Server crashes in XMLSchema_user_type::validate_prepare/XMLSchema_attribute::validate_prepare

SELECT XMLISVALID('<a b="x"/>',

  '<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"><xs:element name="a">

  <xs:complexType><xs:attribute name="b" type="xs:string"/></xs:complexType></xs:element></xs:schema>');

#2  __GI___pthread_kill (threadid=<optimized out>, signo=0xb) at ./nptl/pthread_kill.c:89

#3  0x00005c6b094fd257 in my_write_core (sig=0xb) at /13.1/mysys/stacktrace.c:424

#4  0x00005c6b07413b37 in handle_fatal_signal (sig=0xb) at /13.1/sql/signal_handler.cc:298

#5  <signal handler called>

#6  0x00005c6b096ee62a in XMLSchema_user_type::validate_prepare (this=<optimized out>) at /13.1/plugin/type_xmltype/item_func_xml_isvalid.cc:1301

#7  0x00005c6b096e2256 in XMLSchema_attribute::validate_prepare (this=<optimized out>) at /13.1/plugin/type_xmltype/item_func_xml_isvalid.cc:3255

#8  0x00005c6b096e8acf in XMLSchema_schema::validate_element (this=0x52d000188648, st=st@entry=0x52d000188508, attr=attr@entry=0x52d000186b79 "a b=\"x\"/>", len=len@entry=0x1) at /13.1/plugin/type_xmltype/item_func_xml_isvalid.cc:3247

#9  0x00005c6b096e8be8 in XMLSchema_root::validate_tag (this=<optimized out>, st=0x52d000188508, attr=0x52d000186b79 "a b=\"x\"/>", len=0x1) at /13.1/plugin/type_xmltype/item_func_xml_isvalid.cc:2289

#10 0x00005c6b096e2557 in validation_enter (st=<optimized out>, attr=<optimized out>, len=<optimized out>) at /13.1/plugin/type_xmltype/item_func_xml_isvalid.cc:3459

#11 0x00005c6b095eefc8 in my_xml_enter (st=st@entry=0x736c33157630, str=0x52d000186b79 "a b=\"x\"/>", len=0x1) at /13.1/strings/xml.c:381

#12 0x00005c6b095efe3d in my_xml_parse (p=0x736c33157630, str=<optimized out>, len=<optimized out>) at /13.1/strings/xml.c:513

#13 0x00005c6b096e28f6 in validate_schema (xml=(const String *) 0x52d000186bc0 _latin1 ..., user_data=0x52d000188508) at /13.1/plugin/type_xmltype/item_func_xml_isvalid.cc:3511

#14 0x00005c6b096e2b0f in Item_func_xml_isvalid::val_bool (this=0x52d000187068) at /13.1/plugin/type_xmltype/item_func_xml_isvalid.cc:3525

#15 0x00005c6b072b749f in Item_bool_func::val_int (this=0x52d000187068) at /13.1/sql/item_cmpfunc.h:245

#16 0x00005c6b084e9b77 in Type_handler::Item_send_long (this=<optimized out>, item=0x52d000187068, protocol=0x52c0001e0900, buf=<optimized out>) at /13.1/sql/sql_type.cc:7698

#17 0x00005c6b08503167 in Type_handler_long::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /13.1/sql/sql_type.h:6033

#18 0x00005c6b072b1f9d in Item::send (this=0x52d000187068, protocol=0x52c0001e0900, buffer=0x736c3332d8a0) at /13.1/sql/item.h:1238

#19 0x00005c6b079d3630 in Protocol::send_result_set_row (this=this@entry=0x52c0001e0900, row_items=row_items@entry=(List<Item> *) 0x52d000186920 0x1 Item's) at /13.1/sql/protocol.cc:1358

#20 0x00005c6b07bb031a in select_send::send_data (this=0x52d000187bf0, items=...) at /13.1/sql/sql_class.cc:3411

#21 0x00005c6b07bbf13a in select_result_sink::send_data_with_check (this=0x52d000187bf0, items=..., u=<optimized out>, sent=sent@entry=0x0) at /13.1/sql/sql_class.cc:3309

#22 0x00005c6b07eff93e in JOIN::exec_inner (this=this@entry=0x52d000187c28) at /13.1/sql/sql_select.cc:4996

#23 0x00005c6b07f00d94 in JOIN::exec (this=this@entry=0x52d000187c28) at /13.1/sql/sql_select.cc:4913

#24 0x00005c6b07efc717 in mysql_select (thd=thd@entry=0x52c0001e0220, tables=<optimized out>, fields=..., conds=<optimized out>, og_num=<optimized out>, order=<optimized out>, group=<optimized out>, having=<optimized out>, proc_param=<optimized out>, select_options=<optimized out>, result=<optimized out>, unit=<optimized out>, select_lex=<optimized out>) at /13.1/sql/sql_select.cc:5439

#25 0x00005c6b07efcf23 in handle_select (thd=thd@entry=0x52c0001e0220, lex=lex@entry=0x52c0001e4860, result=result@entry=0x52d000187bf0, setup_tables_done_option=setup_tables_done_option@entry=0x0) at /13.1/sql/sql_select.cc:636

#26 0x00005c6b07d313ea in execute_sqlcom_select (thd=thd@entry=0x52c0001e0220, all_tables=<optimized out>) at /13.1/sql/sql_parse.cc:6217

#27 0x00005c6b07d50110 in mysql_execute_command (thd=thd@entry=0x52c0001e0220, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=0x0) at /13.1/sql/sql_parse.cc:3991

#28 0x00005c6b07d5d7d4 in mysql_parse (thd=thd@entry=0x52c0001e0220, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x736c335131a0) at /13.1/sql/sql_parse.cc:7945

#29 0x00005c6b07d61584 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x52c0001e0220, packet=packet@entry=0x52900022b221 "", packet_length=packet_length@entry=0xd8, blocking=blocking@entry=0x1) at /13.1/sql/sql_parse.cc:1903

#30 0x00005c6b07d6631e in do_command (thd=thd@entry=0x52c0001e0220, blocking=blocking@entry=0x1) at /13.1/sql/sql_parse.cc:1437

#31 0x00005c6b0824a0be in do_handle_one_connection (connect=<optimized out>, connect@entry=0x50b000006410, put_in_cache=put_in_cache@entry=0x1) at /13.1/sql/sql_connect.cc:1503

#32 0x00005c6b0824a5a3 in handle_one_connection (arg=arg@entry=0x50b000006410) at /13.1/sql/sql_connect.cc:1415

#33 0x00005c6b0884f8c4 in pfs_spawn_thread (arg=arg@entry=0x517000009720) at /13.1/storage/perfschema/pfs.cc:2198

#34 0x00007b6c4ea5ea42 in asan_thread_start (arg=0x736c3ee69000) at ../../../../src/libsanitizer/asan/asan_interceptors.cpp:234

#35 0x00007b6c4dc9caa4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:447

#36 0x00007b6c4dd29c6c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78