Actions
Bug #21274
closedClient: if request gets aborted, its reference leaks
Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(FS):
Labels (FS):
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
/a/pdonnell-2017-09-06_15:30:20-fs-wip-pdonnell-testing-20170906-distro-basic-smithi/1601384/teuthology.log
log of crashed client
/a/pdonnell-2017-09-06_15:30:20-fs-wip-pdonnell-testing-20170906-distro-basic-smithi/1601384/remote/smithi100/log/ceph-client.guest.68356.log.gz
The reason is that client got backlisted while there is a pending request. No one cleaned up the request and the request held a reference to dentry. So client crashed on shutdown
/build/ceph-13.0.0-437-g3490d03/src/client/Client.cc: 337: FAILED assert(lru.lru_get_size() == 0) ceph version 13.0.0-437-g3490d03 (3490d03974d47fae7bd3846d2443cb7c5d7360cb) mimic (dev) 1: (ceph::__ceph_assert_fail(char const*, char const*, int, char const*)+0x102) [0xc165fc1812] 2: (Client::tear_down_cache()+0x75a) [0xc165f1e40a] 3: (Client::~Client()+0x53) [0xc165f56113] 4: (StandaloneClient::~StandaloneClient()+0x9) [0xc165f566e9] 5: (main()+0x8e1) [0xc165ecab81] 6: (__libc_start_main()+0xf0) [0x7f3daaf46830] 7: (_start()+0x29) [0xc165ed3739] NOTE: a copy of the executable, or `objdump -rdS <executable>` is needed to interpret this.
Updated by Zheng Yan over 6 years ago
- Subject changed from crash when shutting down blacklisted client to Client: if request gets aborted, its reference leaks
- Status changed from New to Fix Under Review
- Backport set to jewel, luminous
Updated by Patrick Donnelly over 6 years ago
- Status changed from Fix Under Review to Pending Backport
Updated by Zheng Yan over 6 years ago
- Status changed from Pending Backport to Resolved
the bug was introduced by
From 9cb79067dc009b488c9dc2d0c4641da88153bfca Mon Sep 17 00:00:00 2001 From: Danny Al-Gaaf <danny.al-gaaf@bisect.de> Date: Wed, 10 May 2017 20:42:36 +0200 Subject: [PATCH 11/14] client/Client.cc: fix USE_AFTER_FREE Don't call put_request() twice, it's already called by unregister_request() Fix for: CID 1405360 (#1 of 1): Use after free (USE_AFTER_FREE) deref_arg: Calling put_request dereferences freed pointer request Signed-off-by: Danny Al-Gaaf <danny.al-gaaf@bisect.de>
does not exist in luminous branch.
Actions