[Bug] BE coredump for 'ferror(nullptr)' in UserFunctionCache #6330
Description
In function doris::UserFunctionCache::_download_lib(), ferror(fp.get()) will trigger BE coredump if it failed to open file tmp_file and fpis nullptr.
The stack is following:
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/home/work/app/doris/c3prc-ga/be/package/be/lib/palo_be'.
Program terminated with signal 11, Segmentation fault.
#0 0x00007f1bc7a4f060 in ferror () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install glibc-2.17-157.el7_3.1.x86_64 libgcc-4.8.5-28.el7_5.1.x86_64 zlib-1.2.7-17.el7.x86_64
(gdb) bt
#0 0x00007f1bc7a4f060 in ferror () from /lib64/libc.so.6
#1 0x0000000000ff30c9 in doris::UserFunctionCache::_download_lib (this=this@entry=0x36e4fe0 <doris::UserFunctionCache::instance()::s_cache>, url=..., entry=entry@entry=0x7c0447930)
at /builds/BkUi_hk7/0/olap/doris/be/src/runtime/user_function_cache.cpp:318
#2 0x0000000000ff3647 in doris::UserFunctionCache::_load_cache_entry (this=this@entry=0x36e4fe0 <doris::UserFunctionCache::instance()::s_cache>, url=..., entry=entry@entry=0x7c0447930)
at /builds/BkUi_hk7/0/olap/doris/be/src/runtime/user_function_cache.cpp:300
#3 0x0000000000ff3df8 in doris::UserFunctionCache::_get_cache_entry (this=this@entry=0x36e4fe0 <doris::UserFunctionCache::instance()::s_cache>, fid=331008248, url=..., checksum=...,
output_entry=output_entry@entry=0x7f16e495d8a0) at /builds/BkUi_hk7/0/olap/doris/be/src/runtime/user_function_cache.cpp:262
#4 0x0000000000ff5ac6 in doris::UserFunctionCache::get_function_ptr (this=0x36e4fe0 <doris::UserFunctionCache::instance()::s_cache>, fid=331008248, orig_symbol=..., url=..., checksum=..., fn_ptr=0x42b6dc7a0,
output_entry=0x42b6dc408) at /builds/BkUi_hk7/0/olap/doris/be/src/runtime/user_function_cache.cpp:208
#5 0x0000000001630203 in doris::AggFn::Init (this=0x42b6dc400, row_desc=..., state=<optimized out>) at /builds/BkUi_hk7/0/olap/doris/be/src/exprs/agg_fn.cc:93
#6 0x0000000001631d08 in doris::AggFn::Create (texpr=..., row_desc=..., intermediate_slot_desc=..., output_slot_desc=..., state=state@entry=0x736b76000, agg_fn=0x7f16e495dc78)
at /builds/BkUi_hk7/0/olap/doris/be/src/exprs/agg_fn.cc:147
#7 0x0000000001590cee in doris::PartitionedAggregationNode::init (this=0x85f463b80, tnode=..., state=0x736b76000) at /builds/BkUi_hk7/0/olap/doris/be/src/exec/partitioned_aggregation_node.cc:179
#8 0x00000000014c9108 in doris::ExecNode::create_tree_helper (state=0x736b76000, pool=0x37a48a460, tnodes=..., descs=..., parent=parent@entry=0x0, node_idx=<optimized out>, root=0x44ba7db78)
at /builds/BkUi_hk7/0/olap/doris/be/src/exec/exec_node.cpp:323
#9 0x00000000014c9369 in doris::ExecNode::create_tree (state=<optimized out>, pool=<optimized out>, plan=..., descs=..., root=root@entry=0x44ba7db78)
at /builds/BkUi_hk7/0/olap/doris/be/src/exec/exec_node.cpp:274
#10 0x000000000109add1 in doris::PlanFragmentExecutor::prepare (this=this@entry=0x44ba7db70, request=...) at /builds/BkUi_hk7/0/olap/doris/be/src/runtime/plan_fragment_executor.cpp:149
#11 0x000000000101bb04 in doris::FragmentExecState::prepare (this=this@entry=0x44ba7db00, params=...) at /builds/BkUi_hk7/0/olap/doris/be/src/runtime/fragment_mgr.cpp:195
#12 0x000000000101e664 in doris::FragmentMgr::exec_plan_fragment(doris::TExecPlanFragmentParams const&, std::function<void (doris::PlanFragmentExecutor*)>) (this=this@entry=0x64b4600, params=..., cb=...)
at /builds/BkUi_hk7/0/olap/doris/be/src/runtime/fragment_mgr.cpp:472
#13 0x000000000101ee42 in doris::FragmentMgr::exec_plan_fragment (this=0x64b4600, params=...) at /builds/BkUi_hk7/0/olap/doris/be/src/runtime/fragment_mgr.cpp:450
#14 0x00000000010f5d66 in doris::PInternalServiceImpl<doris::PBackendService>::_exec_plan_fragment (this=0xb67663800, cntl=<optimized out>)
at /builds/BkUi_hk7/0/olap/doris/be/src/service/internal_service.cpp:155
#15 0x00000000010f5e82 in doris::PInternalServiceImpl<doris::PBackendService>::exec_plan_fragment (this=<optimized out>, cntl_base=<optimized out>, request=<optimized out>, response=0x8c1d13760,
done=0x106e4a00) at /builds/BkUi_hk7/0/olap/doris/be/src/service/internal_service.cpp:85
#16 0x00000000013f342c in doris::PBackendService::CallMethod (this=<optimized out>, method=<optimized out>, controller=<optimized out>, request=<optimized out>, response=<optimized out>, done=<optimized out>)
at /builds/BkUi_hk7/0/olap/doris/gensrc/build/gen_cpp/internal_service.pb.cc:11792
#17 0x0000000001cb2481 in brpc::policy::ProcessRpcRequest (msg_base=0x2d0aac000) at /root/doris/doris/thirdparty/src/brpc-0.9.5-mdh/src/brpc/policy/baidu_rpc_protocol.cpp:495
#18 0x0000000001ca7657 in brpc::ProcessInputMessage (void_arg=void_arg@entry=0x2d0aac000) at /root/doris/doris/thirdparty/src/brpc-0.9.5-mdh/src/brpc/input_messenger.cpp:133
#19 0x0000000001ca84d1 in operator() (this=<optimized out>, last_msg=0x2d0aac000) at /root/doris/doris/thirdparty/src/brpc-0.9.5-mdh/src/brpc/input_messenger.cpp:139
#20 brpc::InputMessenger::OnNewMessages (m=0x334f28000) at /usr/include/c++/7.3.0/bits/unique_ptr.h:268
#21 0x0000000001d5139d in brpc::Socket::ProcessEvent (arg=0x334f28000) at /root/doris/doris/thirdparty/src/brpc-0.9.5-mdh/src/brpc/socket.cpp:1077
#22 0x0000000001e03597 in bthread::TaskGroup::task_runner (skip_remained=<optimized out>) at /root/doris/doris/thirdparty/src/brpc-0.9.5-mdh/src/bthread/task_group.cpp:293
#23 0x0000000001def961 in bthread_make_fcontext ()
Cannot access memory at address 0x7f16e495f000
(gdb)
Cause:
ferror(nullptr) will trigger BE coredump.
Validation:
#include <iostream>
#include <string>
using namespace std;
int main() {
FILE* fp = nullptr;
cout << "error=" << ferror(fp);
return 0;
}
Process will exit with the message: Process finished with exit code 139 (interrupted by signal 11: SIGSEGV)