[#MDEV-28505] Server crash in sql/sql_select.cc:19830 in sub_select(JOIN*, st_join

SELECT ( v1466 = ( SELECT v1466 FROM v1465 WHERE ( v1466 , v1466 ) NOT IN ( SELECT 'x' * v1466 * 40 , 'x' FROM v1465 ) ) * 67 + -1 ^ 57 IN ( -128 , 127 , 65 , 10 , 'x' / v1466 = v1466 + CASE v1466 WHEN TRUE THEN 0 ELSE 21 END OR v1466 = v1466 OR v1466 = v1466 ) ) , 'x' / 24141874.000000 IS NOT NULL AS v1467 FROM v1465 WINDOW v1482 AS ( PARTITION BY v1466 ORDER BY ( SELECT DISTINCT -1 FROM ( SELECT v1466 FROM v1465 WHERE ( v1466 , v1466 ) NOT IN ( SELECT ( 'x' = ( v1466 IN ( SELECT v1466 FROM v1465 WHERE v1466 = CASE WHEN v1466 ^ ( SELECT 64 FROM v1465 AS v1468 WHERE v1466 BETWEEN 41099251.000000 AND 0 GROUP BY ( TRUE , v1466 ) NOT IN ( SELECT v1466 , ( SELECT v1466 FROM ( WITH v1470 AS ( SELECT v1466 FROM ( SELECT NOT v1466 <= 'x' , v1466 FROM v1465 GROUP BY v1466 ) AS v1469 ) SELECT DISTINCT v1466 , ( NOT ( ( 25367008.000000 ^ 51425443.000000 AND ( v1466 NOT IN ( NOT ( NOT ( 'x' = TRUE AND v1466 = -128 ) ) ) AND ( v1466 , v1466 ) NOT IN ( SELECT ( - 17370811.000000 ) , 0 FROM v1465 ) ) = 29 ) * NULL ) ) FROM v1465 ) AS v1471 NATURAL JOIN v1465 WHERE v1466 = v1466 ) AS v1472 FROM v1465 ) , v1466 WINDOW v1483 AS ( PARTITION BY v1466 ORDER BY ( SELECT DISTINCT 14 FROM v1465 AS v1479 , v1465 AS v1480 , v1465 AS v1481 JOIN v1465 ) DESC RANGE BETWEEN 5477605.000000 FOLLOWING AND 95193843.000000 FOLLOWING ) ) ^ v1466 THEN 'x' ELSE v1466 END / 8 ) ) ) , 'x' FROM v1465 ) ORDER BY v1466 + v1466 , v1466 + v1466 LIMIT 1 OFFSET 1 ) AS v1477 NATURAL JOIN v1465 AS v1478 ) DESC RANGE BETWEEN 46546708.000000 FOLLOWING AND 77715920.000000 FOLLOWING ) ;

10.9.0 0b14dbd45b5a1c02616d611876158d44b92b77bf (Optimized)

Core was generated by `/test/MD030522-mariadb-10.9.0-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.

Program terminated with signal SIGSEGV, Segmentation fault.

#0  0x000055ae9a0f2be3 in sub_select (join=0x14935008b220,

    join_tab=0x1493500b9b70, end_of_records=false)

    at /test/10.9_opt/sql/sql_select.cc:21066

21066	    join_tab->table->null_row=0;

[Current thread is 1 (Thread 0x14939409b700 (LWP 817942))]

(gdb) bt

#0  0x000055ae9a0f2be3 in sub_select (join=0x14935008b220, join_tab=0x1493500b9b70, end_of_records=false) at /test/10.9_opt/sql/sql_select.cc:21066

#1  0x000055ae9a11f241 in do_select (procedure=<optimized out>, join=0x14935008b220) at /test/10.9_opt/sql/sql_select.cc:20671

#2  JOIN::exec_inner (this=0x14935008b220) at /test/10.9_opt/sql/sql_select.cc:4778

#3  0x000055ae9a11f608 in JOIN::exec (this=0x14935008b220) at /test/10.9_opt/sql/sql_select.cc:4556

#4  0x000055ae9a3be6d1 in subselect_single_select_engine::exec (this=0x14935005ee80) at /test/10.9_opt/sql/item_subselect.cc:4126

#5  0x000055ae9a3bdaec in Item_subselect::exec (this=0x14935005ebb0) at /test/10.9_opt/sql/item_subselect.cc:853

#6  0x000055ae9a3bdeb4 in Item_in_subselect::val_bool (this=0x14935005ebb0) at /test/10.9_opt/sql/item_subselect.cc:1971

#7  0x000055ae9a329bbd in Item::val_bool_result (this=0x14935005ebb0) at /test/10.9_opt/sql/item.h:1783

#8  Item_in_optimizer::val_int (this=0x149350090608) at /test/10.9_opt/sql/item_cmpfunc.cc:1622

#9  Item_in_optimizer::val_int (this=0x149350090608) at /test/10.9_opt/sql/item_cmpfunc.cc:1545

#10 0x000055ae9a2f90f9 in Item_cache_int::cache_value (this=0x1493500bae60) at /test/10.9_opt/sql/item.cc:10083

#11 0x000055ae9a310fa4 in Item_cache_wrapper::cache (this=0x1493500badc0) at /test/10.9_opt/sql/item.cc:8868

