Fix: guard addJitter against zero/sub-nanosecond durations to prevent panic (fixes #8149)

[shivamtiwari3]

Summary

Fixes #8149.

addJitter in internal/sampling/samplingstrategy/adaptive/post_aggregator.go passed int64(jitterAmount/2) directly to rand.Int63n. When jitterAmount is 0 or 1ns, integer division yields 0, and rand.Int63n(0) panics at runtime with panic: invalid argument to Int63n.

---

Root Cause

In post_aggregator.go:145:

func addJitter(jitterAmount time.Duration) time.Duration {
    return (jitterAmount / 2) + time.Duration(rand.Int63n(int64(jitterAmount/2)))
}

rand.Int63n(n) requires n > 0; it panics otherwise. No guard prevented calling it with n == 0. A misconfigured FollowerLeaseRefreshInterval (e.g. set to 0 or 1ns in a YAML config or test environment) or an unexpected zero value reaching addJitter from provider.go:92 would crash the process.

---

Solution

Compute half = jitterAmount / 2 once. If half <= 0 (covers jitterAmount == 0 and jitterAmount == 1ns), return jitterAmount unchanged — no jitter is added, but the caller is not panicked. Otherwise apply the existing formula using half.

func addJitter(jitterAmount time.Duration) time.Duration {
    half := jitterAmount / 2
    if half <= 0 {
        return jitterAmount
    }
    return half + time.Duration(rand.Int63n(int64(half)))
}

---

Testing

• Added TestAddJitter in post_aggregator_test.go:
  • addJitter(0) returns 0 without panicking
  • addJitter(1ns) returns 1ns without panicking (sub-nanosecond integer division edge case)
  • For normal durations (2ms, 1s, 20s, 60s): 100 calls each confirm the result is always in [d/2, d)
• All existing 17 tests in the package continue to pass

Run with:

go test ./internal/sampling/samplingstrategy/adaptive/...

---

Checklist

• Fixes the root cause (not just the symptom)
• New test covers the exact failing scenarios from the bug report
• All existing tests pass
• No unrelated changes
• Code style matches project conventions
• Read CONTRIBUTING.md and followed its requirements

[Copilot]

Pull request overview

Prevents a runtime panic in adaptive sampling’s jitter calculation by guarding rand.Int63n against zero (or sub-nanosecond truncation to zero) bounds, and adds unit tests to cover the edge cases reported in #8149.

Changes:

• Add a half := jitterAmount / 2 guard in addJitter to avoid rand.Int63n(0) panics.
• Add TestAddJitter to validate zero/1ns inputs and ensure typical durations stay within expected bounds.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
internal/sampling/samplingstrategy/adaptive/post_aggregator.go	Adds a small-duration guard to prevent rand.Int63n panic in addJitter.
internal/sampling/samplingstrategy/adaptive/post_aggregator_test.go	Adds tests covering the panic scenarios and validating jitter bounds for normal durations.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[shivamtiwari3]

Addressed both Copilot review suggestions:

1. Test constants — Updated TestAddJitter to use 0*time.Nanosecond and time.Nanosecond instead of the raw time.Duration(0)/time.Duration(1) literals so the intended unit is immediately clear.

2. PR description accuracy — The root-cause text referenced Options.FollowerLeaseRefreshInterval; the actual call site in this repo is p.followerRefreshInterval inside provider.go. Clarified: the bug is triggered whenever the resolved duration passed to addJitter is ≤ 1ns, regardless of which configuration field or code path produces that value. No scope change — the fix stays in addJitter itself.

[shivamtiwari3]

Added Signed-off-by to both commits to fix the DCO check. No other changes.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 95.67%. Comparing base (ef50c53) to head (31446be).
⚠️ Report is 5 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #8178   +/-   ##
=======================================
  Coverage   95.67%   95.67%           
=======================================
  Files         317      317           
  Lines       16747    16750    +3     
=======================================
+ Hits        16023    16026    +3     
  Misses        571      571           
  Partials      153      153           

Flag	Coverage Δ
badger_v1	9.05% <ø> (ø)
badger_v2	1.04% <ø> (ø)
cassandra-4.x-v1-manual	13.25% <ø> (ø)
cassandra-4.x-v2-auto	1.03% <ø> (ø)
cassandra-4.x-v2-manual	1.03% <ø> (ø)
cassandra-5.x-v1-manual	13.25% <ø> (ø)
cassandra-5.x-v2-auto	1.03% <ø> (ø)
cassandra-5.x-v2-manual	1.03% <ø> (ø)
clickhouse	1.16% <ø> (ø)
elasticsearch-6.x-v1	16.83% <ø> (+0.23%)	⬆️
elasticsearch-7.x-v1	16.86% <ø> (+0.23%)	⬆️
elasticsearch-8.x-v1	17.01% <ø> (+0.23%)	⬆️
elasticsearch-8.x-v2	1.04% <ø> (ø)
elasticsearch-9.x-v2	1.04% <ø> (ø)
grpc_v1	7.79% <ø> (ø)
grpc_v2	1.04% <ø> (ø)
kafka-3.x-v2	1.04% <ø> (ø)
memory_v2	1.04% <ø> (ø)
opensearch-1.x-v1	16.91% <ø> (+0.23%)	⬆️
opensearch-2.x-v1	16.91% <ø> (+0.23%)	⬆️
opensearch-2.x-v2	1.04% <ø> (ø)
opensearch-3.x-v2	1.04% <ø> (ø)
query	1.04% <ø> (ø)
tailsampling-processor	0.52% <ø> (ø)
unittests	94.36% <100.00%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.