[Bug] join produces too many rows causing be coredump #16165
Description
Search before asking
- I had searched in the issues and found no similar issues.
Version
master 7e7fd5d
What's Wrong?
sql causing be coredump:
SELECT /*+ SET_VAR(query_timeout = 600) */ CASE
WHEN CASE
WHEN ref_2.`p02` IS NOT
NULL THEN ref_2.`sid`
ELSE ref_2.`sid`
END IS NULL THEN ref_2.`p08`
ELSE ref_2.`p08`
END AS c0,
ref_16.`object_size` AS c1,
ref_1.`wr_net_loss` AS c2,
ref_2.`p12` AS c3,
bitmap_empty() AS c4,
ref_16.`request` AS c5
FROM regression_test_tpcds_sf1_unique_p1.web_returns AS ref_1
LEFT JOIN regression_test_37Wan.ods_register AS ref_2 ON (ref_1.`wr_returned_date_sk` = ref_2.`time`)
LEFT JOIN regression_test_brown_p2.logs2 AS ref_16 ON (ref_1.`wr_returning_addr_sk` = ref_16.`object_size`)
WHERE ref_2.`p12` IS NULL
coredump callstack:
==2031262==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x7f2d23eebaf0 at pc 0x55654a887e53 bp 0x7f2d23d41cd0 sp 0x7f2d23d41478
WRITE of size 10218101 at 0x7f2d23eebaf0 thread T275 (FragmentMgrThre)
#0 0x55654a887e52 in memset (/mnt/disk1/yuejing/projects/doris/output/be/lib/doris_be+0x11f97e52)
#1 0x55655415bf74 in doris::Status doris::vectorized::FunctionCase<false, true>::execute_impl<doris::vectorized::ColumnVector<int>, false, true>(std::shared_ptr<doris::vectorized::IDataType const> const&, doris::vectorized::Block&, unsigned long, doris::vectorized::CaseWhenColumnHolder) /mnt/disk1/yuejing/projects/doris/be/src/vec/functions/function_case.h:190
#2 0x5565540f66b5 in doris::Status doris::vectorized::FunctionCase<false, true>::execute_get_then_null<doris::vectorized::ColumnVector<int>, false>(std::shared_ptr<doris::vectorized::IDataType const> const&, doris::vectorized::Block&, std::vector<unsigned long, std::allocator<unsigned long> > const&, unsigned long, unsigned long) /mnt/disk1/yuejing/projects/doris/be/src/vec/functions/function_case.h:322
#3 0x5565540d238f in doris::Status doris::vectorized::FunctionCase<false, true>::execute_get_when_null<doris::vectorized::ColumnVector<int> >(std::shared_ptr<doris::vectorized::IDataType const> const&, doris::vectorized::Block&, std::vector<unsigned long, std::allocator<unsigned long> > const&, unsigned long, unsigned long) /mnt/disk1/yuejing/projects/doris/be/src/vec/functions/function_case.h:352
#4 0x5565540c607e in doris::vectorized::FunctionCase<false, true>::execute_get_type(std::shared_ptr<doris::vectorized::IDataType const> const&, doris::vectorized::Block&, std::vector<unsigned long, std::allocator<unsigned long> > const&, unsigned long, unsigned long) /mnt/disk1/yuejing/projects/doris/be/src/vec/functions/function_case.h:367
#5 0x5565540c3682 in doris::vectorized::FunctionCase<false, true>::execute_impl(doris_udf::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned long, std::allocator<unsigned long> > const&, unsigned long, unsigned long) /mnt/disk1/yuejing/projects/doris/be/src/vec/functions/function_case.h:375
#6 0x55655266d3b7 in doris::vectorized::DefaultExecutable::execute_impl(doris_udf::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned long, std::allocator<unsigned long> > const&, unsigned long, unsigned long) /mnt/disk1/yuejing/projects/doris/be/src/vec/functions/function.h:467
#7 0x556553fd213a in doris::vectorized::PreparedFunctionImpl::execute_without_low_cardinality_columns(doris_udf::FunctionContext*, doris::vectorized::Block&, std:
:vector<unsigned long, std::allocator<unsigned long> > const&, unsigned long, unsigned long, bool) /mnt/disk1/yuejing/projects/doris/be/src/vec/functions/function.cpp
:251
#8 0x556553fd223a in doris::vectorized::PreparedFunctionImpl::execute(doris_udf::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned long, std::allo
cator<unsigned long> > const&, unsigned long, unsigned long, bool) /mnt/disk1/yuejing/projects/doris/be/src/vec/functions/function.cpp:273
#9 0x556552669fe2 in doris::vectorized::IFunctionBase::execute(doris_udf::FunctionContext*, doris::vectorized::Block&, std::vector<unsigned long, std::allocator<u
nsigned long> > const&, unsigned long, unsigned long, bool) /mnt/disk1/yuejing/projects/doris/be/src/vec/functions/function.h:136
#10 0x5565525f867f in doris::vectorized::VCaseExpr::execute(doris::vectorized::VExprContext*, doris::vectorized::Block*, int*) /mnt/disk1/yuejing/projects/doris/b
e/src/vec/exprs/vcase_expr.cpp:89
#11 0x5565525544a7 in doris::vectorized::VectorizedFnCall::execute(doris::vectorized::VExprContext*, doris::vectorized::Block*, int*) /mnt/disk1/yuejing/projects/
doris/be/src/vec/exprs/vectorized_fn_call.cpp:101
#12 0x5565525f82a5 in doris::vectorized::VCaseExpr::execute(doris::vectorized::VExprContext*, doris::vectorized::Block*, int*) /mnt/disk1/yuejing/projects/doris/b
e/src/vec/exprs/vcase_expr.cpp:80
#13 0x55655256677c in doris::vectorized::VExprContext::execute(doris::vectorized::Block*, int*) /mnt/disk1/yuejing/projects/doris/be/src/vec/exprs/vexpr_context.c
pp:43
#14 0x556552568d48 in doris::vectorized::VExprContext::get_output_block_after_execute_exprs(std::vector<doris::vectorized::VExprContext*, std::allocator<doris::ve
ctorized::VExprContext*> > const&, doris::vectorized::Block const&, doris::Status&) /mnt/disk1/yuejing/projects/doris/be/src/vec/exprs/vexpr_context.cpp:145
#15 0x55655ab8d255 in doris::vectorized::VMysqlResultWriter::append_block(doris::vectorized::Block&) /mnt/disk1/yuejing/projects/doris/be/src/vec/sink/vmysql_resu
lt_writer.cpp:448
#16 0x55655ab7bfe8 in doris::vectorized::VResultSink::send(doris::RuntimeState*, doris::vectorized::Block*, bool) /mnt/disk1/yuejing/projects/doris/be/src/vec/sin
k/vresult_sink.cpp:91
#17 0x55654c8e7e80 in doris::PlanFragmentExecutor::open_vectorized_internal() /mnt/disk1/yuejing/projects/doris/be/src/runtime/plan_fragment_executor.cpp:299
#18 0x55654c8e6a79 in doris::PlanFragmentExecutor::open() /mnt/disk1/yuejing/projects/doris/be/src/runtime/plan_fragment_executor.cpp:242
#19 0x55654c862129 in doris::FragmentExecState::execute() /mnt/disk1/yuejing/projects/doris/be/src/runtime/fragment_mgr.cpp:250
#20 0x55654c86a499 in doris::FragmentMgr::_exec_actual(std::shared_ptr<doris::FragmentExecState>, std::function<void (doris::RuntimeState*, doris::Status*)>) /mnt
/disk1/yuejing/projects/doris/be/src/runtime/fragment_mgr.cpp:490
#21 0x55654c86ccc0 in operator() /mnt/disk1/yuejing/projects/doris/be/src/runtime/fragment_mgr.cpp:746
#22 0x55654c87dc83 in __invoke_impl<void, doris::FragmentMgr::exec_plan_fragment(const doris::TExecPlanFragmentParams&, doris::FragmentMgr::FinishCallback)::<lamb
da()>&> /mnt/disk1/yuejing/projects/ldb_toolchain/include/c++/11/bits/invoke.h:61
#23 0x55654c87d75f in __invoke_r<void, doris::FragmentMgr::exec_plan_fragment(const doris::TExecPlanFragmentParams&, doris::FragmentMgr::FinishCallback)::<lambda(
)>&> /mnt/disk1/yuejing/projects/ldb_toolchain/include/c++/11/bits/invoke.h:111
#24 0x55654c87cb83 in _M_invoke /mnt/disk1/yuejing/projects/ldb_toolchain/include/c++/11/bits/std_function.h:291
#25 0x55654caa2063 in std::function<void ()>::operator()() const /mnt/disk1/yuejing/projects/ldb_toolchain/include/c++/11/bits/std_function.h:560
#26 0x55654cf8a079 in doris::FunctionRunnable::run() /mnt/disk1/yuejing/projects/doris/be/src/util/threadpool.cpp:46
#27 0x55654cf8516b in doris::ThreadPool::dispatch_thread() /mnt/disk1/yuejing/projects/doris/be/src/util/threadpool.cpp:535
#28 0x55654cfa7151 in void std::_invoke_impl<void, void (doris::ThreadPool::&)(), doris::ThreadPool&>(std::_invoke_memfun_deref, void (doris::ThreadPool::*&)(
), doris::ThreadPool*&) /mnt/disk1/yuejing/projects/ldb_toolchain/include/c++/11/bits/invoke.h:74
#29 0x55654cfa69f0 in std::_invoke_result<void (doris::ThreadPool::&)(), doris::ThreadPool&>::type std::_invoke<void (doris::ThreadPool::*&)(), doris::ThreadP
ool*&>(void (doris::ThreadPool::&)(), doris::ThreadPool&) /mnt/disk1/yuejing/projects/ldb_toolchain/include/c++/11/bits/invoke.h:96
#30 0x55654cfa5d8f in void std::Bind<void (doris::ThreadPool::(doris::ThreadPool))()>::_call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) /mnt/disk1/y
uejing/projects/ldb_toolchain/include/c++/11/functional:420
#31 0x55654cfa48a0 in void std::_Bind<void (doris::ThreadPool::(doris::ThreadPool))()>::operator()<, void>() /mnt/disk1/yuejing/projects/ldb_toolchain/include/c
++/11/functional:503
#32 0x55654cfa1491 in void std::_invoke_impl<void, std::_Bind<void (doris::ThreadPool::(doris::ThreadPool))()>&>(std::_invoke_other, std::_Bind<void (doris::T
hreadPool::(doris::ThreadPool))()>&) /mnt/disk1/yuejing/projects/ldb_toolchain/include/c++/11/bits/invoke.h:61
#33 0x55654cf9e949 in std::enable_if<is_invocable_r_v<void, std::Bind<void (doris::ThreadPool::(doris::ThreadPool))()>&>, void>::type std::_invoke_r<void, std
::_Bind<void (doris::ThreadPool::(doris::ThreadPool))()>&>(std::_Bind<void (doris::ThreadPool::(doris::ThreadPool))()>&) /mnt/disk1/yuejing/projects/ldb_toolchain
/include/c++/11/bits/invoke.h:111
#34 0x55654cf99c48 in std::_Function_handler<void (), std::_Bind<void (doris::ThreadPool::(doris::ThreadPool))()> >::_M_invoke(std::_Any_data const&) /mnt/disk1
/yuejing/projects/ldb_toolchain/include/c++/11/bits/std_function.h:291
#35 0x55654caa2063 in std::function<void ()>::operator()() const /mnt/disk1/yuejing/projects/ldb_toolchain/include/c++/11/bits/std_function.h:560
#36 0x55654cf64edd in doris::Thread::supervise_thread(void*) /mnt/disk1/yuejing/projects/doris/be/src/util/thread.cpp:453
#37 0x7f2e31e30179 in start_thread (/lib64/libpthread.so.0+0x8179)
#38 0x7f2e317dddf2 in _GI__clone (/lib64/libc.so.6+0xfcdf2)
Address 0x7f2d23eebaf0 is located in stack of thread T276 (FragmentMgrThre) at offset 0 in frame
#0 0x55654a9cc839 in std::cv_status std::condition_variable::__wait_until_impl<std::chrono::duration<long, std::ratio<1l, 1000000000l> > >(std::unique_lock<std::m
utex>&, std::chrono::time_point<std::chrono::_V2::system_clock, std::chrono::duration<long, std::ratio<1l, 1000000000l> > > const&) /mnt/disk1/yuejing/projects/ldb_to
olchain/include/c++/11/condition_variable:210
This frame has 6 object(s):
[32, 40) '__s' (line 213) <== Memory access at offset 0 partially underflows this variable
[64, 72) '__ns' (line 214) <== Memory access at offset 0 partially underflows this variable
[96, 104) '<unknown>' <== Memory access at offset 0 partially underflows this variable
[128, 136) '<unknown>' <== Memory access at offset 0 partially underflows this variable
[160, 168) '<unknown>' <== Memory access at offset 0 partially underflows this variable
[192, 208) '__ts' (line 216) <== Memory access at offset 0 partially underflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions are supported)
Thread T276 (FragmentMgrThre) created by T0 here:
#0 0x55654a8a6061 in __interceptor_pthread_create (/mnt/disk1/yuejing/projects/doris/output/be/lib/doris_be+0x11fb6061)
#1 0x55654cf642b9 in doris::Thread::start_thread(std::_cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::_cxx11::basic_strin
g<char, std::char_traits<char>, std::allocator<char> > const&, std::function<void ()> const&, unsigned long, scoped_refptr<doris::Thread>*) /mnt/disk1/yuejing/project
s/doris/be/src/util/thread.cpp:407
#2 0x55654cf8e9e5 in doris::Status doris::Thread::create<void (doris::ThreadPool::)(), doris::ThreadPool>(std::__cxx11::basic_string<char, std::char_traits<char
>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, void (doris::ThreadPool::* const&)(), doris:
:ThreadPool* const&, scoped_refptr<doris::Thread>*) /mnt/disk1/yuejing/projects/doris/be/src/util/thread.h:57
#3 0x55654cf8696e in doris::ThreadPool::create_thread() /mnt/disk1/yuejing/projects/doris/be/src/util/threadpool.cpp:604
#4 0x55654cf806a3 in doris::ThreadPool::init() /mnt/disk1/yuejing/projects/doris/be/src/util/threadpool.cpp:263
#5 0x55654cf7d11b in doris::ThreadPoolBuilder::build(std::unique_ptr<doris::ThreadPool, std::default_delete<doris::ThreadPool> >*) const /mnt/disk1/yuejing/projec
ts/doris/be/src/util/threadpool.cpp:78
#6 0x55654c868402 in doris::FragmentMgr::FragmentMgr(doris::ExecEnv*) /mnt/disk1/yuejing/projects/doris/be/src/runtime/fragment_mgr.cpp:445
#7 0x55654c67d5d0 in doris::ExecEnv::_init(std::vector<doris::StorePath, std::allocator<doris::StorePath> > const&) /mnt/disk1/yuejing/projects/doris/be/src/runti
me/exec_env_init.cpp:111
#8 0x55654c67cc3f in doris::ExecEnv::init(doris::ExecEnv*, std::vector<doris::StorePath, std::allocator<doris::StorePath> > const&) /mnt/disk1/yuejing/projects/do
ris/be/src/runtime/exec_env_init.cpp:76
#9 0x55654a954615 in main /mnt/disk1/yuejing/projects/doris/be/src/service/doris_main.cpp:437
#10 0x7f2e31704492 in __libc_start_main (/lib64/libc.so.6+0x23492)
SUMMARY: AddressSanitizer: stack-buffer-underflow (/mnt/disk1/yuejing/projects/doris/output/be/lib/doris_be+0x11f97e52) in memse
What You Expected?
no be coredump.
How to Reproduce?
No response
Anything Else?
No response
Are you willing to submit PR?
- Yes I am willing to submit a PR!
Code of Conduct
- I agree to follow this project's Code of Conduct