Skip to content

Segfault FunctionBitmap #19668

Closed
#19713
Closed
Segfault FunctionBitmap#19668
#19713
Assignees
kitaisreal
Labels
crashCrash / segfault / abortfuzzProblem found by one of the fuzzers
@qoega

Description

@qoega
qoega
opened on Jan 26, 2021

Describe the bug
https://clickhouse-test-reports.s3.yandex.net/19523/9869132386989e10aa914a74844cb520191e5ab3/fuzzer_asan/report.html#fail1

[qoega-qyp.sas.yp-c.yandex.net] 2021.01.26 19:09:08.280066 [ 52341 ] <Fatal> BaseDaemon: ########################################
[qoega-qyp.sas.yp-c.yandex.net] 2021.01.26 19:09:08.280388 [ 52341 ] <Fatal> BaseDaemon: (version 21.2.1.1, build id: 848D638C25A24123F0A66BCF1C9FC471B1BE106F) (from thread 42759) (query_id: 28aaceff-509d-4188-887a-263570016992) Received signal Segmentation fault (11)
[qoega-qyp.sas.yp-c.yandex.net] 2021.01.26 19:09:08.280570 [ 52341 ] <Fatal> BaseDaemon: Address: NULL pointer. Access: read. Address not mapped to object.
[qoega-qyp.sas.yp-c.yandex.net] 2021.01.26 19:09:08.280750 [ 52341 ] <Fatal> BaseDaemon: Stack trace: 0x398e0bf7 0x13337cbe 0x13332ee6 0x1332cf07 0x12ae0fbd 0x12c5993f 0x12c5bab4 0x2cc99ee7 0x30ff763a 0x2f639557 0x30a8530f 0x30b9c729 0x30b95299 0x30b9e033 0x9005977 0x9013ff8 0x7f9d8eece6db 0x7f9d8ebf7a3f
[qoega-qyp.sas.yp-c.yandex.net] 2021.01.26 19:09:08.285586 [ 52341 ] <Fatal> BaseDaemon: 4. ./obj-x86_64-linux-gnu/../contrib/croaring/include/roaring/roaring_array.h:79: roaring_bitmap_contains @ 0x398e0bf7 in /home/qoega/memory-ch/output/binary/clickhouse
[qoega-qyp.sas.yp-c.yandex.net] 2021.01.26 19:09:08.289096 [ 52341 ] <Fatal> BaseDaemon: 5. _ZN2DB25RoaringBitmapWithSmallSetIjLDu32EE9rb_andnotERKS1_ @ 0x13337cbe in /home/qoega/memory-ch/output/binary/clickhouse
[qoega-qyp.sas.yp-c.yandex.net] 2021.01.26 19:09:08.292272 [ 52341 ] <Fatal> BaseDaemon: 6. COW<DB::IColumn>::immutable_ptr<DB::IColumn> DB::FunctionBitmap<DB::BitmapAndnotImpl, DB::NameBitmapAndnot>::executeBitmapData<unsigned int>(std::__1::vector<DB::ColumnWithTypeAndName, std::__1::allocator<DB::ColumnWithTypeAndName> > const&, unsigned long) const @ 0x13332ee6 in /home/qoega/memory-ch/output/binary/clickhouse
[qoega-qyp.sas.yp-c.yandex.net] 2021.01.26 19:09:08.295477 [ 52341 ] <Fatal> BaseDaemon: 7. DB::FunctionBitmap<DB::BitmapAndnotImpl, DB::NameBitmapAndnot>::executeImpl(std::__1::vector<DB::ColumnWithTypeAndName, std::__1::allocator<DB::ColumnWithTypeAndName> > const&, std::__1::shared_ptr<DB::IDataType const> const&, unsigned long) const @ 0x1332cf07 in /home/qoega/memory-ch/output/binary/clickhouse
[qoega-qyp.sas.yp-c.yandex.net] 2021.01.26 19:09:08.298713 [ 52341 ] <Fatal> BaseDaemon: 8. DB::DefaultExecutable::execute(std::__1::vector<DB::ColumnWithTypeAndName, std::__1::allocator<DB::ColumnWithTypeAndName> > const&, std::__1::shared_ptr<DB::IDataType const> const&, unsigned long) const @ 0x12ae0fbd in /home/qoega/memory-ch/output/binary/clickhouse
[qoega-qyp.sas.yp-c.yandex.net] 2021.01.26 19:09:08.301973 [ 52341 ] <Fatal> BaseDaemon: 9. DB::ExecutableFunctionAdaptor::executeWithoutLowCardinalityColumns(std::__1::vector<DB::ColumnWithTypeAndName, std::__1::allocator<DB::ColumnWithTypeAndName> > const&, std::__1::shared_ptr<DB::IDataType const> const&, unsigned long, bool) const @ 0x12c5993f in /home/qoega/memory-ch/output/binary/clickhouse
[qoega-qyp.sas.yp-c.yandex.net] 2021.01.26 19:09:08.305216 [ 52341 ] <Fatal> BaseDaemon: 10. DB::ExecutableFunctionAdaptor::execute(std::__1::vector<DB::ColumnWithTypeAndName, std::__1::allocator<DB::ColumnWithTypeAndName> > const&, std::__1::shared_ptr<DB::IDataType const> const&, unsigned long, bool) const @ 0x12c5bab4 in /home/qoega/memory-ch/output/binary/clickhouse
