MDEV-21234 Server crashes in in setup_on_expr upon 3rd execution of SP

[midenok]

Reproduce

CREATE TABLE t1 (a VARCHAR(8));
--
INSERT INTO t1 VALUES ('foo'),('bar');
 
CREATE TABLE t2 (b DATE);
 
CREATE PROCEDURE pr() INSERT INTO t2 SELECT * FROM t1;
--error ER_TRUNCATED_WRONG_VALUE
CALL pr;
ALTER TABLE t1 ADD SYSTEM VERSIONING;
--error ER_TRUNCATED_WRONG_VALUE
CALL pr;
--error ER_TRUNCATED_WRONG_VALUE
CALL pr;
 
# Cleanup
DROP PROCEDURE pr;
DROP TABLE t1, t2;

[midenok]

1. item constructed

#0  0x0000000000b4a125 in Item::Item (this=0x7f5604025ab8, thd=0x7f5604000ce8) at /home/midenok/src/mariadb/10.3/src/sql/item.cc:539
#1  0x00000000007229a7 in Item_result_field::Item_result_field (this=0x7f5604025ab8, thd=0x7f5604000ce8) at /home/midenok/src/mariadb/10.3/src/sql/item.h:2833
#2  0x00000000007228fc in Item_func_or_sum::Item_func_or_sum (this=0x7f5604025ab8, thd=0x7f5604000ce8, a=0x7f560402f768, b=0x7f560402f878) at /home/midenok/src/mariadb/10.3/src/sql/item.h:4720
#3  0x0000000000722812 in Item_func::Item_func (this=0x7f5604025ab8, thd=0x7f5604000ce8, a=0x7f560402f768, b=0x7f560402f878) at /home/midenok/src/mariadb/10.3/src/sql/item_func.h:98
#4  0x000000000072276f in Item_int_func::Item_int_func (this=0x7f5604025ab8, thd=0x7f5604000ce8, a=0x7f560402f768, b=0x7f560402f878) at /home/midenok/src/mariadb/10.3/src/sql/item_func.h:781
#5  0x0000000000722712 in Item_bool_func::Item_bool_func (this=0x7f5604025ab8, thd=0x7f5604000ce8, a=0x7f560402f768, b=0x7f560402f878) at /home/midenok/src/mariadb/10.3/src/sql/item_cmpfunc.h:214
#6  0x0000000000721b12 in Item_bool_func2::Item_bool_func2 (this=0x7f5604025ab8, thd=0x7f5604000ce8, a=0x7f560402f768, b=0x7f560402f878) at /home/midenok/src/mariadb/10.3/src/sql/item_cmpfunc.h:404
#7  0x00000000007219e2 in Item_bool_func2_with_rev::Item_bool_func2_with_rev (this=0x7f5604025ab8, thd=0x7f5604000ce8, a=0x7f560402f768, b=0x7f560402f878) at /home/midenok/src/mariadb/10.3/src/sql/item_cmpfunc.h:466
#8  0x000000000072192f in Item_bool_rowready_func2::Item_bool_rowready_func2 (this=0x7f5604025ab8, thd=0x7f5604000ce8, a=0x7f560402f768, b=0x7f560402f878) at /home/midenok/src/mariadb/10.3/src/sql/item_cmpfunc.h:508
#9  0x00000000007217f2 in Item_func_eq::Item_func_eq (this=0x7f5604025ab8, thd=0x7f5604000ce8, a=0x7f560402f768, b=0x7f560402f878) at /home/midenok/src/mariadb/10.3/src/sql/item_cmpfunc.h:699
#10 0x000000000084806c in eliminate_item_equal (thd=0x7f5604000ce8, cond=0x0, upper_levels=0x0, item_equal=0x7f5604024488) at /home/midenok/src/mariadb/10.3/src/sql/sql_select.cc:14793
#11 0x000000000081f6a9 in substitute_for_best_equal_field (thd=0x7f5604000ce8, context_tab=0x1, cond=0x7f5604024488, cond_equal=0x0, table_join_idx=0x7f56040249f8) at /home/midenok/src/mariadb/10.3/src/sql/sql_select.cc:15021
#12 0x00000000008136f4 in JOIN::optimize_stage2 (this=0x7f5604023f10) at /home/midenok/src/mariadb/10.3/src/sql/sql_select.cc:2090
#13 0x0000000000817874 in JOIN::optimize_inner (this=0x7f5604023f10) at /home/midenok/src/mariadb/10.3/src/sql/sql_select.cc:1952
#14 0x0000000000812c25 in JOIN::optimize (this=0x7f5604023f10) at /home/midenok/src/mariadb/10.3/src/sql/sql_select.cc:1488
#15 0x000000000080b10c in mysql_select (thd=0x7f5604000ce8, tables=0x7f560402d470, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=3489926912, result=0x7f5604023e60, unit=0x7f560402e0e8, select_lex=0x7f560402e870) at /home/midenok/src/mariadb/10.3/src/sql/sql_select.cc:4264
#16 0x000000000080aa63 in handle_select (thd=0x7f5604000ce8, lex=0x7f560402e020, result=0x7f5604023e60, setup_tables_done_option=1073741824) at /home/midenok/src/mariadb/10.3/src/sql/sql_select.cc:370
#17 0x00000000007c229d in mysql_execute_command (thd=0x7f5604000ce8) at /home/midenok/src/mariadb/10.3/src/sql/sql_parse.cc:4571
#18 0x00000000006b72f5 in sp_instr_stmt::exec_core (this=0x7f560402dad8, thd=0x7f5604000ce8, nextp=0x7f561ade2a28) at /home/midenok/src/mariadb/10.3/src/sql/sp_head.cc:3592
#19 0x00000000006b5c7f in sp_lex_keeper::reset_lex_and_exec_core (this=0x7f560402db20, thd=0x7f5604000ce8, nextp=0x7f561ade2a28, open_tables=false, instr=0x7f560402dad8) at /home/midenok/src/mariadb/10.3/src/sql/sp_head.cc:3324
#20 0x00000000006b656c in sp_instr_stmt::execute (this=0x7f560402dad8, thd=0x7f5604000ce8, nextp=0x7f561ade2a28) at /home/midenok/src/mariadb/10.3/src/sql/sp_head.cc:3498
#21 0x00000000006ad878 in sp_head::execute (this=0x7f560402bff0, thd=0x7f5604000ce8, merge_da_on_success=true) at /home/midenok/src/mariadb/10.3/src/sql/sp_head.cc:1356
#22 0x00000000006affc7 in sp_head::execute_procedure (this=0x7f560402bff0, thd=0x7f5604000ce8, args=0x7f5604005960) at /home/midenok/src/mariadb/10.3/src/sql/sp_head.cc:2296
#23 0x00000000007bcda8 in do_execute_sp (thd=0x7f5604000ce8, sp=0x7f560402bff0) at /home/midenok/src/mariadb/10.3/src/sql/sql_parse.cc:2992
#24 0x00000000007bc7ef in Sql_cmd_call::execute (this=0x7f5604013c88, thd=0x7f5604000ce8) at /home/midenok/src/mariadb/10.3/src/sql/sql_parse.cc:3232
#25 0x00000000007c7ead in mysql_execute_command (thd=0x7f5604000ce8) at /home/midenok/src/mariadb/10.3/src/sql/sql_parse.cc:6031
#26 0x00000000007b9d90 in mysql_parse (thd=0x7f5604000ce8, rawbuf=0x7f5604013bd0 "CALL pr", length=7, parser_state=0x7f561ade65e8, is_com_multi=false, is_next_command=false) at /home/midenok/src/mariadb/10.3/src/sql/sql_parse.cc:7818

