search

pingcap / tiflash

The analytical engine for TiDB and TiDB Cloud. Try free: https://tidbcloud.com/free-trial
https://docs.pingcap.com/tidb/stable/tiflash-overview
Apache License 2.0
941 stars 409 forks source link

InsertRangeFrom out of bound in MergingSortedBlockInputStream #8438

Closed yibin87 closed 9 months ago

yibin87 commented 9 months ago

Bug Report

commit hash: cf0e9affe7191b428a25142a91f240bce42823a1

[MPPTask.cpp:636] [\"task running meets error: Code: 12, e.displayText() = DB::Exception: Parameters are out of bound in ColumnString::insertRangeFrom method, start=0, length=18446744073709551563, src.size()=1, e.what() = DB::Exception, Stack trace: 0x1ee1ade\tDB::Exception::Exception(std::1::basic_string<char, std::__1::char_traits, std::1::allocator > const&, int) [tiflash+32381662]\ \tdbms/src/Common/Exception.h:46\ 0x7fc3c7c\tDB::ColumnString::insertRangeFrom(DB::IColumn const&, unsigned long, unsigned long) [tiflash+133971068]\ \tdbms/src/Columns/ColumnString.cpp:84\ 0x20a0a9b\tDB::IColumn::cut(unsigned long, unsigned long) const [tiflash+34212507]\ \tdbms/src/Columns/IColumn.h:123\ 0x7c151e3\tDB::MergingSortedBlockInputStream::readImpl() [tiflash+130109923]\ \tdbms/src/DataStreams/MergingSortedBlockInputStream.cpp:131\ 0x77cc995\tDB::IProfilingBlockInputStream::read(DB::PODArray<unsigned char, 4096ul, Allocator, 15ul, 16ul>&, bool) [tiflash+125618581]\ \tdbms/src/DataStreams/IProfilingBlockInputStream.cpp:82\ 0x77cc695\tDB::IProfilingBlockInputStream::read() [tiflash+125617813]\ \tdbms/src/DataStreams/IProfilingBlockInputStream.cpp:48\ 0x8879033\tDB::MergeSortTransformOp::executeIOImpl() [tiflash+143102003]\ \tdbms/src/Operators/MergeSortTransformOp.cpp:210\ 0x89356b4\tDB::Operator::executeIO() [tiflash+143873716]\ \tdbms/src/Operators/Operator.cpp:81\ 0x886717a\tDB::PipelineTaskBase::runExecuteIO() [tiflash+143028602]\ \tdbms/src/Flash/Pipeline/Schedule/Tasks/PipelineTaskBase.h:88\ 0x8956e7a\tDB::Task::executeIO() [tiflash+144010874]\ \tdbms/src/Flash/Pipeline/Schedule/Tasks/Task.cpp:140\ 0x1ea1115\tDB::TaskThreadPool::loop(unsigned long) [tiflash+32117013]\ \tdbms/src/Flash/Pipeline/Schedule/ThreadPool/TaskThreadPool.cpp:61\ 0x1ea1956\tvoid std::1::thread_proxy<std::1::tuple<std::1::unique_ptr<std::1::thread_struct, std::__1::default_delete >, void (DB::TaskThreadPool::)(unsigned long), DB::TaskThreadPool, unsigned long> >(void*) [tiflash+32119126]\ \t/usr/local/bin/../include/c++/v1/thread:291\ 0x7f8d3d761802\tstart_thread [libc.so.6+653314]\ 0x7f8d3d701314\t__clone [libc.so.6+258836]\"] [source=\"MPP<gather_id:1, query_ts:1701237175718694001, local_query_id:10, server_id:782, start_ts:445969113639813121,task_id:19>\"] [thread_id=265]","namespace":"endless-htap-spill-to-disk-tps-4860765-1-214"}

zanmato1984 commented 9 months ago

How to reproduce?

yibin87 commented 9 months ago

Detected by regression tests for the first time, not sure of its reproduce possiblity. Maybe we can locate the bug from stack info, I'll try it later.

yibin87 commented 9 months ago

https://github.com/pingcap/tiflash/blob/a4b653545cfc79314503bca486ac017ff95777d3/dbms/src/DataStreams/MergingSortedBlockInputStream.cpp#L218C1-L231C18 According to above code, when total_merged_rows > limit, merged_rows will be an unexpected large unsigned number near UINT64_MAX