Project

General

Profile

Actions
Copy link

Bug #38484

closed

osd: InvalidRead, PG use-after-free putting ref

Added by Sage Weil about 5 years ago. Updated about 5 years ago.

Status:
Resolved
Priority:
Urgent
Assignee:
Sage Weil
Category:
-
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(RADOS):
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

  <kind>InvalidRead</kind>
  <what>Invalid read of size 8</what>
  <stack>
    <frame>
      <ip>0x74E7B2</ip>
      <obj>/usr/bin/ceph-osd</obj>
      <fn>PG::put(char const*)</fn>
      <dir>/usr/src/debug/ceph-14.1.0-125-g8b98d22/src/osd</dir>
      <file>PG.cc</file>
      <line>178</line>
    </frame>
    <frame>
      <ip>0x6D0B24</ip>
      <obj>/usr/bin/ceph-osd</obj>
      <fn>OSD::ShardedOpWQ::_process(unsigned int, ceph::heartbeat_handle_d*)</fn>
      <dir>/usr/src/debug/ceph-14.1.0-125-g8b98d22/src/osd</dir>
      <file>PG.h</file>
      <line>566</line>
    </frame>
    <frame>
      <ip>0xCCC5B4</ip>
      <obj>/usr/bin/ceph-osd</obj>
      <fn>ShardedThreadPool::shardedthreadpool_worker(unsigned int)</fn>
      <dir>/usr/src/debug/ceph-14.1.0-125-g8b98d22/src/common</dir>
      <file>WorkQueue.cc</file>
      <line>311</line>
    </frame>
    <frame>
      <ip>0xCCEC7F</ip>
      <obj>/usr/bin/ceph-osd</obj>
      <fn>ShardedThreadPool::WorkThreadSharded::entry()</fn>
      <dir>/usr/src/debug/ceph-14.1.0-125-g8b98d22/src/common</dir>
      <file>WorkQueue.h</file>
      <line>699</line>
    </frame>
    <frame>
      <ip>0xD654E24</ip>
      <obj>/usr/lib64/libpthread-2.17.so</obj>
      <fn>start_thread</fn>
    </frame>
    <frame>
      <ip>0xE5B2BAC</ip>
      <obj>/usr/lib64/libc-2.17.so</obj>
      <fn>clone</fn>
    </frame>
  </stack>
  <auxwhat>Address 0x3ca53098 is 152 bytes inside a block of size 11,528 free'd</auxwhat>
  <stack>
    <frame>
      <ip>0xA89767D</ip>
      <obj>/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so</obj>
      <fn>operator delete[](void*)</fn>
      <dir>/builddir/build/BUILD/valgrind-3.13.0/coregrind/m_replacemalloc</dir>
      <file>vg_replace_malloc.c</file>
      <line>621</line>
    </frame>
    <frame>
      <ip>0x74E74D</ip>
      <obj>/usr/bin/ceph-osd</obj>
      <fn>PG::put(char const*)</fn>
      <dir>/usr/src/debug/ceph-14.1.0-125-g8b98d22/src/osd</dir>
      <file>PG.cc</file>
      <line>181</line>
    </frame>
    <frame>
      <ip>0x7C1426</ip>
      <obj>/usr/bin/ceph-osd</obj>
      <fn>ContainerContext&lt;boost::intrusive_ptr&lt;PG&gt; &gt;::~ContainerContext()</fn>
      <dir>/usr/src/debug/ceph-14.1.0-125-g8b98d22/src/osd</dir>
      <file>PG.h</file>
      <line>566</line>
    </frame>
    <frame>
      <ip>0xC946D5</ip>
      <obj>/usr/bin/ceph-osd</obj>
      <fn>Finisher::finisher_thread_entry()</fn>
      <dir>/usr/src/debug/ceph-14.1.0-125-g8b98d22/src/common</dir>
      <file>Finisher.cc</file>
      <line>67</line>
    </frame>
    <frame>
      <ip>0xD654E24</ip>
      <obj>/usr/lib64/libpthread-2.17.so</obj>
      <fn>start_thread</fn>
    </frame>
    <frame>

/a/sage-2019-02-26_12:41:21-rados:verify-wip-sage-testing-2019-02-25-1642-distro-basic-smithi/3641681
Actions
Copy link
 #1

Updated by Sage Weil about 5 years ago

  • Status changed from 12 to Can't reproduce

i think i must have mixed up my test branches or something. i can't reproduce this.

Actions
Copy link
 #2

Updated by Sage Weil about 5 years ago

  • Status changed from Can't reproduce to 12
  • Assignee set to Sage Weil
  • Priority changed from High to Urgent

/a/sage-2019-03-02_01:13:07-rados-wip-sage2-testing-2019-03-01-1553-distro-basic-smithi/3656299

Actions
Copy link
 #3

Updated by Sage Weil about 5 years ago

  • Status changed from 12 to Fix Under Review
Actions
Copy link
 #4

Updated by Neha Ojha about 5 years ago

  • Status changed from Fix Under Review to Resolved
Actions
Copy link

Also available in: Atom PDF