Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Minor
Fix Version/s: Lustre 2.7.0
Affects Version/s: Lustre 2.6.0
Labels:
- malloc
- ofd
- patch

Severity:
3
Rank (Obsolete):
14826

Description

If ofd_seqs_init() fails then ofd_fs_setup() passes a NULL object to lu_object_put().

int ofd_fs_setup(const struct lu_env *env, struct ofd_device *ofd,
                 struct obd_device *obd)
{
        struct ofd_thread_info  *info = ofd_info(env);
        struct dt_object        *fo;
        int                      rc = 0;

        ENTRY;

        rc = ofd_seqs_init(env, ofd);
        if (rc)
                GOTO(out_hc, rc);

         ....

        ofd->ofd_health_check_file = fo;

        RETURN(0);
out_hc:
        lu_object_put(env, &ofd->ofd_health_check_file->do_lu);
out:
        return rc;
}

[  218.776538] BUG: unable to handle kernel NULL pointer dereference at (null)
[  218.777508] IP: [<ffffffffa0457cb6>] lu_object_put+0x16/0x330 [obdclass]
[  218.777508] PGD 1fc42d067 PUD 1de4f1067 PMD 0
[  218.777508] Oops: 0000 [#1] SMP
[  218.777508] last sysfs file: /sys/devices/system/cpu/online
[  218.777508] CPU 4
[  218.777508] Modules linked in: lustre(U) ofd(U) osp(U) lod(U) ost(U) mdt(U) mdd(U) mgs\
(U) nodemap(U) osd_ldiskfs(U) ldiskfs(U) exportfs lquota(U) lfsck(U) jbd obdecho(U) mgc(U\
) lov(U) osc(U) mdc(U) lmv(U) fid(U) fld(U) ptlrpc(U) obdclass(U) ksocklnd(U) lnet(U) sha\
512_generic sha256_generic libcfs(U) autofs4 nfs lockd fscache auth_rpcgss nfs_acl sunrpc\
 ipv6 microcode virtio_balloon virtio_net i2c_piix4 i2c_core ext4 jbd2 mbcache virtio_blk\
 virtio_pci virtio_ring virtio pata_acpi ata_generic ata_piix dm_mirror dm_region_hash dm\
_log dm_mod [last unloaded: speedstep_lib]
[  218.777508]
[  218.777508] Pid: 9583, comm: llog_process_th Not tainted 2.6.32-431.5.1.el6.lustre.x86\
_64 #1 Bochs Bochs
[  218.777508] RIP: 0010:[<ffffffffa0457cb6>]  [<ffffffffa0457cb6>] lu_object_put+0x16/0x\
330 [obdclass]
[  218.777508] RSP: 0018:ffff8801fc015a10  EFLAGS: 00010282
[  218.777508] RAX: 00000000fffffff4 RBX: ffff8801fc015b30 RCX: 0000000000000000
[  218.777508] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff8801fc015b30
[  218.777508] RBP: ffff8801fc015a70 R08: 0000000000000001 R09: 0000000000000001
[  218.777508] R10: ffffffff81a9e6b8 R11: 0000000000000000 R12: ffff8801e535a000
[  218.777508] R13: 00000000fffffff4 R14: ffff8801ee2bcf60 R15: ffff8801e535a0a8
[  218.777508] FS:  0000000000000000(0000) GS:ffff880030000000(0000) knlGS:00000000000000\
00
[  218.777508] CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
[  218.777508] CR2: 0000000000000000 CR3: 00000001de4cb000 CR4: 00000000000006e0
[  218.777508] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  218.777508] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  218.777508] Process llog_process_th (pid: 9583, threadinfo ffff8801fc014000, task ffff\
8801e49dc0c0)
[  218.777508] Stack:
[  218.777508]  ffff8801ea90a258 ffff8801e535a000 ffff8801fd726a8c 00000000fffffff4
[  218.777508] <d> 0000000000000000 ffff8801e1f706a0 ffff8801fc015a70 ffff8801fc015b30
[  218.777508] <d> ffff8801e535a000 00000000fffffff4 ffff8801ee2bcf60 ffff8801e535a0a8
[  218.777508] Call Trace:
[  218.777508]  [<ffffffffa0df1a8a>] ofd_fs_setup+0x1aa/0x320 [ofd]
[  218.777508]  [<ffffffffa0de22dc>] ofd_device_alloc+0x101c/0x14c0 [ofd]
[  218.777508]  [<ffffffffa045595e>] ? lu_context_init+0xae/0x190 [obdclass]
[  218.777508]  [<ffffffffa044138f>] obd_setup+0x1bf/0x290 [obdclass]
[  218.777508]  [<ffffffffa0441667>] class_setup+0x207/0x870 [obdclass]
[  218.777508]  [<ffffffffa0448e2c>] class_process_config+0xc6c/0x1ad0 [obdclass]
[  218.777508]  [<ffffffffa04429fb>] ? lustre_cfg_new+0x16b/0x610 [obdclass]
[  218.777508]  [<ffffffffa0442c8b>] ? lustre_cfg_new+0x3fb/0x610 [obdclass]
[  218.777508]  [<ffffffffa044ae24>] class_config_llog_handler+0xab4/0x17b0 [obdclass]
[  218.777508]  [<ffffffff81538b40>] ? kmemleak_alloc+0x20/0xd0
[  218.777508]  [<ffffffffa040dfb6>] llog_process_thread+0x896/0xcc0 [obdclass]
[  218.777508]  [<ffffffffa04544ff>] ? keys_fill+0x6f/0x190 [obdclass]
[  218.777508]  [<ffffffffa040ed88>] llog_process_thread_daemonize+0x48/0x70 [obdclass]
[  218.777508]  [<ffffffffa040ed40>] ? llog_process_thread_daemonize+0x0/0x70 [obdclass]
[  218.777508]  [<ffffffff8109eab6>] kthread+0x96/0xa0
[  218.777508]  [<ffffffff8100c30a>] child_rip+0xa/0x20
[  218.777508]  [<ffffffff81554710>] ? _spin_unlock_irq+0x30/0x40
[  218.777508]  [<ffffffff8100bb10>] ? restore_args+0x0/0x30
[  218.777508]  [<ffffffff8109ea20>] ? kthread+0x0/0xa0

This was found via memory allocation fault injection.

Attachments

Issue Links

mentioned in: Page Loading...

Activity

People

Assignee:: John Hammond

Reporter:: John Hammond

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 08/Jul/14 11:15 PM

Updated:: 04/Jun/15 5:54 PM

Resolved:: 27/Apr/15 8:27 PM