Assertion `(engine->uncacheable() & ~8) || ! engine->is_executed() || with_recursive_reference' failed at item_subselect.cc:1980

I am Zuming Jiang, a PhD student at ETH Zurich. I used my new fuzzer to fuzz MariaDB and found a bug that can directly crashes MariaDB10.8.3 server. The bug information is following:

Installation process of MariaDB (DEBUG mode, enable ASAN)

cd /home/mysql/mariadb-10.8.3
mkdir build; cd build
cmake .. -DCMAKE_BUILD_TYPE=Debug -DWITH_ASAN=ON
make -j12 && sudo make install

Reproduce process

step 1: set up MariaDB server and create database named "testdb"

/usr/local/mysql/bin/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --plugin-dir=/usr/local/mysql/lib/plugin --user=mysql &
/usr/local/mysql/bin/mysql -uroot
mysql> create database testdb;

step2: trigger the bug

/usr/local/mysql/bin/mysql -uroot -Dtestdb < mysql_bk.sql
/usr/local/mysql/bin/mysql -uroot -Dtestdb < bug_trigger_stmt.sql

Bug Information

The bug-triggering files "mysql_bk.sql" and "bug_trigger_stmt.sql" is in the attached.

The error report of MySQL is in the attached file "bug_report.txt"