Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MemorySanitizer: allocation size is too big #60352

Open
serxa opened this issue Feb 23, 2024 · 2 comments
Open

MemorySanitizer: allocation size is too big #60352

serxa opened this issue Feb 23, 2024 · 2 comments
Assignees
@alekar
Labels
fuzz Problem found by one of the fuzzers invalid

Comments

@serxa
Copy link
Member

serxa commented Feb 23, 2024

https://s3.amazonaws.com/clickhouse-test-reports/59507/69c5fae1bcb763cbf7ee332eaacc82e49d6f36d0/ast_fuzzer__msan_.html

==234==ERROR: MemorySanitizer: requested allocation size 0x400000078 exceeds maximum supported size of 0x200000000
2024.02.21 17:44:17.551231 [ 800 ] {} <Trace> system.query_log_sender.DistributedInsertQueue.default: Finished processing `/workspace/db/store/3f2/3f237fcb-f3fe-4afc-9603-564b31338fd5/shard1_replica1/8.bin` (took 582 ms)
2024.02.21 17:44:17.551378 [ 800 ] {} <Trace> system.query_log_sender.DistributedInsertQueue.default/Bg: Execution took 582 ms.
2024.02.21 17:44:18.000257 [ 907 ] {} <Trace> AsynchronousMetrics: MemoryTracking: was 17.60 GiB, peak 17.60 GiB, free memory in arenas 0.00 B, will set to 1.40 GiB (RSS), difference: -16.20 GiB
    #0 0x55c7c5ab4d42 in malloc (/workspace/clickhouse+0x80c2d42) (BuildId: 565bad6f0a16000bfe064e56ffc6a94634dae954)
    #1 0x55c7ddfd845a in void* (anonymous namespace)::allocNoTrack<false, false>(unsigned long, unsigned long) build_docker/./src/Common/Allocator.cpp:68:19
    #2 0x55c7ddfd845a in Allocator<false, false>::alloc(unsigned long, unsigned long) build_docker/./src/Common/Allocator.cpp:115:18
    #3 0x55c7f73d67e9 in void DB::PODArrayBase<8ul, 4096ul, Allocator<false, false>, 63ul, 64ul>::alloc<>(unsigned long) build_docker/./src/Common/PODArray.h:115:65
    #4 0x55c7f73d67e9 in DB::PODArrayBase<8ul, 4096ul, Allocator<false, false>, 63ul, 64ul>::alloc_for_num_elements(unsigned long) build_docker/./src/Common/PODArray.h:109:9
    #5 0x55c7f73d67e9 in DB::PODArray<unsigned long, 4096ul, Allocator<false, false>, 63ul, 64ul>::PODArray(unsigned long) build_docker/./src/Common/PODArray.h:330:15
    #6 0x55c7f73d67e9 in DB::ColumnVector<unsigned long>::ColumnVector(unsigned long) build_docker/./src/Columns/ColumnVector.h:53:45
    #7 0x55c7fb8a92dc in COW<DB::IColumn>::mutable_ptr<DB::ColumnVector<unsigned long>> COWHelper<DB::ColumnVectorHelper, DB::ColumnVector<unsigned long>>::create<unsigned long&>(unsigned long&) build_docker/./src/Common/COW.h:284:71
    #8 0x55c7fb8a92dc in DB::(anonymous namespace)::NumbersSource::generate() build_docker/./src/Processors/QueryPlan/ReadFromSystemNumbersStep.cpp:41:23
    #9 0x55c7fa67f57b in DB::ISource::tryGenerate() build_docker/./src/Processors/ISource.cpp:139:18
    #10 0x55c7fa67ed0b in DB::ISource::work() build_docker/./src/Processors/ISource.cpp:108:26
    #11 0x55c7fa6e17f6 in DB::executeJob(DB::ExecutingGraph::Node*, DB::ReadProgressCallback*) build_docker/./src/Processors/Executors/ExecutionThreadContext.cpp:47:26
    #12 0x55c7fa6e17f6 in DB::ExecutionThreadContext::executeTask() build_docker/./src/Processors/Executors/ExecutionThreadContext.cpp:95:9
    #13 0x55c7fa6b6650 in DB::PipelineExecutor::executeStepImpl(unsigned long, std::__1::atomic<bool>*) build_docker/./src/Processors/Executors/PipelineExecutor.cpp:273:26
    #14 0x55c7fa6b6650 in DB::PipelineExecutor::executeSingleThread(unsigned long) build_docker/./src/Processors/Executors/PipelineExecutor.cpp:239:5
    #15 0x55c7fa6b20a3 in DB::PipelineExecutor::executeImpl(unsigned long, bool) build_docker/./src/Processors/Executors/PipelineExecutor.cpp:409:9
    #16 0x55c7fa6b1b07 in DB::PipelineExecutor::execute(unsigned long, bool) build_docker/./src/Processors/Executors/PipelineExecutor.cpp:111:9
    #17 0x55c7fa6ed687 in DB::threadFunction(DB::PullingAsyncPipelineExecutor::Data&, std::__1::shared_ptr<DB::ThreadGroup>, unsigned long, bool) build_docker/./src/Processors/Executors/PullingAsyncPipelineExecutor.cpp:84:24
    #18 0x55c7fa6ed687 in DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0::operator()() const build_docker/./src/Processors/Executors/PullingAsyncPipelineExecutor.cpp:112:13
    #19 0x55c7fa6ed687 in decltype(std::declval<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&>()()) std::__1::__invoke[abi:v15000]<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&) build_docker/./contrib/llvm-project/libcxx/include/__functional/invoke.h:394:23
    #20 0x55c7fa6ed687 in decltype(auto) std::__1::__apply_tuple_impl[abi:v15000]<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&, std::__1::tuple<>&>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&, std::__1::tuple<>&, std::__1::__tuple_indices<>) build_docker/./contrib/llvm-project/libcxx/include/tuple:1789:1
    #21 0x55c7fa6ed687 in decltype(auto) std::__1::apply[abi:v15000]<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&, std::__1::tuple<>&>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&, std::__1::tuple<>&) build_docker/./contrib/llvm-project/libcxx/include/tuple:1798:1
    #22 0x55c7fa6ed687 in ThreadFromGlobalPoolImpl<true>::ThreadFromGlobalPoolImpl<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&&)::'lambda'()::operator()() build_docker/./src/Common/ThreadPool.h:223:13
    #23 0x55c7fa6ed687 in decltype(std::declval<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0>()()) std::__1::__invoke[abi:v15000]<ThreadFromGlobalPoolImpl<true>::ThreadFromGlobalPoolImpl<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&&)::'lambda'()&>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&&) build_docker/./contrib/llvm-project/libcxx/include/__functional/invoke.h:394:23
    #24 0x55c7fa6ed687 in void std::__1::__invoke_void_return_wrapper<void, true>::__call<ThreadFromGlobalPoolImpl<true>::ThreadFromGlobalPoolImpl<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&&)::'lambda'()&>(ThreadFromGlobalPoolImpl<true>::ThreadFromGlobalPoolImpl<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&&)::'lambda'()&) build_docker/./contrib/llvm-project/libcxx/include/__functional/invoke.h:479:9
    #25 0x55c7fa6ed687 in std::__1::__function::__default_alloc_func<ThreadFromGlobalPoolImpl<true>::ThreadFromGlobalPoolImpl<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&&)::'lambda'(), void ()>::operator()[abi:v15000]() build_docker/./contrib/llvm-project/libcxx/include/__functional/function.h:235:12
    #26 0x55c7fa6ed687 in void std::__1::__function::__policy_invoker<void ()>::__call_impl<std::__1::__function::__default_alloc_func<ThreadFromGlobalPoolImpl<true>::ThreadFromGlobalPoolImpl<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&&)::'lambda'(), void ()>>(std::__1::__function::__policy_storage const*) build_docker/./contrib/llvm-project/libcxx/include/__functional/function.h:716:16
    #27 0x55c7de2da90a in std::__1::__function::__policy_func<void ()>::operator()[abi:v15000]() const build_docker/./contrib/llvm-project/libcxx/include/__functional/function.h:848:16
    #28 0x55c7de2da90a in std::__1::function<void ()>::operator()() const build_docker/./contrib/llvm-project/libcxx/include/__functional/function.h:1187:12
    #29 0x55c7de2da90a in ThreadPoolImpl<std::__1::thread>::worker(std::__1::__list_iterator<std::__1::thread, void*>) build_docker/./src/Common/ThreadPool.cpp:455:13
    #30 0x55c7de2e72ea in void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, Priority, std::__1::optional<unsigned long>, bool)::'lambda0'()::operator()() const build_docker/./src/Common/ThreadPool.cpp:217:73
    #31 0x55c7de2e72ea in decltype(std::declval<void>()()) std::__1::__invoke[abi:v15000]<void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, Priority, std::__1::optional<unsigned long>, bool)::'lambda0'()>(void&&) build_docker/./contrib/llvm-project/libcxx/include/__functional/invoke.h:394:23
    #32 0x55c7de2e72ea in void std::__1::__thread_execute[abi:v15000]<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, Priority, std::__1::optional<unsigned long>, bool)::'lambda0'()>(std::__1::tuple<void, void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, Priority, std::__1::optional<unsigned long>, bool)::'lambda0'()>&, std::__1::__tuple_indices<>) build_docker/./contrib/llvm-project/libcxx/include/thread:284:5
    #33 0x55c7de2e72ea in void* std::__1::__thread_proxy[abi:v15000]<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, Priority, std::__1::optional<unsigned long>, bool)::'lambda0'()>>(void*) build_docker/./contrib/llvm-project/libcxx/include/thread:295:5
    #34 0x7fd98ac1eac2 in start_thread nptl/pthread_create.c:442:8

==234==HINT: if you don't care about these errors you may set allocator_may_return_null=1
SUMMARY: MemorySanitizer: allocation-size-too-big (/workspace/clickhouse+0x80c2d42) (BuildId: 565bad6f0a16000bfe064e56ffc6a94634dae954) in malloc
Uninitialized bytes in write at offset 0 inside [0x7fd6a7840780, 392)
==234==WARNING: MemorySanitizer: use-of-uninitialized-value
2024.02.21 17:44:18.200827 [ 235 ] {} <Trace> BaseDaemon: Received signal -3
    #0 0x55c7de247fa5 in DB::WriteBufferFromFileDescriptorDiscardOnFailure::nextImpl() build_docker/./src/IO/WriteBufferFromFileDescriptorDiscardOnFailure.cpp:16:23
    #1 0x55c7dea33709 in DB::WriteBuffer::next() build_docker/./src/IO/WriteBuffer.h:53:13
    #2 0x55c7dea2bc98 in sanitizerDeathCallback() build_docker/./src/Daemon/BaseDaemon.cpp:568:9
    #3 0x55c7c5a941d5 in __sanitizer::Die() crtstuff.c
    #4 0x55c7c5a96b4b in __sanitizer::ReportAllocationSizeTooBig(unsigned long, unsigned long, __sanitizer::StackTrace const*) crtstuff.c
    #5 0x55c7c5aa7495 in __msan::MsanAllocate(__sanitizer::StackTrace*, unsigned long, unsigned long, bool) crtstuff.c
    #6 0x55c7c5aa7285 in __msan::msan_malloc(unsigned long, __sanitizer::StackTrace*) crtstuff.c
    #7 0x55c7c5ab4db0 in malloc (/workspace/clickhouse+0x80c2db0) (BuildId: 565bad6f0a16000bfe064e56ffc6a94634dae954)
    #8 0x55c7ddfd845a in void* (anonymous namespace)::allocNoTrack<false, false>(unsigned long, unsigned long) build_docker/./src/Common/Allocator.cpp:68:19
    #9 0x55c7ddfd845a in Allocator<false, false>::alloc(unsigned long, unsigned long) build_docker/./src/Common/Allocator.cpp:115:18
    #10 0x55c7f73d67e9 in void DB::PODArrayBase<8ul, 4096ul, Allocator<false, false>, 63ul, 64ul>::alloc<>(unsigned long) build_docker/./src/Common/PODArray.h:115:65
    #11 0x55c7f73d67e9 in DB::PODArrayBase<8ul, 4096ul, Allocator<false, false>, 63ul, 64ul>::alloc_for_num_elements(unsigned long) build_docker/./src/Common/PODArray.h:109:9
    #12 0x55c7f73d67e9 in DB::PODArray<unsigned long, 4096ul, Allocator<false, false>, 63ul, 64ul>::PODArray(unsigned long) build_docker/./src/Common/PODArray.h:330:15
    #13 0x55c7f73d67e9 in DB::ColumnVector<unsigned long>::ColumnVector(unsigned long) build_docker/./src/Columns/ColumnVector.h:53:45
    #14 0x55c7fb8a92dc in COW<DB::IColumn>::mutable_ptr<DB::ColumnVector<unsigned long>> COWHelper<DB::ColumnVectorHelper, DB::ColumnVector<unsigned long>>::create<unsigned long&>(unsigned long&) build_docker/./src/Common/COW.h:284:71
    #15 0x55c7fb8a92dc in DB::(anonymous namespace)::NumbersSource::generate() build_docker/./src/Processors/QueryPlan/ReadFromSystemNumbersStep.cpp:41:23
    #16 0x55c7fa67f57b in DB::ISource::tryGenerate() build_docker/./src/Processors/ISource.cpp:139:18
    #17 0x55c7fa67ed0b in DB::ISource::work() build_docker/./src/Processors/ISource.cpp:108:26
    #18 0x55c7fa6e17f6 in DB::executeJob(DB::ExecutingGraph::Node*, DB::ReadProgressCallback*) build_docker/./src/Processors/Executors/ExecutionThreadContext.cpp:47:26
    #19 0x55c7fa6e17f6 in DB::ExecutionThreadContext::executeTask() build_docker/./src/Processors/Executors/ExecutionThreadContext.cpp:95:9
    #20 0x55c7fa6b6650 in DB::PipelineExecutor::executeStepImpl(unsigned long, std::__1::atomic<bool>*) build_docker/./src/Processors/Executors/PipelineExecutor.cpp:273:26
    #21 0x55c7fa6b6650 in DB::PipelineExecutor::executeSingleThread(unsigned long) build_docker/./src/Processors/Executors/PipelineExecutor.cpp:239:5
    #22 0x55c7fa6b20a3 in DB::PipelineExecutor::executeImpl(unsigned long, bool) build_docker/./src/Processors/Executors/PipelineExecutor.cpp:409:9
    #23 0x55c7fa6b1b07 in DB::PipelineExecutor::execute(unsigned long, bool) build_docker/./src/Processors/Executors/PipelineExecutor.cpp:111:9
    #24 0x55c7fa6ed687 in DB::threadFunction(DB::PullingAsyncPipelineExecutor::Data&, std::__1::shared_ptr<DB::ThreadGroup>, unsigned long, bool) build_docker/./src/Processors/Executors/PullingAsyncPipelineExecutor.cpp:84:24
    #25 0x55c7fa6ed687 in DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0::operator()() const build_docker/./src/Processors/Executors/PullingAsyncPipelineExecutor.cpp:112:13
    #26 0x55c7fa6ed687 in decltype(std::declval<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&>()()) std::__1::__invoke[abi:v15000]<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&) build_docker/./contrib/llvm-project/libcxx/include/__functional/invoke.h:394:23
    #27 0x55c7fa6ed687 in decltype(auto) std::__1::__apply_tuple_impl[abi:v15000]<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&, std::__1::tuple<>&>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&, std::__1::tuple<>&, std::__1::__tuple_indices<>) build_docker/./contrib/llvm-project/libcxx/include/tuple:1789:1
    #28 0x55c7fa6ed687 in decltype(auto) std::__1::apply[abi:v15000]<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&, std::__1::tuple<>&>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&, std::__1::tuple<>&) build_docker/./contrib/llvm-project/libcxx/include/tuple:1798:1
    #29 0x55c7fa6ed687 in ThreadFromGlobalPoolImpl<true>::ThreadFromGlobalPoolImpl<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&&)::'lambda'()::operator()() build_docker/./src/Common/ThreadPool.h:223:13
    #30 0x55c7fa6ed687 in decltype(std::declval<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0>()()) std::__1::__invoke[abi:v15000]<ThreadFromGlobalPoolImpl<true>::ThreadFromGlobalPoolImpl<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&&)::'lambda'()&>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&&) build_docker/./contrib/llvm-project/libcxx/include/__functional/invoke.h:394:23
