Bug #111527 Assertion `inited == RND' failed
Submitted: 21 Jun 2023 20:54 Modified: 22 Jun 2023 5:08
Reporter: Yu Liang Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: DML Severity:S6 (Debug Builds)
Version:8.0.33 OS:Ubuntu (20.04 LTS)
Assigned to: CPU Architecture:x86 (Intel(R) Core(TM) i7-10700 CPU)

[21 Jun 2023 20:54] Yu Liang
Description:
The latest version of the MySQL Server (version 8.0.33 debug build) (git commit hash: ea7087d8850) crashes with Assertion Failure when executing the following query:

Config from "/etc/mysql/conf.d/mysql.cnf":

```
[mysqld]
sql_mode = "NO_ENGINE_SUBSTITUTION"
```

```sql
drop database if exists test123;
create database test123;
use test123;
CREATE TABLE v0 ( v1 INT ) ;
INSERT INTO v0 ( v1 ) VALUES ( 0 ) ;
UPDATE v0 SET v1 = 0 WHERE ( EXISTS ( WITH v0 AS ( SELECT NULL , v1 = v1 ) SELECT v1 , v1 FROM v0 AS v3 NATURAL JOIN v0 AS v4 ) )  ;
```

In the debug build, the server crashes with the following stack trace: 

```
mysql> UPDATE v0 SET v1 = 0 WHERE ( EXISTS ( WITH v0 AS ( SELECT NULL , v1 = v1 ) SELECT v1 , v1 FROM v0 AS v3 NATURAL JOIN v0 AS v4 ) )  ;
mbind: Operation not permitted
mysqld: /home/mysql/mysql-server/sql/handler.cc:2965: int handler::ha_rnd_next(uchar *): Assertion `inited == RND' failed.
2023-06-21T20:50:17Z UTC - mysqld got signal 6 ;
Most likely, you have hit a bug, but this error can also be caused by malfunctioning hardware.
BuildID[sha1]=c695969d774e9eb274304e1df8040ccfcea26f50
Thread pointer: 0xfffef0001040
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = ffff84547538 thread_stack 0x100000
/home/mysql/mysql-server/bld/runtime_output_directory/mysqld(my_print_stacktrace(unsigned char const*, unsigned long)+0x60) [0x4e608c0]
/home/mysql/mysql-server/bld/runtime_output_directory/mysqld(print_fatal_signal(int)+0x354) [0x1a872c4]
/home/mysql/mysql-server/bld/runtime_output_directory/mysqld(handle_fatal_signal+0x178) [0x1a87680]
linux-vdso.so.1(__kernel_rt_sigreturn+0) [0xffff8ec1c7a0]
/lib/aarch64-linux-gnu/libc.so.6(gsignal+0xe0) [0xffff8e28fd78]
/lib/aarch64-linux-gnu/libc.so.6(abort+0x114) [0xffff8e27caac]
/lib/aarch64-linux-gnu/libc.so.6(+0x2d490) [0xffff8e289490]
/lib/aarch64-linux-gnu/libc.so.6(+0x2d4f4) [0xffff8e2894f4]
/home/mysql/mysql-server/bld/runtime_output_directory/mysqld(handler::ha_rnd_next(unsigned char*)+0x4c0) [0x1df2e24]
/home/mysql/mysql-server/bld/runtime_output_directory/mysqld(TableScanIterator::Read()+0x1c4) [0x21ba0e8]
/home/mysql/mysql-server/bld/runtime_output_directory/mysqld(MaterializeIterator<DummyIteratorProfiler>::Read()+0x12c) [0x26a1338]
/home/mysql/mysql-server/bld/runtime_output_directory/mysqld(FilterIterator::Read()+0xc0) [0x268bd14]
/home/mysql/mysql-server/bld/runtime_output_directory/mysqld(NestedLoopIterator::Read()+0x134) [0x268e490]
/home/mysql/mysql-server/bld/runtime_output_directory/mysqld(NestedLoopIterator::Read()+0x338) [0x268e694]
/home/mysql/mysql-server/bld/runtime_output_directory/mysqld(UpdateRowsIterator::Read()+0x160) [0x18cfb88]
/home/mysql/mysql-server/bld/runtime_output_directory/mysqld(Query_expression::ExecuteIteratorQuery(THD*)+0xc9c) [0x18b49d0]
/home/mysql/mysql-server/bld/runtime_output_directory/mysqld(Query_expression::execute(THD*)+0x154) [0x18b59a0]
/home/mysql/mysql-server/bld/runtime_output_directory/mysqld(Sql_cmd_dml::execute_inner(THD*)+0x140) [0x17371e8]
/home/mysql/mysql-server/bld/runtime_output_directory/mysqld(Sql_cmd_update::execute_inner(THD*)+0x15c) [0x18c75e0]
/home/mysql/mysql-server/bld/runtime_output_directory/mysqld(Sql_cmd_dml::execute(THD*)+0x7f8) [0x17351a8]
/home/mysql/mysql-server/bld/runtime_output_directory/mysqld(mysql_execute_command(THD*, bool)+0x3858) [0x162a9e8]
/home/mysql/mysql-server/bld/runtime_output_directory/mysqld(dispatch_sql_command(THD*, Parser_state*)+0x111c) [0x1622fac]
/home/mysql/mysql-server/bld/runtime_output_directory/mysqld(dispatch_command(THD*, COM_DATA const*, enum_server_command)+0x547c) [0x161be58]
/home/mysql/mysql-server/bld/runtime_output_directory/mysqld(do_command(THD*)+0xbdc) [0x16205d4]
/home/mysql/mysql-server/bld/runtime_output_directory/mysqld() [0x1a57980]
/home/mysql/mysql-server/bld/runtime_output_directory/mysqld() [0x65570d0]
/lib/aarch64-linux-gnu/libpthread.so.0(+0x7624) [0xffff8ebc2624]
/lib/aarch64-linux-gnu/libc.so.6(+0xd149c) [0xffff8e32d49c]

Trying to get some variables.
Some pointers may be invalid and cause the dump to abort.
Query (fffef00243c0): UPDATE v0 SET v1 = 0 WHERE ( EXISTS ( WITH v0 AS ( SELECT NULL , v1 = v1 ) SELECT v1 , v1 FROM v0 AS v3 NATURAL JOIN v0 AS v4 ) )
Connection ID (thread ID): 8
Status: NOT_KILLED
```

How to repeat:
Steps to repeat the Assertion Failure:
1. Download the MySQL Server source code from the official github repo: `https://github.com/mysql/mysql-server`
2. Checkout to the latest mysql released version: 8.0.33 (hash: `ea7087d8850`)
3. Compile MySQL using the command: 

```
mkdir -p bld
cd bld
cmake .. -DDOWNLOAD_BOOST=1 -DWITH_BOOST=../boost -DWITH_UNIT_TESTS=OFF -DWITH_DEBUG=1
make
```

4. Run the MySQL Server with command: 

```
./bin/mysqld --basedir=$(pwd) --datadir=$(pwd)/data_all/ori_data --port=7000  --socket=/tmp/mysql_0.sock --mysqlx=OFF --performance_schema=OFF
```

5. Setup the MySQL Server config in the path: "/etc/mysql/conf.d/mysql.cnf"

```
[mysqld]
sql_mode = "NO_ENGINE_SUBSTITUTION"
```

6. Run the MySQL Client with the PoC:

```
./bin/mysql --port=7000 --user=root --socket=/tmp/mysql_0.sock < poc_0.sql
```

where `poc_0.sql` is:

```sql
drop database if exists test123;
create database test123;
use test123;
CREATE TABLE v0 ( v1 INT ) ;
INSERT INTO v0 ( v1 ) VALUES ( 0 ) ;
UPDATE v0 SET v1 = 0 WHERE ( EXISTS ( WITH v0 AS ( SELECT NULL , v1 = v1 ) SELECT v1 , v1 FROM v0 AS v3 NATURAL JOIN v0 AS v4 ) )  ;
```

Suggested fix:
The server should continue running instead of crashing by Assertion Failure.

Only debug mode is affected.
[22 Jun 2023 5:08] MySQL Verification Team
Hello Yu Liang,

Thank you for the report and test case.
Observed that 8.0.33 debug build is affected.

regards,
Umesh
[22 Jun 2023 5:09] MySQL Verification Team
-- release build - not affected
./mtr bug111527 --nocheck-testcases
Logging: ./mtr  bug111527 --nocheck-testcases
MySQL Version 8.0.33
Checking supported features
Using 'all' suites
Collecting tests
Checking leftover processes
Removing old var directory
 - WARNING: Using the 'mysql-test/var' symlink
Creating var directory '/export/home/tmp/ushastry/mysql-8.0.33/mysql-test/var'
Installing system database
Using parallel: 1

==============================================================================
                  TEST NAME                       RESULT  TIME (ms) COMMENT
------------------------------------------------------------------------------
drop database if exists test123;
Warnings:
Note    1008    Can't drop database 'test123'; database doesn't exist
create database test123;
use test123;
CREATE TABLE v0 ( v1 INT ) ;
INSERT INTO v0 ( v1 ) VALUES ( 0 ) ;
UPDATE v0 SET v1 = 0 WHERE ( EXISTS ( WITH v0 AS ( SELECT NULL , v1 = v1 ) SELECT v1 , v1 FROM v0 AS v3 NATURAL JOIN v0 AS v4 ) )  ;
[ 50%] main.bug111527                            [ pass ]      9
[100%] shutdown_report                           [ pass ]

-- debug build - affected
 ./mtr bug111527 --nocheck-testcases --debug-server
Logging: ./mtr  bug111527 --nocheck-testcases --debug-server
MySQL Version 8.0.33
Checking supported features
 - Binaries are debug compiled
Using 'all' suites
Collecting tests
Checking leftover processes
Removing old var directory
 - WARNING: Using the 'mysql-test/var' symlink
Creating var directory '/export/home/tmp/ushastry/mysql-8.0.33/mysql-test/var'
Installing system database
Using parallel: 1

==============================================================================
                  TEST NAME                       RESULT  TIME (ms) COMMENT
------------------------------------------------------------------------------
drop database if exists test123;
Warnings:
Note    1008    Can't drop database 'test123'; database doesn't exist
create database test123;
use test123;
CREATE TABLE v0 ( v1 INT ) ;
INSERT INTO v0 ( v1 ) VALUES ( 0 ) ;
UPDATE v0 SET v1 = 0 WHERE ( EXISTS ( WITH v0 AS ( SELECT NULL , v1 = v1 ) SELECT v1 , v1 FROM v0 AS v3 NATURAL JOIN v0 AS v4 ) )  ;
[ 50%] main.bug111527                            [ fail ]
        Test ended at 2023-06-22 07:07:49

CURRENT_TEST: main.bug111527
mysqltest: At line 6: Query 'UPDATE v0 SET v1 = 0 WHERE ( EXISTS ( WITH v0 AS ( SELECT NULL , v1 = v1 ) SELECT v1 , v1 FROM v0 AS v3 NATURAL JOIN v0 AS v4 ) )  ' failed.
ERROR 2013 (HY000): Lost connection to MySQL server during query

-bt

#0  0x00007f589e4c1aa1 in pthread_kill () from /lib64/libpthread.so.0
#1  0x0000000003f9296e in my_write_core(int) ()
#2  0x00000000032365f5 in handle_fatal_signal ()
#3  <signal handler called>
#4  0x00007f589c6fb387 in raise () from /lib64/libc.so.6
#5  0x00007f589c6fca78 in abort () from /lib64/libc.so.6
#6  0x00007f589c6f41a6 in __assert_fail_base () from /lib64/libc.so.6
#7  0x00007f589c6f4252 in __assert_fail () from /lib64/libc.so.6
#8  0x0000000003345fd7 in handler::ha_rnd_next(unsigned char*) ()
#9  0x000000000346764d in TableScanIterator::Read() ()
#10 0x00000000035d0b8e in MaterializeIterator<DummyIteratorProfiler>::Read() ()
#11 0x00000000035ce33f in FilterIterator::Read() ()
#12 0x00000000035ceb94 in NestedLoopIterator::Read() ()
#13 0x00000000035cec1f in NestedLoopIterator::Read() ()
#14 0x000000000319896f in UpdateRowsIterator::Read() ()
#15 0x0000000003190a7b in Query_expression::ExecuteIteratorQuery(THD*) ()
#16 0x0000000003190b92 in Query_expression::execute(THD*) ()
#17 0x000000000311a12a in Sql_cmd_dml::execute_inner(THD*) ()
#18 0x000000000319b363 in Sql_cmd_update::execute_inner(THD*) ()
#19 0x0000000003123873 in Sql_cmd_dml::execute(THD*) ()
#20 0x00000000030c24af in mysql_execute_command(THD*, bool) ()
#21 0x00000000030c5dc9 in dispatch_sql_command(THD*, Parser_state*) ()
#22 0x00000000030c752b in dispatch_command(THD*, COM_DATA const*, enum_server_command) ()
#23 0x00000000030c926e in do_command(THD*) ()
#24 0x0000000003227bb7 in handle_connection ()
#25 0x0000000004743af9 in pfs_spawn_thread ()
#26 0x00007f589e4bcea5 in start_thread () from /lib64/libpthread.so.0
#27 0x00007f589c7c3b2d in clone () from /lib64/libc.so.6