Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SIGABRT from the JsonParseFunction::sortIndices #12389

Open
kagamiori opened this issue Feb 19, 2025 · 0 comments
Open

SIGABRT from the JsonParseFunction::sortIndices #12389

kagamiori opened this issue Feb 19, 2025 · 0 comments
Labels
bug Something isn't working fuzzer-found

Comments

@kagamiori
Copy link
Contributor

Description

Expression fuzzer found a SIGABRT from the JsonParseFunction::sortIndices.

Error Reproduction

On the latest main branch, you can run the following command to reproduce the error.
expression_fuzzer_test --enable_variadic_signatures --velox_fuzzer_enable_complex_types --lazy_vector_generation_ratio 0.2 --common_dictionary_wraps_generation_ratio=0.3 --velox_fuzzer_enable_column_reuse --velox_fuzzer_enable_expression_reuse --max_expression_trees_per_step 2 --retry_with_try --enable_dereference --duration_sec 1200 --minloglevel=0 --stderrthreshold=2 --only="json_parse,array_constructor" --seed=1136302951

Relevant logs

I0219 10:27:00.563302 3315260 ExpressionFuzzerVerifier.cpp:382] ==============================> Started iteration 0 (seed: 1136302951)
I0219 10:27:00.712445 3315260 ExpressionVerifier.cpp:142] Executing expression 0 : json_parse("c0")
I0219 10:27:00.712646 3315260 ExpressionVerifier.cpp:142] Executing expression 1 : json_parse("c1")
I0219 10:27:00.712694 3315260 ExpressionVerifier.cpp:142] Executing expression 2 : "row_number"
I0219 10:27:00.713757 3315260 ExpressionVerifier.cpp:189] Executing test case: 0
fbcode/third-party-buck/platform010/build/libgcc/include/c++/trunk/string_view:233: const_reference std::basic_string_view<char>::operator[](size_type) const [_CharT = char, _Traits = std::char_traits<char>]: Assertion '__pos < this->_M_len' failed.
*** Aborted at 1739989620 (Unix time, try 'date -d @1739989620') ***
*** Signal 6 (SIGABRT) (0x37b3c0032963c) received by PID 3315260 (pthread TID 0x7f6c61456e40) (linux TID 3315260) (maybe from PID 3315260, UID 228156) (code: -6), stack trace: ***
    @ 000000000000f607 folly::symbolizer::(anonymous namespace)::innerSignalHandler(int, siginfo_t*, void*)
                       ./fbcode/folly/debugging/symbolizer/SignalHandler.cpp:453
    @ 000000000000dd81 folly::symbolizer::(anonymous namespace)::signalHandler(int, siginfo_t*, void*)
                       ./fbcode/folly/debugging/symbolizer/SignalHandler.cpp:474
    @ 000000000004455f (unknown)
                       /home/engshare/third-party2/glibc/2.34/src/glibc-2.34/signal/../sysdeps/unix/sysv/linux/libc_sigaction.c:8
                       -> /home/engshare/third-party2/glibc/2.34/src/glibc-2.34/signal/../sysdeps/unix/sysv/linux/x86_64/libc_sigaction.c
    @ 000000000009c993 __GI___pthread_kill
                       /home/engshare/third-party2/glibc/2.34/src/glibc-2.34/nptl/pthread_kill.c:46
    @ 00000000000444ac __GI_raise
                       /home/engshare/third-party2/glibc/2.34/src/glibc-2.34/signal/../sysdeps/posix/raise.c:26
    @ 000000000002c432 __GI_abort
                       /home/engshare/third-party2/glibc/2.34/src/glibc-2.34/stdlib/abort.c:79
    @ 00000000000383ab std::__replacement_assert(char const*, int, char const*, char const*)
                       fbcode/third-party-buck/platform010/build/libgcc/include/c++/trunk/x86_64-facebook-linux/bits/c++config.h:535
    @ 00000000000525de std::basic_string_view<char, std::char_traits<char> >::operator[](unsigned long) const
                       fbcode/third-party-buck/platform010/build/libgcc/include/c++/trunk/string_view:233
    @ 000000000006d4d5 facebook::velox::(anonymous namespace)::getEscapedChar(std::basic_string_view<char, std::char_traits<char> >, unsigned long&)
                       ./fbcode/velox/functions/prestosql/json/JsonStringUtil.cpp:233
    @ 000000000006c8e6 facebook::velox::(anonymous namespace)::compareChars(std::basic_string_view<char, std::char_traits<char> > const&, std::basic_string_view<char, std::char_traits<char> > const&, unsigned long&, unsigned long&)
                       ./fbcode/velox/functions/prestosql/json/JsonStringUtil.cpp:285
    @ 000000000006c413 facebook::velox::lessThanForJsonParse(std::basic_string_view<char, std::char_traits<char> > const&, std::basic_string_view<char, std::char_traits<char> > const&)
                       ./fbcode/velox/functions/prestosql/json/JsonStringUtil.cpp:323
    @ 0000000002c1850a facebook::velox::functions::(anonymous namespace)::JsonParseFunction::sortFields<true>(facebook::velox::functions::(anonymous namespace)::JsonField const*, int, int) const::{lambda(int, int)#1}::operator()(int, int) const
                       ./fbcode/velox/functions/prestosql/JsonFunctions.cpp:418
    @ 0000000002c28e3e void facebook::velox::detail::SortingNetworkImpl<6>::compareExchange<3, 4, int, facebook::velox::functions::(anonymous namespace)::JsonParseFunction::sortFields<true>(facebook::velox::functions::(anonymous namespace)::JsonField const*, int, int) const::{lambda(int, int)#1}>(int*, facebook::velox::functions::(anonymous namespace)::JsonParseFunction::sortFields<true>(facebook::velox::functions::(anonymous namespace)::JsonField const*, int, int) const::{lambda(int, int)#1})
                       fbcode/velox/common/base/SortingNetwork.h:45
    @ 0000000002c277f1 facebook::velox::detail::SortingNetworkImpl<6>::PB<int, facebook::velox::functions::(anonymous namespace)::JsonParseFunction::sortFields<true>(facebook::velox::functions::(anonymous namespace)::JsonField const*, int, int) const::{lambda(int, int)#1}, 4, 5, 1, 2>::PB(int*, facebook::velox::functions::(anonymous namespace)::JsonParseFunction::sortFields<true>(facebook::velox::functions::(anonymous namespace)::JsonField const*, int, int) const::{lambda(int, int)#1})
                       fbcode/velox/common/base/SortingNetwork.h:77
    @ 0000000002c24f0a facebook::velox::detail::SortingNetworkImpl<6>::PS<int, facebook::velox::functions::(anonymous namespace)::JsonParseFunction::sortFields<true>(facebook::velox::functions::(anonymous namespace)::JsonField const*, int, int) const::{lambda(int, int)#1}, 4, 3, false>::PS(int*, facebook::velox::functions::(anonymous namespace)::JsonParseFunction::sortFields<true>(facebook::velox::functions::(anonymous namespace)::JsonField const*, int, int) const::{lambda(int, int)#1})
                       fbcode/velox/common/base/SortingNetwork.h:95
    @ 0000000002c24833 facebook::velox::detail::SortingNetworkImpl<6>::PS<int, facebook::velox::functions::(anonymous namespace)::JsonParseFunction::sortFields<true>(facebook::velox::functions::(anonymous namespace)::JsonField const*, int, int) const::{lambda(int, int)#1}, 1, 6, false>::PS(int*, facebook::velox::functions::(anonymous namespace)::JsonParseFunction::sortFields<true>(facebook::velox::functions::(anonymous namespace)::JsonField const*, int, int) const::{lambda(int, int)#1})
                       fbcode/velox/common/base/SortingNetwork.h:94
