Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Experimental KQL: Clickhouse server v24.1.1.1 SEGV inside DB::(anonymous namespace)::writeQueryAroundTheError #59037

Closed
hnlcf opened this issue Jan 22, 2024 · 6 comments · Fixed by #59305
Closed

Experimental KQL: Clickhouse server v24.1.1.1 SEGV inside DB::(anonymous namespace)::writeQueryAroundTheError #59037

hnlcf opened this issue Jan 22, 2024 · 6 comments · Fixed by #59305
Assignees
@yakov-olkhovskiy
Labels
alternative build experimental feature Bug in the feature that should not be used in production fuzz Problem found by one of the fuzzers

Comments

@hnlcf
Copy link

hnlcf commented Jan 22, 2024

Describe the bug

ClickHouse server version 24.1.1.1 received SIGSEGV signal
It was found by an in-development fuzzer of WINGFUZZ.

How to reproduce

The SQL statement to reproduce (it is need to execute line by line): poc-2.sql

Stacktrace

[Thread 0x7ff5bb77e640 (LWP 3694000) exited]

Thread 4 "HTTPHandler" received signal SIGSEGV, Segmentation fault.
__memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:317
317     in ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S
(gdb) bt
#0  __memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:317
#1  0x0000000016e5e997 in std::__1::__copy_impl[abi:v15000]<char const, char, void>(char const*, char const*, char*) (__first=warning: (Internal error: pc 0x41 in read in psymtab, but not in symtab.)

0x41 <error: Cannot access memory at address 0x41>, __last=warning: (Internal error: pc 0xe1 in read in psymtab, but not in symtab.)

0xe1 <error: Cannot access memory at address 0xe1>, __result=<optimized out>)
    at ./contrib/llvm-project/libcxx/include/__algorithm/copy.h:56
#2  std::__1::__copy[abi:v15000]<char const*, char const*, char*, 0>(char const*, char const*, char*) (__first=warning: (Internal error: pc 0x41 in read in psymtab, but not in symtab.)

0x41 <error: Cannot access memory at address 0x41>, __last=warning: (Internal error: pc 0xe1 in read in psymtab, but not in symtab.)

0xe1 <error: Cannot access memory at address 0xe1>, __result=<optimized out>)
    at ./contrib/llvm-project/libcxx/include/__algorithm/copy.h:94
#3  std::__1::copy[abi:v15000]<char const*, char*>(char const*, char const*, char*) (__first=warning: (Internal error: pc 0x41 in read in psymtab, but not in symtab.)

0x41 <error: Cannot access memory at address 0x41>, __last=warning: (Internal error: pc 0xe1 in read in psymtab, but not in symtab.)

0xe1 <error: Cannot access memory at address 0xe1>, __result=<optimized out>)
    at ./contrib/llvm-project/libcxx/include/__algorithm/copy.h:103
#4  std::__1::copy_n[abi:v15000]<char const*, unsigned long, char*>(char const*, unsigned long, char*) (__first=warning: (Internal error: pc 0x41 in read in psymtab, but not in symtab.)

0x41 <error: Cannot access memory at address 0x41>, __orig_n=160, __result=<optimized out>) at ./contrib/llvm-project/libcxx/include/__algorithm/copy_n.h:61
#5  std::__1::char_traits<char>::copy (__s1=<optimized out>, __s2=warning: (Internal error: pc 0x41 in read in psymtab, but not in symtab.)

0x41 <error: Cannot access memory at address 0x41>, __n=160) at ./contrib/llvm-project/libcxx/include/__string/char_traits.h:233
#6  std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >::__init (this=0x7fff3c4e7d28, __s=warning: (Internal error: pc 0x41 in read in psymtab, but not in symtab.)

0x41 <error: Cannot access memory at address 0x41>, __sz=160) at ./contrib/llvm-project/libcxx/include/string:1972
#7  std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >::basic_string[abi:v15000](char const*, unsigned long) (this=0x7fff3c4e7d28, __s=warning: (Internal error: pc 0x41 in read in psymtab, but not in symtab.)

0x41 <error: Cannot access memory at address 0x41>, __n=160)
    at ./contrib/llvm-project/libcxx/include/string:1993
#8  DB::(anonymous namespace)::writeQueryAroundTheError (out=...,
    begin=begin@entry=0x7ff98c1067dd "INSERT INTO dist_00612 VALUES(1, 1), (2, 2), (3, 3), (4, 4), (5, 5)\r\n0\r\n\r\nlhost, currentDatabase(), data_00612, rand())\r\n0\r\n\r\nOM system.numbers LIMIT 5\r\n0\r\n\r\n AS haystack,\n        extractGroups(haysta"...,
    end=end@entry=0x7ff98c106820 "\r\n0\r\n\r\nlhost, currentDatabase(), data_00612, rand())\r\n0\r\n\r\nOM system.numbers LIMIT 5\r\n0\r\n\r\n AS haystack,\n        extractGroups(haystack, repeat('(\\\\w)', 100)) AS matches\n    FROM numbers(3)\n)\r\n0\r\n\r\n\r\n"..., hilite=<optimized out>, positions_to_hilite=positions_to_hilite@entry=0x7fff3c4e7e40, num_positions_to_hilite=num_positions_to_hilite@entry=1) at ./build/./src/Parsers/Kusto/parseKQLQuery.cpp:126
#9  0x0000000016e5d5fd in DB::(anonymous namespace)::getSyntaxErrorMessage (
    begin=begin@entry=0x7ff98c1067dd "INSERT INTO dist_00612 VALUES(1, 1), (2, 2), (3, 3), (4, 4), (5, 5)\r\n0\r\n\r\nlhost, currentDatabase(), data_00612, rand())\r\n0\r\n\r\nOM system.numbers LIMIT 5\r\n0\r\n\r\n AS haystack,\n        extractGroups(haysta"...,
    end=end@entry=0x7ff98c106820 "\r\n0\r\n\r\nlhost, currentDatabase(), data_00612, rand())\r\n0\r\n\r\nOM system.numbers LIMIT 5\r\n0\r\n\r\n AS haystack,\n        extractGroups(haystack, repeat('(\\\\w)', 100)) AS matches\n    FROM numbers(3)\n)\r\n0\r\n\r\n\r\n"..., last_token=..., expected=..., hilite=false, query_description=...) at ./build/./src/Parsers/Kusto/parseKQLQuery.cpp:177
#10 0x0000000016e5ba4c in DB::tryParseKQLQuery (parser=..., _out_query_end=@0x7fff3c4e8240: 0x7ff98c042040 "",
    all_queries_end=all_queries_end@entry=0x7ff98c106820 "\r\n0\r\n\r\nlhost, currentDatabase(), data_00612, rand())\r\n0\r\n\r\nOM system.numbers LIMIT 5\r\n0\r\n\r\n AS haystack,\n        extractGroups(haystack, repeat('(\\\\w)', 100)) AS matches\n    FROM numbers(3)\n)\r\n0\r\n\r\n\r\n"..., out_error_message=..., hilite=false, query_description=..., allow_multi_statements=<optimized out>, max_query_size=29, max_parser_depth=1000, skip_insignificant=<optimized out>) at ./build/./src/Parsers/Kusto/parseKQLQuery.cpp:400
#11 0x0000000016e5dad9 in DB::parseKQLQueryAndMovePosition (parser=..., pos=<error reading variable: Cannot access memory at address 0x41>, end=warning: (Internal error: pc 0xa0 in read in psymtab, but not in symtab.)

0xa0 <error: Cannot access memory at address 0xa0>,
    end@entry=0x7ff98c106820 "\r\n0\r\n\r\nlhost, currentDatabase(), data_00612, rand())\r\n0\r\n\r\nOM system.numbers LIMIT 5\r\n0\r\n\r\n AS haystack,\n        extractGroups(haystack, repeat('(\\\\w)', 100)) AS matches\n    FROM numbers(3)\n)\r\n0\r\n\r\n\r\n"...,
    query_description=..., allow_multi_statements=32, max_query_size=129, max_query_size@entry=29, max_parser_depth=282574521892865) at ./build/./src/Parsers/Kusto/parseKQLQuery.cpp:447
#12 0x0000000016e5dca2 in DB::parseKQLQuery (parser=..., begin=0x7ff98c042040 "", end=warning: (Internal error: pc 0xa0 in read in psymtab, but not in symtab.)

0xa0 <error: Cannot access memory at address 0xa0>,
    end@entry=0x7ff98c106820 "\r\n0\r\n\r\nlhost, currentDatabase(), data_00612, rand())\r\n0\r\n\r\nOM system.numbers LIMIT 5\r\n0\r\n\r\n AS haystack,\n        extractGroups(haystack, repeat('(\\\\w)', 100)) AS matches\n    FROM numbers(3)\n)\r\n0\r\n\r\n\r\n"...,
    query_description=..., max_query_size=140709774986016, max_query_size@entry=29, max_parser_depth=<optimized out>) at ./build/./src/Parsers/Kusto/parseKQLQuery.cpp:463
#13 0x0000000014b1788e in DB::executeQueryImpl (
    begin=begin@entry=0x7ff98c1067dd "INSERT INTO dist_00612 VALUES(1, 1), (2, 2), (3, 3), (4, 4), (5, 5)\r\n0\r\n\r\nlhost, currentDatabase(), data_00612, rand())\r\n0\r\n\r\nOM system.numbers LIMIT 5\r\n0\r\n\r\n AS haystack,\n        extractGroups(haysta"...,
    end=end@entry=0x7ff98c106820 "\r\n0\r\n\r\nlhost, currentDatabase(), data_00612, rand())\r\n0\r\n\r\nOM system.numbers LIMIT 5\r\n0\r\n\r\n AS haystack,\n        extractGroups(haystack, repeat('(\\\\w)', 100)) AS matches\n    FROM numbers(3)\n)\r\n0\r\n\r\n\r\n"..., context=..., flags=..., stage=DB::QueryProcessingStage::Complete, istr=0x7ff98c20eb60) at ./build/./src/Interpreters/executeQuery.cpp:715
#14 0x0000000014b23a3e in DB::executeQuery(DB::ReadBuffer&, DB::WriteBuffer&, bool, std::__1::shared_ptr<DB::Context>, std::__1::function<void (DB::QueryResultDetails const&)>, DB::QueryFlags, std::__1::optional<DB::FormatSettings> const&, std::__1::function<void (DB::IOutputFormat&)>) (istr=..., ostr=..., allow_into_outfile=false, context=..., set_result_details=..., flags=..., output_format_settings=..., handle_exception_in_output_format=...) at ./build/./src/Interpreters/executeQuery.cpp:1396
#15 0x00000000162b2cd4 in DB::HTTPHandler::processQuery (this=this@entry=0x7ff98c017620, request=..., params=..., response=..., used_output=..., query_scope=..., write_event=...) at ./build/./src/Server/HTTPHandler.cpp:901
#16 0x00000000162ba58a in DB::HTTPHandler::handleRequest (this=0x7ff98c017620, request=..., response=..., write_event=...) at ./build/./src/Server/HTTPHandler.cpp:1102
#17 0x0000000016389b4a in DB::HTTPServerConnection::run (this=0x7ff98c20ea30) at ./build/./src/Server/HTTP/HTTPServerConnection.cpp:70
#18 0x000000001758b7e8 in Poco::Net::TCPServerConnection::start (this=0x7ff98c278b20) at ./build/./base/poco/Net/src/TCPServerConnection.cpp:43
#19 0x000000001758c2f3 in Poco::Net::TCPServerDispatcher::run (this=0x1afebfd0) at ./build/./base/poco/Net/src/TCPServerDispatcher.cpp:115
#20 0x0000000017616d01 in Poco::PooledThread::run (this=0x1a1fd660) at ./build/./base/poco/Foundation/src/ThreadPool.cpp:188
#21 0x000000001761351c in Poco::ThreadImpl::runnableEntry (pThread=<optimized out>) at ./base/poco/Foundation/src/Thread_POSIX.cpp:335
#22 0x00007ffff7e08ac3 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
#23 0x00007ffff7e9a850 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
(gdb) c
Continuing.
Couldn't get registers: No such process.
(gdb) [Thread 0x7ff5bbf7f640 (LWP 3693873) exited]

