diff --git a/mysql-test/main/subselect.result b/mysql-test/main/subselect.result
index 17470fa128a..4209e2bc529 100644
--- a/mysql-test/main/subselect.result
+++ b/mysql-test/main/subselect.result
@@ -7382,6 +7382,17 @@ a
 drop table t1,t2,t3;
 # End of 10.2 tests
 #
+# MDEV-29926: ASAN heap-use-after-free in Explain_query::~Explain_query
+#
+CREATE TABLE t (a VARCHAR(1)) CHARACTER SET utf8mb3;
+EXECUTE IMMEDIATE "SELECT COUNT(*) FROM t WHERE a < (SELECT 'x')";
+COUNT(*)
+0
+DROP TABLE t;
+#
+# End of 10.3 tests
+#
+#
 # Start of 10.4 tests
 #
 #
diff --git a/mysql-test/main/subselect.test b/mysql-test/main/subselect.test
index 31afc2368be..7620a51c296 100644
--- a/mysql-test/main/subselect.test
+++ b/mysql-test/main/subselect.test
@@ -6288,6 +6288,20 @@ drop table t1,t2,t3;
 
 --echo # End of 10.2 tests
 
+--echo #
+--echo # MDEV-29926: ASAN heap-use-after-free in Explain_query::~Explain_query
+--echo #
+
+CREATE TABLE t (a VARCHAR(1)) CHARACTER SET utf8mb3;
+EXECUTE IMMEDIATE "SELECT COUNT(*) FROM t WHERE a < (SELECT 'x')";
+
+# Cleanup
+DROP TABLE t;
+
+--echo #
+--echo # End of 10.3 tests
+--echo #
+
 
 --echo #
 --echo # Start of 10.4 tests
diff --git a/mysql-test/main/subselect_no_exists_to_in.result b/mysql-test/main/subselect_no_exists_to_in.result
index 394a13a4207..e32e6007328 100644
--- a/mysql-test/main/subselect_no_exists_to_in.result
+++ b/mysql-test/main/subselect_no_exists_to_in.result
@@ -7382,6 +7382,17 @@ a
 drop table t1,t2,t3;
 # End of 10.2 tests
 #
+# MDEV-29926: ASAN heap-use-after-free in Explain_query::~Explain_query
+#
+CREATE TABLE t (a VARCHAR(1)) CHARACTER SET utf8mb3;
+EXECUTE IMMEDIATE "SELECT COUNT(*) FROM t WHERE a < (SELECT 'x')";
+COUNT(*)
+0
+DROP TABLE t;
+#
+# End of 10.3 tests
+#
+#
 # Start of 10.4 tests
 #
 #
diff --git a/mysql-test/main/subselect_no_mat.result b/mysql-test/main/subselect_no_mat.result
index 3d19a80871e..07755a5144a 100644
--- a/mysql-test/main/subselect_no_mat.result
+++ b/mysql-test/main/subselect_no_mat.result
@@ -7375,6 +7375,17 @@ a
 drop table t1,t2,t3;
 # End of 10.2 tests
 #
+# MDEV-29926: ASAN heap-use-after-free in Explain_query::~Explain_query
+#
+CREATE TABLE t (a VARCHAR(1)) CHARACTER SET utf8mb3;
+EXECUTE IMMEDIATE "SELECT COUNT(*) FROM t WHERE a < (SELECT 'x')";
+COUNT(*)
+0
+DROP TABLE t;
+#
+# End of 10.3 tests
+#
+#
 # Start of 10.4 tests
 #
 #
diff --git a/mysql-test/main/subselect_no_opts.result b/mysql-test/main/subselect_no_opts.result
index 2934726811a..15688fc1717 100644
--- a/mysql-test/main/subselect_no_opts.result
+++ b/mysql-test/main/subselect_no_opts.result
@@ -7373,6 +7373,17 @@ a
 drop table t1,t2,t3;
 # End of 10.2 tests
 #
+# MDEV-29926: ASAN heap-use-after-free in Explain_query::~Explain_query
+#
+CREATE TABLE t (a VARCHAR(1)) CHARACTER SET utf8mb3;
+EXECUTE IMMEDIATE "SELECT COUNT(*) FROM t WHERE a < (SELECT 'x')";
+COUNT(*)
+0
+DROP TABLE t;
+#
+# End of 10.3 tests
+#
+#
 # Start of 10.4 tests
 #
 #
diff --git a/mysql-test/main/subselect_no_scache.result b/mysql-test/main/subselect_no_scache.result
index 3c6dfbaa9c3..e3bdddbf84b 100644
--- a/mysql-test/main/subselect_no_scache.result
+++ b/mysql-test/main/subselect_no_scache.result
@@ -7388,6 +7388,17 @@ a
 drop table t1,t2,t3;
 # End of 10.2 tests
 #
+# MDEV-29926: ASAN heap-use-after-free in Explain_query::~Explain_query
+#
+CREATE TABLE t (a VARCHAR(1)) CHARACTER SET utf8mb3;
+EXECUTE IMMEDIATE "SELECT COUNT(*) FROM t WHERE a < (SELECT 'x')";
+COUNT(*)
+0
+DROP TABLE t;
+#
+# End of 10.3 tests
+#
+#
 # Start of 10.4 tests
 #
 #
diff --git a/mysql-test/main/subselect_no_semijoin.result b/mysql-test/main/subselect_no_semijoin.result
index 9b31fbf5f3e..a06a4aef99b 100644
--- a/mysql-test/main/subselect_no_semijoin.result
+++ b/mysql-test/main/subselect_no_semijoin.result
@@ -7373,6 +7373,17 @@ a
 drop table t1,t2,t3;
 # End of 10.2 tests
 #
+# MDEV-29926: ASAN heap-use-after-free in Explain_query::~Explain_query
+#
+CREATE TABLE t (a VARCHAR(1)) CHARACTER SET utf8mb3;
+EXECUTE IMMEDIATE "SELECT COUNT(*) FROM t WHERE a < (SELECT 'x')";
+COUNT(*)
+0
+DROP TABLE t;
+#
+# End of 10.3 tests
+#
+#
 # Start of 10.4 tests
 #
 #
diff --git a/mysql-test/main/type_time_hires.result b/mysql-test/main/type_time_hires.result
index 5fa9d11591a..cf7dce59f1f 100644
--- a/mysql-test/main/type_time_hires.result
+++ b/mysql-test/main/type_time_hires.result
@@ -360,7 +360,7 @@ select cast(1e-6 as time(6));
 cast(1e-6 as time(6))
 00:00:00.000001
 #
-# Start of 10.4 tests
+# End of 5.5 tests
 #
 #
 # MDEV-20397 Support TIMESTAMP, DATETIME, TIME in ROUND() and TRUNCATE()
@@ -907,3 +907,14 @@ a	CEILING(a)	CEILING_SP(a)	CEILING(a)=CEILING_SP(a)
 DROP FUNCTION FLOOR_SP;
 DROP FUNCTION CEILING_SP;
 DROP TABLE t1;
+#
+# MDEV-29924 Assertion `(((nr) % (1LL << 24)) % (int) log_10_int[6 - dec]) == 0' failed in my_time_packed_to_binary on SELECT when using TIME field
+#
+create table t1 (c decimal(3,1),d time(6));
+insert into t1 values (null,0.1),(null,0.1), (0.1,0.2);
+select c from t1 where c<all (select d from t1);
+c
+drop table t1;
+#
+# End of 10.4 tests
+#
diff --git a/mysql-test/main/type_time_hires.test b/mysql-test/main/type_time_hires.test
index f9b4a5a9f27..51824c689ad 100644
--- a/mysql-test/main/type_time_hires.test
+++ b/mysql-test/main/type_time_hires.test
@@ -11,9 +11,8 @@ drop table t1;
 