#12 Item_cache_wrapper::val_bool (this=0x1493500badc0) at /test/10.9_opt/sql/item.cc:9054

#13 Item_cache_wrapper::val_bool (this=0x1493500badc0) at /test/10.9_opt/sql/item.cc:9037

#14 0x000055ae9a31bc60 in Item_func_not::val_int (this=0x14935005eec0) at /test/10.9_opt/sql/item_cmpfunc.cc:202

#15 0x000055ae9a30c5b3 in Item::save_int_in_field (this=0x14935005eec0, field=0x1493500d5330, no_conversions=<optimized out>) at /test/10.9_opt/sql/item.cc:6827

#16 0x000055ae9a2fc057 in Item::save_in_field (this=0x14935005eec0, field=0x1493500d5330, no_conversions=<optimized out>) at /test/10.9_opt/sql/item.cc:6837

#17 0x000055ae9a10929a in copy_funcs (func_ptr=0x1493500d4c48, thd=0x149350000c58) at /test/10.9_opt/sql/sql_select.cc:26340

#18 0x000055ae9a10934a in end_write (join=0x149350069970, join_tab=0x1493500cd990, end_of_records=<optimized out>) at /test/10.9_opt/sql/sql_select.cc:22611

#19 0x000055ae9a0df803 in evaluate_join_record (join=join@entry=0x149350069970, join_tab=join_tab@entry=0x1493500cd5e0, error=<optimized out>) at /test/10.9_opt/sql/sql_select.cc:21356

#20 0x000055ae9a0f2a4b in sub_select (end_of_records=false, join_tab=0x1493500cd5e0, join=0x149350069970) at /test/10.9_opt/sql/sql_select.cc:21126

#21 sub_select (join=0x149350069970, join_tab=0x1493500cd5e0, end_of_records=false) at /test/10.9_opt/sql/sql_select.cc:21055

#22 0x000055ae9a11f241 in do_select (procedure=<optimized out>, join=0x149350069970) at /test/10.9_opt/sql/sql_select.cc:20671

#23 JOIN::exec_inner (this=0x149350069970) at /test/10.9_opt/sql/sql_select.cc:4778

#24 0x000055ae9a11f608 in JOIN::exec (this=this@entry=0x149350069970) at /test/10.9_opt/sql/sql_select.cc:4556

#25 0x000055ae9a11d811 in mysql_select (thd=0x149350000c58, tables=0x149350047d20, fields=@0x1493500115f8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x149350047908, last = 0x149350047cc8, elements = 2}, <No data fields>}, conds=0x0, og_num=2, order=0x0, group=0x14935005ef70, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x149350069948, unit=0x149350004cb8, select_lex=0x149350011358) at /test/10.9_opt/sql/sql_select.cc:5036

#26 0x000055ae9a11df57 in handle_select (thd=thd@entry=0x149350000c58, lex=lex@entry=0x149350004be0, result=result@entry=0x149350069948, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.9_opt/sql/sql_select.cc:570

#27 0x000055ae9a0a1a21 in execute_sqlcom_select (thd=0x149350000c58, all_tables=0x149350047d20) at /test/10.9_opt/sql/sql_parse.cc:6271

#28 0x000055ae9a0af363 in mysql_execute_command (thd=0x149350000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.9_opt/sql/sql_parse.cc:3961

#29 0x000055ae9a09ca55 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x149350000c58) at /test/10.9_opt/sql/sql_parse.cc:8046

#30 mysql_parse (thd=0x149350000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.9_opt/sql/sql_parse.cc:7968

#31 0x000055ae9a0a871a in dispatch_command (command=COM_QUERY, thd=0x149350000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.9_opt/sql/sql_class.h:1364

#32 0x000055ae9a0aa642 in do_command (thd=0x149350000c58, blocking=blocking@entry=true) at /test/10.9_opt/sql/sql_parse.cc:1408

#33 0x000055ae9a1bf5bf in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55ae9d84f6a8, put_in_cache=put_in_cache@entry=true) at /test/10.9_opt/sql/sql_connect.cc:1418

#34 0x000055ae9a1bf89d in handle_one_connection (arg=0x55ae9d84f6a8) at /test/10.9_opt/sql/sql_connect.cc:1312

#35 0x00001493accc8609 in start_thread (arg=<optimized out>) at pthread_create.c:477

#36 0x00001493ac8b4133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

10.9.0 0b14dbd45b5a1c02616d611876158d44b92b77bf (Debug)

Core was generated by `/test/MD030522-mariadb-10.9.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.

Program terminated with signal SIGSEGV, Segmentation fault.

#0  0x000056459bf38f60 in sub_select (join=0x14a95c0b57b0,

    join_tab=0x14a95c0e5a60, end_of_records=false)

    at /test/10.9_dbg/sql/sql_select.cc:21066

21066	    join_tab->table->null_row=0;

[Current thread is 1 (Thread 0x14aa08051700 (LWP 818377))]

(gdb) bt

#0  0x000056459bf38f60 in sub_select (join=0x14a95c0b57b0, join_tab=0x14a95c0e5a60, end_of_records=false) at /test/10.9_dbg/sql/sql_select.cc:21066

#1  0x000056459bf6c795 in do_select (procedure=<optimized out>, join=0x14a95c0b57b0) at /test/10.9_dbg/sql/sql_select.cc:20671

#2  JOIN::exec_inner (this=this@entry=0x14a95c0b57b0) at /test/10.9_dbg/sql/sql_select.cc:4778

#3  0x000056459bf6cd2e in JOIN::exec (this=0x14a95c0b57b0) at /test/10.9_dbg/sql/sql_select.cc:4556

#4  0x000056459c2cee2a in subselect_single_select_engine::exec (this=0x14a95c087638) at /test/10.9_dbg/sql/item_subselect.cc:4126

#5  0x000056459c2ce2c1 in Item_subselect::exec (this=this@entry=0x14a95c087368) at /test/10.9_dbg/sql/item_subselect.cc:853

#6  0x000056459c2d3567 in Item_in_subselect::exec (this=0x14a95c087368) at /test/10.9_dbg/sql/item_subselect.cc:1035

#7  0x000056459c2cd475 in Item_in_subselect::val_bool (this=0x14a95c087368) at /test/10.9_dbg/sql/item_subselect.cc:1971

#8  0x000056459bdb4dd3 in Item::val_bool_result (this=<optimized out>) at /test/10.9_dbg/sql/item.h:1783

#9  0x000056459c2168cd in Item_in_optimizer::val_int (this=0x14a95c0bab98) at /test/10.9_dbg/sql/item_cmpfunc.cc:1622

#10 0x000056459bdb4d97 in Item::val_int_result (this=<optimized out>) at /test/10.9_dbg/sql/item.h:1779

#11 0x000056459c1d9a21 in Item_cache_int::cache_value (this=0x14a95c0e7128) at /test/10.9_dbg/sql/item.cc:10083

#12 0x000056459c1f7454 in Item_cache_wrapper::cache (this=0x14a95c0e7088) at /test/10.9_dbg/sql/item.cc:8868

#13 Item_cache_wrapper::val_bool (this=0x14a95c0e7088) at /test/10.9_dbg/sql/item.cc:9054

#14 0x000056459c207d68 in Item_func_not::val_int (this=0x14a95c087678) at /test/10.9_dbg/sql/item_cmpfunc.cc:202

#15 0x000056459c1f2331 in Item::save_int_in_field (this=0x14a95c087678, field=0x14a95c102760, no_conversions=<optimized out>) at /test/10.9_dbg/sql/item.cc:6827

#16 0x000056459c0d26ea in Type_handler_int_result::Item_save_in_field (this=<optimized out>, item=<optimized out>, field=<optimized out>, no_conversions=<optimized out>) at /test/10.9_dbg/sql/sql_type.cc:4360

#17 0x000056459c1d8b97 in Item::save_in_field (this=0x14a95c087678, field=0x14a95c102760, no_conversions=<optimized out>) at /test/10.9_dbg/sql/item.cc:6837

#18 0x000056459bde013e in Item_result_field::save_in_result_field (this=<optimized out>, no_conversions=<optimized out>) at /test/10.9_dbg/sql/item.h:3435

#19 0x000056459bf51902 in copy_funcs (func_ptr=0x14a95c101ff8, thd=0x14a95c000db8) at /test/10.9_dbg/sql/sql_select.cc:26340

#20 0x000056459bf51999 in end_write (join=0x14a95c0921b8, join_tab=0x14a95c0fcb38, end_of_records=<optimized out>) at /test/10.9_dbg/sql/sql_select.cc:22611

#21 0x000056459bf5fb93 in AGGR_OP::put_record (this=this@entry=0x14a95c0fd958, end_of_records=end_of_records@entry=false) at /test/10.9_dbg/sql/sql_select.cc:29514

#22 0x000056459bf60083 in AGGR_OP::put_record (this=0x14a95c0fd958) at /test/10.9_dbg/sql/sql_select.h:1056

#23 sub_select_postjoin_aggr (join=0x14a95c0921b8, join_tab=0x14a95c0fcb38, end_of_records=<optimized out>) at /test/10.9_dbg/sql/sql_select.cc:20842

#24 0x000056459bf2368c in evaluate_join_record (join=join@entry=0x14a95c0921b8, join_tab=join_tab@entry=0x14a95c0fc788, error=error@entry=0) at /test/10.9_dbg/sql/sql_select.cc:21356

#25 0x000056459bf38f49 in sub_select (join=0x14a95c0921b8, join_tab=0x14a95c0fc788, end_of_records=false) at /test/10.9_dbg/sql/sql_select.cc:21126

#26 0x000056459bf6c795 in do_select (procedure=<optimized out>, join=0x14a95c0921b8) at /test/10.9_dbg/sql/sql_select.cc:20671

#27 JOIN::exec_inner (this=this@entry=0x14a95c0921b8) at /test/10.9_dbg/sql/sql_select.cc:4778

#28 0x000056459bf6cd2e in JOIN::exec (this=this@entry=0x14a95c0921b8) at /test/10.9_dbg/sql/sql_select.cc:4556

#29 0x000056459bf6aab2 in mysql_select (thd=thd@entry=0x14a95c000db8, tables=0x14a95c0701e8, fields=@0x14a95c014b18: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14a95c06fdc8, last = 0x14a95c070190, elements = 2}, <No data fields>}, conds=0x0, og_num=2, order=0x0, group=0x14a95c087728, having=0x0, proc_param=0x0, select_options=2147748608, result=0x14a95c092190, unit=0x14a95c004fd8, select_lex=0x14a95c014878) at /test/10.9_dbg/sql/sql_select.cc:5036

#30 0x000056459bf6b2a8 in handle_select (thd=thd@entry=0x14a95c000db8, lex=lex@entry=0x14a95c004f00, result=result@entry=0x14a95c092190, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.9_dbg/sql/sql_select.cc:570

#31 0x000056459bed76c8 in execute_sqlcom_select (thd=thd@entry=0x14a95c000db8, all_tables=0x14a95c0701e8) at /test/10.9_dbg/sql/sql_parse.cc:6271

#32 0x000056459bee3935 in mysql_execute_command (thd=thd@entry=0x14a95c000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.9_dbg/sql/sql_parse.cc:3961

#33 0x000056459bed167b in mysql_parse (thd=thd@entry=0x14a95c000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14aa08050470) at /test/10.9_dbg/sql/sql_parse.cc:8046

#34 0x000056459bedef79 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14a95c000db8, packet=packet@entry=0x14a95c00b699 "", packet_length=packet_length@entry=1559, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_class.h:1364

#35 0x000056459bee1686 in do_command (thd=0x14a95c000db8, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_parse.cc:1408

#36 0x000056459c03ed02 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x56459ff70c18, put_in_cache=put_in_cache@entry=true) at /test/10.9_dbg/sql/sql_connect.cc:1418

#37 0x000056459c03f20b in handle_one_connection (arg=0x56459ff70c18) at /test/10.9_dbg/sql/sql_connect.cc:1312

#38 0x000014aa1fefd609 in start_thread (arg=<optimized out>) at pthread_create.c:477

#39 0x000014aa1fae9133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

SELECT(v =(SELECT v FROM t WHERE (v,v) NOT IN (SELECT 1,1)) IN (1,1)),'' AS v3 FROM t WINDOW v4 AS(PARTITION BY v ORDER BY (SELECT 1 FROM (SELECT v FROM t WHERE (v,v) NOT IN (SELECT (''=(v IN (SELECT v FROM t WHERE v =CASE WHEN v ^ (SELECT 64 FROM t AS v5 WHERE v AND 0 GROUP BY (TRUE,v) NOT IN (SELECT v,(SELECT v FROM (SELECT v,(NOT ((1 ^ 1 AND (v NOT IN (NOT (NOT (''=TRUE AND v =-128))) AND (v,v) NOT IN (SELECT 1,1))=1) *'')) FROM t) AS v8 NATURAL JOIN t WHERE v = v) AS v9 FROM t),v WINDOW v10 AS(PARTITION BY v ORDER BY (SELECT 1))) ^ v THEN'' END / 8))),''FROM t) LIMIT 1 ) AS v14 ));

SELECT(v=(SELECT v FROM (SELECT 1 AS v) AS v WHERE (v,v) IN (SELECT 1,1)) IN (1,1)) AS v1 FROM (SELECT 1 AS v) AS v WINDOW v2 AS(PARTITION BY v ORDER BY (SELECT 1 FROM (SELECT v FROM (SELECT 1 AS v) AS v WHERE (v,v) NOT IN (SELECT (''=(v IN (SELECT v FROM (SELECT 1 AS v) AS v WHERE v=CASE WHEN v ^ (SELECT 64 FROM (SELECT 1 AS v) AS v WHERE v GROUP BY (TRUE,v) NOT IN (SELECT v,(SELECT v FROM (SELECT v,(NOT ((1 ^ 1 AND (v NOT IN (NOT (NOT (v=1))) AND (v,v) NOT IN (SELECT 1,1))=1) *'')) FROM (SELECT 1 AS v) AS v) AS v4 NATURAL JOIN (SELECT 1 AS v) AS v) AS v5 FROM (SELECT 1 AS v) AS v),v WINDOW v6 AS(PARTITION BY v ORDER BY (1))) ^ v THEN''END))),''FROM (SELECT 1 AS v) AS v)) AS v7));

SELECT(v=(SELECT v FROM t WHERE (v,v) IN (SELECT 1,1)) IN (1,1)) AS v1 FROM t WINDOW v2 AS(PARTITION BY v ORDER BY (SELECT 1 FROM (SELECT v FROM t WHERE (v,v) NOT IN (SELECT (''=(v IN (SELECT v FROM t WHERE v=CASE WHEN v ^ (SELECT 64 FROM t AS v3 WHERE v GROUP BY (TRUE,v) NOT IN (SELECT v,(SELECT v FROM (SELECT v,(NOT ((1 ^ 1 AND (v NOT IN (NOT (NOT (v=1))) AND (v,v) NOT IN (SELECT 1,1))=1) *'')) FROM t) AS v4 NATURAL JOIN t) AS v5 FROM t),v WINDOW v6 AS(PARTITION BY v ORDER BY (1))) ^ v THEN''END / 8))),''FROM t) LIMIT 1) AS v7));

