mon/Elector.cc: prevent assertion failure when receiving pings from removed monitors

chungfengz-syno · chungfengz-syno · commit c29d6fff40b8 · 2025-10-08T01:37:14.000Z
When a monitor is removed from the cluster, there can be a race condition where the removed monitor is still running and sending ping messages to other monitors, while those monitors have already updated their monmap and no longer recognize the removed monitor's address. This causes MonMap::get_rank() to return -1 for the removed monitor's address, which then gets passed to MonMap::get_addrs(unsigned), causing an assertion failure since -1 cast to unsigned becomes UINT_MAX. Add defensive checks in three places to handle this scenario: 1. In begin_peer_ping(): return early if peer < 0 2. In send_peer_ping(): check both peer < 0 and peer >= ranks.size() 3. In handle_ping(): drop messages from unknown senders (rank < 0) This prevents the assertion failure and provides better logging for diagnosing such race conditions. Fixes: https://tracker.ceph.com/issues/71259 Signed-off-by: chungfengz <chungfengz@synology.com>
diff --git a/src/mon/Elector.cc b/src/mon/Elector.cc
@@ -453,6 +453,10 @@ void Elector::handle_nak(MonOpRequestRef op)
 void Elector::begin_peer_ping(int peer)
 {
   dout(20) << __func__ << " with " << peer << dendl;
+  if (peer < 0) {
+    dout(20) << __func__ << " ignoring negative peer " << peer << dendl;
+    return;
+  }
   if (live_pinging.count(peer)) {
     dout(20) << peer << " already in live_pinging ... return " << dendl;
     return;
@@ -492,7 +496,7 @@ void Elector::begin_peer_ping(int peer)
 bool Elector::send_peer_ping(int peer, const utime_t *n)
 {
   dout(10) << __func__ << " to peer " << peer << dendl;
-  if (peer >= ssize(mon->monmap->ranks)) {
+  if (peer < 0 || peer >= ssize(mon->monmap->ranks)) {
     // Monitor no longer exists in the monmap,
     // therefore, we shouldn't ping this monitor
     // since we cannot lookup the address!
@@ -609,6 +613,11 @@ void Elector::handle_ping(MonOpRequestRef op)
   MMonPing *m = static_cast<MMonPing*>(op->get_req());
   int prank = mon->monmap->get_rank(m->get_source_addr());
   dout(20) << __func__ << " from: " << prank << dendl;
+  if (prank < 0) {
+    dout(5) << __func__ << " from unknown addr " << m->get_source_addr()
+           << " mapped to rank " << prank << " (likely removed monitor) - dropping message" << dendl;
+    return;
+  }
   begin_peer_ping(prank);
   assimilate_connection_reports(m->tracker_bl);
   switch(m->op) {
