Server crash or ASAN errors upon 2nd execution of DELETE with a subquery mixing collations

CREATE TABLE t1 (a varchar(64)) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci;

CREATE TABLE t2 (b varchar(64)) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci ;

CREATE ALGORITHM=MERGE VIEW v AS select * from t2;

PREPARE stmt FROM "DELETE FROM t1 WHERE a IN (SELECT b FROM v)";

--error ER_CANT_AGGREGATE_2COLLATIONS

EXECUTE stmt;

--error ER_CANT_AGGREGATE_2COLLATIONS

EXECUTE stmt;

DROP VIEW v;

DROP TABLE t1, t2;

#3  <signal handler called>

#4  0x0000560a04b809e1 in TABLE_LIST::reset_const_table (this=0x273180) at /data/bld/11.4-asan/sql/table.cc:9826

#5  0x0000560a04b80a86 in TABLE_LIST::reset_const_table (this=0x62d00026f8f8) at /data/bld/11.4-asan/sql/table.cc:9833

#6  0x0000560a045dfb12 in setup_table_map (table=0x619000059b98, table_list=0x62d00026f8f8, tablenr=0) at /data/bld/11.4-asan/sql/sql_base.h:357

#7  0x0000560a045ccc72 in setup_tables (thd=0x62c0000b0218, context=0x62d00026f2b8, from_clause=0x62d00026f428, tables=0x62d00026f8f8, leaves=..., select_insert=false, full_table_list=false) at /data/bld/11.4-asan/sql/sql_base.cc:8317

#8  0x0000560a045cdbaa in setup_tables_and_check_access (thd=0x62c0000b0218, context=0x62d00026f2b8, from_clause=0x62d00026f428, tables=0x62d00026f8f8, leaves=..., select_insert=false, want_access_first=SELECT_ACL, want_access=SELECT_ACL, full_table_list=false) at /data/bld/11.4-asan/sql/sql_base.cc:8438

#9  0x0000560a0485f650 in JOIN::prepare (this=0x62d00005ae18, tables_init=0x62d00026f8f8, conds_init=0x0, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x62d00026f270, unit_arg=0x62d000270040) at /data/bld/11.4-asan/sql/sql_select.cc:1477

#10 0x0000560a053929a0 in subselect_single_select_engine::prepare (this=0x62d000270ac8, thd=0x62c0000b0218) at /data/bld/11.4-asan/sql/item_subselect.cc:3986

#11 0x0000560a0536bdde in Item_subselect::fix_fields (this=0x62d000270880, thd_param=0x62c0000b0218, ref=0x62d00005aac8) at /data/bld/11.4-asan/sql/item_subselect.cc:298

#12 0x0000560a0538f468 in Item_in_subselect::fix_fields (this=0x62d000270880, thd_arg=0x62c0000b0218, ref=0x62d00005aac8) at /data/bld/11.4-asan/sql/item_subselect.cc:3625

#13 0x0000560a044ac53d in Item::fix_fields_if_needed (this=0x62d000270880, thd=0x62c0000b0218, ref=0x62d00005aac8) at /data/bld/11.4-asan/sql/item.h:1173

#14 0x0000560a044ac573 in Item::fix_fields_if_needed_for_scalar (this=0x62d000270880, thd=0x62c0000b0218, ref=0x62d00005aac8) at /data/bld/11.4-asan/sql/item.h:1182

#15 0x0000560a045dac23 in Item::fix_fields_if_needed_for_bool (this=0x62d000270880, thd=0x62c0000b0218, ref=0x62d00005aac8) at /data/bld/11.4-asan/sql/item.h:1186

#16 0x0000560a045d12ad in setup_conds (thd=0x62c0000b0218, tables=0x62d00026ea20, leaves=..., conds=0x62d00005aac8) at /data/bld/11.4-asan/sql/sql_base.cc:8896

#17 0x0000560a04858f9d in setup_without_group (thd=0x62c0000b0218, ref_pointer_array=..., tables=0x62d00026ea20, leaves=..., fields=..., all_fields=..., conds=0x62d00005aac8, order=0x0, group=0x0, win_specs=..., win_funcs=..., hidden_group_fields=0x62d00005a98f) at /data/bld/11.4-asan/sql/sql_select.cc:964

