Details
-
Bug
-
Resolution: Fixed
-
Major
-
None
-
None
-
3
-
9223372036854775807
Description
It appears that when lov_init_composite cannot allocate memory and bails out,
lov_delete_composite is then called, but does not check the allocation succeeded and crashes like this:
[ 7267.735836] SLAB: Unable to allocate memory on node 0 (gfp=0x50) [ 7267.736754] cache: kmalloc-192, object size: 4096, order: 1 [ 7267.748259] node 0: slabs: 63074/63074, objs: 63074/63074, free: 0 [ 7267.749119] BUG: unable to handle kernel NULL pointer dereference at 0000000000000018 [ 7267.750623] IP: [<ffffffffa045e708>] lov_delete_composite+0x128/0x560 [lov] [ 7267.751469] PGD 486e2067 PUD 8a26d067 PMD 0 [ 7267.752253] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC [ 7267.753031] Modules linked in: lustre(OE) ofd(OE) osp(OE) lod(OE) ost(OE) mdt(OE) mdd(OE) mgs(OE) osd_ldiskfs(OE) ldiskfs(OE) lquota(OE) lfsck(OE) obdecho(OE) mgc(OE) lov(OE) osc(OE) mdc(OE) lmv(OE) fid(OE) fld(OE) ptlrpc_gss(OE) ptlrpc(OE) obdclass(OE) ksocklnd(OE) lnet(OE) libcfs(OE) brd ext4 loop mbcache jbd2 ata_generic pata_acpi syscopyarea sysfillrect sysimgblt ttm drm_kms_helper ata_piix drm i2c_piix4 pcspkr serio_raw virtio_console libata virtio_balloon virtio_blk i2c_core floppy nfsd ip_tables rpcsec_gss_krb5 [last unloaded: libcfs] [ 7267.760139] CPU: 3 PID: 24900 Comm: createmany Tainted: G W OE ------------ 3.10.0-debug-quota #2 [ 7267.761860] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 7267.762842] task: ffff880028c88900 ti: ffff88000da60000 task.ti: ffff88000da60000 [ 7267.764676] RIP: 0010:[<ffffffffa045e708>] [<ffffffffa045e708>] lov_delete_composite+0x128/0x560 [lov] [ 7267.766599] RSP: 0000:ffff88000da637b8 EFLAGS: 00010246 [ 7267.767573] RAX: ffff880028c88900 RBX: 0000000000000000 RCX: 0000000000000000 [ 7267.768491] RDX: 0000000000000000 RSI: ffff880063e58f80 RDI: ffff880085e54ed0 [ 7267.769318] RBP: ffff88000da63868 R08: 0000000000000000 R09: 0000000000000000 [ 7267.770139] R10: 0000000000000000 R11: 000000000000000b R12: ffff88009e48bf68 [ 7267.771692] R13: ffff88009e48bf68 R14: 0000000000000018 R15: 0000000000000018 [ 7267.772519] FS: 00007f5ec45d9740(0000) GS:ffff8800bc780000(0000) knlGS:0000000000000000 [ 7267.773994] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [ 7267.774781] CR2: 0000000000000018 CR3: 00000000534aa000 CR4: 00000000000006e0 [ 7267.775611] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 7267.776442] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 7267.777268] Stack: [ 7267.777951] 000000006b0f9c81 ffff880028c88900 ffff880028c88900 ffff880085e54ed0 [ 7267.779462] 0000000000000001 0000000000000000 ffff88000da63848 0000000000000246 [ 7267.780966] ffffffffa045cb85 0000805000000000 ffff88009e48bf68 00000001a045feda [ 7267.782476] Call Trace: [ 7267.783194] [<ffffffffa045cb85>] ? lov_object_delete+0x55/0x2a0 [lov] [ 7267.784014] [<ffffffffa045cbab>] lov_object_delete+0x7b/0x2a0 [lov] [ 7267.785007] [<ffffffffa051a1cd>] lu_object_free.isra.30+0x9d/0x1a0 [obdclass] [ 7267.786873] [<ffffffffa051cf67>] lu_object_alloc+0x1b7/0x310 [obdclass] [ 7267.787924] [<ffffffffa051d198>] lu_object_find_try+0xd8/0x2b0 [obdclass] [ 7267.788950] [<ffffffff81706537>] ? _raw_spin_unlock+0x27/0x40 [ 7267.789972] [<ffffffffa051d41c>] lu_object_find_at+0xac/0xe0 [obdclass] [ 7267.791025] [<ffffffffa0522595>] ? cl_env_get+0x65/0x2b0 [obdclass] [ 