DuckDB crashes with Floating Point Exception

[SteveLeungYL]

What happens?

The latest release version of DuckDB (v0.9.2 3c695d7) crashes when executing the following query:

SELECT DISTINCT MAP { * : ? IN ( SELECT TRUE ) } ;

Here is the stack from GDB:

gdb-peda$ bt
#0  0x00005555565c4e9e in duckdb::AlignVectorToReference (original=..., reference=..., tuple_count=0x1, result=...)
    at /home/luy70/Desktop/DBMSs/duckdb_release/src/core_functions/scalar/map/map.cpp:35
#1  0x00005555565c6a66 in duckdb::MapFunction (args=..., state=..., result=...) at /home/luy70/Desktop/DBMSs/duckdb_release/src/core_functions/scalar/map/map.cpp:145
#2  0x0000555555a154e4 in std::function<void (duckdb::DataChunk&, duckdb::ExpressionState&, duckdb::Vector&)>::operator()(duckdb::DataChunk&, duckdb::ExpressionState&, duckdb::Vector&) const (__args#2=..., __args#1=..., __args#0=..., this=0x5555570f9ae0) at /usr/include/c++/9/bits/std_function.h:683
#3  duckdb::ExpressionExecutor::Execute (this=this@entry=0x555557119578, expr=..., state=state@entry=0x5555570f8f50, sel=sel@entry=0x0, count=count@entry=0x1, result=...)
    at /home/luy70/Desktop/DBMSs/duckdb_release/src/execution/expression_executor/execute_function.cpp:79
#4  0x0000555555b50eaf in duckdb::ExpressionExecutor::Execute (this=this@entry=0x555557119578, expr=..., state=0x5555570f8f50, sel=sel@entry=0x0, count=count@entry=0x1,
    result=...) at /home/luy70/Desktop/DBMSs/duckdb_release/src/execution/expression_executor.cpp:211
#5  0x0000555555a15f2a in duckdb::ExpressionExecutor::Execute (this=this@entry=0x555557119578, expr=..., state=state@entry=0x5555571197f0, sel=sel@entry=0x0,
    count=count@entry=0x1, result=...) at /home/luy70/Desktop/DBMSs/duckdb_release/src/include/duckdb/common/unique_ptr.hpp:19
#6  0x0000555555b50e0f in duckdb::ExpressionExecutor::Execute (this=0x555557119578, expr=..., state=0x5555571197f0, sel=0x0, count=0x1, result=...)
    at /home/luy70/Desktop/DBMSs/duckdb_release/src/execution/expression_executor.cpp:199
#7  0x0000555555b5100d in duckdb::ExpressionExecutor::ExecuteExpression (this=0x555557119578, expr_idx=0x0, result=...) at /usr/include/c++/9/bits/stl_vector.h:1040
#8  0x0000555555b5114e in duckdb::ExpressionExecutor::Execute (this=0x555557119578, input=0x555557119500, result=...) at /usr/include/c++/9/bits/stl_vector.h:1040
#9  0x00005555563266b7 in duckdb::ExpressionExecutor::Execute (result=..., input=..., this=<optimized out>)
    at /home/luy70/Desktop/DBMSs/duckdb_release/src/include/duckdb/execution/expression_executor.hpp:50
#10 duckdb::PhysicalProjection::Execute (this=<optimized out>, context=..., input=..., chunk=..., gstate=..., state_p=...)
    at /home/luy70/Desktop/DBMSs/duckdb_release/src/execution/operator/projection/physical_projection.cpp:31
#11 0x0000555555bf768a in duckdb::PipelineExecutor::Execute (this=0x5555570ea580, input=..., result=..., initial_idx=0x1)
    at /home/luy70/Desktop/DBMSs/duckdb_release/src/include/duckdb/common/unique_ptr.hpp:19
#12 0x0000555555bf7839 in duckdb::PipelineExecutor::ExecutePushInternal (initial_idx=<optimized out>, input=..., this=<optimized out>)
    at /home/luy70/Desktop/DBMSs/duckdb_release/src/parallel/pipeline_executor.cpp:273
#13 duckdb::PipelineExecutor::ExecutePushInternal (this=0x5555570ea580, input=..., initial_idx=0x1)
    at /home/luy70/Desktop/DBMSs/duckdb_release/src/parallel/pipeline_executor.cpp:259
#14 0x0000555555bf8b53 in duckdb::PipelineExecutor::TryFlushCachingOperators (this=0x5555570ea580)
    at /home/luy70/Desktop/DBMSs/duckdb_release/src/parallel/pipeline_executor.cpp:91
#15 0x0000555555bf9840 in duckdb::PipelineExecutor::Execute (this=0x5555570ea580, max_chunks=0x32)
    at /home/luy70/Desktop/DBMSs/duckdb_release/src/parallel/pipeline_executor.cpp:185
#16 0x0000555555c0308a in duckdb::PipelineTask::ExecuteTask (this=0x555557112550, mode=<optimized out>) at /usr/include/c++/9/bits/unique_ptr.h:360
#17 0x0000555555bf489a in duckdb::ExecutorTask::Execute (this=0x555557112550, mode=<optimized out>)
    at /home/luy70/Desktop/DBMSs/duckdb_release/src/parallel/executor_task.cpp:28
#18 0x0000555555bf70ab in duckdb::Executor::ExecuteTask (this=0x5555570ea020) at /home/luy70/Desktop/DBMSs/duckdb_release/src/parallel/executor.cpp:479
#19 0x0000555555bb9a35 in duckdb::ClientContext::ExecuteTaskInternal (this=0x5555570e46f0, lock=..., result=...)
    at /home/luy70/Desktop/DBMSs/duckdb_release/src/include/duckdb/common/unique_ptr.hpp:19
#20 0x0000555555bb9c03 in duckdb::PendingQueryResult::ExecuteInternal (this=0x5555570f53d0, lock=...)
    at /home/luy70/Desktop/DBMSs/duckdb_release/src/main/pending_query_result.cpp:59
#21 0x0000555555bb9d24 in duckdb::PendingQueryResult::Execute (this=0x5555570f53d0)
    at /home/luy70/Desktop/DBMSs/duckdb_release/src/include/duckdb/common/unique_ptr.hpp:19
#22 0x0000555555bbbd98 in duckdb::PreparedStatement::Execute (this=<optimized out>, values=..., allow_stream_result=allow_stream_result@entry=0x0)
    at /home/luy70/Desktop/DBMSs/duckdb_release/src/include/duckdb/common/unique_ptr.hpp:38
#23 0x0000555555816b16 in duckdb_shell_sqlite3_print_duckbox (pStmt=0x5555570f5e00, max_rows=0x28, max_width=0x0, null_value=0x7fffffffcba4 "", columnar=0x0)
    at /home/luy70/Desktop/DBMSs/duckdb_release/src/include/duckdb/common/unique_ptr.hpp:38
#24 0x000055555580129b in exec_prepared_stmt (pArg=0x7fffffffca90, pStmt=0x5555570f5e00) at /home/luy70/Desktop/DBMSs/duckdb_release/tools/shell/shell.c:12901
#25 0x0000555555802465 in shell_exec (pArg=<optimized out>, zSql=<optimized out>, pzErrMsg=0x7fffffffc888)
    at /home/luy70/Desktop/DBMSs/duckdb_release/tools/shell/shell.c:13236
#26 0x000055555580419d in runOneSqlLine (p=0x7fffffffca90, zSql=0x555556fd6da0 "SELECT DISTINCT MAP { * : ? IN ( SELECT TRUE ) } ;", in=0x0, startline=0x1)
    at /home/luy70/Desktop/DBMSs/duckdb_release/tools/shell/shell.c:19655
#27 0x000055555580c839 in process_input (p=0x7fffffffca90) at /home/luy70/Desktop/DBMSs/duckdb_release/tools/shell/shell.c:19773
#28 0x00005555557edbf8 in main (argc=argc@entry=0x1, argv=argv@entry=0x7fffffffddc8) at /home/luy70/Desktop/DBMSs/duckdb_release/tools/shell/shell.c:20586
#29 0x00007ffff7a6f083 in __libc_start_main (main=0x5555557ecfc0 <main>, argc=0x1, argv=0x7fffffffddc8, init=<optimized out>, fini=<optimized out>,
    rtld_fini=<optimized out>, stack_end=0x7fffffffddb8) at ../csu/libc-start.c:308
#30 0x00005555557eff7e in _start () at /usr/include/x86_64-linux-gnu/bits/stdio2.h:100

This bug is also reproducible on the latest main branch: 2f4a36a.

However, this bug seems only reproducible on x86-64 machines (only tested on x86-64 Ubuntu and triggered the bug). The bug is not reproducible on the Apple Silicon ARM-based MacBook.

To Reproduce

1. Clone the DuckDB Git from the official repo.
2. Checkout to either the latest main or release version: v0.9.2 (3c695d7).
3. Compile the DuckDB binary by using either make reldebug or make debug.
4. Run the compiled DuckDB and input the following SQL:

SELECT DISTINCT MAP { * : ? IN ( SELECT TRUE ) } ;

5. Observe and log the crash information.

OS:

Ubuntu 20.04 LTS

DuckDB Version:

0.9.2

DuckDB Client:

DuckDB official command line host

Full Name:

Yu Liang

Affiliation:

The Pennsylvania State University

Have you tried this on the latest main branch?

I have tested with a main build

Have you tried the steps to reproduce? Do they include all relevant data and configuration? Does the issue you report still appear there?

• Yes, I have