Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

InsertRangeFrom out of bound in MergingSortedBlockInputStream #8438

Closed
yibin87 opened this issue Nov 29, 2023 · 3 comments · Fixed by #8445
Closed

InsertRangeFrom out of bound in MergingSortedBlockInputStream #8438

yibin87 opened this issue Nov 29, 2023 · 3 comments · Fixed by #8445
Assignees
Labels
affects-5.4 This bug affects the 5.4.x(LTS) versions. affects-6.1 This bug affects the 6.1.x(LTS) versions. affects-6.5 This bug affects the 6.5.x(LTS) versions. affects-7.1 This bug affects the 7.1.x(LTS) versions. affects-7.5 This bug affects the 7.5.x(LTS) versions. component/compute priority/P1 The issue has P1 priority. severity/major type/bug The issue is confirmed as a bug.

Comments

@yibin87
Copy link
Contributor

yibin87 commented Nov 29, 2023

Bug Report

commit hash: cf0e9af

[MPPTask.cpp:636] ["task running meets error: Code: 12, e.displayText() = DB::Exception: Parameters are out of bound in ColumnString::insertRangeFrom method, start=0, length=18446744073709551563, src.size()=1, e.what() = DB::Exception, Stack trace:
0x1ee1ade\tDB::Exception::Exception(std::__1::basic_string<char, std::__1::char_traits, std::__1::allocator > const&, int) [tiflash+32381662]
\tdbms/src/Common/Exception.h:46
0x7fc3c7c\tDB::ColumnString::insertRangeFrom(DB::IColumn const&, unsigned long, unsigned long) [tiflash+133971068]
\tdbms/src/Columns/ColumnString.cpp:84
0x20a0a9b\tDB::IColumn::cut(unsigned long, unsigned long) const [tiflash+34212507]
\tdbms/src/Columns/IColumn.h:123
0x7c151e3\tDB::MergingSortedBlockInputStream::readImpl() [tiflash+130109923]
\tdbms/src/DataStreams/MergingSortedBlockInputStream.cpp:131
0x77cc995\tDB::IProfilingBlockInputStream::read(DB::PODArray<unsigned char, 4096ul, Allocator, 15ul, 16ul>&, bool) [tiflash+125618581]
\tdbms/src/DataStreams/IProfilingBlockInputStream.cpp:82
0x77cc695\tDB::IProfilingBlockInputStream::read() [tiflash+125617813]
\tdbms/src/DataStreams/IProfilingBlockInputStream.cpp:48
0x8879033\tDB::MergeSortTransformOp::executeIOImpl() [tiflash+143102003]
\tdbms/src/Operators/MergeSortTransformOp.cpp:210
0x89356b4\tDB::Operator::executeIO() [tiflash+143873716]
\tdbms/src/Operators/Operator.cpp:81
0x886717a\tDB::PipelineTaskBase::runExecuteIO() [tiflash+143028602]
\tdbms/src/Flash/Pipeline/Schedule/Tasks/PipelineTaskBase.h:88
0x8956e7a\tDB::Task::executeIO() [tiflash+144010874]
\tdbms/src/Flash/Pipeline/Schedule/Tasks/Task.cpp:140
0x1ea1115\tDB::TaskThreadPoolDB::IOImpl::loop(unsigned long) [tiflash+32117013]
\tdbms/src/Flash/Pipeline/Schedule/ThreadPool/TaskThreadPool.cpp:61
0x1ea1956\tvoid
std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_deletestd::__1::__thread_struct >, void (DB::TaskThreadPoolDB::IOImpl::)(unsigned long), DB::TaskThreadPoolDB::IOImpl, unsigned long> >(void*) [tiflash+32119126]
\t/usr/local/bin/../include/c++/v1/thread:291
0x7f8d3d761802\tstart_thread [libc.so.6+653314]
0x7f8d3d701314\t__clone [libc.so.6+258836]"] [source="MPP<gather_id:1, query_ts:1701237175718694001, local_query_id:10, server_id:782, start_ts:445969113639813121,task_id:19>"] [thread_id=265]","namespace":"endless-htap-spill-to-disk-tps-4860765-1-214"}

@zanmato1984
Copy link
Contributor

How to reproduce?

@yibin87
Copy link
Contributor Author

yibin87 commented Nov 30, 2023

Detected by regression tests for the first time, not sure of its reproduce possiblity. Maybe we can locate the bug from stack info, I'll try it later.

@yibin87 yibin87 self-assigned this Nov 30, 2023
@yibin87
Copy link
Contributor Author

yibin87 commented Nov 30, 2023

https://github.com/pingcap/tiflash/blob/a4b653545cfc79314503bca486ac017ff95777d3/dbms/src/DataStreams/MergingSortedBlockInputStream.cpp#L218C1-L231C18
According to above code, when total_merged_rows > limit, merged_rows will be an unexpected large unsigned number near UINT64_MAX

@yibin87 yibin87 added affects-5.4 This bug affects the 5.4.x(LTS) versions. affects-6.1 This bug affects the 6.1.x(LTS) versions. affects-6.5 This bug affects the 6.5.x(LTS) versions. affects-7.1 This bug affects the 7.1.x(LTS) versions. affects-7.5 This bug affects the 7.5.x(LTS) versions. labels Nov 30, 2023
@ti-chi-bot ti-chi-bot bot closed this as completed in #8445 Dec 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
affects-5.4 This bug affects the 5.4.x(LTS) versions. affects-6.1 This bug affects the 6.1.x(LTS) versions. affects-6.5 This bug affects the 6.5.x(LTS) versions. affects-7.1 This bug affects the 7.1.x(LTS) versions. affects-7.5 This bug affects the 7.5.x(LTS) versions. component/compute priority/P1 The issue has P1 priority. severity/major type/bug The issue is confirmed as a bug.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants