Server throws exception: Logical error: 'Unexpected return type from if. Expected Int64. Got Int128. #70017
Description
Describe what's wrong
Insertion into distributed table causes Segmentation fault
How to reproduce
- Which ClickHouse server version to use:
24.9.1.1(master) - Which interface to use, if it matters:
MySQL Shell - Non-default settings, if any:
<distributed_product_mode>allow</distributed_product_mode>
<allow_experimental_parallel_reading_from_replicas>1</allow_experimental_parallel_reading_from_replicas>
<allow_experimental_inverted_index>1</allow_experimental_inverted_index>
<allow_experimental_full_text_index>1</allow_experimental_full_text_index>
<allow_experimental_join_condition>1</allow_experimental_join_condition>
<allow_experimental_query_deduplication>1</allow_experimental_query_deduplication>-
init database:
init.sql.txt -
Queries to run that lead to an unexpected result
error.sql.txt
clickhouse log:
full log: db_0.log
summary:
2024.09.26 12:59:04.583886 [ 40 ] {mysql:5:f2cea3a1-1a81-4900-b0d3-3cec2dae4dba} <Fatal> : Logical error: 'Unexpected return type from if. Expected Int64. Got Int128. Action:
FUNCTION if(CAST(less(round(__table1.c_or3kcz), __table1.c_j59), 'Nullable(Bool)'_String) :: 10, materialize(c_j59) :: 3, floor(__table1.c_f7nvvq) :: 0) -> if(CAST(less(round(__table1.c_or3kcz), __table1.c_j59), 'Nullable(Bool)'_String), __table1.c_j59, __table1.c_pfnd1iaw) Int64 : 6,
input block structure:CAST(less(round(__table1.c_or3kcz), __table1.c_j59), 'Nullable(Bool)'_String) Nullable(Bool) Nullable(size = 0, UInt8(size = 0), UInt8(size = 0)), materialize(c_j59) UInt64 UInt64(size = 0), floor(__table1.c_f7nvvq) Int32 Int32(size = 0)'.
2024.09.26 12:59:04.609470 [ 40 ] {mysql:5:f2cea3a1-1a81-4900-b0d3-3cec2dae4dba} <Fatal> : Stack trace (when copying this message, always include the lines below):
0. ./contrib/llvm-project/libcxx/include/exception:141: Poco::Exception::Exception(String const&, int) @ 0x00000000271e7f14
1. ./build/./src/Common/Exception.cpp:109: DB::Exception::Exception(DB::Exception::MessageMasked&&, int, bool) @ 0x00000000152997a9
2. DB::Exception::Exception(PreformattedMessage&&, int) @ 0x00000000054e4045
3. DB::Exception::Exception<String, String, String, String, String>(int, FormatStringHelperImpl<std::type_identity<String>::type, std::type_identity<String>::type, std::type_identity<String>::type, std::type_identity<String>::type, std::type_identity<String>::type>, String&&, String&&, String&&, String&&, String&&) @ 0x000000000a72c275
4. ./build/./src/Interpreters/ExpressionActions.cpp:639: DB::ExpressionActions::execute(DB::Block&, unsigned long&, bool, bool) const @ 0x0000000021a32ab8
5. ./build/./src/Interpreters/ExpressionActions.cpp:816: DB::ExpressionActions::execute(DB::Block&, bool, bool) const @ 0x0000000021a3419d
6. ./build/./src/Processors/Transforms/FilterTransform.cpp:77: DB::FilterTransform::FilterTransform(DB::Block const&, std::shared_ptr<DB::ExpressionActions>, String, bool, bool, std::shared_ptr<std::atomic<unsigned long>>) @ 0x00000000263f607e
7. ./contrib/llvm-project/libcxx/include/__memory/construct_at.h:35: DB::FilterTransform* std::construct_at[abi:v15007]<DB::FilterTransform, DB::Block const&, std::shared_ptr<DB::ExpressionActions>&, String&, bool&, bool&, DB::FilterTransform*>(DB::FilterTransform*, DB::Block const&, std::shared_ptr<DB::ExpressionActions>&, String&, bool&, bool&) @ 0x00000000267efe4c
8. ./contrib/llvm-project/libcxx/include/__memory/allocator_traits.h:298: std::shared_ptr<DB::IProcessor> std::__function::__policy_invoker<std::shared_ptr<DB::IProcessor> (DB::Block const&, DB::Pipe::StreamType)>::__call_impl<std::__function::__default_alloc_func<DB::FilterStep::transformPipeline(DB::QueryPipelineBuilder&, DB::BuildQueryPipelineSettings const&)::$_0, std::shared_ptr<DB::IProcessor> (DB::Block const&, DB::Pipe::StreamType)>>(std::__function::__policy_storage const*, DB::Block const&, DB::Pipe::StreamType) @ 0x00000000267ef82f
9. ./contrib/llvm-project/libcxx/include/__functional/function.h:848: ? @ 0x0000000020d72857
10. ./build/./src/QueryPipeline/Pipe.cpp:631: DB::Pipe::addSimpleTransform(std::function<std::shared_ptr<DB::IProcessor> (DB::Block const&, DB::Pipe::StreamType)> const&) @ 0x0000000020d7229d
11. ./build/./src/Processors/QueryPlan/FilterStep.cpp:60: DB::FilterStep::transformPipeline(DB::QueryPipelineBuilder&, DB::BuildQueryPipelineSettings const&) @ 0x00000000267edb35
12. ./build/./src/Processors/QueryPlan/ITransformingStep.cpp:38: DB::ITransformingStep::updatePipeline(std::vector<std::unique_ptr<DB::QueryPipelineBuilder, std::default_delete<DB::QueryPipelineBuilder>>, std::allocator<std::unique_ptr<DB::QueryPipelineBuilder, std::default_delete<DB::QueryPipelineBuilder>>>>, DB::BuildQueryPipelineSettings const&) @ 0x00000000267f3788
13. ./build/./src/Processors/QueryPlan/QueryPlan.cpp:188: DB::QueryPlan::buildQueryPipeline(DB::QueryPlanOptimizationSettings const&, DB::BuildQueryPipelineSettings const&) @ 0x000000002683865e
14. ./build/./src/Interpreters/InterpreterSelectQueryAnalyzer.cpp:252: DB::InterpreterSelectQueryAnalyzer::buildQueryPipeline() @ 0x0000000022748f07
15. ./build/./src/Interpreters/InterpreterSelectQueryAnalyzer.cpp:221: DB::InterpreterSelectQueryAnalyzer::execute() @ 0x0000000022748767
16. ./build/./src/Interpreters/executeQuery.cpp:1314: DB::executeQueryImpl(char const*, char const*, std::shared_ptr<DB::Context>, DB::QueryFlags, DB::QueryProcessingStage::Enum, DB::ReadBuffer*) @ 0x0000000022e0c929
17. ./build/./src/Interpreters/executeQuery.cpp:1613: DB::executeQuery(DB::ReadBuffer&, DB::WriteBuffer&, bool, std::shared_ptr<DB::Context>, std::function<void (DB::QueryResultDetails const&)>, DB::QueryFlags, std::optional<DB::FormatSettings> const&, std::function<void (DB::IOutputFormat&, String const&, std::shared_ptr<DB::Context const> const&, std::optional<DB::FormatSettings> const&)>) @ 0x0000000022e13821
18. ./build/./src/Server/MySQLHandler.cpp:530: DB::MySQLHandler::comQuery(DB::ReadBuffer&, bool) @ 0x0000000025f4738a
19. ./build/./src/Server/MySQLHandler.cpp:295: DB::MySQLHandler::run() @ 0x0000000025f3e91d
20. ./build/./base/poco/Net/src/TCPServerConnection.cpp:43: Poco::Net::TCPServerConnection::start() @ 0x00000000273b452f
21. ./build/./base/poco/Net/src/TCPServerDispatcher.cpp:115: Poco::Net::TCPServerDispatcher::run() @ 0x00000000273b5117
22. ./build/./base/poco/Foundation/src/ThreadPool.cpp:205: Poco::PooledThread::run() @ 0x00000000272c824b
23. ./base/poco/Foundation/src/Thread_POSIX.cpp:335: Poco::ThreadImpl::runnableEntry(void*) @ 0x00000000272c23a8
24. asan_thread_start(void*) @ 0x0000000005499059
25. ? @ 0x00007f28f73ac609
26. ? @ 0x00007f28f763f353
Expected behavior
No crash.
Additional context
docker compose config:
version: '3.8'
services:
clickhouse-01:
image: "my_clickhouse:latest"
user: "101"
container_name: clickhouse-01
hostname: clickhouse-01
networks:
cluster_2S_1R:
ipv4_address: 10.0.7.1
volumes:
- ${PWD}/fs/volumes/clickhouse-01/etc/clickhouse-server/config.d/config.xml:/etc/clickhouse-server/config.d/config.xml
- ${PWD}/fs/volumes/clickhouse-01/etc/clickhouse-server/users.d/users.xml:/etc/clickhouse-server/users.d/users.xml
- ${PWD}/fs/volumes/clickhouse-01/var/log/clickhouse-server:/var/log/clickhouse-server
- /var/cores
depends_on:
- clickhouse-keeper-01
- clickhouse-keeper-02
- clickhouse-keeper-03
# env for ASAN_OPTIONS
environment:
- ASAN_OPTIONS=detect_leaks=0:use_sigaltstack=false
clickhouse-02:
image: "my_clickhouse:latest"
user: "101"
container_name: clickhouse-02
hostname: clickhouse-02
networks:
cluster_2S_1R:
ipv4_address: 10.0.7.2
volumes:
- ${PWD}/fs/volumes/clickhouse-02/etc/clickhouse-server/config.d/config.xml:/etc/clickhouse-server/config.d/config.xml
- ${PWD}/fs/volumes/clickhouse-02/etc/clickhouse-server/users.d/users.xml:/etc/clickhouse-server/users.d/users.xml
- ${PWD}/fs/volumes/clickhouse-02/var/log/clickhouse-server:/var/log/clickhouse-server
depends_on:
- clickhouse-keeper-01
- clickhouse-keeper-02
- clickhouse-keeper-03
environment:
- ASAN_OPTIONS=detect_leaks=0:use_sigaltstack=false
clickhouse-keeper-01:
image: "clickhouse/clickhouse-keeper:${CHKVER:-latest-alpine}"
user: "101"
container_name: clickhouse-keeper-01
hostname: clickhouse-keeper-01
networks:
cluster_2S_1R:
ipv4_address: 10.0.7.5
volumes:
- ${PWD}/fs/volumes/clickhouse-keeper-01/etc/clickhouse-keeper/keeper_config.xml:/etc/clickhouse-keeper/keeper_config.xml
- ${PWD}/fs/volumes/clickhouse-keeper-01/var/log/clickhouse-keeper:/var/log/clickhouse-keeper
# caps for get_mempolicy
cap_add:
- SYS_NICE
clickhouse-keeper-02:
image: "clickhouse/clickhouse-keeper:${CHKVER:-latest-alpine}"
user: "101"
container_name: clickhouse-keeper-02
hostname: clickhouse-keeper-02
networks:
cluster_2S_1R:
ipv4_address: 10.0.7.6
volumes:
- ${PWD}/fs/volumes/clickhouse-keeper-02/etc/clickhouse-keeper/keeper_config.xml:/etc/clickhouse-keeper/keeper_config.xml
# caps for get_mempolicy
cap_add:
- SYS_NICE
clickhouse-keeper-03:
image: "clickhouse/clickhouse-keeper:${CHKVER:-latest-alpine}"
user: "101"
container_name: clickhouse-keeper-03
hostname: clickhouse-keeper-03
networks:
cluster_2S_1R:
ipv4_address: 10.0.7.7
volumes:
- ${PWD}/fs/volumes/clickhouse-keeper-03/etc/clickhouse-keeper/keeper_config.xml:/etc/clickhouse-keeper/keeper_config.xml
# caps for get_mempolicy
cap_add:
- SYS_NICE
networks:
cluster_2S_1R:
driver: bridge
ipam:
config:
- subnet: 10.0.7.0/24
gateway: 10.0.7.254
the my_clickhouse:latest is built by:
FROM clickhouse/clickhouse-server:latest
# replace
COPY ./clickhouse /usr/bin/clickhouseand the binary is built by
CC=clang-18 CXX=clang++-18 \
cmake -B build -S . \
-DCMAKE_BUILD_TYPE=RelWithDebInfo \
-DENABLE_LIBRARIES=OFF \
-DSANITIZE=address
cd build
ninja clickhouse-server clickhouse-client
config.xml
<clickhouse replace="true">
<logger>
<level>debug</level>
<log>/var/log/clickhouse-server/clickhouse-server.log</log>
<errorlog>/var/log/clickhouse-server/clickhouse-server.err.log</errorlog>
<size>1000M</size>
<count>3</count>
</logger>
<display_name>cluster_2S_1R node 1</display_name>
<listen_host>0.0.0.0</listen_host>
<http_port>8123</http_port>
<tcp_port>9000</tcp_port>
<mysql_port>9004</mysql_port>
<postgresql_port>9005</postgresql_port>
<user_directories>
<users_xml>
<path>users.xml</path>
</users_xml>
<local_directory>
<path>/var/lib/clickhouse/access/</path>
</local_directory>
</user_directories>
<distributed_ddl>
<path>/clickhouse/task_queue/ddl</path>
</distributed_ddl>
<remote_servers>
<default>
<shard>
<replica>
<host>clickhouse-01</host>
<port>9000</port>
</replica>
</shard>
<shard>
<replica>
<host>clickhouse-02</host>
<port>9000</port>
</replica>
</shard>
</default>
</remote_servers>
<send_crash_reports>
<enabled>true</enabled>
</send_crash_reports>
<zookeeper>
<node>
<host>clickhouse-keeper-01</host>
<port>9181</port>
</node>
<node>
<host>clickhouse-keeper-02</host>
<port>9181</port>
</node>
<node>
<host>clickhouse-keeper-03</host>
<port>9181</port>
</node>
</zookeeper>
<macros>
<shard>01</shard>
<replica>01</replica>
</macros>
</clickhouse>
users.xml
<?xml version="1.0"?>
<clickhouse replace="true">
<profiles>
<default>
<max_memory_usage>20000000000</max_memory_usage>
<use_uncompressed_cache>0</use_uncompressed_cache>
<load_balancing>in_order</load_balancing>
<log_queries>1</log_queries>
<distributed_product_mode>allow</distributed_product_mode>
<allow_experimental_parallel_reading_from_replicas>1</allow_experimental_parallel_reading_from_replicas>
<allow_experimental_inverted_index>1</allow_experimental_inverted_index>
<allow_experimental_full_text_index>1</allow_experimental_full_text_index>
<allow_experimental_join_condition>1</allow_experimental_join_condition>
<allow_experimental_query_deduplication>1</allow_experimental_query_deduplication>
</default>
</profiles>
<users>
<default>
<access_management>1</access_management>
<profile>default</profile>
<networks>
<ip>::/0</ip>
</networks>
<password></password>
<quota>default</quota>
<access_management>1</access_management>
<named_collection_control>1</named_collection_control>
<show_named_collections>1</show_named_collections>
<show_named_collections_secrets>1</show_named_collections_secrets>
</default>
</users>
<quotas>
<default>
<interval>
<duration>3600</duration>
<queries>0</queries>
<errors>0</errors>
<result_rows>0</result_rows>
<read_rows>0</read_rows>
<execution_time>0</execution_time>
</interval>
</default>
</quotas>
</clickhouse>
about us
We are the BASS team from the School of Cyber Science and Technology at Beihang University. Our main focus is on system software security, operating systems, and program analysis research, as well as the development of automated program testing frameworks for detecting software defects. Using our self-developed database vulnerability testing tool, we have identified the potential above-mentioned vulnerability that may lead to database error.