[Bug] memtracker heap-use-after-free

[deardeng]

Search before asking

• I had searched in the issues and found no similar issues.

Version

master

What's Wrong?

core

(gdb) bt
#0 0x000055652add99ca in doris::signal::(anonymous namespace)::MinimalFormatter::AppendString (this=0x7f9276470160, str=0x5565335fd1e0 "*** Aborted at ")
at /home/zcp/repo_center/selectdb_cold_on_s3_stable_base/selectdb/be/src/common/signal_handler.h:189
#1 0x000055652add9d82 in doris::signal::(anonymous namespace)::DumpTimeInfo () at /home/zcp/repo_center/selectdb_cold_on_s3_stable_base/selectdb/be/src/common/signal_handler.h:251
#2 0x000055652adda7b5 in doris::signal::(anonymous namespace)::FailureSignalHandler (signal_number=11, signal_info=0x7f9276470570, ucontext=0x7f9276470440)
at /home/zcp/repo_center/selectdb_cold_on_s3_stable_base/selectdb/be/src/common/signal_handler.h:394
#3
#4 0x000055652af06e9c in _mm_loadu_si128(long long __vector(2) const*) (__P=0x556533696210 phmap::priv::EmptyGroup()::empty_group) at /home/ubuntu/tools/ldb-tools/lib/gcc/x86_64-linux-gnu/11/include/emmintrin.h:703
#5 phmap::priv::GroupSse2Impl::GroupSse2Impl (this=0x7f9276470b30,
pos=0x556533696210 phmap::priv::EmptyGroup()::empty_group "\377", '\200' <repeats 15 times>, "GH\207\367GH\207\367\273G\207\367\305G\207\367\317G\207\367\331G\207\367\343G\207\367\355G\207\367\367G\207\367\001H\207\367\063H\207\367\025H\207\367\037H\207\367GH\207\367GH\207\367)H\207\367GH\207\367GH\207\367GH\207\367GH\207\367\vH\207\367GH\207\367GH\207\367=H\207\367St15_Sp_counted_ptrIPN5doris13HybridSetBaseELN9__gnu_cxx12_Lock_policyE2EE")
at /home/zcp/repo_center/selectdb_cold_on_s3_stable_base/selectdb/thirdparty/installed/include/parallel_hashmap/phmap.h:333
#6 0x000055652b26fd0b in phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<long, std::shared_ptrdoris::MemTracker >, phmap::Hash, phmap::EqualTo, std::allocator<std::pair<long const, std::shared_ptrdoris::MemTracker > > >::find_or_prepare_insert (this=0x613000702dd0, key=@0x7f9276470ec0: 0, hashval=0) at /home/zcp/repo_center/selectdb_cold_on_s3_stable_base/selectdb/thirdparty/installed/include/parallel_hashmap/phmap.h:2038
#7 0x000055652b26924d in phmap::priv::raw_hash_set<phmap::priv::FlatHashMapPolicy<long, std::shared_ptrdoris::MemTracker >, phmap::Hash, phmap::EqualTo, std::allocator<std::pair<long const, std::shared_ptrdoris::MemTracker > > >::find_or_prepare_insert (this=0x613000702dd0, key=@0x7f9276470ec0: 0) at /home/zcp/repo_center/selectdb_cold_on_s3_stable_base/selectdb/thirdparty/installed/include/parallel_hashmap/phmap.h:2053
#8 0x000055652bd6abbb in phmap::priv::raw_hash_map<phmap::priv::FlatHashMapPolicy<long, std::shared_ptrdoris::MemTracker >, phmap::Hash, phmap::EqualTo, std::allocator<std::pair<long const, std::shared_ptrdoris::MemTracker > > >::try_emplace_impl (this=0x613000702dd0, k=@0x7f9276470ec0: 0) at /home/zcp/repo_center/selectdb_cold_on_s3_stable_base/selectdb/thirdparty/installed/include/parallel_hashmap/phmap.h:2328
#9 0x000055652bd664fb in phmap::priv::raw_hash_map<phmap::priv::FlatHashMapPolicy<long, std::shared_ptrdoris::MemTracker >, phmap::Hash, phmap::EqualTo, std::allocator<std::pair<long const, std::shared_ptrdoris::MemTracker > > >::try_emplace<long, , 0, (long*)0>(long&&) (this=0x613000702dd0, k=@0x7f9276470ec0: 0) at /home/zcp/repo_center/selectdb_cold_on_s3_stable_base/selectdb/thirdparty/installed/include/parallel_hashmap/phmap.h:2269
#10 0x000055652bd64810 in phmap::priv::raw_hash_map<phmap::priv::FlatHashMapPolicy<long, std::shared_ptrdoris::MemTracker >, phmap::Hash, phmap::EqualTo, std::allocator<std::pair<long const, std::shared_ptrdoris::MemTracker > > >::operator[]<long, phmap::priv::FlatHashMapPolicy<long, std::shared_ptrdoris::MemTracker >, (long*)0> (this=0x613000702dd0, key=@0x7f9276470ec0: 0)
at /home/zcp/repo_center/selectdb_cold_on_s3_stable_base/selectdb/thirdparty/installed/include/parallel_hashmap/phmap.h:2307
#11 0x000055652bd604e7 in doris::ThreadMemTrackerMgr::init (this=0x613000702dc0) at /home/zcp/repo_center/selectdb_cold_on_s3_stable_base/selectdb/be/src/runtime/thread_mem_tracker_mgr.h:190
#12 0x000055652bd61cb2 in doris::ThreadContext::ThreadContext (this=0x60b000de3090) at /home/zcp/repo_center/selectdb_cold_on_s3_stable_base/selectdb/be/src/runtime/thread_context.h:118
#13 0x000055652bd5aea5 in doris::ThreadContextPtr::ThreadContextPtr (this=0x7f9276476330) at /home/zcp/repo_center/selectdb_cold_on_s3_stable_base/selectdb/be/src/runtime/thread_context.cpp:28
#14 0x000055652ade8ae5 in __tls_init () at /home/zcp/repo_center/selectdb_cold_on_s3_stable_base/selectdb/be/src/runtime/thread_context.h:216
#15 0x000055652adf49a5 in TLS wrapper function for doris::thread_local_ctx ()
#16 0x000055652bd5ae5f in doris::tls_ctx () at /home/zcp/repo_center/selectdb_cold_on_s3_stable_base/selectdb/be/src/runtime/thread_context.h:223
#17 0x000055652bd5c79a in doris::AttachTaskThread::AttachTaskThread (this=0x7f92764713d0, runtime_state=0x620000aba080, mem_tracker=...)
at /home/zcp/repo_center/selectdb_cold_on_s3_stable_base/selectdb/be/src/runtime/thread_context.cpp:86
#18 0x000055652e0e40af in doris::vectorized::VOlapScanNode::transfer_thread (this=0x6210007dc900, state=0x620000aba080) at /home/zcp/repo_center/selectdb_cold_on_s3_stable_base/selectdb/be/src/vec/exec/volap_scan_node.cpp:39
#19 0x000055652e10525a in std::__invoke_impl<void, void (doris::vectorized::VOlapScanNode::)(doris::RuntimeState), doris::vectorized::VOlapScanNode*, doris::RuntimeState*> (__f=
@0x604000b60fa8: (void (doris::vectorized::VOlapScanNode::)(doris::vectorized::VOlapScanNode * const, doris::RuntimeState )) 0x55652e0e3db8 doris::vectorized::VOlapScanNode::transfer_thread(doris::RuntimeState*),
__t=@0x604000b60fa0: 0x6210007dc900) at /home/ubuntu/tools/ldb-tools/include/c++/11/bits/invoke.h:74
#20 0x000055652e105056 in std::__invoke<void (doris::vectorized::VOlapScanNode::)(doris::RuntimeState), doris::vectorized::VOlapScanNode*, doris::RuntimeState*> (__fn=
@0x604000b60fa8: (void (doris::vectorized::VOlapScanNode::)(doris::vectorized::VOlapScanNode * const, doris::RuntimeState )) 0x55652e0e3db8 doris::vectorized::VOlapScanNode::transfer_thread(doris::RuntimeState*))
at /home/ubuntu/tools/ldb-tools/include/c++/11/bits/invoke.h:96
#21 0x000055652e104f89 in std::thread::_Invoker<std::tuple<void (doris::vectorized::VOlapScanNode::)(doris::RuntimeState), doris::vectorized::VOlapScanNode*, doris::RuntimeState*> >::_M_invoke<0ul, 1ul, 2ul> (this=0x604000b60f98)
at /home/ubuntu/tools/ldb-tools/include/c++/11/bits/std_thread.h:253
#22 0x000055652e104f26 in std::thread::_Invoker<std::tuple<void (doris::vectorized::VOlapScanNode::)(doris::RuntimeState), doris::vectorized::VOlapScanNode*, doris::RuntimeState*> >::operator() (this=0x604000b60f98)
at /home/ubuntu/tools/ldb-tools/include/c++/11/bits/std_thread.h:260
#23 0x000055652e104f0a in std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (doris::vectorized::VOlapScanNode::)(doris::RuntimeState), doris::vectorized::VOlapScanNode*, doris::RuntimeState*> > >::_M_run (
this=0x604000b60f90) at /home/ubuntu/tools/ldb-tools/include/c++/11/bits/std_thread.h:211
#24 0x00005565335af720 in execute_native_thread_routine ()
#25 0x00007f934a2d2609 in start_thread (arg=) at pthread_create.c:477
#26 0x00007f934a40c133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

What You Expected?

no core

How to Reproduce?

并发重复跑select 查询

Anything Else?

No response

Are you willing to submit PR?

• Yes I am willing to submit a PR!

Code of Conduct

• I agree to follow this project's Code of Conduct