SIGSEGV and UBSAN null-pointer-use in wait_while_table_is_used on CoR GTT

CREATE GLOBAL TEMPORARY TABLE t (c INT);

LOCK TABLES t WRITE;

CREATE OR REPLACE GLOBAL TEMPORARY TABLE t (c INT);

Core was generated by `/test/MDEV-35915_MD040825-mariadb-12.0.1-linux-x86_64-opt/bin/mariadbd --no-def'.

Program terminated with signal SIGSEGV, Segmentation fault.

#0  wait_while_table_is_used (thd=thd@entry=0x7b2f24000c68, table=0x0, function=function@entry=HA_EXTRA_NOT_USED, lock_wait_timeout=86400)at /test/bb-12.0-nikita-global-tmp_opt/sql/sql_base.cc:1496

1496	             table->mdl_ticket, MDL_EXCLUSIVE,

[Current thread is 1 (LWP 2612756)]

(gdb) bt

#0  wait_while_table_is_used (thd=thd@entry=0x7b2f24000c68, table=0x0, function=function@entry=HA_EXTRA_NOT_USED, lock_wait_timeout=86400)at /test/bb-12.0-nikita-global-tmp_opt/sql/sql_base.cc:1496

#1  0x00005daccd9ea978 in wait_while_table_is_used (thd=0x7b2f24000c68, table=0x0, table@entry=0x7b306eda6580, function=HA_EXTRA_NOT_USED)at /test/bb-12.0-nikita-global-tmp_opt/sql/sql_base.h:247

#2  mysql_rm_table_no_locks (thd=thd@entry=0x7b2f24000c68, tables=tables@entry=0x7b306eda6d60, current_db=current_db@entry=0x7b2f24000d08, ddl_log_state=ddl_log_state@entry=0x7b306eda78c0, if_exists=false, drop_temporary=false, drop_view=<optimized out>, drop_sequence=<optimized out>, dont_log_query=<optimized out>, dont_free_locks=<optimized out>)at /test/bb-12.0-nikita-global-tmp_opt/sql/sql_table.cc:1667

#3  0x00005daccd9f0850 in create_table_impl (thd=thd@entry=0x7b2f24000c68, ddl_log_state_create=ddl_log_state_create@entry=0x7b306eda78a0, ddl_log_state_rm=ddl_log_state_rm@entry=0x7b306eda78c0, orig_db=@0x7b2f24017848: {<Lex_ident_fs> = {<Lex_ident<Compare_table_names>> = {<Lex_cstring> = {<st_mysql_const_lex_string> = {str = 0x7b2f24017820 "test", length = 4}, <No data fields>}, <No data fields>}, <No data fields>}, <No data fields>}, orig_table_name=@0x7b2f24017858: {<Lex_ident_fs> = {<Lex_ident<Compare_table_names>> = {<Lex_cstring> = {<st_mysql_const_lex_string> = {str = 0x7b2f240177f0 "t", length = 1}, <No data fields>}, <No data fields>}, <No data fields>}, <No data fields>}, db=@0x7b2f24017848: {str = 0x7b2f24017820 "test", length = 4}, table_name=@0x7b2f24017858: {str = 0x7b2f240177f0 "t", length = 1}, path=@0x7b306eda7540: {str = 0x7b306eda75a0 "./test/t", length = 8}, options={m_options = DDL_options_st::OPT_OR_REPLACE}, create_info=0x7b306eda7b20, alter_info=0x7b306eda79a8, create_table_mode=0, is_trans=0x7b306eda7927, key_info=0x7b306eda7538, key_count=0x7b306eda756c, frm=0x7b306eda7550)at /test/bb-12.0-nikita-global-tmp_opt/sql/sql_table.cc:4798

#4  0x00005daccd9eff45 in mysql_create_table_no_lock (thd=thd@entry=0x7b2f24000c68, ddl_log_state_create=ddl_log_state_create@entry=0x7b306eda78a0, ddl_log_state_rm=ddl_log_state_rm@entry=0x7b306eda78c0, create_info=create_info@entry=0x7b306eda7b20, alter_info=alter_info@entry=0x7b306eda79a8, is_trans=is_trans@entry=0x7b306eda7927, create_table_mode=0, table_list=0x7b2f24017830)at /test/bb-12.0-nikita-global-tmp_opt/sql/sql_table.cc:5039

#5  0x00005daccda01f64 in mysql_create_table (thd=thd@entry=0x7b2f24000c68, create_table=create_table@entry=0x7b2f24017830, create_info=create_info@entry=0x7b306eda7b20, alter_info=alter_info@entry=0x7b306eda79a8)at /test/bb-12.0-nikita-global-tmp_opt/sql/sql_table.cc:5281

#6  0x00005daccda00b06 in Sql_cmd_create_table_like::execute (this=<optimized out>, thd=0x7b2f24000c68)at /test/bb-12.0-nikita-global-tmp_opt/sql/sql_table.cc:13874

#7  0x00005daccd925fa3 in mysql_execute_command (thd=thd@entry=0x7b2f24000c68, is_called_from_prepared_stmt=false)at /test/bb-12.0-nikita-global-tmp_opt/sql/sql_parse.cc:5865

#8  0x00005daccd921961 in mysql_parse (thd=thd@entry=0x7b2f24000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7b306eda8420)at /test/bb-12.0-nikita-global-tmp_opt/sql/sql_parse.cc:7893

#9  0x00005daccd91fe7f in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7b2f24000c68, packet=packet@entry=0x7b2f24008a69 "CREATE OR REPLACE GLOBAL TEMPORARY TABLE t (c INT)", packet_length=packet_length@entry=50, blocking=true)at /test/bb-12.0-nikita-global-tmp_opt/sql/sql_parse.cc:1881

#10 0x00005daccd921d71 in do_command (thd=thd@entry=0x7b2f24000c68, blocking=true) at /test/bb-12.0-nikita-global-tmp_opt/sql/sql_parse.cc:1420

#11 0x00005daccda7749d in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5dacd11de7e8, put_in_cache=true)at /test/bb-12.0-nikita-global-tmp_opt/sql/sql_connect.cc:1414

#12 0x00005daccda7725f in handle_one_connection (arg=arg@entry=0x5dacd11de7e8)at /test/bb-12.0-nikita-global-tmp_opt/sql/sql_connect.cc:1326

#13 0x00005daccdc34039 in pfs_spawn_thread (arg=0x5dacd118e558)at /test/bb-12.0-nikita-global-tmp_opt/storage/perfschema/pfs.cc:2198

#14 0x00007b306fc9ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447

#15 0x00007b306fd29c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

/test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_base.cc:1496:21: runtime error: member access within null pointer of type 'TABLE'

    #0 0x63024460ba8d in wait_while_table_is_used(THD*, TABLE*, ha_extra_function, unsigned long long) /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_base.cc:1496:21

    #1 0x630244ef8409 in wait_while_table_is_used(THD*, TABLE*, ha_extra_function) /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_base.h:247:10

    #2 0x630244ef8409 in mysql_rm_table_no_locks(THD*, TABLE_LIST*, st_mysql_const_lex_string const*, st_ddl_log_state*, bool, bool, bool, bool, bool, bool) /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_table.cc:1667:13

    #3 0x630244f148a8 in create_table_impl(THD*, st_ddl_log_state*, st_ddl_log_state*, Lex_ident_db const&, Lex_ident_table const&, st_mysql_const_lex_string const&, st_mysql_const_lex_string const&, st_mysql_const_lex_string const&, DDL_options_st, HA_CREATE_INFO*, Alter_info*, int, bool*, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_table.cc:4798:13

    #4 0x630244f12e2d in mysql_create_table_no_lock(THD*, st_ddl_log_state*, st_ddl_log_state*, Table_specification_st*, Alter_info*, bool*, int, TABLE_LIST*) /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_table.cc:5039:8

    #5 0x630244f74578 in mysql_create_table(THD*, TABLE_LIST*, Table_specification_st*, Alter_info*) /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_table.cc:5281:7

    #6 0x630244f6f6ea in Sql_cmd_create_table_like::execute(THD*) /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_table.cc:13874:12

    #7 0x630244abb049 in mysql_execute_command(THD*, bool) /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_parse.cc:5865:26

    #8 0x630244a9d180 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_parse.cc:7893:18

    #9 0x630244a944d6 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_parse.cc:1881:7

    #10 0x630244a9f446 in do_command(THD*, bool) /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_parse.cc:1420:17

    #11 0x6302451f717c in do_handle_one_connection(CONNECT*, bool) /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_connect.cc:1414:11

    #12 0x6302451f69d6 in handle_one_connection /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_connect.cc:1326:5

    #13 0x630243974c0c in asan_thread_start(void*) crtstuff.c

    #14 0x7904c609ca93 in start_thread nptl/pthread_create.c:447:8

    #15 0x7904c6129c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

SUMMARY: UndefinedBehaviorSanitizer: null-pointer-use /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_base.cc:1496:21