10.9.2 6ec17142dcfb1e9d9f41211ed1b6d82e062d1541 (Optimized)
Core was generated by `/test/MD310522-mariadb-10.9.2-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x0000555a1e382e73 in sub_select (join=0x1471d4060480,
join_tab=0x1471d4082f18, end_of_records=false)
at /test/10.9_opt/sql/sql_select.cc:21131
[Current thread is 1 (Thread 0x14721df5c700 (LWP 1843708))]
(gdb) bt
#0 0x0000555a1e382e73 in sub_select (join=0x1471d4060480, join_tab=0x1471d4082f18, end_of_records=false) at /test/10.9_opt/sql/sql_select.cc:21131
#1 0x0000555a1e3af4a1 in do_select (procedure=<optimized out>, join=0x1471d4060480) at /test/10.9_opt/sql/sql_select.cc:20736
#2 JOIN::exec_inner (this=0x1471d4060480) at /test/10.9_opt/sql/sql_select.cc:4786
#3 0x0000555a1e3af868 in JOIN::exec (this=0x1471d4060480) at /test/10.9_opt/sql/sql_select.cc:4564
#4 0x0000555a1e650ba6 in subselect_single_select_engine::exec (this=0x1471d404cfe0) at /test/10.9_opt/sql/item_subselect.cc:4144
#5 0x0000555a1e6501fc in Item_subselect::exec (this=0x1471d404ce58) at /test/10.9_opt/sql/item_subselect.cc:854
#6 0x0000555a1e652634 in Item_singlerow_subselect::val_int (this=0x1471d404ce58) at /test/10.9_opt/sql/item_subselect.cc:1504
#7 0x0000555a1e58b493 in Item_direct_ref::val_int (this=0x1471d40877f0) at /test/10.9_opt/sql/item.cc:8630
#8 0x0000555a1e5ae90c in Arg_comparator::compare_int_signed (this=0x1471d40879a0) at /test/10.9_opt/sql/item_cmpfunc.cc:933
#9 0x0000555a1e5aef5f in Arg_comparator::compare (this=<optimized out>) at /test/10.9_opt/sql/item_cmpfunc.h:103
#10 Item_func_eq::val_int (this=<optimized out>) at /test/10.9_opt/sql/item_cmpfunc.cc:1762
#11 0x0000555a1e4c2cf4 in Type_handler_int_result::Item_val_bool (this=<optimized out>, item=<optimized out>) at /test/10.9_opt/sql/sql_type.cc:5100
#12 0x0000555a1e5b0085 in Item_cond_or::val_int (this=0x1471d4087e80) at /test/10.9_opt/sql/item_cmpfunc.cc:5435
#13 0x0000555a1e58ba09 in Item_cache_int::cache_value (this=0x1471d4089658) at /test/10.9_opt/sql/item.cc:10107
#14 0x0000555a1e58bad2 in Item_cache::has_value (this=0x1471d4089658) at /test/10.9_opt/sql/item.h:7080
#15 Item_cache_int::val_int (this=0x1471d4089658) at /test/10.9_opt/sql/item.cc:10140
#16 0x0000555a1e3aef81 in JOIN::exec_inner (this=0x1471d405f8a8) at /test/10.9_opt/sql/sql_select.cc:4788
#17 0x0000555a1e3af868 in JOIN::exec (this=0x1471d405f8a8) at /test/10.9_opt/sql/sql_select.cc:4564
#18 0x0000555a1e650e81 in subselect_single_select_engine::exec (this=0x1471d404d2c8) at /test/10.9_opt/sql/item_subselect.cc:4144
#19 0x0000555a1e6501fc in Item_subselect::exec (this=0x1471d404d0a0) at /test/10.9_opt/sql/item_subselect.cc:854
#20 0x0000555a1e650664 in Item_in_subselect::val_bool (this=0x1471d404d0a0) at /test/10.9_opt/sql/item_subselect.cc:1989
#21 0x0000555a1e5bc2f4 in Item_in_optimizer::val_int (this=0x1471d4063148) at /test/10.9_opt/sql/item_cmpfunc.cc:1637
#22 Item_in_optimizer::val_int (this=0x1471d4063148) at /test/10.9_opt/sql/item_cmpfunc.cc:1545
#23 0x0000555a1e58ba09 in Item_cache_int::cache_value (this=0x1471d408a348) at /test/10.9_opt/sql/item.cc:10107
#24 0x0000555a1e5a3784 in Item_cache_wrapper::cache (this=0x1471d408a2a8) at /test/10.9_opt/sql/item.cc:8865
#25 Item_cache_wrapper::val_bool (this=0x1471d408a2a8) at /test/10.9_opt/sql/item.cc:9051
#26 Item_cache_wrapper::val_bool (this=0x1471d408a2a8) at /test/10.9_opt/sql/item.cc:9034
#27 0x0000555a1e5ae5c0 in Item_func_not::val_int (this=0x1471d40574e0) at /test/10.9_opt/sql/item_cmpfunc.cc:202
#28 0x0000555a1e59ee53 in Item::save_int_in_field (this=0x1471d40574e0, field=0x1471d409bde0, no_conversions=<optimized out>) at /test/10.9_opt/sql/item.cc:6826
#29 0x0000555a1e58ec57 in Item::save_in_field (this=0x1471d40574e0, field=0x1471d409bde0, no_conversions=<optimized out>) at /test/10.9_opt/sql/item.cc:6836
#30 0x0000555a1e3995ba in copy_funcs (func_ptr=0x1471d409b7a8, thd=0x1471d4000c58) at /test/10.9_opt/sql/sql_select.cc:26405
#31 0x0000555a1e39966a in end_write (join=0x1471d405d1e8, join_tab=0x1471d4097a38, end_of_records=<optimized out>) at /test/10.9_opt/sql/sql_select.cc:22676
#32 0x0000555a1e36ff93 in evaluate_join_record (join=join@entry=0x1471d405d1e8, join_tab=join_tab@entry=0x1471d4097688, error=<optimized out>) at /test/10.9_opt/sql/sql_select.cc:21421
#33 0x0000555a1e382cdb in sub_select (end_of_records=false, join_tab=0x1471d4097688, join=0x1471d405d1e8) at /test/10.9_opt/sql/sql_select.cc:21191
#34 sub_select (join=0x1471d405d1e8, join_tab=0x1471d4097688, end_of_records=false) at /test/10.9_opt/sql/sql_select.cc:21120
#35 0x0000555a1e3af4a1 in do_select (procedure=<optimized out>, join=0x1471d405d1e8) at /test/10.9_opt/sql/sql_select.cc:20736
#36 JOIN::exec_inner (this=0x1471d405d1e8) at /test/10.9_opt/sql/sql_select.cc:4786
#37 0x0000555a1e3af868 in JOIN::exec (this=this@entry=0x1471d405d1e8) at /test/10.9_opt/sql/sql_select.cc:4564
#38 0x0000555a1e3ada71 in mysql_select (thd=0x1471d4000c58, tables=0x1471d4045330, fields=@0x1471d4010e30: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1471d4014090, last = 0x1471d4014090, elements = 1}, <No data fields>}, conds=0x0, og_num=2, order=0x0, group=0x1471d4057590, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x1471d405d1c0, unit=0x1471d4004cb8, select_lex=0x1471d4010b90) at /test/10.9_opt/sql/sql_select.cc:5044
#39 0x0000555a1e3ae1b7 in handle_select (thd=thd@entry=0x1471d4000c58, lex=lex@entry=0x1471d4004be0, result=result@entry=0x1471d405d1c0, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.9_opt/sql/sql_select.cc:578
#40 0x0000555a1e3317e1 in execute_sqlcom_select (thd=0x1471d4000c58, all_tables=0x1471d4045330) at /test/10.9_opt/sql/sql_parse.cc:6260
#41 0x0000555a1e33f34d in mysql_execute_command (thd=0x1471d4000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.9_opt/sql/sql_parse.cc:3944
#42 0x0000555a1e32c9e5 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x1471d4000c58) at /test/10.9_opt/sql/sql_parse.cc:8036
#43 mysql_parse (thd=0x1471d4000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.9_opt/sql/sql_parse.cc:7958
#44 0x0000555a1e3384fa in dispatch_command (command=COM_QUERY, thd=0x1471d4000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.9_opt/sql/sql_class.h:1364
#45 0x0000555a1e33a422 in do_command (thd=0x1471d4000c58, blocking=blocking@entry=true) at /test/10.9_opt/sql/sql_parse.cc:1407
#46 0x0000555a1e45069f in do_handle_one_connection (connect=<optimized out>, connect@entry=0x555a2085fec8, put_in_cache=put_in_cache@entry=true) at /test/10.9_opt/sql/sql_connect.cc:1418
#47 0x0000555a1e45097d in handle_one_connection (arg=0x555a2085fec8) at /test/10.9_opt/sql/sql_connect.cc:1312
#48 0x00001472371aa609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#49 0x0000147236d96133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

