Server crash or ASAN heap-use-after-free in Item_func_match::cleanup upon using FT search with partitioning

--source include/have_partition.inc

--connect (con1,localhost,root,,test)

CREATE OR REPLACE TABLE t1 (c CHAR(8)) PARTITION BY KEY(c);

--send

  FLUSH TABLES;

--connection default

DELETE FROM t1 WHERE MATCH(c) AGAINST ('foo' IN BOOLEAN MODE);

# Cleanup

--connection con1

--reap

--disconnect con1

--connection default

DROP TABLE t1;

#3  <signal handler called>

#4  0x000055fbec2a13c8 in Item_func_match::cleanup (this=0x7f0a140156b0) at /home/elenst/git/10.3/sql/item_func.h:2601

#5  0x000055fbebed8a15 in Item::delete_self (this=0x7f0a140156b0) at /home/elenst/git/10.3/sql/item.h:1874

#6  0x000055fbebecef6b in Query_arena::free_items (this=0x7f0a14000b18) at /home/elenst/git/10.3/sql/sql_class.cc:3790

#7  0x000055fbebec9c19 in THD::cleanup_after_query (this=0x7f0a14000b00) at /home/elenst/git/10.3/sql/sql_class.cc:2322

#8  0x000055fbebf300da in mysql_parse (thd=0x7f0a14000b00, rawbuf=0x7f0a14014d48 "DELETE FROM t1 WHERE MATCH(c) AGAINST ('foo' IN BOOLEAN MODE)", length=61, parser_state=0x7f0a25ab55d0, is_com_multi=false, is_next_command=false) at /home/elenst/git/10.3/sql/sql_parse.cc:8032

#9  0x000055fbebf1d32a in dispatch_command (command=COM_QUERY, thd=0x7f0a14000b00, packet=0x7f0a1408fee1 "DELETE FROM t1 WHERE MATCH(c) AGAINST ('foo' IN BOOLEAN MODE)", packet_length=61, is_com_multi=false, is_next_command=false) at /home/elenst/git/10.3/sql/sql_parse.cc:1838

#10 0x000055fbebf1bd62 in do_command (thd=0x7f0a14000b00) at /home/elenst/git/10.3/sql/sql_parse.cc:1383

#11 0x000055fbec07fcec in do_handle_one_connection (connect=0x55fbeee169c0) at /home/elenst/git/10.3/sql/sql_connect.cc:1402

#12 0x000055fbec07fa6c in handle_one_connection (arg=0x55fbeee169c0) at /home/elenst/git/10.3/sql/sql_connect.cc:1308

#13 0x000055fbec972058 in pfs_spawn_thread (arg=0x55fbeee2a590) at /home/elenst/git/10.3/storage/perfschema/pfs.cc:1862

#14 0x00007f0a2c5546ba in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0

#15 0x00007f0a2b9e982d in clone () from /lib/x86_64-linux-gnu/libc.so.6

==32350==ERROR: AddressSanitizer: heap-use-after-free on address 0x60e0002987f0 at pc 0x556aac5bca5e bp 0x7f3ee9d4d7f0 sp 0x7f3ee9d4d7e8

READ of size 8 at 0x60e0002987f0 thread T5

    #0 0x556aac5bca5d in Item_func_match::cleanup() /data/src/10.3/sql/item_func.h:2601

    #1 0x556aabca90ff in Item::delete_self() /data/src/10.3/sql/item.h:1874

    #2 0x556aabc91c0d in Query_arena::free_items() /data/src/10.3/sql/sql_class.cc:3790

    #3 0x556aabc840b2 in THD::cleanup_after_query() /data/src/10.3/sql/sql_class.cc:2322

    #4 0x556aabd75f41 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:8032

    #5 0x556aabd50244 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1838

    #6 0x556aabd4d2db in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1383

    #7 0x556aac0b8bb2 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1402

    #8 0x556aac0b85c7 in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308

    #9 0x556aacbd3ce7 in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1862

    #10 0x7f3ef6322493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)

    #11 0x7f3ef470893e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)