[IMPALA-4446] expr-test fails under ASAN - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: Impala 2.8.0
Fix Version/s: Impala 2.8.0
Component/s: Backend
Labels:
- broken-build
- crash

Target Version:

Impala 2.8.0

Description

16/84 Testing: expr-test
16/84 Test: expr-test
Command: "/data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/build/debug/exprs/expr-test" "-log_dir=/data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/logs/be_tests"
Directory: /data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/src/exprs
"expr-test" start time: Nov 07 21:30 PST
Output:
----------------------------------------------------------
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:file:/data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/fe/target/dependency/slf4j-log4j12-1.7.5.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/testdata/target/dependency/slf4j-log4j12-1.7.5.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type [org.slf4j.impl.Log4jLoggerFactory]
Running without optimization passes.
Running without codegen
[==========] Running 40 tests from 1 test case.
[----------] Global test environment set-up.
[----------] 40 tests from ExprTest
[ RUN      ] ExprTest.NullLiteral
[       OK ] ExprTest.NullLiteral (11 ms)
[ RUN      ] ExprTest.LiteralConstruction
[       OK ] ExprTest.LiteralConstruction (17 ms)
[ RUN      ] ExprTest.LiteralExprs
[       OK ] ExprTest.LiteralExprs (789 ms)
[ RUN      ] ExprTest.ArithmeticExprs
[       OK ] ExprTest.ArithmeticExprs (3893 ms)
[ RUN      ] ExprTest.DecimalArithmeticExprs
[       OK ] ExprTest.DecimalArithmeticExprs (317 ms)
[ RUN      ] ExprTest.BinaryPredicates
[       OK ] ExprTest.BinaryPredicates (6939 ms)
[ RUN      ] ExprTest.CastExprs
[       OK ] ExprTest.CastExprs (5074 ms)
[ RUN      ] ExprTest.CompoundPredicates
[       OK ] ExprTest.CompoundPredicates (516 ms)
[ RUN      ] ExprTest.IsNullPredicate
[       OK ] ExprTest.IsNullPredicate (41 ms)
[ RUN      ] ExprTest.LikePredicate
[       OK ] ExprTest.LikePredicate (1531 ms)
[ RUN      ] ExprTest.BetweenPredicate
[       OK ] ExprTest.BetweenPredicate (264 ms)
[ RUN      ] ExprTest.InPredicate
[       OK ] ExprTest.InPredicate (1584 ms)
[ RUN      ] ExprTest.StringFunctions
[       OK ] ExprTest.StringFunctions (26579 ms)
[ RUN      ] ExprTest.LongReverse
[       OK ] ExprTest.LongReverse (22564 ms)
[ RUN      ] ExprTest.StringRegexpFunctions
re2/re2.cc:200: Error parsing '*': no argument for repetition operator: *
=================================================================
==28697==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6210002be500 at pc 0x000000f99e3c bp 0x7fc41a8dc370 sp 0x7fc41a8dbb20
READ of size 4017 at 0x6210002be500 thread T12643
    #0 0xf99e3b in strlen /data/jenkins/workspace/verify-impala-toolchain-package-build/label/ec2-package-centos-6/toolchain/source/llvm/llvm-3.8.0.src-p1/projects/compiler-rt/lib/asan/asan_interceptors.cc:581
    #1 0x7fc89de48f08 in std::char_traits<char>::length(char const*) /data/jenkins/workspace/verify-impala-toolchain-package-build/label/ec2-package-centos-6/toolchain/source/gcc/build/x86_64-unknown-linux-gnu/libstdc++-v3/include/bits/char_traits.h:263
    #2 0x7fc89de48f08 in operator<< <std::char_traits<char> > /data/jenkins/workspace/verify-impala-toolchain-package-build/label/ec2-package-centos-6/toolchain/source/gcc/build/x86_64-unknown-linux-gnu/libstdc++-v3/include/ostream:536
    #3 0x7fc89de48f08 in std::basic_ostream<char, std::char_traits<char> >& std::operator<< <std::char_traits<char> >(std::basic_ostream<char, std::char_traits<char> >&, unsigned char const*) /data/jenkins/workspace/verify-impala-toolchain-package-build/label/ec2-package-centos-6/toolchain/source/gcc/build/x86_64-unknown-linux-gnu/libstdc++-v3/include/ostream:549
    #4 0x1382a1a in impala::LikePredicate::RegexPrepareInternal(impala_udf::FunctionContext*, impala_udf::FunctionContext::FunctionStateScope, bool) /data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/src/exprs/like-predicate.cc:168:45
    #5 0x129a544 in impala::ScalarFnCall::Open(impala::RuntimeState*, impala::ExprContext*, impala_udf::FunctionContext::FunctionStateScope) /data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/src/exprs/scalar-fn-call.cc:232:5
    #6 0x11dcfbc in impala::ExprContext::Open(impala::RuntimeState*) /data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/src/exprs/expr-context.cc:70:10
    #7 0x11bed68 in impala::Expr::Open(std::vector<impala::ExprContext*, std::allocator<impala::ExprContext*> > const&, impala::RuntimeState*) /data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/src/exprs/expr.cc:393:31
    #8 0x1b3d33d in impala::UnionNode::Open(impala::RuntimeState*) /data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/src/exec/union-node.cc:93:31
    #9 0x1d66b1e in impala::PlanFragmentExecutor::OpenInternal() /data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/src/runtime/plan-fragment-executor.cc:322:31
    #10 0x1d66655 in impala::PlanFragmentExecutor::Open() /data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/src/runtime/plan-fragment-executor.cc:295:19
    #11 0x181ec01 in impala::FragmentMgr::FragmentExecState::Exec() /data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/src/service/fragment-exec-state.cc:58:5
    #12 0x1811df5 in impala::FragmentMgr::FragmentThread(impala::TUniqueId) /data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/src/service/fragment-mgr.cc:86:3
    #13 0x181746d in boost::_mfi::mf1<void, impala::FragmentMgr, impala::TUniqueId>::operator()(impala::FragmentMgr*, impala::TUniqueId) const /data/jenkins/workspace/impala-umbrella-build-and-test/Impala-Toolchain/boost-1.57.0/include/boost/bind/mem_fn_template.hpp:165:16
    #14 0x18172c7 in void boost::_bi::list2<boost::_bi::value<impala::FragmentMgr*>, boost::_bi::value<impala::TUniqueId> >::operator()<boost::_mfi::mf1<void, impala::FragmentMgr, impala::TUniqueId>, boost::_bi::list0>(boost::_bi::type<void>, boost::_mfi::mf1<void, impala::FragmentMgr, impala::TUniqueId>&, boost::_bi::list0&, int) /data/jenkins/workspace/impala-umbrella-build-and-test/Impala-Toolchain/boost-1.57.0/include/boost/bind/bind.hpp:313:9
    #15 0x1817177 in boost::_bi::bind_t<void, boost::_mfi::mf1<void, impala::FragmentMgr, impala::TUniqueId>, boost::_bi::list2<boost::_bi::value<impala::FragmentMgr*>, boost::_bi::value<impala::TUniqueId> > >::operator()() /data/jenkins/workspace/impala-umbrella-build-and-test/Impala-Toolchain/boost-1.57.0/include/boost/bind/bind_template.hpp:20:16
    #16 0x15958c2 in boost::function0<void>::operator()() const /data/jenkins/workspace/impala-umbrella-build-and-test/Impala-Toolchain/boost-1.57.0/include/boost/function/function_template.hpp:766:14
    #17 0x19420b5 in impala::Thread::SuperviseThread(std::string const&, std::string const&, boost::function<void ()>, impala::Promise<long>*) /data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/src/util/thread.cc:317:3
    #18 0x194ae8a in void boost::_bi::list4<boost::_bi::value<std::string>, boost::_bi::value<std::string>, boost::_bi::value<boost::function<void ()> >, boost::_bi::value<impala::Promise<long>*> >::operator()<void (*)(std::string const&, std::string const&, boost::function<void ()>, impala::Promise<long>*), boost::_bi::list0>(boost::_bi::type<void>, void (*&)(std::string const&, std::string const&, boost::function<void ()>, impala::Promise<long>*), boost::_bi::list0&, int) /data/jenkins/workspace/impala-umbrella-build-and-test/Impala-Toolchain/boost-1.57.0/include/boost/bind/bind.hpp:457:9
    #19 0x194ad17 in boost::_bi::bind_t<void, void (*)(std::string const&, std::string const&, boost::function<void ()>, impala::Promise<long>*), boost::_bi::list4<boost::_bi::value<std::string>, boost::_bi::value<std::string>, boost::_bi::value<boost::function<void ()> >, boost::_bi::value<impala::Promise<long>*> > >::operator()() /data/jenkins/workspace/impala-umbrella-build-and-test/Impala-Toolchain/boost-1.57.0/include/boost/bind/bind_template.hpp:20:16
    #20 0x1dcd689 in thread_proxy (/data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/build/debug/exprs/expr-test+0x1dcd689)
    #21 0x3a76207850 in start_thread (/lib64/libpthread.so.0+0x3a76207850)
    #22 0x3a75ee894c in clone (/lib64/libc.so.6+0x3a75ee894c)

0x6210002be500 is located 0 bytes to the right of 4096-byte region [0x6210002bd500,0x6210002be500)
allocated by thread T12643 here:
    #0 0xff39b8 in __interceptor_malloc /data/jenkins/workspace/verify-impala-toolchain-package-build/label/ec2-package-centos-6/toolchain/source/llvm/llvm-3.8.0.src-p1/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:52
    #1 0x15a3128 in impala::MemPool::FindChunk(long, bool) /data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/src/runtime/mem-pool.cc:149:45
    #2 0x1162d7a in unsigned char* impala::MemPool::Allocate<true>(long, int) /data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/src/runtime/mem-pool.h:263:32
    #3 0x1345613 in impala::MemPool::TryAllocateAligned(long, int) /data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/src/runtime/mem-pool.h:119:12
    #4 0x1344cdd in impala::AllocateAnyVal(impala::RuntimeState*, impala::MemPool*, impala::ColumnType const&, std::string const&, impala_udf::AnyVal**) /data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/src/exprs/anyval-util.cc:38:39
    #5 0x129a0d0 in impala::ScalarFnCall::Open(impala::RuntimeState*, impala::ExprContext*, impala_udf::FunctionContext::FunctionStateScope) /data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/src/exprs/scalar-fn-call.cc:182:33
    #6 0x11dcfbc in impala::ExprContext::Open(impala::RuntimeState*) /data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/src/exprs/expr-context.cc:70:10
    #7 0x11bed68 in impala::Expr::Open(std::vector<impala::ExprContext*, std::allocator<impala::ExprContext*> > const&, impala::RuntimeState*) /data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/src/exprs/expr.cc:393:31
    #8 0x1b3d33d in impala::UnionNode::Open(impala::RuntimeState*) /data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/src/exec/union-node.cc:93:31
    #9 0x1d66b1e in impala::PlanFragmentExecutor::OpenInternal() /data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/src/runtime/plan-fragment-executor.cc:322:31
    #10 0x1d66655 in impala::PlanFragmentExecutor::Open() /data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/src/runtime/plan-fragment-executor.cc:295:19
    #11 0x181ec01 in impala::FragmentMgr::FragmentExecState::Exec() /data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/src/service/fragment-exec-state.cc:58:5
    #12 0x1811df5 in impala::FragmentMgr::FragmentThread(impala::TUniqueId) /data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/src/service/fragment-mgr.cc:86:3
    #13 0x181746d in boost::_mfi::mf1<void, impala::FragmentMgr, impala::TUniqueId>::operator()(impala::FragmentMgr*, impala::TUniqueId) const /data/jenkins/workspace/impala-umbrella-build-and-test/Impala-Toolchain/boost-1.57.0/include/boost/bind/mem_fn_template.hpp:165:16
    #14 0x18172c7 in void boost::_bi::list2<boost::_bi::value<impala::FragmentMgr*>, boost::_bi::value<impala::TUniqueId> >::operator()<boost::_mfi::mf1<void, impala::FragmentMgr, impala::TUniqueId>, boost::_bi::list0>(boost::_bi::type<void>, boost::_mfi::mf1<void, impala::FragmentMgr, impala::TUniqueId>&, boost::_bi::list0&, int) /data/jenkins/workspace/impala-umbrella-build-and-test/Impala-Toolchain/boost-1.57.0/include/boost/bind/bind.hpp:313:9
    #15 0x1817177 in boost::_bi::bind_t<void, boost::_mfi::mf1<void, impala::FragmentMgr, impala::TUniqueId>, boost::_bi::list2<boost::_bi::value<impala::FragmentMgr*>, boost::_bi::value<impala::TUniqueId> > >::operator()() /data/jenkins/workspace/impala-umbrella-build-and-test/Impala-Toolchain/boost-1.57.0/include/boost/bind/bind_template.hpp:20:16
    #16 0x15958c2 in boost::function0<void>::operator()() const /data/jenkins/workspace/impala-umbrella-build-and-test/Impala-Toolchain/boost-1.57.0/include/boost/function/function_template.hpp:766:14
    #17 0x19420b5 in impala::Thread::SuperviseThread(std::string const&, std::string const&, boost::function<void ()>, impala::Promise<long>*) /data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/src/util/thread.cc:317:3
    #18 0x194ae8a in void boost::_bi::list4<boost::_bi::value<std::string>, boost::_bi::value<std::string>, boost::_bi::value<boost::function<void ()> >, boost::_bi::value<impala::Promise<long>*> >::operator()<void (*)(std::string const&, std::string const&, boost::function<void ()>, impala::Promise<long>*), boost::_bi::list0>(boost::_bi::type<void>, void (*&)(std::string const&, std::string const&, boost::function<void ()>, impala::Promise<long>*), boost::_bi::list0&, int) /data/jenkins/workspace/impala-umbrella-build-and-test/Impala-Toolchain/boost-1.57.0/include/boost/bind/bind.hpp:457:9
    #19 0x194ad17 in boost::_bi::bind_t<void, void (*)(std::string const&, std::string const&, boost::function<void ()>, impala::Promise<long>*), boost::_bi::list4<boost::_bi::value<std::string>, boost::_bi::value<std::string>, boost::_bi::value<boost::function<void ()> >, boost::_bi::value<impala::Promise<long>*> > >::operator()() /data/jenkins/workspace/impala-umbrella-build-and-test/Impala-Toolchain/boost-1.57.0/include/boost/bind/bind_template.hpp:20:16
    #20 0x1dcd689 in thread_proxy (/data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/build/debug/exprs/expr-test+0x1dcd689)

Thread T12643 created by T422 here:
    #0 0xf5ecb9 in __interceptor_pthread_create /data/jenkins/workspace/verify-impala-toolchain-package-build/label/ec2-package-centos-6/toolchain/source/llvm/llvm-3.8.0.src-p1/projects/compiler-rt/lib/asan/asan_interceptors.cc:238
    #1 0x1dcca69 in boost::thread::start_thread_noexcept() (/data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/build/debug/exprs/expr-test+0x1dcca69)

Thread T422 created by T121 here:
    #0 0xf5ecb9 in __interceptor_pthread_create /data/jenkins/workspace/verify-impala-toolchain-package-build/label/ec2-package-centos-6/toolchain/source/llvm/llvm-3.8.0.src-p1/projects/compiler-rt/lib/asan/asan_interceptors.cc:238
    #1 0x1dcca69 in boost::thread::start_thread_noexcept() (/data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/build/debug/exprs/expr-test+0x1dcca69)

Thread T121 created by T120 here:
    #0 0xf5ecb9 in __interceptor_pthread_create /data/jenkins/workspace/verify-impala-toolchain-package-build/label/ec2-package-centos-6/toolchain/source/llvm/llvm-3.8.0.src-p1/projects/compiler-rt/lib/asan/asan_interceptors.cc:238
    #1 0x1dcca69 in boost::thread::start_thread_noexcept() (/data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/build/debug/exprs/expr-test+0x1dcca69)

Thread T120 created by T0 here:
    #0 0xf5ecb9 in __interceptor_pthread_create /data/jenkins/workspace/verify-impala-toolchain-package-build/label/ec2-package-centos-6/toolchain/source/llvm/llvm-3.8.0.src-p1/projects/compiler-rt/lib/asan/asan_interceptors.cc:238
    #1 0x1dcca69 in boost::thread::start_thread_noexcept() (/data/jenkins/workspace/impala-umbrella-build-and-test/repos/Impala/be/build/debug/exprs/expr-test+0x1dcca69)

SUMMARY: AddressSanitizer: heap-buffer-overflow /data/jenkins/workspace/verify-impala-toolchain-package-build/label/ec2-package-centos-6/toolchain/source/llvm/llvm-3.8.0.src-p1/projects/compiler-rt/lib/asan/asan_interceptors.cc:581 in strlen
Shadow bytes around the buggy address:
  0x0c428004fc50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c428004fc60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c428004fc70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c428004fc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c428004fc90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c428004fca0:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c428004fcb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c428004fcc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c428004fcd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c428004fce0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c428004fcf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==28697==ABORTING
<end of output>
Test time =  77.84 sec

This is probably a consequence of "~~IMPALA-4302~~,~~IMPALA-2379~~: constant expr arg fixes". Looking at the code there seems to be a latent bug where we're assuming StringValues are null-terminated.

Attachments

Activity

People

Assignee:: Tim Armstrong

Reporter:: Tim Armstrong

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 08/Nov/16 18:23

Updated:: 09/Nov/16 02:58

Resolved:: 09/Nov/16 02:58