10.9.2 6ec17142dcfb1e9d9f41211ed1b6d82e062d1541 (Debug)
Core was generated by `/test/MD310522-mariadb-10.9.2-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000055b7faa53978 in sub_select (join=0x14b8f40876d0,
join_tab=0x14b8f40ab938, end_of_records=false)
at /test/10.9_dbg/sql/sql_select.cc:21131
[Current thread is 1 (Thread 0x14b96804f700 (LWP 1844226))]
(gdb) bt
#0 0x000055b7faa53978 in sub_select (join=0x14b8f40876d0, join_tab=0x14b8f40ab938, end_of_records=false) at /test/10.9_dbg/sql/sql_select.cc:21131
#1 0x000055b7faa87243 in do_select (procedure=<optimized out>, join=0x14b8f40876d0) at /test/10.9_dbg/sql/sql_select.cc:20736
#2 JOIN::exec_inner (this=this@entry=0x14b8f40876d0) at /test/10.9_dbg/sql/sql_select.cc:4786
#3 0x000055b7faa877dc in JOIN::exec (this=0x14b8f40876d0) at /test/10.9_dbg/sql/sql_select.cc:4564
#4 0x000055b7fadedfbe in subselect_single_select_engine::exec (this=0x14b8f4073fe0) at /test/10.9_dbg/sql/item_subselect.cc:4144
#5 0x000055b7faded60c in Item_subselect::exec (this=0x14b8f4073e58) at /test/10.9_dbg/sql/item_subselect.cc:854
#6 0x000055b7fadebc21 in Item_singlerow_subselect::val_int (this=0x14b8f4073e58) at /test/10.9_dbg/sql/item_subselect.cc:1504
#7 0x000055b7facf8107 in Item_direct_ref::val_int (this=0x14b8f40b03a0) at /test/10.9_dbg/sql/item.cc:8630
#8 0x000055b7fad2587c in Arg_comparator::compare_int_signed (this=0x14b8f40b0550) at /test/10.9_dbg/sql/item_cmpfunc.cc:933
#9 0x000055b7fad27e94 in Arg_comparator::compare (this=0x14b8f40b0550) at /test/10.9_dbg/sql/item_cmpfunc.h:103
#10 Item_func_eq::val_int (this=0x14b8f40b04a0) at /test/10.9_dbg/sql/item_cmpfunc.cc:1762
#11 0x000055b7fabeda06 in Type_handler_int_result::Item_val_bool (this=<optimized out>, item=<optimized out>) at /test/10.9_dbg/sql/sql_type.cc:5100
#12 0x000055b7fa8cde32 in Item::val_bool (this=0x14b8f40b04a0) at /test/10.9_dbg/sql/item.h:1687
#13 0x000055b7fad28313 in Item_cond_or::val_int (this=0x14b8f40b0a30) at /test/10.9_dbg/sql/item_cmpfunc.cc:5435
#14 0x000055b7fa8cdec5 in Item::val_int_result (this=<optimized out>) at /test/10.9_dbg/sql/item.h:1779
#15 0x000055b7facf8945 in Item_cache_int::cache_value (this=0x14b8f40b2288) at /test/10.9_dbg/sql/item.cc:10107
#16 0x000055b7facf89e2 in Item_cache::has_value (this=0x14b8f40b2288) at /test/10.9_dbg/sql/item.h:7080
#17 Item_cache_int::val_int (this=0x14b8f40b2288) at /test/10.9_dbg/sql/item.cc:10140
#18 0x000055b7faa87b0d in Item_func_trig_cond::val_int (this=<optimized out>) at /test/10.9_dbg/sql/item_cmpfunc.h:688
#19 0x000055b7faa87b0d in Item_func_trig_cond::val_int (this=<optimized out>) at /test/10.9_dbg/sql/item_cmpfunc.h:688
#20 0x000055b7faa867e9 in JOIN::exec_inner (this=this@entry=0x14b8f4086af8) at /test/10.9_dbg/sql/sql_select.cc:4668
#21 0x000055b7faa877dc in JOIN::exec (this=0x14b8f4086af8) at /test/10.9_dbg/sql/sql_select.cc:4564
#22 0x000055b7fadee1ec in subselect_single_select_engine::exec (this=0x14b8f40742c8) at /test/10.9_dbg/sql/item_subselect.cc:4144
#23 0x000055b7faded60c in Item_subselect::exec (this=this@entry=0x14b8f40740a0) at /test/10.9_dbg/sql/item_subselect.cc:854
#24 0x000055b7fadf28d9 in Item_in_subselect::exec (this=0x14b8f40740a0) at /test/10.9_dbg/sql/item_subselect.cc:1036
#25 0x000055b7fadec7b3 in Item_in_subselect::val_bool (this=0x14b8f40740a0) at /test/10.9_dbg/sql/item_subselect.cc:1989
#26 0x000055b7fa8cdf01 in Item::val_bool_result (this=<optimized out>) at /test/10.9_dbg/sql/item.h:1783
#27 0x000055b7fad35a06 in Item_in_optimizer::val_int (this=0x14b8f408a398) at /test/10.9_dbg/sql/item_cmpfunc.cc:1637
#28 0x000055b7fa8cdec5 in Item::val_int_result (this=<optimized out>) at /test/10.9_dbg/sql/item.h:1779
#29 0x000055b7facf8945 in Item_cache_int::cache_value (this=0x14b8f40b3000) at /test/10.9_dbg/sql/item.cc:10107
#30 0x000055b7fad163b8 in Item_cache_wrapper::cache (this=0x14b8f40b2f60) at /test/10.9_dbg/sql/item.cc:8865
#31 Item_cache_wrapper::val_bool (this=0x14b8f40b2f60) at /test/10.9_dbg/sql/item.cc:9051
#32 0x000055b7fad2709a in Item_func_not::val_int (this=0x14b8f407e650) at /test/10.9_dbg/sql/item_cmpfunc.cc:202
#33 0x000055b7fad11315 in Item::save_int_in_field (this=0x14b8f407e650, field=0x14b8f40c7460, no_conversions=<optimized out>) at /test/10.9_dbg/sql/item.cc:6826
#34 0x000055b7fabf092c in Type_handler_int_result::Item_save_in_field (this=<optimized out>, item=<optimized out>, field=<optimized out>, no_conversions=<optimized out>) at /test/10.9_dbg/sql/sql_type.cc:4359
#35 0x000055b7facf7a6f in Item::save_in_field (this=0x14b8f407e650, field=0x14b8f40c7460, no_conversions=<optimized out>) at /test/10.9_dbg/sql/item.cc:6836