frame 10

(rr) pitem item_equal
$5 = 0x1e8e600 <dbug_item_print_buf> "multiple equal(TIMESTAMP'2038-01-19 06:14:07.999999', t1.row_end)"

Multiple same conditions from multiple vers_setup_conds() optimized out by new condition.

2. item deleted

#0  Item::delete_self (this=0x7f5604025ab8) at /home/midenok/src/mariadb/10.3/src/sql/item.h:1981
#1  0x00000000007408f9 in Query_arena::free_items (this=0x7f5604000d00) at /home/midenok/src/mariadb/10.3/src/sql/sql_class.cc:3721
#2  0x000000000074069b in THD::cleanup_after_query (this=0x7f5604000ce8) at /home/midenok/src/mariadb/10.3/src/sql/sql_class.cc:2222
#3  0x00000000006ad910 in sp_head::execute (this=0x7f560402bff0, thd=0x7f5604000ce8, merge_da_on_success=true) at /home/midenok/src/mariadb/10.3/src/sql/sp_head.cc:1374
#4  0x00000000006affc7 in sp_head::execute_procedure (this=0x7f560402bff0, thd=0x7f5604000ce8, args=0x7f5604005960) at /home/midenok/src/mariadb/10.3/src/sql/sp_head.cc:2296
#5  0x00000000007bcda8 in do_execute_sp (thd=0x7f5604000ce8, sp=0x7f560402bff0) at /home/midenok/src/mariadb/10.3/src/sql/sql_parse.cc:2992
#6  0x00000000007bc7ef in Sql_cmd_call::execute (this=0x7f5604013c88, thd=0x7f5604000ce8) at /home/midenok/src/mariadb/10.3/src/sql/sql_parse.cc:3232
#7  0x00000000007c7ead in mysql_execute_command (thd=0x7f5604000ce8) at /home/midenok/src/mariadb/10.3/src/sql/sql_parse.cc:6031
#8  0x00000000007b9d90 in mysql_parse (thd=0x7f5604000ce8, rawbuf=0x7f5604013bd0 "CALL pr", length=7, parser_state=0x7f561ade65e8, is_com_multi=false, is_next_command=false) at /home/midenok/src/mariadb/10.3/src/sql/sql_parse.cc:7818

3. item accessed

#0  0x00000000007194af in setup_on_expr (thd=0x7f5604000ce8, table=0x7f560402d470, is_update=true) at /home/midenok/src/mariadb/10.3/src/sql/sql_base.cc:8094
#1  0x00000000007199f5 in setup_conds (thd=0x7f5604000ce8, tables=0x7f560402d470, leaves=..., conds=0x7f560405a1f8) at /home/midenok/src/mariadb/10.3/src/sql/sql_base.cc:8212
#2  0x0000000000810c44 in setup_without_group (thd=0x7f5604000ce8, ref_pointer_array=..., tables=0x7f560402d470, leaves=..., fields=..., all_fields=..., conds=0x7f560405a1f8, order=0x0, group=0x0, win_specs=..., win_funcs=..., hidden_group_fields=0x7f560405a0d7, reserved=0x7f560402eb4c) at /home/midenok/src/mariadb/10.3/src/sql/sql_select.cc:646
#3  0x000000000080f22c in JOIN::prepare (this=0x7f5604059df0, tables_init=0x7f560402d470, wild_num=0, conds_init=0x0, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7f560402e870, unit_arg=0x7f560402e0e8) at /home/midenok/src/mariadb/10.3/src/sql/sql_select.cc:1143
#4  0x000000000080b0d9 in mysql_select (thd=0x7f5604000ce8, tables=0x7f560402d470, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=3489926912, result=0x7f5604059d40, unit=0x7f560402e0e8, select_lex=0x7f560402e870) at /home/midenok/src/mariadb/10.3/src/sql/sql_select.cc:4256
#5  0x000000000080aa63 in handle_select (thd=0x7f5604000ce8, lex=0x7f560402e020, result=0x7f5604059d40, setup_tables_done_option=1073741824) at /home/midenok/src/mariadb/10.3/src/sql/sql_select.cc:370
#6  0x00000000007c229d in mysql_execute_command (thd=0x7f5604000ce8) at /home/midenok/src/mariadb/10.3/src/sql/sql_parse.cc:4571
#7  0x00000000006b72f5 in sp_instr_stmt::exec_core (this=0x7f560402dad8, thd=0x7f5604000ce8, nextp=0x7f561ade2a28) at /home/midenok/src/mariadb/10.3/src/sql/sp_head.cc:3592
#8  0x00000000006b5c7f in sp_lex_keeper::reset_lex_and_exec_core (this=0x7f560402db20, thd=0x7f5604000ce8, nextp=0x7f561ade2a28, open_tables=false, instr=0x7f560402dad8) at /home/midenok/src/mariadb/10.3/src/sql/sp_head.cc:3324
#9  0x00000000006b656c in sp_instr_stmt::execute (this=0x7f560402dad8, thd=0x7f5604000ce8, nextp=0x7f561ade2a28) at /home/midenok/src/mariadb/10.3/src/sql/sp_head.cc:3498
#10 0x00000000006ad878 in sp_head::execute (this=0x7f560402bff0, thd=0x7f5604000ce8, merge_da_on_success=true) at /home/midenok/src/mariadb/10.3/src/sql/sp_head.cc:1356
#11 0x00000000006affc7 in sp_head::execute_procedure (this=0x7f560402bff0, thd=0x7f5604000ce8, args=0x7f5604005960) at /home/midenok/src/mariadb/10.3/src/sql/sp_head.cc:2296
#12 0x00000000007bcda8 in do_execute_sp (thd=0x7f5604000ce8, sp=0x7f560402bff0) at /home/midenok/src/mariadb/10.3/src/sql/sql_parse.cc:2992
#13 0x00000000007bc7ef in Sql_cmd_call::execute (this=0x7f5604013c88, thd=0x7f5604000ce8) at /home/midenok/src/mariadb/10.3/src/sql/sql_parse.cc:3232
#14 0x00000000007c7ead in mysql_execute_command (thd=0x7f5604000ce8) at /home/midenok/src/mariadb/10.3/src/sql/sql_parse.cc:6031
#15 0x00000000007b9d90 in mysql_parse (thd=0x7f5604000ce8, rawbuf=0x7f5604013bd0 "CALL pr", length=7, parser_state=0x7f561ade65e8, is_com_multi=false, is_next_command=false) at /home/midenok/src/mariadb/10.3/src/sql/sql_parse.cc:7818