Server crashes in my_strtod / Value_source::Converter_strntod::Converter_strntod with DEFAULT(blob)

CREATE TABLE t1 (b BLOB NOT NULL DEFAULT '');

SELECT DEFAULT(b) AS f FROM t1 HAVING f > 5;

# Cleanup

DROP TABLE t1;

#3  <signal handler called>

#4  0x0000555bc3ba5d2a in my_strtod_int (s00=0xa5a5a5a5a5a5a5a5 <error: Cannot access memory at address 0xa5a5a5a5a5a5a5a5>, se=0x7f3e0a3ea320, error=0x7f3e0a3ea328, buf=0x7f3e0a3e93c0 "4\006", buf_size=3680) at /data/src/10.3/strings/dtoa.c:1378

#5  0x0000555bc3ba4950 in my_strtod (str=0xa5a5a5a5a5a5a5a5 <error: Cannot access memory at address 0xa5a5a5a5a5a5a5a5>, end=0x7f3e0a3ea320, error=0x7f3e0a3ea328) at /data/src/10.3/strings/dtoa.c:469

#6  0x0000555bc3b819d6 in my_strntod_8bit (cs=0x555bc44100a0 <my_charset_bin>, str=0xa5a5a5a5a5a5a5a5 <error: Cannot access memory at address 0xa5a5a5a5a5a5a5a5>, length=42405, end=0x7f3e0a3ea320, err=0x7f3e0a3ea328) at /data/src/10.3/strings/ctype-simple.c:788

#7  0x0000555bc2e8d547 in Value_source::Converter_strntod::Converter_strntod (this=0x7f3e0a3ea320, cs=0x555bc44100a0 <my_charset_bin>, str=0xa5a5a5a5a5a5a5a5 <error: Cannot access memory at address 0xa5a5a5a5a5a5a5a5>, length=42405) at /data/src/10.3/sql/field.h:165

#8  0x0000555bc2e8d664 in Value_source::Converter_strntod_with_warn::Converter_strntod_with_warn (this=0x7f3e0a3ea320, thd=0x7f3df8000d90, filter=..., cs=0x555bc44100a0 <my_charset_bin>, str=0xa5a5a5a5a5a5a5a5 <error: Cannot access memory at address 0xa5a5a5a5a5a5a5a5>, length=42405) at /data/src/10.3/sql/field.h:236

#9  0x0000555bc329e1ad in Field_blob::val_real (this=0x7f3df8013f30) at /data/src/10.3/sql/field.cc:8456

#10 0x0000555bc32e49dd in Item_field::val_result (this=0x7f3df8012c98) at /data/src/10.3/sql/item.cc:3469

#11 0x0000555bc32f3ffa in Item_ref::val_real (this=0x7f3df8013488) at /data/src/10.3/sql/item.cc:8359

#12 0x0000555bc32f3b23 in Item_ref::val_result (this=0x7f3df8013488) at /data/src/10.3/sql/item.cc:8275

#13 0x0000555bc32fa576 in Item_cache_real::cache_value (this=0x7f3df8014068) at /data/src/10.3/sql/item.cc:10160

#14 0x0000555bc31ade3c in Item_cache::has_value (this=0x7f3df8014068) at /data/src/10.3/sql/item.h:6249

#15 0x0000555bc32fa63c in Item_cache_real::val_real (this=0x7f3df8014068) at /data/src/10.3/sql/item.cc:10169

#16 0x0000555bc3308350 in Arg_comparator::compare_real (this=0x7f3df80136e0) at /data/src/10.3/sql/item_cmpfunc.cc:813

#17 0x0000555bc331e48e in Arg_comparator::compare (this=0x7f3df80136e0) at /data/src/10.3/sql/item_cmpfunc.h:102

#18 0x0000555bc330b9ae in Item_func_gt::val_int (this=0x7f3df8013620) at /data/src/10.3/sql/item_cmpfunc.cc:1785

#19 0x0000555bc319ea3f in Type_handler_int_result::Item_val_bool (this=0x555bc43ea910 <type_handler_long>, item=0x7f3df8013620) at /data/src/10.3/sql/sql_type.cc:3288

#20 0x0000555bc2e80abe in Item::val_bool (this=0x7f3df8013620) at /data/src/10.3/sql/item.h:1219

#21 0x0000555bc302a425 in Item::eval_const_cond (this=0x7f3df8013620) at /data/src/10.3/sql/item.h:1227

#22 0x0000555bc30095f8 in Item_bool_func2::remove_eq_conds (this=0x7f3df8013620, thd=0x7f3df8000d90, cond_value=0x7f3df8013b8c, top_level_arg=true) at /data/src/10.3/sql/sql_select.cc:16688

#23 0x0000555bc30083de in optimize_cond (join=0x7f3df8013878, conds=0x7f3df8013620, join_list=0x7f3df8005580, ignore_on_conds=true, cond_value=0x7f3df8013b8c, cond_equal=0x7f3df8013cb8, flags=0) at /data/src/10.3/sql/sql_select.cc:16230

#24 0x0000555bc2fdfaf5 in JOIN::optimize_inner (this=0x7f3df8013878) at /data/src/10.3/sql/sql_select.cc:1796

#25 0x0000555bc2fde978 in JOIN::optimize (this=0x7f3df8013878) at /data/src/10.3/sql/sql_select.cc:1502

#26 0x0000555bc2fe8aca in mysql_select (thd=0x7f3df8000d90, tables=0x7f3df8012e10, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x7f3df8013620, proc_param=0x0, select_options=2147748608, result=0x7f3df8013850, unit=0x7f3df8004c58, select_lex=0x7f3df80053e0) at /data/src/10.3/sql/sql_select.cc:4310

#27 0x0000555bc2fda0f6 in handle_select (thd=0x7f3df8000d90, lex=0x7f3df8004b98, result=0x7f3df8013850, setup_tables_done_option=0) at /data/src/10.3/sql/sql_select.cc:370

#28 0x0000555bc2fa0574 in execute_sqlcom_select (thd=0x7f3df8000d90, all_tables=0x7f3df8012e10) at /data/src/10.3/sql/sql_parse.cc:6317

#29 0x0000555bc2f96d81 in mysql_execute_command (thd=0x7f3df8000d90) at /data/src/10.3/sql/sql_parse.cc:3848

#30 0x0000555bc2fa48f8 in mysql_parse (thd=0x7f3df8000d90, rawbuf=0x7f3df8012ab8 "SELECT DEFAULT(b) AS f FROM t1 HAVING f > 5", length=43, parser_state=0x7f3e0a3eb5c0, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:7841

#31 0x0000555bc2f9103c in dispatch_command (command=COM_QUERY, thd=0x7f3df8000d90, packet=0x7f3df8008f11 "SELECT DEFAULT(b) AS f FROM t1 HAVING f > 5", packet_length=43, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1852

#32 0x0000555bc2f8f9dc in do_command (thd=0x7f3df8000d90) at /data/src/10.3/sql/sql_parse.cc:1398

#33 0x0000555bc310e597 in do_handle_one_connection (connect=0x555bc58fcd70) at /data/src/10.3/sql/sql_connect.cc:1403

#34 0x0000555bc310e2f3 in handle_one_connection (arg=0x555bc58fcd70) at /data/src/10.3/sql/sql_connect.cc:1308

#35 0x0000555bc3adb2d7 in pfs_spawn_thread (arg=0x555bc59a18c0) at /data/src/10.3/storage/perfschema/pfs.cc:1869

#36 0x00007f3e108d6609 in start_thread (arg=<optimized out>) at pthread_create.c:477

#37 0x00007f3e104b2293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

==2687283== Conditional jump or move depends on uninitialised value(s)

==2687283==    at 0xB1CBF7: Field_blob::val_real() (field.cc:8453)

==2687283==    by 0xB64A0F: Item_field::val_result() (item.cc:3469)

==2687283==    by 0xB7416D: Item_ref::val_real() (item.cc:8359)

==2687283==    by 0xB73C8F: Item_ref::val_result() (item.cc:8275)

==2687283==    by 0xB7A787: Item_cache_real::cache_value() (item.cc:10160)

==2687283==    by 0xA284EB: Item_cache::has_value() (item.h:6249)

==2687283==    by 0xB7A853: Item_cache_real::val_real() (item.cc:10169)

==2687283==    by 0xB88AA9: Arg_comparator::compare_real() (item_cmpfunc.cc:813)