Server log

[New Thread 0x7ff5bb77e640 (LWP 3694000)]
2024.01.22 10:13:48.461641 [ 3694000 ] {} <Fatal> BaseDaemon: ########## Short fault info ############
2024.01.22 10:13:48.461718 [ 3694000 ] {} <Fatal> BaseDaemon: (version 24.1.1.1, build id: 1319B83D2FDC4C3F91EFCCF1725FDD21F7D0ADBF, git hash: ce13b21d95e610593d49e5cadc1888e3313892ef) (from thread 3692987) Received signal 11
2024.01.22 10:13:48.461734 [ 3694000 ] {} <Fatal> BaseDaemon: Signal description: Segmentation fault
2024.01.22 10:13:48.461767 [ 3694000 ] {} <Fatal> BaseDaemon: Address: 0x41. Access: read. Address not mapped to object.
2024.01.22 10:13:48.461784 [ 3694000 ] {} <Fatal> BaseDaemon: Stack trace: 0x00007ffff7f147cd 0x0000000016e5e997 0x0000000016e5d5fd 0x0000000016e5ba4c 0x0000000016e5dad9 0x0000000016e5dca2 0x0000000014b1788e 0x0000000014b23a3e 0x00000000162b2cd4 0x00000000162ba58a 0x0000000016389b4a 0x000000001758b7e8 0x000000001758c2f3 0x0000000017616d01 0x000000001761351c 0x00007ffff7e08ac3 0x00007ffff7e9a850
2024.01.22 10:13:48.461807 [ 3694000 ] {} <Fatal> BaseDaemon: ########################################
2024.01.22 10:13:48.461827 [ 3694000 ] {} <Fatal> BaseDaemon: (version 24.1.1.1, build id: 1319B83D2FDC4C3F91EFCCF1725FDD21F7D0ADBF, git hash: ce13b21d95e610593d49e5cadc1888e3313892ef) (from thread 3692987) (query_id: 617390d3-aaa3-47e2-9b9f-54a241c4a72e) (query: ) Received signal Segmentation fault (11)
2024.01.22 10:13:48.461842 [ 3694000 ] {} <Fatal> BaseDaemon: Address: 0x41. Access: read. Address not mapped to object.
2024.01.22 10:13:48.461850 [ 3694000 ] {} <Fatal> BaseDaemon: Stack trace: 0x00007ffff7f147cd 0x0000000016e5e997 0x0000000016e5d5fd 0x0000000016e5ba4c 0x0000000016e5dad9 0x0000000016e5dca2 0x0000000014b1788e 0x0000000014b23a3e 0x00000000162b2cd4 0x00000000162ba58a 0x0000000016389b4a 0x000000001758b7e8 0x000000001758c2f3 0x0000000017616d01 0x000000001761351c 0x00007ffff7e08ac3 0x00007ffff7e9a850
2024.01.22 10:13:48.461874 [ 3694000 ] {} <Fatal> BaseDaemon: 3. ? @ 0x00007ffff7f147cd in ?
2024.01.22 10:13:48.478719 [ 3694000 ] {} <Fatal> BaseDaemon: 4.1. inlined from ./contrib/llvm-project/libcxx/include/__string/char_traits.h:198: std::char_traits<char>::assign(char&, char const&)
2024.01.22 10:13:48.478756 [ 3694000 ] {} <Fatal> BaseDaemon: 4.2. inlined from ./contrib/llvm-project/libcxx/include/string:1973: String::__init(char const*, unsigned long)
2024.01.22 10:13:48.478763 [ 3694000 ] {} <Fatal> BaseDaemon: 4.3. inlined from ./contrib/llvm-project/libcxx/include/string:1993: basic_string
2024.01.22 10:13:48.478768 [ 3694000 ] {} <Fatal> BaseDaemon: 4. ./build/./src/Parsers/Kusto/parseKQLQuery.cpp:126: DB::(anonymous namespace)::writeQueryAroundTheError(DB::WriteBuffer&, char const*, char const*, bool, DB::Token const*, unsigned long) @ 0x0000000016e5e997 in /home/smyl/old-griffin/install/clickhouse-2204/bin/clickhouse
2024.01.22 10:13:48.494069 [ 3694000 ] {} <Fatal> BaseDaemon: 5.1. inlined from ./contrib/abseil-cpp/absl/container/inlined_vector.h:305: absl::InlinedVector<char const*, 7ul, std::allocator<char const*>>::empty() const
2024.01.22 10:13:48.494096 [ 3694000 ] {} <Fatal> BaseDaemon: 5. ./build/./src/Parsers/Kusto/parseKQLQuery.cpp:179: DB::(anonymous namespace)::getSyntaxErrorMessage(char const*, char const*, DB::Token, DB::Expected const&, bool, String const&) @ 0x0000000016e5d5fd in /home/smyl/old-griffin/install/clickhouse-2204/bin/clickhouse
2024.01.22 10:13:48.507043 [ 3694000 ] {} <Fatal> BaseDaemon: 6.1. inlined from ./contrib/llvm-project/libcxx/include/string:1499: String::__is_long[abi:v15000]() const
2024.01.22 10:13:48.507076 [ 3694000 ] {} <Fatal> BaseDaemon: 6.2. inlined from ./contrib/llvm-project/libcxx/include/string:2536: String::__move_assign[abi:v15000](String&, std::integral_constant<bool, true>)
2024.01.22 10:13:48.507087 [ 3694000 ] {} <Fatal> BaseDaemon: 6.3. inlined from ./contrib/llvm-project/libcxx/include/string:2562: String::operator=[abi:v15000](String&&)
2024.01.22 10:13:48.507100 [ 3694000 ] {} <Fatal> BaseDaemon: 6. ./build/./src/Parsers/Kusto/parseKQLQuery.cpp:400: DB::tryParseKQLQuery(DB::IParser&, char const*&, char const*, String&, bool, String const&, bool, unsigned long, unsigned long, bool) @ 0x0000000016e5ba4c in /home/smyl/old-griffin/install/clickhouse-2204/bin/clickhouse
2024.01.22 10:13:48.522305 [ 3694000 ] {} <Fatal> BaseDaemon: 7. ./build/./src/Parsers/Kusto/parseKQLQuery.cpp:447: DB::parseKQLQueryAndMovePosition(DB::IParser&, char const*&, char const*, String const&, bool, unsigned long, unsigned long) @ 0x0000000016e5dad9 in /home/smyl/old-griffin/install/clickhouse-2204/bin/clickhouse
2024.01.22 10:13:48.537480 [ 3694000 ] {} <Fatal> BaseDaemon: 8. ./build/./src/Parsers/Kusto/parseKQLQuery.cpp:463: DB::parseKQLQuery(DB::IParser&, char const*, char const*, String const&, unsigned long, unsigned long) @ 0x0000000016e5dca2 in /home/smyl/old-griffin/install/clickhouse-2204/bin/clickhouse
2024.01.22 10:13:48.621700 [ 3694000 ] {} <Fatal> BaseDaemon: 9.1. inlined from ./contrib/llvm-project/libcxx/include/__utility/swap.h:37: std::enable_if<is_move_constructible<DB::IAST*>::value && is_move_assignable<DB::IAST*>::value, void>::type std::swap[abi:v15000]<DB::IAST*>(DB::IAST*&, DB::IAST*&)
2024.01.22 10:13:48.621763 [ 3694000 ] {} <Fatal> BaseDaemon: 9.2. inlined from ./contrib/llvm-project/libcxx/include/__memory/shared_ptr.h:761: std::shared_ptr<DB::IAST>::swap[abi:v15000](std::shared_ptr<DB::IAST>&)
2024.01.22 10:13:48.621772 [ 3694000 ] {} <Fatal> BaseDaemon: 9.3. inlined from ./contrib/llvm-project/libcxx/include/__memory/shared_ptr.h:723: std::shared_ptr<DB::IAST>::operator=[abi:v15000](std::shared_ptr<DB::IAST>&&)
2024.01.22 10:13:48.621785 [ 3694000 ] {} <Fatal> BaseDaemon: 9. ./build/./src/Interpreters/executeQuery.cpp:715: DB::executeQueryImpl(char const*, char const*, std::shared_ptr<DB::Context>, DB::QueryFlags, DB::QueryProcessingStage::Enum, DB::ReadBuffer*) @ 0x0000000014b1788e in /home/smyl/old-griffin/install/clickhouse-2204/bin/clickhouse
2024.01.22 10:13:48.707181 [ 3694000 ] {} <Fatal> BaseDaemon: 10.1. inlined from ./contrib/llvm-project/libcxx/include/__memory/shared_ptr.h:612: shared_ptr
2024.01.22 10:13:48.707223 [ 3694000 ] {} <Fatal> BaseDaemon: 10.2. inlined from ./contrib/llvm-project/libcxx/include/__memory/shared_ptr.h:723: std::shared_ptr<DB::IAST>::operator=[abi:v15000](std::shared_ptr<DB::IAST>&&)
2024.01.22 10:13:48.707242 [ 3694000 ] {} <Fatal> BaseDaemon: 10.3. inlined from ./contrib/llvm-project/libcxx/include/tuple:533: void std::__memberwise_forward_assign[abi:v15000]<std::tuple<std::shared_ptr<DB::IAST>&, DB::BlockIO&>, std::tuple<std::shared_ptr<DB::IAST>, DB::BlockIO>, std::shared_ptr<DB::IAST>, DB::BlockIO, 0ul, 1ul>(std::tuple<std::shared_ptr<DB::IAST>&, DB::BlockIO&>&, std::tuple<std::shared_ptr<DB::IAST>, DB::BlockIO>&&, std::__tuple_types<std::shared_ptr<DB::IAST>, DB::BlockIO>, std::__tuple_indices<0ul, 1ul>)
2024.01.22 10:13:48.707264 [ 3694000 ] {} <Fatal> BaseDaemon: 10.4. inlined from ./contrib/llvm-project/libcxx/include/tuple:1138: std::tuple<std::shared_ptr<DB::IAST>&, DB::BlockIO&>& std::tuple<std::shared_ptr<DB::IAST>&, DB::BlockIO&>::operator=[abi:v15000]<std::shared_ptr<DB::IAST>, DB::BlockIO, 0>(std::tuple<std::shared_ptr<DB::IAST>, DB::BlockIO>&&)
2024.01.22 10:13:48.707274 [ 3694000 ] {} <Fatal> BaseDaemon: 10. ./build/./src/Interpreters/executeQuery.cpp:1396: DB::executeQuery(DB::ReadBuffer&, DB::WriteBuffer&, bool, std::shared_ptr<DB::Context>, std::function<void (DB::QueryResultDetails const&)>, DB::QueryFlags, std::optional<DB::FormatSettings> const&, std::function<void (DB::IOutputFormat&)>) @ 0x0000000014b23a3e in /home/smyl/old-griffin/install/clickhouse-2204/bin/clickhouse
2024.01.22 10:13:48.752368 [ 3694000 ] {} <Fatal> BaseDaemon: 11.1. inlined from ./contrib/llvm-project/libcxx/include/__functional/function.h:818: ?
2024.01.22 10:13:48.752412 [ 3694000 ] {} <Fatal> BaseDaemon: 11.2. inlined from ./contrib/llvm-project/libcxx/include/__functional/function.h:1174: ?
