SIGSEGV I_P_List_iterator, UBSAN reference binding to null pointer on DROP DATABASE test

DROP DATABASE test;

Core was generated by `/test/MDEV-35915_7_MD141025-mariadb-12.2.0-linux-x86_64-opt/bin/mariadbd --no-d'.

Program terminated with signal SIGSEGV, Segmentation fault.

#0  I_P_List_iterator<TMP_TABLE_SHARE, I_P_List<TMP_TABLE_SHARE, All_tmp_table_shares, I_P_List_null_counter, I_P_List_no_push_back<TMP_TABLE_SHARE> > >::I_P_List_iterator (a=..., this=<optimized out>)at /test/bb-12.2-nikita-global-tmp_opt/sql/sql_plist.h:179

[Current thread is 1 (LWP 724770)]

(gdb) bt

#0  I_P_List_iterator<TMP_TABLE_SHARE, I_P_List<TMP_TABLE_SHARE, All_tmp_table_shares, I_P_List_null_counter, I_P_List_no_push_back<TMP_TABLE_SHARE> > >::I_P_List_iterator (a=@0x0: <incomplete type>, this=<optimized out>)at /test/bb-12.2-nikita-global-tmp_opt/sql/sql_plist.h:179

#1  THD::global_tmp_drop_database (this=0x7bdaa4000c68, db=@0x7bdbd01fdef8: {<Lex_ident_fs> = {<Lex_ident<Compare_table_names>> = {<Lex_cstring> = {<st_mysql_const_lex_string> = {str = 0x7bdbd01fe070 "test", length = 4}, <No data fields>}, <No data fields>}, <No data fields>}, <No data fields>}) at /test/bb-12.2-nikita-global-tmp_opt/sql/temporary_tables.cc:1482

#2  0x00005e716aa5e0a2 in mysql_rm_db_internal (thd=0x7bdaa4000c68, db=@0x7bdbd01fdef8: {<Lex_ident_fs> = {<Lex_ident<Compare_table_names>> = {<Lex_cstring> = {<st_mysql_const_lex_string> = {str = 0x7bdbd01fe070 "test", length = 4}, <No data fields>}, <No data fields>}, <No data fields>}, <No data fields>}, if_exists=<optimized out>, silent=false)at /test/bb-12.2-nikita-global-tmp_opt/sql/sql_db.cc:1130

#3  0x00005e716aab1a5e in mysql_execute_command (thd=thd@entry=0x7bdaa4000c68, is_called_from_prepared_stmt=false)at /test/bb-12.2-nikita-global-tmp_opt/sql/sql_parse.cc:5057

#4  0x00005e716aaab1d4 in mysql_parse (thd=thd@entry=0x7bdaa4000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7bdbd01fe420)at /test/bb-12.2-nikita-global-tmp_opt/sql/sql_parse.cc:7895

#5  0x00005e716aaa997d in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7bdaa4000c68, packet=packet@entry=0x7bdaa40089f9 "DROP DATABASE test", packet_length=packet_length@entry=18, blocking=true)at /test/bb-12.2-nikita-global-tmp_opt/sql/sql_parse.cc:1882

#6  0x00005e716aaab651 in do_command (thd=thd@entry=0x7bdaa4000c68, blocking=true) at /test/bb-12.2-nikita-global-tmp_opt/sql/sql_parse.cc:1421

#7  0x00005e716ac0174d in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5e716cdcbde8, put_in_cache=true)at /test/bb-12.2-nikita-global-tmp_opt/sql/sql_connect.cc:1414

#8  0x00005e716ac0150f in handle_one_connection (arg=arg@entry=0x5e716cdcbde8)at /test/bb-12.2-nikita-global-tmp_opt/sql/sql_connect.cc:1326

#9  0x00005e716adc6349 in pfs_spawn_thread (arg=0x5e716cd7b948)at /test/bb-12.2-nikita-global-tmp_opt/storage/perfschema/pfs.cc:2198

#10 0x00007bdbd789ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447

#11 0x00007bdbd7929c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

Core was generated by `/test/MDEV-35915_7_MD161025-mariadb-12.2.0-linux-x86_64-dbg/bin/mariadbd --no-d'.

Program terminated with signal SIGSEGV, Segmentation fault.

#0  0x00005b6843a786bb in I_P_List_iterator<TMP_TABLE_SHARE, I_P_List<TMP_TABLE_SHARE, All_tmp_table_shares, I_P_List_null_counter, I_P_List_no_push_back<TMP_TABLE_SHARE> > >::I_P_List_iterator (this=0x7ea45cae48d0, a=...)at /test/bb-12.2-nikita-global-tmp_dbg/sql/sql_plist.h:179

179	    : list(&a), current(a.m_first) {}

[Current thread is 1 (LWP 2121834)]

