You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I had searched in the issues and found no similar issues.
Version
Master compiled with asan.
It might occur in previous version which enables VectorizedEngine(Not verified).
What's Wrong?
==1863897==ERROR: AddressSanitizer: global-buffer-overflow on address 0x5610761efac0 at pc 0x56107fd1da64 bp 0x7f9a52341ad0 sp 0x7f9a52341ac0
READ of size 1 at 0x5610761efac0 thread T70 (_scanner_scan)
#0 0x56107fd1da63 in doris::vectorized::FindInSetOp::execute(std::basic_string_view<char, std::char_traits > const&, std::basic_string_view<char, std::char_traits > const&, int&) /home/zcp/repo_center/doris_master/be/src/vec/functions/function_string.cpp:154 #1 0x56107fdb57ef in doris::vectorized::StringFunctionImpl<doris::vectorized::DataTypeString, doris::vectorized::DataTypeString, doris::vectorized::FindInSetOp>::vector_vector(doris::vectorized::PODArray<unsigned char, 4096ul, Allocator<false, false>, 15ul, 16ul> const&, doris::vectorized::PODArray<unsigned int, 4096ul, Allocator<false, false>, 15ul, 16ul> const&, doris::vectorized::PODArray<unsigned char, 4096ul, Allocator<false, false>, 15ul, 16ul> const&, doris::vectorized::PODArray<unsigned int, 4096ul, Allocator<false, false>, 15ul, 16ul> const&, doris::vectorized::PODArray<int, 4096ul, Allocator<false, false>, 15ul, 16ul>&) /home/zcp/repo_center/doris_master/be/src/vec/functions/function_string.cpp:233 #2 0x56107fdaeeac in doris::Status doris::vectorized::FunctionBinaryToType<doris::vectorized::DataTypeString, doris::vectorized::DataTypeString, doris::vectorized::StringFindInSetImpl, doris::vectorized::NameFindInSet>::execute_inner_impl<doris::vectorized::DataTypeNumber, (doris::vectorized::DataTypeNumber)0>(doris::vectorized::ColumnWithTypeAndName const&, doris::vectorized::ColumnWithTypeAndName const&, doris::vectorized::Block&, std::vector<unsigned long, std::allocator > const&, unsigned long) /home/zcp/repo_center/doris_master/be/src/vec/functions/function_totype.h:236 #3 0x56107fda3671 in doris::vectorized::FunctionBinaryToType<doris::vectorized::DataTypeString, doris::vectorized::DataTypeString, doris::vectorized::StringFindInSetImpl, doris::vectorized::NameFindInSet>::execute_impl(doris_udf::FunctionContext, doris::vectorized::Block&, std::vector<unsigned long, std::allocator > const&, unsigned long, unsigned long) /home/zcp/repo_center/doris_master/be/src/vec/functions/function_totype.h:215 #4 0x56107e7fea5c in doris::vectorized::DefaultExecutable::execute_impl(doris_udf::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned long, std::allocator > const&, unsigned long, unsigned long) /home/zcp/repo_center/doris_master/be/src/vec/functions/function.h:465 #5 0x56107f920d9a in doris::vectorized::PreparedFunctionImpl::execute_without_low_cardinality_columns(doris_udf::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned long, std::allocator > const&, unsigned long, unsigned long, bool) /home/zcp/repo_center/doris_master/be/src/vec/functions/function.cpp:251 #6 0x56107f920f19 in doris::vectorized::PreparedFunctionImpl::execute(doris_udf::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned long, std::allocator > const&, unsigned long, unsigned long, bool) /home/zcp/repo_center/doris_master/be/src/vec/functions/function.cpp:273 #7 0x56107e7fb5ca in doris::vectorized::IFunctionBase::execute(doris_udf::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned long, std::allocator > const&, unsigned long, unsigned long, bool) /home/zcp/repo_center/doris_master/be/src/vec/functions/function.h:136 #8 0x56107e7244e4 in doris::vectorized::VectorizedFnCall::execute(doris::vectorized::VExprContext*, doris::vectorized::Block*, int*) /home/zcp/repo_center/doris_master/be/src/vec/exprs/vectorized_fn_call.cpp:96 #9 0x56107e72410d in doris::vectorized::VectorizedFnCall::execute(doris::vectorized::VExprContext*, doris::vectorized::Block*, int*) /home/zcp/repo_center/doris_master/be/src/vec/exprs/vectorized_fn_call.cpp:89 #10 0x56107e72410d in doris::vectorized::VectorizedFnCall::execute(doris::vectorized::VExprContext*, doris::vectorized::Block*, int*) /home/zcp/repo_center/doris_master/be/src/vec/exprs/vectorized_fn_call.cpp:89 #11 0x56107e746651 in doris::vectorized::VExprContext::execute(doris::vectorized::Block*, int*) /home/zcp/repo_center/doris_master/be/src/vec/exprs/vexpr_context.cpp:43 #12 0x56107e74844f in doris::vectorized::VExprContext::filter_block(doris::vectorized::VExprContext*, doris::vectorized::Block*, int) /home/zcp/repo_center/doris_master/be/src/vec/exprs/vexpr_context.cpp:121 #13 0x561082a5dbec in doris::vectorized::VScanner::_filter_output_block(doris::vectorized::Block*) /home/zcp/repo_center/doris_master/be/src/vec/exec/scan/vscanner.cpp:121 #14 0x561082a5ca36 in doris::vectorized::VScanner::get_block(doris::RuntimeState*, doris::vectorized::Block*, bool*) /home/zcp/repo_center/doris_master/be/src/vec/exec/scan/vscanner.cpp:80 #15 0x561082a38fbd in doris::vectorized::ScannerScheduler::_scanner_scan(doris::vectorized::ScannerScheduler*, doris::vectorized::ScannerContext*, doris::vectorized::VScanner*) /home/zcp/repo_center/doris_master/be/src/vec/exec/scan/scanner_scheduler.cpp:224 #16 0x561082a36d26 in operator() /home/zcp/repo_center/doris_master/be/src/vec/exec/scan/scanner_scheduler.cpp:127 #17 0x561082a3b15d in __invoke_impl<void, doris::vectorized::ScannerScheduler::_schedule_scanners(doris::vectorized::ScannerContext*)::<lambda()>&> /var/local/ldb_toolchain/include/c++/11/bits/invoke.h:61 #18 0x561082a3add5 in __invoke_r<void, doris::vectorized::ScannerScheduler::_schedule_scanners(doris::vectorized::ScannerContext*)::<lambda()>&> /var/local/ldb_toolchain/include/c++/11/bits/invoke.h:111 #19 0x561082a3a842 in _M_invoke /var/local/ldb_toolchain/include/c++/11/bits/std_function.h:291 #20 0x56107ad96b91 in std::function<void ()>::operator()() const /var/local/ldb_toolchain/include/c++/11/bits/std_function.h:560 #21 0x56107b833437 in doris::FunctionRunnable::run() /home/zcp/repo_center/doris_master/be/src/util/threadpool.cpp:45 #22 0x56107b82e77f in doris::ThreadPool::dispatch_thread() /home/zcp/repo_center/doris_master/be/src/util/threadpool.cpp:540 #23 0x56107b84fa9b in void std::_invoke_impl<void, void (doris::ThreadPool::&)(), doris::ThreadPool&>(std::_invoke_memfun_deref, void (doris::ThreadPool::&)(), doris::ThreadPool&) /var/local/ldb_toolchain/include/c++/11/bits/invoke.h:74 #24 0x56107b84f33a in std::_invoke_result<void (doris::ThreadPool::&)(), doris::ThreadPool&>::type std::_invoke<void (doris::ThreadPool::&)(), doris::ThreadPool&>(void (doris::ThreadPool::&)(), doris::ThreadPool&) /var/local/ldb_toolchain/include/c++/11/bits/invoke.h:96 #25 0x56107b84e6d9 in void std::Bind<void (doris::ThreadPool::(doris::ThreadPool))()>::_call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) /var/local/ldb_toolchain/include/c++/11/functional:420 #26 0x56107b84d1ea in void std::_Bind<void (doris::ThreadPool::(doris::ThreadPool))()>::operator()<, void>() /var/local/ldb_toolchain/include/c++/11/functional:503 #27 0x56107b849ddb in void std::_invoke_impl<void, std::_Bind<void (doris::ThreadPool::(doris::ThreadPool))()>&>(std::_invoke_other, std::_Bind<void (doris::ThreadPool::(doris::ThreadPool))()>&) /var/local/ldb_toolchain/include/c++/11/bits/invoke.h:61 #28 0x56107b847349 in std::enable_if<is_invocable_r_v<void, std::Bind<void (doris::ThreadPool::(doris::ThreadPool))()>&>, void>::type std::_invoke_r<void, std::_Bind<void (doris::ThreadPool::(doris::ThreadPool))()>&>(std::_Bind<void (doris::ThreadPool::(doris::ThreadPool))()>&) /var/local/ldb_toolchain/include/c++/11/bits/invoke.h:111 #29 0x56107b84264c in std::_Function_handler<void (), std::_Bind<void (doris::ThreadPool::(doris::ThreadPool))()> >::_M_invoke(std::_Any_data const&) /var/local/ldb_toolchain/include/c++/11/bits/std_function.h:291 #30 0x56107ad96b91 in std::function<void ()>::operator()() const /var/local/ldb_toolchain/include/c++/11/bits/std_function.h:560 #31 0x56107b80e2d1 in doris::Thread::supervise_thread(void*) /home/zcp/repo_center/doris_master/be/src/util/thread.cpp:425 #32 0x7f9a796a7608 in start_thread /build/glibc-sMfBJT/glibc-2.31/nptl/pthread_create.c:477 #33 0x7f9a797e1162 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f162)
0x5610761efac0 is located 0 bytes to the right of global variable 'empty_pod_array' defined in '/home/zcp/repo_center/doris_master/be/src/vec/common/pod_array.cpp:25:12' (0x5610761ef6c0) of size 1024
SUMMARY: AddressSanitizer: global-buffer-overflow /home/zcp/repo_center/doris_master/be/src/vec/functions/function_string.cpp:154 in doris::vectorized::FindInSetOp::execute(std::basic_string_view<char, std::char_traits > const&, std::basic_string_view<char, std::char_traits > const&, int&)
Shadow bytes around the buggy address:
0x0ac28ec35f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac28ec35f10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac28ec35f20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac28ec35f30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac28ec35f40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ac28ec35f50: 00 00 00 00 00 00 00 00[f9]f9 f9 f9 00 00 00 00
0x0ac28ec35f60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac28ec35f70: 00 00 00 00 00 00 00 00 00 00 00 00 03 f9 f9 f9
0x0ac28ec35f80: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac28ec35f90: 00 01 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x0ac28ec35fa0: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
Thread T70 (_scanner_scan) created by T0 here:
Thread T70 (_scanner_scan) created by T0 here:
#0 0x561078bd0061 in pthread_create (/mnt/ssd01/doris-master/VEC_ASAN/be/lib/doris_be+0xbdd2061) #1 0x56107b80d629 in doris::Thread::start_thread(std::_cxx11::basic_string<char, std::char_traits, std::allocator > const&, std::_cxx11::basic_string<char, std::char_traits, std::allocator > const&, std::function<void ()> const&, unsigned long, scoped_refptrdoris::Thread) /home/zcp/repo_center/doris_master/be/src/util/thread.cpp:379 #2 0x56107b837ca3 in doris::Status doris::Thread::create<void (doris::ThreadPool::)(), doris::ThreadPool>(std::_cxx11::basic_string<char, std::char_traits, std::allocator > const&, std::_cxx11::basic_string<char, std::char_traits, std::allocator > const&, void (doris::ThreadPool:: const&)(), doris::ThreadPool* const&, scoped_refptrdoris::Thread) /home/zcp/repo_center/doris_master/be/src/util/thread.h:54 #3 0x56107b82ffc6 in doris::ThreadPool::create_thread() /home/zcp/repo_center/doris_master/be/src/util/threadpool.cpp:609 #4 0x56107b829ae0 in doris::ThreadPool::init() /home/zcp/repo_center/doris_master/be/src/util/threadpool.cpp:266 #5 0x56107b82638c in doris::ThreadPoolBuilder::build(std::unique_ptr<doris::ThreadPool, std::default_deletedoris::ThreadPool >) const /home/zcp/repo_center/doris_master/be/src/util/threadpool.cpp:77 #6 0x56107ad774bd in doris::ExecEnv::_init(std::vector<doris::StorePath, std::allocatordoris::StorePath > const&) /home/zcp/repo_center/doris_master/be/src/runtime/exec_env_init.cpp:126 #7 0x56107ad7667d in doris::ExecEnv::init(doris::ExecEnv*, std::vector<doris::StorePath, std::allocatordoris::StorePath > const&) /home/zcp/repo_center/doris_master/be/src/runtime/exec_env_init.cpp:81 #8 0x561078c7c982 in main /home/zcp/repo_center/doris_master/be/src/service/doris_main.cpp:383 #9 0x7f9a796e60b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x240b2)
What You Expected?
Return rows as expect instead of crush.
How to Reproduce?
Type query statement below to Doris. select /*+ SET_VAR(query_timeout = 600) */ ref_0.O_ORDERKEY as c0, coalesce(43, ref_0.O_CUSTKEY) as c1, ref_0.O_ORDERKEY as c2, ref_0.O_ORDERSTATUS as c3 from regression_test_tpch_sf1_p1.orders as ref_0 where find_in_set( cast(ref_0.O_COMMENT as varchar), cast(BITMAP_TO_STRING( cast(BITMAP_EMPTY() as bitmap)) as varchar)) is NULL order by ref_0.O_ORDERSTATUSdesc limit 63 offset 171
Search before asking
Version
Master compiled with asan.
It might occur in previous version which enables VectorizedEngine(Not verified).
What's Wrong?
==1863897==ERROR: AddressSanitizer: global-buffer-overflow on address 0x5610761efac0 at pc 0x56107fd1da64 bp 0x7f9a52341ad0 sp 0x7f9a52341ac0
READ of size 1 at 0x5610761efac0 thread T70 (_scanner_scan)
#0 0x56107fd1da63 in doris::vectorized::FindInSetOp::execute(std::basic_string_view<char, std::char_traits > const&, std::basic_string_view<char, std::char_traits > const&, int&) /home/zcp/repo_center/doris_master/be/src/vec/functions/function_string.cpp:154
#1 0x56107fdb57ef in doris::vectorized::StringFunctionImpl<doris::vectorized::DataTypeString, doris::vectorized::DataTypeString, doris::vectorized::FindInSetOp>::vector_vector(doris::vectorized::PODArray<unsigned char, 4096ul, Allocator<false, false>, 15ul, 16ul> const&, doris::vectorized::PODArray<unsigned int, 4096ul, Allocator<false, false>, 15ul, 16ul> const&, doris::vectorized::PODArray<unsigned char, 4096ul, Allocator<false, false>, 15ul, 16ul> const&, doris::vectorized::PODArray<unsigned int, 4096ul, Allocator<false, false>, 15ul, 16ul> const&, doris::vectorized::PODArray<int, 4096ul, Allocator<false, false>, 15ul, 16ul>&) /home/zcp/repo_center/doris_master/be/src/vec/functions/function_string.cpp:233
#2 0x56107fdaeeac in doris::Status doris::vectorized::FunctionBinaryToType<doris::vectorized::DataTypeString, doris::vectorized::DataTypeString, doris::vectorized::StringFindInSetImpl, doris::vectorized::NameFindInSet>::execute_inner_impl<doris::vectorized::DataTypeNumber, (doris::vectorized::DataTypeNumber)0>(doris::vectorized::ColumnWithTypeAndName const&, doris::vectorized::ColumnWithTypeAndName const&, doris::vectorized::Block&, std::vector<unsigned long, std::allocator > const&, unsigned long) /home/zcp/repo_center/doris_master/be/src/vec/functions/function_totype.h:236
#3 0x56107fda3671 in doris::vectorized::FunctionBinaryToType<doris::vectorized::DataTypeString, doris::vectorized::DataTypeString, doris::vectorized::StringFindInSetImpl, doris::vectorized::NameFindInSet>::execute_impl(doris_udf::FunctionContext, doris::vectorized::Block&, std::vector<unsigned long, std::allocator > const&, unsigned long, unsigned long) /home/zcp/repo_center/doris_master/be/src/vec/functions/function_totype.h:215
#4 0x56107e7fea5c in doris::vectorized::DefaultExecutable::execute_impl(doris_udf::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned long, std::allocator > const&, unsigned long, unsigned long) /home/zcp/repo_center/doris_master/be/src/vec/functions/function.h:465
#5 0x56107f920d9a in doris::vectorized::PreparedFunctionImpl::execute_without_low_cardinality_columns(doris_udf::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned long, std::allocator > const&, unsigned long, unsigned long, bool) /home/zcp/repo_center/doris_master/be/src/vec/functions/function.cpp:251
#6 0x56107f920f19 in doris::vectorized::PreparedFunctionImpl::execute(doris_udf::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned long, std::allocator > const&, unsigned long, unsigned long, bool) /home/zcp/repo_center/doris_master/be/src/vec/functions/function.cpp:273
#7 0x56107e7fb5ca in doris::vectorized::IFunctionBase::execute(doris_udf::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned long, std::allocator > const&, unsigned long, unsigned long, bool) /home/zcp/repo_center/doris_master/be/src/vec/functions/function.h:136
#8 0x56107e7244e4 in doris::vectorized::VectorizedFnCall::execute(doris::vectorized::VExprContext*, doris::vectorized::Block*, int*) /home/zcp/repo_center/doris_master/be/src/vec/exprs/vectorized_fn_call.cpp:96
#9 0x56107e72410d in doris::vectorized::VectorizedFnCall::execute(doris::vectorized::VExprContext*, doris::vectorized::Block*, int*) /home/zcp/repo_center/doris_master/be/src/vec/exprs/vectorized_fn_call.cpp:89
#10 0x56107e72410d in doris::vectorized::VectorizedFnCall::execute(doris::vectorized::VExprContext*, doris::vectorized::Block*, int*) /home/zcp/repo_center/doris_master/be/src/vec/exprs/vectorized_fn_call.cpp:89
#11 0x56107e746651 in doris::vectorized::VExprContext::execute(doris::vectorized::Block*, int*) /home/zcp/repo_center/doris_master/be/src/vec/exprs/vexpr_context.cpp:43
#12 0x56107e74844f in doris::vectorized::VExprContext::filter_block(doris::vectorized::VExprContext*, doris::vectorized::Block*, int) /home/zcp/repo_center/doris_master/be/src/vec/exprs/vexpr_context.cpp:121
#13 0x561082a5dbec in doris::vectorized::VScanner::_filter_output_block(doris::vectorized::Block*) /home/zcp/repo_center/doris_master/be/src/vec/exec/scan/vscanner.cpp:121
#14 0x561082a5ca36 in doris::vectorized::VScanner::get_block(doris::RuntimeState*, doris::vectorized::Block*, bool*) /home/zcp/repo_center/doris_master/be/src/vec/exec/scan/vscanner.cpp:80
#15 0x561082a38fbd in doris::vectorized::ScannerScheduler::_scanner_scan(doris::vectorized::ScannerScheduler*, doris::vectorized::ScannerContext*, doris::vectorized::VScanner*) /home/zcp/repo_center/doris_master/be/src/vec/exec/scan/scanner_scheduler.cpp:224
#16 0x561082a36d26 in operator() /home/zcp/repo_center/doris_master/be/src/vec/exec/scan/scanner_scheduler.cpp:127
#17 0x561082a3b15d in __invoke_impl<void, doris::vectorized::ScannerScheduler::_schedule_scanners(doris::vectorized::ScannerContext*)::<lambda()>&> /var/local/ldb_toolchain/include/c++/11/bits/invoke.h:61
#18 0x561082a3add5 in __invoke_r<void, doris::vectorized::ScannerScheduler::_schedule_scanners(doris::vectorized::ScannerContext*)::<lambda()>&> /var/local/ldb_toolchain/include/c++/11/bits/invoke.h:111
#19 0x561082a3a842 in _M_invoke /var/local/ldb_toolchain/include/c++/11/bits/std_function.h:291
#20 0x56107ad96b91 in std::function<void ()>::operator()() const /var/local/ldb_toolchain/include/c++/11/bits/std_function.h:560
#21 0x56107b833437 in doris::FunctionRunnable::run() /home/zcp/repo_center/doris_master/be/src/util/threadpool.cpp:45
#22 0x56107b82e77f in doris::ThreadPool::dispatch_thread() /home/zcp/repo_center/doris_master/be/src/util/threadpool.cpp:540
#23 0x56107b84fa9b in void std::_invoke_impl<void, void (doris::ThreadPool::&)(), doris::ThreadPool&>(std::_invoke_memfun_deref, void (doris::ThreadPool::&)(), doris::ThreadPool&) /var/local/ldb_toolchain/include/c++/11/bits/invoke.h:74
#24 0x56107b84f33a in std::_invoke_result<void (doris::ThreadPool::&)(), doris::ThreadPool&>::type std::_invoke<void (doris::ThreadPool::&)(), doris::ThreadPool&>(void (doris::ThreadPool::&)(), doris::ThreadPool&) /var/local/ldb_toolchain/include/c++/11/bits/invoke.h:96
#25 0x56107b84e6d9 in void std::Bind<void (doris::ThreadPool::(doris::ThreadPool))()>::_call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) /var/local/ldb_toolchain/include/c++/11/functional:420
#26 0x56107b84d1ea in void std::_Bind<void (doris::ThreadPool::(doris::ThreadPool))()>::operator()<, void>() /var/local/ldb_toolchain/include/c++/11/functional:503
#27 0x56107b849ddb in void std::_invoke_impl<void, std::_Bind<void (doris::ThreadPool::(doris::ThreadPool))()>&>(std::_invoke_other, std::_Bind<void (doris::ThreadPool::(doris::ThreadPool))()>&) /var/local/ldb_toolchain/include/c++/11/bits/invoke.h:61
#28 0x56107b847349 in std::enable_if<is_invocable_r_v<void, std::Bind<void (doris::ThreadPool::(doris::ThreadPool))()>&>, void>::type std::_invoke_r<void, std::_Bind<void (doris::ThreadPool::(doris::ThreadPool))()>&>(std::_Bind<void (doris::ThreadPool::(doris::ThreadPool))()>&) /var/local/ldb_toolchain/include/c++/11/bits/invoke.h:111
#29 0x56107b84264c in std::_Function_handler<void (), std::_Bind<void (doris::ThreadPool::(doris::ThreadPool))()> >::_M_invoke(std::_Any_data const&) /var/local/ldb_toolchain/include/c++/11/bits/std_function.h:291
#30 0x56107ad96b91 in std::function<void ()>::operator()() const /var/local/ldb_toolchain/include/c++/11/bits/std_function.h:560
#31 0x56107b80e2d1 in doris::Thread::supervise_thread(void*) /home/zcp/repo_center/doris_master/be/src/util/thread.cpp:425
#32 0x7f9a796a7608 in start_thread /build/glibc-sMfBJT/glibc-2.31/nptl/pthread_create.c:477
#33 0x7f9a797e1162 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f162)
0x5610761efac0 is located 0 bytes to the right of global variable 'empty_pod_array' defined in '/home/zcp/repo_center/doris_master/be/src/vec/common/pod_array.cpp:25:12' (0x5610761ef6c0) of size 1024
SUMMARY: AddressSanitizer: global-buffer-overflow /home/zcp/repo_center/doris_master/be/src/vec/functions/function_string.cpp:154 in doris::vectorized::FindInSetOp::execute(std::basic_string_view<char, std::char_traits > const&, std::basic_string_view<char, std::char_traits > const&, int&)
Shadow bytes around the buggy address:
0x0ac28ec35f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac28ec35f10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac28ec35f20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac28ec35f30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac28ec35f40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ac28ec35f50: 00 00 00 00 00 00 00 00[f9]f9 f9 f9 00 00 00 00
0x0ac28ec35f60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac28ec35f70: 00 00 00 00 00 00 00 00 00 00 00 00 03 f9 f9 f9
0x0ac28ec35f80: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac28ec35f90: 00 01 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x0ac28ec35fa0: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
Thread T70 (_scanner_scan) created by T0 here:
Thread T70 (_scanner_scan) created by T0 here:
#0 0x561078bd0061 in pthread_create (/mnt/ssd01/doris-master/VEC_ASAN/be/lib/doris_be+0xbdd2061)
#1 0x56107b80d629 in doris::Thread::start_thread(std::_cxx11::basic_string<char, std::char_traits, std::allocator > const&, std::_cxx11::basic_string<char, std::char_traits, std::allocator > const&, std::function<void ()> const&, unsigned long, scoped_refptrdoris::Thread) /home/zcp/repo_center/doris_master/be/src/util/thread.cpp:379
#2 0x56107b837ca3 in doris::Status doris::Thread::create<void (doris::ThreadPool::)(), doris::ThreadPool>(std::_cxx11::basic_string<char, std::char_traits, std::allocator > const&, std::_cxx11::basic_string<char, std::char_traits, std::allocator > const&, void (doris::ThreadPool:: const&)(), doris::ThreadPool* const&, scoped_refptrdoris::Thread) /home/zcp/repo_center/doris_master/be/src/util/thread.h:54
#3 0x56107b82ffc6 in doris::ThreadPool::create_thread() /home/zcp/repo_center/doris_master/be/src/util/threadpool.cpp:609
#4 0x56107b829ae0 in doris::ThreadPool::init() /home/zcp/repo_center/doris_master/be/src/util/threadpool.cpp:266
#5 0x56107b82638c in doris::ThreadPoolBuilder::build(std::unique_ptr<doris::ThreadPool, std::default_deletedoris::ThreadPool >) const /home/zcp/repo_center/doris_master/be/src/util/threadpool.cpp:77
#6 0x56107ad774bd in doris::ExecEnv::_init(std::vector<doris::StorePath, std::allocatordoris::StorePath > const&) /home/zcp/repo_center/doris_master/be/src/runtime/exec_env_init.cpp:126
#7 0x56107ad7667d in doris::ExecEnv::init(doris::ExecEnv*, std::vector<doris::StorePath, std::allocatordoris::StorePath > const&) /home/zcp/repo_center/doris_master/be/src/runtime/exec_env_init.cpp:81
#8 0x561078c7c982 in main /home/zcp/repo_center/doris_master/be/src/service/doris_main.cpp:383
#9 0x7f9a796e60b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x240b2)
What You Expected?
Return rows as expect instead of crush.
How to Reproduce?
Type query statement below to Doris.
select /*+ SET_VAR(query_timeout = 600) */ ref_0.
O_ORDERKEYas c0, coalesce(43, ref_0.
O_CUSTKEY) as c1, ref_0.
O_ORDERKEYas c2, ref_0.
O_ORDERSTATUSas c3 from regression_test_tpch_sf1_p1.orders as ref_0 where find_in_set( cast(ref_0.
O_COMMENTas varchar), cast(BITMAP_TO_STRING( cast(BITMAP_EMPTY() as bitmap)) as varchar)) is NULL order by ref_0.
O_ORDERSTATUSdesc limit 63 offset 171
Anything Else?
No response
Are you willing to submit PR?
Code of Conduct
The text was updated successfully, but these errors were encountered: