ASAN build crashes after assigning CHAR/VARCHAR data type to dynamic column

SET sql_mode='';

CREATE TABLE t (a varchar(10),b CHAR(20));

INSERT INTO t VALUES ('Laptop',COLUMN_CREATE ('color','black','price',500));

SELECT a,COLUMN_GET (b,'color' AS CHAR) AS color FROM t;

==3001831==ERROR: AddressSanitizer: use-after-poison on address 0x6190000938eb at pc 0x558bfaa9f4d2 bp 0x1473ab5163f0 sp 0x1473ab5163e0

READ of size 1 at 0x6190000938eb thread T12

    #0 0x558bfaa9f4d1 in dynamic_column_var_uint_get /test/11.3_opt_san/mysys/ma_dyncol.c:774

    #1 0x558bfaa9f4d1 in dynamic_column_string_read /test/11.3_opt_san/mysys/ma_dyncol.c:1087

    #2 0x558bfaa9f4d1 in dynamic_column_get_value /test/11.3_opt_san/mysys/ma_dyncol.c:2246

    #3 0x558bfaaa3440 in dynamic_column_get_internal /test/11.3_opt_san/mysys/ma_dyncol.c:2307

    #4 0x558bfaaa3440 in mariadb_dyncol_get_named /test/11.3_opt_san/mysys/ma_dyncol.c:2227

    #5 0x558bf8bfb598 in Item_dyncol_get::get_dyn_value(THD*, st_dynamic_column_value*, String*) /test/11.3_opt_san/sql/item_strfunc.cc:5317

    #6 0x558bf8bfc874 in Item_dyncol_get::val_str(String*) /test/11.3_opt_san/sql/item_strfunc.cc:5335

    #7 0x558bf8f49378 in Item_char_typecast::val_str_generic(String*) /test/11.3_opt_san/sql/item_timefunc.cc:3200

    #8 0x558bf7c7a3cd in Type_handler::Item_send_str(Item*, Protocol*, st_value*) const /test/11.3_opt_san/sql/sql_type.cc:7445

    #9 0x558bf6723351 in Protocol::send_result_set_row(List<Item>*) /test/11.3_opt_san/sql/protocol.cc:1334

    #10 0x558bf6a74f59 in select_send::send_data(List<Item>&) /test/11.3_opt_san/sql/sql_class.cc:3129

    #11 0x558bf7083d4b in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.3_opt_san/sql/sql_class.h:5913

    #12 0x558bf7083d4b in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.3_opt_san/sql/sql_class.h:5903

    #13 0x558bf7083d4b in end_send /test/11.3_opt_san/sql/sql_select.cc:24777

    #14 0x558bf6f7e007 in evaluate_join_record /test/11.3_opt_san/sql/sql_select.cc:23743

    #15 0x558bf6fd34d1 in sub_select(JOIN*, st_join_table*, bool) /test/11.3_opt_san/sql/sql_select.cc:23510

    #16 0x558bf71aea9e in do_select /test/11.3_opt_san/sql/sql_select.cc:23027

    #17 0x558bf71aea9e in JOIN::exec_inner() /test/11.3_opt_san/sql/sql_select.cc:4949

    #18 0x558bf71b3889 in JOIN::exec() /test/11.3_opt_san/sql/sql_select.cc:4726

    #19 0x558bf71a0c6c in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.3_opt_san/sql/sql_select.cc:5257

    #20 0x558bf71a4903 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.3_opt_san/sql/sql_select.cc:628

    #21 0x558bf6d7b96f in execute_sqlcom_select /test/11.3_opt_san/sql/sql_parse.cc:6023

    #22 0x558bf6dcb595 in mysql_execute_command(THD*, bool) /test/11.3_opt_san/sql/sql_parse.cc:3923

    #23 0x558bf6d4abd0 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.3_opt_san/sql/sql_parse.cc:7742

    #24 0x558bf6da1cb8 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.3_opt_san/sql/sql_parse.cc:1893

    #25 0x558bf6dad51d in do_command(THD*, bool) /test/11.3_opt_san/sql/sql_parse.cc:1406

    #26 0x558bf76fe47d in do_handle_one_connection(CONNECT*, bool) /test/11.3_opt_san/sql/sql_connect.cc:1418

    #27 0x558bf7700aec in handle_one_connection /test/11.3_opt_san/sql/sql_connect.cc:1320

    #28 0x1473cdf8e608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477

    #29 0x1473cd203132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132)

Compiled with GCC >=7.5.0 (I use GCC 11.4.0) and:

    -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON

Set before execution:

    export ASAN_OPTIONS=quarantine_size_mb=512:atexit=0:detect_invalid_pointer_pairs=3:dump_instruction_bytes=1:abort_on_error=1:allocator_may_return_null=1