Server crashes in Dep_analysis_context::create_table_value/check_func_dependency

CREATE TABLE t1 (a1 int, a2 int);

INSERT INTO t1 VALUES (0,276),(5,277),(NULL,278);

CREATE TABLE t2 ( a1 int, a2 int, KEY a2 (a2)) ;

INSERT INTO t2 VALUES (11,NULL),(185,0);

SELECT t1.*

FROM t1

LEFT JOIN

 (SELECT * FROM

   (SELECT t2.a1 AS a1, min(t2.a2) AS a2

    FROM t2

    WHERE t2.a2 <> NULL

    GROUP BY t2.a1) dt)dt2 ON dt2.a2 = t1.a2;

220620 11:06:20 [ERROR] mysqld got signal 11 ;

Server version: 10.10.0-MariaDB-debug-log

sql/signal_handler.cc:226(handle_fatal_signal)[0x560a57115df1]

sigaction.c:0(__restore_rt)[0x7fd562edf420]

sql/opt_table_elimination.cc:1743(Dep_analysis_context::create_unique_pseudo_key_if_needed(TABLE_LIST*, Dep_value_table*))[0x560a56e0e6ab]

sql/opt_table_elimination.cc:1687(Dep_analysis_context::create_table_value(TABLE_LIST*))[0x560a56e0e2bc]

sql/opt_table_elimination.cc:939(check_func_dependency(JOIN*, unsigned long long, List_iterator<TABLE_LIST>*, TABLE_LIST*, Item*))[0x560a56e0a09f]

sql/opt_table_elimination.cc:873(eliminate_tables_for_list(JOIN*, List<TABLE_LIST>*, unsigned long long, Item*, unsigned long long, Json_writer_array*))[0x560a56e09a50]

sql/opt_table_elimination.cc:832(eliminate_tables_for_list(JOIN*, List<TABLE_LIST>*, unsigned long long, Item*, unsigned long long, Json_writer_array*))[0x560a56e0959d]

sql/opt_table_elimination.cc:772(eliminate_tables(JOIN*))[0x560a56e090c4]

sql/sql_select.cc:5483(make_join_statistics(JOIN*, List<TABLE_LIST>&, st_dynamic_array*))[0x560a5695575f]

sql/sql_select.cc:2511(JOIN::optimize_inner())[0x560a569374a1]

sql/sql_select.cc:1850(JOIN::optimize())[0x560a569303c6]

sql/sql_select.cc:5038(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x560a56951b7c]

sql/sql_select.cc:583(handle_select(THD*, LEX*, select_result*, unsigned long))[0x560a56921f9f]

sql/sql_parse.cc:6260(execute_sqlcom_select(THD*, TABLE_LIST*))[0x560a56846cff]

sql/sql_parse.cc:3944(mysql_execute_command(THD*, bool))[0x560a56835734]

sql/sql_parse.cc:8036(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x560a56851fdf]

sql/sql_parse.cc:1896(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x560a56827fc4]

sql/sql_parse.cc:1407(do_command(THD*, bool))[0x560a56824d45]

sql/sql_connect.cc:1418(do_handle_one_connection(CONNECT*, bool))[0x560a56cda39a]

sql/sql_connect.cc:1314(handle_one_connection)[0x560a56cd9c26]

perfschema/pfs.cc:2203(pfs_spawn_thread)[0x560a579bfbd2]

nptl/pthread_create.c:478(start_thread)[0x7fd562ed3609]

Query (0x6290001092a8): SELECT t1.*

FROM t1

LEFT JOIN

(SELECT * FROM

(SELECT t2.a1 AS a1, min(t2.a2) AS a2

FROM t2

WHERE t2.a2 <> NULL

GROUP BY t2.a1) dt)dt2 ON dt2.a2 = t1.a2

CREATE TABLE t1 (a1 int, a2 int);

INSERT INTO t1 VALUES (0,276),(5,277),(NULL,278);

CREATE TABLE t2 ( a1 int, a2 int) ;

INSERT INTO t2 VALUES (11,NULL),(185,0);

SELECT t1.*

FROM t1

LEFT JOIN

 (SELECT * FROM

   (SELECT t2.a1 AS a1, min(t2.a2) AS a2

    FROM t2

    WHERE t2.a2 <> NULL

    GROUP BY t2.a1) dt)dt2 ON dt2.a2 = t1.a2;

=================================================================

==860941==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 40 byte(s) in 1 object(s) allocated from:

    #0 0x7f5b336d5587 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cc:104

    #1 0x562a4c0bdc44 in __gnu_cxx::new_allocator<std::_Rb_tree_node<unsigned short> >::allocate(unsigned long, void const*) (/10.10/bld/sql/mariadbd+0x21dec44)

    #2 0x562a4c0bdb43 in std::allocator_traits<std::allocator<std::_Rb_tree_node<unsigned short> > >::allocate(std::allocator<std::_Rb_tree_node<unsigned short> >&, unsigned long) (/10.10/bld/sql/mariadbd+0x21deb43)

    #3 0x562a4c0bda24 in std::_Rb_tree<unsigned short, unsigned short, std::_Identity<unsigned short>, std::less<unsigned short>, std::allocator<unsigned short> >::_M_get_node() (/10.10/bld/sql/mariadbd+0x21dea24)

    #4 0x562a4c0bdac7 in std::_Rb_tree_node<unsigned short>* std::_Rb_tree<unsigned short, unsigned short, std::_Identity<unsigned short>, std::less<unsigned short>, std::allocator<unsigned short> >::_M_create_node<unsigned short const&>(unsigned short const&) (/10.10/bld/sql/mariadbd+0x21deac7)

    #5 0x562a4c0bd97b in std::_Rb_tree_node<unsigned short>* std::_Rb_tree<unsigned short, unsigned short, std::_Identity<unsigned short>, std::less<unsigned short>, std::allocator<unsigned short> >::_Alloc_node::operator()<unsigned short const&>(unsigned short const&) const (/10.10/bld/sql/mariadbd+0x21de97b)

    #6 0x562a4c0bd729 in std::_Rb_tree_node<unsigned short>* std::_Rb_tree<unsigned short, unsigned short, std::_Identity<unsigned short>, std::less<unsigned short>, std::allocator<unsigned short> >::_M_clone_node<std::_Rb_tree<unsigned short, unsigned short, std::_Identity<unsigned short>, std::less<unsigned short>, std::allocator<unsigned short> >::_Alloc_node>(std::_Rb_tree_node<unsigned short> const*, std::_Rb_tree<unsigned short, unsigned short, std::_Identity<unsigned short>, std::less<unsigned short>, std::allocator<unsigned short> >::_Alloc_node&) (/10.10/bld/sql/mariadbd+0x21de729)

    #7 0x562a4c0bcec3 in std::_Rb_tree_node<unsigned short>* std::_Rb_tree<unsigned short, unsigned short, std::_Identity<unsigned short>, std::less<unsigned short>, std::allocator<unsigned short> >::_M_copy<std::_Rb_tree<unsigned short, unsigned short, std::_Identity<unsigned short>, std::less<unsigned short>, std::allocator<unsigned short> >::_Alloc_node>(std::_Rb_tree_node<unsigned short> const*, std::_Rb_tree_node_base*, std::_Rb_tree<unsigned short, unsigned short, std::_Identity<unsigned short>, std::less<unsigned short>, std::allocator<unsigned short> >::_Alloc_node&) (/10.10/bld/sql/mariadbd+0x21ddec3)

    #8 0x562a4c0bbdfc in std::_Rb_tree_node<unsigned short>* std::_Rb_tree<unsigned short, unsigned short, std::_Identity<unsigned short>, std::less<unsigned short>, std::allocator<unsigned short> >::_M_copy<std::_Rb_tree<unsigned short, unsigned short, std::_Identity<unsigned short>, std::less<unsigned short>, std::allocator<unsigned short> >::_Alloc_node>(std::_Rb_tree<unsigned short, unsigned short, std::_Identity<unsigned short>, std::less<unsigned short>, std::allocator<unsigned short> > const&, std::_Rb_tree<unsigned short, unsigned short, std::_Identity<unsigned short>, std::less<unsigned short>, std::allocator<unsigned short> >::_Alloc_node&) (/10.10/bld/sql/mariadbd+0x21dcdfc)

    #9 0x562a4c0bb1c0 in std::_Rb_tree<unsigned short, unsigned short, std::_Identity<unsigned short>, std::less<unsigned short>, std::allocator<unsigned short> >::_M_copy(std::_Rb_tree<unsigned short, unsigned short, std::_Identity<unsigned short>, std::less<unsigned short>, std::allocator<unsigned short> > const&) /usr/include/c++/9/bits/stl_tree.h:917

    #10 0x562a4c0ba67b in std::_Rb_tree<unsigned short, unsigned short, std::_Identity<unsigned short>, std::less<unsigned short>, std::allocator<unsigned short> >::_Rb_tree(std::_Rb_tree<unsigned short, unsigned short, std::_Identity<unsigned short>, std::less<unsigned short>, std::allocator<unsigned short> > const&) /usr/include/c++/9/bits/stl_tree.h:955

    #11 0x562a4c0b9a90 in std::set<unsigned short, std::less<unsigned short>, std::allocator<unsigned short> >::set(std::set<unsigned short, std::less<unsigned short>, std::allocator<unsigned short> > const&) /usr/include/c++/9/bits/stl_set.h:223

    #12 0x562a4c0b9b53 in Dep_module_pseudo_key::Dep_module_pseudo_key(Dep_value_table*, std::set<unsigned short, std::less<unsigned short>, std::allocator<unsigned short> >&&) /10.10/src/sql/opt_table_elimination.cc:477

    #13 0x562a4c0b67ce in Dep_analysis_context::create_unique_pseudo_key_if_needed(TABLE_LIST*, Dep_value_table*) /10.10/src/sql/opt_table_elimination.cc:1763

    #14 0x562a4c0b62bb in Dep_analysis_context::create_table_value(TABLE_LIST*) /10.10/src/sql/opt_table_elimination.cc:1686

    #15 0x562a4c0b209e in check_func_dependency /10.10/src/sql/opt_table_elimination.cc:939

    #16 0x562a4c0b1a4f in eliminate_tables_for_list /10.10/src/sql/opt_table_elimination.cc:872

    #17 0x562a4c0b159c in eliminate_tables_for_list /10.10/src/sql/opt_table_elimination.cc:832

    #18 0x562a4c0b10c3 in eliminate_tables(JOIN*) /10.10/src/sql/opt_table_elimination.cc:769

    #19 0x562a4bbfd75e in make_join_statistics /10.10/src/sql/sql_select.cc:5482

    #20 0x562a4bbdf4a0 in JOIN::optimize_inner() /10.10/src/sql/sql_select.cc:2511

    #21 0x562a4bbd83c5 in JOIN::optimize() /10.10/src/sql/sql_select.cc:1850

    #22 0x562a4bbf9b7b in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /10.10/src/sql/sql_select.cc:5038

    #23 0x562a4bbc9f9e in handle_select(THD*, LEX*, select_result*, unsigned long) /10.10/src/sql/sql_select.cc:583

    #24 0x562a4baeecfe in execute_sqlcom_select /10.10/src/sql/sql_parse.cc:6260

    #25 0x562a4badd733 in mysql_execute_command(THD*, bool) /10.10/src/sql/sql_parse.cc:3944

    #26 0x562a4baf9fde in mysql_parse(THD*, char*, unsigned int, Parser_state*) /10.10/src/sql/sql_parse.cc:8036

    #27 0x562a4bacffc3 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /10.10/src/sql/sql_parse.cc:1894

    #28 0x562a4baccd44 in do_command(THD*, bool) /10.10/src/sql/sql_parse.cc:1407

    #29 0x562a4bf82399 in do_handle_one_connection(CONNECT*, bool) /10.10/src/sql/sql_connect.cc:1418