[qoega-qyp.sas.yp-c.yandex.net] 2021.01.26 19:09:08.307532 [ 52341 ] <Fatal> BaseDaemon: 11. ./obj-x86_64-linux-gnu/../src/Interpreters/ExpressionActions.cpp:0: DB::ExpressionActions::execute(DB::Block&, unsigned long&, bool) const @ 0x2cc99ee7 in /home/qoega/memory-ch/output/binary/clickhouse
[qoega-qyp.sas.yp-c.yandex.net] 2021.01.26 19:09:08.310020 [ 52341 ] <Fatal> BaseDaemon: 12. ./obj-x86_64-linux-gnu/../src/Processors/Transforms/ExpressionTransform.cpp:27: DB::ExpressionTransform::transform(DB::Chunk&) @ 0x30ff763a in /home/qoega/memory-ch/output/binary/clickhouse
[qoega-qyp.sas.yp-c.yandex.net] 2021.01.26 19:09:08.317386 [ 52341 ] <Fatal> BaseDaemon: 13. ./obj-x86_64-linux-gnu/../contrib/libcxx/include/type_traits:3933: DB::ISimpleTransform::transform(DB::Chunk&, DB::Chunk&) @ 0x2f639557 in /home/qoega/memory-ch/output/binary/clickhouse
[qoega-qyp.sas.yp-c.yandex.net] 2021.01.26 19:09:08.319997 [ 52341 ] <Fatal> BaseDaemon: 14. ./obj-x86_64-linux-gnu/../src/Processors/ISimpleTransform.cpp:99: DB::ISimpleTransform::work() @ 0x30a8530f in /home/qoega/memory-ch/output/binary/clickhouse
[qoega-qyp.sas.yp-c.yandex.net] 2021.01.26 19:09:08.323256 [ 52341 ] <Fatal> BaseDaemon: 15. ./obj-x86_64-linux-gnu/../src/Processors/Executors/PipelineExecutor.cpp:99: void std::__1::__function::__policy_invoker<void ()>::__call_impl<std::__1::__function::__default_alloc_func<DB::PipelineExecutor::addJob(DB::ExecutingGraph::Node*)::$_0, void ()> >(std::__1::__function::__policy_storage const*) @ 0x30b9c729 in /home/qoega/memory-ch/output/binary/clickhouse
[qoega-qyp.sas.yp-c.yandex.net] 2021.01.26 19:09:08.326217 [ 52341 ] <Fatal> BaseDaemon: 16. ./obj-x86_64-linux-gnu/../src/Processors/Executors/PipelineExecutor.cpp:587: DB::PipelineExecutor::executeStepImpl(unsigned long, unsigned long, std::__1::atomic<bool>*) @ 0x30b95299 in /home/qoega/memory-ch/output/binary/clickhouse
[qoega-qyp.sas.yp-c.yandex.net] 2021.01.26 19:09:08.329373 [ 52341 ] <Fatal> BaseDaemon: 17. ./obj-x86_64-linux-gnu/../base/common/../ext/scope_guard.h:97: void std::__1::__function::__policy_invoker<void ()>::__call_impl<std::__1::__function::__default_alloc_func<ThreadFromGlobalPool::ThreadFromGlobalPool<DB::PipelineExecutor::executeImpl(unsigned long)::$_4>(DB::PipelineExecutor::executeImpl(unsigned long)::$_4&&)::'lambda'(), void ()> >(std::__1::__function::__policy_storage const*) @ 0x30b9e033 in /home/qoega/memory-ch/output/binary/clickhouse
[qoega-qyp.sas.yp-c.yandex.net] 2021.01.26 19:09:08.329784 [ 52341 ] <Fatal> BaseDaemon: 18. ./obj-x86_64-linux-gnu/../contrib/libcxx/include/functional:2210: ThreadPoolImpl<std::__1::thread>::worker(std::__1::__list_iterator<std::__1::thread, void*>) @ 0x9005977 in /home/qoega/memory-ch/output/binary/clickhouse
[qoega-qyp.sas.yp-c.yandex.net] 2021.01.26 19:09:08.330531 [ 52341 ] <Fatal> BaseDaemon: 19. ./obj-x86_64-linux-gnu/../contrib/libcxx/include/memory:1655: void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>)::'lambda1'()> >(void*) @ 0x9013ff8 in /home/qoega/memory-ch/output/binary/clickhouse
[qoega-qyp.sas.yp-c.yandex.net] 2021.01.26 19:09:08.330674 [ 52341 ] <Fatal> BaseDaemon: 20. start_thread @ 0x76db in /lib/x86_64-linux-gnu/libpthread-2.27.so
[qoega-qyp.sas.yp-c.yandex.net] 2021.01.26 19:09:08.330959 [ 52341 ] <Fatal> BaseDaemon: 21. /build/glibc-2ORdQG/glibc-2.27/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:97: __clone @ 0x121a3f in /usr/lib/debug/lib/x86_64-linux-gnu/libc-2.27.so
[qoega-qyp.sas.yp-c.yandex.net] 2021.01.26 19:09:10.177200 [ 52341 ] <Fatal> BaseDaemon: Calculated checksum of the binary: 73A029A06424D4E1E2081E2DE050B193. There is no information about the reference checksum.

