Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Major
-
Resolution: Unresolved
-
11.4, 11.8, 12.3
-
None
Description
Hi,
Running the following test case crashes the MariaDB server:
DROP DATABASE IF EXISTS test1; |
CREATE DATABASE test1; |
USE test1; |
|
|
SELECT JSON_SET('{"c":4}', '$.a', 5) AS x |
HAVING (x IN (JSON_KEY_VALUE(x, '$'), ',')); |
This is the log:
Version: '12.2.2-MariaDB-ubu2404' socket: '/run/mysqld/mysqld.sock' port: 3306 mariadb.org binary distribution
|
260516 1:21:38 [ERROR] mariadbd got signal 11 ;
|
Sorry, we probably made a mistake, and this is a bug.
|
|
|
Your assistance in bug reporting will enable us to fix this for the next release.
|
To report this bug, see https://mariadb.com/kb/en/reporting-bugs about how to report
|
a bug on https://jira.mariadb.org/.
|
|
|
Please include the information from the server start above, to the end of the
|
information below.
|
|
|
Server version: 12.2.2-MariaDB-ubu2404 source revision: d26a6f44c1f2119377e79a9540886c6d8c01472f
|
|
|
The information page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mariadbd/
|
contains instructions to obtain a better version of the backtrace below.
|
Following these instructions will help MariaDB developers provide a fix quicker.
|
|
|
Attempting backtrace. Include this in the bug report.
|
(note: Retrieving this information may fail)
|
|
|
Thread pointer: 0x702330000c68
|
stack_bottom = 0x702364593000 thread_stack 0x49000
|
Printing to addr2line failed
|
mariadbd(my_print_stacktrace+0x30)[0x59e8a15a3960]
|
mariadbd(handle_fatal_signal+0x1f3)[0x59e8a10ef843]
|
/lib/x86_64-linux-gnu/libc.so.6(+0x45330)[0x7023688ef330]
|
mariadbd(_ZN6String6appendEPKcm+0x29)[0x59e8a0e950d9]
|
mariadbd(_ZN24Item_func_json_key_value13get_key_valueEP16st_json_engine_tP6String+0x3a)[0x59e8a0fcbe2a]
|
mariadbd(_ZN24Item_func_json_key_value7val_strEP6String+0x133)[0x59e8a0fcfb23]
|
mariadbd(_ZN9in_string3setEjP4Item+0x31)[0x59e8a1140b41]
|
mariadbd(_ZN12Item_func_in13fix_in_vectorEv+0x70)[0x59e8a11564d0]
|
mariadbd(_ZNK26Type_handler_string_result44Item_func_in_fix_comparator_compatible_typesEP3THDP12Item_func_in+0x130)[0x59e8a10275e0]
|
mariadbd(_ZN12Item_func_in18fix_length_and_decEP3THD+0x7c)[0x59e8a115636c]
|
mariadbd(_ZN9Item_func10fix_fieldsEP3THDPP4Item+0x116)[0x59e8a11729f6]
|
mariadbd(+0x747e8c)[0x59e8a0c77e8c]
|
mariadbd(_ZN4JOIN7prepareEP10TABLE_LISTP4ItemjP8st_orderbS5_S3_S5_P13st_select_lexP18st_select_lex_unit+0xcdc)[0x59e8a0e1c71c]
|
mariadbd(_Z12mysql_selectP3THDP10TABLE_LISTR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex+0x8d6)[0x59e8a0e1f4c6]
|
mariadbd(_Z13handle_selectP3THDP3LEXP13select_resulty+0x17a)[0x59e8a0e1f82a]
|
mariadbd(+0x891ea1)[0x59e8a0dc1ea1]
|
mariadbd(_Z21mysql_execute_commandP3THDb+0x37ca)[0x59e8a0dcce1a]
|
mariadbd(_Z11mysql_parseP3THDPcjP12Parser_state+0x19a)[0x59e8a0dd7aea]
|
mariadbd(_Z16dispatch_command19enum_server_commandP3THDPcjb+0x1304)[0x59e8a0dc7b14]
|
mariadbd(_Z10do_commandP3THDb+0x199)[0x59e8a0dc8de9]
|
mariadbd(_Z24do_handle_one_connectionP7CONNECTb+0x6b3)[0x59e8a0f6cd83]
|
mariadbd(handle_one_connection+0x71)[0x59e8a0f55161]
|
mariadbd(+0xdfa91e)[0x59e8a132a91e]
|
/lib/x86_64-linux-gnu/libc.so.6(+0x9caa4)[0x702368946aa4]
|
/lib/x86_64-linux-gnu/libc.so.6(__clone+0x44)[0x7023689d3a64]
|
|
|
Connection ID (thread ID): 3
|
Status: NOT_KILLED
|
Query (0x702330035560): SELECT JSON_SET('{"c":4}', '$.a', 5) AS x
|
HAVING (x IN (JSON_KEY_VALUE(x, '$'), ','))
|
|
|
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,duplicateweedout=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on,cset_narrowing=on,sargable_casefold=on
|
|
|
Writing a core file...
|
Working directory at /var/lib/mysql
|
Resource Limits (excludes unlimited resources):
|
Limit Soft Limit Hard Limit Units
|
Max stack size 8388608 unlimited bytes
|
Max open files 32310 32310 files
|
Max locked memory 8388608 8388608 bytes
|
Max pending signals 804669 804669 signals
|
Max msgqueue size 819200 819200 bytes
|
Max nice priority 0 0
|
Max realtime priority 0 0
|
Core pattern: |/usr/share/apport/apport -p%p -s%s -c%c -d%d -P%P -u%u -g%g -F%F -- %E
|
|
|
Kernel version: Linux version 6.17.0-23-generic (buildd@lcy02-amd64-016) (x86_64-linux-gnu-gcc-13 (Ubuntu 13.3.0-6ubuntu2~24.04.1) 13.3.0, GNU ld (GNU Binutils for Ubuntu) 2.42) #23~24.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Apr 14 16:11:48 UTC 2
|
Attachments
Issue Links
- is caused by
-
MDEV-30145 JSON_TABLE: allow to retrieve the key when iterating on JSON objects
-
- Closed
-
- is duplicated by
-
MDEV-40140 Server crash in stored procedure using JSON_KEY_VALUE() with HAVING IN expression
-
- Closed
-
-
MDEV-40221 Crash in Item_func_json_key_value::val_str() from stored procedure using JSON_KEY_VALUE() in IN(...)
-
- Closed
-
- relates to
-
MDEV-39462 json_keys crashes in binary value with IN( ... )
-
- Open
-