7267.792054] [<ffffffffa051dd3f>] lu_object_find_slice+0x1f/0x90 [obdclass] [ 7267.793104] [<ffffffffa0521945>] cl_object_find+0x45/0x70 [obdclass] [ 7267.793908] [<ffffffffa0f5cc0d>] cl_file_inode_init+0x1fd/0x310 [lustre] [ 7267.794547] [<ffffffffa0f34fd5>] ll_update_inode+0x335/0x620 [lustre] [ 7267.795129] [<ffffffffa0287ee7>] ? libcfs_debug_msg+0x57/0x80 [libcfs] [ 7267.795723] [<ffffffffa0f35327>] ll_read_inode2+0x67/0x420 [lustre] [ 7267.796341] [<ffffffffa0f43a4b>] ll_iget+0xab/0x320 [lustre] [ 7267.796999] [<ffffffffa0f37355>] ll_prep_inode+0x235/0xc90 [lustre] [ 7267.797809] [<ffffffffa0287ee7>] ? libcfs_debug_msg+0x57/0x80 [libcfs] [ 7267.798553] [<ffffffffa0f46707>] ll_atomic_open+0x717/0x11d0 [lustre] [ 7267.799126] [<ffffffff811fd571>] do_last+0xa21/0x12b0 [ 7267.800067] [<ffffffff811fdec2>] path_openat+0xc2/0x4a0 [ 7267.801794] [<ffffffff811ff6bb>] do_filp_open+0x4b/0xb0 [ 7267.802645] [<ffffffff81706537>] ? _raw_spin_unlock+0x27/0x40 [ 7267.803214] [<ffffffff8120d167>] ? __alloc_fd+0xa7/0x130 [ 7267.803775] [<ffffffff811ec573>] do_sys_open+0xf3/0x1f0 [ 7267.804328] [<ffffffff811ec68e>] SyS_open+0x1e/0x20 [ 7267.804871] [<ffffffff8170fdc9>] system_call_fastpath+0x16/0x1b [ 7267.805446] Code: a0 c7 05 4c 1f 02 00 b5 01 00 00 48 c7 05 4d 1f 02 00 00 00 00 00 c7 05 3b 1f 02 00 01 00 00 00 e8 8e 97 e2 ff 66 0f 1f 44 00 00 <49> 8b 07 48 85 c0 0f 84 f4 00 00 00 41 8b 57 f8 85 d2 0f 84 e8 [ 7267.829728] RIP [<ffffffffa045e708>] lov_delete_composite+0x128/0x560 [lov] [ 7267.831699] RSP <ffff88000da637b8> [ 7267.832669] CR2: 0000000000000018
Allocated (attempted to be allocated) in:
[ 7267.666940] [<ffffffff810a4090>] ? wake_up_atomic_t+0x30/0x30 [ 7267.667752] [<ffffffff8117c555>] __alloc_pages_nodemask+0xa85/0xca0 [ 7267.668586] [<ffffffff811c86b3>] kmem_getpages+0x63/0x1d0 [ 7267.669385] [<ffffffff811cc178>] fallback_alloc+0x198/0x270 [ 7267.670179] [<ffffffff811cbfab>] ____cache_alloc_node+0x18b/0x1c0 [ 7267.670993] [<ffffffff811cd276>] __kmalloc+0x3a6/0x660 [ 7267.671796] [<ffffffffa045feda>] ? lov_init_composite+0x9a/0x370 [lov] [ 7267.672617] [<ffffffffa045feda>] lov_init_composite+0x9a/0x370 [lov] [ 7267.673485] [<ffffffffa045d29e>] lov_object_init+0x13e/0x310 [lov] [ 7267.674338] [<ffffffffa051ce8f>] lu_object_alloc+0xdf/0x310 [obdclass] [ 7267.675178] [<ffffffffa051d198>] lu_object_find_try+0xd8/0x2b0 [obdclass]
Attachments
Activity
Oleg Drokin (oleg.drokin@intel.com) merged in patch https://review.whamcloud.com/26456/
Subject: LU-9307 lov: NULL pointer deref in lov_delete_composite
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: 2be85b2b93dc2e1c8a8fa809a821ea5cfa36ac39
Jinshan Xiong (jinshan.xiong@intel.com) merged in patch https://review.whamcloud.com/26458/
Subject: LU-9307 lov: NULL pointer deref in lov_delete_composite
Project: fs/lustre-release
Branch: pfl
Current Patch Set:
Commit: d8701abb9b576ae295fd4cb861edcbbd36c103a3
Bobi Jam (bobijam@hotmail.com) uploaded a new patch: https://review.whamcloud.com/26458
Subject: LU-9307 lov: NULL pointer deref in lov_delete_composite
Project: fs/lustre-release
Branch: pfl
Current Patch Set: 1
Commit: 913b93edbf4bc81a855f9e4d8122b15970e5f872
Bobi Jam (bobijam@hotmail.com) uploaded a new patch: https://review.whamcloud.com/26456
Subject: LU-9307 lov: NULL pointer deref in lov_delete_composite
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 7a714a9dd612bb287a3aa425cefd4959799385d6
Landed for 2.10