Query crash in ASAN mode #2814

wanpengfei-git · 2022-01-12T11:22:38Z

Steps to reproduce the behavior (Required)

DROP DATABASE IF EXISTS n0;
CREATE DATABASE n0;
USE n0;
admin set frontend config ("enable_decimal_v3" = "true");
CREATE TABLE t0 (c_0_0 LARGEINT NULL ,c_0_1 DATE NULL ,c_0_2 DECIMAL32(6, 0) NOT NULL ,c_0_3 DECIMAL64(13, 11) NOT NULL ,c_0_4 BOOLEAN NULL ,c_0_5 DECIMAL32(7, 5) NOT NULL ,c_0_6 BOOLEAN NULL ,c_0_7 BIGINT NOT NULL ,c_0_8 DECIMAL64(11, 10) NULL ) UNIQUE KEY (c_0_0) DISTRIBUTED BY HASH (c_0_0) properties("replication_num"="1") ;
CREATE TABLE IF NOT EXISTS t1 (c_1_0 DATETIME NOT NULL ,c_1_1 DECIMAL128(34, 8) NULL ,c_1_2 SMALLINT NULL ,c_1_3 DECIMAL128(7, 4) NULL ,c_1_4 TINYINT NOT NULL ,c_1_5 CHAR(21) NOT NULL ,c_1_6 DECIMAL32(5, 1) NULL ,c_1_7 DATE NULL ,c_1_8 BOOLEAN NULL ,c_1_9 FLOAT NULL ,c_1_10 DECIMAL64(2, 2) NOT NULL ) UNIQUE KEY (c_1_0,c_1_1,c_1_2,c_1_3,c_1_4,c_1_5,c_1_6) DISTRIBUTED BY HASH (c_1_3,c_1_1,c_1_4,c_1_0,c_1_2,c_1_6) properties("replication_num"="1") ;
CREATE TABLE IF NOT EXISTS t2 (c_2_0 DECIMAL64(5, 5) NOT NULL ,c_2_1 DATETIME NULL ,c_2_2 BOOLEAN NULL ,c_2_3 DECIMAL(19, 6) NULL ,c_2_4 DECIMAL64(15, 6) NULL ,c_2_5 DECIMAL(23, 5) NULL ,c_2_6 DATETIME NULL ,c_2_7 DECIMAL128(2, 2) NULL ,c_2_8 CHAR(11) NULL ,c_2_9 VARCHAR(1) NULL ,c_2_10 TINYINT NOT NULL ,c_2_11 DECIMAL32(5, 0) NOT NULL ,c_2_12 FLOAT NULL ,c_2_13 DATETIME NOT NULL ,c_2_14 DECIMAL128(33, 28) NOT NULL ) DUPLICATE KEY (c_2_0,c_2_1,c_2_2,c_2_3,c_2_4,c_2_5,c_2_6,c_2_7) DISTRIBUTED BY HASH (c_2_5,c_2_7) properties("replication_num"="1") ;
INSERT INTO t1 VALUES ("1970-01-01 08:00:00", 703686583236085683.16842602, 13, 0.0711, 7, "Evm", 162.1, "1970-01-01", true, -1.84405957E9, 0.06);
INSERT INTO t1 VALUES ("1970-01-01 08:00:00", 659254804725268206.41121503, NULL, 0.0210, 6, "3hYO", 465.3, "1970-01-01", true, 4.47086104E8, 0.08), ("1970-01-01 08:00:00", 772621201868178397.73141262, 11, 0.0935, 5, "UgUNQa", 170.6, "1970-01-01", true, 0.15979635310116191, 0.01), ("1970-01-01 08:00:00", 434290014345363628.57841141, 1, 0.0580, 1, "CzHrIu0Y1", 573.4, "1970-01-01", false, -1.72453397E9, 0.00);
INSERT INTO t1 VALUES ("1970-01-01 08:00:00", 395820723580648570.20565346, 3, 0.0605, 4, "VQ", 682.8, "1970-01-01", false, 0.330392815933226, 0.01);
INSERT INTO t1 VALUES ("1970-01-01 08:00:00", NULL, NULL, 0.0207, 4, "y5", 460.4, "1970-01-01", true, 0.5272163848743933, 0.02);
INSERT INTO t1 VALUES ("1970-01-01 08:00:00", 388916136957218272.48519276, 12, 0.0775, 3, "c", 489.6, "1970-01-01", true, -7.74417041E8, 0.06);
INSERT INTO t2 VALUES (0.00004, "1970-01-01 08:00:00", true, 72333.467612, 19.938245, 6905789328337.57319, NULL, 0.08, "", "", 2, 58242, 0.09101383114154582, "1970-01-01 08:00:00", 5.7457E-24), (0.00006, "1970-01-01 08:00:00", false, 2377544.549802, 342.645198, 5739792886152.10847, "1970-01-01 08:00:00", 0.04, "CFH71", "", 7, 53146, 0.3571971787969629, "1970-01-01 08:00:00", 8.2145E-24);
INSERT INTO t0 VALUES (-2058959053, "1970-01-01", 665810, 4.4E-10, NULL, 0.00059, false, -1363255399, 2E-10);
INSERT INTO t1 VALUES ("1970-01-01 08:00:00", NULL, 13, 0.0321, 7, "jg", 694.7, "1970-01-01", true, 0.7392205915690326, 0.05), ("1970-01-01 08:00:00", 674376271345595617.03497365, NULL, 0.0748, 4, "i", 405.5, "1970-01-01", false, 0.004300493992305476, 0.01);
INSERT INTO t1 VALUES ("1970-01-01 08:00:00", 855230585689591427.11207732, 6, 0.0744, 6, "bh0b", 15.7, "1970-01-01", false, 0.23565562301736465, 0.07);
INSERT INTO t2 VALUES (0.00000, "1970-01-01 08:00:00", NULL, 4543327.530202, 195.756330, 4768643852574.76064, "1970-01-01 08:00:00", 0.04, "yK", NULL, 3, 71995, 0.2452921182768214, "1970-01-01 08:00:00", 9.2902E-24), (0.00000, "1970-01-01 08:00:00", false, NULL, 5.159031, 3509770224667.42394, "1970-01-01 08:00:00", 0.00, "", "", 2, 90743, 0.36105373107668715, "1970-01-01 08:00:00", 3.3283E-24), (0.00001, "1970-01-01 08:00:00", true, 2584228.601630, 41.057439, 7488898937742.90593, "1970-01-01 08:00:00", NULL, "qr", "", 4, 9870, 0.15461107018173903, "1970-01-01 08:00:00", 5.3086E-24);
INSERT INTO t0 VALUES (-1663662897, "1970-01-01", 91813, 1.2E-10, true, 0.00072, false, -1307392623, 1E-10);
INSERT INTO t2 VALUES (0.00007, NULL, true, 3077586.186460, 452.829546, 8373238319509.72092, "1970-01-01 08:00:00", 0.08, "", "", 4, 46894, 0.15552054389544923, "1970-01-01 08:00:00", 8.61E-26);
SELECT COUNT(*) FROM t2 INNER JOIN t1 ON t2.c_2_3 >= t1.c_1_10 AND t2.c_2_3 < t1.c_1_10 WHERE (CASE WHEN true THEN ((t1.c_1_3) IS NULL) WHEN (t1.c_1_1) IN (336155169080940785.51982875) THEN ( t2.c_2_3 ) != ( t2.c_2_3 ) END) IN (false, true) ;

crash.log:
==16256==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020003fa1d1 at pc 0x0000077b2925 bp 0x7f05bc78cbc0 sp 0x7f05bc78cbb8
READ of size 1 at 0x6020003fa1d1 thread T220 (fragment_mgr)
    #0 0x77b2924 in std::shared_ptr<starrocks::vectorized::Column> starrocks::vectorized::LogicPredicateBaseBinaryFunction<starrocks::vectorized::AndNullImpl, starrocks::vectorized::AndImpl>::vector_vector<(starrocks::PrimitiveType)2, (starrocks::PrimitiveType)2, (starrocks::PrimitiveType)2>(std::shared_ptr<starrocks::vectorized::Column> const&, std::shared_ptr<starrocks::vectorized::FixedLengthColumn<unsigned char> > const&, std::shared_ptr<starrocks::vectorized::Column> const&, std::shared_ptr<starrocks::vectorized::FixedLengthColumn<unsigned char> > const&) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/exprs/vectorized/binary_function.h:362
    #1 0x77afe83 in std::shared_ptr<starrocks::vectorized::Column> starrocks::vectorized::UnpackNotAlignDataAndNullColumnBinaryFunction<starrocks::vectorized::LogicPredicateBaseBinaryFunction<starrocks::vectorized::AndNullImpl, starrocks::vectorized::AndImpl> >::evaluate<(starrocks::PrimitiveType)2, (starrocks::PrimitiveType)2, (starrocks::PrimitiveType)2>(std::shared_ptr<starrocks::vectorized::Column> const&, std::shared_ptr<starrocks::vectorized::FixedLengthColumn<unsigned char> > const&, std::shared_ptr<starrocks::vectorized::Column> const&, std::shared_ptr<starrocks::vectorized::FixedLengthColumn<unsigned char> > const&) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/exprs/vectorized/binary_function.h:323
    #2 0x77acd0e in std::shared_ptr<starrocks::vectorized::Column> starrocks::vectorized::LogicPredicateBinaryFunction<starrocks::vectorized::UnpackConstColumnBinaryFunction<starrocks::vectorized::AndImpl>, starrocks::vectorized::UnpackNotAlignDataAndNullColumnBinaryFunction<starrocks::vectorized::LogicPredicateBaseBinaryFunction<starrocks::vectorized::AndNullImpl, starrocks::vectorized::AndImpl> > >::evaluate<(starrocks::PrimitiveType)2, (starrocks::PrimitiveType)2, (starrocks::PrimitiveType)2>(std::shared_ptr<starrocks::vectorized::Column> const&, std::shared_ptr<starrocks::vectorized::Column> const&) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/exprs/vectorized/binary_function.h:503
    #3 0x77ab7ff in std::shared_ptr<starrocks::vectorized::Column> starrocks::vectorized::LogicPredicateBinaryFunction<starrocks::vectorized::UnpackConstColumnBinaryFunction<starrocks::vectorized::AndImpl>, starrocks::vectorized::UnpackNotAlignDataAndNullColumnBinaryFunction<starrocks::vectorized::LogicPredicateBaseBinaryFunction<starrocks::vectorized::AndNullImpl, starrocks::vectorized::AndImpl> > >::evaluate<(starrocks::PrimitiveType)2>(std::shared_ptr<starrocks::vectorized::Column> const&, std::shared_ptr<starrocks::vectorized::Column> const&) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/exprs/vectorized/binary_function.h:520
    #4 0x77aab50 in starrocks::vectorized::VectorizedAndCompoundPredicate::evaluate(starrocks::ExprContext*, starrocks::vectorized::Chunk*) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/exprs/vectorized/compound_predicate.cpp:45
    #5 0x7681c33 in starrocks::ExprContext::evaluate(starrocks::Expr*, starrocks::vectorized::Chunk*) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/exprs/expr_context.cpp:194
    #6 0x76819e4 in starrocks::ExprContext::evaluate(starrocks::vectorized::Chunk*) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/exprs/expr_context.cpp:184
    #7 0x5b29e74 in eager_prune_eval_conjuncts /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/exec/exec_node.cpp:534
    #8 0x5b2a4ac in starrocks::ExecNode::eval_conjuncts(std::vector<starrocks::ExprContext*, std::allocator<starrocks::ExprContext*> > const&, starrocks::vectorized::Chunk*, std::shared_ptr<std::vector<unsigned char, std::allocator<unsigned char> > >*) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/exec/exec_node.cpp:583
    #9 0x65ea066 in starrocks::vectorized::CrossJoinNode::get_next_internal(starrocks::RuntimeState*, std::shared_ptr<starrocks::vectorized::Chunk>*, bool*, starrocks::ScopedTimer<starrocks::MonotonicStopWatch>&) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/exec/vectorized/cross_join_node.cpp:298
    #10 0x65eb697 in operator() /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/exec/vectorized/cross_join_node.cpp:424
    #11 0x65efedc in __invoke_impl<starrocks::Status, starrocks::vectorized::CrossJoinNode::get_next(starrocks::RuntimeState*, starrocks::vectorized::ChunkPtr*, bool*)::<lambda(starrocks::RuntimeState*, starrocks::vectorized::ChunkPtr*, bool*)>&, starrocks::RuntimeState*, std::shared_ptr<starrocks::vectorized::Chunk>*, bool*> /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/bits/invoke.h:60
    #12 0x65efc9e in __invoke_r<starrocks::Status, starrocks::vectorized::CrossJoinNode::get_next(starrocks::RuntimeState*, starrocks::vectorized::ChunkPtr*, bool*)::<lambda(starrocks::RuntimeState*, starrocks::vectorized::ChunkPtr*, bool*)>&, starrocks::RuntimeState*, std::shared_ptr<starrocks::vectorized::Chunk>*, bool*> /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/bits/invoke.h:115
    #13 0x65efa79 in _M_invoke /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/bits/std_function.h:292