    @ 0000000002c165c0 void facebook::velox::detail::SortingNetworkImpl<6>::apply<int, facebook::velox::functions::(anonymous namespace)::JsonParseFunction::sortFields<true>(facebook::velox::functions::(anonymous namespace)::JsonField const*, int, int) const::{lambda(int, int)#1}>(int*, facebook::velox::functions::(anonymous namespace)::JsonParseFunction::sortFields<true>(facebook::velox::functions::(anonymous namespace)::JsonField const*, int, int) const::{lambda(int, int)#1}&&)
                       fbcode/velox/common/base/SortingNetwork.h:38
    @ 0000000002c159d1 void facebook::velox::sortingNetwork<int, facebook::velox::functions::(anonymous namespace)::JsonParseFunction::sortFields<true>(facebook::velox::functions::(anonymous namespace)::JsonField const*, int, int) const::{lambda(int, int)#1}>(int*, int, facebook::velox::functions::(anonymous namespace)::JsonParseFunction::sortFields<true>(facebook::velox::functions::(anonymous namespace)::JsonField const*, int, int) const::{lambda(int, int)#1}&&)
                       fbcode/velox/common/base/SortingNetwork.h:126
    @ 0000000002c148bd void facebook::velox::functions::(anonymous namespace)::JsonParseFunction::sortIndices<facebook::velox::functions::(anonymous namespace)::JsonParseFunction::sortFields<true>(facebook::velox::functions::(anonymous namespace)::JsonField const*, int, int) const::{lambda(int, int)#1}>(facebook::velox::functions::(anonymous namespace)::JsonParseFunction::sortFields<true>(facebook::velox::functions::(anonymous namespace)::JsonField const*, int, int) const::{lambda(int, int)#1}&&) const
                       ./fbcode/velox/functions/prestosql/JsonFunctions.cpp:477
    @ 0000000002c0fc1f void facebook::velox::functions::(anonymous namespace)::JsonParseFunction::sortFields<true>(facebook::velox::functions::(anonymous namespace)::JsonField const*, int, int) const
                       ./fbcode/velox/functions/prestosql/JsonFunctions.cpp:417
    @ 0000000002bf5f14 simdjson::error_code facebook::velox::functions::(anonymous namespace)::JsonParseFunction::generateViewsFromObject<true>(simdjson::haswell::ondemand::object) const
                       ./fbcode/velox/functions/prestosql/JsonFunctions.cpp:398
    @ 0000000002bfeb7e simdjson::error_code facebook::velox::functions::(anonymous namespace)::JsonParseFunction::generateViews<true, simdjson::haswell::ondemand::value>(simdjson::haswell::ondemand::value) const
                       ./fbcode/velox/functions/prestosql/JsonFunctions.cpp:341
    @ 0000000002bf503c simdjson::error_code facebook::velox::functions::(anonymous namespace)::JsonParseFunction::generateViewsFromArray<true>(simdjson::haswell::ondemand::array) const
                       ./fbcode/velox/functions/prestosql/JsonFunctions.cpp:374
    @ 0000000002bf1b22 simdjson::error_code facebook::velox::functions::(anonymous namespace)::JsonParseFunction::generateViews<true, simdjson::haswell::ondemand::document&>(simdjson::haswell::ondemand::document&) const
                       ./fbcode/velox/functions/prestosql/JsonFunctions.cpp:337
    @ 0000000002bebdf9 facebook::velox::functions::(anonymous namespace)::JsonParseFunction::parse(unsigned long, bool) const
                       ./fbcode/velox/functions/prestosql/JsonFunctions.cpp:320
    @ 0000000002fced15 auto facebook::velox::functions::(anonymous namespace)::JsonParseFunction::apply(facebook::velox::SelectivityVector const&, std::vector<std::shared_ptr<facebook::velox::BaseVector>, std::allocator<std::shared_ptr<facebook::velox::BaseVector> > >&, std::shared_ptr<facebook::velox::Type const> const&, facebook::velox::exec::EvalCtx&, std::shared_ptr<facebook::velox::BaseVector>&) const::{lambda(auto:1)#2}::operator()<int>(int) const
                       ./fbcode/velox/functions/prestosql/JsonFunctions.cpp:251
    @ 0000000002fd1cf5 facebook::velox::bits::forEachBit<facebook::velox::functions::(anonymous namespace)::JsonParseFunction::apply(facebook::velox::SelectivityVector const&, std::vector<std::shared_ptr<facebook::velox::BaseVector>, std::allocator<std::shared_ptr<facebook::velox::BaseVector> > >&, std::shared_ptr<facebook::velox::Type const> const&, facebook::velox::exec::EvalCtx&, std::shared_ptr<facebook::velox::BaseVector>&) const::{lambda(auto:1)#2}>(unsigned long const*, int, int, bool, facebook::velox::functions::(anonymous namespace)::JsonParseFunction::apply(facebook::velox::SelectivityVector const&, std::vector<std::shared_ptr<facebook::velox::BaseVector>, std::allocator<std::shared_ptr<facebook::velox::BaseVector> > >&, std::shared_ptr<facebook::velox::Type const> const&, facebook::velox::exec::EvalCtx&, std::shared_ptr<facebook::velox::BaseVector>&) const::{lambda(auto:1)#2})::{lambda(int, unsigned long)#1}::operator()(int, unsigned long) const
                       fbcode/velox/common/base/BitUtil.h:437
    @ 0000000002fd1948 _ZN8facebook5velox4bits11forEachWordIZNS1_10forEachBitIZNKS0_9functions12_GLOBAL__N_117JsonParseFunction5applyERKNS0_17SelectivityVectorERSt6vectorISt10shared_ptrINS0_10BaseVectorEESaISD_EERKSB_IKNS0_4TypeEERNS0_4exec7EvalCtxERSD_EUlT_E0_EEvPKmiibSQ_EUlimE_ZNS3_ISR_EEvST_iibSQ_EUliE_EEviiSQ_T0_
                       fbcode/velox/common/base/BitUtil.h:222
    @ 0000000002fd13dd void facebook::velox::bits::forEachBit<facebook::velox::functions::(anonymous namespace)::JsonParseFunction::apply(facebook::velox::SelectivityVector const&, std::vector<std::shared_ptr<facebook::velox::BaseVector>, std::allocator<std::shared_ptr<facebook::velox::BaseVector> > >&, std::shared_ptr<facebook::velox::Type const> const&, facebook::velox::exec::EvalCtx&, std::shared_ptr<facebook::velox::BaseVector>&) const::{lambda(auto:1)#2}>(unsigned long const*, int, int, bool, facebook::velox::functions::(anonymous namespace)::JsonParseFunction::apply(facebook::velox::SelectivityVector const&, std::vector<std::shared_ptr<facebook::velox::BaseVector>, std::allocator<std::shared_ptr<facebook::velox::BaseVector> > >&, std::shared_ptr<facebook::velox::Type const> const&, facebook::velox::exec::EvalCtx&, std::shared_ptr<facebook::velox::BaseVector>&) const::{lambda(auto:1)#2})
                       fbcode/velox/common/base/BitUtil.h:428
    @ 0000000002fd0ea2 void facebook::velox::bits::forEachSetBit<facebook::velox::functions::(anonymous namespace)::JsonParseFunction::apply(facebook::velox::SelectivityVector const&, std::vector<std::shared_ptr<facebook::velox::BaseVector>, std::allocator<std::shared_ptr<facebook::velox::BaseVector> > >&, std::shared_ptr<facebook::velox::Type const> const&, facebook::velox::exec::EvalCtx&, std::shared_ptr<facebook::velox::BaseVector>&) const::{lambda(auto:1)#2}>(unsigned long const*, int, int, facebook::velox::functions::(anonymous namespace)::JsonParseFunction::apply(facebook::velox::SelectivityVector const&, std::vector<std::shared_ptr<facebook::velox::BaseVector>, std::allocator<std::shared_ptr<facebook::velox::BaseVector> > >&, std::shared_ptr<facebook::velox::Type const> const&, facebook::velox::exec::EvalCtx&, std::shared_ptr<facebook::velox::BaseVector>&) const::{lambda(auto:1)#2})
                       fbcode/velox/common/base/BitUtil.h:462
    @ 0000000002bed377 void facebook::velox::SelectivityVector::applyToSelected<facebook::velox::functions::(anonymous namespace)::JsonParseFunction::apply(facebook::velox::SelectivityVector const&, std::vector<std::shared_ptr<facebook::velox::BaseVector>, std::allocator<std::shared_ptr<facebook::velox::BaseVector> > >&, std::shared_ptr<facebook::velox::Type const> const&, facebook::velox::exec::EvalCtx&, std::shared_ptr<facebook::velox::BaseVector>&) const::{lambda(auto:1)#2}>(facebook::velox::functions::(anonymous namespace)::JsonParseFunction::apply(facebook::velox::SelectivityVector const&, std::vector<std::shared_ptr<facebook::velox::BaseVector>, std::allocator<std::shared_ptr<facebook::velox::BaseVector> > >&, std::shared_ptr<facebook::velox::Type const> const&, facebook::velox::exec::EvalCtx&, std::shared_ptr<facebook::velox::BaseVector>&) const::{lambda(auto:1)#2}) const
                       fbcode/velox/vector/SelectivityVector.h:449
    @ 0000000002be9820 facebook::velox::functions::(anonymous namespace)::JsonParseFunction::apply(facebook::velox::SelectivityVector const&, std::vector<std::shared_ptr<facebook::velox::BaseVector>, std::allocator<std::shared_ptr<facebook::velox::BaseVector> > >&, std::shared_ptr<facebook::velox::Type const> const&, facebook::velox::exec::EvalCtx&, std::shared_ptr<facebook::velox::BaseVector>&) const
                       ./fbcode/velox/functions/prestosql/JsonFunctions.cpp:243
    @ 0000000001588242 facebook::velox::exec::Expr::applyFunction(facebook::velox::SelectivityVector const&, facebook::velox::exec::EvalCtx&, std::shared_ptr<facebook::velox::BaseVector>&)
                       ./fbcode/velox/expression/Expr.cpp:1524
    @ 00000000015994a9 facebook::velox::exec::Expr::evalAllImpl(facebook::velox::SelectivityVector const&, facebook::velox::exec::EvalCtx&, std::shared_ptr<facebook::velox::BaseVector>&)
                       ./fbcode/velox/expression/Expr.cpp:1439
    @ 000000000158e7ba facebook::velox::exec::Expr::evalAll(facebook::velox::SelectivityVector const&, facebook::velox::exec::EvalCtx&, std::shared_ptr<facebook::velox::BaseVector>&)
                       ./fbcode/velox/expression/Expr.cpp:1383
    @ 00000000015918bc facebook::velox::exec::Expr::evalWithNulls(facebook::velox::SelectivityVector const&, facebook::velox::exec::EvalCtx&, std::shared_ptr<facebook::velox::BaseVector>&)
                       ./fbcode/velox/expression/Expr.cpp:1165
    @ 0000000001592f27 facebook::velox::exec::Expr::evalWithMemo(facebook::velox::SelectivityVector const&, facebook::velox::exec::EvalCtx&, std::shared_ptr<facebook::velox::BaseVector>&)
                       ./fbcode/velox/expression/Expr.cpp:1196
    @ 0000000001592697 facebook::velox::exec::Expr::evalEncodings(facebook::velox::SelectivityVector const&, facebook::velox::exec::EvalCtx&, std::shared_ptr<facebook::velox::BaseVector>&)::$_0::operator()(facebook::velox::exec::ContextSaver&) const
                       ./fbcode/velox/expression/Expr.cpp:1074
    @ 00000000015910fa void facebook::velox::exec::withContextSaver<facebook::velox::exec::Expr::evalEncodings(facebook::velox::SelectivityVector const&, facebook::velox::exec::EvalCtx&, std::shared_ptr<facebook::velox::BaseVector>&)::$_0>(facebook::velox::exec::Expr::evalEncodings(facebook::velox::SelectivityVector const&, facebook::velox::exec::EvalCtx&, std::shared_ptr<facebook::velox::BaseVector>&)::$_0&&)
                       fbcode/velox/expression/EvalCtx.h:621
    @ 000000000158ed15 facebook::velox::exec::Expr::evalEncodings(facebook::velox::SelectivityVector const&, facebook::velox::exec::EvalCtx&, std::shared_ptr<facebook::velox::BaseVector>&)
                       ./fbcode/velox/expression/Expr.cpp:1055
    @ 000000000158dff3 facebook::velox::exec::Expr::eval(facebook::velox::SelectivityVector const&, facebook::velox::exec::EvalCtx&, std::shared_ptr<facebook::velox::BaseVector>&, facebook::velox::exec::ExprSet const*)
                       ./fbcode/velox/expression/Expr.cpp:831
    @ 0000000001551dbd facebook::velox::exec::ExprSet::eval(int, int, bool, facebook::velox::SelectivityVector const&, facebook::velox::exec::EvalCtx&, std::vector<std::shared_ptr<facebook::velox::BaseVector>, std::allocator<std::shared_ptr<facebook::velox::BaseVector> > >&)
                       ./fbcode/velox/expression/Expr.cpp:1935
    @ 000000000032d9ba (unknown)
    @ 00000000001e9f70 facebook::velox::fuzzer::ExpressionFuzzerVerifier::go()
                       ./fbcode/velox/expression/fuzzer/ExpressionFuzzerVerifier.cpp:410
    @ 00000000001f4ca5 facebook::velox::fuzzer::FuzzerRunner::runFromGtest(unsigned long, std::unordered_set<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::hash<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::equal_to<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::unordered_map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::shared_ptr<facebook::velox::exec::test::ExprTransformer>, std::hash<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::equal_to<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::shared_ptr<facebook::velox::exec::test::ExprTransformer> > > > const&, std::unordered_map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::hash<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::equal_to<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > > const&, std::unordered_map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::shared_ptr<facebook::velox::fuzzer::ArgTypesGenerator>, std::hash<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::equal_to<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, st
                       ./fbcode/velox/expression/fuzzer/FuzzerRunner.cpp:282
    @ 00000000002f7476 main
                       ./fbcode/velox/expression/fuzzer/ExpressionFuzzerTest.cpp:146
    @ 000000000002c656 __libc_start_call_main
                       /home/engshare/third-party2/glibc/2.34/src/glibc-2.34/csu/../sysdeps/nptl/libc_start_call_main.h:58
                       -> /home/engshare/third-party2/glibc/2.34/src/glibc-2.34/csu/../sysdeps/x86/libc-start.c
    @ 000000000002c717 __libc_start_main_alias_2
                       /home/engshare/third-party2/glibc/2.34/src/glibc-2.34/csu/../csu/libc-start.c:409
                       -> /home/engshare/third-party2/glibc/2.34/src/glibc-2.34/csu/../sysdeps/x86/libc-start.c
    @ 00000000002f0810 _start
                       /home/engshare/third-party2/glibc/2.34/src/glibc-2.34/csu/../sysdeps/x86_64/start.S:116
Aborted (core dumped)
@kagamiori kagamiori added bug Something isn't working fuzzer-found labels Feb 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working fuzzer-found
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kagamiori