Bug #9636
segfault in CInode::get_caps_allowed_for_client
% Done:
0%
Source:
other
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(FS):
Labels (FS):
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
While doing ad-hoc killing of clients stuck on full cluster: unchecked dereference of session connection.
37683 2014-10-01 18:38:29.390864 7ff38a5f9700 20 mds.0.server set_trace_dist snapid head 37684 2014-10-01 18:38:29.390868 7ff38a5f9700 10 mds.0.server set_trace_dist snaprealm snaprealm(1 seq 1 lc 0 cr 0 cps 1 snaps={} 0x4d806c0) len=48 37685 2014-10-01 18:38:29.390874 7ff38a5f9700 20 mds.0.cache.ino(1) pfile 0 pauth 0 plink 0 pxattr 0 plocal 0 ctime 2014-10-01 17:53:20.469083 valid=1 37686 2014-10-01 18:38:29.390884 7ff38a5f9700 10 mds.0.cache.ino(1) add_client_cap first cap, joining realm snaprealm(1 seq 1 lc 0 cr 0 cps 1 snaps={} 0x4d806c0) 37687 2014-10-01 18:38:29.397914 7ff387cf3700 10 check_message_signature: seq # = 14 front_crc_ = 3501454100 middle_crc = 0 data_crc = 0 37688 2014-10-01 18:38:29.398010 7ff38cdfe700 1 -- 192.168.1.12:6813/26498 <== osd.2 192.168.1.12:6808/24169 14 ==== osd_op_reply(72 200.00000000 [writefull 0~90] v24'18 uv18 ondisk = 0) v6 ==== 179+0+0 (3501454100 0 0) 0x52a8580 con 0x4f8ee00 37689 2014-10-01 18:38:29.403761 7ff38a5f9700 -1 *** Caught signal (Segmentation fault) ** 37690 in thread 7ff38a5f9700 37691 37692 ceph version 0.85-1086-g55b1a8e (55b1a8e73bec9070d2d1cfdba478a8ed188485a8) 37693 1: (ceph::BackTrace::BackTrace(int)+0x2d) [0x12e89ed] 37694 2: ./ceph-mds() [0x12e813f] 37695 3: (()+0xf720) [0x7ff39135f720] 37696 4: (boost::intrusive_ptr<Connection>::operator->() const+0x10) [0xf5d69c] 37697 5: (CInode::get_caps_allowed_for_client(client_t)+0xce) [0x11f05ba] 37698 6: (CInode::encode_inodestat(ceph::buffer::list&, Session*, SnapRealm*, snapid_t, unsigned int, int)+0x1b06) [0x11f26f2] 37699 7: (Server::set_trace_dist(Session*, MClientReply*, CInode*, CDentry*, snapid_t, int, std::tr1::shared_ptr<MDRequestImpl>&)+0x5ba) [0xf9dddc] 37700 8: (Server::reply_request(std::tr1::shared_ptr<MDRequestImpl>&, MClientReply*, CInode*, CDentry*)+0x7a8) [0xf9d298] 37701 9: (C_MDS_openc_finish::finish(int)+0x20c) [0xfe951e] 37702 10: (Context::complete(int)+0x27) [0xf53667] 37703 11: (MDSInternalContextBase::complete(int)+0x1a1) [0x12328e5] 37704 12: (C_MarkEvent::finish(int)+0x5d) [0xfe9053] 37705 13: (Context::complete(int)+0x27) [0xf53667] 37706 14: (MDSInternalContextBase::complete(int)+0x1a1) [0x12328e5] 37707 15: (C_IO_Wrapper::finish(int)+0x33) [0xf58961] 37708 16: (Context::complete(int)+0x27) [0xf53667] 37709 17: (MDSIOContextBase::complete(int)+0x270) [0x1232b90] 37710 18: (Finisher::finisher_thread_entry()+0x323) [0x130b42d] 37711 19: (Finisher::FinisherThread::entry()+0x1c) [0xf54d20] 37712 20: (Thread::entry_wrapper()+0x79) [0x1414fed] 37713 21: (Thread::_entry_func(void*)+0x18) [0x1414f6a] 37714 22: (()+0x7f35) [0x7ff391357f35] 37715 23: (clone()+0x6d) [0x7ff38fb1ac3d] 37716 NOTE: a copy of the executable, or `objdump -rdS <executable>` is needed to interpret this.
History
#1 Updated by Zheng Yan over 9 years ago
looks like it's the same as #9628
#2 Updated by Greg Farnum over 9 years ago
- Status changed from In Progress to Duplicate