Actions
Bug #24486
closedosd: segv in Session::have_backoff
Status:
Resolved
Priority:
High
Assignee:
-
Category:
-
Target version:
-
% Done:
0%
Source:
Tags:
Backport:
mimic,luminous
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(RADOS):
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
2018-06-09 23:36:57.443 7f871a82e700 -1 *** Caught signal (Segmentation fault) ** in thread 7f871a82e700 thread_name:tp_osd_tp ceph version 14.0.0-421-g63faa8d (63faa8df3753877bdbf212fbe724730aa68b0086) nautilus (dev) 1: (()+0x8ed7f0) [0x55c35fdd37f0] 2: (()+0xf6d0) [0x7f87433d16d0] 3: (cmp(hobject_t const&, hobject_t const&)+0x25) [0x7f87469cc8d5] 4: (Session::check_backoff(CephContext*, spg_t, hobject_t const&, Message const*)+0x134) [0x55c35fa9dec4] 5: (PrimaryLogPG::do_op(boost::intrusive_ptr<OpRequest>&)+0x374) [0x55c35fa2ef14] 6: (PrimaryLogPG::do_request(boost::intrusive_ptr<OpRequest>&, ThreadPool::TPHandle&)+0xc45) [0x55c35fa35e35] 7: (OSD::dequeue_op(boost::intrusive_ptr<PG>, boost::intrusive_ptr<OpRequest>, ThreadPool::TPHandle&)+0x1b7) [0x55c35f8993a7] 8: (PGOpItem::run(OSD*, OSDShard*, boost::intrusive_ptr<PG>&, ThreadPool::TPHandle&)+0x62) [0x55c35fb06cd2] 9: (OSD::ShardedOpWQ::_process(unsigned int, ceph::heartbeat_handle_d*)+0x592) [0x55c35f8b6f12] 10: (ShardedThreadPool::shardedthreadpool_worker(unsigned int)+0x3d3) [0x7f874687b813] 11: (ShardedThreadPool::WorkThreadSharded::entry()+0x10) [0x7f874687c400] 12: (()+0x7e25) [0x7f87433c9e25]
/a/sage-2018-06-09_21:47:39-rados-wip-sage3-testing-2018-06-09-1439-distro-basic-smithi/2647006/a/sage-2018-06-09_21:47:39-rados-wip-sage3-testing-2018-06-09-1439-distro-basic-smithi/2647006
gdb shows
(gdb) f 6 #6 have_backoff (oid=..., pgid=..., this=0x55c362932600) at /usr/src/debug/ceph-14.0.0-421-g63faa8d/src/osd/Session.h:180 180 p->first > oid) { (gdb) list 175 if (i == backoffs.end()) { 176 return nullptr; 177 } 178 auto p = i->second.lower_bound(oid); 179 if (p != i->second.begin() && 180 p->first > oid) { 181 --p; 182 } 183 if (p != i->second.end()) { 184 int r = cmp(oid, p->first);
It looks like p is i->second.end() and we are dereferencing p->first.
Updated by Sage Weil almost 6 years ago
- Status changed from 12 to Fix Under Review
- Backport set to mimic,luminous
Updated by Sage Weil almost 6 years ago
- Status changed from Fix Under Review to Pending Backport
Updated by Nathan Cutler almost 6 years ago
- Copied to Backport #24494: mimic: osd: segv in Session::have_backoff added
Updated by Nathan Cutler almost 6 years ago
- Copied to Backport #24495: luminous: osd: segv in Session::have_backoff added
Updated by Nathan Cutler over 5 years ago
- Status changed from Pending Backport to Resolved
Actions