TargetSpecific::AVX512VBMI::vectorIndexImpl: undefined-behavior + heap-buffer-overflow

heap-buffer-overflow (report https://s3.amazonaws.com/clickhouse-test-reports/41653/cc6776fc5d54a19c49af55219dfcada1e15ac9b9/fuzzer_astfuzzerasan//report.html):
```
=================================================================
==139==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6030002ff30f at pc 0x00003073cc30 bp 0x7f5589fb58a0 sp 0x7f5589fb5898
READ of size 1 at 0x6030002ff30f thread T30 (MergeMutate)
    #0 0x3073cc2f in void DB::TargetSpecific::AVX512VBMI::vectorIndexImpl<DB::PODArray<char8_t, 4096ul, Allocator<false, false>, 15ul, 16ul>, char8_t>(DB::PODArray<char8_t, 4096ul, Allocator<false, false>, 15ul, 16ul> const&, DB::PODArray<char8_t, 4096ul, Allocator<false, false>, 15ul, 16ul> const&, unsigned long, DB::PODArray<char8_t, 4096ul, Allocator<false, false>, 15ul, 16ul>&) build_docker/../src/Columns/ColumnVector.h:407:1
    #1 0x307345be in COW<DB::IColumn>::immutable_ptr<DB::IColumn> DB::ColumnVector<char8_t>::indexImpl<char8_t>(DB::PODArray<char8_t, 4096ul, Allocator<false, false>, 15ul, 16ul> const&, unsigned long) const build_docker/../src/Columns/ColumnVector.h:530:13
    #2 0x305d87c0 in COW<DB::IColumn>::immutable_ptr<DB::IColumn> DB::selectIndexImpl<DB::ColumnVector<char8_t>>(DB::ColumnVector<char8_t> const&, DB::IColumn const&, unsigned long) build_docker/../src/Columns/ColumnsCommon.h:119:32
    #3 0x305d85ed in DB::ColumnVector<char8_t>::index(DB::IColumn const&, unsigned long) const build_docker/../src/Columns/ColumnVector.cpp:687:12
    #4 0x30474511 in DB::ColumnLowCardinality::insertRangeFrom(DB::IColumn const&, unsigned long, unsigned long) build_docker/../src/Columns/ColumnLowCardinality.cpp:201:53
    #5 0x301c8d00 in DB::ColumnArray::insertRangeFrom(DB::IColumn const&, unsigned long, unsigned long) build_docker/../src/Columns/ColumnArray.cpp:527:15
    #6 0x31a16b73 in DB::MergeTreeDataPartWriterCompact::ColumnsBuffer::add(std::__1::vector<COW<DB::IColumn>::mutable_ptr<DB::IColumn>, std::__1::allocator<COW<DB::IColumn>::mutable_ptr<DB::IColumn>>>&&) build_docker/../src/Storages/MergeTree/MergeTreeDataPartWriterCompact.cpp:376:37
    #7 0x31a16b73 in DB::MergeTreeDataPartWriterCompact::write(DB::Block const&, DB::PODArray<unsigned long, 4096ul, Allocator<false, false>, 15ul, 16ul> const*) build_docker/../src/Storages/MergeTree/MergeTreeDataPartWriterCompact.cpp:158:20
    #8 0x31cd8276 in DB::MergedBlockOutputStream::writeImpl(DB::Block const&, DB::PODArray<unsigned long, 4096ul, Allocator<false, false>, 15ul, 16ul> const*) build_docker/../src/Storages/MergeTree/MergedBlockOutputStream.cpp:308:13
    #9 0x31cd8276 in DB::MergedBlockOutputStream::write(DB::Block const&) build_docker/../src/Storages/MergeTree/MergedBlockOutputStream.cpp:56:5
    #10 0x31807529 in DB::MergeTask::ExecuteAndFinalizeHorizontalPart::executeImpl() build_docker/../src/Storages/MergeTree/MergeTask.cpp:382:64
    #11 0x31807258 in std::__1::__function::__policy_func<bool ()>::operator()() const build_docker/../contrib/libcxx/include/__functional/function.h:843:16
    #12 0x31807258 in std::__1::function<bool ()>::operator()() const build_docker/../contrib/libcxx/include/__functional/function.h:1184:12
    #13 0x31807258 in DB::MergeTask::ExecuteAndFinalizeHorizontalPart::execute() build_docker/../src/Storages/MergeTree/MergeTask.cpp:366:9
    #14 0x31812cd6 in DB::MergeTask::execute() build_docker/../src/Storages/MergeTree/MergeTask.cpp:769:29
    #15 0x31f8ee2a in DB::MergePlainMergeTreeTask::executeStep() build_docker/../src/Storages/MergeTree/MergePlainMergeTreeTask.cpp:47:33
    #16 0x3183be67 in DB::MergeTreeBackgroundExecutor<DB::MergeMutateRuntimeQueue>::routine(std::__1::shared_ptr<DB::TaskRuntimeData>) build_docker/../src/Storages/MergeTree/MergeTreeBackgroundExecutor.cpp:137:42
    #17 0x3183f495 in DB::MergeTreeBackgroundExecutor<DB::MergeMutateRuntimeQueue>::threadFunction() build_docker/../src/Storages/MergeTree/MergeTreeBackgroundExecutor.cpp:259:13
    #18 0xdf3a6df in std::__1::__function::__policy_func<void ()>::operator()() const build_docker/../contrib/libcxx/include/__functional/function.h:843:16
    #19 0xdf3a6df in std::__1::function<void ()>::operator()() const build_docker/../contrib/libcxx/include/__functional/function.h:1184:12
    #20 0xdf3a6df in ThreadPoolImpl<ThreadFromGlobalPoolImpl<false>>::worker(std::__1::__list_iterator<ThreadFromGlobalPoolImpl<false>, void*>) build_docker/../src/Common/ThreadPool.cpp:294:17
    #21 0xdf4442c in void ThreadPoolImpl<ThreadFromGlobalPoolImpl<false>>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()::operator()() const build_docker/../src/Common/ThreadPool.cpp:144:73
    #22 0xdf4442c in decltype(static_cast<void>(fp)()) std::__1::__invoke_constexpr<void ThreadPoolImpl<ThreadFromGlobalPoolImpl<false>>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()&>(void&&) build_docker/../contrib/libcxx/include/type_traits:3648:23
    #23 0xdf4442c in decltype(auto) std::__1::__apply_tuple_impl<void ThreadPoolImpl<ThreadFromGlobalPoolImpl<false>>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()&, std::__1::tuple<>&>(void&&, std::__1::tuple<>&, std::__1::__tuple_indices<>) build_docker/../contrib/libcxx/include/tuple:1595:1
    #24 0xdf4442c in decltype(auto) std::__1::apply<void ThreadPoolImpl<ThreadFromGlobalPoolImpl<false>>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()&, std::__1::tuple<>&>(void&&, std::__1::tuple<>&) build_docker/../contrib/libcxx/include/tuple:1604:1
    #25 0xdf4442c in ThreadFromGlobalPoolImpl<false>::ThreadFromGlobalPoolImpl<void ThreadPoolImpl<ThreadFromGlobalPoolImpl<false>>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()>(void&&)::'lambda'()::operator()() build_docker/../src/Common/ThreadPool.h:193:13
    #26 0xdf4442c in decltype(static_cast<void>(fp)()) std::__1::__invoke<ThreadFromGlobalPoolImpl<false>::ThreadFromGlobalPoolImpl<void ThreadPoolImpl<ThreadFromGlobalPoolImpl<false>>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()>(void&&)::'lambda'()&>(void&&) build_docker/../contrib/libcxx/include/type_traits:3640:23
    #27 0xdf345df in std::__1::__function::__policy_func<void ()>::operator()() const build_docker/../contrib/libcxx/include/__functional/function.h:843:16
    #28 0xdf345df in std::__1::function<void ()>::operator()() const build_docker/../contrib/libcxx/include/__functional/function.h:1184:12
    #29 0xdf345df in ThreadPoolImpl<std::__1::thread>::worker(std::__1::__list_iterator<std::__1::thread, void*>) build_docker/../src/Common/ThreadPool.cpp:294:17
    #30 0xdf3e0cc in void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()::operator()() const build_docker/../src/Common/ThreadPool.cpp:144:73
    #31 0xdf3e0cc in decltype(static_cast<void>(fp)()) std::__1::__invoke<void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()>(void&&) build_docker/../contrib/libcxx/include/type_traits:3640:23
    #32 0xdf3e0cc in void std::__1::__thread_execute<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()>(std::__1::tuple<void, void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()>&, std::__1::__tuple_indices<>) build_docker/../contrib/libcxx/include/thread:282:5
    #33 0xdf3e0cc in void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()>>(void*) build_docker/../contrib/libcxx/include/thread:293:5
    #34 0x7f56b5a4d608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477:8
    #35 0x7f56b5972132 in __clone /build/glibc-SzIz7B/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95

0x6030002ff30f is located 0 bytes to the right of 31-byte region [0x6030002ff2f0,0x6030002ff30f)
allocated by thread T30 (MergeMutate) here:
    #0 0xdcd412e in malloc (/workspace/clickhouse+0xdcd412e) (BuildId: 8a237203bfc190b0611523cac9422c6feef605df)
    #1 0xde32417 in Allocator<false, false>::allocNoTrack(unsigned long, unsigned long) build_docker/../src/Common/Allocator.h:227:27
    #2 0xdee7c8e in Allocator<false, false>::alloc(unsigned long, unsigned long) build_docker/../src/Common/Allocator.h:96:16
    #3 0xdee7c8e in void DB::PODArrayBase<1ul, 4096ul, Allocator<false, false>, 15ul, 16ul>::alloc<>(unsigned long) build_docker/../src/Common/PODArray.h:134:65
    #4 0x2cebb297 in DB::PODArrayBase<1ul, 4096ul, Allocator<false, false>, 15ul, 16ul>::alloc_for_num_elements(unsigned long) build_docker/../src/Common/PODArray.h:128:9
    #5 0x2cebb297 in DB::PODArray<char8_t, 4096ul, Allocator<false, false>, 15ul, 16ul>::PODArray(unsigned long) build_docker/../src/Common/PODArray.h:344:15
    #6 0x2cebb297 in DB::ColumnVector<char8_t>::ColumnVector(unsigned long) build_docker/../src/Columns/ColumnVector.h:137:45
    #7 0x2cebb297 in COW<DB::IColumn>::mutable_ptr<DB::ColumnVector<char8_t>> COWHelper<DB::ColumnVectorHelper, DB::ColumnVector<char8_t>>::create<unsigned long const&>(unsigned long const&) build_docker/../src/Common/COW.h:284:71
    #8 0x2cebb297 in COW<DB::IColumn>::mutable_ptr<DB::IColumn> DB::ColumnUnique<DB::ColumnString>::uniqueInsertRangeFrom(DB::IColumn const&, unsigned long, unsigned long)::'lambda'(auto)::operator()<char8_t>(auto) const build_docker/../src/Columns/ColumnUnique.h:607:30
    #9 0x2ceb5e59 in DB::ColumnUnique<DB::ColumnString>::uniqueInsertRangeFrom(DB::IColumn const&, unsigned long, unsigned long) build_docker/../src/Columns/ColumnUnique.h:616:28
    #10 0x30474492 in DB::ColumnLowCardinality::insertRangeFrom(DB::IColumn const&, unsigned long, unsigned long) build_docker/../src/Columns/ColumnLowCardinality.cpp:200:62
    #11 0x301c8d00 in DB::ColumnArray::insertRangeFrom(DB::IColumn const&, unsigned long, unsigned long) build_docker/../src/Columns/ColumnArray.cpp:527:15
    #12 0x31a16b73 in DB::MergeTreeDataPartWriterCompact::ColumnsBuffer::add(std::__1::vector<COW<DB::IColumn>::mutable_ptr<DB::IColumn>, std::__1::allocator<COW<DB::IColumn>::mutable_ptr<DB::IColumn>>>&&) build_docker/../src/Storages/MergeTree/MergeTreeDataPartWriterCompact.cpp:376:37
    #13 0x31a16b73 in DB::MergeTreeDataPartWriterCompact::write(DB::Block const&, DB::PODArray<unsigned long, 4096ul, Allocator<false, false>, 15ul, 16ul> const*) build_docker/../src/Storages/MergeTree/MergeTreeDataPartWriterCompact.cpp:158:20
    #14 0x31cd8276 in DB::MergedBlockOutputStream::writeImpl(DB::Block const&, DB::PODArray<unsigned long, 4096ul, Allocator<false, false>, 15ul, 16ul> const*) build_docker/../src/Storages/MergeTree/MergedBlockOutputStream.cpp:308:13
    #15 0x31cd8276 in DB::MergedBlockOutputStream::write(DB::Block const&) build_docker/../src/Storages/MergeTree/MergedBlockOutputStream.cpp:56:5
    #16 0x31807529 in DB::MergeTask::ExecuteAndFinalizeHorizontalPart::executeImpl() build_docker/../src/Storages/MergeTree/MergeTask.cpp:382:64
    #17 0x31807258 in std::__1::__function::__policy_func<bool ()>::operator()() const build_docker/../contrib/libcxx/include/__functional/function.h:843:16
    #18 0x31807258 in std::__1::function<bool ()>::operator()() const build_docker/../contrib/libcxx/include/__functional/function.h:1184:12
    #19 0x31807258 in DB::MergeTask::ExecuteAndFinalizeHorizontalPart::execute() build_docker/../src/Storages/MergeTree/MergeTask.cpp:366:9
    #20 0x31812cd6 in DB::MergeTask::execute() build_docker/../src/Storages/MergeTree/MergeTask.cpp:769:29
    #21 0x31f8ee2a in DB::MergePlainMergeTreeTask::executeStep() build_docker/../src/Storages/MergeTree/MergePlainMergeTreeTask.cpp:47:33
    #22 0x3183be67 in DB::MergeTreeBackgroundExecutor<DB::MergeMutateRuntimeQueue>::routine(std::__1::shared_ptr<DB::TaskRuntimeData>) build_docker/../src/Storages/MergeTree/MergeTreeBackgroundExecutor.cpp:137:42
    #23 0x3183f495 in DB::MergeTreeBackgroundExecutor<DB::MergeMutateRuntimeQueue>::threadFunction() build_docker/../src/Storages/MergeTree/MergeTreeBackgroundExecutor.cpp:259:13
    #24 0xdf3a6df in std::__1::__function::__policy_func<void ()>::operator()() const build_docker/../contrib/libcxx/include/__functional/function.h:843:16
    #25 0xdf3a6df in std::__1::function<void ()>::operator()() const build_docker/../contrib/libcxx/include/__functional/function.h:1184:12
    #26 0xdf3a6df in ThreadPoolImpl<ThreadFromGlobalPoolImpl<false>>::worker(std::__1::__list_iterator<ThreadFromGlobalPoolImpl<false>, void*>) build_docker/../src/Common/ThreadPool.cpp:294:17
    #27 0xdf4442c in void ThreadPoolImpl<ThreadFromGlobalPoolImpl<false>>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()::operator()() const build_docker/../src/Common/ThreadPool.cpp:144:73
    #28 0xdf4442c in decltype(static_cast<void>(fp)()) std::__1::__invoke_constexpr<void ThreadPoolImpl<ThreadFromGlobalPoolImpl<false>>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()&>(void&&) build_docker/../contrib/libcxx/include/type_traits:3648:23
    #29 0xdf4442c in decltype(auto) std::__1::__apply_tuple_impl<void ThreadPoolImpl<ThreadFromGlobalPoolImpl<false>>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()&, std::__1::tuple<>&>(void&&, std::__1::tuple<>&, std::__1::__tuple_indices<>) build_docker/../contrib/libcxx/include/tuple:1595:1
    #30 0xdf4442c in decltype(auto) std::__1::apply<void ThreadPoolImpl<ThreadFromGlobalPoolImpl<false>>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()&, std::__1::tuple<>&>(void&&, std::__1::tuple<>&) build_docker/../contrib/libcxx/include/tuple:1604:1
    #31 0xdf4442c in ThreadFromGlobalPoolImpl<false>::ThreadFromGlobalPoolImpl<void ThreadPoolImpl<ThreadFromGlobalPoolImpl<false>>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()>(void&&)::'lambda'()::operator()() build_docker/../src/Common/ThreadPool.h:193:13
    #32 0xdf4442c in decltype(static_cast<void>(fp)()) std::__1::__invoke<ThreadFromGlobalPoolImpl<false>::ThreadFromGlobalPoolImpl<void ThreadPoolImpl<ThreadFromGlobalPoolImpl<false>>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()>(void&&)::'lambda'()&>(void&&) build_docker/../contrib/libcxx/include/type_traits:3640:23
    #33 0xdf345df in std::__1::__function::__policy_func<void ()>::operator()() const build_docker/../contrib/libcxx/include/__functional/function.h:843:16
    #34 0xdf345df in std::__1::function<void ()>::operator()() const build_docker/../contrib/libcxx/include/__functional/function.h:1184:12
    #35 0xdf345df in ThreadPoolImpl<std::__1::thread>::worker(std::__1::__list_iterator<std::__1::thread, void*>) build_docker/../src/Common/ThreadPool.cpp:294:17
    #36 0xdf3e0cc in void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()::operator()() const build_docker/../src/Common/ThreadPool.cpp:144:73
    #37 0xdf3e0cc in decltype(static_cast<void>(fp)()) std::__1::__invoke<void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()>(void&&) build_docker/../contrib/libcxx/include/type_traits:3640:23
    #38 0xdf3e0cc in void std::__1::__thread_execute<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()>(std::__1::tuple<void, void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()>&, std::__1::__tuple_indices<>) build_docker/../contrib/libcxx/include/thread:282:5
    #39 0xdf3e0cc in void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()>>(void*) build_docker/../contrib/libcxx/include/thread:293:5
    #40 0x7f56b5a4d608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477:8

Thread T30 (MergeMutate) created by T0 here:
    #0 0xdcbcfdc in pthread_create (/workspace/clickhouse+0xdcbcfdc) (BuildId: 8a237203bfc190b0611523cac9422c6feef605df)
    #1 0xdf3cf54 in std::__1::__libcpp_thread_create(unsigned long*, void* (*)(void*), void*) build_docker/../contrib/libcxx/include/__threading_support:375:10
    #2 0xdf3cf54 in std::__1::thread::thread<void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'(), void>(void&&) build_docker/../contrib/libcxx/include/thread:309:16
    #3 0xdf311ab in void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool) build_docker/../src/Common/ThreadPool.cpp:144:35
    #4 0xdf433c7 in ThreadPoolImpl<std::__1::thread>::scheduleOrThrow(std::__1::function<void ()>, int, unsigned long, bool) build_docker/../src/Common/ThreadPool.cpp:180:5
    #5 0xdf433c7 in ThreadFromGlobalPoolImpl<false>::ThreadFromGlobalPoolImpl<void ThreadPoolImpl<ThreadFromGlobalPoolImpl<false>>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()>(void&&) build_docker/../src/Common/ThreadPool.h:176:38
    #6 0xdf36c42 in void ThreadPoolImpl<ThreadFromGlobalPoolImpl<false>>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool) build_docker/../src/Common/ThreadPool.cpp:144:35
    #7 0xdf3637b in ThreadPoolImpl<ThreadFromGlobalPoolImpl<false>>::scheduleOrThrowOnError(std::__1::function<void ()>, int) build_docker/../src/Common/ThreadPool.cpp:168:5
    #8 0x318370ba in DB::MergeTreeBackgroundExecutor<DB::MergeMutateRuntimeQueue>::MergeTreeBackgroundExecutor(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, unsigned long, unsigned long, unsigned long) build_docker/../src/Storages/MergeTree/MergeTreeBackgroundExecutor.h:185:18
    #9 0x2e283dd2 in DB::MergeTreeBackgroundExecutor<DB::MergeMutateRuntimeQueue>* std::__1::construct_at<DB::MergeTreeBackgroundExecutor<DB::MergeMutateRuntimeQueue>, char const (&) [12], unsigned long&, unsigned long, unsigned long const&, DB::MergeTreeBackgroundExecutor<DB::MergeMutateRuntimeQueue>*>(DB::MergeTreeBackgroundExecutor<DB::MergeMutateRuntimeQueue>*, char const (&) [12], unsigned long&, unsigned long&&, unsigned long const&) build_docker/../contrib/libcxx/include/__memory/construct_at.h:38:50
    #10 0x2e2228c6 in void std::__1::allocator_traits<std::__1::allocator<DB::MergeTreeBackgroundExecutor<DB::MergeMutateRuntimeQueue>>>::construct<DB::MergeTreeBackgroundExecutor<DB::MergeMutateRuntimeQueue>, char const (&) [12], unsigned long&, unsigned long, unsigned long const&, void, void>(std::__1::allocator<DB::MergeTreeBackgroundExecutor<DB::MergeMutateRuntimeQueue>>&, DB::MergeTreeBackgroundExecutor<DB::MergeMutateRuntimeQueue>*, char const (&) [12], unsigned long&, unsigned long&&, unsigned long const&) build_docker/../contrib/libcxx/include/__memory/allocator_traits.h:298:9
    #11 0x2e2228c6 in std::__1::__shared_ptr_emplace<DB::MergeTreeBackgroundExecutor<DB::MergeMutateRuntimeQueue>, std::__1::allocator<DB::MergeTreeBackgroundExecutor<DB::MergeMutateRuntimeQueue>>>::__shared_ptr_emplace<char const (&) [12], unsigned long&, unsigned long, unsigned long const&>(std::__1::allocator<DB::MergeTreeBackgroundExecutor<DB::MergeMutateRuntimeQueue>>, char const (&) [12], unsigned long&, unsigned long&&, unsigned long const&) build_docker/../contrib/libcxx/include/__memory/shared_ptr.h:293:9
    #12 0x2e2228c6 in std::__1::shared_ptr<DB::MergeTreeBackgroundExecutor<DB::MergeMutateRuntimeQueue>> std::__1::allocate_shared<DB::MergeTreeBackgroundExecutor<DB::MergeMutateRuntimeQueue>, std::__1::allocator<DB::MergeTreeBackgroundExecutor<DB::MergeMutateRuntimeQueue>>, char const (&) [12], unsigned long&, unsigned long, unsigned long const&, void>(std::__1::allocator<DB::MergeTreeBackgroundExecutor<DB::MergeMutateRuntimeQueue>> const&, char const (&) [12], unsigned long&, unsigned long&&, unsigned long const&) build_docker/../contrib/libcxx/include/__memory/shared_ptr.h:954:55
    #13 0x2e2228c6 in std::__1::shared_ptr<DB::MergeTreeBackgroundExecutor<DB::MergeMutateRuntimeQueue>> std::__1::make_shared<DB::MergeTreeBackgroundExecutor<DB::MergeMutateRuntimeQueue>, char const (&) [12], unsigned long&, unsigned long, unsigned long const&, void>(char const (&) [12], unsigned long&, unsigned long&&, unsigned long const&) build_docker/../contrib/libcxx/include/__memory/shared_ptr.h:963:12
    #14 0x2e2228c6 in DB::Context::initializeBackgroundExecutorsIfNeeded() build_docker/../src/Interpreters/Context.cpp:3315:37
    #15 0xdd3f75c in DB::Server::main(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>> const&) build_docker/../programs/server/Server.cpp:1414:21
    #16 0x392a9be6 in Poco::Util::Application::run() build_docker/../contrib/poco/Util/src/Application.cpp:334:8
    #17 0xdd1e65f in DB::Server::run() build_docker/../programs/server/Server.cpp:466:25
    #18 0x392ed398 in Poco::Util::ServerApplication::run(int, char**) build_docker/../contrib/poco/Util/src/ServerApplication.cpp:611:9
    #19 0xdd1740f in mainEntryClickHouseServer(int, char**) build_docker/../programs/server/Server.cpp:181:20
    #20 0xdd11f1a in main build_docker/../programs/main.cpp:480:12
    #21 0x7f56b5877082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16

SUMMARY: AddressSanitizer: heap-buffer-overflow build_docker/../src/Columns/ColumnVector.h:407:1 in void DB::TargetSpecific::AVX512VBMI::vectorIndexImpl<DB::PODArray<char8_t, 4096ul, Allocator<false, false>, 15ul, 16ul>, char8_t>(DB::PODArray<char8_t, 4096ul, Allocator<false, false>, 15ul, 16ul> const&, DB::PODArray<char8_t, 4096ul, Allocator<false, false>, 15ul, 16ul> const&, unsigned long, DB::PODArray<char8_t, 4096ul, Allocator<false, false>, 15ul, 16ul>&)
Shadow bytes around the buggy address:
  0x0c0680057e10: 00 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0680057e20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0680057e30: fa fa fa fa fa fa fa fa fa fa 00 00 00 00 fa fa
  0x0c0680057e40: 00 00 00 00 fa fa fa fa fa fa fa fa fd fd fd fd
  0x0c0680057e50: fa fa fd fd fd fd fa fa fd fd fd fd fa fa 00 00
=>0x0c0680057e60: 00[07]fa fa fd fd fd fd fa fa fa fa fa fa fa fa
  0x0c0680057e70: fa fa fa fa fa fa 00 00 00 00 fa fa fa fa fa fa
  0x0c0680057e80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0680057e90: fa fa fa fa fa fa fa fa fa fa 00 00 00 07 fa fa
