Details
-
Bug
-
Resolution: Fixed
-
Blocker
-
Lustre 2.3.0, Lustre 2.4.0, Lustre 2.1.3, Lustre 1.8.7
-
None
-
3
-
4445
Description
BUG: unable to handle kernel NULL pointer dereference at (null) IP [<ffffffffa0d67265>] lov_get_info+0xc75/0x1b90 [lov] Pid: 12793, comm: filefrag Tainted: P --------------- 2.6.32-279.5.1.el6_lustre.g7f15218.x86_64 #1 RIP: 0010:[<ffffffffa0d67265>] [<ffffffffa0d67265>] lov_get_info+0xc75/0x1b90 [lov] RSP: 0018:ffff8800a0c33ba8 EFLAGS: 00010213 RAX: 0000000000000007 RBX: ffff8800aafe4138 RCX: ffff8800a0c33d08 RDX: 0000000000000000 RSI: ffff8800a0c33b6c RDI: 0000000000000000 RBP: ffff8800a0c33cc8 R08: ffff8800a0c33c88 R09: ffff8800a0c33c80 R10: 000000000023efff R11: 0000000000000048 R12: 0000000000000000 R13: ffff8800a91cf000 R14: ffff8800a8825000 R15: ffff8800b26288c0 FS: 00007f0cd1c72700(0000) GS:ffff880002200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000000950da000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process filefrag (pid: 12793, threadinfo ffff8800a0c32000, task ffff8800d8f9eaa0)
The address resolves to:
(gdb) list *(lov_get_info+0xc75) 0x13295 is in lov_get_info (/usr/src/lustre-head/lustre/lov/lov_obd.c:2458). 2453 req_fm_len = fm_local->fm_length; 2454 fm_local->fm_extent_count = count_local; 2455 fm_local->fm_mapped_extents = 0; 2456 fm_local->fm_flags = fiemap->fm_flags; 2457 2458 fm_key->oa.o_id = lsm->lsm_oinfo[cur_stripe]->loi_id; 2459 fm_key->oa.o_seq = lsm->lsm_oinfo[cur_stripe]->loi_seq; 2460 ost_index = lsm->lsm_oinfo[cur_stripe]->loi_ost_idx; 2461 2462 if (ost_index < 0 || ost_index >=lov->desc.ld_tgt_count)
I suspect cur_stripe is out of bounds or something due to bad user input to the ioctl.
It shouldn't be possible for userspace to cause the client to crash.
Attachments
Issue Links
- is related to
-
-
- Open
-