Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-1992

heap-use-after-free when running threadlocal cache destructor

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 1.4.0
    • Fix Version/s: 1.4.0
    • Component/s: cfile, util
    • Labels:
      None
    • Target Version/s:

      Description

      After KUDU-680, we started to see the occasional heap-use-after-free when destructing the new thread-local cache. The issue seems to be:

      • the thread uses LongAdder somewhere, which allocates a threadlocal 'struct HashCode'
      • the thread also uses the threadlocal block cache

      On thread destruction, we are running the LongAdder HashCode destructor first, and then running the threadlocal cache destructor. The threadlocal cache runs 'Release()' on the cached blocks, which tries to update the cache's LongAdder-based metrics. This then accesses the hashcode threadlocal which has already been destructed.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                tlipcon Todd Lipcon
                Reporter:
                tlipcon Todd Lipcon
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: