From 32a843672102d41fa0ddd21b2ceb4210623eb904 Mon Sep 17 00:00:00 2001 From: Radoslaw Zarzynski Date: Tue, 26 Jul 2022 12:18:55 +0000 Subject: [PATCH] crimson/osd: don't capture a local, on-stack address of MOSDRepOpReply This flaw can explain the following crash observed at Sepia: ``` ceph-osd: /home/jenkins-build/build/workspace/ceph-dev-new-build/ARCH/x86_64/AVAILABLE_ARCH/x86_64/AVAILABLE_DIST/centos8/DIST/centos8/MACHINE_SIZE/gigantic/release/17.0.0-13661-g3a14f283/rpm/el8/BUILD/ceph-17.0.0-13661-g3a14f283/x86_64-redhat-linux-gnu/boost/include/boost/smart_ptr/intrusive_ptr.hpp:199: T* boost::intrusive_ptr::operator->() const [with T = MOSDRepOpReply]: Assertion `px != 0' failed. Aborting on shard 0. Backtrace: 0# gsignal in /lib64/libc.so.6 1# abort in /lib64/libc.so.6 2# 0x00007FB1346F4CD9 in /lib64/libc.so.6 3# 0x00007FB13471A3F6 in /lib64/libc.so.6 4# crimson::osd::OSD::handle_rep_op_reply(seastar::shared_ptr, boost::intrusive_ptr) in ceph-osd 5# 0x000055C4100FF8D0 in ceph-osd 6# 0x000055C410100639 in ceph-osd 7# crimson::osd::OSD::ms_dispatch(seastar::shared_ptr, boost::intrusive_ptr) in ceph-osd 8# crimson::net::ChainedDispatchers::ms_dispatch(seastar::shared_ptr, boost::intrusive_ptr) in ceph-osd 9# 0x000055C4165220EF in ceph-osd 10# 0x000055C416532791 in ceph-osd 11# 0x000055C4165328B2 in ceph-osd 12# 0x000055C40FDD33D5 in ceph-osd 13# 0x000055C40FDEE2CE in ceph-osd 14# 0x000055C40FDEEEF0 in ceph-osd 15# 0x000055C41CA41215 in ceph-osd 16# 0x000055C41CA97959 in ceph-osd 17# 0x000055C41CBF73A0 in ceph-osd 18# 0x000055C41CBF93F5 in ceph-osd 19# 0x000055C41C629A46 in ceph-osd 20# 0x000055C41C62E012 in ceph-osd 21# main in ceph-osd 22# __libc_start_main in /lib64/libc.so.6 23# _start in ceph-osd ``` Signed-off-by: Radoslaw Zarzynski --- src/crimson/osd/osd.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/crimson/osd/osd.cc b/src/crimson/osd/osd.cc index c940196426ef6..f7d5070a1452a 100644 --- a/src/crimson/osd/osd.cc +++ b/src/crimson/osd/osd.cc @@ -670,7 +670,8 @@ OSD::ms_dispatch(crimson::net::ConnectionRef conn, MessageRef m) return {}; } bool dispatched = true; - gate.dispatch_in_background(__func__, *this, [this, conn, &m, &dispatched] { + gate.dispatch_in_background(__func__, *this, [this, conn, + m=std::move(m), &dispatched] { switch (m->get_type()) { case CEPH_MSG_OSD_MAP: return handle_osd_map(conn, boost::static_pointer_cast(m)); -- 2.39.5