==2687283==    by 0xB9ED65: Arg_comparator::compare() (item_cmpfunc.h:102)

==2687283==    by 0xB8C1A7: Item_func_gt::val_int() (item_cmpfunc.cc:1785)

==2687283==    by 0xA190C2: Type_handler_int_result::Item_val_bool(Item*) const (sql_type.cc:3288)

==2687283==    by 0x6ECD5B: Item::val_bool() (item.h:1219)

==2687283==    by 0x89B310: Item::eval_const_cond() (item.h:1227)

==2687283==    by 0x87A0E3: Item_bool_func2::remove_eq_conds(THD*, Item::cond_result*, bool) (sql_select.cc:16688)

==2687283==    by 0x878EC8: optimize_cond(JOIN*, Item*, List<TABLE_LIST>*, bool, Item::cond_result*, COND_EQUAL**, int) (sql_select.cc:16230)

==2687283==    by 0x8502D4: JOIN::optimize_inner() (sql_select.cc:1796)

^ Found warnings in /data/bld/10.3-valgrind-nightly/mysql-test/var/log/mysqld.1.err

CREATE TABLE t1 (b BLOB NOT NULL DEFAULT '');

SELECT DEFAULT(b) AS f FROM t1 HAVING f > 'foo';

# Cleanup

DROP TABLE t1;

#3  <signal handler called>

#4  __memcmp_avx2_movbe () at ../sysdeps/x86_64/multiarch/memcmp-avx2-movbe.S:203

#5  0x00005562365ba7a9 in my_strnncoll_binary (cs=0x556236e550a0 <my_charset_bin>, s=0xa5a5a5a5a5a5a5a5 <error: Cannot access memory at address 0xa5a5a5a5a5a5a5a5>, slen=42405, t=0x7f6494013588 "foo", tlen=3, t_is_prefix=0 '\000') at /data/src/10.3/strings/ctype-bin.c:85

#6  0x00005562365ba834 in my_strnncollsp_binary (cs=0x556236e550a0 <my_charset_bin>, s=0xa5a5a5a5a5a5a5a5 <error: Cannot access memory at address 0xa5a5a5a5a5a5a5a5>, slen=42405, t=0x7f6494013588 "foo", tlen=3) at /data/src/10.3/strings/ctype-bin.c:124

#7  0x0000556235aaa9f6 in sortcmp (s=0x7f6494012cc8, t=0x7f64940135c0, cs=0x556236e550a0 <my_charset_bin>) at /data/src/10.3/sql/sql_string.cc:859

#8  0x0000556235d4d220 in Arg_comparator::compare_string (this=0x7f64940136e8) at /data/src/10.3/sql/item_cmpfunc.cc:780

#9  0x0000556235d6348e in Arg_comparator::compare (this=0x7f64940136e8) at /data/src/10.3/sql/item_cmpfunc.h:102

#10 0x0000556235d509ae in Item_func_gt::val_int (this=0x7f6494013628) at /data/src/10.3/sql/item_cmpfunc.cc:1785

#11 0x0000556235be3a3f in Type_handler_int_result::Item_val_bool (this=0x556236e2f910 <type_handler_long>, item=0x7f6494013628) at /data/src/10.3/sql/sql_type.cc:3288

#12 0x00005562358c5abe in Item::val_bool (this=0x7f6494013628) at /data/src/10.3/sql/item.h:1219

#13 0x0000556235a6f425 in Item::eval_const_cond (this=0x7f6494013628) at /data/src/10.3/sql/item.h:1227

#14 0x0000556235a4e5f8 in Item_bool_func2::remove_eq_conds (this=0x7f6494013628, thd=0x7f6494000d90, cond_value=0x7f6494013b94, top_level_arg=true) at /data/src/10.3/sql/sql_select.cc:16688

#15 0x0000556235a4d3de in optimize_cond (join=0x7f6494013880, conds=0x7f6494013628, join_list=0x7f6494005580, ignore_on_conds=true, cond_value=0x7f6494013b94, cond_equal=0x7f6494013cc0, flags=0) at /data/src/10.3/sql/sql_select.cc:16230

#16 0x0000556235a24af5 in JOIN::optimize_inner (this=0x7f6494013880) at /data/src/10.3/sql/sql_select.cc:1796

#17 0x0000556235a23978 in JOIN::optimize (this=0x7f6494013880) at /data/src/10.3/sql/sql_select.cc:1502

#18 0x0000556235a2daca in mysql_select (thd=0x7f6494000d90, tables=0x7f6494012e10, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x7f6494013628, proc_param=0x0, select_options=2147748608, result=0x7f6494013858, unit=0x7f6494004c58, select_lex=0x7f64940053e0) at /data/src/10.3/sql/sql_select.cc:4310

#19 0x0000556235a1f0f6 in handle_select (thd=0x7f6494000d90, lex=0x7f6494004b98, result=0x7f6494013858, setup_tables_done_option=0) at /data/src/10.3/sql/sql_select.cc:370

#20 0x00005562359e5574 in execute_sqlcom_select (thd=0x7f6494000d90, all_tables=0x7f6494012e10) at /data/src/10.3/sql/sql_parse.cc:6317

#21 0x00005562359dbd81 in mysql_execute_command (thd=0x7f6494000d90) at /data/src/10.3/sql/sql_parse.cc:3848

#22 0x00005562359e98f8 in mysql_parse (thd=0x7f6494000d90, rawbuf=0x7f6494012ab8 "SELECT DEFAULT(b) AS f FROM t1 HAVING f > 'foo'", length=47, parser_state=0x7f64ab54a5c0, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:7841

#23 0x00005562359d603c in dispatch_command (command=COM_QUERY, thd=0x7f6494000d90, packet=0x7f6494008f11 "SELECT DEFAULT(b) AS f FROM t1 HAVING f > 'foo'", packet_length=47, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1852

#24 0x00005562359d49dc in do_command (thd=0x7f6494000d90) at /data/src/10.3/sql/sql_parse.cc:1398

#25 0x0000556235b53597 in do_handle_one_connection (connect=0x556238030d70) at /data/src/10.3/sql/sql_connect.cc:1403

#26 0x0000556235b532f3 in handle_one_connection (arg=0x556238030d70) at /data/src/10.3/sql/sql_connect.cc:1308

#27 0x00005562365202d7 in pfs_spawn_thread (arg=0x5562380d58c0) at /data/src/10.3/storage/perfschema/pfs.cc:1869

#28 0x00007f64b5a36609 in start_thread (arg=<optimized out>) at pthread_create.c:477

#29 0x00007f64b5612293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

commit 8db5274dce7f8710b25ca954559843c9cd812ac5 (HEAD, origin/10.3, 10.3)

Author: Monty

Date:   Sun Feb 21 20:38:32 2021 +0200

    MDEV-22703 DEFAULT() on a BLOB column can overwrite the default record

#3  <signal handler called>

#4  0x0000559bb2414085 in my_scan_weight_utf8_general_ci (end=0xbebebebebf7d7d7c <error: Cannot access memory at address 0xbebebebebf7d7d7c>, str=0xbebebebebebebebe <error: Cannot access memory at address 0xbebebebebebebebe>, weight=<synthetic pointer>) at /data/src/10.3/strings/strcoll.ic:89

#5  my_scan_weight_utf8_general_ci (end=0xbebebebebf7d7d7c <error: Cannot access memory at address 0xbebebebebf7d7d7c>, str=0xbebebebebebebebe <error: Cannot access memory at address 0xbebebebebebebebe>, weight=<synthetic pointer>) at /data/src/10.3/strings/strcoll.ic:80

#6  my_strnncollsp_utf8_general_ci (cs=<optimized out>, a=0xbebebebebebebebe <error: Cannot access memory at address 0xbebebebebebebebe>, a_length=<optimized out>, b=0x602000002398 "", b_length=<optimized out>) at /data/src/10.3/strings/strcoll.ic:245

#7  0x0000559bb1317753 in Arg_comparator::compare (this=<optimized out>) at /data/src/10.3/sql/item_cmpfunc.h:102

#8  Item_func_ge::val_int (this=<optimized out>) at /data/src/10.3/sql/item_cmpfunc.cc:1777

#9  0x0000559bb104be4b in Type_handler_int_result::Item_val_bool (this=<optimized out>, item=<optimized out>) at /data/src/10.3/sql/sql_type.cc:3288

#10 0x0000559bb0c5fa97 in Item::val_bool (this=0x62b000003780) at /data/src/10.3/sql/item.h:1219

#11 Item::eval_const_cond (this=0x62b000003780) at /data/src/10.3/sql/item.h:1227

#12 Item_bool_func2::remove_eq_conds (this=0x62b000003780, thd=<optimized out>, cond_value=0x6290000d8a1c, top_level_arg=<optimized out>) at /data/src/10.3/sql/sql_select.cc:16688

#13 0x0000559bb0c6af7e in optimize_cond (join=join@entry=0x6290000d8708, conds=0x62b000003780, join_list=<optimized out>, ignore_on_conds=ignore_on_conds@entry=true, cond_value=cond_value@entry=0x6290000d8a1c, cond_equal=cond_equal@entry=0x6290000d8b48, flags=0) at /data/src/10.3/sql/sql_select.cc:16230

#14 0x0000559bb0d29e48 in JOIN::optimize_inner (this=0x6290000d8708) at /data/src/10.3/sql/sql_select.cc:1796

#15 0x0000559bb0d334ca in JOIN::optimize (this=this@entry=0x6290000d8708) at /data/src/10.3/sql/sql_select.cc:1502

#16 0x0000559bb0d3b36e in mysql_select (thd=0x62a00005a208, tables=0x62b0000024f0, wild_num=0, fields=..., conds=0x0, og_num=<optimized out>, order=0x0, group=0x62b000002e18, having=0x62b000003780, proc_param=0x0, select_options=2147748612, result=0x6290000d7f80, unit=0x62a00005df10, select_lex=0x62a00005e698) at /data/src/10.3/sql/sql_select.cc:4310

#17 0x0000559bb0d3c4ae in mysql_explain_union (thd=thd@entry=0x62a00005a208, unit=unit@entry=0x62a00005df10, result=result@entry=0x6290000d7f80) at /data/src/10.3/sql/sql_select.cc:26265

#18 0x0000559bb0bb5dcf in execute_sqlcom_select (thd=0x62a00005a208, all_tables=<optimized out>) at /data/src/10.3/sql/sql_parse.cc:6256

#19 0x0000559bb0be2d08 in mysql_execute_command (thd=0x62a00005a208) at /data/src/10.3/sql/sql_parse.cc:3848

#20 0x0000559bb0becce0 in mysql_parse (thd=thd@entry=0x62a00005a208, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7fe916c32fb0, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.3/sql/sql_parse.cc:7841

#21 0x0000559bb0bf3963 in dispatch_command (command=COM_QUERY, thd=0x62a00005a208, packet=<optimized out>, packet_length=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.3/sql/sql_class.h:1139

#22 0x0000559bb0bfa88e in do_command (thd=0x62a00005a208) at /data/src/10.3/sql/sql_parse.cc:1398

#23 0x0000559bb0f37757 in do_handle_one_connection (connect=connect@entry=0x608000001028) at /data/src/10.3/sql/sql_connect.cc:1403

#24 0x0000559bb0f37fdf in handle_one_connection (arg=arg@entry=0x608000001028) at /data/src/10.3/sql/sql_connect.cc:1308

#25 0x0000559bb22c0209 in pfs_spawn_thread (arg=0x615000003c88) at /data/src/10.3/storage/perfschema/pfs.cc:1869

#26 0x00007fe9219cd609 in start_thread (arg=<optimized out>) at pthread_create.c:477

#27 0x00007fe9215a7293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

#3  <signal handler called>

#4  0x000055f8aa4c6eda in get_prefix (endptr=<synthetic pointer>, length=1073743297, str=0x400005c128000062 <error: Cannot access memory at address 0x400005c128000062>) at /data/src/10.4-bug/sql-common/my_time.c:328

#5  find_body (neg=neg@entry=0x7fd15beec470 "\360\t\006", str=0x400005c128000062 <error: Cannot access memory at address 0x400005c128000062>, length=1073743297, to=to@entry=0x7fd15beecd70, warn=warn@entry=0x7fd15beecb80, new_str=new_str@entry=0x7fd15beec480, new_length=0x7fd15beec4a0) at /data/src/10.4-bug/sql-common/my_time.c:357

#6  0x000055f8aa4c9319 in str_to_datetime_or_date_or_time (str=<optimized out>, length=<optimized out>, to=to@entry=0x7fd15beecd70, mode=<optimized out>, status=status@entry=0x7fd15beecb80, time_max_hour=time_max_hour@entry=838, time_err_hour=<optimized out>) at /data/src/10.4-bug/sql-common/my_time.c:818

#7  0x000055f8a8f805d5 in Temporal::ascii_to_datetime_or_date_or_time (fuzzydate=..., length=<optimized out>, str=<optimized out>, status=0x7fd15beecb80, this=0x7fd15beecd70) at /data/src/10.4-bug/sql/sql_type.h:865

#8  Temporal::ascii_to_temporal (mode=..., length=<optimized out>, str=<optimized out>, st=0x7fd15beecb80, this=0x7fd15beecd70) at /data/src/10.4-bug/sql/sql_type.h:840

#9  Temporal::str_to_temporal (this=this@entry=0x7fd15beecd70, thd=<optimized out>, status=status@entry=0x7fd15beecb80, str=str@entry=0x400005c128000062 <error: Cannot access memory at address 0x400005c128000062>, length=length@entry=1073743297, cs=<optimized out>, flags=...) at /data/src/10.4-bug/sql/sql_time.cc:403

#10 0x000055f8a913875d in Temporal::make_from_str (this=this@entry=0x7fd15beecd70, thd=thd@entry=0x62b00005b208, warn=warn@entry=0x7fd15beec980, str=0x400005c128000062 <error: Cannot access memory at address 0x400005c128000062>, length=1073743297, cs=<optimized out>, fuzzydate=...) at /data/src/10.4-bug/sql/sql_type.cc:246

#11 0x000055f8a9327f5c in Temporal_hybrid::Temporal_hybrid (mode=..., str=<optimized out>, warn=0x7fd15beec980, thd=0x62b00005b208, this=0x7fd15beecd70) at /data/src/10.4-bug/sql/sql_string.h:210

#12 Field::get_date (this=<optimized out>, to=0x7fd15beecd70, mode=...) at /data/src/10.4-bug/sql/field.cc:2322

#13 0x000055f8a93d82e9 in Item_field::get_date_result (this=<optimized out>, thd=<optimized out>, ltime=0x7fd15beecd70, fuzzydate=...) at /data/src/10.4-bug/sql/field.h:1182

#14 0x000055f8a93e5c5c in Item::val_time_packed_result (this=this@entry=0x62b000064980, thd=<optimized out>) at /data/src/10.4-bug/sql/sql_type.h:1363

#15 0x000055f8a93e5fc8 in Item_cache_time::cache_value (this=0x62b0000665d0) at /data/src/10.4-bug/include/my_pthread.h:375

#16 0x000055f8a941fa64 in Item_cache::has_value (this=0x62b0000665d0) at /data/src/10.4-bug/sql/item.h:6957

#17 Item_cache_time::val_time_packed (this=0x62b0000665d0, thd=<optimized out>) at /data/src/10.4-bug/sql/item.h:6957

#18 0x000055f8a944b88b in Arg_comparator::compare_time (this=0x62b000064bd8) at /data/src/10.4-bug/sql/item_cmpfunc.cc:714

#19 0x000055f8a9472fdb in Item_func_nullif::time_op (this=0x62b000064b08, thd=0x62b00005b208, ltime=0x7fd15beed050) at /data/src/10.4-bug/sql/item_cmpfunc.cc:2922

#20 0x000055f8a951bcd3 in Item_func_hybrid_field_type::time_op_with_null_check (ltime=0x7fd15beed050, thd=<optimized out>, this=0x62b000064b08) at /data/src/10.4-bug/sql/item_func.h:718

#21 Item_func_hybrid_field_type::val_decimal_from_time_op (this=0x62b000064b08, dec=0x7fd15beed178) at /data/src/10.4-bug/sql/item_func.cc:926

#22 0x000055f8a91353e5 in VDec::VDec (this=0x7fd15beed170, item=0x62b000064b08) at /data/src/10.4-bug/sql/sql_type.cc:195

#23 0x000055f8a9512349 in VDec2_lazy::VDec2_lazy (b=0x62b000064d98, a=<optimized out>, this=0x7fd15beed170) at /data/src/10.4-bug/sql/sql_type.h:288

#24 Item_func_minus::decimal_op (this=0x62b000064eb0, decimal_value=0x7fd15beed308) at /data/src/10.4-bug/sql/item_func.cc:1321

#25 0x000055f8a9135c85 in VDec_op::VDec_op (this=0x7fd15beed300, item=0x62b000064eb0) at /data/src/10.4-bug/sql/sql_type.cc:202

#26 0x000055f8a9135d7b in Type_handler_decimal_result::Item_func_hybrid_field_type_val_str (this=<optimized out>, item=0x62b000064eb0, str=0x62b000067fd8) at /data/src/10.4-bug/sql/sql_type.cc:4752

#27 0x000055f8a93d16ec in Item_copy_string::copy (this=0x62b000067fa8) at /data/src/10.4-bug/sql/item.cc:4876

#28 0x000055f8a8da1880 in copy_fields (param=param@entry=0x62b000065b28) at /data/src/10.4-bug/sql/sql_select.cc:25092

#29 0x000055f8a8dbc61c in end_send_group (join=join@entry=0x62b000065930, join_tab=join_tab@entry=0x0, end_of_records=end_of_records@entry=false) at /data/src/10.4-bug/sql/sql_select.cc:21799

#30 0x000055f8a8df54ea in do_select (procedure=<optimized out>, join=0x62b000065930) at /data/src/10.4-bug/sql/sql_select.cc:19901

#31 JOIN::exec_inner (this=0x62b000065930) at /data/src/10.4-bug/sql/sql_select.cc:4487

#32 0x000055f8a8df5e82 in JOIN::exec (this=this@entry=0x62b000065930) at /data/src/10.4-bug/sql/sql_select.cc:4269

#33 0x000055f8a8dee132 in mysql_select (thd=0x62b00005b208, tables=0x62b000063ff0, wild_num=0, fields=..., conds=0x0, og_num=<optimized out>, order=0x0, group=0x62b000064f88, having=0x0, proc_param=0x0, select_options=2147748609, result=0x62b000065900, unit=0x62b00005ef78, select_lex=0x62b0000625c0) at /data/src/10.4-bug/sql/sql_select.cc:4704

#34 0x000055f8a8df0b66 in handle_select (thd=thd@entry=0x62b00005b208, lex=lex@entry=0x62b00005eeb8, result=result@entry=0x62b000065900, setup_tables_done_option=setup_tables_done_option@entry=0) at /data/src/10.4-bug/sql/sql_select.cc:410

#35 0x000055f8a8c599bd in execute_sqlcom_select (thd=0x62b00005b208, all_tables=<optimized out>) at /data/src/10.4-bug/sql/sql_parse.cc:6418

#36 0x000055f8a8c88460 in mysql_execute_command (thd=0x62b00005b208) at /data/src/10.4-bug/sql/sql_parse.cc:3937

#37 0x000055f8a8c92c2d in mysql_parse (thd=thd@entry=0x62b00005b208, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7fd15bef20e0, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.4-bug/sql/sql_parse.cc:7959

#38 0x000055f8a8c9b9f2 in dispatch_command (command=COM_QUERY, thd=0x62b00005b208, packet=<optimized out>, packet_length=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.4-bug/sql/sql_class.h:1170

#39 0x000055f8a8ca13b6 in do_command (thd=0x62b00005b208) at /data/src/10.4-bug/sql/sql_parse.cc:1373

#40 0x000055f8a8ff5313 in do_handle_one_connection (connect=connect@entry=0x608000000e28) at /data/src/10.4-bug/sql/sql_connect.cc:1412

#41 0x000055f8a8ff5841 in handle_one_connection (arg=arg@entry=0x608000000e28) at /data/src/10.4-bug/sql/sql_connect.cc:1316

#42 0x000055f8aa3c31e8 in pfs_spawn_thread (arg=0x615000003f08) at /data/src/10.4-bug/storage/perfschema/pfs.cc:1869

#43 0x00007fd165d5d609 in start_thread (arg=<optimized out>) at pthread_create.c:477

#44 0x00007fd1655c6293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95