AddressSanitizer: heap-buffer-overflow SerializationQBit.cpp:424

[kssenii]

Describe the bug

Sometimes found by CI as MemorySanitizer: use-of-uninitialized-value (STID: 5462-41a1) (CI, CIDB), other times as AddressSanitizer (STID: 5015-3fe2) (CI, CIDB)

Error message and/or stacktrace

Error:
ERROR: AddressSanitizer: heap-buffer-overflow on address 0x50c000e3a000 at pc 0xabaa51dc1010 bp 0xffec22ce66c0 sp 0xffec22ce66b8
READ of size 1 at 0x50c000e3a000 thread T720 (QueryPipelineEx)
---
#0 0xabaa51dc100c in void DB::TargetSpecific::Default::untransposeBitPlaneImpl<unsigned long>(char8_t const*, unsigned long*, unsigned long, unsigned long) ci/tmp/build/./src/DataTypes/Serializations/SerializationQBit.cpp:424:1
#1 0xabaa51dc100c in void DB::SerializationQBit::untransposeBitPlane<unsigned long>(char8_t const*, unsigned long*, unsigned long, unsigned long) ci/tmp/build/./src/DataTypes/Serializations/SerializationQBit.cpp:588:12
#2 0xabaa46141870 in COW<DB::IColumn>::immutable_ptr<DB::IColumn> DB::FunctionArrayDistance<DB::L2DistanceTransposed>::executeDistanceCalculation<double, double>(DB::ColumnArray const&, std::__1::vector<DB::ColumnWithTypeAndName, std::__1::allocator<DB::ColumnWithTypeAndName>> const&, unsigned long, unsigned long) const (/repo/ci/tmp/clickhouse+0x1d9b1870) (BuildId: c68a5517958b4767eefe972a9d479a875026c79e)
#3 0xabaa46138f50 in DB::FunctionArrayDistance<DB::L2DistanceTransposed>::executeImpl(std::__1::vector<DB::ColumnWithTypeAndName, std::__1::allocator<DB::ColumnWithTypeAndName>> const&, std::__1::shared_ptr<DB::IDataType const> const&, unsigned long) const (/repo/ci/tmp/clickhouse+0x1d9a8f50) (BuildId: c68a5517958b4767eefe972a9d479a875026c79e)
#4 0xabaa4613ae24 in DB::FunctionArrayDistance<DB::L2DistanceTransposed>::executeWithQBitColumnConverted(std::__1::vector<DB::ColumnWithTypeAndName, std::__1::allocator<DB::ColumnWithTypeAndName>> const&, unsigned long) const (/repo/ci/tmp/clickhouse+0x1d9aae24) (BuildId: c68a5517958b4767eefe972a9d479a875026c79e)
#5 0xabaa46138b08 in DB::FunctionArrayDistance<DB::L2DistanceTransposed>::executeImpl(std::__1::vector<DB::ColumnWithTypeAndName, std::__1::allocator<DB::ColumnWithTypeAndName>> const&, std::__1::shared_ptr<DB::IDataType const> const&, unsigned long) const (/repo/ci/tmp/clickhouse+0x1d9a8b08) (BuildId: c68a5517958b4767eefe972a9d479a875026c79e)
#6 0xabaa4f38e180 in DB::IExecutableFunction::executeWithoutLowCardinalityColumns(std::__1::vector<DB::ColumnWithTypeAndName, std::__1::allocator<DB::ColumnWithTypeAndName>> const&, std::__1::shared_ptr<DB::IDataType const> const&, unsigned long, bool) const (/repo/ci/tmp/clickhouse+0x26bfe180) (BuildId: c68a5517958b4767eefe972a9d479a875026c79e)
#7 0xabaa4f3907d8 in DB::IExecutableFunction::executeWithoutSparseColumns(std::__1::vector<DB::ColumnWithTypeAndName, std::__1::allocator<DB::ColumnWithTypeAndName>> const&, std::__1::shared_ptr<DB::IDataType const> const&, unsigned long, bool) const (/repo/ci/tmp/clickhouse+0x26c007d8) (BuildId: c68a5517958b4767eefe972a9d479a875026c79e)
#8 0xabaa4f3932c8 in DB::IExecutableFunction::executeWithoutReplicatedColumns(std::__1::vector<DB::ColumnWithTypeAndName, std::__1::allocator<DB::ColumnWithTypeAndName>> const&, std::__1::shared_ptr<DB::IDataType const> const&, unsigned long, bool) const (/repo/ci/tmp/clickhouse+0x26c032c8) (BuildId: c68a5517958b4767eefe972a9d479a875026c79e)
#9 0xabaa4f39267c in DB::IExecutableFunction::execute(std::__1::vector<DB::ColumnWithTypeAndName, std::__1::allocator<DB::ColumnWithTypeAndName>> const&, std::__1::shared_ptr<DB::IDataType const> const&, unsigned long, bool) const (/repo/ci/tmp/clickhouse+0x26c0267c) (BuildId: c68a5517958b4767eefe972a9d479a875026c79e)
#10 0xabaa53cc6710 in DB::executeAction(DB::ExpressionActions::Action const&, DB::(anonymous namespace)::ExecutionContext&, bool, bool, bool) ci/tmp/build/./src/Interpreters/ExpressionActions.cpp:693:60
#11 0xabaa53cc6710 in DB::ExpressionActions::execute(DB::Block&, unsigned long&, bool, bool) const ci/tmp/build/./src/Interpreters/ExpressionActions.cpp:836:13
#12 0xabaa5c773ca8 in DB::FilterTransform::doTransform(DB::Chunk&) ci/tmp/build/./src/Processors/Transforms/FilterTransform.cpp:162:25
#13 0xabaa5c7739b0 in DB::FilterTransform::transform(DB::Chunk&) ci/tmp/build/./src/Processors/Transforms/FilterTransform.cpp:146:5
#14 0xabaa4bdd8e7c in DB::ISimpleTransform::transform(DB::Chunk&, DB::Chunk&) ci/tmp/build/./src/Processors/ISimpleTransform.h:33:9
#15 0xabaa5c1a943c in DB::ISimpleTransform::work() ci/tmp/build/./src/Processors/ISimpleTransform.cpp:98:9
#16 0xabaa5c1e4f0c in DB::executeJob(DB::ExecutingGraph::Node*, DB::ReadProgressCallback*) ci/tmp/build/./src/Processors/Executors/ExecutionThreadContext.cpp:53:26
#17 0xabaa5c1e4f0c in DB::ExecutionThreadContext::executeTask() ci/tmp/build/./src/Processors/Executors/ExecutionThreadContext.cpp:102:9
#18 0xabaa5c1c9bfc in DB::PipelineExecutor::executeStepImpl(unsigned long, DB::IAcquiredSlot*, std::__1::atomic<bool>*) ci/tmp/build/./src/Processors/Executors/PipelineExecutor.cpp:351:26
#19 0xabaa5c1cc328 in DB::PipelineExecutor::executeSingleThread(unsigned long, DB::IAcquiredSlot*) ci/tmp/build/./src/Processors/Executors/PipelineExecutor.cpp:279:5
#20 0xabaa5c1cc328 in DB::PipelineExecutor::spawnThreads(std::__1::shared_ptr<DB::IAcquiredSlot>)::$_0::operator()() const ci/tmp/build/./src/Processors/Executors/PipelineExecutor.cpp:565:17
#21 0xabaa5c1cc328 in decltype(std::declval<DB::PipelineExecutor::spawnThreads(std::__1::shared_ptr<DB::IAcquiredSlot>)::$_0&>()()) std::__1::__invoke[abi:ne210105]<DB::PipelineExecutor::spawnThreads(std::__1::shared_ptr<DB::IAcquiredSlot>)::$_0&>(DB::PipelineExecutor::spawnThreads(std::__1::shared_ptr<DB::IAcquiredSlot>)::$_0&) ci/tmp/build/./contrib/llvm-project/libcxx/include/__type_traits/invoke.h:249:25
#22 0xabaa5c1cc328 in void std::__1::__invoke_void_return_wrapper<void, true>::__call[abi:ne210105]<DB::PipelineExecutor::spawnThreads(std::__1::shared_ptr<DB::IAcquiredSlot>)::$_0&>(DB::PipelineExecutor::spawnThreads(std::__1::shared_ptr<DB::IAcquiredSlot>)::$_0&) ci/tmp/build/./contrib/llvm-project/libcxx/include/__type_traits/invoke.h:342:5
#23 0xabaa5c1cc328 in void std::__1::__invoke_r[abi:ne210105]<void, DB::PipelineExecutor::spawnThreads(std::__1::shared_ptr<DB::IAcquiredSlot>)::$_0&>(DB::PipelineExecutor::spawnThreads(std::__1::shared_ptr<DB::IAcquiredSlot>)::$_0&) ci/tmp/build/./contrib/llvm-project/libcxx/include/__type_traits/invoke.h:348:10
#24 0xabaa5c1cc328 in void std::__1::__function::__policy_func<void ()>::__call_func[abi:ne210105]<DB::PipelineExecutor::spawnThreads(std::__1::shared_ptr<DB::IAcquiredSlot>)::$_0>(std::__1::__function::__policy_storage const*) ci/tmp/build/./contrib/llvm-project/libcxx/include/__functional/function.h:450:12
#25 0xabaa46a389c0 in std::__1::__function::__policy_func<void ()>::operator()[abi:ne210105]() const ci/tmp/build/./contrib/llvm-project/libcxx/include/__functional/function.h:508:12
#26 0xabaa46a389c0 in std::__1::function<void ()>::operator()() const ci/tmp/build/./contrib/llvm-project/libcxx/include/__functional/function.h:772:10
#27 0xabaa46a389c0 in ThreadPoolImpl<ThreadFromGlobalPoolImpl<false, true>>::ThreadFromThreadPool::worker() ci/tmp/build/./src/Common/ThreadPool.cpp:801:17
#28 0xabaa46a44398 in decltype(*std::declval<ThreadPoolImpl<ThreadFromGlobalPoolImpl<false, true>>::ThreadFromThreadPool*&>().*std::declval<void (ThreadPoolImpl<ThreadFromGlobalPoolImpl<false, true>>::ThreadFromThreadPool::*&)()>()()) std::__1::__invoke[abi:ne210105]<void (ThreadPoolImpl<ThreadFromGlobalPoolImpl<false, true>>::ThreadFromThreadPool::*&)(), ThreadPoolImpl<ThreadFromGlobalPoolImpl<false, true>>::ThreadFromThreadPool*&, void>(void (ThreadPoolImpl<ThreadFromGlobalPoolImpl<false, true>>::ThreadFromThreadPool::*&)(), ThreadPoolImpl<ThreadFromGlobalPoolImpl<false, true>>::ThreadFromThreadPool*&) ci/tmp/build/./contrib/llvm-project/libcxx/include/__type_traits/invoke.h:217:25
#29 0xabaa46a44398 in decltype(auto) std::__1::__apply_tuple_impl[abi:ne210105]<void (ThreadPoolImpl<ThreadFromGlobalPoolImpl<false, true>>::ThreadFromThreadPool::*&)(), std::__1::tuple<ThreadPoolImpl<ThreadFromGlobalPoolImpl<false, true>>::ThreadFromThreadPool*>&, 0ul>(void (ThreadPoolImpl<ThreadFromGlobalPoolImpl<false, true>>::ThreadFromThreadPool::*&)(), std::__1::tuple<ThreadPoolImpl<ThreadFromGlobalPoolImpl<false, true>>::ThreadFromThreadPool*>&, std::__1::__tuple_indices<0ul>) ci/tmp/build/./contrib/llvm-project/libcxx/include/tuple:1380:5
#30 0xabaa46a44398 in decltype(auto) std::__1::apply[abi:ne210105]<void (ThreadPoolImpl<ThreadFromGlobalPoolImpl<false, true>>::ThreadFromThreadPool::*&)(), std::__1::tuple<ThreadPoolImpl<ThreadFromGlobalPoolImpl<false, true>>::ThreadFromThreadPool*>&>(void (ThreadPoolImpl<ThreadFromGlobalPoolImpl<false, true>>::ThreadFromThreadPool::*&)(), std::__1::tuple<ThreadPoolImpl<ThreadFromGlobalPoolImpl<false, true>>::ThreadFromThreadPool*>&) ci/tmp/build/./contrib/llvm-project/libcxx/include/tuple:1384:5
#31 0xabaa46a44398 in ThreadFromGlobalPoolImpl<false, true>::ThreadFromGlobalPoolImpl<void (ThreadPoolImpl<ThreadFromGlobalPoolImpl<false, true>>::ThreadFromThreadPool::*)(), ThreadPoolImpl<ThreadFromGlobalPoolImpl<false, true>>::ThreadFromThreadPool*>(void (ThreadPoolImpl<ThreadFromGlobalPoolImpl<false, true>>::ThreadFromThreadPool::*&&)(), ThreadPoolImpl<ThreadFromGlobalPoolImpl<false, true>>::ThreadFromThreadPool*&&)::'lambda'()::operator()() ci/tmp/build/./src/Common/ThreadPool.h:312:13
#32 0xabaa46a337bc in std::__1::__function::__policy_func<void ()>::operator()[abi:ne210105]() const ci/tmp/build/./contrib/llvm-project/libcxx/include/__functional/function.h:508:12
#33 0xabaa46a337bc in std::__1::function<void ()>::operator()() const ci/tmp/build/./contrib/llvm-project/libcxx/include/__functional/function.h:772:10
#34 0xabaa46a337bc in ThreadPoolImpl<std::__1::thread>::ThreadFromThreadPool::worker() ci/tmp/build/./src/Common/ThreadPool.cpp:811:17
#35 0xabaa46a4076c in decltype(*std::declval<ThreadPoolImpl<std::__1::thread>::ThreadFromThreadPool*>().*std::declval<void (ThreadPoolImpl<std::__1::thread>::ThreadFromThreadPool::*)()>()()) std::__1::__invoke[abi:ne210105]<void (ThreadPoolImpl<std::__1::thread>::ThreadFromThreadPool::*)(), ThreadPoolImpl<std::__1::thread>::ThreadFromThreadPool*, void>(void (ThreadPoolImpl<std::__1::thread>::ThreadFromThreadPool::*&&)(), ThreadPoolImpl<std::__1::thread>::ThreadFromThreadPool*&&) ci/tmp/build/./contrib/llvm-project/libcxx/include/__type_traits/invoke.h:217:25
#36 0xabaa46a4076c in void std::__1::__thread_execute[abi:ne210105]<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void (ThreadPoolImpl<std::__1::thread>::ThreadFromThreadPool::*)(), ThreadPoolImpl<std::__1::thread>::ThreadFromThreadPool*, 2ul>(std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void (ThreadPoolImpl<std::__1::thread>::ThreadFromThreadPool::*)(), ThreadPoolImpl<std::__1::thread>::ThreadFromThreadPool*>&, std::__1::__tuple_indices<2ul>) ci/tmp/build/./contrib/llvm-project/libcxx/include/__thread/thread.h:159:3
#37 0xabaa46a4076c in void* std::__1::__thread_proxy[abi:ne210105]<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void (ThreadPoolImpl<std::__1::thread>::ThreadFromThreadPool::*)(), ThreadPoolImpl<std::__1::thread>::ThreadFromThreadPool*>>(void*) ci/tmp/build/./contrib/llvm-project/libcxx/include/__thread/thread.h:168:3
#38 0xabaa37af5e30 in asan_thread_start(void*) crtstuff.c
#39 0xfff0a7010394 in start_thread nptl/pthread_create.c:442:8
#40 0xfff0a7079e98  misc/../sysdeps/unix/sysv/linux/aarch64/clone.S:79