Bug #13740

librbd: crash on open of image with missing header

Added by Josh Durgin about 3 years ago. Updated about 3 years ago.

Target version:
Start date:
Due date:
% Done:


3 - minor
Affected Versions:
Pull request ID:


This happens because perfcounters are no longer initialized before errors can occur, and they're used in the cleanup path in cases like a missing header.

Related issues

Related to rbd - Bug #11433: librbd: crash cleaning up non-existent image Resolved 04/20/2015

Associated revisions

Revision dd5a263b (diff)
Added by Jason Dillaman about 3 years ago

librbd: perf counters might not be initialized on error

Fixes: #13740
Signed-off-by: Jason Dillaman <>


#1 Updated by Josh Durgin about 3 years ago

  • Related to Bug #11433: librbd: crash cleaning up non-existent image added

#2 Updated by Josh Durgin about 3 years ago

Partial fix, still failing the workunit, now in a different way:

diff --git a/src/librbd/ b/src/librbd/
index 50c0b02..1a9c841 100644
--- a/src/librbd/
+++ b/src/librbd/
@@ -9,6 +9,8 @@
 #include "common/errno.h" 
 #include "common/perf_counters.h" 

+#include "include/stringify.h" 
 #include "librbd/AsyncOperation.h" 
 #include "librbd/AsyncRequest.h" 
 #include "librbd/AsyncResizeRequest.h" 
@@ -135,6 +137,9 @@ public:

   int ImageCtx::init() {
     int r;
+    // initialize perfcounters before any failures can occur, so we
+    // don't need to check if it's initialized in cleanup paths
+    perf_start(stringify(this));

     if (id.length()) {
       old_format = false;
@@ -187,7 +192,7 @@ public:
       pname += snap_name;

-    perf_start(pname);
+    perfcounter->set_name(pname);

     if (cache) {
       Mutex::Locker l(cache_lock);
@@ -275,7 +280,7 @@ public:
                   << dendl;

-  void ImageCtx::perf_start(string name) {
+  void ImageCtx::perf_start(const string &name) {
     PerfCountersBuilder plb(cct, name, l_librbd_first, l_librbd_last);

     plb.add_u64_counter(l_librbd_rd, "rd", "Reads");
diff --git a/src/librbd/ImageCtx.h b/src/librbd/ImageCtx.h
index bfddf80..8a0c78d 100644
--- a/src/librbd/ImageCtx.h
+++ b/src/librbd/ImageCtx.h
@@ -175,7 +175,7 @@ namespace librbd {
     int init();
     void init_layout();
-    void perf_start(std::string name);
+    void perf_start(const std::string &name);
     void perf_stop();
     void set_read_flag(unsigned flag);
     int get_read_flags(librados::snap_t snap_id);

Core was generated by `/home/jdurgin/ceph/src/.libs/lt-rbd copy test/test9 test10'.
Program terminated with signal SIGABRT, Aborted.
#0  0x00007f612a5bd62b in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/pt-raise.c:37
37        return INLINE_SYSCALL (tgkill, 3, pid, THREAD_GETMEM (THREAD_SELF, tid),
Missing separate debuginfos, use: debuginfo-install boost-program-options-1.54.0-10.fc20.x86_64 boost-random-1.54.0-10.fc20.x86_64 boost-regex-1.54.0-10.fc20.x86_64 boost-system-1.54.0-10.fc20.x86_64 boost-thread-1.54.0-10.fc20.x86_64 keyutils-libs-1.5.9-1.fc20.x86_64 libblkid-2.24.2-2.fc20.x86_64 libgcc-4.8.3-7.fc20.x86_64 libicu-50.1.2-10.fc20.x86_64 libselinux-2.2.1-6.fc20.x86_64 libstdc++-4.8.3-7.fc20.x86_64 libuuid-2.24.2-2.fc20.x86_64 lttng-ust-2.3.0-1.fc20.x86_64 nspr-4.10.7-1.fc20.x86_64 nss-3.17.2-1.fc20.x86_64 nss-softokn-3.17.2-1.fc20.x86_64 nss-softokn-freebl-3.17.2-1.fc20.x86_64 nss-util-3.17.2-1.fc20.x86_64 pcre-8.33-6.fc20.x86_64 sqlite-3.8.1-2.fc20.x86_64 systemd-libs-208-28.fc20.x86_64 userspace-rcu-0.7.7-2.fc20.x86_64 xz-libs-5.1.2-12alpha.fc20.x86_64 zlib-1.2.8-3.fc20.x86_64
(gdb) bt
#0  0x00007f612a5bd62b in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/pt-raise.c:37
#1  0x00007f613075d16d in reraise_fatal (signum=6) at global/
#2  handle_fatal_signal (signum=6) at global/
#3  <signal handler called>
#4  0x00007f6129279c59 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#5  0x00007f612927b368 in __GI_abort () at abort.c:89
#6  0x00007f6129b80dd5 in __gnu_cxx::__verbose_terminate_handler() () from /lib64/
#7  0x00007f6129b7ed46 in ?? () from /lib64/
#8  0x00007f6129b7dd09 in ?? () from /lib64/
#9  0x00007f6129b7e974 in __gxx_personality_v0 () from /lib64/
#10 0x00007f6129612913 in ?? () from /lib64/
#11 0x00007f6129612e47 in _Unwind_Resume () from /lib64/
#12 0x00007f612db3da9c in ~Locker (this=<synthetic pointer>, __in_chrg=<optimized out>) at ./common/Mutex.h:118
#13 PerfCountersCollection::remove (this=0x7f6133579200, l=0x7f6133601730) at common/
#14 0x00007f612d98e485 in librbd::ImageCtx::perf_stop (this=0x7f61335f8830) at librbd/
#15 0x00007f612d991c62 in librbd::ImageCtx::~ImageCtx (this=0x7f61335f8830, __in_chrg=<optimized out>) at librbd/
#16 0x00007f612d9bdc1b in librbd::close_image (ictx=ictx@entry=0x7f61335f8830) at librbd/
#17 0x00007f612d9c99c7 in librbd::copy (src=<optimized out>, dest_md_ctx=..., destname=<optimized out>, prog_ctx=...) at librbd/
#18 0x00007f612d958576 in librbd::Image::copy_with_progress (this=0x7fff47dc1200, dest_io_ctx=..., destname=0x7f6133577ab8 "test10", pctx=...) at librbd/
#19 0x00007f613066f255 in do_copy (no_progress=<optimized out>, destname=<optimized out>, dest_pp=..., src=...) at tools/rbd/action/
#20 rbd::action::copy::execute (vm=...) at tools/rbd/action/
#21 0x00007f613065c9cb in rbd::Shell::execute (this=this@entry=0x7fff47dc173f, arg_count=arg_count@entry=4, arg_values=arg_values@entry=0x7fff47dc1858) at tools/rbd/
#22 0x00007f6130638c22 in main (argc=4, argv=0x7fff47dc1858) at tools/rbd/

#3 Updated by Jason Dillaman about 3 years ago

  • Status changed from New to In Progress
  • Assignee set to Jason Dillaman

#4 Updated by Jason Dillaman about 3 years ago

  • Status changed from In Progress to Need Review

#5 Updated by Jason Dillaman about 3 years ago

  • Status changed from Need Review to Resolved

Also available in: Atom PDF