    #31 0x55c7fa6ed687 in void std::__1::__invoke_void_return_wrapper<void, true>::__call<ThreadFromGlobalPoolImpl<true>::ThreadFromGlobalPoolImpl<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&&)::'lambda'()&>(ThreadFromGlobalPoolImpl<true>::ThreadFromGlobalPoolImpl<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&&)::'lambda'()&) build_docker/./contrib/llvm-project/libcxx/include/__functional/invoke.h:479:9
    #32 0x55c7fa6ed687 in std::__1::__function::__default_alloc_func<ThreadFromGlobalPoolImpl<true>::ThreadFromGlobalPoolImpl<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&&)::'lambda'(), void ()>::operator()[abi:v15000]() build_docker/./contrib/llvm-project/libcxx/include/__functional/function.h:235:12
    #33 0x55c7fa6ed687 in void std::__1::__function::__policy_invoker<void ()>::__call_impl<std::__1::__function::__default_alloc_func<ThreadFromGlobalPoolImpl<true>::ThreadFromGlobalPoolImpl<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&&)::'lambda'(), void ()>>(std::__1::__function::__policy_storage const*) build_docker/./contrib/llvm-project/libcxx/include/__functional/function.h:716:16
    #34 0x55c7de2da90a in std::__1::__function::__policy_func<void ()>::operator()[abi:v15000]() const build_docker/./contrib/llvm-project/libcxx/include/__functional/function.h:848:16
    #35 0x55c7de2da90a in std::__1::function<void ()>::operator()() const build_docker/./contrib/llvm-project/libcxx/include/__functional/function.h:1187:12
    #36 0x55c7de2da90a in ThreadPoolImpl<std::__1::thread>::worker(std::__1::__list_iterator<std::__1::thread, void*>) build_docker/./src/Common/ThreadPool.cpp:455:13
    #37 0x55c7de2e72ea in void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, Priority, std::__1::optional<unsigned long>, bool)::'lambda0'()::operator()() const build_docker/./src/Common/ThreadPool.cpp:217:73
    #38 0x55c7de2e72ea in decltype(std::declval<void>()()) std::__1::__invoke[abi:v15000]<void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, Priority, std::__1::optional<unsigned long>, bool)::'lambda0'()>(void&&) build_docker/./contrib/llvm-project/libcxx/include/__functional/invoke.h:394:23
    #39 0x55c7de2e72ea in void std::__1::__thread_execute[abi:v15000]<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, Priority, std::__1::optional<unsigned long>, bool)::'lambda0'()>(std::__1::tuple<void, void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, Priority, std::__1::optional<unsigned long>, bool)::'lambda0'()>&, std::__1::__tuple_indices<>) build_docker/./contrib/llvm-project/libcxx/include/thread:284:5
    #40 0x55c7de2e72ea in void* std::__1::__thread_proxy[abi:v15000]<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, Priority, std::__1::optional<unsigned long>, bool)::'lambda0'()>>(void*) build_docker/./contrib/llvm-project/libcxx/include/thread:295:5
    #41 0x7fd98ac1eac2 in start_thread nptl/pthread_create.c:442:8
    #42 0x7fd98acb084f  misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

  Uninitialized value was stored to memory at
    #0 0x55c7c5aab80a in __msan_memcpy (/workspace/clickhouse+0x80b980a) (BuildId: 565bad6f0a16000bfe064e56ffc6a94634dae954)
    #1 0x55c7c5b5fdc7 in DB::WriteBuffer::write(char const*, unsigned long) (/workspace/clickhouse+0x816ddc7) (BuildId: 565bad6f0a16000bfe064e56ffc6a94634dae954)
    #2 0x55c7dea33656 in void DB::writePODBinary<int>(int const&, DB::WriteBuffer&) build_docker/./src/IO/WriteHelpers.h:88:9
    #3 0x55c7dea33656 in void DB::writeBinary<int>(int const&, DB::WriteBuffer&) build_docker/./src/IO/WriteHelpers.h:1031:59
    #4 0x55c7dea2bc45 in sanitizerDeathCallback() build_docker/./src/Daemon/BaseDaemon.cpp:563:5
    #5 0x55c7c5a941d5 in __sanitizer::Die() crtstuff.c
    #6 0x55c7ddfd845a in void* (anonymous namespace)::allocNoTrack<false, false>(unsigned long, unsigned long) build_docker/./src/Common/Allocator.cpp:68:19
    #7 0x55c7ddfd845a in Allocator<false, false>::alloc(unsigned long, unsigned long) build_docker/./src/Common/Allocator.cpp:115:18
    #8 0x55c7f73d67e9 in void DB::PODArrayBase<8ul, 4096ul, Allocator<false, false>, 63ul, 64ul>::alloc<>(unsigned long) build_docker/./src/Common/PODArray.h:115:65
    #9 0x55c7f73d67e9 in DB::PODArrayBase<8ul, 4096ul, Allocator<false, false>, 63ul, 64ul>::alloc_for_num_elements(unsigned long) build_docker/./src/Common/PODArray.h:109:9
    #10 0x55c7f73d67e9 in DB::PODArray<unsigned long, 4096ul, Allocator<false, false>, 63ul, 64ul>::PODArray(unsigned long) build_docker/./src/Common/PODArray.h:330:15
    #11 0x55c7f73d67e9 in DB::ColumnVector<unsigned long>::ColumnVector(unsigned long) build_docker/./src/Columns/ColumnVector.h:53:45
    #12 0x55c7fb8a92dc in COW<DB::IColumn>::mutable_ptr<DB::ColumnVector<unsigned long>> COWHelper<DB::ColumnVectorHelper, DB::ColumnVector<unsigned long>>::create<unsigned long&>(unsigned long&) build_docker/./src/Common/COW.h:284:71
    #13 0x55c7fb8a92dc in DB::(anonymous namespace)::NumbersSource::generate() build_docker/./src/Processors/QueryPlan/ReadFromSystemNumbersStep.cpp:41:23
    #14 0x55c7fa67f57b in DB::ISource::tryGenerate() build_docker/./src/Processors/ISource.cpp:139:18
    #15 0x55c7fa67ed0b in DB::ISource::work() build_docker/./src/Processors/ISource.cpp:108:26
    #16 0x55c7fa6e17f6 in DB::executeJob(DB::ExecutingGraph::Node*, DB::ReadProgressCallback*) build_docker/./src/Processors/Executors/ExecutionThreadContext.cpp:47:26
    #17 0x55c7fa6e17f6 in DB::ExecutionThreadContext::executeTask() build_docker/./src/Processors/Executors/ExecutionThreadContext.cpp:95:9
    #18 0x55c7fa6b6650 in DB::PipelineExecutor::executeStepImpl(unsigned long, std::__1::atomic<bool>*) build_docker/./src/Processors/Executors/PipelineExecutor.cpp:273:26
    #19 0x55c7fa6b6650 in DB::PipelineExecutor::executeSingleThread(unsigned long) build_docker/./src/Processors/Executors/PipelineExecutor.cpp:239:5
    #20 0x55c7fa6b20a3 in DB::PipelineExecutor::executeImpl(unsigned long, bool) build_docker/./src/Processors/Executors/PipelineExecutor.cpp:409:9
    #21 0x55c7fa6b1b07 in DB::PipelineExecutor::execute(unsigned long, bool) build_docker/./src/Processors/Executors/PipelineExecutor.cpp:111:9
    #22 0x55c7fa6ed687 in DB::threadFunction(DB::PullingAsyncPipelineExecutor::Data&, std::__1::shared_ptr<DB::ThreadGroup>, unsigned long, bool) build_docker/./src/Processors/Executors/PullingAsyncPipelineExecutor.cpp:84:24
    #23 0x55c7fa6ed687 in DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0::operator()() const build_docker/./src/Processors/Executors/PullingAsyncPipelineExecutor.cpp:112:13
    #24 0x55c7fa6ed687 in decltype(std::declval<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&>()()) std::__1::__invoke[abi:v15000]<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&) build_docker/./contrib/llvm-project/libcxx/include/__functional/invoke.h:394:23
    #25 0x55c7fa6ed687 in decltype(auto) std::__1::__apply_tuple_impl[abi:v15000]<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&, std::__1::tuple<>&>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&, std::__1::tuple<>&, std::__1::__tuple_indices<>) build_docker/./contrib/llvm-project/libcxx/include/tuple:1789:1
    #26 0x55c7fa6ed687 in decltype(auto) std::__1::apply[abi:v15000]<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&, std::__1::tuple<>&>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&, std::__1::tuple<>&) build_docker/./contrib/llvm-project/libcxx/include/tuple:1798:1
    #27 0x55c7fa6ed687 in ThreadFromGlobalPoolImpl<true>::ThreadFromGlobalPoolImpl<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&&)::'lambda'()::operator()() build_docker/./src/Common/ThreadPool.h:223:13
    #28 0x55c7fa6ed687 in decltype(std::declval<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0>()()) std::__1::__invoke[abi:v15000]<ThreadFromGlobalPoolImpl<true>::ThreadFromGlobalPoolImpl<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&&)::'lambda'()&>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&&) build_docker/./contrib/llvm-project/libcxx/include/__functional/invoke.h:394:23
    #29 0x55c7fa6ed687 in void std::__1::__invoke_void_return_wrapper<void, true>::__call<ThreadFromGlobalPoolImpl<true>::ThreadFromGlobalPoolImpl<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&&)::'lambda'()&>(ThreadFromGlobalPoolImpl<true>::ThreadFromGlobalPoolImpl<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&&)::'lambda'()&) build_docker/./contrib/llvm-project/libcxx/include/__functional/invoke.h:479:9
    #30 0x55c7fa6ed687 in std::__1::__function::__default_alloc_func<ThreadFromGlobalPoolImpl<true>::ThreadFromGlobalPoolImpl<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&&)::'lambda'(), void ()>::operator()[abi:v15000]() build_docker/./contrib/llvm-project/libcxx/include/__functional/function.h:235:12
    #31 0x55c7fa6ed687 in void std::__1::__function::__policy_invoker<void ()>::__call_impl<std::__1::__function::__default_alloc_func<ThreadFromGlobalPoolImpl<true>::ThreadFromGlobalPoolImpl<DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0>(DB::PullingAsyncPipelineExecutor::pull(DB::Chunk&, unsigned long)::$_0&&)::'lambda'(), void ()>>(std::__1::__function::__policy_storage const*) build_docker/./contrib/llvm-project/libcxx/include/__functional/function.h:716:16
    #32 0x55c7de2da90a in std::__1::__function::__policy_func<void ()>::operator()[abi:v15000]() const build_docker/./contrib/llvm-project/libcxx/include/__functional/function.h:848:16
    #33 0x55c7de2da90a in std::__1::function<void ()>::operator()() const build_docker/./contrib/llvm-project/libcxx/include/__functional/function.h:1187:12
    #34 0x55c7de2da90a in ThreadPoolImpl<std::__1::thread>::worker(std::__1::__list_iterator<std::__1::thread, void*>) build_docker/./src/Common/ThreadPool.cpp:455:13
    #35 0x55c7de2e72ea in void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, Priority, std::__1::optional<unsigned long>, bool)::'lambda0'()::operator()() const build_docker/./src/Common/ThreadPool.cpp:217:73
    #36 0x55c7de2e72ea in decltype(std::declval<void>()()) std::__1::__invoke[abi:v15000]<void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, Priority, std::__1::optional<unsigned long>, bool)::'lambda0'()>(void&&) build_docker/./contrib/llvm-project/libcxx/include/__functional/invoke.h:394:23
    #37 0x55c7de2e72ea in void std::__1::__thread_execute[abi:v15000]<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, Priority, std::__1::optional<unsigned long>, bool)::'lambda0'()>(std::__1::tuple<void, void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, Priority, std::__1::optional<unsigned long>, bool)::'lambda0'()>&, std::__1::__tuple_indices<>) build_docker/./contrib/llvm-project/libcxx/include/thread:284:5
    #38 0x55c7de2e72ea in void* std::__1::__thread_proxy[abi:v15000]<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, Priority, std::__1::optional<unsigned long>, bool)::'lambda0'()>>(void*) build_docker/./contrib/llvm-project/libcxx/include/thread:295:5
    #39 0x7fd98ac1eac2 in start_thread nptl/pthread_create.c:442:8

  Uninitialized value was created by an allocation of 'agg.tmp249' in the stack frame
    #0 0x55c7de0db0f4 in MemoryTracker::allocImpl(long, bool, MemoryTracker*, double) build_docker/./src/Common/MemoryTracker.cpp:212

SUMMARY: MemorySanitizer: use-of-uninitialized-value build_docker/./src/IO/WriteBufferFromFileDescriptorDiscardOnFailure.cpp:16:23 in DB::WriteBufferFromFileDescriptorDiscardOnFailure::nextImpl()
@serxa serxa added the fuzz Problem found by one of the fuzzers label Feb 23, 2024
@serxa serxa mentioned this issue Feb 23, 2024
Merged
1 task
@Algunenano
Copy link
Member

Algunenano commented Feb 23, 2024
edited 

SELECT 3, repeat('aa', number) FROM numbers(10000.) WHERE toNullable(materialize(2)) SETTINGS max_memory_usage = -0., max_block_size = 2147483647 FORMAT `Null`

Max sanitizer size: 0x200000000 -> 32GB

Either we need to reduce max block size further or raise the max memory allowed in sanitizers.

@alexey-milovidov alexey-milovidov changed the title MemorySanitizer: use-of-uninitialized-value IO/WriteBufferFromFileDescriptorDiscardOnFailure.cpp:16:23 in DB::WriteBufferFromFileDescriptorDiscardOnFailure::nextImpl() MemorySanitizer: allocation size is too big Feb 23, 2024
@azat azat mentioned this issue Mar 12, 2024
Merged
@alekar
Copy link
Member

alekar commented Mar 25, 2024

I'll take this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alekar alekar

Labels
fuzz Problem found by one of the fuzzers invalid
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Algunenano @serxa @alekar @alexey-milovidov