    #14 0x5b33490 in std::function<starrocks::Status (starrocks::RuntimeState*, std::shared_ptr<starrocks::vectorized::Chunk>*, bool*)>::operator()(starrocks::RuntimeState*, std::shared_ptr<starrocks::vectorized::Chunk>*, bool*) const (/home/disk1/dorisdb/sqlancer_master_asan/be/lib/starrocks_be+0x5b33490)
    #15 0x5b24fb5 in starrocks::ExecNode::get_next_big_chunk(starrocks::RuntimeState*, std::shared_ptr<starrocks::vectorized::Chunk>*, bool*, std::shared_ptr<starrocks::vectorized::Chunk>&, std::function<starrocks::Status (starrocks::RuntimeState*, std::shared_ptr<starrocks::vectorized::Chunk>*, bool*)> const&) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/exec/exec_node.cpp:248
    #16 0x65eb86f in starrocks::vectorized::CrossJoinNode::get_next(starrocks::RuntimeState*, std::shared_ptr<starrocks::vectorized::Chunk>*, bool*) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/exec/vectorized/cross_join_node.cpp:425
    #17 0x66bf132 in starrocks::vectorized::ProjectNode::get_next(starrocks::RuntimeState*, std::shared_ptr<starrocks::vectorized::Chunk>*, bool*) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/exec/vectorized/project_node.cpp:122
    #18 0x5bfdb09 in starrocks::vectorized::AggregateBlockingNode::open(starrocks::RuntimeState*) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/exec/vectorized/aggregate/aggregate_blocking_node.cpp:41
    #19 0x4fd719a in starrocks::PlanFragmentExecutor::_open_internal_vectorized() /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/runtime/plan_fragment_executor.cpp:209
    #20 0x4fd6888 in starrocks::PlanFragmentExecutor::open() /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/runtime/plan_fragment_executor.cpp:192
    #21 0x4e531a7 in starrocks::FragmentExecState::execute() /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/runtime/fragment_mgr.cpp:193
    #22 0x4e58270 in starrocks::FragmentMgr::exec_actual(std::shared_ptr<starrocks::FragmentExecState>*, std::function<void (starrocks::PlanFragmentExecutor*)> const&) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/runtime/fragment_mgr.cpp:379
    #23 0x4e58c8c in operator() /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/runtime/fragment_mgr.cpp:438
    #24 0x4e61cb7 in __invoke_impl<void, starrocks::FragmentMgr::exec_plan_fragment(const starrocks::TExecPlanFragmentParams&, const StartSuccCallback&, const FinishCallback&)::<lambda()>&> /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/bits/invoke.h:60
    #25 0x4e618a8 in __invoke_r<void, starrocks::FragmentMgr::exec_plan_fragment(const starrocks::TExecPlanFragmentParams&, const StartSuccCallback&, const FinishCallback&)::<lambda()>&> /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/bits/invoke.h:110
    #26 0x4e61059 in _M_invoke /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/bits/std_function.h:291
    #27 0x3d5dd83 in std::function<void ()>::operator()() const /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/bits/std_function.h:622
    #28 0x524ab9f in starrocks::FunctionRunnable::run() /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/util/threadpool.cpp:45
    #29 0x524767d in starrocks::ThreadPool::dispatch_thread() /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/util/threadpool.cpp:514
    #30 0x5264cc7 in void std::__invoke_impl<void, void (starrocks::ThreadPool::*&)(), starrocks::ThreadPool*&>(std::__invoke_memfun_deref, void (starrocks::ThreadPool::*&)(), starrocks::ThreadPool*&) /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/bits/invoke.h:73
    #31 0x52645aa in std::__invoke_result<void (starrocks::ThreadPool::*&)(), starrocks::ThreadPool*&>::type std::__invoke<void (starrocks::ThreadPool::*&)(), starrocks::ThreadPool*&>(void (starrocks::ThreadPool::*&)(), starrocks::ThreadPool*&) /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/bits/invoke.h:95
    #32 0x52639c1 in void std::_Bind<void (starrocks::ThreadPool::*(starrocks::ThreadPool*))()>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/functional:416
    #33 0x526252d in void std::_Bind<void (starrocks::ThreadPool::*(starrocks::ThreadPool*))()>::operator()<, void>() /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/functional:499
    #34 0x525f413 in void std::__invoke_impl<void, std::_Bind<void (starrocks::ThreadPool::*(starrocks::ThreadPool*))()>&>(std::__invoke_other, std::_Bind<void (starrocks::ThreadPool::*(starrocks::ThreadPool*))()>&) /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/bits/invoke.h:60
    #35 0x525d3db in std::enable_if<is_invocable_r_v<void, std::_Bind<void (starrocks::ThreadPool::*(starrocks::ThreadPool*))()>&>, void>::type std::__invoke_r<void, std::_Bind<void (starrocks::ThreadPool::*(starrocks::ThreadPool*))()>&>(std::_Bind<void (starrocks::ThreadPool::*(starrocks::ThreadPool*))()>&) /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/bits/invoke.h:110
    #36 0x5258b76 in std::_Function_handler<void (), std::_Bind<void (starrocks::ThreadPool::*(starrocks::ThreadPool*))()> >::_M_invoke(std::_Any_data const&) /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/bits/std_function.h:291
    #37 0x3d5dd83 in std::function<void ()>::operator()() const /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/bits/std_function.h:622
    #38 0x5231d7c in starrocks::Thread::supervise_thread(void*) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/util/thread.cpp:312
    #39 0x7f061894ae64 in start_thread (/lib64/libpthread.so.0+0x7e64)
    #40 0x7f0617d4f88c in clone (/lib64/libc.so.6+0xfe88c)

0x6020003fa1d1 is located 0 bytes to the right of 1-byte region [0x6020003fa1d0,0x6020003fa1d1)
allocated by thread T220 (fragment_mgr) here:
    #0 0x3ced5e7 in operator new(unsigned long) ../../../../libsanitizer/asan/asan_new_delete.cpp:99
    #1 0x3d741ee in __gnu_cxx::new_allocator<unsigned char>::allocate(unsigned long, void const*) /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/ext/new_allocator.h:115
    #2 0x3d6eb5b in std::allocator_traits<std::allocator<unsigned char> >::allocate(std::allocator<unsigned char>&, unsigned long) /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/bits/alloc_traits.h:460
    #3 0x3d68a4f in std::_Vector_base<unsigned char, std::allocator<unsigned char> >::_M_allocate(unsigned long) /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/bits/stl_vector.h:346
    #4 0x3d79910 in std::_Vector_base<unsigned char, std::allocator<unsigned char> >::_M_create_storage(unsigned long) /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/bits/stl_vector.h:361
    #5 0x3d74788 in std::_Vector_base<unsigned char, std::allocator<unsigned char> >::_Vector_base(unsigned long, std::allocator<unsigned char> const&) /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/bits/stl_vector.h:305
    #6 0x3d6f3ce in std::vector<unsigned char, std::allocator<unsigned char> >::vector(unsigned long, unsigned char const&, std::allocator<unsigned char> const&) /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/bits/stl_vector.h:524
    #7 0x3e80a6f in starrocks::vectorized::FixedLengthColumnBase<unsigned char>::FixedLengthColumnBase(unsigned long, unsigned char) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/column/fixed_length_column_base.h:43
    #8 0x5ab3d9d in starrocks::vectorized::ColumnFactory<starrocks::vectorized::FixedLengthColumnBase<unsigned char>, starrocks::vectorized::FixedLengthColumn<unsigned char>, starrocks::vectorized::Column>::ColumnFactory<unsigned long const&, unsigned char const&>(unsigned long const&, unsigned char const&) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/column/column.h:352
    #9 0x5ab3aac in starrocks::vectorized::FixedLengthColumn<unsigned char>::FixedLengthColumn(unsigned long, unsigned char) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/column/fixed_length_column.h:17
    #10 0x63ffde3 in void __gnu_cxx::new_allocator<starrocks::vectorized::FixedLengthColumn<unsigned char> >::construct<starrocks::vectorized::FixedLengthColumn<unsigned char>, unsigned long, int>(starrocks::vectorized::FixedLengthColumn<unsigned char>*, unsigned long&&, int&&) /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/ext/new_allocator.h:150
    #11 0x63fe894 in void std::allocator_traits<std::allocator<starrocks::vectorized::FixedLengthColumn<unsigned char> > >::construct<starrocks::vectorized::FixedLengthColumn<unsigned char>, unsigned long, int>(std::allocator<starrocks::vectorized::FixedLengthColumn<unsigned char> >&, starrocks::vectorized::FixedLengthColumn<unsigned char>*, unsigned long&&, int&&) /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/bits/alloc_traits.h:512
    #12 0x63fd1aa in std::_Sp_counted_ptr_inplace<starrocks::vectorized::FixedLengthColumn<unsigned char>, std::allocator<starrocks::vectorized::FixedLengthColumn<unsigned char> >, (__gnu_cxx::_Lock_policy)2>::_Sp_counted_ptr_inplace<unsigned long, int>(std::allocator<starrocks::vectorized::FixedLengthColumn<unsigned char> >, unsigned long&&, int&&) /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/bits/shared_ptr_base.h:551
    #13 0x63fbbdb in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::__shared_count<starrocks::vectorized::FixedLengthColumn<unsigned char>, std::allocator<starrocks::vectorized::FixedLengthColumn<unsigned char> >, unsigned long, int>(starrocks::vectorized::FixedLengthColumn<unsigned char>*&, std::_Sp_alloc_shared_tag<std::allocator<starrocks::vectorized::FixedLengthColumn<unsigned char> > >, unsigned long&&, int&&) /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/bits/shared_ptr_base.h:682
    #14 0x63faaf3 in std::__shared_ptr<starrocks::vectorized::FixedLengthColumn<unsigned char>, (__gnu_cxx::_Lock_policy)2>::__shared_ptr<std::allocator<starrocks::vectorized::FixedLengthColumn<unsigned char> >, unsigned long, int>(std::_Sp_alloc_shared_tag<std::allocator<starrocks::vectorized::FixedLengthColumn<unsigned char> > >, unsigned long&&, int&&) /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/bits/shared_ptr_base.h:1371
    #15 0x63f8c87 in std::shared_ptr<starrocks::vectorized::FixedLengthColumn<unsigned char> >::shared_ptr<std::allocator<starrocks::vectorized::FixedLengthColumn<unsigned char> >, unsigned long, int>(std::_Sp_alloc_shared_tag<std::allocator<starrocks::vectorized::FixedLengthColumn<unsigned char> > >, unsigned long&&, int&&) /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/bits/shared_ptr.h:408
    #16 0x622edad in std::shared_ptr<starrocks::vectorized::FixedLengthColumn<unsigned char> > std::allocate_shared<starrocks::vectorized::FixedLengthColumn<unsigned char>, std::allocator<starrocks::vectorized::FixedLengthColumn<unsigned char> >, unsigned long, int>(std::allocator<starrocks::vectorized::FixedLengthColumn<unsigned char> > const&, unsigned long&&, int&&) /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/bits/shared_ptr.h:860
    #17 0x61f61d4 in std::shared_ptr<starrocks::vectorized::FixedLengthColumn<unsigned char> > std::make_shared<starrocks::vectorized::FixedLengthColumn<unsigned char>, unsigned long, int>(unsigned long&&, int&&) /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/bits/shared_ptr.h:876
    #18 0x61b137b in std::shared_ptr<starrocks::vectorized::FixedLengthColumn<unsigned char> > starrocks::vectorized::ColumnFactory<starrocks::vectorized::FixedLengthColumnBase<unsigned char>, starrocks::vectorized::FixedLengthColumn<unsigned char>, starrocks::vectorized::Column>::create<unsigned long, int>(unsigned long&&, int&&) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/column/column.h:361
    #19 0x77ac9c4 in std::shared_ptr<starrocks::vectorized::Column> starrocks::vectorized::LogicPredicateBinaryFunction<starrocks::vectorized::UnpackConstColumnBinaryFunction<starrocks::vectorized::AndImpl>, starrocks::vectorized::UnpackNotAlignDataAndNullColumnBinaryFunction<starrocks::vectorized::LogicPredicateBaseBinaryFunction<starrocks::vectorized::AndNullImpl, starrocks::vectorized::AndImpl> > >::evaluate<(starrocks::PrimitiveType)2, (starrocks::PrimitiveType)2, (starrocks::PrimitiveType)2>(std::shared_ptr<starrocks::vectorized::Column> const&, std::shared_ptr<starrocks::vectorized::Column> const&) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/exprs/vectorized/binary_function.h:492
    #20 0x77ab7ff in std::shared_ptr<starrocks::vectorized::Column> starrocks::vectorized::LogicPredicateBinaryFunction<starrocks::vectorized::UnpackConstColumnBinaryFunction<starrocks::vectorized::AndImpl>, starrocks::vectorized::UnpackNotAlignDataAndNullColumnBinaryFunction<starrocks::vectorized::LogicPredicateBaseBinaryFunction<starrocks::vectorized::AndNullImpl, starrocks::vectorized::AndImpl> > >::evaluate<(starrocks::PrimitiveType)2>(std::shared_ptr<starrocks::vectorized::Column> const&, std::shared_ptr<starrocks::vectorized::Column> const&) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/exprs/vectorized/binary_function.h:520
    #21 0x77aab50 in starrocks::vectorized::VectorizedAndCompoundPredicate::evaluate(starrocks::ExprContext*, starrocks::vectorized::Chunk*) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/exprs/vectorized/compound_predicate.cpp:45
    #22 0x7681c33 in starrocks::ExprContext::evaluate(starrocks::Expr*, starrocks::vectorized::Chunk*) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/exprs/expr_context.cpp:194
    #23 0x76819e4 in starrocks::ExprContext::evaluate(starrocks::vectorized::Chunk*) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/exprs/expr_context.cpp:184
    #24 0x5b29e74 in eager_prune_eval_conjuncts /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/exec/exec_node.cpp:534
    #25 0x5b2a4ac in starrocks::ExecNode::eval_conjuncts(std::vector<starrocks::ExprContext*, std::allocator<starrocks::ExprContext*> > const&, starrocks::vectorized::Chunk*, std::shared_ptr<std::vector<unsigned char, std::allocator<unsigned char> > >*) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/exec/exec_node.cpp:583
    #26 0x65ea066 in starrocks::vectorized::CrossJoinNode::get_next_internal(starrocks::RuntimeState*, std::shared_ptr<starrocks::vectorized::Chunk>*, bool*, starrocks::ScopedTimer<starrocks::MonotonicStopWatch>&) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/exec/vectorized/cross_join_node.cpp:298
    #27 0x65eb697 in operator() /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/exec/vectorized/cross_join_node.cpp:424
    #28 0x65efedc in __invoke_impl<starrocks::Status, starrocks::vectorized::CrossJoinNode::get_next(starrocks::RuntimeState*, starrocks::vectorized::ChunkPtr*, bool*)::<lambda(starrocks::RuntimeState*, starrocks::vectorized::ChunkPtr*, bool*)>&, starrocks::RuntimeState*, std::shared_ptr<starrocks::vectorized::Chunk>*, bool*> /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/bits/invoke.h:60
    #29 0x65efc9e in __invoke_r<starrocks::Status, starrocks::vectorized::CrossJoinNode::get_next(starrocks::RuntimeState*, starrocks::vectorized::ChunkPtr*, bool*)::<lambda(starrocks::RuntimeState*, starrocks::vectorized::ChunkPtr*, bool*)>&, starrocks::RuntimeState*, std::shared_ptr<starrocks::vectorized::Chunk>*, bool*> /home/disk1/doris-deps/toolchain/installed/gcc-10.3.0/include/c++/10.3.0/bits/invoke.h:115

Thread T220 (fragment_mgr) created by T0 here:
    #0 0x3c972e2 in __interceptor_pthread_create ../../../../libsanitizer/asan/asan_interceptors.cpp:214
    #1 0x52311d0 in starrocks::Thread::start_thread(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::function<void ()> const&, unsigned long, scoped_refptr<starrocks::Thread>*) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/util/thread.cpp:267
    #2 0x524f204 in starrocks::Status starrocks::Thread::create<void (starrocks::ThreadPool::*)(), starrocks::ThreadPool*>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, void (starrocks::ThreadPool::* const&)(), starrocks::ThreadPool* const&, scoped_refptr<starrocks::Thread>*) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/util/thread.h:55
    #3 0x52488dd in starrocks::ThreadPool::create_thread() /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/util/threadpool.cpp:564
    #4 0x5242b7e in starrocks::ThreadPool::init() /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/util/threadpool.cpp:253
    #5 0x523f839 in starrocks::ThreadPoolBuilder::build(std::unique_ptr<starrocks::ThreadPool, std::default_delete<starrocks::ThreadPool> >*) const /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/util/threadpool.cpp:82
    #6 0x4e5776a in starrocks::FragmentMgr::FragmentMgr(starrocks::ExecEnv*) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/runtime/fragment_mgr.cpp:349
    #7 0x4d89b87 in starrocks::ExecEnv::_init(std::vector<starrocks::StorePath, std::allocator<starrocks::StorePath> > const&) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/runtime/exec_env.cpp:142
    #8 0x4d890a9 in starrocks::ExecEnv::init(starrocks::ExecEnv*, std::vector<starrocks::StorePath, std::allocator<starrocks::StorePath> > const&) /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/runtime/exec_env.cpp:118
    #9 0x3d2c933 in main /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/service/starrocks_main.cpp:207
    #10 0x7f0617c73504 in __libc_start_main (/lib64/libc.so.6+0x22504)