  0x0c0680057ea0: fa fa fa fa fa fa fa fa fa fa fa fa 00 00 00 00
  0x0c0680057eb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==139==ABORTING
```
UB (https://s3.amazonaws.com/clickhouse-test-reports/41653/cc6776fc5d54a19c49af55219dfcada1e15ac9b9/fuzzer_astfuzzerubsan//report.html):
```
    #0 0x2b5c6784 in void DB::TargetSpecific::AVX512VBMI::vectorIndexImpl<DB::PODArray<char8_t, 4096ul, Allocator<false, false>, 15ul, 16ul>, char8_t>(DB::PODArray<char8_t, 4096ul, Allocator<false, false>, 15ul, 16ul> const&, DB::PODArray<char8_t, 4096ul, Allocator<false, false>, 15ul, 16ul> const&, unsigned long, DB::PODArray<char8_t, 4096ul, Allocator<false, false>, 15ul, 16ul>&) build_docker/../src/Columns/ColumnVector.h:407:1
    #1 0x2b5c5c7c in COW<DB::IColumn>::immutable_ptr<DB::IColumn> DB::ColumnVector<char8_t>::indexImpl<char8_t>(DB::PODArray<char8_t, 4096ul, Allocator<false, false>, 15ul, 16ul> const&, unsigned long) const build_docker/../src/Columns/ColumnVector.h:530:13
    #2 0x2b4ee6ec in COW<DB::IColumn>::immutable_ptr<DB::IColumn> DB::selectIndexImpl<DB::ColumnVector<char8_t>>(DB::ColumnVector<char8_t> const&, DB::IColumn const&, unsigned long) build_docker/../src/Columns/ColumnsCommon.h:119:32
    #3 0x2b4ee56d in DB::ColumnVector<char8_t>::index(DB::IColumn const&, unsigned long) const build_docker/../src/Columns/ColumnVector.cpp:687:12
    #4 0x2b4265fb in DB::ColumnLowCardinality::insertRangeFrom(DB::IColumn const&, unsigned long, unsigned long) build_docker/../src/Columns/ColumnLowCardinality.cpp:201:53
    #5 0x2b29c656 in DB::ColumnArray::insertRangeFrom(DB::IColumn const&, unsigned long, unsigned long) build_docker/../src/Columns/ColumnArray.cpp:527:15
    #6 0x2be9abf6 in DB::MergeTreeDataPartWriterCompact::ColumnsBuffer::add(std::__1::vector<COW<DB::IColumn>::mutable_ptr<DB::IColumn>, std::__1::allocator<COW<DB::IColumn>::mutable_ptr<DB::IColumn>>>&&) build_docker/../src/Storages/MergeTree/MergeTreeDataPartWriterCompact.cpp:376:37
    #7 0x2be9a24a in DB::MergeTreeDataPartWriterCompact::write(DB::Block const&, DB::PODArray<unsigned long, 4096ul, Allocator<false, false>, 15ul, 16ul> const*) build_docker/../src/Storages/MergeTree/MergeTreeDataPartWriterCompact.cpp:158:20
    #8 0x2bff061b in DB::MergedBlockOutputStream::writeImpl(DB::Block const&, DB::PODArray<unsigned long, 4096ul, Allocator<false, false>, 15ul, 16ul> const*) build_docker/../src/Storages/MergeTree/MergedBlockOutputStream.cpp:308:13
    #9 0x2bd834c8 in DB::MergeTask::ExecuteAndFinalizeHorizontalPart::executeImpl() build_docker/../src/Storages/MergeTree/MergeTask.cpp:382:64
    #10 0x2bd82fb1 in std::__1::__function::__policy_func<bool ()>::operator()() const build_docker/../contrib/libcxx/include/__functional/function.h:843:16
    #11 0x2bd82fb1 in std::__1::function<bool ()>::operator()() const build_docker/../contrib/libcxx/include/__functional/function.h:1184:12
    #12 0x2bd82fb1 in DB::MergeTask::ExecuteAndFinalizeHorizontalPart::execute() build_docker/../src/Storages/MergeTree/MergeTask.cpp:366:9
    #13 0x2bd8ec24 in DB::MergeTask::execute() build_docker/../src/Storages/MergeTree/MergeTask.cpp:769:29
    #14 0x2c137b70 in DB::MergePlainMergeTreeTask::executeStep() build_docker/../src/Storages/MergeTree/MergePlainMergeTreeTask.cpp:47:33
    #15 0x2bdb0283 in DB::MergeTreeBackgroundExecutor<DB::MergeMutateRuntimeQueue>::routine(std::__1::shared_ptr<DB::TaskRuntimeData>) build_docker/../src/Storages/MergeTree/MergeTreeBackgroundExecutor.cpp:137:42
    #16 0x2bdb1610 in DB::MergeTreeBackgroundExecutor<DB::MergeMutateRuntimeQueue>::threadFunction() build_docker/../src/Storages/MergeTree/MergeTreeBackgroundExecutor.cpp:259:13
