SIGSEGV in my_convert and UBSAN: member access within null pointer of type 'const struct MY_CHARSET_HANDLER' in my_convert

SET character_set_server=ucs2;

DROP DATABASE test;

CREATE DATABASE test;

USE test;

CREATE TABLE t (a CHAR) ENGINE=InnoDB PARTITION BY RANGE COLUMNS (a) (PARTITION p0 VALUES LESS THAN ('a'));

ALTER TABLE t CHANGE COLUMN a a CHAR BINARY;

Core was generated by `/test/MD180223-mariadb-11.0.1-linux-x86_64-opt/bin/mariadbd --no-defaults --cor'.

Program terminated with signal SIGSEGV, Segmentation fault.

#0  0x0000563982fa7ffd in my_convert (to=0x14a4bc16d62e "", to_length=0, 

    to_cs=0x563984274980 <my_collation_contextually_typed_binary>, 

    from=0x14a4800273e0 "", from_length=2, 

    from_cs=0x5639839c43a0 <my_charset_ucs2_general_ci>, errors=0x14a4bc16d5f0)

    at /test/11.0_opt/strings/ctype.c:1236

1236	    return my_convert_using_func(to, to_length,

[Current thread is 1 (Thread 0x14a4bc174640 (LWP 3274549))]

(gdb) bt

#0  0x0000563982fa7ffd in my_convert (to=0x14a4bc16d62e "", to_length=0, to_cs=0x563984274980 <my_collation_contextually_typed_binary>, from=0x14a4800273e0 "", from_length=2, from_cs=0x5639839c43a0 <my_charset_ucs2_general_ci>, errors=0x14a4bc16d5f0) at /test/11.0_opt/strings/ctype.c:1236

#1  0x0000563982902916 in copy_and_convert (errors=0x14a4bc16d5f0, from_cs=0x5639839c43a0 <my_charset_ucs2_general_ci>, from_length=2, from=0x14a4800273e0 "", to_cs=0x563984274980 <my_collation_contextually_typed_binary>, to_length=<optimized out>, to=<optimized out>) at /test/11.0_opt/sql/sql_string.h:53

#2  String::copy (errors=0x14a4bc16d5f0, to_cs=0x563984274980 <my_collation_contextually_typed_binary>, from_cs=0x5639839c43a0 <my_charset_ucs2_general_ci>, arg_length=2, str=0x14a4800273e0 "", this=0x14a4bc16d610) at /test/11.0_opt/sql/sql_string.cc:476

#3  String::copy (this=this@entry=0x14a4bc16d610, str=0x14a4800273e0 "", arg_length=2, from_cs=0x5639839c43a0 <my_charset_ucs2_general_ci>, to_cs=to_cs@entry=0x563984274980 <my_collation_contextually_typed_binary>, errors=errors@entry=0x14a4bc16d5f0) at /test/11.0_opt/sql/sql_string.cc:456

#4  0x00005639829fee2a in Type_handler::partition_field_append_value (this=<optimized out>, str=0x14a4bc16e490, item_expr=<optimized out>, field_cs=0x563984274980 <my_collation_contextually_typed_binary>, mode=<optimized out>) at /test/11.0_opt/sql/sql_string.h:282

#5  0x000056398286ae6a in add_column_list_values (str=str@entry=0x14a4bc16e490, part_info=part_info@entry=0x14a480011398, list_value=list_value@entry=0x14a480011688, create_info=create_info@entry=0x14a4bc171d20, alter_info=alter_info@entry=0x14a4bc171c30) at /test/11.0_opt/sql/sql_partition.cc:2347

#6  0x000056398286e085 in add_partition_values (alter_info=<optimized out>, create_info=<optimized out>, p_elem=<optimized out>, part_info=0x14a480011398, str=0x14a4bc16e490) at /test/11.0_opt/sql/sql_partition.cc:2377

#7  generate_partition_syntax (thd=<optimized out>, part_info=0x14a480011398, buf_length=<optimized out>, show_partition_options=<optimized out>, create_info=<optimized out>, alter_info=<optimized out>) at /test/11.0_opt/sql/sql_partition.cc:2721

#8  0x000056398286eb63 in generate_partition_syntax_for_frm (thd=thd@entry=0x14a480000c68, part_info=part_info@entry=0x14a480011398, buf_length=buf_length@entry=0x14a4bc16e98c, create_info=create_info@entry=0x14a4bc171d20, alter_info=alter_info@entry=0x14a4bc171c30) at /test/11.0_opt/sql/sql_partition.cc:2493

#9  0x000056398290df0d in mysql_create_frm_image (thd=0x14a480000c68, db=@0x14a4bc170f00: {str = 0x14a480010f88 "test", length = 4}, table_name=@0x14a4bc170f10: {str = 0x14a480010838 "t", length = 1}, create_info=0x14a4bc171d20, alter_info=0x14a4bc171c30, create_table_mode=-2, key_info=0x14a4bc16f328, key_count=0x14a4bc16f318, frm=0x14a4bc16f360) at /test/11.0_opt/sql/sql_table.cc:4182

#10 0x0000563982912522 in create_table_impl (thd=thd@entry=0x14a480000c68, ddl_log_state_create=ddl_log_state_create@entry=0x0, ddl_log_state_rm=<optimized out>, ddl_log_state_rm@entry=0x0, orig_db=@0x14a4bc170f00: {str = 0x14a480010f88 "test", length = 4}, orig_table_name=@0x14a4bc170f10: {str = 0x14a480010838 "t", length = 1}, db=@0x14a4bc170f40: {str = 0x14a480010f88 "test", length = 4}, table_name=@0x14a4bc170f70: {str = 0x14a4bc17146c "#sql-alter-31f544-4", length = 19}, path=@0x14a4bc16f510: {str = 0x14a4bc17192f "./test/#sql-alter-31f544-4", length = 26}, options=<optimized out>, create_info=0x14a4bc171d20, alter_info=0x14a4bc171c30, create_table_mode=-2, is_trans=0x0, key_info=0x14a4bc16f328, key_count=0x14a4bc16f318, frm=0x14a4bc16f360) at /test/11.0_opt/sql/sql_table.cc:4584

#11 0x0000563982919d62 in mysql_alter_table (thd=thd@entry=0x14a480000c68, new_db=new_db@entry=0x14a4800055c0, new_name=new_name@entry=0x14a480005a08, create_info=create_info@entry=0x14a4bc171d20, table_list=<optimized out>, table_list@entry=0x14a480010870, recreate_info=recreate_info@entry=0x14a4bc171c10, alter_info=0x14a4bc171c30, order_num=0, order=0x0, ignore=false, if_exists=false) at /test/11.0_opt/sql/sql_table.cc:10624

#12 0x0000563982983607 in Sql_cmd_alter_table::execute (this=<optimized out>, thd=0x14a480000c68) at /test/11.0_opt/sql/sql_alter.cc:558

#13 0x00005639828614d5 in mysql_execute_command (thd=0x14a480000c68, is_called_from_prepared_stmt=<optimized out>) at /test/11.0_opt/sql/sql_parse.cc:6003

#14 0x0000563982862794 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x14a480000c68) at /test/11.0_opt/sql/sql_parse.cc:8002

#15 mysql_parse (thd=0x14a480000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/11.0_opt/sql/sql_parse.cc:7924

#16 0x0000563982864d72 in dispatch_command (command=COM_QUERY, thd=0x14a480000c68, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/11.0_opt/sql/sql_parse.cc:1991

#17 0x0000563982866510 in do_command (thd=0x14a480000c68, blocking=blocking@entry=true) at /test/11.0_opt/sql/sql_parse.cc:1407

#18 0x000056398297e717 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x563984b0eca8, put_in_cache=put_in_cache@entry=true) at /test/11.0_opt/sql/sql_connect.cc:1416

#19 0x000056398297e9ed in handle_one_connection (arg=0x563984b0eca8) at /test/11.0_opt/sql/sql_connect.cc:1318

#20 0x000014a4e868ab43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442

#21 0x000014a4e871ca00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Core was generated by `/test/MD180223-mariadb-11.0.1-linux-x86_64-dbg/bin/mariadbd --no-defaults --cor'.

Program terminated with signal SIGSEGV, Segmentation fault.

#0  0x000055b7f99667de in my_convert (to=0x1466b2756dce "", to_length=0, 

    to_cs=0x55b7fad18340 <my_collation_contextually_typed_binary>, 

    from=0x1466500464d0 "", from_length=2, 

    from_cs=0x55b7fa461620 <my_charset_ucs2_general_ci>, errors=0x1466b2756d90)

    at /test/11.0_dbg/strings/ctype.c:1236

1236	    return my_convert_using_func(to, to_length,

[Current thread is 1 (Thread 0x1466b275d640 (LWP 3274550))]

(gdb) bt

#0  0x000055b7f99667de in my_convert (to=0x1466b2756dce "", to_length=0, to_cs=0x55b7fad18340 <my_collation_contextually_typed_binary>, from=0x1466500464d0 "", from_length=2, from_cs=0x55b7fa461620 <my_charset_ucs2_general_ci>, errors=0x1466b2756d90) at /test/11.0_dbg/strings/ctype.c:1236

#1  0x000055b7f9083d65 in copy_and_convert (errors=0x1466b2756d90, from_cs=0x55b7fa461620 <my_charset_ucs2_general_ci>, from_length=2, from=0x1466500464d0 "", to_cs=0x55b7fad18340 <my_collation_contextually_typed_binary>, to_length=0, to=<optimized out>) at /test/11.0_dbg/sql/sql_string.h:53

#2  String::copy (this=this@entry=0x1466b2756db0, str=0x1466500464d0 "", arg_length=2, from_cs=0x55b7fa461620 <my_charset_ucs2_general_ci>, to_cs=to_cs@entry=0x55b7fad18340 <my_collation_contextually_typed_binary>, errors=errors@entry=0x1466b2756d90) at /test/11.0_dbg/sql/sql_string.cc:476

#3  0x000055b7f91b3265 in Type_handler::partition_field_append_value (this=<optimized out>, str=0x1466b2757c20, item_expr=<optimized out>, field_cs=0x55b7fad18340 <my_collation_contextually_typed_binary>, mode=PARTITION_VALUE_PRINT_MODE_FRM) at /test/11.0_dbg/sql/sql_string.h:282

#4  0x000055b7f8fcd857 in add_column_list_values (str=str@entry=0x1466b2757c20, part_info=part_info@entry=0x146650013d68, list_value=list_value@entry=0x146650014058, create_info=create_info@entry=0x1466b275b3b0, alter_info=alter_info@entry=0x1466b275b2c0) at /test/11.0_dbg/sql/sql_partition.cc:2347

#5  0x000055b7f8fd18be in add_partition_values (alter_info=0x1466b275b2c0, create_info=0x1466b275b3b0, p_elem=0x146650013f90, part_info=0x146650013d68, str=0x1466b2757c20) at /test/11.0_dbg/sql/sql_partition.cc:2377

#6  generate_partition_syntax (thd=thd@entry=0x146650000d58, part_info=part_info@entry=0x146650013d68, buf_length=buf_length@entry=0x1466b275835c, show_partition_options=show_partition_options@entry=true, create_info=create_info@entry=0x1466b275b3b0, alter_info=alter_info@entry=0x1466b275b2c0) at /test/11.0_dbg/sql/sql_partition.cc:2721

#7  0x000055b7f8fd2516 in generate_partition_syntax_for_frm (thd=thd@entry=0x146650000d58, part_info=part_info@entry=0x146650013d68, buf_length=buf_length@entry=0x1466b275835c, create_info=create_info@entry=0x1466b275b3b0, alter_info=alter_info@entry=0x1466b275b2c0) at /test/11.0_dbg/sql/sql_partition.cc:2493

#8  0x000055b7f909988c in mysql_create_frm_image (thd=thd@entry=0x146650000d58, db=@0x1466b275a5c0: {str = 0x146650013958 "test", length = 4}, table_name=@0x1466b275a5d0: {str = 0x146650013208 "t", length = 1}, create_info=create_info@entry=0x1466b275b3b0, alter_info=alter_info@entry=0x1466b275b2c0, create_table_mode=create_table_mode@entry=-2, key_info=0x1466b2758d40, key_count=0x1466b2758d30, frm=0x1466b2758d60) at /test/11.0_dbg/sql/sql_table.cc:4182

#9  0x000055b7f909a007 in create_table_impl (thd=thd@entry=0x146650000d58, ddl_log_state_create=ddl_log_state_create@entry=0x0, ddl_log_state_rm=<optimized out>, ddl_log_state_rm@entry=0x0, orig_db=@0x1466b275a5c0: {str = 0x146650013958 "test", length = 4}, orig_table_name=@0x1466b275a5d0: {str = 0x146650013208 "t", length = 1}, db=@0x1466b275a600: {str = 0x146650013958 "test", length = 4}, table_name=@0x1466b275a630: {str = 0x1466b275ab2c "#sql-alter-31f53f-4", length = 19}, path=@0x1466b2758ef0: {str = 0x1466b275afef "./test/#sql-alter-31f53f-4", length = 26}, options=<optimized out>, create_info=0x1466b275b3b0, alter_info=0x1466b275b2c0, create_table_mode=-2, is_trans=0x0, key_info=0x1466b2758d40, key_count=0x1466b2758d30, frm=0x1466b2758d60) at /test/11.0_dbg/sql/sql_table.cc:4584

#10 0x000055b7f90a0221 in mysql_alter_table (thd=thd@entry=0x146650000d58, new_db=new_db@entry=0x146650005870, new_name=new_name@entry=0x146650005cb8, create_info=create_info@entry=0x1466b275b3b0, table_list=<optimized out>, table_list@entry=0x146650013240, recreate_info=recreate_info@entry=0x1466b275b2a0, alter_info=<optimized out>, order_num=<optimized out>, order=<optimized out>, ignore=<optimized out>, if_exists=<optimized out>) at /test/11.0_dbg/sql/sql_table.cc:10624

#11 0x000055b7f91206b0 in Sql_cmd_alter_table::execute (this=<optimized out>, thd=0x146650000d58) at /test/11.0_dbg/sql/sql_alter.cc:558

#12 0x000055b7f8fc2db6 in mysql_execute_command (thd=thd@entry=0x146650000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/11.0_dbg/sql/sql_parse.cc:6003

#13 0x000055b7f8fc47cf in mysql_parse (thd=thd@entry=0x146650000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1466b275c2c0) at /test/11.0_dbg/sql/sql_parse.cc:8002

#14 0x000055b7f8fc6963 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x146650000d58, packet=packet@entry=0x14665000ae19 "ALTER TABLE t CHANGE COLUMN a a CHAR BINARY", packet_length=packet_length@entry=43, blocking=blocking@entry=true) at /test/11.0_dbg/sql/sql_class.h:242

#15 0x000055b7f8fc87bc in do_command (thd=0x146650000d58, blocking=blocking@entry=true) at /test/11.0_dbg/sql/sql_parse.cc:1407

#16 0x000055b7f91196e2 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55b7fd0520c8, put_in_cache=put_in_cache@entry=true) at /test/11.0_dbg/sql/sql_connect.cc:1416

#17 0x000055b7f9119941 in handle_one_connection (arg=0x55b7fd0520c8) at /test/11.0_dbg/sql/sql_connect.cc:1318

#18 0x00001466ece91b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442

#19 0x00001466ecf23a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

/test/11.0_opt_san/strings/ctype.c:1237:52: runtime error: member access within null pointer of type 'const struct MY_CHARSET_HANDLER'

    #0 0x55ae04bfb38d in my_convert /test/11.0_opt_san/strings/ctype.c:1237

    #1 0x55ae014568c7 in copy_and_convert(char*, unsigned long, charset_info_st const*, char const*, unsigned long, charset_info_st const*, unsigned int*) /test/11.0_opt_san/sql/sql_string.h:53

    #2 0x55ae014568c7 in String::copy(char const*, unsigned long, charset_info_st const*, charset_info_st const*, unsigned int*) /test/11.0_opt_san/sql/sql_string.cc:476

    #3 0x55ae01c24aed in Type_handler::partition_field_append_value(String*, Item*, charset_info_st const*, partition_value_print_mode_t) const /test/11.0_opt_san/sql/sql_type.cc:9362

    #4 0x55ae00f37e35 in add_column_list_values /test/11.0_opt_san/sql/sql_partition.cc:2347

    #5 0x55ae00f4d618 in add_partition_values /test/11.0_opt_san/sql/sql_partition.cc:2377

    #6 0x55ae00f4d618 in generate_partition_syntax(THD*, partition_info*, unsigned int*, bool, HA_CREATE_INFO*, Alter_info*) /test/11.0_opt_san/sql/sql_partition.cc:2721

    #7 0x55ae00f4f80a in generate_partition_syntax_for_frm(THD*, partition_info*, unsigned int*, HA_CREATE_INFO*, Alter_info*) /test/11.0_opt_san/sql/sql_partition.cc:2493

    #8 0x55ae014c1f12 in mysql_create_frm_image(THD*, st_mysql_const_lex_string const&, st_mysql_const_lex_string const&, HA_CREATE_INFO*, Alter_info*, int, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /test/11.0_opt_san/sql/sql_table.cc:4181

    #9 0x55ae014c6e4a in create_table_impl /test/11.0_opt_san/sql/sql_table.cc:4583

    #10 0x55ae0150a028 in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, Table_specification_st*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool, bool) /test/11.0_opt_san/sql/sql_table.cc:10622

    #11 0x55ae0181b567 in Sql_cmd_alter_table::execute(THD*) /test/11.0_opt_san/sql/sql_alter.cc:557

    #12 0x55ae00ed66dc in mysql_execute_command(THD*, bool) /test/11.0_opt_san/sql/sql_parse.cc:6001

    #13 0x55ae00efa542 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.0_opt_san/sql/sql_parse.cc:8000

    #14 0x55ae00f07fa5 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.0_opt_san/sql/sql_parse.cc:1894

    #15 0x55ae00f11700 in do_command(THD*, bool) /test/11.0_opt_san/sql/sql_parse.cc:1407

    #16 0x55ae017f203c in do_handle_one_connection(CONNECT*, bool) /test/11.0_opt_san/sql/sql_connect.cc:1416

    #17 0x55ae017f463c in handle_one_connection /test/11.0_opt_san/sql/sql_connect.cc:1318

    #18 0x14eaaea20b42 in start_thread nptl/pthread_create.c:442

    #19 0x14eaaeab29ff  (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)

230307 22:27:28 [ERROR] mysqld got signal 11 ;

SIGSEGV|my_convert|copy_and_convert|String::copy|String::copy

SIGSEGV|my_convert|copy_and_convert|String::copy|Type_handler::partition_field_append_value