#36 0x000055b7fa8f9286 in Item_result_field::save_in_result_field (this=<optimized out>, no_conversions=<optimized out>) at /test/10.9_dbg/sql/item.h:3441
#37 0x000055b7faa6c386 in copy_funcs (func_ptr=0x14b8f40c6db8, thd=0x14b8f4000db8) at /test/10.9_dbg/sql/sql_select.cc:26405
#38 0x000055b7faa6c41d in end_write (join=0x14b8f4084438, join_tab=0x14b8f40c3f20, end_of_records=<optimized out>) at /test/10.9_dbg/sql/sql_select.cc:22676
#39 0x000055b7faa7a641 in AGGR_OP::put_record (this=this@entry=0x14b8f40c4cc8, end_of_records=end_of_records@entry=false) at /test/10.9_dbg/sql/sql_select.cc:29579
#40 0x000055b7faa7ab31 in AGGR_OP::put_record (this=0x14b8f40c4cc8) at /test/10.9_dbg/sql/sql_select.h:1058
#41 sub_select_postjoin_aggr (join=0x14b8f4084438, join_tab=0x14b8f40c3f20, end_of_records=<optimized out>) at /test/10.9_dbg/sql/sql_select.cc:20907
#42 0x000055b7faa3dff6 in evaluate_join_record (join=join@entry=0x14b8f4084438, join_tab=join_tab@entry=0x14b8f40c3b70, error=error@entry=0) at /test/10.9_dbg/sql/sql_select.cc:21421
#43 0x000055b7faa53961 in sub_select (join=0x14b8f4084438, join_tab=0x14b8f40c3b70, end_of_records=false) at /test/10.9_dbg/sql/sql_select.cc:21191
#44 0x000055b7faa87243 in do_select (procedure=<optimized out>, join=0x14b8f4084438) at /test/10.9_dbg/sql/sql_select.cc:20736
#45 JOIN::exec_inner (this=this@entry=0x14b8f4084438) at /test/10.9_dbg/sql/sql_select.cc:4786
#46 0x000055b7faa877dc in JOIN::exec (this=this@entry=0x14b8f4084438) at /test/10.9_dbg/sql/sql_select.cc:4564
#47 0x000055b7faa85560 in mysql_select (thd=thd@entry=0x14b8f4000db8, tables=0x14b8f406c2c0, fields=@0x14b8f4014350: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14b8f40175b0, last = 0x14b8f40175b0, elements = 1}, <No data fields>}, conds=0x0, og_num=2, order=0x0, group=0x14b8f407e700, having=0x0, proc_param=0x0, select_options=2147748608, result=0x14b8f4084410, unit=0x14b8f4004fd8, select_lex=0x14b8f40140b0) at /test/10.9_dbg/sql/sql_select.cc:5044
#48 0x000055b7faa85d56 in handle_select (thd=thd@entry=0x14b8f4000db8, lex=lex@entry=0x14b8f4004f00, result=result@entry=0x14b8f4084410, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.9_dbg/sql/sql_select.cc:578
#49 0x000055b7fa9f1b34 in execute_sqlcom_select (thd=thd@entry=0x14b8f4000db8, all_tables=0x14b8f406c2c0) at /test/10.9_dbg/sql/sql_parse.cc:6260
#50 0x000055b7fa9fde46 in mysql_execute_command (thd=thd@entry=0x14b8f4000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.9_dbg/sql/sql_parse.cc:3944
#51 0x000055b7fa9ebe10 in mysql_parse (thd=thd@entry=0x14b8f4000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14b96804e470) at /test/10.9_dbg/sql/sql_parse.cc:8036
#52 0x000055b7fa9f93f8 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14b8f4000db8, packet=packet@entry=0x14b8f400b6c9 "", packet_length=packet_length@entry=536, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_class.h:1364
#53 0x000055b7fa9fbb02 in do_command (thd=0x14b8f4000db8, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_parse.cc:1407
#54 0x000055b7fab5b360 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55b7fcf7ef88, put_in_cache=put_in_cache@entry=true) at /test/10.9_dbg/sql/sql_connect.cc:1418
#55 0x000055b7fab5b869 in handle_one_connection (arg=0x55b7fcf7ef88) at /test/10.9_dbg/sql/sql_connect.cc:1312
#56 0x000014b980314609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#57 0x000014b97ff00133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.3.36 (dbg), 10.3.36 (opt), 10.4.26 (dbg), 10.4.26 (opt), 10.5.17 (dbg), 10.5.17 (opt), 10.6.9 (dbg), 10.6.9 (opt), 10.7.5 (dbg), 10.7.5 (opt), 10.8.4 (dbg), 10.8.4 (opt), 10.9.2 (dbg), 10.9.2 (opt), 10.10.0 (dbg), 10.10.0 (opt)

Bug (or feature/syntax) confirmed not present in:
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.38 (dbg), 5.7.38 (opt), 8.0.29 (dbg), 8.0.29 (opt)

[MDEV-28505] Server crash in sql/sql_select.cc:19830 in sub_select(JOIN, st_join_table, bool) Created: 2022-05-08 Updated: 2023-11-10 Resolved: 2023-01-24
Status:	Closed
Project:	MariaDB Server
Component/s:	Optimizer, Parser
Affects Version/s:	10.2, 10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9
Fix Version/s:	10.11.2, 10.3.38, 10.4.28, 10.5.19, 10.6.12, 10.7.8, 10.8.7, 10.9.5, 10.10.3

[MDEV-28505] Server crash in sql/sql_select.cc:19830 in sub_select(JOIN*, st_join_table*, bool) Created: 2022-05-08 Updated: 2023-11-10 Resolved: 2023-01-24

[MDEV-28505] Server crash in sql/sql_select.cc:19830 in sub_select(JOIN, st_join_table, bool) Created: 2022-05-08 Updated: 2023-11-10 Resolved: 2023-01-24