#18 0x0000560a04860e05 in JOIN::prepare (this=0x62d00005a638, tables_init=0x62d00026ea20, conds_init=0x62d000270880, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x62d00026cd60, unit_arg=0x62d00026c528) at /data/bld/11.4-asan/sql/sql_select.cc:1586

#19 0x0000560a04675f2e in Sql_cmd_delete::prepare_inner (this=0x62d000270b10, thd=0x62c0000b0218) at /data/bld/11.4-asan/sql/sql_delete.cc:1714

#20 0x0000560a04955c28 in Sql_cmd_dml::prepare (this=0x62d000270b10, thd=0x62c0000b0218) at /data/bld/11.4-asan/sql/sql_select.cc:34352

#21 0x0000560a04955ff6 in Sql_cmd_dml::execute (this=0x62d000270b10, thd=0x62c0000b0218) at /data/bld/11.4-asan/sql/sql_select.cc:34406

#22 0x0000560a0476b5b6 in mysql_execute_command (thd=0x62c0000b0218, is_called_from_prepared_stmt=true) at /data/bld/11.4-asan/sql/sql_parse.cc:4424

#23 0x0000560a04818452 in Prepared_statement::execute (this=0x61900005a098, expanded_query=0x7fe1ab000660, open_cursor=false) at /data/bld/11.4-asan/sql/sql_prepare.cc:5084

#24 0x0000560a04813459 in Prepared_statement::execute_loop (this=0x61900005a098, expanded_query=0x7fe1ab000660, open_cursor=false, packet=0x0, packet_end=0x0) at /data/bld/11.4-asan/sql/sql_prepare.cc:4469

#25 0x0000560a0480c8f1 in mysql_sql_stmt_execute (thd=0x62c0000b0218) at /data/bld/11.4-asan/sql/sql_prepare.cc:3494

#26 0x0000560a04768c3f in mysql_execute_command (thd=0x62c0000b0218, is_called_from_prepared_stmt=false) at /data/bld/11.4-asan/sql/sql_parse.cc:3991

#27 0x0000560a04783892 in mysql_parse (thd=0x62c0000b0218, rawbuf=0x62d00005a438 "EXECUTE stmt", length=12, parser_state=0x7fe1ab001a90) at /data/bld/11.4-asan/sql/sql_parse.cc:7907

#28 0x0000560a0475a8f6 in dispatch_command (command=COM_QUERY, thd=0x62c0000b0218, packet=0x629000253219 "EXECUTE stmt", packet_length=12, blocking=true) at /data/bld/11.4-asan/sql/sql_parse.cc:1904

#29 0x0000560a0475762e in do_command (thd=0x62c0000b0218, blocking=true) at /data/bld/11.4-asan/sql/sql_parse.cc:1417

#30 0x0000560a04c3d50b in do_handle_one_connection (connect=0x608000003b38, put_in_cache=true) at /data/bld/11.4-asan/sql/sql_connect.cc:1408

#31 0x0000560a04c3d06a in handle_one_connection (arg=0x608000003ab8) at /data/bld/11.4-asan/sql/sql_connect.cc:1320

#32 0x0000560a058accf8 in pfs_spawn_thread (arg=0x617000005b98) at /data/bld/11.4-asan/storage/perfschema/pfs.cc:2201

#33 0x00007fe1b58a81c4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442

#34 0x00007fe1b592885c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

CREATE TABLE t1 (a varchar(64)) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci;

CREATE TABLE t2 (b varchar(64)) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci ;

CREATE ALGORITHM=MERGE VIEW v AS select * from t2;

CREATE PROCEDURE sp() DELETE FROM t1 WHERE a IN (SELECT b FROM v);

--error ER_CANT_AGGREGATE_2COLLATIONS

CALL sp;

--error ER_CANT_AGGREGATE_2COLLATIONS

CALL sp;

DROP PROCEDURE sp;

DROP VIEW v;

DROP TABLE t1, t2;

==568505==ERROR: AddressSanitizer: heap-use-after-free on address 0x625000256338 at pc 0x55db9f236a38 bp 0x7f5f087c0e30 sp 0x7f5f087c0e28

READ of size 8 at 0x625000256338 thread T5

    #0 0x55db9f236a37 in base_list_iterator::next() /data/bld/11.4-asan/sql/sql_list.h:430

    #1 0x55db9f25c4ae in List_iterator<TABLE_LIST>::operator++(int) /data/bld/11.4-asan/sql/sql_list.h:594

    #2 0x55db9f96da96 in TABLE_LIST::reset_const_table() /data/bld/11.4-asan/sql/table.cc:9832

    #3 0x55db9f3ccb11 in setup_table_map(TABLE*, TABLE_LIST*, unsigned int) /data/bld/11.4-asan/sql/sql_base.h:357

    #4 0x55db9f3b9c71 in setup_tables(THD*, Name_resolution_context*, List<TABLE_LIST>*, TABLE_LIST*, List<TABLE_LIST>&, bool, bool) /data/bld/11.4-asan/sql/sql_base.cc:8317

    #5 0x55db9f3baba9 in setup_tables_and_check_access(THD*, Name_resolution_context*, List<TABLE_LIST>*, TABLE_LIST*, List<TABLE_LIST>&, bool, privilege_t, privilege_t, bool) /data/bld/11.4-asan/sql/sql_base.cc:8438

    #6 0x55db9f64c64f in JOIN::prepare(TABLE_LIST*, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /data/bld/11.4-asan/sql/sql_select.cc:1477

    #7 0x55dba017f99f in subselect_single_select_engine::prepare(THD*) /data/bld/11.4-asan/sql/item_subselect.cc:3986

    #8 0x55dba0158ddd in Item_subselect::fix_fields(THD*, Item**) /data/bld/11.4-asan/sql/item_subselect.cc:298

    #9 0x55dba017c467 in Item_in_subselect::fix_fields(THD*, Item**) /data/bld/11.4-asan/sql/item_subselect.cc:3625

    #10 0x55db9f29953c in Item::fix_fields_if_needed(THD*, Item**) /data/bld/11.4-asan/sql/item.h:1173

    #11 0x55db9f299572 in Item::fix_fields_if_needed_for_scalar(THD*, Item**) /data/bld/11.4-asan/sql/item.h:1182

    #12 0x55db9f3c7c22 in Item::fix_fields_if_needed_for_bool(THD*, Item**) /data/bld/11.4-asan/sql/item.h:1186

    #13 0x55db9f3be2ac in setup_conds(THD*, TABLE_LIST*, List<TABLE_LIST>&, Item**) /data/bld/11.4-asan/sql/sql_base.cc:8896

    #14 0x55db9f645f9c in setup_without_group /data/bld/11.4-asan/sql/sql_select.cc:964

    #15 0x55db9f64de04 in JOIN::prepare(TABLE_LIST*, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /data/bld/11.4-asan/sql/sql_select.cc:1586

    #16 0x55db9f462f2d in Sql_cmd_delete::prepare_inner(THD*) /data/bld/11.4-asan/sql/sql_delete.cc:1714

    #17 0x55db9f742c27 in Sql_cmd_dml::prepare(THD*) /data/bld/11.4-asan/sql/sql_select.cc:34352

    #18 0x55db9f742ff5 in Sql_cmd_dml::execute(THD*) /data/bld/11.4-asan/sql/sql_select.cc:34406

    #19 0x55db9f5585b5 in mysql_execute_command(THD*, bool) /data/bld/11.4-asan/sql/sql_parse.cc:4424

    #20 0x55db9fc3439c in sp_instr_stmt::exec_core(THD*, unsigned int*) /data/bld/11.4-asan/sql/sp_instr.cc:1074

    #21 0x55db9fc2fdd8 in sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*, bool) /data/bld/11.4-asan/sql/sp_instr.cc:297

    #22 0x55db9fc30fcc in sp_lex_keeper::validate_lex_and_exec_core(THD*, unsigned int*, bool, sp_lex_instr*) /data/bld/11.4-asan/sql/sp_instr.cc:476

    #23 0x55db9fc33b15 in sp_instr_stmt::execute(THD*, unsigned int*) /data/bld/11.4-asan/sql/sp_instr.cc:977

    #24 0x55db9f2e26cf in sp_head::execute(THD*, bool) /data/bld/11.4-asan/sql/sp_head.cc:1286

    #25 0x55db9f2e8987 in sp_head::execute_procedure(THD*, List<Item>*) /data/bld/11.4-asan/sql/sp_head.cc:2302

    #26 0x55db9f54ec22 in do_execute_sp /data/bld/11.4-asan/sql/sql_parse.cc:3082

    #27 0x55db9f550835 in Sql_cmd_call::execute(THD*) /data/bld/11.4-asan/sql/sql_parse.cc:3305

    #28 0x55db9f563714 in mysql_execute_command(THD*, bool) /data/bld/11.4-asan/sql/sql_parse.cc:5878

    #29 0x55db9f570891 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/bld/11.4-asan/sql/sql_parse.cc:7907

    #30 0x55db9f5478f5 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/bld/11.4-asan/sql/sql_parse.cc:1904

    #31 0x55db9f54462d in do_command(THD*, bool) /data/bld/11.4-asan/sql/sql_parse.cc:1417

    #32 0x55db9fa2a50a in do_handle_one_connection(CONNECT*, bool) /data/bld/11.4-asan/sql/sql_connect.cc:1408

    #33 0x55db9fa2a069 in handle_one_connection /data/bld/11.4-asan/sql/sql_connect.cc:1320

    #34 0x55dba0699cf7 in pfs_spawn_thread /data/bld/11.4-asan/storage/perfschema/pfs.cc:2201

    #35 0x7f5f132a81c3 in start_thread nptl/pthread_create.c:442

    #36 0x7f5f1332885b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

0x625000256338 is located 2616 bytes inside of 8184-byte region [0x625000255900,0x6250002578f8)

freed by thread T5 here:

    #0 0x7f5f13cb76a8 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:52

    #1 0x55dba143b244 in my_free /data/bld/11.4-asan/mysys/my_malloc.c:221

    #2 0x55dba140d551 in root_free /data/bld/11.4-asan/mysys/my_alloc.c:77

    #3 0x55dba140ffbc in free_root /data/bld/11.4-asan/mysys/my_alloc.c:517

    #4 0x55db9f2e2e1c in sp_head::execute(THD*, bool) /data/bld/11.4-asan/sql/sp_head.cc:1380

    #5 0x55db9f2e8987 in sp_head::execute_procedure(THD*, List<Item>*) /data/bld/11.4-asan/sql/sp_head.cc:2302

    #6 0x55db9f54ec22 in do_execute_sp /data/bld/11.4-asan/sql/sql_parse.cc:3082

    #7 0x55db9f550835 in Sql_cmd_call::execute(THD*) /data/bld/11.4-asan/sql/sql_parse.cc:3305

    #8 0x55db9f563714 in mysql_execute_command(THD*, bool) /data/bld/11.4-asan/sql/sql_parse.cc:5878

    #9 0x55db9f570891 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/bld/11.4-asan/sql/sql_parse.cc:7907

    #10 0x55db9f5478f5 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/bld/11.4-asan/sql/sql_parse.cc:1904

    #11 0x55db9f54462d in do_command(THD*, bool) /data/bld/11.4-asan/sql/sql_parse.cc:1417

    #12 0x55db9fa2a50a in do_handle_one_connection(CONNECT*, bool) /data/bld/11.4-asan/sql/sql_connect.cc:1408

    #13 0x55db9fa2a069 in handle_one_connection /data/bld/11.4-asan/sql/sql_connect.cc:1320

    #14 0x55dba0699cf7 in pfs_spawn_thread /data/bld/11.4-asan/storage/perfschema/pfs.cc:2201

    #15 0x7f5f132a81c3 in start_thread nptl/pthread_create.c:442

previously allocated by thread T5 here:

    #0 0x7f5f13cb89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69

    #1 0x55dba143a375 in my_malloc /data/bld/11.4-asan/mysys/my_malloc.c:93

    #2 0x55dba140d4cd in root_alloc /data/bld/11.4-asan/mysys/my_alloc.c:66

    #3 0x55dba140ee01 in alloc_root /data/bld/11.4-asan/mysys/my_alloc.c:335

    #4 0x55db9f58205c in Query_arena::memdup_w_gap(void const*, unsigned long, unsigned long) const /data/bld/11.4-asan/sql/sql_class.h:1283

    #5 0x55db9f54ce54 in alloc_query(THD*, char const*, unsigned long) /data/bld/11.4-asan/sql/sql_parse.cc:2773

    #6 0x55db9fc339e4 in sp_instr_stmt::execute(THD*, unsigned int*) /data/bld/11.4-asan/sql/sp_instr.cc:964

    #7 0x55db9f2e26cf in sp_head::execute(THD*, bool) /data/bld/11.4-asan/sql/sp_head.cc:1286

    #8 0x55db9f2e8987 in sp_head::execute_procedure(THD*, List<Item>*) /data/bld/11.4-asan/sql/sp_head.cc:2302

    #9 0x55db9f54ec22 in do_execute_sp /data/bld/11.4-asan/sql/sql_parse.cc:3082

    #10 0x55db9f550835 in Sql_cmd_call::execute(THD*) /data/bld/11.4-asan/sql/sql_parse.cc:3305

    #11 0x55db9f563714 in mysql_execute_command(THD*, bool) /data/bld/11.4-asan/sql/sql_parse.cc:5878

    #12 0x55db9f570891 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/bld/11.4-asan/sql/sql_parse.cc:7907

    #13 0x55db9f5478f5 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/bld/11.4-asan/sql/sql_parse.cc:1904

    #14 0x55db9f54462d in do_command(THD*, bool) /data/bld/11.4-asan/sql/sql_parse.cc:1417

    #15 0x55db9fa2a50a in do_handle_one_connection(CONNECT*, bool) /data/bld/11.4-asan/sql/sql_connect.cc:1408

    #16 0x55db9fa2a069 in handle_one_connection /data/bld/11.4-asan/sql/sql_connect.cc:1320

    #17 0x55dba0699cf7 in pfs_spawn_thread /data/bld/11.4-asan/storage/perfschema/pfs.cc:2201

    #18 0x7f5f132a81c3 in start_thread nptl/pthread_create.c:442

Thread T5 created by T0 here:

    #0 0x7f5f13c49726 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:207

    #1 0x55dba0695a32 in my_thread_create /data/bld/11.4-asan/storage/perfschema/my_thread.h:52

    #2 0x55dba069a0e6 in pfs_spawn_thread_v1 /data/bld/11.4-asan/storage/perfschema/pfs.cc:2252

    #3 0x55db9f170950 in inline_mysql_thread_create /data/bld/11.4-asan/include/mysql/psi/mysql_thread.h:1139

    #4 0x55db9f18873d in create_thread_to_handle_connection(CONNECT*) /data/bld/11.4-asan/sql/mysqld.cc:6168

    #5 0x55db9f188d62 in create_new_thread(CONNECT*) /data/bld/11.4-asan/sql/mysqld.cc:6230

    #6 0x55db9f18904d in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/bld/11.4-asan/sql/mysqld.cc:6292

    #7 0x55db9f189cd5 in handle_connections_sockets() /data/bld/11.4-asan/sql/mysqld.cc:6404

    #8 0x55db9f1868e8 in run_main_loop /data/bld/11.4-asan/sql/mysqld.cc:5647

    #9 0x55db9f18800c in mysqld_main(int, char**) /data/bld/11.4-asan/sql/mysqld.cc:6069

    #10 0x55db9f16fc18 in main /data/bld/11.4-asan/sql/main.cc:34

    #11 0x7f5f13246249 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

SUMMARY: AddressSanitizer: heap-use-after-free /data/bld/11.4-asan/sql/sql_list.h:430 in base_list_iterator::next()

Shadow bytes around the buggy address:

  0x0c4a80042c10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c4a80042c20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c4a80042c30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c4a80042c40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c4a80042c50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

=>0x0c4a80042c60: fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd

  0x0c4a80042c70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c4a80042c80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c4a80042c90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c4a80042ca0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c4a80042cb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

Shadow byte legend (one shadow byte represents 8 application bytes):

  Addressable:           00

  Partially addressable: 01 02 03 04 05 06 07 

  Heap left redzone:       fa

  Freed heap region:       fd

  Stack left redzone:      f1

  Stack mid redzone:       f2

  Stack right redzone:     f3

  Stack after return:      f5

  Stack use after scope:   f8

  Global redzone:          f9

  Global init order:       f6

  Poisoned by user:        f7

  Container overflow:      fc

  Array cookie:            ac

  Intra object redzone:    bb

  ASan internal:           fe

  Left alloca redzone:     ca

  Right alloca redzone:    cb

==568505==ABORTING

250424 12:00:03 [ERROR] /share8t/bld/11.4-asan/sql/mariadbd got signal 6 ;

Sorry, we probably made a mistake, and this is a bug.

Your assistance in bug reporting will enable us to fix this for the next release.

To report this bug, see https://mariadb.com/kb/en/reporting-bugs about how to report

a bug on https://jira.mariadb.org/.

Please include the information from the server start above, to the end of the

information below.

Server version: 11.4.6-MariaDB-debug-log source revision: 820114bd2515759224f925528c8201e6155334fb

The information page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mariadbd/

contains instructions to obtain a better version of the backtrace below.

Following these instructions will help MariaDB developers provide a fix quicker.

Attempting backtrace. Include this in the bug report.

(note: Retrieving this information may fail)

Thread pointer: 0x62c0000b0218

stack_bottom = 0x7f5f087c8000 thread_stack 0xb00000

sanitizer_common/sanitizer_common_interceptors.inc:4277(__interceptor_backtrace.part.0)[0x7f5f13c51f31]

mysys/stacktrace.c:215(my_print_stacktrace)[0x55dba144b3a4]

sql/signal_handler.cc:230(handle_fatal_signal)[0x55db9febcf8a]

libc_sigaction.c:0(__restore_rt)[0x7f5f1325b050]

nptl/pthread_kill.c:44(__pthread_kill_implementation)[0x7f5f132a9ebc]

posix/raise.c:27(__GI_raise)[0x7f5f1325afb2]

stdlib/abort.c:81(__GI_abort)[0x7f5f13245472]

sanitizer_common/sanitizer_posix_libcdep.cpp:137(__sanitizer::Abort())[0x7f5f13cd650f]

sanitizer_common/sanitizer_termination.cpp:59(__sanitizer::Die())[0x7f5f13ce2ba1]

asan/asan_report.cpp:190(__asan::ScopedInErrorReport::~ScopedInErrorReport())[0x7f5f13cc1f5e]

asan/asan_report.cpp:479(__asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool))[0x7f5f13cc14c6]

asan/asan_rtl.cpp:123(__asan_report_load8)[0x7f5f13cc25ac]

sql/sql_list.h:430(base_list_iterator::next())[0x55db9f236a38]

sql/sql_list.h:594(List_iterator<TABLE_LIST>::operator++(int))[0x55db9f25c4af]

sql/table.cc:9832(TABLE_LIST::reset_const_table())[0x55db9f96da97]

sql/sql_base.h:358(setup_table_map(TABLE*, TABLE_LIST*, unsigned int))[0x55db9f3ccb12]

sql/sql_base.cc:8319(setup_tables(THD*, Name_resolution_context*, List<TABLE_LIST>*, TABLE_LIST*, List<TABLE_LIST>&, bool, bool))[0x55db9f3b9c72]

sql/sql_base.cc:8438(setup_tables_and_check_access(THD*, Name_resolution_context*, List<TABLE_LIST>*, TABLE_LIST*, List<TABLE_LIST>&, bool, privilege_t, privilege_t, bool))[0x55db9f3babaa]

sql/sql_select.cc:1477(JOIN::prepare(TABLE_LIST*, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*))[0x55db9f64c650]

sql/item_subselect.cc:3986(subselect_single_select_engine::prepare(THD*))[0x55dba017f9a0]

sql/item_subselect.cc:298(Item_subselect::fix_fields(THD*, Item**))[0x55dba0158dde]

sql/item_subselect.cc:3625(Item_in_subselect::fix_fields(THD*, Item**))[0x55dba017c468]

sql/item.h:1173(Item::fix_fields_if_needed(THD*, Item**))[0x55db9f29953d]

sql/item.h:1182(Item::fix_fields_if_needed_for_scalar(THD*, Item**))[0x55db9f299573]

sql/item.h:1187(Item::fix_fields_if_needed_for_bool(THD*, Item**))[0x55db9f3c7c23]

sql/sql_base.cc:8896(setup_conds(THD*, TABLE_LIST*, List<TABLE_LIST>&, Item**))[0x55db9f3be2ad]

sql/sql_select.cc:964(setup_without_group(THD*, Bounds_checked_array<Item*>, TABLE_LIST*, List<TABLE_LIST>&, List<Item>&, List<Item>&, Item**, st_order*, st_order*, List<Window_spec>&, List<Item_window_func>&, bool*))[0x55db9f645f9d]

sql/sql_select.cc:1586(JOIN::prepare(TABLE_LIST*, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*))[0x55db9f64de05]

sql/sql_delete.cc:1714(Sql_cmd_delete::prepare_inner(THD*))[0x55db9f462f2e]

sql/sql_select.cc:34352(Sql_cmd_dml::prepare(THD*))[0x55db9f742c28]

sql/sql_select.cc:34406(Sql_cmd_dml::execute(THD*))[0x55db9f742ff6]

sql/sql_parse.cc:4424(mysql_execute_command(THD*, bool))[0x55db9f5585b6]

sql/sp_instr.cc:1074(sp_instr_stmt::exec_core(THD*, unsigned int*))[0x55db9fc3439d]

sql/sp_instr.cc:297(sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*, bool))[0x55db9fc2fdd9]

sql/sp_instr.cc:477(sp_lex_keeper::validate_lex_and_exec_core(THD*, unsigned int*, bool, sp_lex_instr*))[0x55db9fc30fcd]

sql/sp_instr.cc:977(sp_instr_stmt::execute(THD*, unsigned int*))[0x55db9fc33b16]

sql/sp_head.cc:1286(sp_head::execute(THD*, bool))[0x55db9f2e26d0]

sql/sp_head.cc:2302(sp_head::execute_procedure(THD*, List<Item>*))[0x55db9f2e8988]

sql/sql_parse.cc:3082(do_execute_sp(THD*, sp_head*))[0x55db9f54ec23]

sql/sql_parse.cc:3305(Sql_cmd_call::execute(THD*))[0x55db9f550836]

sql/sql_parse.cc:5878(mysql_execute_command(THD*, bool))[0x55db9f563715]

sql/sql_parse.cc:7907(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x55db9f570892]

sql/sql_parse.cc:1906(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x55db9f5478f6]

sql/sql_parse.cc:1417(do_command(THD*, bool))[0x55db9f54462e]

sql/sql_connect.cc:1408(do_handle_one_connection(CONNECT*, bool))[0x55db9fa2a50b]

sql/sql_connect.cc:1322(handle_one_connection)[0x55db9fa2a06a]

perfschema/pfs.cc:2203(pfs_spawn_thread)[0x55dba0699cf8]

nptl/pthread_create.c:442(start_thread)[0x7f5f132a81c4]

x86_64/clone3.S:83(clone3)[0x7f5f1332885c]

Connection ID (thread ID): 4

Status: NOT_KILLED

Query (0x62500026e938): DELETE FROM t1 WHERE a IN (SELECT b FROM v)

Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on,cset_narrowing=off,sargable_casefold=on

Writing a core file...

Working directory at /dev/shm/var_auto_Zxm_/mysqld.1/data

Resource Limits (excludes unlimited resources):

Limit                     Soft Limit           Hard Limit           Units     

Max stack size            8388608              unlimited            bytes     

Max processes             514196               514196               processes 

Max open files            65536                65536                files     

Max locked memory         16854077440          16854077440          bytes     

Max pending signals       514196               514196               signals   

Max msgqueue size         819200               819200               bytes     

Max nice priority         0                    0                    

Max realtime priority     0                    0                    

Core pattern: core

Kernel version: Linux version 6.1.0-27-amd64 (debian-kernel@lists.debian.org) (gcc-12 (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP PREEMPT_DYNAMIC Debian 6.1.115-1 (2024-11-01)

commit 554278e24dbc2c0af9fcfd66c54ca6a99a3cf17f

Author: Igor Babaev

Date:   Mon Jan 9 22:39:39 2023 -0800

    MDEV-7487 Semi-join optimization for single-table update/delete statements

commit edd52b7fc7d6500fd6fcf377c54c8dc2ed365061

Author: Dave Gosselin

Date:   Wed Feb 5 10:41:11 2025 -0500

    MDEV-30469 Feature rebase