How to reproduce
prepare

CREATE TABLE bitmap_test
(
    `pickup_date` Date,
    `city_id` UInt32,
    `uid` UInt32
)
ENGINE = Memory;

INSERT INTO bitmap_test SELECT
    '2019-01-01',
    1,
    number
FROM numbers(1, 50);

INSERT INTO bitmap_test SELECT
    '2019-01-02',
    1,
    number
FROM numbers(11, 60);

INSERT INTO bitmap_test SELECT
    '2019-01-03',
    2,
    number
FROM numbers(1, 10);

crash

SELECT
    bitmapCardinality(day_today) AS today_users,
    bitmapCardinality(day_before) AS before_users,
    bitmapCardinality(bitmapOr(day_today, day_before)) AS ll_users,
    bitmapCardinality(bitmapAnd(day_today, day_before)) AS old_users,
    bitmapCardinality(bitmapAndnot(day_today, day_before)) AS new_users,
    bitmapCardinality(bitmapXor(day_today, day_before)) AS diff_users
FROM
(
    SELECT
        city_id,
        groupBitmapState(uid) AS day_today
    FROM bitmap_test
    WHERE pickup_date = '2019-01-02'
    GROUP BY
        uid,
        city_id
) AS js1
ALL LEFT JOIN
(
    SELECT
        city_id,
        groupBitmapState(uid) AS day_before
    FROM bitmap_test
    WHERE pickup_date = '2019-01-01'
    GROUP BY city_id
) AS js2 USING (city_id)

Metadata

Metadata

Assignees

Labels

crashCrash / segfault / abortfuzzProblem found by one of the fuzzers

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions