[Bug]: truncate返回了预期之外的类型，导致select distinct出现预期之外的结果

[r33s3n6]

Describe the bug
master分支版本，truncate返回了预期之外的类型，导致select distinct出现预期之外的结果。

Fast Reproduce Steps(Required)
先执行init.sql建表，随后执行error.sql，出现预期之外的结果。可以尝试多次执行error.sql来复现错误。如果多次尝试未果，可以尝试重新建立数据库，再次执行init.sql建表
init.sql.txt
error.sql.txt

Expected behavior

truncate(
      cast(round(
        cast(cast((3233656 % ref_1.c3) as signed) as signed)) as signed), 
      cast(ref_1.c2 as signed))

其中ref_1.c3是整数，根据MySQL文档，round的结果应为整数

The return value has the same type as the first argument (assuming that it is integer, double, or decimal). This means that for an integer argument, the result is an integer (no decimal places):

truncate的返回值亦应为整数：

In MySQL 8.0.21 and later, the data type returned by TRUNCATE() follows the same rules that determine the return type of the ROUND() function; for details, see the description for ROUND().

OB单独执行truncate时，返回的类型为整数：

mysql> select truncate(round(cast(3233656 %(1) as signed)),1);
Field   1:  `truncate(round(cast(3233656 %(1) as signed)),1)`
Catalog:    `def`
Database:   ``
Table:      ``
Org_table:  ``
Type:       LONGLONG
Collation:  binary (63)
Length:     20
Max_length: 1
Decimals:   0
Flags:      NOT_NULL BINARY NUM 


+-------------------------------------------------+
| truncate(round(cast(3233656 %(1) as signed)),1) |
+-------------------------------------------------+
|                                               0 |
+-------------------------------------------------+
1 row in set (0.00 sec)

Actual Behavior

但是在下列语句中，返回浮点数，造成select distinct出现预期之外的结果

mysql> SELECT
    ->   ref_0.c_bg9krh as c0
    -> FROM
    ->   t_qch as ref_0
    -> 
    -> UNION
    -> (SELECT DISTINCT
    ->   truncate(
    ->       cast(round(
    ->         cast(cast((3233656 % ref_1.c3) as signed) as signed)) as signed), 
    ->       cast(ref_1.c2 as signed)) as c0
    -> FROM
    ->   t_a_ez9jc59 as ref_1)
    -> ORDER BY
    ->   c0 
    -> LIMIT 117;
Field   1:  `c0`
Catalog:    `def`
Database:   ``
Table:      ``
Org_table:  ``
Type:       DOUBLE
Collation:  binary (63)
Length:     17
Max_length: 11
Decimals:   0
Flags:      BINARY NUM 


+-------------+
| c0          |
+-------------+
|        NULL |
| -2021574064 |
|           0 |
| -1963773512 |
|           0 |
| -1879777999 |
|           0 |
| -1740571589 |
|           0 |
| -1715389131 |
|           0 |
| -1674063442 |
|           0 |
| -1641691647 |
|           0 |
| -1540336514 |
|           0 |
| -1378341297 |
|           0 |
| -1374157099 |
|           0 |
| -1274855571 |
|           0 |
| -1166903476 |
|           0 |
| -1094434317 |
|           0 |
| -1063824069 |
|           0 |
|  -981011164 |
|           0 |
|  -971071414 |
|           0 |
|  -941143618 |
|           0 |
|  -880311274 |
|           0 |
|  -759289296 |
|           0 |
|  -713740040 |
|           0 |
|  -659681502 |
|           0 |
|  -475671312 |
|           0 |
|  -394822541 |
|           0 |
|  -178668508 |
|           0 |
|  -110469488 |
|           0 |
|   -68921807 |
|           0 |
|   -53137357 |
|           0 |
|    26489918 |
|           0 |
|   251656712 |
|           0 |
|   287413576 |
|           0 |
|   314063545 |
|           0 |
|   319242772 |
|           0 |
|   321004621 |
|           0 |
|   545226296 |
|           0 |
|   545338441 |
|           0 |
|   818767861 |
|           0 |
|   883966219 |
|           0 |
|  1087461934 |
|           0 |
|  1163849600 |
|           0 |
|  1284448788 |
|           0 |
|  1638543713 |
|           0 |
|  1657903396 |
|           0 |
|  1782183253 |
|           0 |
|  2111803538 |
|           0 |
|           0 |
|           0 |
|           0 |
|           0 |
|           0 |
|           0 |
|           0 |
|           0 |
|           0 |
|           0 |
|           0 |
|           0 |
|           0 |
|           0 |
|           0 |
|           0 |
|           0 |
|           0 |
|           0 |
|           0 |
|           0 |
|           0 |
|           0 |
|           0 |
|           0 |
|           0 |
|           0 |
|           0 |
+-------------+
117 rows in set (0.01 sec)

其中第一个查询中，第一列为整数

mysql> desc t_qch;
+--------------+------------+------+-----+---------+-------+
| Field        | Type       | Null | Key | Default | Extra |
+--------------+------------+------+-----+---------+-------+
| c_vshmj1a    | int(11)    | NO   |     | NULL    |       |
| c_wdv5y      | int(11)    | YES  |     | NULL    |       |
| c_s96jklr800 | tinyint(4) | YES  |     | NULL    |       |
| c_bg9krh     | int(11)    | NO   | PRI | NULL    |       |
+--------------+------------+------+-----+---------+-------+
4 rows in set (0.00 sec)

OB的单节点版本和多节点版本均有预期之外的结果。
output_replay_ob_main.log
output_replay_ob_single.log

Environment

Linux c0bae494cabb 6.5.0-18-generic #18~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Wed Feb  7 11:40:03 UTC 2 x86_64 x86_64 x86_64 GNU/Linux

commit 7ead2595472f666ae677b2a820aef3bfe40ffcb0 (HEAD -> master, origin/master)

observer (OceanBase_CE 4.3.1.0)

REVISION: 1-7ead2595472f666ae677b2a820aef3bfe40ffcb0
BUILD_BRANCH: master
BUILD_TIME: Apr 29 2024 21:37:35
BUILD_FLAGS: RelWithDebInfo
BUILD_INFO: 

Copyright (c) 2011-present OceanBase Inc.

部署配置文件

user:
  username: root
  key_file: private_key
oceanbase-ce:
  servers:
    - name: server1
      ip: 10.0.10.11
    - name: server2
      ip: 10.0.10.12
    - name: server3
      ip: 10.0.10.13
  server1:
    mysql_port: 10000
    rpc_port: 10001
    home_path: /root/data/observer1
    zone: zone1
  server2:
    mysql_port: 10000
    rpc_port: 10001
    home_path: /root/data/observer2
    zone: zone2
  server3:
    mysql_port: 10000
    rpc_port: 10001
    home_path: /root/data/observer3
    zone: zone3
  tag: latest
  include: obd/observer.include.yaml
  global: 
    # for default system config used by farm, please see tools/deploy/obd/observer.include.yaml
    # You can also specify the configuration directly below (stored locally, switching the working directory and redeploying will still take effect)
    production_mode: false
    devname: eth0
    syslog_level: 'WARN'
    syslog_io_bandwidth_limit: '30M'
    log_disk_size: '30G'
    # diag_syslog_per_error_limit: '4'
    max_syslog_file_count: '4'
    cpu_count: '6'
    datafile_size: '10G'
    datafile_next: '5G'
    datafile_maxsize: '30G'
    root_password: ''
    memory_limit: '9G'
    system_memory: '1G'
obproxy-ce:
  servers:
    - 10.0.10.8
  global:
    listen_port: 10004
    prometheus_listen_port: 10005
    syslog_level: 'WARN'
    home_path: /root/data/obproxy
    root_password: ''
  include: obd/obproxy.include.yaml
  depends:
    - oceanbase-ce

租户配置：

DROP TENANT mysql FORCE;
DROP RESOURCE POOL pool_for_tenant_mysql;

CREATE RESOURCE UNIT 4c7g MAX_CPU 4, MIN_CPU 4, MEMORY_SIZE '7G';
create resource pool pool_test unit='4c7g', unit_num=1, zone_list=('zone1' ,'zone2', 'zone3');
create tenant test resource_pool_list=('pool_test'), primary_zone='RANDOM',comment 'test tenant', charset='utf8' set ob_tcp_invited_nodes='%', recyclebin=OFF, ob_query_timeout=5000000;

Additional Context
我们是来自北京航空航天大学网络空间安全学院的BASS团队，主要从事系统软件安全、操作系统和程序分析研究，研发自动化程序测试框架检测软件缺陷。我们使用自研的数据库漏洞测试工具在OceanBase中找到了上述可能的漏洞。

[hnwyllmm]

感谢。我们先来测试重现一下。