Segmentation fault at /mariadb-11.3.0/sql/sql_select.cc:27660

Run these queries in release build:

CREATE TABLE t0 ( c18 TEXT , INDEX i0 ( c18 ( 9 ) ) ) ;
INSERT INTO t0 VALUES ( 41 ) , ( -24 ) ;
ALTER TABLE t0 ADD COLUMN c48 INT AFTER c18 ;
INSERT INTO t0 VALUES ( LTRIM ( -117 ) % -103.513076 = -4336707295717280702 IS NOT NULL , -125 ) , ( 17 , 70 ) ;
SELECT t0 . c48 AS c5 FROM ( SELECT c48 AS c49 FROM t0 ) AS t1 JOIN t0 ON IF ( t1 . c49 , t1 . c49 , 111 ) IN ( -124 = RAND ( ) >> ( SELECT BIT_XOR( t1 . c49 ) OVER ( PARTITION BY t0 . c48 , t0 . c18 , t0 . c18 , t0 . c48 ) AS c36 FROM t0 GROUP BY c48 , c18 LIMIT 1 ) IS NULL ) = t1 . c49 ;

Will trigger Segmentation fault.
GDB info:
Thread 17 "mariadbd" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffd1c17300 (LWP 2627)]
0x0000000000ca7d94 in setup_group (thd=thd@entry=0x62b00016c218, ref_pointer_array=..., tables=tables@entry=0x6290000aa8a0, fields=..., all_fields=...,
order=0x6290000950f0, hidden_group_fields=0x7fffd1c12220, from_window_spec=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:27660
27660 (*ord->item)->marker= MARKER_UNDEF_POS; /* Mark found */

#0 0x0000000000ca7d94 in setup_group (thd=thd@entry=0x62b00016c218, ref_pointer_array=..., tables=tables@entry=0x6290000af8e8, fields=..., all_fields=..., order=0x629000095130, hidden_group_fields=0x7fffd1c12220, from_window_spec=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:27660
#1 0x000000000111e689 in setup_windows (thd=<optimized out>, ref_pointer_array=..., tables=<optimized out>, fields=..., all_fields=..., win_specs=..., win_funcs=...) at /home/wx/mariadb-11.3.0/sql/sql_window.cc:238
#2 0x0000000000bf3a8a in setup_without_group (thd=<optimized out>, ref_pointer_array=..., tables=0x6290000af8e8, leaves=..., fields=..., all_fields=..., conds=0x6290000b55f0, order=0x0, group=0x6290000b0168, win_specs=..., win_funcs=..., hidden_group_fields=<optimized out>, reserved=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:955
#3 JOIN::prepare (this=0x6290000b5160, tables_init=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>, order_init=<optimized out>, skip_order_by=<optimized out>, group_init=<optimized out>, having_init=<optimized out>, proc_param_init=<optimized out>, select_lex_arg=<optimized out>, unit_arg=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:1531
#4 0x00000000015d5c30 in subselect_single_select_engine::prepare (this=<optimized out>, thd=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:3943
#5 0x00000000015b1a8e in Item_subselect::fix_fields (this=<optimized out>, thd_param=<optimized out>, ref=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:296
#6 0x0000000001459380 in Item::fix_fields_if_needed (this=0x6297e59b5090, thd=0x62b00016c218, ref=0x6290000b0f00) at /home/wx/mariadb-11.3.0/sql/item.h:1147
#7 Item_func::fix_fields (this=<optimized out>, thd=<optimized out>, ref=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item_func.cc:349
#8 0x0000000001459380 in Item::fix_fields_if_needed (this=0x6297e59b5090, thd=0x62b00016c218, ref=0x6290000b0fc0) at /home/wx/mariadb-11.3.0/sql/item.h:1147
#9 Item_func::fix_fields (this=<optimized out>, thd=<optimized out>, ref=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item_func.cc:349
#10 0x0000000001459380 in Item::fix_fields_if_needed (this=0x6297e59b5090, thd=0x62b00016c218, ref=0x6290000b11f0) at /home/wx/mariadb-11.3.0/sql/item.h:1147
#11 Item_func::fix_fields (this=<optimized out>, thd=<optimized out>, ref=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item_func.cc:349
#12 0x0000000001459380 in Item::fix_fields_if_needed (this=0x6297e59b5090, thd=0x62b00016c218, ref=0x6290000b12b8) at /home/wx/mariadb-11.3.0/sql/item.h:1147
#13 Item_func::fix_fields (this=<optimized out>, thd=<optimized out>, ref=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item_func.cc:349
#14 0x0000000001459380 in Item::fix_fields_if_needed (this=0x6297e59b5090, thd=0x62b00016c218, ref=0x6290000b1638) at /home/wx/mariadb-11.3.0/sql/item.h:1147
#15 Item_func::fix_fields (this=<optimized out>, thd=<optimized out>, ref=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item_func.cc:349
#16 0x00000000009d6748 in Item::fix_fields_if_needed (this=0x6290000b15b8, thd=0x62b00016c218, ref=0x629000093990) at /home/wx/mariadb-11.3.0/sql/item.h:1147
#17 Item::fix_fields_if_needed_for_scalar (this=0x6290000b15b8, thd=0x62b00016c218, ref=0x629000093990) at /home/wx/mariadb-11.3.0/sql/item.h:1156
#18 Item::fix_fields_if_needed_for_bool (this=0x6290000b15b8, thd=0x62b00016c218, ref=0x629000093990) at /home/wx/mariadb-11.3.0/sql/item.h:1160
#19 setup_on_expr (thd=0x62b00016c218, table=0x629000093930, is_update=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_base.cc:8777
#20 0x00000000009d7116 in setup_conds (thd=<optimized out>, tables=tables@entry=0x6290000931c8, leaves=..., conds=<optimized out>, conds@entry=0x6290000b2de0) at /home/wx/mariadb-11.3.0/sql/sql_base.cc:8896
#21 0x0000000000bf3349 in setup_without_group (thd=0x62b00016c218, ref_pointer_array=..., tables=0x6290000931c8, leaves=..., fields=..., all_fields=..., conds=0x6290000b2de0, order=0x0, group=0x0, win_specs=..., win_funcs=..., hidden_group_fields=<optimized out>, reserved=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:931
#22 JOIN::prepare (this=0x6290000b2950, tables_init=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>, order_init=<optimized out>, skip_order_by=<optimized out>, group_init=<optimized out>, having_init=<optimized out>, proc_param_init=<optimized out>, select_lex_arg=<optimized out>, unit_arg=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:1531
#23 0x0000000000be4c97 in mysql_select (thd=<optimized out>, thd@entry=0x62b00016c218, tables=0x7fffd1c11f80, fields=..., conds=0xd1c11f03, og_num=0, order=0x166c380 <sql_print_error(char const*, ...)>, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x6290000b2920, unit=0x62b0001704a8, select_lex=0x6290000914e8) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:5224
#24 0x0000000000be4596 in handle_select (thd=thd@entry=0x62b00016c218, lex=<optimized out>, lex@entry=0x62b0001703c8, result=<optimized out>, result@entry=0x6290000b2920, setup_tables_done_option=<optimized out>, setup_tables_done_option@entry=0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:628
#25 0x0000000000b3df18 in execute_sqlcom_select (thd=0x62b00016c218, all_tables=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:6013
#26 0x0000000000b2cd51 in mysql_execute_command (thd=0x62b00016c218, is_called_from_prepared_stmt=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:3912
#27 0x0000000000b1fe79 in mysql_parse (thd=thd@entry=0x62b00016c218, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, parser_state@entry=0x7fffd1c15a80) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:7734
#28 0x0000000000b19069 in dispatch_command (command=<optimized out>, thd=0x62b00016c218, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1893
#29 0x0000000000b20b71 in do_command (thd=0x62b00016c218, blocking=true) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1406
#30 0x0000000000f03476 in do_handle_one_connection (connect=<optimized out>, put_in_cache=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1445
#31 0x0000000000f02eb9 in handle_one_connection (arg=arg@entry=0x60800144e5b8) at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1347
#32 0x0000000001a00c1b in pfs_spawn_thread (arg=0x617000006618) at /home/wx/mariadb-11.3.0/storage/perfschema/pfs.cc:2201
#33 0x00007ffff79f7609 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#34 0x00007ffff770f133 in clone () from /lib/x86_64-linux-gnu/libc.so.6