(gdb) bt

#0  0x00005b6843a786bb in I_P_List_iterator<TMP_TABLE_SHARE, I_P_List<TMP_TABLE_SHARE, All_tmp_table_shares, I_P_List_null_counter, I_P_List_no_push_back<TMP_TABLE_SHARE> > >::I_P_List_iterator (this=0x7ea45cae48d0, a=@0x0: <incomplete type>)at /test/bb-12.2-nikita-global-tmp_dbg/sql/sql_plist.h:179

#1  0x00005b6843cb7389 in THD::global_tmp_drop_database (this=0x7ea370000d58, db=@0x7ea45cae5bb8: {<Lex_ident_fs> = {<Lex_ident<Compare_table_names>> = {<Lex_cstring> = {<st_mysql_const_lex_string> = {str = 0x7ea45cae5f88 "test", length = 4}, <No data fields>}, <No data fields>}, <No data fields>}, <No data fields>}) at /test/bb-12.2-nikita-global-tmp_dbg/sql/temporary_tables.cc:1482

#2  0x00005b68438f8c00 in mysql_rm_db_internal (thd=0x7ea370000d58, db=@0x7ea45cae5bb8: {<Lex_ident_fs> = {<Lex_ident<Compare_table_names>> = {<Lex_cstring> = {<st_mysql_const_lex_string> = {str = 0x7ea45cae5f88 "test", length = 4}, <No data fields>}, <No data fields>}, <No data fields>}, <No data fields>}, if_exists=false, silent=false)at /test/bb-12.2-nikita-global-tmp_dbg/sql/sql_db.cc:1130

#3  0x00005b68438f87ec in mysql_rm_db (thd=0x7ea370000d58, db=@0x7ea45cae5bb8: {<Lex_ident_fs> = {<Lex_ident<Compare_table_names>> = {<Lex_cstring> = {<st_mysql_const_lex_string> = {str = 0x7ea45cae5f88 "test", length = 4}, <No data fields>}, <No data fields>}, <No data fields>}, <No data fields>}, if_exists=false) at /test/bb-12.2-nikita-global-tmp_dbg/sql/sql_db.cc:1329

#4  0x00005b6843978c86 in mysql_execute_command (thd=0x7ea370000d58, is_called_from_prepared_stmt=false)at /test/bb-12.2-nikita-global-tmp_dbg/sql/sql_parse.cc:5057

#5  0x00005b684396d538 in mysql_parse (thd=0x7ea370000d58, rawbuf=0x7ea370019e80 "drop database test", length=18, parser_state=0x7ea45cae6a10)at /test/bb-12.2-nikita-global-tmp_dbg/sql/sql_parse.cc:7895

#6  0x00005b684396ad19 in dispatch_command (command=COM_QUERY, thd=0x7ea370000d58, packet=0x7ea37000b1f9 "drop database test", packet_length=18, blocking=true)at /test/bb-12.2-nikita-global-tmp_dbg/sql/sql_parse.cc:1882

#7  0x00005b684396dfba in do_command (thd=0x7ea370000d58, blocking=true)at /test/bb-12.2-nikita-global-tmp_dbg/sql/sql_parse.cc:1421

#8  0x00005b6843b609ee in do_handle_one_connection (connect=0x5b6846388368, put_in_cache=true)at /test/bb-12.2-nikita-global-tmp_dbg/sql/sql_connect.cc:1414

#9  0x00005b6843b607d1 in handle_one_connection (arg=0x5b6846399408)at /test/bb-12.2-nikita-global-tmp_dbg/sql/sql_connect.cc:1326

#10 0x00007ea45fa9ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447

#11 0x00007ea45fb29c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

/test/bb-12.2-nikita-global-tmp_opt_san/sql/temporary_tables.cc:1482:36: runtime error: reference binding to null pointer of type 'const I_P_List<TMP_TABLE_SHARE, All_tmp_table_shares>'

    #0 0x64df0d08e8df in THD::global_tmp_drop_database(Lex_ident_db const&) /test/bb-12.2-nikita-global-tmp_opt_san/sql/temporary_tables.cc:1482:33

    #1 0x64df0c243eb5 in mysql_rm_db_internal(THD*, Lex_ident_db const&, bool, bool) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_db.cc:1130:8

    #2 0x64df0c416dc6 in mysql_execute_command(THD*, bool) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_parse.cc:5057:10

    #3 0x64df0c3f3545 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_parse.cc:7895:18

    #4 0x64df0c3eb708 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_parse.cc:1882:7

    #5 0x64df0c3f5480 in do_command(THD*, bool) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_parse.cc:1421:17

    #6 0x64df0cc2048c in do_handle_one_connection(CONNECT*, bool) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_connect.cc:1414:11

    #7 0x64df0cc1ffa6 in handle_one_connection /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_connect.cc:1326:5

    #8 0x64df0b3d45ea in asan_thread_start(void*) crtstuff.c

    #9 0x764cd849ca93 in start_thread nptl/pthread_create.c:447:8

    #10 0x764cd8529c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

SUMMARY: UndefinedBehaviorSanitizer: null-pointer-use /test/bb-12.2-nikita-global-tmp_opt_san/sql/temporary_tables.cc:1482:36