2024.01.22 10:13:48.752417 [ 3694000 ] {} <Fatal> BaseDaemon: 11. ./build/./src/Server/HTTPHandler.cpp:901: DB::HTTPHandler::processQuery(DB::HTTPServerRequest&, DB::HTMLForm&, DB::HTTPServerResponse&, DB::HTTPHandler::Output&, std::optional<DB::CurrentThread::QueryScope>&, StrongTypedef<unsigned long, ProfileEvents::EventTag> const&) @ 0x00000000162b2cd4 in /home/smyl/old-griffin/install/clickhouse-2204/bin/clickhouse
2024.01.22 10:13:48.803080 [ 3694000 ] {} <Fatal> BaseDaemon: 12.1. inlined from ./contrib/llvm-project/libcxx/include/__memory/unique_ptr.h:290: std::unique_ptr<DB::Credentials, std::default_delete<DB::Credentials>>::operator bool[abi:v15000]() const
2024.01.22 10:13:48.803131 [ 3694000 ] {} <Fatal> BaseDaemon: 12. ./build/./src/Server/HTTPHandler.cpp:1103: DB::HTTPHandler::handleRequest(DB::HTTPServerRequest&, DB::HTTPServerResponse&, StrongTypedef<unsigned long, ProfileEvents::EventTag> const&) @ 0x00000000162ba58a in /home/smyl/old-griffin/install/clickhouse-2204/bin/clickhouse
2024.01.22 10:13:48.807897 [ 3694000 ] {} <Fatal> BaseDaemon: 13.1. inlined from ./base/poco/Foundation/include/Poco/AutoPtr.h:205: Poco::AutoPtr<Poco::Net::HTTPServerParams>::operator->()
2024.01.22 10:13:48.807925 [ 3694000 ] {} <Fatal> BaseDaemon: 13. ./build/./src/Server/HTTP/HTTPServerConnection.cpp:71: DB::HTTPServerConnection::run() @ 0x0000000016389b4a in /home/smyl/old-griffin/install/clickhouse-2204/bin/clickhouse
2024.01.22 10:13:48.811217 [ 3694000 ] {} <Fatal> BaseDaemon: 14. ./build/./base/poco/Net/src/TCPServerConnection.cpp:43: Poco::Net::TCPServerConnection::start() @ 0x000000001758b7e8 in /home/smyl/old-griffin/install/clickhouse-2204/bin/clickhouse
2024.01.22 10:13:48.816386 [ 3694000 ] {} <Fatal> BaseDaemon: 15.1. inlined from ./contrib/llvm-project/libcxx/include/__memory/unique_ptr.h:0: ~unique_ptr
2024.01.22 10:13:48.816412 [ 3694000 ] {} <Fatal> BaseDaemon: 15. ./build/./base/poco/Net/src/TCPServerDispatcher.cpp:116: Poco::Net::TCPServerDispatcher::run() @ 0x000000001758c2f3 in /home/smyl/old-griffin/install/clickhouse-2204/bin/clickhouse
2024.01.22 10:13:48.822560 [ 3694000 ] {} <Fatal> BaseDaemon: 16. ./build/./base/poco/Foundation/src/ThreadPool.cpp:188: Poco::PooledThread::run() @ 0x0000000017616d01 in /home/smyl/old-griffin/install/clickhouse-2204/bin/clickhouse
2024.01.22 10:13:48.827887 [ 3694000 ] {} <Fatal> BaseDaemon: 17. ./base/poco/Foundation/src/Thread_POSIX.cpp:335: Poco::ThreadImpl::runnableEntry(void*) @ 0x000000001761351c in /home/smyl/old-griffin/install/clickhouse-2204/bin/clickhouse
2024.01.22 10:13:48.827911 [ 3694000 ] {} <Fatal> BaseDaemon: 18. ? @ 0x00007ffff7e08ac3 in ?
2024.01.22 10:13:48.827916 [ 3694000 ] {} <Fatal> BaseDaemon: 19. ? @ 0x00007ffff7e9a850 in ?
2024.01.22 10:13:48.827931 [ 3694000 ] {} <Fatal> BaseDaemon: Integrity check of the executable skipped because the reference checksum could not be read.
2024.01.22 10:13:48.827946 [ 3694000 ] {} <Fatal> BaseDaemon: This ClickHouse version is not official and should be upgraded to the official build.
2024.01.22 10:13:48.828187 [ 3694000 ] {} <Fatal> BaseDaemon: Changed settings: dialect = 'kusto', max_block_size = 100001, min_insert_block_size_rows = 0, min_insert_block_size_bytes = 0, max_threads = 16, max_query_size = 29, extremes = true, distributed_foreground_insert = true, optimize_move_to_prewhere = true, move_all_conditions_to_prewhere = true, alter_sync = 0, totals_mode = 'before_having', totals_auto_threshold = 0.5, allow_suspicious_low_cardinality_types = true, allow_suspicious_ttl_expressions = true, compile_expressions = true, min_count_to_compile_expression = 0, compile_aggregate_expressions = true, min_count_to_compile_aggregate_expression = 0, group_by_two_level_threshold = 100000, group_by_two_level_threshold_bytes = 100000000, max_parallel_replicas = 3, parallel_replicas_count = 0, parallel_replica_offset = 2, allow_experimental_parallel_reading_from_replicas = 0, optimize_skip_unused_shards = true, optimize_skip_unused_shards_rewrite_in = true, force_optimize_skip_unused_shards = 2, optimize_skip_unused_shards_nesting = 1, force_optimize_skip_unused_shards_nesting = 2, force_primary_key = true, network_compression_method = 'ZSTD', network_zstd_compression_level = 7, log_queries = true, log_queries_min_type = 'QUERY_FINISH', distributed_product_mode = 'global', insert_quorum = 2, insert_quorum_parallel = false, select_sequential_consistency = 1, join_use_nulls = true, any_join_distinct_right_table_keys = true, preferred_block_size_bytes = 0, preferred_max_column_in_block_size_bytes = 32, insert_allow_materialized_columns = true, optimize_throw_if_noop = true, use_index_for_in_with_subqueries = false, joined_subquery_requires_alias = true, empty_result_for_aggregation_by_empty_set = true, allow_suspicious_codecs = true, allow_experimental_analyzer = true, max_rows_to_read = 1, max_rows_to_group_by = 100000, group_by_overflow_mode = 'any', max_bytes_before_external_group_by = 1000000, min_execution_speed = 0, max_execution_speed = 0, min_execution_speed_bytes = 0, max_execution_speed_bytes = 0, timeout_before_checking_execution_speed = 0., max_bytes_in_join = 100, join_algorithm = 'partial_merge', compatibility_ignore_collation_in_create_table = true, max_memory_usage = 50000000, send_logs_level = 'fatal', enable_optimize_predicate_expression = true, prefer_localhost_replica = false, optimize_read_in_order = false, optimize_aggregation_in_order = false, read_in_order_two_level_merge_threshold = 1, check_query_single_value_result = false, mutations_sync = 2, optimize_normalize_count_variants = true, convert_query_to_cnf = true, optimize_arithmetic_operations_in_aggregate_functions = true, optimize_functions_to_subcolumns = true, optimize_using_constraints = true, optimize_substitute_columns = true, optimize_append_index = true, validate_polygons = false, transform_null_in = true, materialize_ttl_after_modify = false, cast_ipv4_ipv6_default_on_conversion_error = true, enable_global_with_statement = true, aggregate_functions_null_for_empty = true, optimize_use_projections = false, force_optimize_projection = true, insert_null_as_default = true, allow_aggregate_partitions_independently = true, force_aggregate_partitions_independently = true, union_default_mode = 'ALL', intersect_default_mode = 'DISTINCT', except_default_mode = 'DISTINCT', optimize_aggregators_of_group_by_keys = false, limit = 1, function_range_max_elements_in_block = 12, allow_prefetched_read_pool_for_remote_filesystem = false, allow_prefetched_read_pool_for_local_filesystem = false, use_structure_from_insertion_table_in_table_functions = 2, allow_unrestricted_reads_from_keeper = true, allow_deprecated_syntax_for_merge_tree = true, optimize_sorting_by_input_stream_properties = true, insert_keeper_max_retries = 100, insert_keeper_retry_max_backoff_ms = 10, insert_keeper_fault_injection_probability = 0., allow_experimental_nlp_functions = true, allow_experimental_object_type = true, allow_experimental_annoy_index = true, allow_experimental_usearch_index = true, keeper_map_strict_mode = true, session_timezone = 'Europe/Amsterdam', allow_experimental_bigint_types = true, allow_experimental_map_type = true, input_format_null_as_default = true, output_format_markdown_escape_special_characters = false, date_time_input_format = 'best_effort', output_format_json_named_tuples_as_objects = true, output_format_pretty_max_rows = 6, output_format_pretty_max_column_pad_width = 250, output_format_pretty_grid_charset = 'ASCII', output_format_write_statistics = false, cross_to_inner_join_rewrite = 1
[Thread 0x7ff5bb77e640 (LWP 3694000) exited]
@hnlcf hnlcf added the fuzz Problem found by one of the fuzzers label Jan 22, 2024
@alexey-milovidov alexey-milovidov added the experimental feature Bug in the feature that should not be used in production label Jan 28, 2024
@alexey-milovidov alexey-milovidov changed the title Clickhouse server v24.1.1.1 SEGV inside DB::(anonymous namespace)::writeQueryAroundTheError Experimental KQL: Clickhouse server v24.1.1.1 SEGV inside DB::(anonymous namespace)::writeQueryAroundTheError Jan 28, 2024
@alexey-milovidov
Copy link
Member

The deadline to fix is one month (Mar 1st, 2024) - if it will not be fixed, we will remove the experimental KQL altogether.

@alexey-milovidov alexey-milovidov mentioned this issue Jan 28, 2024
Merged
@bkuschel
Copy link
Contributor

@kashwy is working on it

@kashwy
Copy link
Contributor

kashwy commented Feb 2, 2024

Hi @hnlcf , how did you run The SQL statement line by line in file [poc-2.sql] ? there are so many lines.

looks like you did debugging , were you debugging the clickhouse-client ?

kashwy added a commit to kashwy/ClickHouse that referenced this issue Feb 6, 2024
@kashwy
Fix_kql_issue_found_by_wingfuzz
84f09d0 
This commit fix the issues:
 ClickHouse#59036
 ClickHouse#59037

both issues are same reason, the input query exceed the max_query_size,
so the condition isEnd() of token is not meet and cause the assertion failure
@kashwy kashwy mentioned this issue Feb 6, 2024
Merged
@kashwy
Copy link
Contributor

kashwy commented Feb 6, 2024

can you do the WINGFUZZ again ? thanks

@antaljanosbenjamin
Copy link
Member

Here I also cannot reproduce the crash.

@alexey-milovidov
Copy link
Member

Does not reproduce.

antaljanosbenjamin added a commit that referenced this issue Feb 26, 2024
@kashwy @antaljanosbenjamin
Fix segmentation fault in KQL parser when the input query exceeds the…
795c1a9 
… `max_query_size` (#59626)

* Fix_kql_issue_found_by_wingfuzz

This commit fix the issues:
 #59036
 #59037

both issues are same reason, the input query exceed the max_query_size,
so the condition isEnd() of token is not meet and cause the assertion failure

* fix_kql_issue_found_by_wingfuzz: use isValid instead of TokenType::EndOfStream

* fix_kql_issue_found_by_wingfuzz: make functional test result consist

* fix_kql_issue_found_by_wingfuzz: update test case for makeseries

* fix_kql_issue_found_by_wingfuzz: disable makeseries

* fix_kql_issue_found_by_wingfuzz:
 use isvalid() function to replace isEnd() function of TokenIterator to check the end of stream

* fix_kql_issue_found_by_wingfuzz: add test case for max_query_size

* fix_kql_issue_found_by_wingfuzz: fix AST structure

* fix_kql_issue_found_by_wingfuzz: make sure the max query size test is in the dialect of kusto

* fix_kql_issue_found_by_wingfuzz : restore max query size after test

* fix_kql_issue_found_by_wingfuzz : fix typo

---------

Co-authored-by: János Benjamin Antal <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yakov-olkhovskiy yakov-olkhovskiy

Labels
alternative build experimental feature Bug in the feature that should not be used in production fuzz Problem found by one of the fuzzers
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Don't allow KQL in presence of bugs ClickHouse/ClickHouse
6 participants
@bkuschel @antaljanosbenjamin @alexey-milovidov @kashwy @hnlcf @yakov-olkhovskiy