    #17 0x157b1fd2 in std::__1::__function::__policy_func<void ()>::operator()() const build_docker/../contrib/libcxx/include/__functional/function.h:843:16
    #18 0x157b1fd2 in std::__1::function<void ()>::operator()() const build_docker/../contrib/libcxx/include/__functional/function.h:1184:12
    #19 0x157b1fd2 in ThreadPoolImpl<ThreadFromGlobalPoolImpl<false>>::worker(std::__1::__list_iterator<ThreadFromGlobalPoolImpl<false>, void*>) build_docker/../src/Common/ThreadPool.cpp:294:17
    #20 0x157b60ee in void ThreadPoolImpl<ThreadFromGlobalPoolImpl<false>>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()::operator()() const build_docker/../src/Common/ThreadPool.cpp:144:73
    #21 0x157b60ee in decltype(static_cast<void>(fp)()) std::__1::__invoke_constexpr<void ThreadPoolImpl<ThreadFromGlobalPoolImpl<false>>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()&>(void&&) build_docker/../contrib/libcxx/include/type_traits:3648:23
    #22 0x157b60ee in decltype(auto) std::__1::__apply_tuple_impl<void ThreadPoolImpl<ThreadFromGlobalPoolImpl<false>>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()&, std::__1::tuple<>&>(void&&, std::__1::tuple<>&, std::__1::__tuple_indices<>) build_docker/../contrib/libcxx/include/tuple:1595:1
    #23 0x157b60ee in decltype(auto) std::__1::apply<void ThreadPoolImpl<ThreadFromGlobalPoolImpl<false>>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()&, std::__1::tuple<>&>(void&&, std::__1::tuple<>&) build_docker/../contrib/libcxx/include/tuple:1604:1
    #24 0x157b60ee in ThreadFromGlobalPoolImpl<false>::ThreadFromGlobalPoolImpl<void ThreadPoolImpl<ThreadFromGlobalPoolImpl<false>>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()>(void&&)::'lambda'()::operator()() build_docker/../src/Common/ThreadPool.h:193:13
    #25 0x157aff12 in std::__1::__function::__policy_func<void ()>::operator()() const build_docker/../contrib/libcxx/include/__functional/function.h:843:16
    #26 0x157aff12 in std::__1::function<void ()>::operator()() const build_docker/../contrib/libcxx/include/__functional/function.h:1184:12
    #27 0x157aff12 in ThreadPoolImpl<std::__1::thread>::worker(std::__1::__list_iterator<std::__1::thread, void*>) build_docker/../src/Common/ThreadPool.cpp:294:17
    #28 0x157b3d43 in void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()::operator()() const build_docker/../src/Common/ThreadPool.cpp:144:73
    #29 0x157b3d43 in decltype(static_cast<void>(fp)()) std::__1::__invoke<void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()>(void&&) build_docker/../contrib/libcxx/include/type_traits:3640:23
    #30 0x157b3d43 in void std::__1::__thread_execute<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()>(std::__1::tuple<void, void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()>&, std::__1::__tuple_indices<>) build_docker/../contrib/libcxx/include/thread:282:5
    #31 0x157b3d43 in void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()>>(void*) build_docker/../contrib/libcxx/include/thread:293:5
    #32 0x7f0dec72d608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477:8
    #33 0x7f0dec652132 in __clone /build/glibc-SzIz7B/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TargetSpecific::AVX512VBMI::vectorIndexImpl: undefined-behavior + heap-buffer-overflow #41745

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

TargetSpecific::AVX512VBMI::vectorIndexImpl: undefined-behavior + heap-buffer-overflow #41745

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions