Assertion `0' failed in Item_param::can_return_value from Item::val_json, UBSAN: member access within null pointer of type 'struct String' in sql/item_jsonfunc.cc

PREPARE s FROM 'SELECT JSON_SCHEMA_VALID (?,''{}'') FROM DUAL';

mariadbd: /test/11.1_dbg/sql/item.cc:4554: bool Item_param::can_return_value() const: Assertion `0' failed.

Core was generated by `/test/MD220623-mariadb-11.1.2-linux-x86_64-dbg/bin/mariadbd --no-defaults --cor'.

Program terminated with signal SIGABRT, Aborted.

#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=22369733826112)

    at ./nptl/pthread_kill.c:44

[Current thread is 1 (Thread 0x14585c09d640 (LWP 2896294))]

(gdb) bt

#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=22369733826112) at ./nptl/pthread_kill.c:44

#1  __pthread_kill_internal (signo=6, threadid=22369733826112) at ./nptl/pthread_kill.c:78

#2  __GI___pthread_kill (threadid=22369733826112, signo=signo@entry=6) at ./nptl/pthread_kill.c:89

#3  0x0000145879642476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26

#4  0x00001458796287f3 in __GI_abort () at ./stdlib/abort.c:79

#5  0x000014587962871b in __assert_fail_base (fmt=0x1458797dd150 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x5576162e7e66 "0", file=0x5576162cfd72 "/test/11.1_dbg/sql/item.cc", line=4554, function=<optimized out>) at ./assert/assert.c:92

#6  0x0000145879639e96 in __GI___assert_fail (assertion=0x5576162e7e66 "0", file=0x5576162cfd72 "/test/11.1_dbg/sql/item.cc", line=4554, function=0x5576162cf338 "bool Item_param::can_return_value() const") at ./assert/assert.c:101

#7  0x000055761590db0a in Item_param::can_return_value (this=this@entry=0x1457dc01d930) at /test/11.1_dbg/sql/item.cc:4554

#8  0x0000557615920b36 in Item_param::val_str (this=0x1457dc01d930, str=0x1457dc01dc68) at /test/11.1_dbg/sql/item.h:4234

#9  0x00005576154e8709 in Item::val_json (this=<optimized out>, str=<optimized out>) at /test/11.1_dbg/sql/item.h:1672

#10 0x00005576157cd775 in Item_func_json_schema_valid::fix_length_and_dec (this=0x1457dc01dbb0, thd=0x1457dc000d58) at /test/11.1_dbg/sql/item_jsonfunc.cc:4803

#11 0x00005576159695af in Item_func::fix_fields (this=0x1457dc01dbb0, thd=0x1457dc000d58, ref=<optimized out>) at /test/11.1_dbg/sql/item_func.cc:361

#12 0x000055761558a9a8 in Item::fix_fields_if_needed (ref=0x1457dc01dcf0, thd=0x1457dc000d58, this=0x1457dc01dbb0) at /test/11.1_dbg/sql/item.h:1147

#13 Item::fix_fields_if_needed_for_scalar (ref=0x1457dc01dcf0, thd=0x1457dc000d58, this=0x1457dc01dbb0) at /test/11.1_dbg/sql/item.h:1156

#14 setup_fields (thd=0x1457dc000d58, ref_pointer_array=<optimized out>, fields=<optimized out>, column_usage=<optimized out>, sum_func_list=sum_func_list@entry=0x1457dc0138e0, pre_fix=0x1457dc01d730, allow_sum_func=true) at /test/11.1_dbg/sql/sql_base.cc:8056

#15 0x0000557615679bc3 in JOIN::prepare (this=this@entry=0x1457dc013530, tables_init=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>, order_init=<optimized out>, skip_order_by=<optimized out>, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x1457dc01d460, unit_arg=0x1457dc01b808) at /test/11.1_dbg/sql/sql_select.cc:1525

#16 0x00005576156f7d96 in st_select_lex_unit::prepare_join (this=this@entry=0x1457dc01b808, thd_arg=0x1457dc000d58, sl=sl@entry=0x1457dc01d460, tmp_result=tmp_result@entry=0x0, additional_options=additional_options@entry=0, is_union_select=is_union_select@entry=false) at /test/11.1_dbg/sql/sql_union.cc:1103

#17 0x00005576156fb8e5 in st_select_lex_unit::prepare (this=this@entry=0x1457dc01b808, derived_arg=0x0, sel_result=sel_result@entry=0x0, additional_options=additional_options@entry=0) at /test/11.1_dbg/sql/sql_union.cc:1583

#18 0x000055761562b57b in mysql_test_select (tables=0x0, stmt=0x1457dc019268) at /test/11.1_dbg/sql/sql_prepare.cc:1456

#19 check_prepared_statement (stmt=0x1457dc019268) at /test/11.1_dbg/sql/sql_prepare.cc:2289

#20 Prepared_statement::prepare (this=this@entry=0x1457dc019268, packet=<optimized out>, packet_len=<optimized out>) at /test/11.1_dbg/sql/sql_prepare.cc:4199

#21 0x000055761562ff1e in mysql_sql_stmt_prepare (thd=thd@entry=0x1457dc000d58) at /test/11.1_dbg/sql/sql_prepare.cc:2793

#22 0x00005576156012d6 in mysql_execute_command (thd=thd@entry=0x1457dc000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/11.1_dbg/sql/sql_parse.cc:3955

#23 0x0000557615607849 in mysql_parse (thd=thd@entry=0x1457dc000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14585c09c240) at /test/11.1_dbg/sql/sql_parse.cc:7769

#24 0x00005576156099dd in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1457dc000d58, packet=packet@entry=0x1457dc00ae69 "PREPARE s FROM 'SELECT JSON_SCHEMA_VALID (?,''{}'') FROM DUAL'", packet_length=packet_length@entry=62, blocking=blocking@entry=true) at /test/11.1_dbg/sql/sql_class.h:242

#25 0x000055761560b8bc in do_command (thd=0x1457dc000d58, blocking=blocking@entry=true) at /test/11.1_dbg/sql/sql_parse.cc:1405

#26 0x0000557615761010 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x557618faba18, put_in_cache=put_in_cache@entry=true) at /test/11.1_dbg/sql/sql_connect.cc:1416

#27 0x000055761576126f in handle_one_connection (arg=0x557618faba18) at /test/11.1_dbg/sql/sql_connect.cc:1318

#28 0x0000145879694b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442

#29 0x0000145879726a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

/test/11.1_opt_san/sql/item_jsonfunc.cc:4811:42: runtime error: member access within null pointer of type 'struct String'

    #0 0x5600a26c62c5 in Item_func_json_schema_valid::fix_length_and_dec(THD*) /test/11.1_opt_san/sql/item_jsonfunc.cc:4811

    #1 0x5600a34cb542 in Item_func::fix_fields(THD*, Item**) /test/11.1_opt_san/sql/item_func.cc:361

    #2 0x5600a16bf668 in Item::fix_fields_if_needed(THD*, Item**) /test/11.1_opt_san/sql/item.h:1147

    #3 0x5600a16bf668 in Item::fix_fields_if_needed_for_scalar(THD*, Item**) /test/11.1_opt_san/sql/item.h:1156

    #4 0x5600a16bf668 in setup_fields(THD*, Bounds_checked_array<Item*>, List<Item>&, enum_column_usage, List<Item>*, List<Item>*, bool) /test/11.1_opt_san/sql/sql_base.cc:8034

    #5 0x5600a1de7756 in JOIN::prepare(TABLE_LIST*, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /test/11.1_opt_san/sql/sql_select.cc:1489

    #6 0x5600a2166e1c in st_select_lex_unit::prepare_join(THD*, st_select_lex*, select_result*, unsigned long long, bool) /test/11.1_opt_san/sql/sql_union.cc:1100

    #7 0x5600a217fc36 in st_select_lex_unit::prepare(TABLE_LIST*, select_result*, unsigned long long) /test/11.1_opt_san/sql/sql_union.cc:1496

    #8 0x5600a1babb9a in mysql_test_select /test/11.1_opt_san/sql/sql_prepare.cc:1456

    #9 0x5600a1babb9a in check_prepared_statement /test/11.1_opt_san/sql/sql_prepare.cc:2289

    #10 0x5600a1babb9a in Prepared_statement::prepare(char const*, unsigned int) /test/11.1_opt_san/sql/sql_prepare.cc:4199

    #11 0x5600a1bd87cd in mysql_sql_stmt_prepare(THD*) /test/11.1_opt_san/sql/sql_prepare.cc:2793

    #12 0x5600a1abe71f in mysql_execute_command(THD*, bool) /test/11.1_opt_san/sql/sql_parse.cc:3955

    #13 0x5600a1ad0de2 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.1_opt_san/sql/sql_parse.cc:7760

    #14 0x5600a1adf715 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.1_opt_san/sql/sql_parse.cc:1892

    #15 0x5600a1ae8028 in do_command(THD*, bool) /test/11.1_opt_san/sql/sql_parse.cc:1405

    #16 0x5600a23f4a5c in do_handle_one_connection(CONNECT*, bool) /test/11.1_opt_san/sql/sql_connect.cc:1416

    #17 0x5600a23f705c in handle_one_connection /test/11.1_opt_san/sql/sql_connect.cc:1318

    #18 0x14d199294b42 in start_thread nptl/pthread_create.c:442

    #19 0x14d1993269ff  (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)

230701 15:27:30 [ERROR] mysqld got signal 11 ;