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/disk1/jenkins/workspace/sqlancer_master_asan/cluster-management/resource/starrocks/be/src/exprs/vectorized/binary_function.h:362 in std::shared_ptr<starrocks::vectorized::Column> starrocks::vectorized::LogicPredicateBaseBinaryFunction<starrocks::vectorized::AndNullImpl, starrocks::vectorized::AndImpl>::vector_vector<(starrocks::PrimitiveType)2, (starrocks::PrimitiveType)2, (starrocks::PrimitiveType)2>(std::shared_ptr<starrocks::vectorized::Column> const&, std::shared_ptr<starrocks::vectorized::FixedLengthColumn<unsigned char> > const&, std::shared_ptr<starrocks::vectorized::Column> const&, std::shared_ptr<starrocks::vectorized::FixedLengthColumn<unsigned char> > const&)
Shadow bytes around the buggy address:
  0x0c04800773e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c04800773f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0480077400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0480077410: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0480077420: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c0480077430: fa fa fa fa fa fa fa fa fa fa[01]fa fa fa fa fa
  0x0c0480077440: fa fa fa fa fa fa fd fa fa fa fd fa fa fa fd fd
  0x0c0480077450: fa fa fa fa fa fa fd fa fa fa fd fa fa fa fa fa
  0x0c0480077460: fa fa fd fd fa fa fd fd fa fa fd fa fa fa fd fa
  0x0c0480077470: fa fa fd fd fa fa fd fa fa fa 07 fa fa fa fd fa
  0x0c0480077480: fa fa 06 fa fa fa 06 fa fa fa fd fd fa fa fd fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==16256==ABORTING

