Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Major
-
Resolution: Unresolved
-
11.3.2, 11.4.1, 10.5, 10.6, 10.7(EOL), 10.8(EOL), 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL), 11.1(EOL), 11.2(EOL), 11.3(EOL)
-
None
-
None
-
Ubuntu 22.04 docker image: mariadb:11.4-rc
Description
Server crashes with JSON function when using mysqlclient to connect the database 'mysql' of MariaDB.
Maybe this bug is related to MDEV-33640.
PoC:
SELECT JSON_REMOVE('[ { "a": true }, { b": false }, { "c": null }, { "a": null } ]', '$[0].a', '$[2].c'); |
Steps to reproduce:
docker run -p 3306:3306 --name some-mariadb -e MYSQL_ALLOW_EMPTY_PASSWORD=yes -d mariadb:11.4-rc |
# install mysql client
|
apt install mysql-client-core-8.0 |
# connect the database 'mysql' of MariaDB
|
mysql --protocol=tcp mysql
|
# input the poc in the client |
Output:
Reading table information for completion of table and column names
|
You can turn off this feature to get a quicker startup with -A
|
|
|
Welcome to the MySQL monitor. Commands end with ; or \g.
|
Your MySQL connection id is 3
|
Server version: 11.4.1-MariaDB-1:11.4.1+maria~ubu2204 mariadb.org binary distribution
|
|
|
Copyright (c) 2000, 2024, Oracle and/or its affiliates.
|
|
|
Oracle is a registered trademark of Oracle Corporation and/or its
|
affiliates. Other names may be trademarks of their respective
|
owners.
|
|
|
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
|
|
|
mysql> SELECT JSON_REMOVE('[ { "a": true }, { b": false }, { "c": null }, { "a": null } ]', '$[0].a', '$[2].c');
|
ERROR 2013 (HY000): Lost connection to MySQL server during query
|
No connection. Trying to reconnect...
|
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 2
|
ERROR:
|
Can't connect to the server
|
Docker log:
Thread pointer: 0x7f2294000c68
|
Attempting backtrace. You can use the following information to find out
|
where mysqld died. If you see no messages after this, something went
|
terribly wrong...
|
stack_bottom = 0x7f22d4073c38 thread_stack 0x49000
|
Printing to addr2line failed
|
mariadbd(my_print_stacktrace+0x32)[0x5631660444f2]
|
mariadbd(handle_fatal_signal+0x478)[0x563165b141e8]
|
/lib/x86_64-linux-gnu/libc.so.6(+0x42520)[0x7f22d65cd520]
|
mariadbd(+0x1059e10)[0x56316608fe10]
|
mariadbd(json_read_string_const_chr+0x26)[0x5631660aa3d6]
|
mariadbd(json_key_matches+0x1d)[0x5631660ab9cd]
|
mariadbd(json_find_path+0x1b1)[0x5631660abbb1]
|
mariadbd(_ZN21Item_func_json_remove7val_strEP6String+0x1cf)[0x563165a1c2df]
|
mariadbd(_ZNK12Type_handler13Item_send_strEP4ItemP8ProtocolP8st_value+0x28)[0x563165a6b878]
|
mariadbd(_ZN8Protocol19send_result_set_rowEP4ListI4ItemE+0xea)[0x5631657b72ba]
|
mariadbd(_ZN11select_send9send_dataER4ListI4ItemE+0x37)[0x563165829de7]
|
mariadbd(_ZN4JOIN10exec_innerEv+0xc78)[0x563165910ca8]
|
mariadbd(_ZN4JOIN4execEv+0x3f)[0x56316591143f]
|
mariadbd(_Z12mysql_selectP3THDP10TABLE_LISTR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex+0x12c)[0x56316590f3cc]
|
mariadbd(_Z13handle_selectP3THDP3LEXP13select_resulty+0x154)[0x56316590fbc4]
|
mariadbd(+0x84c285)[0x563165882285]
|
mariadbd(_Z21mysql_execute_commandP3THDb+0x440f)[0x5631658914af]
|
mariadbd(_Z11mysql_parseP3THDPcjP12Parser_state+0x1e7)[0x563165892a17]
|
mariadbd(_Z16dispatch_command19enum_server_commandP3THDPcjb+0x14cd)[0x56316589520d]
|
mariadbd(_Z10do_commandP3THDb+0x138)[0x563165897118]
|
mariadbd(_Z24do_handle_one_connectionP7CONNECTb+0x3bf)[0x5631659c3f6f]
|
mariadbd(handle_one_connection+0x5d)[0x5631659c42bd]
|
mariadbd(+0xd10af6)[0x563165d46af6]
|
/lib/x86_64-linux-gnu/libc.so.6(+0x94ac3)[0x7f22d661fac3]
|
/lib/x86_64-linux-gnu/libc.so.6(clone+0x44)[0x7f22d66b0a04]
|
|
|
Trying to get some variables.
|
Some pointers may be invalid and cause the dump to abort.
|
Query (0x7f2294012fd0): SELECT JSON_REMOVE('[ { "a": true }, { b": false }, { "c": null }, { "a": null } ]', '$[0].a', '$[2].c')
|
|
|
Connection ID (thread ID): 3
|
Status: NOT_KILLED
|
|
|
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on,cset_narrowing=off,sargable_casefold=on
|
|
|
The manual page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mariadbd/ contains
|
information that should help you find out what is causing the crash.
|
Writing a core file...
|
Working directory at /var/lib/mysql
|
Resource Limits:
|
Limit Soft Limit Hard Limit Units
|
Max cpu time unlimited unlimited seconds
|
Max file size unlimited unlimited bytes
|
Max data size unlimited unlimited bytes
|
Max stack size 8388608 unlimited bytes
|
Max core file size unlimited unlimited bytes
|
Max resident set unlimited unlimited bytes
|
Max processes 4127168 4127168 processes
|
Max open files 524288 524288 files
|
Max locked memory 8388608 8388608 bytes
|
Max address space unlimited unlimited bytes
|
Max file locks unlimited unlimited locks
|
Max pending signals 4127168 4127168 signals
|
Max msgqueue size 819200 819200 bytes
|
Max nice priority 0 0
|
Max realtime priority 0 0
|
Max realtime timeout unlimited unlimited us
|
Core pattern: /var/lib/coredumps/core-%e-sig%s-user%u-group%g-pid%p-time%t
|
|
|
Kernel version: Linux version 6.5.11-8-pve (build@proxmox) (gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP PREEMPT_DYNAMIC PMX 6.5.11-8 (2024-01-30T12:27Z)
|
Attachments
Issue Links
- relates to
-
-
- Confirmed
-