Server crashes in Field::is_null / Protocol_text::store

CREATE TABLE t1 (a INT, b VARCHAR(8));

INSERT INTO t1 VALUES (1,'foo'),(2,'bar');

CREATE TABLE t2 (c INT);

INSERT INTO t2 VALUES (3),(4);

CREATE TABLE t3 (d INT);

INSERT INTO t3 VALUES (5),(6);

SELECT a, MAX(a), AVG(a) OVER (PARTITION BY b) FROM t1

WHERE EXISTS ( SELECT * FROM t2 WHERE c IN ( SELECT MAX(d) FROM t3 ) );

#3  <signal handler called>

#4  0x00007fd8a9ea05e8 in Field::is_null (this=0x7fd89e82a938, row_offset=0) at /data/src/10.2/sql/field.h:1085

#5  0x00007fd8a9e9e8b5 in Protocol_text::store (this=0x7fd89e816600, field=0x7fd89e82a938) at /data/src/10.2/sql/protocol.cc:1229

#6  0x00007fd8aa1eaf89 in Item_field::send (this=0x7fd89e864200, protocol=0x7fd89e816600, buffer=0x7fd8ab06c660) at /data/src/10.2/sql/item.cc:6749

#7  0x00007fd8a9e9da86 in Protocol::send_result_set_row (this=0x7fd89e816600, row_items=0x7fd89e81a390) at /data/src/10.2/sql/protocol.cc:978

#8  0x00007fd8a9f1c2ce in select_send::send_data (this=0x7fd89e867e38, items=...) at /data/src/10.2/sql/sql_class.cc:2914

#9  0x00007fd8a9fbe87c in return_zero_rows (join=0x7fd89e867e58, result=0x7fd89e867e38, tables=..., fields=..., send_row=true, select_options=2147748608, info=0x7fd8aa9d8cf0 "Impossible WHERE noticed after reading const tables", having=0x0, all_fields=...) at /data/src/10.2/sql/sql_select.cc:12431

#10 0x00007fd8a9fa6d46 in JOIN::exec_inner (this=0x7fd89e867e58) at /data/src/10.2/sql/sql_select.cc:3310

#11 0x00007fd8a9fa6582 in JOIN::exec (this=0x7fd89e867e58) at /data/src/10.2/sql/sql_select.cc:3184

#12 0x00007fd8a9fa76d9 in mysql_select (thd=0x7fd89e816070, tables=0x7fd89e864bc8, wild_num=0, fields=..., conds=0x7fd89e867b60, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7fd89e867e38, unit=0x7fd89e819b30, select_lex=0x7fd89e81a268) at /data/src/10.2/sql/sql_select.cc:3569

#13 0x00007fd8a9f9c7f5 in handle_select (thd=0x7fd89e816070, lex=0x7fd89e819a68, result=0x7fd89e867e38, setup_tables_done_option=0) at /data/src/10.2/sql/sql_select.cc:373

#14 0x00007fd8a9f6a38b in execute_sqlcom_select (thd=0x7fd89e816070, all_tables=0x7fd89e864bc8) at /data/src/10.2/sql/sql_parse.cc:6347

#15 0x00007fd8a9f5fe79 in mysql_execute_command (thd=0x7fd89e816070) at /data/src/10.2/sql/sql_parse.cc:3376

#16 0x00007fd8a9f6dd4a in mysql_parse (thd=0x7fd89e816070, rawbuf=0x7fd89e864088 "SELECT a, MAX(a), AVG(a) OVER (PARTITION BY b) FROM t1\nWHERE EXISTS ( SELECT * FROM t2 WHERE c IN ( SELECT MAX(d) FROM t3 ) )", length=125, parser_state=0x7fd8ab06ddd0, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7790

#17 0x00007fd8a9f5bacd in dispatch_command (command=COM_QUERY, thd=0x7fd89e816070, packet=0x7fd89e858071 "", packet_length=125, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1805

#18 0x00007fd8a9f5a4a7 in do_command (thd=0x7fd89e816070) at /data/src/10.2/sql/sql_parse.cc:1365

#19 0x00007fd8aa09fd86 in do_handle_one_connection (connect=0x7fd8a6c6d410) at /data/src/10.2/sql/sql_connect.cc:1354

#20 0x00007fd8aa09fb13 in handle_one_connection (arg=0x7fd8a6c6d410) at /data/src/10.2/sql/sql_connect.cc:1260

#21 0x00007fd8aa3cb73e in pfs_spawn_thread (arg=0x7fd8a6c519f0) at /data/src/10.2/storage/perfschema/pfs.cc:1862

#22 0x00007fd8a95c90a4 in start_thread (arg=0x7fd8ab06f300) at pthread_create.c:309

#23 0x00007fd8a778187d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111