StarRocks version (Required)

You can get the StarRocks version by executing SQL select current_version()
main ASAN
mysql> select current_version();
+------------------------------+
| current_version() |
+------------------------------+
| SQLANCER_MASTER_ASAN f163676 |
+------------------------------+

The text was updated successfully, but these errors were encountered:

* Update release-2.3.md * Update release-2.3.md

wanpengfei-git added type/bug Something isn't working sqlancer labels Jan 12, 2022

wanpengfei-git added this to the 2.1 milestone Jan 12, 2022

kangkaisen assigned Pslydhh Jan 12, 2022

Pslydhh mentioned this issue Jan 12, 2022

Keep const column size with input chunk #2822

Merged

kangkaisen closed this as completed in #2822 Jan 13, 2022

caneGuy pushed a commit to caneGuy/starrocks that referenced this issue Mar 28, 2023

Update release-2.3.md (StarRocks#2814)

8035925

* Update release-2.3.md * Update release-2.3.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Query crash in ASAN mode #2814

Query crash in ASAN mode #2814

wanpengfei-git commented Jan 12, 2022 •

edited

Loading

Query crash in ASAN mode #2814

Query crash in ASAN mode #2814

Comments

wanpengfei-git commented Jan 12, 2022 • edited Loading

Steps to reproduce the behavior (Required)

StarRocks version (Required)

wanpengfei-git commented Jan 12, 2022 •

edited

Loading