This is an automated email from the ASF dual-hosted git repository.
dataroaring pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/doris.git
commit 11820aaf4da3818894edc83f53489df66db79ce4
Author: yiguolei <676222...@qq.com>
AuthorDate: Tue Aug 20 10:38:58 2024 +0800
[bugfix](core) runtime state is destroyed when spill task is run (#39566)
==17355==ERROR: AddressSanitizer: heap-use-after-free on address
0x61c00388c269 at pc 0x55b47f79e5c4 bp 0x7fde7dd98e30 sp 0x7fde7dd98e28
READ of size 1 at 0x61c00388c269 thread T604 (SpillIOThreadPo)
#0 0x55b47f79e5c3 in doris::QueryContext::is_nereids() const
/root/doris/be/src/runtime/query_context.h:229:38
#1 0x55b47f79e5c3 in doris::RuntimeState::is_nereids() const
/root/doris/be/src/runtime/runtime_state.cpp:542:24
#2 0x55b47f89afed in doris::AttachTask::AttachTask(doris::RuntimeState*)
/root/doris/be/src/runtime/thread_context.cpp:48:50
#3 0x55b4b039e7e5 in doris::pipeline::SpillRunnable::run()
/root/doris/be/src/pipeline/exec/spill_utils.h:43:9
#4 0x55b47fdf739d in doris::ThreadPool::dispatch_thread()
/root/doris/be/src/util/threadpool.cpp:543:24
#5 0x55b47fdd05de in std::function<void ()>::operator()() const
/var/local/ldb-toolchain/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/std_function.h:560:9
#6 0x55b47fdd05de in doris::Thread::supervise_thread(void*)
/root/doris/be/src/util/thread.cpp:498:5
#7 0x7fe1bcb5e608 in start_thread
/build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477:8
#8 0x7fe1bce0b132 in __clone
/build/glibc-SzIz7B/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Co-authored-by: yiguolei <yiguo...@gmail.com>
---
be/src/pipeline/exec/spill_utils.h | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/be/src/pipeline/exec/spill_utils.h
b/be/src/pipeline/exec/spill_utils.h
index 635a6a6bbbc..925e7df44e6 100644
--- a/be/src/pipeline/exec/spill_utils.h
+++ b/be/src/pipeline/exec/spill_utils.h
@@ -40,17 +40,18 @@ public:
~SpillRunnable() override = default;
void run() override {
+ // Should lock task context before scope task, because the _state maybe
+ // destroyed when run is called.
+ auto task_context_holder = _task_context_holder.lock();
+ if (!task_context_holder) {
+ return;
+ }
SCOPED_ATTACH_TASK(_state);
Defer defer([&] {
std::function<void()> tmp;
std::swap(tmp, _func);
});
- auto task_context_holder = _task_context_holder.lock();
- if (!task_context_holder) {
- return;
- }
-
auto shared_state_holder = _shared_state_holder.lock();
if (!shared_state_holder) {
return;
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org
