MariaDB 10.6.13 segfaults on Moodle query

SELECT COUNT(1) FROM mdl_view_competencies_required competencies JOIN mdl_competency competency ON competency.id = competencies.competencyid JOIN mdl_user user ON competencies.userid=user.id  WHERE user.id = '2788' AND competencies.competencyid IN (SELECT competencyid FROM mdl_lms_competency_categories WHERE categoryid='2')  AND user.suspended = 0 AND EXISTS (SELECT 1 FROM mdl_lms_milestones m WHERE m.userid=competencies.userid AND m.objectid=competencies.competencyid AND m.milestone='3' AND m.result>0);

Jun  8 13:27:36 demo03 mariadbd[2780525]: 230608 13:27:36 [ERROR] mysqld got signal 11 ;

Jun  8 13:27:36 demo03 mariadbd[2780525]: This could be because you hit a bug. It is also possible that this binary

Jun  8 13:27:36 demo03 mariadbd[2780525]: or one of the libraries it was linked against is corrupt, improperly built,

Jun  8 13:27:36 demo03 mariadbd[2780525]: or misconfigured. This error can also be caused by malfunctioning hardware.

Jun  8 13:27:36 demo03 mariadbd[2780525]: To report this bug, see https://mariadb.com/kb/en/reporting-bugs

Jun  8 13:27:36 demo03 mariadbd[2780525]: We will try our best to scrape up some info that will hopefully help

Jun  8 13:27:36 demo03 mariadbd[2780525]: diagnose the problem, but since we have already crashed,

Jun  8 13:27:36 demo03 mariadbd[2780525]: something is definitely wrong and this may fail.

Jun  8 13:27:36 demo03 mariadbd[2780525]: Server version: 10.6.13-MariaDB-1:10.6.13+maria~deb11 source revision: a24f2bb50ba4a0dd4127455f7fcdfed584937f36

Jun  8 13:27:36 demo03 mariadbd[2780525]: key_buffer_size=268435456

Jun  8 13:27:36 demo03 mariadbd[2780525]: read_buffer_size=131072

Jun  8 13:27:36 demo03 mariadbd[2780525]: max_used_connections=3

Jun  8 13:27:36 demo03 mariadbd[2780525]: max_threads=202

Jun  8 13:27:36 demo03 mariadbd[2780525]: thread_count=3

Jun  8 13:27:36 demo03 mariadbd[2780525]: It is possible that mysqld could use up to

Jun  8 13:27:36 demo03 mariadbd[2780525]: key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 706945 K  bytes of memory

Jun  8 13:27:36 demo03 mariadbd[2780525]: Hope that's ok; if not, decrease some variables in the equation.

Jun  8 13:27:36 demo03 mariadbd[2780525]: Thread pointer: 0x7f4718000c58

Jun  8 13:27:36 demo03 mariadbd[2780525]: Attempting backtrace. You can use the following information to find out

Jun  8 13:27:36 demo03 mariadbd[2780525]: where mysqld died. If you see no messages after this, something went

Jun  8 13:27:36 demo03 mariadbd[2780525]: terribly wrong...

Jun  8 13:27:36 demo03 mariadbd[2780525]: stack_bottom = 0x7f48084acd18 thread_stack 0x49000

Jun  8 13:27:37 demo03 mariadbd[2780525]: mysys/stacktrace.c:216(my_print_stacktrace)[0x560c346b975e]

Jun  8 13:27:37 demo03 mariadbd[2780525]: sql/signal_handler.cc:241(handle_fatal_signal)[0x560c341824b5]

Jun  8 13:27:37 demo03 mariadbd[2780525]: sigaction.c:0(__restore_rt)[0x7f4828c93140]

Jun  8 13:27:38 demo03 mariadbd[2780525]: sql/opt_split.cc:1047(st_join_table::choose_best_splitting(unsigned int, unsigned long long, unsigned long long*))[0x560c34101ddc]

Jun  8 13:27:38 demo03 mariadbd[2780525]: sql/sql_select.cc:7898(best_access_path(JOIN*, st_join_table*, unsigned long long, POSITION const*, unsigned int, bool, double, POSITION*, POSITION*))[0x560c33f83988]

Jun  8 13:27:38 demo03 mariadbd[2780525]: sql/opt_subselect.cc:3957(fix_semijoin_strategies_for_picked_join_order(JOIN*))[0x560c3409fecb]

Jun  8 13:27:38 demo03 mariadbd[2780525]: sql/sql_select.cc:11184(JOIN::get_best_combination())[0x560c33f82621]

Jun  8 13:27:38 demo03 mariadbd[2780525]: sql/sql_select.cc:2556(JOIN::optimize_stage2())[0x560c33fb32f5]

Jun  8 13:27:38 demo03 mariadbd[2780525]: sql/sql_select.cc:2535(JOIN::optimize_inner())[0x560c33fb75ac]

Jun  8 13:27:38 demo03 mariadbd[2780525]: sql/sql_select.cc:1850(JOIN::optimize())[0x560c33fb7ab0]

Jun  8 13:27:38 demo03 mariadbd[2780525]: sql/sql_select.cc:5055(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x560c33fb7b83]

Jun  8 13:27:38 demo03 mariadbd[2780525]: sql/sql_select.cc:559(handle_select(THD*, LEX*, select_result*, unsigned long))[0x560c33fb838f]

Jun  8 13:27:38 demo03 mariadbd[2780525]: sql/sql_parse.cc:6273(execute_sqlcom_select(THD*, TABLE_LIST*))[0x560c33f3e0f1]

Jun  8 13:27:38 demo03 mariadbd[2780525]: sql/sql_parse.cc:3949(mysql_execute_command(THD*, bool))[0x560c33f4d267]

Jun  8 13:27:38 demo03 mariadbd[2780525]: sql/sql_class.h:2806(THD::enter_stage(PSI_stage_info_v1 const*, char const*, char const*, unsigned int))[0x560c33f4e857]

Jun  8 13:27:38 demo03 mariadbd[2780525]: sql/sql_parse.cc:1898(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x560c33f5105d]

Jun  8 13:27:38 demo03 mariadbd[2780525]: sql/sql_parse.cc:1411(do_command(THD*, bool))[0x560c33f52bf8]

Jun  8 13:27:38 demo03 mariadbd[2780525]: sql/sql_connect.cc:1416(do_handle_one_connection(CONNECT*, bool))[0x560c3406170f]

Jun  8 13:27:38 demo03 mariadbd[2780525]: sql/sql_connect.cc:1318(handle_one_connection)[0x560c34061a5d]

Jun  8 13:27:38 demo03 mariadbd[2780525]: perfschema/pfs.cc:2204(pfs_spawn_thread)[0x560c343ce4c2]

Jun  8 13:27:39 demo03 mariadbd[2780525]: nptl/pthread_create.c:478(start_thread)[0x7f4828c87ea7]

Jun  8 13:27:39 demo03 mariadbd[2780525]: x86_64/clone.S:97(__GI___clone)[0x7f482888ea2f]

Jun  8 13:27:39 demo03 mariadbd[2780525]: Trying to get some variables.

Jun  8 13:27:39 demo03 mariadbd[2780525]: Some pointers may be invalid and cause the dump to abort.

Jun  8 13:27:39 demo03 mariadbd[2780525]: Query (0x7f4718010900): SELECT COUNT(1) FROM mdl_view_competencies_required competencies JOIN mdl_competency competency ON competency.id = competencies.competencyid JOIN mdl_user user ON competencies.userid=user.id  WHERE user.id = '2788' AND competencies.competencyid IN (SELECT competencyid FROM mdl_lms_competency_categories WHERE categoryid='2')  AND user.suspended = 0 AND EXISTS (SELECT 1 FROM mdl_lms_milestones m WHERE m.userid=competencies.userid AND m.objectid=competencies.competencyid AND m.milestone='3' AND m.result>0)

Jun  8 13:27:39 demo03 mariadbd[2780525]: Connection ID (thread ID): 1907

Jun  8 13:27:39 demo03 mariadbd[2780525]: Status: NOT_KILLED

Jun  8 13:27:39 demo03 mariadbd[2780525]: Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=off

Jun  8 13:27:39 demo03 mariadbd[2780525]: The manual page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mysqld/ contains

Jun  8 13:27:39 demo03 mariadbd[2780525]: information that should help you find out what is causing the crash.

Jun  8 13:27:39 demo03 mariadbd[2780525]: Writing a core file...

Jun  8 13:27:39 demo03 mariadbd[2780525]: Working directory at /var/lib/mysql

Jun  8 13:27:39 demo03 mariadbd[2780525]: Resource Limits:

Jun  8 13:27:39 demo03 mariadbd[2780525]: Limit                     Soft Limit           Hard Limit           Units

Jun  8 13:27:39 demo03 mariadbd[2780525]: Max cpu time              unlimited            unlimited            seconds

Jun  8 13:27:39 demo03 mariadbd[2780525]: Max file size             unlimited            unlimited            bytes

Jun  8 13:27:39 demo03 mariadbd[2780525]: Max data size             unlimited            unlimited            bytes

Jun  8 13:27:39 demo03 mariadbd[2780525]: Max stack size            8388608              unlimited            bytes

Jun  8 13:27:39 demo03 mariadbd[2780525]: Max core file size        0                    unlimited            bytes

Jun  8 13:27:39 demo03 mariadbd[2780525]: Max resident set          unlimited            unlimited            bytes

Jun  8 13:27:39 demo03 mariadbd[2780525]: Max processes             31514                31514                processes

Jun  8 13:27:39 demo03 mariadbd[2780525]: Max open files            32768                32768                files

Jun  8 13:27:39 demo03 mariadbd[2780525]: Max locked memory         524288               524288               bytes

Jun  8 13:27:39 demo03 mariadbd[2780525]: Max address space         unlimited            unlimited            bytes

Jun  8 13:27:39 demo03 mariadbd[2780525]: Max file locks            unlimited            unlimited            locks

Jun  8 13:27:39 demo03 mariadbd[2780525]: Max pending signals       31514                31514                signals

Jun  8 13:27:39 demo03 mariadbd[2780525]: Max msgqueue size         819200               819200               bytes

Jun  8 13:27:39 demo03 mariadbd[2780525]: Max nice priority         0                    0

Jun  8 13:27:39 demo03 mariadbd[2780525]: Max realtime priority     0                    0

Jun  8 13:27:39 demo03 mariadbd[2780525]: Max realtime timeout      unlimited            unlimited            us

Jun  8 13:27:39 demo03 mariadbd[2780525]: Core pattern: core

Jun  8 13:27:39 demo03 mariadbd[2780525]: Kernel version: Linux version 5.10.0-23-amd64 (debian-kernel@lists.debian.org) (gcc-10 (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2) #1 SMP Debian 5.10.179-1 (2023-05-12)