Actions
Bug #72247
openclient: crash in _readdir_cache_cb
Status:
Pending Backport
Priority:
Normal
Assignee:
Category:
Correctness/Safety
Target version:
% Done:
0%
Source:
Community (dev)
Backport:
tentacle,squid
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(FS):
ceph-fuse
Labels (FS):
crash
Pull request ID:
Tags (freeform):
backport_processed
Merge Commit:
Fixed In:
v20.3.0-2736-g6a69922cda
Released In:
Upkeep Timestamp:
2025-09-03T10:33:04+00:00
Description
Capacity of `readdir_cache` may change after `client_lock` is unlocked in iterations of `readdir_cache`, and it can cause the iterator to be invalid, then using the invalid iterator in the next iteration will cause crash.
Crash may happen at `Dentry *dn = *pd` (pd points to invalid memory), or at `if (pd >= dir->readdir_cache.end() || *pd != dn)` (pd is smaller than begin() if idx is negative).
Updated by Venky Shankar 8 months ago
- Category set to Correctness/Safety
- Status changed from New to Triaged
- Target version set to v21.0.0
- Source set to Community (dev)
Updated by Venky Shankar 8 months ago
- Status changed from Triaged to Fix Under Review
- Backport set to tentacle,squid
Updated by Venky Shankar 7 months ago
- Status changed from Fix Under Review to Pending Backport
- Assignee set to Zhansong Gao
Updated by Upkeep Bot 7 months ago
- Merge Commit set to 6a69922cdab7cf55ba67098ff712f661ba8011e4
- Fixed In set to v20.3.0-2736-g6a69922cda
- Upkeep Timestamp set to 2025-09-03T10:33:04+00:00
Updated by Upkeep Bot 7 months ago
- Copied to Backport #72845: tentacle: client: crash in _readdir_cache_cb added
Updated by Upkeep Bot 7 months ago
- Copied to Backport #72846: squid: client: crash in _readdir_cache_cb added
Actions