search

pingcap / tidb

TiDB is an open-source, cloud-native, distributed, MySQL-Compatible database for elastic scale and real-time analytics. Try AI-powered Chat2Query free at : https://www.pingcap.com/tidb-serverless/
https://pingcap.com
Apache License 2.0
36.86k stars 5.8k forks source link

Incorrect swaping column leads to nil pointer #53713

Closed xzhangxian1008 closed 1 month ago

xzhangxian1008 commented 3 months ago

Bug Report

Please answer these questions before submitting your issue. Thanks!

1. Minimal reproduce step (Required)

  1. source valid.txt, valid.txt
  2. source error.txt, error.txt

If no error happens, try it again.

2. What did you expect to see? (Required)

no error

3. What did you see instead (Required)

ERROR 1105 (HY000): runtime error: index out of range [0] with length 0

4. What is your TiDB version? (Required)

0afe54d7562f31bbcc

xzhangxian1008 commented 3 months ago

/severity major

xzhangxian1008 commented 3 months ago

panic stack:

runtime error: index out of range [0] with length 0
github.com/pingcap/errors.AddStack
    /DATA/disk3/xzx/go/path/pkg/mod/github.com/pingcap/errors@v0.11.5-0.20240318064555-6bd07397691f/errors.go:178
github.com/pingcap/errors.Trace
    /DATA/disk3/xzx/go/path/pkg/mod/github.com/pingcap/errors@v0.11.5-0.20240318064555-6bd07397691f/juju_adaptor.go:15
github.com/pingcap/tidb/pkg/util.GetRecoverError
    /DATA/disk3/xzx/tidb/pkg/util/util.go:304
github.com/pingcap/tidb/pkg/executor/aggregate.recoveryHashAgg
    /DATA/disk3/xzx/tidb/pkg/executor/aggregate/agg_util.go:91
github.com/pingcap/tidb/pkg/executor/aggregate.(*HashAggPartialWorker).run.func1
    /DATA/disk3/xzx/tidb/pkg/executor/aggregate/agg_hash_partial_worker.go:194
runtime.gopanic
    /DATA/disk3/xzx/go/src/runtime/panic.go:920
runtime.goPanicIndex
    /DATA/disk3/xzx/go/src/runtime/panic.go:114
github.com/pingcap/tidb/pkg/util/chunk.(*Column).IsNull
    /DATA/disk3/xzx/tidb/pkg/util/chunk/column.go:180
github.com/pingcap/tidb/pkg/util/codec.HashGroupKey
    /DATA/disk3/xzx/tidb/pkg/util/codec/codec.go:1247
github.com/pingcap/tidb/pkg/executor/aggregate.GetGroupKey
    /DATA/disk3/xzx/tidb/pkg/executor/aggregate/agg_util.go:149
github.com/pingcap/tidb/pkg/executor/aggregate.(*HashAggPartialWorker).updatePartialResult
    /DATA/disk3/xzx/tidb/pkg/executor/aggregate/agg_hash_partial_worker.go:260
github.com/pingcap/tidb/pkg/executor/aggregate.(*HashAggPartialWorker).fetchChunkAndProcess
    /DATA/disk3/xzx/tidb/pkg/executor/aggregate/agg_hash_partial_worker.go:108
github.com/pingcap/tidb/pkg/executor/aggregate.(*HashAggPartialWorker).run
    /DATA/disk3/xzx/tidb/pkg/executor/aggregate/agg_hash_partial_worker.go:210
runtime.goexit
    /DATA/disk3/xzx/go/src/runtime/asm_amd64.s:1650

After investigation, we can see that the nullBitmap and data in the col are empty at pkg/util/codec/codec.go:1247 which directly leads to the panic of sql.

The empty of nullBitmap and data is caused by the incorrect swap at line pkg/expression/evaluator.go:31. There are two columns in input chunk, they are separate at idx1 and idx2 and both hold the same column pointer. When we want to swap idx2 col of input chunk with idx0 column of output chunk, idx1 col of input chunk will be incorrectly swapped and leads to the nullBitmap and data of idx1 column of input to be empty. Then idx1 column of input will be swapped with idx3 column of output which makes the nullBitmap and data fields be empty in the ouput chunk.

xzhangxian1008 commented 3 months ago

/sig planner