-mdev17399-hf/sql/sql_parse.cc:1886
|
#9 0x55996d4f63e2 in do_command(THD*, bool) /data/src/bb-10.6-mdev17399-hf/sql/sql_parse.cc:1397
|
#10 0x55996d937e84 in do_handle_one_connection(CONNECT*, bool) /data/src/bb-10.6-mdev17399-hf/sql/sql_connect.cc:1410
|
#11 0x55996d9377e1 in handle_one_connection /data/src/bb-10.6-mdev17399-hf/sql/sql_connect.cc:1312
|
#12 0x55996e64208a in pfs_spawn_thread /data/src/bb-10.6-mdev17399-hf/storage/perfschema/pfs.cc:2201
|
#13 0x7f6d0820b608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
|
#14 0x7f6d07ddf292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
|
|
|
0x61900008abdf is located 1119 bytes inside of 1124-byte region [0x61900008a780,0x61900008abe4)
|
allocated by thread T5 here:
|
#0 0x7f6d0875bbc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
|
#1 0x55996f2797e3 in sf_malloc /data/src/bb-10.6-mdev17399-hf/mysys/safemalloc.c:121
|
#2 0x55996f24632b in my_malloc /data/src/bb-10.6-mdev17399-hf/mysys/my_malloc.c:90
|
#3 0x55996f22232b in alloc_root /data/src/bb-10.6-mdev17399-hf/mysys/my_alloc.c:244
|
#4 0x55996d696e00 in Field::operator new(unsigned long, st_mem_root*) /data/src/bb-10.6-mdev17399-hf/sql/field.h:761
|
#5 0x55996daca73d in Type_handler_long::make_table_field_from_def(TABLE_SHARE*, st_mem_root*, st_mysql_const_lex_string const*, Record_addr const&, Bit_addr const&, Column_definition_attributes const*, unsigned int) const /data/src/bb-10.6-mdev17399-hf/sql/sql_type.cc:8054
|
#6 0x55996db6728a in Create_json_table::add_json_table_fields(THD*, TABLE*, Table_function_json_table*) /data/src/bb-10.6-mdev17399-hf/sql/json_table.cc:845
|
#7 0x55996db67b23 in create_table_for_function(THD*, TABLE_LIST*) /data/src/bb-10.6-mdev17399-hf/sql/json_table.cc:900
|
#8 0x55996d36d4b0 in open_and_process_table /data/src/bb-10.6-mdev17399-hf/sql/sql_base.cc:3690
|
#9 0x55996d370c8b in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /data/src/bb-10.6-mdev17399-hf/sql/sql_base.cc:4283
|
#10 0x55996d375b5f in open_and_lock_tables(THD*, DDL_options_st const&, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) /data/src/bb-10.6-mdev17399-hf/sql/sql_base.cc:5241
|
#11 0x55996d2cdb9b in open_and_lock_tables(THD*, TABLE_LIST*, bool, unsigned int) /data/src/bb-10.6-mdev17399-hf/sql/sql_base.h:507
|
#12 0x55996d516f40 in execute_sqlcom_select /data/src/bb-10.6-mdev17399-hf/sql/sql_parse.cc:6151
|
#13 0x55996d506ca3 in mysql_execute_command(THD*) /data/src/bb-10.6-mdev17399-hf/sql/sql_parse.cc:3926
|
#14 0x55996d522c6c in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/src/bb-10.6-mdev17399-hf/sql/sql_parse.cc:8000
|
#15 0x55996d4f96a7 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/src/bb-10.6-mdev17399-hf/sql/sql_parse.cc:1886
|
#16 0x55996d4f63e2 in do_command(THD*, bool) /data/src/bb-10.6-mdev17399-hf/sql/sql_parse.cc:1397
|
#17 0x55996d937e84 in do_handle_one_connection(CONNECT*, bool) /data/src/bb-10.6-mdev17399-hf/sql/sql_connect.cc:1410
|
#18 0x55996d9377e1 in handle_one_connection /data/src/bb-10.6-mdev17399-hf/sql/sql_connect.cc:1312
|
#19 0x55996e64208a in pfs_spawn_thread /data/src/bb-10.6-mdev17399-hf/storage/perfschema/pfs.cc:2201
|
#20 0x7f6d0820b608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
|
|
|
Thread T5 created by T0 here:
|
#0 0x7f6d08688805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
|
#1 0x55996e63d02e in my_thread_create /data/src/bb-10.6-mdev17399-hf/storage/perfschema/my_thread.h:38
|
#2 0x55996e64247d in pfs_spawn_thread_v1 /data/src/bb-10.6-mdev17399-hf/storage/perfschema/pfs.cc:2252
|
#3 0x55996d1e7bd8 in inline_mysql_thread_create /data/src/bb-10.6-mdev17399-hf/include/mysql/psi/mysql_thread.h:1139
|
#4 0x55996d1fdb73 in create_thread_to_handle_connection(CONNECT*) /data/src/bb-10.6-mdev17399-hf/sql/mysqld.cc:5780
|
#5 0x55996d1fe1f2 in create_new_thread(CONNECT*) /data/src/bb-10.6-mdev17399-hf/sql/mysqld.cc:5839
|
#6 0x55996d1fe55f in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/bb-10.6-mdev17399-hf/sql/mysqld.cc:5901
|
#7 0x55996d1fef0c in handle_connections_sockets() /data/src/bb-10.6-mdev17399-hf/sql/mysqld.cc:6023
|
#8 0x55996d1fd380 in mysqld_main(int, char**) /data/src/bb-10.6-mdev17399-hf/sql/mysqld.cc:5675
|
#9 0x55996d1e6efc in main /data/src/bb-10.6-mdev17399-hf/sql/main.cc:25
|
#10 0x7f6d07ce40b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
|
|
|
SUMMARY: AddressSanitizer: use-after-poison /data/src/bb-10.6-mdev17399-hf/sql/field.h:2696 in Field_long::reset()
|
Shadow bytes around the buggy address:
|
0x0c3280009520: f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c3280009530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f7 00
|
0x0c3280009540: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c3280009550: 00 00 00 00 00 00 00 00 00 00 f7 00 00 00 00 00
|
0x0c3280009560: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
=>0x0c3280009570: 00 00 00 00 00 00 00 00 00 f7 f7[f7]04 fa fa fa
|
0x0c3280009580: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c3280009590: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c32800095a0: 00 00 00 00 f7 00 00 00 00 f7 f7 f7 f7 f7 f7 f7
|
0x0c32800095b0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c32800095c0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
Shadow gap: cc
|
==3804278==ABORTING
|
210318 17:10:18 [ERROR] mysqld got signal 6 ;
|
This could be because you hit a bug. It is also possible that this binary
|
or one of the libraries it was linked against is corrupt, improperly built,
|
or misconfigured. This error can also be caused by malfunctioning hardware.
|
|
|
To report this bug, see https://mariadb.com/kb/en/reporting-bugs
|
|
|
We will try our best to scrape up some info that will hopefully help
|
diagnose the problem, but since we have already crashed,
|
something is definitely wrong and this may fail.
|
|
|
Server version: 10.6.0-MariaDB-debug-log
|
key_buffer_size=1048576
|
read_buffer_size=131072
|
max_used_connections=1
|
max_threads=153
|
thread_count=1
|
It is possible that mysqld could use up to
|
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 63804 K bytes of memory
|
Hope that's ok; if not, decrease some variables in the equation.
|
|
|
Thread pointer: 0x62b000069288
|
Attempting backtrace. You can use the following information to find out
|
where mysqld died. If you see no messages after this, something went
|
terribly wrong...
|
stack_bottom = 0x7f6cfeb36950 thread_stack 0x5fc00
|
??:0(__interceptor_tcgetattr)[0x7f6d086bad30]
|
mysys/stacktrace.c:212(my_print_stacktrace)[0x55996f257dd7]
|
sql/signal_handler.cc:212(handle_fatal_signal)[0x55996dd0b7c1]
|
sigaction.c:0(__restore_rt)[0x7f6d082173c0]
|
??:0(gsignal)[0x7f6d07d0318b]
|
??:0(abort)[0x7f6d07ce2859]
|
??:0(__sanitizer_set_report_fd)[0x7f6d087796a2]
|
??:0(__sanitizer_get_module_and_offset_for_pc)[0x7f6d0878424c]
|
??:0(__sanitizer_ptr_cmp)[0x7f6d087658ec]
|
??:0(__asan_on_error)[0x7f6d08765363]
|
??:0(__asan_report_store1)[0x7f6d087663ee]
|
sql/field.h:2696(Field_long::reset())[0x55996dcdba92]
|
sql/json_table.cc:1160(Table_function_json_table::setup(THD*, TABLE_LIST*, st_select_lex*))[0x55996db6977c]
|
sql/sql_select.cc:1248(JOIN::prepare(TABLE_LIST*, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*))[0x55996d5b65ba]
|
sql/sql_select.cc:4723(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x55996d5dc223]
|
sql/sql_select.cc:417(handle_select(THD*, LEX*, select_result*, unsigned long))[0x55996d5ad822]
|
sql/sql_parse.cc:6230(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55996d5179c2]
|
sql/sql_parse.cc:3926(mysql_execute_command(THD*))[0x55996d506ca4]
|
sql/sql_parse.cc:8000(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x55996d522c6d]
|
sql/sql_parse.cc:1888(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x55996d4f96a8]
|
sql/sql_parse.cc:1397(do_command(THD*, bool))[0x55996d4f63e3]
|
sql/sql_connect.cc:1410(do_handle_one_connection(CONNECT*, bool))[0x55996d937e85]
|
sql/sql_connect.cc:1314(handle_one_connection)[0x55996d9377e2]
|
perfschema/pfs.cc:2203(pfs_spawn_thread)[0x55996e64208b]
|
nptl/pthread_create.c:478(start_thread)[0x7f6d0820b609]
|
??:0(clone)[0x7f6d07ddf293]
|
|
|
Trying to get some variables.
|
Some pointers may be invalid and cause the dump to abort.
|
Query (0x62b000038440): SELECT * FROM JSON_TABLE(CONVERT('{"x":1}' USING utf8mb4), '$' COLUMNS(a INT PATH '$', b CHAR(64) PATH '$.*', c INT EXISTS PATH '$**.*')) AS jt
|
|
|
Connection ID (thread ID): 4
|
Status: NOT_KILLED
|
|
|
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off
|
|
|
The manual page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mysqld/ contains
|
information that should help you find out what is causing the crash.
|
Writing a core file...
|
Working directory at /dev/shm/var_auto_Mb41/mysqld.1/data
|
Resource Limits:
|
Limit Soft Limit Hard Limit Units
|
Max cpu time unlimited unlimited seconds
|
Max file size unlimited unlimited bytes
|
Max data size unlimited unlimited bytes
|
Max stack size 8388608 unlimited bytes
|
Max core file size unlimited unlimited bytes
|
Max resident set unlimited unlimited bytes
|
Max processes 385874 385874 processes
|
Max open files 1024 1024 files
|
Max locked memory 67108864 67108864 bytes
|
Max address space unlimited unlimited bytes
|
Max file locks unlimited unlimited locks
|
Max pending signals 385874 385874 signals
|
Max msgqueue size 819200 819200 bytes
|
Max nice priority 0 0
|
Max realtime priority 0 0
|
Max realtime timeout unlimited unlimited us
|
Core pattern: |/usr/share/apport/apport %p %s %c %d %P %E
|
Attachments
Issue Links
- relates to
-
MDEV-17399 Add support for JSON_TABLE
-
- Closed
-