search

pingcap / tidb

TiDB is an open-source, cloud-native, distributed, MySQL-Compatible database for elastic scale and real-time analytics. Try AI-powered Chat2Query free at : https://www.pingcap.com/tidb-serverless/
https://pingcap.com
Apache License 2.0
37.01k stars 5.82k forks source link

runtime error: invalid memory address or nil pointer dereference #52160

Open GaranR opened 6 months ago

GaranR commented 6 months ago

Bug Report

Please answer these questions before submitting your issue. Thanks!

1. Minimal reproduce step (Required)

First execute the following valid.sql valid.txt

Then a crash occurs when executing the error.sql below error.txt

2. What did you expect to see? (Required)

Expect no crashes

3. What did you see instead (Required)

[err="runtime error: invalid memory address or nil pointer dereference"] 
[stack="github.com/pingcap/tidb/pkg/server.(*clientConn).Run.func1
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/server/conn.go:993
runtime.gopanic
    /usr/local/go/src/runtime/panic.go:914
github.com/pingcap/tidb/pkg/executor.(*Compiler).Compile.func1
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/executor/compiler.go:54
runtime.gopanic
    /usr/local/go/src/runtime/panic.go:914
runtime.panicmem
    /usr/local/go/src/runtime/panic.go:261
runtime.sigpanic
    /usr/local/go/src/runtime/signal_unix.go:861
github.com/pingcap/tidb/pkg/planner/core.(*Update).ResolveIndices
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/planner/core/resolve_indices.go:832
github.com/pingcap/tidb/pkg/planner/core.(*PlanBuilder).buildUpdate
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/planner/core/logical_plan_builder.go:6155
github.com/pingcap/tidb/pkg/planner/core.(*PlanBuilder).Build
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/planner/core/planbuilder.go:863
github.com/pingcap/tidb/pkg/planner.buildLogicalPlan
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/planner/optimize.go:576
github.com/pingcap/tidb/pkg/planner.optimize
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/planner/optimize.go:494
github.com/pingcap/tidb/pkg/planner.Optimize
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/planner/optimize.go:352
github.com/pingcap/tidb/pkg/executor.(*Compiler).Compile
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/executor/compiler.go:98
github.com/pingcap/tidb/pkg/session.(*session).ExecuteStmt
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/session/session.go:2221
github.com/pingcap/tidb/pkg/server.(*TiDBContext).ExecuteStmt
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/server/driver_tidb.go:292
github.com/pingcap/tidb/pkg/server.(*clientConn).handleStmt
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/server/conn.go:2064
github.com/pingcap/tidb/pkg/server.(*clientConn).handleQuery
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/server/conn.go:1831
github.com/pingcap/tidb/pkg/server.(*clientConn).dispatch
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/server/conn.go:1318
github.com/pingcap/tidb/pkg/server.(*clientConn).Run
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/server/conn.go:1091
github.com/pingcap/tidb/pkg/server.(*Server).onConn
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/server/server.go:715"

4. What is your TiDB version? (Required)

+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| tidb_version()                                                                                                                                                                                                                                                 |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Release Version: v7.5.1
Edition: Community
Git Commit Hash: 7d16cc79e81bbf573124df3fd9351c26963f3e70
Git Branch: heads/refs/tags/v7.5.1
UTC Build Time: 2024-02-27 14:28:32
GoVersion: go1.21.6
Race Enabled: false
Check Table Before Drop: false
Store: tikv |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

We are the BASS team from the School of Cyber Science and Technology at Beihang University. Our main focus is on system software security, operating systems, and program analysis research, as well as the development of automated program testing frameworks for detecting software defects. Using our self-developed database vulnerability testing tool, we have identified the above-mentioned vulnerabilities in TiDB that may lead to database crashes.

qw4990 commented 4 months ago

Sorry I can't reproduce this issue. TiDB reported this error below when running valid.txt:

➜  tidb git:(master) 2tisql < /Users/zhangyuanjia/Downloads/valid.txt;
ERROR 1062 (23000) at line 3812: Duplicate entry '2147483648.1' for key 't__gn.c_e20nr0'

But after removing the unique attribute of this column t__gn.c_e20nr0, I can't reproduce this issue:

➜  tidb git:(master) 2tisql < /Users/zhangyuanjia/Downloads/error.txt; -- no error
➜  tidb git:(master)

Degrade this from Major to Minor temporarily. Could you help take a look at this? @GaranR

GaranR commented 4 months ago

The POC in this issue and #52159 were both generated from an early version of our tool in March. There were some difficulties in reproducing the issue with that version at the time. I was able to reproduce it successfully once before, but now I am unable to reproduce it; it consistently results in a timeout. Fell free to close this issue if necessary.

GaranR commented 4 months ago

I successfully managed to find another POC to reproduce a similar issue, resulting in the exact same error message in the tidb.log. Please try running this set of SQL queries to see if it reproduces the issue: valid.txt error.txt