topology coordinator: fix use after free after streaming failure

node.rs pointer can be freed while guard is released, so it cannot be accessed during error processing. Save state locally. Fixes #17577 Message-ID: <Zd9keSwiIC4v_EiF@scylladb.com>
2026-06-03 21:47:10 +00:00 · 2024-02-28 18:51:05 +02:00
parent 57b14580f0
commit 4ef57096bc
1 changed files with 2 additions and 1 deletions
--- a/service/topology_coordinator.cc
+++ b/service/topology_coordinator.cc
@@ -1553,6 +1553,7 @@ class topology_coordinator : public endpoint_lifecycle_subscriber {
                }

                raft_topology_cmd cmd{raft_topology_cmd::command::stream_ranges};
+                auto state = node.rs->state;
                try {
                    if (node.rs->state == node_state::removing) {
                        // tell all nodes to stream data of the removed node to new range owners
@@ -1565,7 +1566,7 @@ class topology_coordinator : public endpoint_lifecycle_subscriber {
                    throw;
                } catch (...) {
                    rtlogger.error("send_raft_topology_cmd(stream_ranges) failed with exception"
-                                    " (node state is {}): {}", node.rs->state, std::current_exception());
+                                    " (node state is {}): {}", state, std::current_exception());
                    _rollback = fmt::format("Failed stream ranges: {}", std::current_exception());
                    break;
                }