MDEV-6896 kill user command cause MariaDB crash

mysql-test/r/kill-2.result:
  test case for MDEV-6896
mysql-test/t/kill-2-master.opt:
  test case for MDEV-6896
mysql-test/t/kill-2.test:
  test case for MDEV-6896
sql/sql_parse.cc:
  Use host_or_ip instead of host as host may be 0

mysql-test/r/kill-2.result

@@ -0,0 +1,10 @@
+#
+# MDEV-6896 kill user command cause MariaDB crash!
+#
+create user foo@'127.0.0.1';
+select user from information_schema.processlist;
+user
+foo
+root
+kill user foo@'127.0.0.1';
+drop user foo@'127.0.0.1';

mysql-test/t/kill-2-master.opt

@@ -0,0 +1 @@
+--skip-name-resolve

mysql-test/t/kill-2.test

@@ -0,0 +1,29 @@
+#
+# Test KILL and KILL QUERY statements.
+#
+# Killing a connection in an embedded server does not work like in a normal
+# server, if it is waiting for a new statement. In an embedded server, the
+# connection does not read() from a socket, but returns control to the
+# application. 'mysqltest' does not handle the kill request.
+#
+
+-- source include/not_embedded.inc
+-- source include/not_threadpool.inc
+
+--echo #
+--echo # MDEV-6896 kill user command cause MariaDB crash!
+--echo #
+
+create user foo@'127.0.0.1';
+
+--connect (con1,127.0.0.1,foo,,)
+
+--connection default
+select user from information_schema.processlist;
+kill user foo@'127.0.0.1';
+
+let $wait_condition=
+    select count(*) = 0 from information_schema.processlist
+    where user = "foo";
+--source include/wait_condition.inc
+drop user foo@'127.0.0.1';

sql/sql_parse.cc

@@ -6745,7 +6745,7 @@ static uint kill_threads_for_user(THD *thd, LEX_USER *user,
       host.str[0] == '%' means that host name was not given. See sql_yacc.yy
     */
     if (((user->host.str[0] == '%' && !user->host.str[1]) ||
-         !strcmp(tmp->security_ctx->host, user->host.str)) &&
+         !strcmp(tmp->security_ctx->host_or_ip, user->host.str)) &&
         !strcmp(tmp->security_ctx->user, user->user.str))
     {
       if (!(thd->security_ctx->master_access & SUPER_ACL) &&