 select cast(1e-6 as time(6));
 
-
 --echo #
---echo # Start of 10.4 tests
+--echo # End of 5.5 tests
 --echo #
 
 --echo #
@@ -196,3 +195,15 @@ DROP FUNCTION FLOOR_SP;
 DROP FUNCTION CEILING_SP;
 
 DROP TABLE t1;
+
+--echo #
+--echo # MDEV-29924 Assertion `(((nr) % (1LL << 24)) % (int) log_10_int[6 - dec]) == 0' failed in my_time_packed_to_binary on SELECT when using TIME field
+--echo #
+create table t1 (c decimal(3,1),d time(6));
+insert into t1 values (null,0.1),(null,0.1), (0.1,0.2);
+select c from t1 where c<all (select d from t1);
+drop table t1;
+
+--echo #
+--echo # End of 10.4 tests
+--echo #
diff --git a/sql/sql_class.cc b/sql/sql_class.cc
index b1db0c15c10..bdb582e4ebf 100644
--- a/sql/sql_class.cc
+++ b/sql/sql_class.cc
@@ -3745,8 +3745,10 @@ int select_max_min_finder_subselect::send_data(List<Item> &items)
     {
       cache= val_item->get_cache(thd);
       set_op(val_item->type_handler());
+      cache->setup(thd, val_item);
     }
-    cache->store(val_item);
+    else
+      cache->store(val_item);
     it->store(0, cache);
   }
   it->assigned(1);
diff --git a/sql/sql_select.cc b/sql/sql_select.cc
index 3d880365d42..332c8a786c5 100644
--- a/sql/sql_select.cc
+++ b/sql/sql_select.cc
@@ -1211,6 +1211,15 @@ JOIN::prepare(TABLE_LIST *tables_init, COND *conds_init, uint og_num,
   // simple check that we got usable conds
   dbug_print_item(conds);
 
+  /*
+    It is hack which force creating EXPLAIN object always on runt-time arena
+    (because very top JOIN::prepare executes always with runtime arena, but
+    constant subquery like (SELECT 'x') can be called with statement arena
+    during prepare phase of top SELECT).
+  */
+  if (!(thd->lex->context_analysis_only & CONTEXT_ANALYSIS_ONLY_PREPARE))
+      create_explain_query_if_not_exists(thd->lex, thd->mem_root);
+
   if (select_lex->handle_derived(thd->lex, DT_PREPARE))
     DBUG_RETURN(-1);
 
@@ -1661,7 +1670,6 @@ bool JOIN::build_explain()
 int JOIN::optimize()
 {
   int res= 0;
-  create_explain_query_if_not_exists(thd->lex, thd->mem_root);
   join_optimization_state init_state= optimization_state;
   if (select_lex->pushdown_select)
   {