SIGSEGV in hp_rec_key_cmp and Assertion `curr_op_type != INTERSECT_ALL' failed on SELECT ... UNION SELECT

SET SQL_MODE='ORACLE';

CREATE TABLE t (c CHAR(1)) ENGINE=InnoDB;

INSERT INTO t VALUES(0), (1), (1), (1), (1);

SELECT * FROM t UNION SELECT * FROM t INTERSECT ALL SELECT * FROM t;

Core was generated by `/test/MD160321-mariadb-10.6.0-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.

Program terminated with signal SIGSEGV, Segmentation fault.

#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)

    at ../sysdeps/unix/sysv/linux/pthread_kill.c:56

[Current thread is 1 (Thread 0x14b8807b0700 (LWP 3114391))]

(gdb) bt

#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56

#1  0x000055d2d41af26f in my_write_core (sig=sig@entry=11) at /test/10.6_opt/mysys/stacktrace.c:424

#2  0x000055d2d3c2a5e0 in handle_fatal_signal (sig=11) at /test/10.6_opt/sql/signal_handler.cc:331

#3  <signal handler called>

#4  0x000055d2d3f3c29f in hp_rec_key_cmp (keydef=keydef@entry=0x14b82804d9c8, rec1=0x3 <error: Cannot access memory at address 0x3>, rec2=rec2@entry=0x14b82804cd58 "\377\376") at /test/10.6_opt/storage/heap/hp_hash.c:389

#5  0x000055d2d3f3a557 in ha_heap::find_unique_row (this=0x14b82804cec0, record=0x14b82804cd58 "\377\376", unique_idx=<optimized out>) at /test/10.6_opt/storage/heap/ha_heap.cc:813

#6  0x000055d2d3ad3f83 in select_unit_ext::send_data (this=0x14b828013a38, values=<optimized out>) at /test/10.6_opt/sql/sql_union.cc:670

#7  0x000055d2d3a72b5e in select_result_sink::send_data_with_check (u=<optimized out>, sent=<optimized out>, items=@0x14b828012d70: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14b8280131e8, last = 0x14b8280131e8, elements = 1}, <No data fields>}, this=<optimized out>) at /test/10.6_opt/sql/sql_class.h:5554

#8  select_result_sink::send_data_with_check (sent=<optimized out>, u=<optimized out>, items=@0x14b828012d70: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14b8280131e8, last = 0x14b8280131e8, elements = 1}, <No data fields>}, this=<optimized out>) at /test/10.6_opt/sql/sql_class.h:5544

#9  end_send (join=0x14b828014a28, join_tab=0x14b828051be8, end_of_records=<optimized out>) at /test/10.6_opt/sql/sql_select.cc:21952

#10 0x000055d2d3a4a9de in evaluate_join_record (join=0x14b828014a28, join_tab=0x14b828051838, error=<optimized out>) at /test/10.6_opt/sql/sql_select.cc:20975

#11 0x000055d2d3a5bb9b in sub_select (end_of_records=false, join_tab=0x14b828051838, join=0x14b828014a28) at /test/10.6_opt/sql/sql_select.cc:20752

#12 sub_select (join=0x14b828014a28, join_tab=0x14b828051838, end_of_records=false) at /test/10.6_opt/sql/sql_select.cc:20681

#13 0x000055d2d3a898c2 in do_select (procedure=<optimized out>, join=0x14b828014a28) at /test/10.6_opt/sql/sql_select.cc:20299

#14 JOIN::exec_inner (this=0x14b828014a28) at /test/10.6_opt/sql/sql_select.cc:4477

#15 0x000055d2d3a89c78 in JOIN::exec (this=0x14b828014a28) at /test/10.6_opt/sql/sql_select.cc:4257

#16 0x000055d2d3ad6edc in st_select_lex_unit::exec (this=0x14b828004c70) at /test/10.6_opt/sql/sql_union.cc:2235

