Actions
Bug #10644
closedlibrbd: segfault on image close when watch fails
% Done:
0%
Source:
Q/A
Tags:
Backport:
Regression:
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
From http://qa-proxy.ceph.com/teuthology/sage-2015-01-24_15:03:19-rbd-next-distro-basic-multi/721344/
This can happen in the locking/fencing test, due to a use-after-free of the LingerOp watch() failed on. This produces a backtrace like:
#0 0x00007f550ac0f5cb in std::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(std::string const&) () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6 #1 0x00007f550c11ee11 in object_t (this=0x7fff70c6ab60) at ./include/object.h:33 #2 Objecter::Op::Op (this=0x1ab5d60, o=..., ol=..., op=..., f=32, ac=0x0, co=0x7fff70c6ad60, ov=0x7fff70c6ac48, offset=0x0) at ./osdc/Objecter.h:1197 #3 0x00007f550c11acab in prepare_mutate_op (objver=0x7fff70c6ac48, oncommit=0x7fff70c6ad60, onack=0x0, flags=0, mtime=..., snapc=..., op=..., oloc=..., oid=..., this=0x7f5504021fe0) at ./osdc/Objecter.h:2018 #4 mutate (objver=0x7fff70c6ac48, oncommit=0x7fff70c6ad60, onack=0x0, flags=0, mtime=..., snapc=..., op=..., oloc=..., oid=..., this=0x7f5504021fe0) at ./osdc/Objecter.h:2029 #5 librados::IoCtxImpl::unwatch (this=0x1a8e010, cookie=140002042318080) at librados/IoCtxImpl.cc:1144 #6 0x00007f54e9a90df1 in librbd::ImageWatcher::unregister_watch (this=0x1a9cd20) at librbd/ImageWatcher.cc:109 #7 0x00007f54e9a8b03a in librbd::ImageCtx::unregister_watch (this=this@entry=0x1a8d990) at librbd/ImageCtx.cc:617 #8 0x00007f54e9aab3d8 in librbd::close_image (ictx=ictx@entry=0x1a8d990) at librbd/internal.cc:2302 #9 0x00007f54e9a7f9d1 in rbd_close (image=0x1a8d990) at librbd/librbd.cc:1042
Updated by Josh Durgin over 9 years ago
- Status changed from In Progress to Fix Under Review
Updated by Jason Dillaman about 9 years ago
Updated by Josh Durgin about 9 years ago
- Status changed from Fix Under Review to Resolved
Actions