[#MDEV-27756] Server crashes in SEL_ARG::tree

--source include/have_innodb.inc

CREATE TABLE t1 (a INT, b INT, s CHAR(32), PRIMARY KEY (s,b,a)) ENGINE=InnoDB;

INSERT INTO t1 VALUES (1,10,'Colorado'),(2,20,'Missouri');

SELECT * FROM t1 WHERE

  b IN (8,3,2,7)

    AND s NOT IN ('Florida','Hawaii')

    AND a >= 6

    AND (s != 'Idaho' AND a = 1 OR s = 'Montana');

# Cleanup

DROP TABLE t1;

10.2 e53199e7
#3 <signal handler called>
#4 0x000055685d6df568 in SEL_ARG::tree_delete (this=0x0, key=0x7f7138037a98) at /data/src/10.2/sql/opt_range.cc:9995
#5 0x000055685d6dd877 in and_all_keys (param=0x7f7154235730, key1=0x0, key2=0x7f7138038508, clone_flag=3) at /data/src/10.2/sql/opt_range.cc:9024
#6 0x000055685d6dda1c in key_and (param=0x7f7154235730, key1=0x7f71380378b8, key2=0x7f7138038508, clone_flag=3) at /data/src/10.2/sql/opt_range.cc:9078
#7 0x000055685d6ddce7 in key_and (param=0x7f7154235730, key1=0x7f7138037cb8, key2=0x7f7138038740, clone_flag=3) at /data/src/10.2/sql/opt_range.cc:9144
#8 0x000055685d6dc2c1 in and_range_trees (param=0x7f7154235730, tree1=0x7f7138037740, tree2=0x7f7138038260, result=0x7f7138037740) at /data/src/10.2/sql/opt_range.cc:8395
#9 0x000055685d6dc507 in tree_and (param=0x7f7154235730, tree1=0x7f7138037740, tree2=0x7f7138038260) at /data/src/10.2/sql/opt_range.cc:8501
#10 0x000055685d6d9f0a in Item_cond_and::get_mm_tree (this=0x7f7138013928, param=0x7f7154235730, cond_ptr=0x7f7138017248) at /data/src/10.2/sql/opt_range.cc:7661
#11 0x000055685d6ce0b8 in SQL_SELECT::test_quick_select (this=0x7f7138017240, thd=0x7f7138000d90, keys_to_use=..., prev_tables=0, limit=18446744073709551615, force_quick_range=false, ordered_output=false, remove_false_parts_of_where=true) at /data/src/10.2/sql/opt_range.cc:2545
#12 0x000055685d352290 in get_quick_record_count (thd=0x7f7138000d90, select=0x7f7138017240, table=0x7f713817ed80, keys=0x7f7138016008, limit=18446744073709551615) at /data/src/10.2/sql/sql_select.cc:3886
#13 0x000055685d3546c6 in make_join_statistics (join=0x7f71380149c0, tables_list=..., keyuse_array=0x7f7138014cb0) at /data/src/10.2/sql/sql_select.cc:4501
#14 0x000055685d34a607 in JOIN::optimize_inner (this=0x7f71380149c0) at /data/src/10.2/sql/sql_select.cc:1597
#15 0x000055685d348b08 in JOIN::optimize (this=0x7f71380149c0) at /data/src/10.2/sql/sql_select.cc:1127
#16 0x000055685d351fd1 in mysql_select (thd=0x7f7138000d90, tables=0x7f71380129c0, wild_num=1, fields=..., conds=0x7f7138013928, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f71380149a0, unit=0x7f7138004988, select_lex=0x7f71380050d8) at /data/src/10.2/sql/sql_select.cc:3835
#17 0x000055685d346275 in handle_select (thd=0x7f7138000d90, lex=0x7f71380048c8, result=0x7f71380149a0, setup_tables_done_option=0) at /data/src/10.2/sql/sql_select.cc:361
#18 0x000055685d3117da in execute_sqlcom_select (thd=0x7f7138000d90, all_tables=0x7f71380129c0) at /data/src/10.2/sql/sql_parse.cc:6271
#19 0x000055685d308371 in mysql_execute_command (thd=0x7f7138000d90) at /data/src/10.2/sql/sql_parse.cc:3582
#20 0x000055685d3154f0 in mysql_parse (thd=0x7f7138000d90, rawbuf=0x7f7138012708 "SELECT * FROM t1 WHERE\nb IN (8,3,2,7)\nAND s NOT IN ('Florida','Hawaii')\nAND a >= 6\nAND (s != 'Idaho' AND a = 1 OR s = 'Montana')", length=128, parser_state=0x7f71542375e0, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7793
#21 0x000055685d303893 in dispatch_command (command=COM_QUERY, thd=0x7f7138000d90, packet=0x7f7138008b61 "SELECT * FROM t1 WHERE\nb IN (8,3,2,7)\nAND s NOT IN ('Florida','Hawaii')\nAND a >= 6\nAND (s != 'Idaho' AND a = 1 OR s = 'Montana')", packet_length=128, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1827
#22 0x000055685d3023ac in do_command (thd=0x7f7138000d90) at /data/src/10.2/sql/sql_parse.cc:1381
#23 0x000055685d45a190 in do_handle_one_connection (connect=0x55686061b6d0) at /data/src/10.2/sql/sql_connect.cc:1336
#24 0x000055685d459f04 in handle_one_connection (arg=0x55686061b6d0) at /data/src/10.2/sql/sql_connect.cc:1241
#25 0x000055685dc62819 in pfs_spawn_thread (arg=0x556860607470) at /data/src/10.2/storage/perfschema/pfs.cc:1869
#26 0x00007f7159d9eea7 in start_thread (arg=<optimized out>) at pthread_create.c:477
#27 0x00007f71599a3def in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

CREATE TABLE t1 (

    stnm VARCHAR(16),

    strep TINYINT,

    stpop INT,

    stcd CHAR(2),

    KEY(stnm,stpop,strep,stcd)

);

INSERT INTO t1 VALUES ('Alabama',7,5024279,'AL'),('Alaska',1,733391,'AK');

SELECT * FROM t1 WHERE

  (stcd > 'UT' AND (stnm IS NULL OR stnm = 'Georgia') AND stpop > 600000)

  AND ((strep IS NULL AND stpop != 1)

    OR ((stcd = 'FL' OR stpop > 600000) AND strep NOT IN (0,1) AND stcd < 'MD')

);

# Cleanup

DROP TABLE t1;

10.2 9f429a2d
#3 <signal handler called>
#4 rb_delete_fixup (root=0x7f5db818eed0, key=0x563a66dbe020 <null_element>, par=0x7f5db818ee68) at /data/src/10.2/sql/opt_range.cc:10165
#5 0x0000563a65e3f7db in SEL_ARG::tree_delete (this=0x7f5db818ed98, key=0x7f5db818ed98) at /data/src/10.2/sql/opt_range.cc:10044
#6 0x0000563a65e3d88d in and_all_keys (param=0x7f5dc8d52730, key1=0x7f5db818ed98, key2=0x7f5db80377c8, clone_flag=3) at /data/src/10.2/sql/opt_range.cc:9024
#7 0x0000563a65e3da32 in key_and (param=0x7f5dc8d52730, key1=0x7f5db818ed98, key2=0x7f5db80377c8, clone_flag=3) at /data/src/10.2/sql/opt_range.cc:9078
#8 0x0000563a65e3dcfd in key_and (param=0x7f5dc8d52730, key1=0x7f5db8037aa0, key2=0x7f5db818da38, clone_flag=3) at /data/src/10.2/sql/opt_range.cc:9144
#9 0x0000563a65e3d864 in and_all_keys (param=0x7f5dc8d52730, key1=0x7f5db818ec60, key2=0x7f5db818da38, clone_flag=3) at /data/src/10.2/sql/opt_range.cc:9021
#10 0x0000563a65e3da32 in key_and (param=0x7f5dc8d52730, key1=0x7f5db818ec60, key2=0x7f5db818da38, clone_flag=3) at /data/src/10.2/sql/opt_range.cc:9078
#11 0x0000563a65e3c2d7 in and_range_trees (param=0x7f5dc8d52730, tree1=0x7f5db80393e8, tree2=0x7f5db818ebe0, result=0x7f5db818eb68) at /data/src/10.2/sql/opt_range.cc:8395
#12 0x0000563a65e29b53 in SEL_IMERGE::and_sel_tree (this=0x7f5db80392f8, param=0x7f5dc8d52730, tree=0x7f5db8037740, new_imerge=0x7f5db818e528) at /data/src/10.2/sql/opt_range.cc:592
#13 0x0000563a65e2a8a3 in imerge_list_and_tree (param=0x7f5dc8d52730, merges=0x7f5db8039498, tree=0x7f5db8037740, replace=true) at /data/src/10.2/sql/opt_range.cc:1135
#14 0x0000563a65e3c505 in tree_and (param=0x7f5dc8d52730, tree1=0x7f5db8037740, tree2=0x7f5db8039468) at /data/src/10.2/sql/opt_range.cc:8500
#15 0x0000563a65e39f20 in Item_cond_and::get_mm_tree (this=0x7f5db8013980, param=0x7f5dc8d52730, cond_ptr=0x7f5db80184e0) at /data/src/10.2/sql/opt_range.cc:7661
#16 0x0000563a65e2e0ce in SQL_SELECT::test_quick_select (this=0x7f5db80184d8, thd=0x7f5db8000d90, keys_to_use=..., prev_tables=0, limit=18446744073709551615, force_quick_range=false, ordered_output=false, remove_false_parts_of_where=true) at /data/src/10.2/sql/opt_range.cc:2545
#17 0x0000563a65ab22d2 in get_quick_record_count (thd=0x7f5db8000d90, select=0x7f5db80184d8, table=0x7f5db817ed80, keys=0x7f5db8016fd0, limit=18446744073709551615) at /data/src/10.2/sql/sql_select.cc:3886
#18 0x0000563a65ab4708 in make_join_statistics (join=0x7f5db80154d8, tables_list=..., keyuse_array=0x7f5db80157c8) at /data/src/10.2/sql/sql_select.cc:4501
#19 0x0000563a65aaa649 in JOIN::optimize_inner (this=0x7f5db80154d8) at /data/src/10.2/sql/sql_select.cc:1597
#20 0x0000563a65aa8b4a in JOIN::optimize (this=0x7f5db80154d8) at /data/src/10.2/sql/sql_select.cc:1127
#21 0x0000563a65ab2013 in mysql_select (thd=0x7f5db8000d90, tables=0x7f5db8012a60, wild_num=1, fields=..., conds=0x7f5db8013980, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f5db80154b8, unit=0x7f5db8004988, select_lex=0x7f5db80050d8) at /data/src/10.2/sql/sql_select.cc:3835
#22 0x0000563a65aa62b7 in handle_select (thd=0x7f5db8000d90, lex=0x7f5db80048c8, result=0x7f5db80154b8, setup_tables_done_option=0) at /data/src/10.2/sql/sql_select.cc:361
#23 0x0000563a65a7181c in execute_sqlcom_select (thd=0x7f5db8000d90, all_tables=0x7f5db8012a60) at /data/src/10.2/sql/sql_parse.cc:6271
#24 0x0000563a65a683b3 in mysql_execute_command (thd=0x7f5db8000d90) at /data/src/10.2/sql/sql_parse.cc:3582
#25 0x0000563a65a75532 in mysql_parse (thd=0x7f5db8000d90, rawbuf=0x7f5db8012708 "SELECT * FROM t1 WHERE\n(stcd > 'UT' AND (stnm IS NULL OR stnm = 'Georgia') AND stpop > 600000)\nAND ((strep IS NULL AND stpop != 1)\nOR ((stcd = 'FL' OR stpop > 600000) AND strep NOT IN (0,1) AND stcd <"..., length=208, parser_state=0x7f5dc8d545e0, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7793
#26 0x0000563a65a638d5 in dispatch_command (command=COM_QUERY, thd=0x7f5db8000d90, packet=0x7f5db8008b61 "SELECT * FROM t1 WHERE\n(stcd > 'UT' AND (stnm IS NULL OR stnm = 'Georgia') AND stpop > 600000)\nAND ((strep IS NULL AND stpop != 1)\nOR ((stcd = 'FL' OR stpop > 600000) AND strep NOT IN (0,1) AND stcd <"..., packet_length=208, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1827
#27 0x0000563a65a623ee in do_command (thd=0x7f5db8000d90) at /data/src/10.2/sql/sql_parse.cc:1381
#28 0x0000563a65bba1d2 in do_handle_one_connection (connect=0x563a6974c6d0) at /data/src/10.2/sql/sql_connect.cc:1336
#29 0x0000563a65bb9f46 in handle_one_connection (arg=0x563a6974c6d0) at /data/src/10.2/sql/sql_connect.cc:1241
#30 0x0000563a663c27fb in pfs_spawn_thread (arg=0x563a69738470) at /data/src/10.2/storage/perfschema/pfs.cc:1869
#31 0x00007f5dcf0bcea7 in start_thread (arg=<optimized out>) at pthread_create.c:477
#32 0x00007f5dcecc1def in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

[MDEV-27756] Server crashes in SEL_ARG::tree_delete upon query with ranges Created: 2022-02-06 Updated: 2023-04-27
Status:	Open
Project:	MariaDB Server
Component/s:	Optimizer
Affects Version/s:	10.2, 10.3, 10.4, 10.5, 10.6, 10.7
Fix Version/s:	10.4, 10.5, 10.6

[MDEV-27756] Server crashes in SEL_ARG::tree_delete upon query with ranges Created: 2022-02-06 Updated: 2023-04-27