Skip to content

squid: client: crash caused by invalid iterator in _readdir_cache_cb#65974

Open
joscollin wants to merge 1 commit intoceph:squidfrom
joscollin:wip-72846-squid
Open

squid: client: crash caused by invalid iterator in _readdir_cache_cb#65974
joscollin wants to merge 1 commit intoceph:squidfrom
joscollin:wip-72846-squid

Conversation

@joscollin
Copy link
Member

@joscollin joscollin commented Oct 16, 2025

backport tracker: https://tracker.ceph.com/issues/72846

backport of #64627
parent tracker: https://tracker.ceph.com/issues/72247

this backport was staged using ceph-backport.sh version 16.0.0.6848
find the latest version at https://github.com/ceph/ceph/blob/main/src/script/ceph-backport.sh

@zhsgao @joscollin
client: crash caused by invalid iterator in _readdir_cache_cb
7b795a2 
Capacity of `readdir_cache` may change after `client_lock` is unlocked in iterations of `readdir_cache`,
and it can cause the iterator to be invalid, then using the invalid iterator in the next iteration will cause crash.
Crash may happen at `Dentry *dn = *pd` (pd points to invalid memory),
or at `if (pd >= dir->readdir_cache.end() || *pd != dn)` (pd is smaller than begin() if idx is negative).
Use index instead of iterator to solve this problem.

Fixes: https://tracker.ceph.com/issues/72247
Signed-off-by: Zhansong Gao <zhsgao@hotmail.com>
(cherry picked from commit 9e0488d)
@joscollin joscollin added this to the squid milestone Oct 16, 2025
@joscollin
Copy link
Member Author

joscollin commented Oct 16, 2025

This PR is under test in https://tracker.ceph.com/issues/73568.

@batrick batrick modified the milestones: squid, v19.2.4 Mar 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

cephfs Ceph File System needs-qa wip-jcollin-testing-squid12

Projects

None yet

Milestone

v19.2.4

Development

Successfully merging this pull request may close these issues.

3 participants

@joscollin @batrick @zhsgao