Server crash in make_select() when CALL procedure with DECLARE variable DEFAULT subquery

DROP PROCEDURE IF EXISTS p_lvl1_394805;

DROP TABLE IF EXISTS t1;

CREATE TABLE t1(a INT);

DELIMITER //

CREATE PROCEDURE p_lvl1_394805()

BEGIN

  DECLARE v INT DEFAULT (SELECT * FROM t1);

  SET v = DEFAULT;

END//

DELIMITER ;

CALL p_lvl1_394805();

Version: '13.1.0-MariaDB-asan-log'  socket: '/root/mariadb-asan/run/mysql.sock'  port: 3401  Source distribution

260610 11:38:02 [ERROR] /root/mariadb-asan/install/bin/mariadbd got signal 11 ;

Sorry, we probably made a mistake, and this is a bug.

Your assistance in bug reporting will enable us to fix this for the next release.

To report this bug, see https://mariadb.com/kb/en/reporting-bugs about how to report

a bug on https://jira.mariadb.org/.

Please include the information from the server start above, to the end of the

information below.

Server version: 13.1.0-MariaDB-asan-log source revision: f40ea8f4e6084dcda6ae621928e4e966f54348f6

The information page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mariadbd/

contains instructions to obtain a better version of the backtrace below.

Following these instructions will help MariaDB developers provide a fix quicker.

Attempting backtrace. Include this in the bug report.

(note: Retrieving this information may fail)

Thread pointer: 0x52b0000fc220

stack_bottom = 0x77991bcdc000 thread_stack 0xb00000

asan_interceptors.cpp.o:0(___interceptor_backtrace.part.0)[0x5584ceba62aa]

mysys/stacktrace.c:215(my_print_stacktrace)[0x5584d07ea68a]

sql/signal_handler.cc:0(handle_fatal_signal)[0x5584cf7ed5d5]

/lib64/libc.so.6(+0x18f30)[0x7f9935624f30]

sql/opt_range.cc:1221(make_select(TABLE*, unsigned long long, unsigned long long, Item*, SORT_INFO*, bool, int*))[0x5584cecc0779]

sql/sql_select.cc:2903(JOIN::optimize_stage2())[0x5584cf0be537]

sql/sql_select.cc:2789(JOIN::optimize_inner())[0x5584cf0bb990]

sql/sql_select.cc:2018(JOIN::optimize())[0x5584cf0b818f]

sql/item_subselect.cc:4117(subselect_single_select_engine::exec())[0x5584cfafd63e]

sql/item_subselect.cc:818(Item_subselect::exec())[0x5584cfade62e]

sql/item_subselect.cc:1481(Item_singlerow_subselect::val_int())[0x5584cfae3bc9]

sql/item.cc:7329(Item::save_int_in_field(Field*, bool))[0x5584cf86b218]

sql/item.cc:7349(Item::save_in_field(Field*, bool))[0x5584cf86b579]

sql/sql_class.h:5195(THD::is_error() const)[0x5584cf750f67]

sql/sql_class.h:8570(Sp_eval_expr_state::stop())[0x5584cedbfac3]

sql/sp_rcontext.cc:676(sp_rcontext::set_variable(THD*, unsigned int, Item**))[0x5584cedea603]

sql/sp_instr.cc:1315(sp_instr_set::exec_core(THD*, unsigned int*))[0x5584cf583bb5]

sql/sp_instr.cc:0(sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*, bool))[0x5584cf57ceae]

sql/sp_instr.cc:602(sp_lex_keeper::validate_lex_and_exec_core(THD*, unsigned int*, bool, sp_lex_instr*))[0x5584cf57e59c]

sql/sp_head.cc:1300(sp_head::execute(THD*, bool))[0x5584cedc6315]

sql/sp_head.cc:2329(sp_head::execute_procedure(THD*, List<Item>*))[0x5584cedca5d9]

sql/sql_parse.cc:3086(do_execute_sp(THD*, sp_head*))[0x5584cefea4b0]

sql/sql_parse.cc:3322(Sql_cmd_call::execute(THD*))[0x5584cefe9cba]

sql/sql_parse.cc:0(mysql_execute_command(THD*, bool))[0x5584cefed6db]

sql/sql_parse.cc:7946(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x5584cefe37dc]

sql/sql_parse.cc:0(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x5584cefdd835]

sql/sql_parse.cc:1437(do_command(THD*, bool))[0x5584cefe4456]

sql/sql_connect.cc:1503(do_handle_one_connection(CONNECT*, bool))[0x5584cf3da57d]

sql/sql_connect.cc:1419(handle_one_connection)[0x5584cf3da0f8]

perfschema/pfs.cc:2200(pfs_spawn_thread)[0x5584d002672c]

asan_interceptors.cpp.o:0(asan_thread_start(void*))[0x5584ceb7a131]

/lib64/libc.so.6(+0x69277)[0x7f9935675277]

/lib64/libc.so.6(+0xf083c)[0x7f99356fc83c]

Connection ID (thread ID): 5

Status: NOT_KILLED

Query (0x52d000104448): CALL p_lvl1_394805()

Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,duplicateweedout=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on,cset_narrowing=on,sargable_casefold=on,reorder_outer_joins=off

Writing a core file...

Working directory at /root/mariadb-asan/data

Resource Limits (excludes unlimited resources):

Limit                     Soft Limit           Hard Limit           Units     

Max stack size            8388608              unlimited            bytes     

Max core file size        0                    0                    bytes     

Max processes             125162               125162               processes 

Max open files            524288               524288               files     

Max locked memory         8388608              8388608              bytes     

Max pending signals       125162               125162               signals   

Max msgqueue size         819200               819200               bytes     

Max nice priority         0                    0                    

Max realtime priority     0                    0                    

Core pattern: |/bin/false

Kernel version: Linux version 6.6.98-40.6.tl4.x86_64 (mockbuild@VM-81-80-TS3)