Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Major
-
Resolution: Unresolved
-
11.4, 11.8, 12.3
-
None
Description
Hi,
Running the following test case crashes the MariaDB server:
DROP DATABASE IF EXISTS test1; |
CREATE DATABASE test1; |
USE test1; |
|
|
SELECT JSON_SET('{"c":4}', '$.a', 5) AS x |
HAVING (x IN (JSON_KEY_VALUE(x, '$'), ',')); |
This is the log:
Version: '12.2.2-MariaDB-ubu2404' socket: '/run/mysqld/mysqld.sock' port: 3306 mariadb.org binary distribution
260516 1:21:38 [ERROR] mariadbd got signal 11 ;
Sorry, we probably made a mistake, and this is a bug.
Your assistance in bug reporting will enable us to fix this for the next release.
To report this bug, see https://mariadb.com/kb/en/reporting-bugs about how to report
a bug on https://jira.mariadb.org/.
Please include the information from the server start above, to the end of the
information below.
Server version: 12.2.2-MariaDB-ubu2404 source revision: d26a6f44c1f2119377e79a9540886c6d8c01472f
The information page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mariadbd/
contains instructions to obtain a better version of the backtrace below.
Following these instructions will help MariaDB developers provide a fix quicker.
Attempting backtrace. Include this in the bug report.
(note: Retrieving this information may fail)
Thread pointer: 0x702330000c68
stack_bottom = 0x702364593000 thread_stack 0x49000
Printing to addr2line failed
mariadbd(my_print_stacktrace+0x30)[0x59e8a15a3960]
mariadbd(handle_fatal_signal+0x1f3)[0x59e8a10ef843]
/lib/x86_64-linux-gnu/libc.so.6(+0x45330)[0x7023688ef330]
mariadbd(_ZN6String6appendEPKcm+0x29)[0x59e8a0e950d9]
mariadbd(_ZN24Item_func_json_key_value13get_key_valueEP16st_json_engine_tP6String+0x3a)[0x59e8a0fcbe2a]
mariadbd(_ZN24Item_func_json_key_value7val_strEP6String+0x133)[0x59e8a0fcfb23]
mariadbd(_ZN9in_string3setEjP4Item+0x31)[0x59e8a1140b41]
mariadbd(_ZN12Item_func_in13fix_in_vectorEv+0x70)[0x59e8a11564d0]
mariadbd(_ZNK26Type_handler_string_result44Item_func_in_fix_comparator_compatible_typesEP3THDP12Item_func_in+0x130)[0x59e8a10275e0]
mariadbd(_ZN12Item_func_in18fix_length_and_decEP3THD+0x7c)[0x59e8a115636c]
mariadbd(_ZN9Item_func10fix_fieldsEP3THDPP4Item+0x116)[0x59e8a11729f6]
mariadbd(+0x747e8c)[0x59e8a0c77e8c]
mariadbd(_ZN4JOIN7prepareEP10TABLE_LISTP4ItemjP8st_orderbS5_S3_S5_P13st_select_lexP18st_select_lex_unit+0xcdc)[0x59e8a0e1c71c]
mariadbd(_Z12mysql_selectP3THDP10TABLE_LISTR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex+0x8d6)[0x59e8a0e1f4c6]
mariadbd(_Z13handle_selectP3THDP3LEXP13select_resulty+0x17a)[0x59e8a0e1f82a]
mariadbd(+0x891ea1)[0x59e8a0dc1ea1]
mariadbd(_Z21mysql_execute_commandP3THDb+0x37ca)[0x59e8a0dcce1a]
mariadbd(_Z11mysql_parseP3THDPcjP12Parser_state+0x19a)[0x59e8a0dd7aea]
mariadbd(_Z16dispatch_command19enum_server_commandP3THDPcjb+0x1304)[0x59e8a0dc7b14]
mariadbd(_Z10do_commandP3THDb+0x199)[0x59e8a0dc8de9]
mariadbd(_Z24do_handle_one_connectionP7CONNECTb+0x6b3)[0x59e8a0f6cd83]
mariadbd(handle_one_connection+0x71)[0x59e8a0f55161]
mariadbd(+0xdfa91e)[0x59e8a132a91e]
/lib/x86_64-linux-gnu/libc.so.6(+0x9caa4)[0x702368946aa4]
/lib/x86_64-linux-gnu/libc.so.6(__clone+0x44)[0x7023689d3a64]
Connection ID (thread ID): 3
Status: NOT_KILLED
Query (0x702330035560): SELECT JSON_SET('
', '$.a', 5) AS x
HAVING (x IN (JSON_KEY_VALUE(x, '$'), ','))
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,duplicateweedout=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on,cset_narrowing=on,sargable_casefold=on
Writing a core file...
Working directory at /var/lib/mysql
Resource Limits (excludes unlimited resources):
Limit Soft Limit Hard Limit Units
Max stack size 8388608 unlimited bytes
Max open files 32310 32310 files
Max locked memory 8388608 8388608 bytes
Max pending signals 804669 804669 signals
Max msgqueue size 819200 819200 bytes
Max nice priority 0 0
Max realtime priority 0 0
Core pattern: |/usr/share/apport/apport -p%p -s%s -c%c -d%d -P%P -u%u -g%g -F%F – %E
Kernel version: Linux version 6.17.0-23-generic (buildd@lcy02-amd64-016) (x86_64-linux-gnu-gcc-13 (Ubuntu 13.3.0-6ubuntu2~24.04.1) 13.3.0, GNU ld (GNU Binutils for Ubuntu) 2.42) #23~24.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Apr 14 16:11:48 UTC 2
Attachments
Issue Links
- is caused by
-
MDEV-30145 JSON_TABLE: allow to retrieve the key when iterating on JSON objects
-
- Closed
-
- relates to
-
-
- Open
-