Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The hard core inner variable name will use the same place of variable map and lead to race condition #4845

Closed
Shylock-Hg opened this issue Nov 9, 2022 · 0 comments · Fixed by #4850
Closed

The hard core inner variable name will use the same place of variable map and lead to race condition #4845

Shylock-Hg opened this issue Nov 9, 2022 · 0 comments · Fixed by #4850
Assignees
@Shylock-Hg
Labels
severity/minor Severity of bug type/bug/availability Bugs that cause availability trobules such as crashing the services. type/bug Type: something is unexpected

Comments

@Shylock-Hg
Copy link
Contributor

Shylock-Hg commented Nov 9, 2022
edited
Loading

Please check the FAQ documentation before raising an issue

Describe the bug (required)
e.g.

nebula/src/graph/planner/match/MatchSolver.cpp

Line 242 in d9c4a6c

expr = ListComprehensionExpression::make( 

=================================================================
==2656298==ERROR: AddressSanitizer: heap-use-after-free on address 0x61500011c180 at pc 0x0000022508a5 bp 0x7f1a4eb3a3b0 sp 0x7f1a4eb3a3a0
READ of size 1 at 0x61500011c180 thread T16 (executor-pri3-4)
    #0 0x22508a4 in nebula::graph::Result::Core::Core(nebula::graph::Result::Core&&) src/graph/context/Result.h:76
    #1 0x2250bf5 in nebula::graph::Result::Result(nebula::graph::Result&&) src/graph/context/Result.h:20
    #2 0x2250bf5 in void __gnu_cxx::new_allocator<nebula::graph::Result>::construct<nebula::graph::Result, nebula::graph::Result>(nebula::graph::Result*, nebula::graph::Result&&) /usr/include/c++/9/ext/new_allocator.h:146
    #3 0x2250bf5 in void std::allocator_traits<std::allocator<nebula::graph::Result> >::construct<nebula::graph::Result, nebula::graph::Result>(std::allocator<nebula::graph::Result>&, nebula::graph::Result*, nebula::graph::Result&&) /usr/include/c++/9/bits/alloc_traits.h:483
    #4 0x2250bf5 in void std::__relocate_object_a<nebula::graph::Result, nebula::graph::Result, std::allocator<nebula::graph::Result> >(nebula::graph::Result*, nebula::graph::Result*, std::allocator<nebula::graph::Result>&) /usr/include/c++/9/bits/stl_uninitialized.h:912
    #5 0x2250bf5 in nebula::graph::Result* std::__relocate_a_1<nebula::graph::Result*, nebula::graph::Result*, std::allocator<nebula::graph::Result> >(nebula::graph::Result*, nebula::graph::Result*, nebula::graph::Result*, std::allocator<nebula::graph::Result>&) /usr/include/c++/9/bits/stl_uninitialized.h:950
    #6 0x2250bf5 in nebula::graph::Result* std::__relocate_a<nebula::graph::Result*, nebula::graph::Result*, std::allocator<nebula::graph::Result> >(nebula::graph::Result*, nebula::graph::Result*, nebula::graph::Result*, std::allocator<nebula::graph::Result>&) /usr/include/c++/9/bits/stl_uninitialized.h:964
    #7 0x2250bf5 in std::vector<nebula::graph::Result, std::allocator<nebula::graph::Result> >::_S_do_relocate(nebula::graph::Result*, nebula::graph::Result*, nebula::graph::Result*, std::allocator<nebula::graph::Result>&, std::integral_constant<bool, true>) /usr/include/c++/9/bits/stl_vector.h:453
    #8 0x2250bf5 in std::vector<nebula::graph::Result, std::allocator<nebula::graph::Result> >::_S_relocate(nebula::graph::Result*, nebula::graph::Result*, nebula::graph::Result*, std::allocator<nebula::graph::Result>&) /usr/include/c++/9/bits/stl_vector.h:466
    #9 0x2250bf5 in void std::vector<nebula::graph::Result, std::allocator<nebula::graph::Result> >::_M_realloc_insert<nebula::graph::Result>(__gnu_cxx::__normal_iterator<nebula::graph::Result*, std::vector<nebula::graph::Result, std::allocator<nebula::graph::Result> > >, nebula::graph::Result&&) /usr/include/c++/9/bits/vector.tcc:461
    #10 0x2251583 in nebula::graph::Result& std::vector<nebula::graph::Result, std::allocator<nebula::graph::Result> >::emplace_back<nebula::graph::Result>(nebula::graph::Result&&) /usr/include/c++/9/bits/vector.tcc:121
    # 11 0x224e58f in nebula::graph::ExecutionContext::setResult(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, nebula::graph::Result&&) src/graph/context/ExecutionContext.cpp:22
    #12 0x224e58f in nebula::graph::ExecutionContext::setValue(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, nebula::Value&&) src/graph/context/ExecutionContext.cpp:17
    #13 0x224cc4f in nebula::graph::QueryExpressionContext::setVar(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, nebula::Value) src/graph/context/QueryExpressionContext.cpp:96
    #14 0x55e22c9 in nebula::ListComprehensionExpression::eval(nebula::ExpressionContext&) src/common/expression/ListComprehensionExpression.cpp:34
    #15 0x1e0cd9a in nebula::graph::ProjectExecutor::execute() src/graph/executor/query/ProjectExecutor.cpp:26
    #16 0x2227355 in nebula::graph::AsyncMsgNotifyBasedScheduler::execute(nebula::graph::Executor*) const src/graph/scheduler/AsyncMsgNotifyBasedScheduler.cpp:221
    #17 0x2229bb9 in operator()<std::vector<nebula::Status> > src/graph/scheduler/AsyncMsgNotifyBasedScheduler.cpp:158
    #18 0x222a274 in operator() build/third-party/install/include/folly/futures/Future-inl.h:101
    #19 0x222a274 in wrapResult<folly::futures::detail::wrapInvoke(folly::Try<T>&&, F&&) [with T = std::vector<nebula::Status>; F = nebula::graph::AsyncMsgNotifyBasedScheduler::runExecutor(std::vector<folly::Future<nebula::Status> >&&, nebula::graph::Executor*, folly::Executor*) const::<lambda(auto:182&&)>]::<lambda()> > build/third-party/install/include/folly/futures/Future-inl.h:73
    #20 0x222a274 in wrapInvoke<std::vector<nebula::Status>, nebula::graph::AsyncMsgNotifyBasedScheduler::runExecutor(std::vector<folly::Future<nebula::Status> >&&, nebula::graph::Executor*, folly::Executor*) const::<lambda(auto:182&&)> > build/third-party/install/include/folly/futures/Future-inl.h:108
    #21 0x222a274 in operator() build/third-party/install/include/folly/futures/Future-inl.h:991
    #22 0x222a274 in invoke<folly::Executor::KeepAlive<folly::Executor>, folly::Try<std::vector<nebula::Status, std::allocator<nebula::Status> > > > build/third-party/install/include/folly/futures/Future-inl.h:144
    #23 0x222a274 in operator() build/third-party/install/include/folly/futures/Future-inl.h:149
    #24 0x222a274 in makeTryWithNoUnwrap<folly::futures::detail::CoreCallbackState<T, F>::tryInvoke(Args&& ...) [with Args = {folly::Executor::KeepAlive<folly::Executor>, folly::Try<std::vector<nebula::Status, std::allocator<nebula::Status> > >}; T = nebula::Status; F = folly::Future<T>::thenValue(F&&) && [with F = nebula::graph::AsyncMsgNotifyBasedScheduler::runExecutor(std::vector<folly::Future<nebula::Status> >&&, nebula::graph::Executor*, folly::Executor*) const::<lambda(auto:182&&)>; T = std::vector<nebula::Status>]::<lambda(folly::Executor::KeepAlive<>&&, folly::Try<std::vector<nebula::Status> >&&)>]::<lambda()> > build/third-party/install/include/folly/Try-inl.h:257
    #25 0x222a274 in makeTryWith<folly::futures::detail::CoreCallbackState<T, F>::tryInvoke(Args&& ...) [with Args = {folly::Executor::KeepAlive<folly::Executor>, folly::Try<std::vector<nebula::Status, std::allocator<nebula::Status> > >}; T = nebula::Status; F = folly::Future<T>::thenValue(F&&) && [with F = nebula::graph::AsyncMsgNotifyBasedScheduler::runExecutor(std::vector<folly::Future<nebula::Status> >&&, nebula::graph::Executor*, folly::Executor*) const::<lambda(auto:182&&)>; T = std::vector<nebula::Status>]::<lambda(folly::Executor::KeepAlive<>&&, folly::Try<std::vector<nebula::Status> >&&)>]::<lambda()> > build/third-party/install/include/folly/Try-inl.h:279
    #26 0x222a274 in tryInvoke<folly::Executor::KeepAlive<folly::Executor>, folly::Try<std::vector<nebula::Status, std::allocator<nebula::Status> > > > build/third-party/install/include/folly/futures/Future-inl.h:149
    #27 0x222a274 in tryInvoke<folly::futures::detail::tryExecutorCallableResult<std::vector<nebula::Status>, folly::Future<T>::thenValue(F&&) && [with F = nebula::graph::AsyncMsgNotifyBasedScheduler::runExecutor(std::vector<folly::Future<nebula::Status> >&&, nebula::graph::Executor*, folly::Executor*) const::<lambda(auto:182&&)>; T = std::vector<nebula::Status>]::<lambda(folly::Executor::KeepAlive<>&&, folly::Try<std::vector<nebula::Status> >&&)>, void>, folly::futures::detail::CoreCallbackState<nebula::Status, folly::Future<T>::thenValue(F&&) && [with F = nebula::graph::AsyncMsgNotifyBasedScheduler::runExecutor(std::vector<folly::Future<nebula::Status> >&&, nebula::graph::Executor*, folly::Executor*) const::<lambda(auto:182&&)>; T = std::vector<nebula::Status>]::<lambda(folly::Executor::KeepAlive<>&&, folly::Try<std::vector<nebula::Status> >&&)> >, std::vector<nebula::Status> > build/third-party/install/include/folly/futures/Future-inl.h:349
    #28 0x222a274 in operator() build/third-party/install/include/folly/futures/Future-inl.h:436
    #29 0x222a274 in operator() build/third-party/install/include/folly/futures/detail/Core.h:637
    #30 0x222a274 in callSmall<folly::futures::detail::Core<T>::setCallback(F&&, std::shared_ptr<folly::RequestContext>&&, folly::futures::detail::InlineContinuation) [with F = folly::futures::detail::FutureBase<T>::thenImplementation(F&&, R, folly::futures::detail::InlineContinuation) [with F = folly::Future<T>::thenValue(F&&) && [with F = nebula::graph::AsyncMsgNotifyBasedScheduler::runExecutor(std::vector<folly::Future<nebula::Status> >&&, nebula::graph::Executor*, folly::Executor*) const::<lambda(auto:182&&)>; T = std::vector<nebula::Status>]::<lambda(folly::Executor::KeepAlive<>&&, folly::Try<std::vector<nebula::Status> >&&)>; R = folly::futures::detail::tryExecutorCallableResult<std::vector<nebula::Status>, folly::Future<T>::thenValue(F&&) && [with F = nebula::graph::AsyncMsgNotifyBasedScheduler::runExecutor(std::vector<folly::Future<nebula::Status> >&&, nebula::graph::Executor*, folly::Executor*) const::<lambda(auto:182&&)>; T = std::vector<nebula::Status>]::<lambda(folly::Executor::KeepAlive<>&&, folly::Try<std::vector<nebula::Status> >&&)>, void>; T = std::vector<nebula::Status>]::<lambda(folly::Executor::KeepAlive<>&&, folly::Try<std::vector<nebula::Status> >&&)>; T = std::vector<nebula::Status>]::<lambda(folly::futures::detail::CoreBase&, folly::Executor::KeepAlive<>&&, folly::exception_wrapper*)> > build/third-party/install/include/folly/Function.h:371
    #31 0x5f1320b  (/home/sunny.liu/nebula-ent-3.1.2-21103/bin/nebula-graphd+0x5f1320b)
    #32 0x58bc156 in virtual thunk to apache::thrift::concurrency::FunctionRunner::run() (/home/sunny.liu/nebula-ent-3.1.2-21103/bin/nebula-graphd+0x58bc156)
    #33 0x59fbaa7 in apache::thrift::concurrency::ThreadManager::Impl::Worker::run() (/home/sunny.liu/nebula-ent-3.1.2-21103/bin/nebula-graphd+0x59fbaa7)
    #34 0x59fdbad in apache::thrift::concurrency::PthreadThread::threadMain(void*) (/home/sunny.liu/nebula-ent-3.1.2-21103/bin/nebula-graphd+0x59fdbad)
    #35 0x7f1a62559608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477
    #36 0x7f1a6247c132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132)

0x61500011c180 is located 0 bytes inside of 512-byte region [0x61500011c180,0x61500011c380)
freed by thread T15 (executor-pri3-3) here:
    #0 0x7f1a627ff51f in operator delete(void*) ../../../../src/libsanitizer/asan/asan_new_delete.cc:165
    #1 0x2251018 in __gnu_cxx::new_allocator<nebula::graph::Result>::deallocate(nebula::graph::Result*, unsigned long) /usr/include/c++/9/ext/new_allocator.h:128
    #2 0x2251018 in std::allocator_traits<std::allocator<nebula::graph::Result> >::deallocate(std::allocator<nebula::graph::Result>&, nebula::graph::Result*, unsigned long) /usr/include/c++/9/bits/alloc_traits.h:469
    #3 0x2251018 in std::_Vector_base<nebula::graph::Result, std::allocator<nebula::graph::Result> >::_M_deallocate(nebula::graph::Result*, unsigned long) /usr/include/c++/9/bits/stl_vector.h:351
    #4 0x2251018 in void std::vector<nebula::graph::Result, std::allocator<nebula::graph::Result> >::_M_realloc_insert<nebula::graph::Result>(__gnu_cxx::__normal_iterator<nebula::graph::Result*, std::vector<nebula::graph::Result, std::allocator<nebula::graph::Result> > >, nebula::graph::Result&&) /usr/include/c++/9/bits/vector.tcc:500
    #5 0x2251583 in nebula::graph::Result& std::vector<nebula::graph::Result, std::allocator<nebula::graph::Result> >::emplace_back<nebula::graph::Result>(nebula::graph::Result&&) /usr/include/c++/9/bits/vector.tcc:121
    #6 0x224e58f in nebula::graph::ExecutionContext::setResult(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, nebula::graph::Result&&) src/graph/context/ExecutionContext.cpp:22
    #7 0x224e58f in nebula::graph::ExecutionContext::setValue(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, nebula::Value&&) src/graph/context/ExecutionContext.cpp:17
    #8 0x224cc4f in nebula::graph::QueryExpressionContext::setVar(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, nebula::Value) src/graph/context/QueryExpressionContext.cpp:96
    #9 0x55e22c9 in nebula::ListComprehensionExpression::eval(nebula::ExpressionContext&) src/common/expression/ListComprehensionExpression.cpp:34
    #10 0x1e0cd9a in nebula::graph::ProjectExecutor::execute() src/graph/executor/query/ProjectExecutor.cpp:26
    #11 0x2227355 in nebula::graph::AsyncMsgNotifyBasedScheduler::execute(nebula::graph::Executor*) const src/graph/scheduler/AsyncMsgNotifyBasedScheduler.cpp:221
    #12 0x2229bb9 in operator()<std::vector<nebula::Status> > src/graph/scheduler/AsyncMsgNotifyBasedScheduler.cpp:158
    #13 0x222a274 in operator() build/third-party/install/include/folly/futures/Future-inl.h:101
    #14 0x222a274 in wrapResult<folly::futures::detail::wrapInvoke(folly::Try<T>&&, F&&) [with T = std::vector<nebula::Status>; F = nebula::graph::AsyncMsgNotifyBasedScheduler::runExecutor(std::vector<folly::Future<nebula::Status> >&&, nebula::graph::Executor*, folly::Executor*) const::<lambda(auto:182&&)>]::<lambda()> > build/third-party/install/include/folly/futures/Future-inl.h:73
    #15 0x222a274 in wrapInvoke<std::vector<nebula::Status>, nebula::graph::AsyncMsgNotifyBasedScheduler::runExecutor(std::vector<folly::Future<nebula::Status> >&&, nebula::graph::Executor*, folly::Executor*) const::<lambda(auto:182&&)> > build/third-party/install/include/folly/futures/Future-inl.h:108
    #16 0x222a274 in operator() build/third-party/install/include/folly/futures/Future-inl.h:991
    #17 0x222a274 in invoke<folly::Executor::KeepAlive<folly::Executor>, folly::Try<std::vector<nebula::Status, std::allocator<nebula::Status> > > > build/third-party/install/include/folly/futures/Future-inl.h:144
    #18 0x222a274 in operator() build/third-party/install/include/folly/futures/Future-inl.h:149
    #19 0x222a274 in makeTryWithNoUnwrap<folly::futures::detail::CoreCallbackState<T, F>::tryInvoke(Args&& ...) [with Args = {folly::Executor::KeepAlive<folly::Executor>, folly::Try<std::vector<nebula::Status, std::allocator<nebula::Status> > >}; T = nebula::Status; F = folly::Future<T>::thenValue(F&&) && [with F = nebula::graph::AsyncMsgNotifyBasedScheduler::runExecutor(std::vector<folly::Future<nebula::Status> >&&, nebula::graph::Executor*, folly::Executor*) const::<lambda(auto:182&&)>; T = std::vector<nebula::Status>]::<lambda(folly::Executor::KeepAlive<>&&, folly::Try<std::vector<nebula::Status> >&&)>]::<lambda()> > build/third-party/install/include/folly/Try-inl.h:257
    #20 0x222a274 in makeTryWith<folly::futures::detail::CoreCallbackState<T, F>::tryInvoke(Args&& ...) [with Args = {folly::Executor::KeepAlive<folly::Executor>, folly::Try<std::vector<nebula::Status, std::allocator<nebula::Status> > >}; T = nebula::Status; F = folly::Future<T>::thenValue(F&&) && [with F = nebula::graph::AsyncMsgNotifyBasedScheduler::runExecutor(std::vector<folly::Future<nebula::Status> >&&, nebula::graph::Executor*, folly::Executor*) const::<lambda(auto:182&&)>; T = std::vector<nebula::Status>]::<lambda(folly::Executor::KeepAlive<>&&, folly::Try<std::vector<nebula::Status> >&&)>]::<lambda()> > build/third-party/install/include/folly/Try-inl.h:279
    #21 0x222a274 in tryInvoke<folly::Executor::KeepAlive<folly::Executor>, folly::Try<std::vector<nebula::Status, std::allocator<nebula::Status> > > > build/third-party/install/include/folly/futures/Future-inl.h:149
    #22 0x222a274 in tryInvoke<folly::futures::detail::tryExecutorCallableResult<std::vector<nebula::Status>, folly::Future<T>::thenValue(F&&) && [with F = nebula::graph::AsyncMsgNotifyBasedScheduler::runExecutor(std::vector<folly::Future<nebula::Status> >&&, nebula::graph::Executor*, folly::Executor*) const::<lambda(auto:182&&)>; T = std::vector<nebula::Status>]::<lambda(folly::Executor::KeepAlive<>&&, folly::Try<std::vector<nebula::Status> >&&)>, void>, folly::futures::detail::CoreCallbackState<nebula::Status, folly::Future<T>::thenValue(F&&) && [with F = nebula::graph::AsyncMsgNotifyBasedScheduler::runExecutor(std::vector<folly::Future<nebula::Status> >&&, nebula::graph::Executor*, folly::Executor*) const::<lambda(auto:182&&)>; T = std::vector<nebula::Status>]::<lambda(folly::Executor::KeepAlive<>&&, folly::Try<std::vector<nebula::Status> >&&)> >, std::vector<nebula::Status> > build/third-party/install/include/folly/futures/Future-inl.h:349
    #23 0x222a274 in operator() build/third-party/install/include/folly/futures/Future-inl.h:436
    #24 0x222a274 in operator() build/third-party/install/include/folly/futures/detail/Core.h:637
    #25 0x222a274 in callSmall<folly::futures::detail::Core<T>::setCallback(F&&, std::shared_ptr<folly::RequestContext>&&, folly::futures::detail::InlineContinuation) [with F = folly::futures::detail::FutureBase<T>::thenImplementation(F&&, R, folly::futures::detail::InlineContinuation) [with F = folly::Future<T>::thenValue(F&&) && [with F = nebula::graph::AsyncMsgNotifyBasedScheduler::runExecutor(std::vector<folly::Future<nebula::Status> >&&, nebula::graph::Executor*, folly::Executor*) const::<lambda(auto:182&&)>; T = std::vector<nebula::Status>]::<lambda(folly::Executor::KeepAlive<>&&, folly::Try<std::vector<nebula::Status> >&&)>; R = folly::futures::detail::tryExecutorCallableResult<std::vector<nebula::Status>, folly::Future<T>::thenValue(F&&) && [with F = nebula::graph::AsyncMsgNotifyBasedScheduler::runExecutor(std::vector<folly::Future<nebula::Status> >&&, nebula::graph::Executor*, folly::Executor*) const::<lambda(auto:182&&)>; T = std::vector<nebula::Status>]::<lambda(folly::Executor::KeepAlive<>&&, folly::Try<std::vector<nebula::Status> >&&)>, void>; T = std::vector<nebula::Status>]::<lambda(folly::Executor::KeepAlive<>&&, folly::Try<std::vector<nebula::Status> >&&)>; T = std::vector<nebula::Status>]::<lambda(folly::futures::detail::CoreBase&, folly::Executor::KeepAlive<>&&, folly::exception_wrapper*)> > build/third-party/install/include/folly/Function.h:371
    #26 0x5f1320b  (/home/sunny.liu/nebula-ent-3.1.2-21103/bin/nebula-graphd+0x5f1320b)
    #27 0x58bc156 in virtual thunk to apache::thrift::concurrency::FunctionRunner::run() (/home/sunny.liu/nebula-ent-3.1.2-21103/bin/nebula-graphd+0x58bc156)
    #28 0x59fbaa7 in apache::thrift::concurrency::ThreadManager::Impl::Worker::run() (/home/sunny.liu/nebula-ent-3.1.2-21103/bin/nebula-graphd+0x59fbaa7)
    #29 0x59fdbad in apache::thrift::concurrency::PthreadThread::threadMain(void*) (/home/sunny.liu/nebula-ent-3.1.2-21103/bin/nebula-graphd+0x59fdbad)
    #30 0x7f1a62559608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477
    #31 0x7f1a6247c132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132)

previously allocated by thread T15 (executor-pri3-3) here:
    #0 0x7f1a627fe587 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cc:104
    #1 0x2250b12 in __gnu_cxx::new_allocator<nebula::graph::Result>::allocate(unsigned long, void const*) /usr/include/c++/9/ext/new_allocator.h:114
    #2 0x2250b12 in std::allocator_traits<std::allocator<nebula::graph::Result> >::allocate(std::allocator<nebula::graph::Result>&, unsigned long) /usr/include/c++/9/bits/alloc_traits.h:443
    #3 0x2250b12 in std::_Vector_base<nebula::graph::Result, std::allocator<nebula::graph::Result> >::_M_allocate(unsigned long) /usr/include/c++/9/bits/stl_vector.h:343
    #4 0x2250b12 in void std::vector<nebula::graph::Result, std::allocator<nebula::graph::Result> >::_M_realloc_insert<nebula::graph::Result>(__gnu_cxx::__normal_iterator<nebula::graph::Result*, std::vector<nebula::graph::Result, std::allocator<nebula::graph::Result> > >, nebula::graph::Result&&) /usr/include/c++/9/bits/vector.tcc:440
    #5 0x2251583 in nebula::graph::Result& std::vector<nebula::graph::Result, std::allocator<nebula::graph::Result> >::emplace_back<nebula::graph::Result>(nebula::graph::Result&&) /usr/include/c++/9/bits/vector.tcc:121
    #6 0x224e58f in nebula::graph::ExecutionContext::setResult(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, nebula::graph::Result&&) src/graph/context/ExecutionContext.cpp:22
    #7 0x224e58f in nebula::graph::ExecutionContext::setValue(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, nebula::Value&&) src/graph/context/ExecutionContext.cpp:17
    #8 0x224cc4f in nebula::graph::QueryExpressionContext::setVar(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, nebula::Value) src/graph/context/QueryExpressionContext.cpp:96
    #9 0x55e22c9 in nebula::ListComprehensionExpression::eval(nebula::ExpressionContext&) src/common/expression/ListComprehensionExpression.cpp:34
    #10 0x1e0cd9a in nebula::graph::ProjectExecutor::execute() src/graph/executor/query/ProjectExecutor.cpp:26
    #11 0x2227355 in nebula::graph::AsyncMsgNotifyBasedScheduler::execute(nebula::graph::Executor*) const src/graph/scheduler/AsyncMsgNotifyBasedScheduler.cpp:221
    #12 0x2229bb9 in operator()<std::vector<nebula::Status> > src/graph/scheduler/AsyncMsgNotifyBasedScheduler.cpp:158
    #13 0x222a274 in operator() build/third-party/install/include/folly/futures/Future-inl.h:101
    #14 0x222a274 in wrapResult<folly::futures::detail::wrapInvoke(folly::Try<T>&&, F&&) [with T = std::vector<nebula::Status>; F = nebula::graph::AsyncMsgNotifyBasedScheduler::runExecutor(std::vector<folly::Future<nebula::Status> >&&, nebula::graph::Executor*, folly::Executor*) const::<lambda(auto:182&&)>]::<lambda()> > build/third-party/install/include/folly/futures/Future-inl.h:73
    #15 0x222a274 in wrapInvoke<std::vector<nebula::Status>, nebula::graph::AsyncMsgNotifyBasedScheduler::runExecutor(std::vector<folly::Future<nebula::Status> >&&, nebula::graph::Executor*, folly::Executor*) const::<lambda(auto:182&&)> > build/third-party/install/include/folly/futures/Future-inl.h:108
    #16 0x222a274 in operator() build/third-party/install/include/folly/futures/Future-inl.h:991
    #17 0x222a274 in invoke<folly::Executor::KeepAlive<folly::Executor>, folly::Try<std::vector<nebula::Status, std::allocator<nebula::Status> > > > build/third-party/install/include/folly/futures/Future-inl.h:144
    #18 0x222a274 in operator() build/third-party/install/include/folly/futures/Future-inl.h:149
    #19 0x222a274 in makeTryWithNoUnwrap<folly::futures::detail::CoreCallbackState<T, F>::tryInvoke(Args&& ...) [with Args = {folly::Executor::KeepAlive<folly::Executor>, folly::Try<std::vector<nebula::Status, std::allocator<nebula::Status> > >}; T = nebula::Status; F = folly::Future<T>::thenValue(F&&) && [with F = nebula::graph::AsyncMsgNotifyBasedScheduler::runExecutor(std::vector<folly::Future<nebula::Status> >&&, nebula::graph::Executor*, folly::Executor*) const::<lambda(auto:182&&)>; T = std::vector<nebula::Status>]::<lambda(folly::Executor::KeepAlive<>&&, folly::Try<std::vector<nebula::Status> >&&)>]::<lambda()> > build/third-party/install/include/folly/Try-inl.h:257
    #20 0x222a274 in makeTryWith<folly::futures::detail::CoreCallbackState<T, F>::tryInvoke(Args&& ...) [with Args = {folly::Executor::KeepAlive<folly::Executor>, folly::Try<std::vector<nebula::Status, std::allocator<nebula::Status> > >}; T = nebula::Status; F = folly::Future<T>::thenValue(F&&) && [with F = nebula::graph::AsyncMsgNotifyBasedScheduler::runExecutor(std::vector<folly::Future<nebula::Status> >&&, nebula::graph::Executor*, folly::Executor*) const::<lambda(auto:182&&)>; T = std::vector<nebula::Status>]::<lambda(folly::Executor::KeepAlive<>&&, folly::Try<std::vector<nebula::Status> >&&)>]::<lambda()> > build/third-party/install/include/folly/Try-inl.h:279
    #21 0x222a274 in tryInvoke<folly::Executor::KeepAlive<folly::Executor>, folly::Try<std::vector<nebula::Status, std::allocator<nebula::Status> > > > build/third-party/install/include/folly/futures/Future-inl.h:149
    #22 0x222a274 in tryInvoke<folly::futures::detail::tryExecutorCallableResult<std::vector<nebula::Status>, folly::Future<T>::thenValue(F&&) && [with F = nebula::graph::AsyncMsgNotifyBasedScheduler::runExecutor(std::vector<folly::Future<nebula::Status> >&&, nebula::graph::Executor*, folly::Executor*) const::<lambda(auto:182&&)>; T = std::vector<nebula::Status>]::<lambda(folly::Executor::KeepAlive<>&&, folly::Try<std::vector<nebula::Status> >&&)>, void>, folly::futures::detail::CoreCallbackState<nebula::Status, folly::Future<T>::thenValue(F&&) && [with F = nebula::graph::AsyncMsgNotifyBasedScheduler::runExecutor(std::vector<folly::Future<nebula::Status> >&&, nebula::graph::Executor*, folly::Executor*) const::<lambda(auto:182&&)>; T = std::vector<nebula::Status>]::<lambda(folly::Executor::KeepAlive<>&&, folly::Try<std::vector<nebula::Status> >&&)> >, std::vector<nebula::Status> > build/third-party/install/include/folly/futures/Future-inl.h:349
    #23 0x222a274 in operator() build/third-party/install/include/folly/futures/Future-inl.h:436
    #24 0x222a274 in operator() build/third-party/install/include/folly/futures/detail/Core.h:637
    #25 0x222a274 in callSmall<folly::futures::detail::Core<T>::setCallback(F&&, std::shared_ptr<folly::RequestContext>&&, folly::futures::detail::InlineContinuation) [with F = folly::futures::detail::FutureBase<T>::thenImplementation(F&&, R, folly::futures::detail::InlineContinuation) [with F = folly::Future<T>::thenValue(F&&) && [with F = nebula::graph::AsyncMsgNotifyBasedScheduler::runExecutor(std::vector<folly::Future<nebula::Status> >&&, nebula::graph::Executor*, folly::Executor*) const::<lambda(auto:182&&)>; T = std::vector<nebula::Status>]::<lambda(folly::Executor::KeepAlive<>&&, folly::Try<std::vector<nebula::Status> >&&)>; R = folly::futures::detail::tryExecutorCallableResult<std::vector<nebula::Status>, folly::Future<T>::thenValue(F&&) && [with F = nebula::graph::AsyncMsgNotifyBasedScheduler::runExecutor(std::vector<folly::Future<nebula::Status> >&&, nebula::graph::Executor*, folly::Executor*) const::<lambda(auto:182&&)>; T = std::vector<nebula::Status>]::<lambda(folly::Executor::KeepAlive<>&&, folly::Try<std::vector<nebula::Status> >&&)>, void>; T = std::vector<nebula::Status>]::<lambda(folly::Executor::KeepAlive<>&&, folly::Try<std::vector<nebula::Status> >&&)>; T = std::vector<nebula::Status>]::<lambda(folly::futures::detail::CoreBase&, folly::Executor::KeepAlive<>&&, folly::exception_wrapper*)> > build/third-party/install/include/folly/Function.h:371
    #26 0x5f1320b  (/home/sunny.liu/nebula-ent-3.1.2-21103/bin/nebula-graphd+0x5f1320b)
    #27 0x58bc156 in virtual thunk to apache::thrift::concurrency::FunctionRunner::run() (/home/sunny.liu/nebula-ent-3.1.2-21103/bin/nebula-graphd+0x58bc156)
    #28 0x59fbaa7 in apache::thrift::concurrency::ThreadManager::Impl::Worker::run() (/home/sunny.liu/nebula-ent-3.1.2-21103/bin/nebula-graphd+0x59fbaa7)
    #29 0x59fdbad in apache::thrift::concurrency::PthreadThread::threadMain(void*) (/home/sunny.liu/nebula-ent-3.1.2-21103/bin/nebula-graphd+0x59fdbad)
    #30 0x7f1a62559608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477
    #31 0x7f1a6247c132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132)

Thread T16 (executor-pri3-4) created by T0 here:
    #0 0x7f1a62729815 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cc:208
    #1 0x59fda14 in apache::thrift::concurrency::PthreadThread::start() (/home/sunny.liu/nebula-ent-3.1.2-21103/bin/nebula-graphd+0x59fda14)
    #2 0x59eb39c in apache::thrift::concurrency::ThreadManager::Impl::addWorker(unsigned long) (/home/sunny.liu/nebula-ent-3.1.2-21103/bin/nebula-graphd+0x59eb39c)
    #3 0x59f359d in apache::thrift::concurrency::PriorityThreadManager::PriorityImpl::start() (/home/sunny.liu/nebula-ent-3.1.2-21103/bin/nebula-graphd+0x59f359d)
    #4 0x16ae8cd in nebula::graph::GraphServer::start() src/graph/service/GraphServer.cpp:31

Thread T15 (executor-pri3-3) created by T0 here:
    #0 0x7f1a62729815 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cc:208
    #1 0x59fda14 in apache::thrift::concurrency::PthreadThread::start() (/home/sunny.liu/nebula-ent-3.1.2-21103/bin/nebula-graphd+0x59fda14)
    #2 0x59eb39c in apache::thrift::concurrency::ThreadManager::Impl::addWorker(unsigned long) (/home/sunny.liu/nebula-ent-3.1.2-21103/bin/nebula-graphd+0x59eb39c)
    #3 0x59f359d in apache::thrift::concurrency::PriorityThreadManager::PriorityImpl::start() (/home/sunny.liu/nebula-ent-3.1.2-21103/bin/nebula-graphd+0x59f359d)
    #4 0x16ae8cd in nebula::graph::GraphServer::start() src/graph/service/GraphServer.cpp:31

SUMMARY: AddressSanitizer: heap-use-after-free src/graph/context/Result.h:76 in nebula::graph::Result::Core::Core(nebula::graph::Result::Core&&)
Shadow bytes around the buggy address:
  0x0c2a8001b7e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2a8001b7f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2a8001b800: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2a8001b810: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2a8001b820: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c2a8001b830:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2a8001b840: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2a8001b850: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2a8001b860: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2a8001b870: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2a8001b880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          
Load More

Your Environments (required)

  • OS: uname -a
  • Compiler: g++ --version or clang++ --version
  • CPU: lscpu
  • Commit id (e.g. a3ffc7d8)

How To Reproduce(required)

Steps to reproduce the behavior:

  1. Step 1
  2. Step 2
  3. Step 3

Expected behavior

Additional context
@Shylock-Hg Shylock-Hg added the type/bug Type: something is unexpected label Nov 9, 2022
@Shylock-Hg Shylock-Hg self-assigned this Nov 9, 2022
@Shylock-Hg Shylock-Hg changed the title The hard core inner variable will use the same place of variable map and lead to race condition The hard core inner variable name will use the same place of variable map and lead to race condition Nov 9, 2022
@Shylock-Hg Shylock-Hg mentioned this issue Nov 10, 2022
Merged
11 tasks
@jinyingsunny jinyingsunny added the severity/minor Severity of bug label Nov 10, 2022
@xtcyclist xtcyclist added the type/bug/availability Bugs that cause availability trobules such as crashing the services. label Nov 10, 2022
@wey-gu wey-gu mentioned this issue Nov 12, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Shylock-Hg Shylock-Hg

Labels
severity/minor Severity of bug type/bug/availability Bugs that cause availability trobules such as crashing the services. type/bug Type: something is unexpected
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix/inner variable race condition Shylock-Hg/nebula
3 participants
@xtcyclist @Shylock-Hg @jinyingsunny