Skip to content

branch-4.1: [fix](sync_point) Fix heap-use-after-free in SyncPoint during program exit #61040#61434

Merged
yiguolei merged 1 commit intobranch-4.1from
auto-pick-61040-branch-4.1
Mar 18, 2026
Merged

branch-4.1: [fix](sync_point) Fix heap-use-after-free in SyncPoint during program exit #61040#61434
yiguolei merged 1 commit intobranch-4.1from
auto-pick-61040-branch-4.1

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Mar 17, 2026

Cherry-picked from #61040

@wyxxxcat
[fix](sync_point) Fix heap-use-after-free in SyncPoint during program…
d3510f4 
… exit (#61040)

### What problem does this PR solve?

The SyncPoint singleton was being destroyed during program exit while
background bthread timers were still accessing it, causing
heap-use-after-free.

Changed get_instance() to return a never-destructed heap-allocated
pointer
instead of a stack-allocated static object to prevent destruction order
issues.

This is a standard pattern for singletons accessed by background
threads.

```
11:47:40       #0 0x5582a963153d in operator new(unsigned long) (/root/doris/cloud/ut_build_ASAN/test/recycler_test+0x122b53d) (BuildId: 1191affa24589f52)
11:47:40       #1 0x5582ab0aa52f in doris::SyncPoint::SyncPoint() /root/doris/common/cpp/sync_point.cpp:77:9
11:47:40       #2 0x5582ab0aa46b in doris::SyncPoint::get_instance() /root/doris/common/cpp/sync_point.cpp:73:20
11:47:40       #3 0x5582aae33ee8 in doris::cloud::memkv::Transaction::get(std::basic_string_view<char, std::char_traits<char>>, std::basic_string_view<char, std::char_traits<char>>, std::unique_ptr<doris::cloud::RangeGetIterator, std::default_delete<doris::cloud::RangeGetIterator>>*, bool, int) /root/doris/cloud/src/meta-store/mem_txn_kv.cpp:276:5
11:47:40       #4 0x5582a968f49f in doris::cloud::txn_get(doris::cloud::TxnKv*, std::basic_string_view<char, std::char_traits<char>>, std::basic_string_view<char, std::char_traits<char>>, std::unique_ptr<doris::cloud::RangeGetIterator, std::default_delete<doris::cloud::RangeGetIterator>>&) /root/doris/cloud/src/recycler/recycler.cpp:99:18
11:47:40       #5 0x5582a9657090 in doris::cloud::InstanceRecycler::scan_and_recycle(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::basic_string_view<char, std::char_traits<char>>, std::function<int (std::basic_string_view<char, std::char_traits<char>>, std::basic_string_view<char, std::char_traits<char>>)>, std::function<int ()>) /root/doris/cloud/src/recycler/recycler.cpp:2976:23
11:47:40       #6 0x5582a9686153 in doris::cloud::InstanceRecycler::recycle_rowsets() /root/doris/cloud/src/recycler/recycler.cpp:2587:15
11:47:40       #7 0x5582a96a8d47 in doris::cloud::RecyclerTest_recycle_empty_Test::TestBody() /root/doris/cloud/test/recycler_test.cpp:1136:5
```
@github-actions github-actions bot requested a review from yiguolei as a code owner March 17, 2026 11:31
@hello-stephen
Copy link
Contributor

hello-stephen commented Mar 17, 2026

Thank you for your contribution to Apache Doris.
Don't know what should be done next? See How to process your PR.

Please clearly describe your PR:

  1. What problem was fixed (it's best to include specific error reporting information). How it was fixed.
  2. Which behaviors were modified. What was the previous behavior, what is it now, why was it modified, and what possible impacts might there be.
  3. What features were added. Why was this function added?
  4. Which code was refactored and why was this part of the code refactored?
  5. Which functions were optimized and what is the difference before and after the optimization?

@dataroaring dataroaring reopened this Mar 17, 2026
@hello-stephen
Copy link
Contributor

hello-stephen commented Mar 17, 2026

run buildall

@hello-stephen
Copy link
Contributor

hello-stephen commented Mar 17, 2026

Cloud UT Coverage Report

Increment line coverage 🎉

Increment coverage report
Complete coverage report

Category Coverage
Function Coverage 79.06% (1786/2259)
Line Coverage 64.37% (31916/49580)
Region Coverage 65.22% (15976/24496)
Branch Coverage 55.76% (8495/15234)

@doris-robot
Copy link

doris-robot commented Mar 17, 2026

BE UT Coverage Report

Increment line coverage 🎉

Increment coverage report
Complete coverage report

Category Coverage
Function Coverage 52.90% (19343/36564)
Line Coverage 36.22% (180670/498747)
Region Coverage 32.72% (139670/426876)
Branch Coverage 33.72% (60772/180218)

@hello-stephen
Copy link
Contributor

hello-stephen commented Mar 18, 2026

run buildall

@hello-stephen
Copy link
Contributor

hello-stephen commented Mar 18, 2026

Cloud UT Coverage Report

Increment line coverage 🎉

Increment coverage report
Complete coverage report

Category Coverage
Function Coverage 79.06% (1786/2259)
Line Coverage 64.40% (31930/49580)
Region Coverage 65.21% (15974/24496)
Branch Coverage 55.76% (8495/15234)

@hello-stephen
Copy link
Contributor

hello-stephen commented Mar 18, 2026

BE UT Coverage Report

Increment line coverage 🎉

Increment coverage report
Complete coverage report

Category Coverage
Function Coverage 52.83% (19343/36613)
Line Coverage 36.18% (180668/499412)
Region Coverage 32.64% (139594/427634)
Branch Coverage 33.65% (60774/180591)

@yiguolei yiguolei merged commit 921fcc0 into branch-4.1 Mar 18, 2026
28 of 30 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yiguolei yiguolei yiguolei approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@hello-stephen @doris-robot @yiguolei @dataroaring @wyxxxcat