SIGABRT in _int_free from delete_dynamic/Dynamic_array<Explain_select*>::~Dynamic_array, SIGSEGV's in set_dynamic and __memset_evex_unaligned_erms

SET @@log_slow_verbosity=1;

CREATE TEMPORARY TABLE t (c INT) ENGINE=InnoDB;

INSERT INTO t VALUES(1);

SHOW TABLES;

# Repeat the following till a crash is seen

UPDATE t SET c=1;#aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

SELECT * FROM t ORDER BY c;#aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

SHOW TRIGGERS;

SET SESSION log_slow_verbosity='engine';

SET NAMES character_set_connection=ucs;

# Repeat the following till a crash is seen

CREATE TEMPORARY TABLE t (c INT) ENGINE=InnoDB;

UPDATE t SET c=0 WHERE c>0;#AAAAAAA;

SELECT hex(c),hex(c),c FROM t ORDER BY c;#AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA;

DROP TABLE t;

Core was generated by `/test/MD041025-mariadb-11.4.9-linux-x86_64-opt/bin/mariadbd --no-defaults --max'.

Program terminated with signal SIGABRT, Aborted.

#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44

[Current thread is 1 (LWP 3100230)]

(gdb) bt

#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44

#1  __pthread_kill_internal (signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:78

#2  __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6)at ./nptl/pthread_kill.c:89

#3  0x00007ae8e664526e in __GI_raise (sig=sig@entry=6)at ../sysdeps/posix/raise.c:26

#4  0x00007ae8e66288ff in __GI_abort () at ./stdlib/abort.c:79

#5  0x00007ae8e66297b6 in __libc_message_impl (fmt=fmt@entry=0x7ae8e67ce8d7 "%s\n") at ../sysdeps/posix/libc_fatal.c:132

#6  0x00007ae8e66a8fe5 in malloc_printerr (str=str@entry=0x7ae8e67cc672 "free(): invalid pointer")at ./malloc/malloc.c:5772

#7  0x00007ae8e66ab37c in _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at ./malloc/malloc.c:4507

#8  0x00007ae8e66add9e in __GI___libc_free (mem=0x7ae7b80192d0)at ./malloc/malloc.c:3398

#9  0x00005c3f2f3a603f in delete_dynamic (array=0x7ae7b80191f8)at /test/11.4_opt/mysys/array.c:345

#10 0x00005c3f2ef89a1b in Dynamic_array<Explain_select*>::~Dynamic_array (this=0x7ae7b80191f8) at /test/11.4_opt/sql/sql_array.h:299

#11 Explain_query::~Explain_query (this=0x7ae7b80191a8)at /test/11.4_opt/sql/sql_explain.cc:84

#12 0x00005c3f2ef9400a in delete_explain_query (lex=0x7ae7b8004e68)at /test/11.4_opt/sql/sql_explain.cc:2910

#13 0x00005c3f2ee052d1 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7ae7b8000c68, packet=<optimized out>, packet@entry=0x7ae7b8008779 "", packet_length=packet_length@entry=86, blocking=<optimized out>) at /test/11.4_opt/sql/sql_parse.cc:2476

#14 0x00005c3f2ee06491 in do_command (thd=thd@entry=0x7ae7b8000c68, blocking=true) at /test/11.4_opt/sql/sql_parse.cc:1418

#15 0x00005c3f2ef511bd in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5c3f30b4bf78, put_in_cache=true)at /test/11.4_opt/sql/sql_connect.cc:1497

#16 0x00005c3f2ef50f83 in handle_one_connection (arg=arg@entry=0x5c3f30b4bf78)at /test/11.4_opt/sql/sql_connect.cc:1409

#17 0x00005c3f2f10106e in pfs_spawn_thread (arg=0x5c3f30b75688)at /test/11.4_opt/storage/perfschema/pfs.cc:2201

#18 0x00007ae8e669ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447

#19 0x00007ae8e6729c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

Core was generated by `/test/MD041025-mariadb-11.4.9-linux-x86_64-opt/bin/mariadbd --no-defaults --max'.

Program terminated with signal SIGSEGV, Segmentation fault.

#0  __memset_evex_unaligned_erms ()at ../sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S:228

[Current thread is 1 (LWP 2224050)]

(gdb) bt

#0  __memset_evex_unaligned_erms ()at ../sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S:228

#1  0x00005ab384ce0ef5 in memset (__dest=0x7612b0248000, __ch=0, __len=129822634381944)at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:59

#2  set_dynamic (array=0x7612b0019188, element=0x7613dcce0850, idx=1)at /test/11.4_opt/mysys/array.c:244

#3  0x00005ab3848c4b44 in Dynamic_array<Explain_select*>::resize (this=0x7612b0019188, new_size=<optimized out>, default_val=0x0)at /test/11.4_opt/sql/sql_array.h:288

#4  Explain_query::add_node (this=0x7612b0019138, node=0x7612b001b4a8)at /test/11.4_opt/sql/sql_explain.cc:137

#5  0x00005ab38479ab99 in JOIN::save_explain_data_intern (this=this@entry=0x7612b0018b48, output=0x7612b0019138, need_tmp_table_arg=<optimized out>, need_order_arg=<optimized out>, distinct_arg=<optimized out>, message=<optimized out>)at /test/11.4_opt/sql/sql_select.cc:31248

#6  0x00005ab38478742a in JOIN::save_explain_data (this=this@entry=0x7612b0018b48, output=<optimized out>, can_overwrite=<optimized out>, need_tmp_table=<optimized out>, need_order=<optimized out>, distinct=<optimized out>)at /test/11.4_opt/sql/sql_select.cc:4813

#7  0x00005ab384787115 in JOIN::build_explain (this=this@entry=0x7612b0018b48)at /test/11.4_opt/sql/sql_select.cc:1956

#8  0x00005ab3847874e0 in JOIN::optimize (this=this@entry=0x7612b0018b48)at /test/11.4_opt/sql/sql_select.cc:2025

#9  0x00005ab384781272 in mysql_select (thd=thd@entry=0x7612b0000c68, tables=<optimized out>, fields=@0x7612b00175b0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7612b00178e0, last = 0x7612b00178e0, elements = 1}, <No data fields>}, conds=<optimized out>, og_num=<optimized out>, order=<optimized out>, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x7612b0018b20, unit=0x7612b0004f48, select_lex=0x7612b00172f8)at /test/11.4_opt/sql/sql_select.cc:5366

#10 0x00005ab384781129 in handle_select (thd=thd@entry=0x7612b0000c68, lex=lex@entry=0x7612b0004e68, result=result@entry=0x7612b0018b20, setup_tables_done_option=setup_tables_done_option@entry=0)at /test/11.4_opt/sql/sql_select.cc:642

#11 0x00005ab38474a676 in execute_sqlcom_select (thd=thd@entry=0x7612b0000c68, all_tables=0x7612b0017930) at /test/11.4_opt/sql/sql_parse.cc:6184

#12 0x00005ab384748b9f in mysql_execute_command (thd=thd@entry=0x7612b0000c68, is_called_from_prepared_stmt=false) at /test/11.4_opt/sql/sql_parse.cc:3971

#13 0x00005ab384741014 in mysql_parse (thd=thd@entry=0x7612b0000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7613dcce1490)at /test/11.4_opt/sql/sql_parse.cc:7899

#14 0x00005ab38473f6f7 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7612b0000c68, packet=packet@entry=0x7612b0008779 "SELECT * FROM t ORDER BY c", packet_length=packet_length@entry=26, blocking=true)at /test/11.4_opt/sql/sql_parse.cc:1905

#15 0x00005ab384741491 in do_command (thd=thd@entry=0x7612b0000c68, blocking=true) at /test/11.4_opt/sql/sql_parse.cc:1418

#16 0x00005ab38488c1bd in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5ab386233db8, put_in_cache=true)at /test/11.4_opt/sql/sql_connect.cc:1497

#17 0x00005ab38488bf83 in handle_one_connection (arg=arg@entry=0x5ab386233db8)at /test/11.4_opt/sql/sql_connect.cc:1409

#18 0x00005ab384a3c06e in pfs_spawn_thread (arg=0x5ab38625da48)at /test/11.4_opt/storage/perfschema/pfs.cc:2201

#19 0x00007613df09ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447

#20 0x00007613df129c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78