#17 0x000055d2d3adaf18 in mysql_union (thd=thd@entry=0x14b828000c58, lex=lex@entry=0x14b828004ba8, result=result@entry=0x14b828013a10, unit=unit@entry=0x14b828004c70, setup_tables_done_option=<optimized out>) at /test/10.6_opt/sql/sql_union.cc:41

#18 0x000055d2d3a884da in handle_select (thd=thd@entry=0x14b828000c58, lex=lex@entry=0x14b828004ba8, result=result@entry=0x14b828013a10, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.6_opt/sql/sql_select.cc:407

#19 0x000055d2d3a18e8e in execute_sqlcom_select (thd=0x14b828000c58, all_tables=0x14b828010ba8) at /test/10.6_opt/sql/sql_parse.cc:6230

#20 0x000055d2d3a26de7 in mysql_execute_command (thd=0x14b828000c58) at /test/10.6_opt/sql/sql_parse.cc:3926

#21 0x000055d2d3a13dc4 in mysql_parse (thd=0x14b828000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.6_opt/sql/sql_parse.cc:7998

#22 0x000055d2d3a1fd2d in dispatch_command (command=COM_QUERY, thd=0x14b828000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.6_opt/sql/sql_class.h:1318

#23 0x000055d2d3a21db6 in do_command (thd=0x14b828000c58, blocking=blocking@entry=true) at /test/10.6_opt/sql/sql_parse.cc:1397

#24 0x000055d2d3b24557 in do_handle_one_connection (connect=<optimized out>, put_in_cache=true) at /test/10.6_opt/sql/sql_connect.cc:1410

#25 0x000055d2d3b248bd in handle_one_connection (arg=arg@entry=0x55d2d62dc148) at /test/10.6_opt/sql/sql_connect.cc:1312

#26 0x000055d2d3ea4f97 in pfs_spawn_thread (arg=0x55d2d6257f68) at /test/10.6_opt/storage/perfschema/pfs.cc:2201

#27 0x000014b884831609 in start_thread (arg=<optimized out>) at pthread_create.c:477

#28 0x000014b884420293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Core was generated by `/test/MD160321-mariadb-10.5.10-linux-x86_64-opt/bin/mysqld --no-defaults --core'.

Program terminated with signal SIGSEGV, Segmentation fault.

#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)

    at ../sysdeps/unix/sysv/linux/pthread_kill.c:56

[Current thread is 1 (Thread 0x154928a62700 (LWP 3115332))]

(gdb) bt

#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56

#1  0x000056359cf64fdf in my_write_core (sig=sig@entry=11) at /test/10.5_opt/mysys/stacktrace.c:424

#2  0x000056359c985820 in handle_fatal_signal (sig=11) at /test/10.5_opt/sql/signal_handler.cc:331

#3  <signal handler called>

#4  0x000056359cca227f in hp_rec_key_cmp (keydef=keydef@entry=0x1548ec04ec28, rec1=0x3 <error: Cannot access memory at address 0x3>, rec2=rec2@entry=0x1548ec04dfb8 "\377\376") at /test/10.5_opt/storage/heap/hp_hash.c:389

#5  0x000056359cca0537 in ha_heap::find_unique_row (this=0x1548ec04e120, record=0x1548ec04dfb8 "\377\376", unique_idx=<optimized out>) at /test/10.5_opt/storage/heap/ha_heap.cc:813

#6  0x000056359c8292f3 in select_unit_ext::send_data (this=0x1548ec013978, values=<optimized out>) at /test/10.5_opt/sql/sql_union.cc:670

#7  0x000056359c7c710e in select_result_sink::send_data_with_check (u=<optimized out>, sent=<optimized out>, items=@0x1548ec012cb0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1548ec013128, last = 0x1548ec013128, elements = 1}, <No data fields>}, this=<optimized out>) at /test/10.5_opt/sql/sql_class.h:5328

#8  select_result_sink::send_data_with_check (sent=<optimized out>, u=<optimized out>, items=@0x1548ec012cb0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1548ec013128, last = 0x1548ec013128, elements = 1}, <No data fields>}, this=<optimized out>) at /test/10.5_opt/sql/sql_class.h:5318

#9  end_send (join=0x1548ec014968, join_tab=0x1548ec052de8, end_of_records=<optimized out>) at /test/10.5_opt/sql/sql_select.cc:21973

#10 0x000056359c79edd0 in evaluate_join_record (join=join@entry=0x1548ec014968, join_tab=join_tab@entry=0x1548ec052a40, error=<optimized out>) at /test/10.5_opt/sql/sql_select.cc:21004

#11 0x000056359c7aff6b in sub_select (end_of_records=false, join_tab=0x1548ec052a40, join=0x1548ec014968) at /test/10.5_opt/sql/sql_select.cc:20781

#12 sub_select (join=0x1548ec014968, join_tab=0x1548ec052a40, end_of_records=false) at /test/10.5_opt/sql/sql_select.cc:20710

#13 0x000056359c7de372 in do_select (procedure=<optimized out>, join=0x1548ec014968) at /test/10.5_opt/sql/sql_select.cc:20315

#14 JOIN::exec_inner (this=0x1548ec014968) at /test/10.5_opt/sql/sql_select.cc:4467

#15 0x000056359c7de728 in JOIN::exec (this=0x1548ec014968) at /test/10.5_opt/sql/sql_select.cc:4247

#16 0x000056359c82c36c in st_select_lex_unit::exec (this=0x1548ec004c48) at /test/10.5_opt/sql/sql_union.cc:2235

#17 0x000056359c8303a8 in mysql_union (thd=thd@entry=0x1548ec000c58, lex=lex@entry=0x1548ec004b80, result=result@entry=0x1548ec013950, unit=unit@entry=0x1548ec004c48, setup_tables_done_option=<optimized out>) at /test/10.5_opt/sql/sql_union.cc:41

#18 0x000056359c7dcf8a in handle_select (thd=thd@entry=0x1548ec000c58, lex=lex@entry=0x1548ec004b80, result=result@entry=0x1548ec013950, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.5_opt/sql/sql_select.cc:407

#19 0x000056359c76bc0e in execute_sqlcom_select (thd=0x1548ec000c58, all_tables=0x1548ec010ae8) at /test/10.5_opt/sql/sql_parse.cc:6308

#20 0x000056359c77a348 in mysql_execute_command (thd=0x1548ec000c58) at /test/10.5_opt/sql/sql_parse.cc:4004

#21 0x000056359c7667f6 in mysql_parse (thd=thd@entry=0x1548ec000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x154928a61420, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_opt/sql/sql_parse.cc:8089

#22 0x000056359c772f97 in dispatch_command (command=COM_QUERY, thd=0x1548ec000c58, packet=0x1548ec008059 "SELECT * FROM t UNION SELECT * FROM t INTERSECT ALL SELECT * FROM t", packet_length=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.5_opt/sql/sql_class.h:1257

#23 0x000056359c7753ba in do_command (thd=0x1548ec000c58) at /test/10.5_opt/sql/sql_parse.cc:1370

#24 0x000056359c87aac1 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x56359fe24c38, put_in_cache=put_in_cache@entry=true) at /test/10.5_opt/sql/sql_connect.cc:1410

#25 0x000056359c87af3d in handle_one_connection (arg=arg@entry=0x56359fe24c38) at /test/10.5_opt/sql/sql_connect.cc:1312

#26 0x000056359cc09077 in pfs_spawn_thread (arg=0x56359fda2028) at /test/10.5_opt/storage/perfschema/pfs.cc:2201

#27 0x000015493edd1609 in start_thread (arg=<optimized out>) at pthread_create.c:477

#28 0x000015493e9c0293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95