Comment 3 for bug 836532

The lists get merged tails here:

(gdb) wher
  #0 Item_in_subselect::inject_in_to_exists_cond (..) at item_subselect.cc:2271
  #1 0x08421c06 in JOIN::choose_subquery_plan (this=0xba79100, join_tables=5) at opt_subselect.cc:4645
  #2 0x0836f374 in make_join_statistics (...) at sql_select.cc:3545
  #3 0x08370b98 in JOIN::optimize (this=0xba79100) at sql_select.cc:1113
  #4 0x081b9aab in st_select_lex::optimize_unflattened_subqueries (this=0xba4fef0) at sql_lex.cc:3126
  #5 0x08422577 in JOIN::optimize_unflattened_subqueries (this=0xba73188) at opt_subselect.cc:4324
  #6 0x08372226 in JOIN::optimize (this=0xba73188) at sql_select.cc:1504
  #7 0x08373f74 in mysql_select (...) at sql_select.cc:2887

Here, we get this code:

    /* Attach back the list of multiple equalities to the new top-level AND. */
    if (and_args && join_arg->cond_equal_)
    {
      /* The argument list of the top-level AND may change after fix fields. */
      and_args= ((Item_cond*) join_arg->conds)->argument_list();
> and_args->concat((List<Item> *) &join_arg->cond_equal_->current_level);
    }
  }

and after the line marked with '>' executes, we get:
  Item_in_subselect::inject_in_to_exists_cond (this=0xba5d970, join_arg=0xba79100) at item_subselect.cc:2271
(gdb) p join_arg->cond_equal_->current_level->elements
  $320 = 2
(gdb) p join_arg->cond_equal_->current_level->first
  $321 = (list_node *) 0xba70a30
(gdb) p join_arg->cond_equal_->current_level->first->next
  $322 = (list_node *) 0xba70b50

(gdb) set $and_args=((class Item_cond*)join_arg->conds)->argument_list()
(gdb) p $and_args->first
  $328 = (list_node *) 0xba72150
(gdb) p $and_args->first->next
  $329 = (list_node *) 0xba72158
(gdb) p $and_args->first->next->next
  $330 = (list_node *) 0xba70a30
(gdb) p $and_args->first->next->next->next
  $331 = (list_node *) 0xba70b50

i.e. the lists get mixed tails.