[MDEV-29232] Assertion `(engine->uncacheable() & ~8) || ! engine->is_executed() || with_recursive_reference' failed at item_subselect.cc:1980 Created: 2022-08-02  Updated: 2023-09-04  Resolved: 2022-08-02

Status: Closed
Project: MariaDB Server
Component/s: Data Manipulation - Subquery
Affects Version/s: 10.8.3
Fix Version/s: N/A

Type: Bug Priority: Critical
Reporter: Zuming Jiang Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: crash
Environment:

Ubuntu 20.04

Attachments: Text File bug_report.txt     File bug_trigger_stmt.sql     File mysql_bk.sql    
Issue Links:
Duplicate
is duplicated by MDEV-22375 Assertion `(engine->uncacheable() & ~... Stalled

 Description   

I am Zuming Jiang, a PhD student at ETH Zurich. I used my new fuzzer to fuzz MariaDB and found a bug that can directly crashes MariaDB10.8.3 server. The bug information is following:

Installation process of MariaDB (DEBUG mode, enable ASAN)

cd /home/mysql/mariadb-10.8.3
mkdir build; cd build
cmake .. -DCMAKE_BUILD_TYPE=Debug -DWITH_ASAN=ON
make -j12 && sudo make install

Reproduce process

step 1: set up MariaDB server and create database named "testdb"

/usr/local/mysql/bin/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --plugin-dir=/usr/local/mysql/lib/plugin --user=mysql &
/usr/local/mysql/bin/mysql -uroot
mysql> create database testdb;

step2: trigger the bug

/usr/local/mysql/bin/mysql -uroot -Dtestdb < mysql_bk.sql
/usr/local/mysql/bin/mysql -uroot -Dtestdb < bug_trigger_stmt.sql

Bug Information

The bug-triggering files "mysql_bk.sql" and "bug_trigger_stmt.sql" is in the attached.

The error report of MySQL is in the attached file "bug_report.txt"
Generated at Thu Feb 08 10:06:55 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.