[LU-14276] NULL pointer dereference in obd_set_max_mod_rpcs_in_flight() Created: 22/Dec/20 Updated: 22/Dec/20 |
|
| Status: | Open |
| Project: | Lustre |
| Component/s: | None |
| Affects Version/s: | Upstream |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Minor |
| Reporter: | Alex Zhuravlev | Assignee: | WC Triage |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Severity: | 3 |
| Rank (Obsolete): | 9223372036854775807 |
| Description |
Lustre: DEBUG MARKER: == conf-sanity test 90c: check max_mod_rpcs_in_flight update limits ================================== 00:36:11 (1608665771) .. Lustre: Unmounted lustre-client Lustre: Modifying parameter lustre.mdc.lustre-MDT0000-mdc-*.max_rpcs_in_flight in log params Lustre: Skipped 1 previous similar message BUG: unable to handle kernel NULL pointer dereference at 00000000000000e0 PGD 143a13067 P4D 143a13067 PUD 120aa8067 PMD 0 Oops: 0000 [#1] SMP DEBUG_PAGEALLOC CPU: 1 PID: 15115 Comm: lctl Tainted: G W O --------- --- 4.18.0 #34 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 RIP: 0010:obd_set_max_mod_rpcs_in_flight+0x3a/0x2e0 [obdclass] Code: be e7 ff 40 41 55 41 54 41 89 f4 55 89 f5 53 48 89 fb 4c 8b af c8 00 00 00 8b 87 4c 02 00 00 74 7d f6 05 18 be e7 ff 20 74 74 <49> 8b 95 e0 00 00 00 48 b9 20 00 00 00 5b 08 00 00 48 c7 c7 e0 ac RSP: 0018:ffff880158a0fde8 EFLAGS: 00010202 RAX: 0000000000000008 RBX: ffff880145b050e0 RCX: 0000000000000007 RDX: 00000000ffffffbf RSI: 0000000000000007 RDI: ffff880145b050e0 RBP: 0000000000000007 R08: 0000000000000007 R09: 0000000000000001 R10: 000000000000000a R11: f000000000000000 R12: 0000000000000007 R13: 0000000000000000 R14: ffff880158a0ff10 R15: ffff880120a88e20 FS: 00007fc7a8b42740(0000) GS:ffff88016b000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000e0 CR3: 000000015ad60000 CR4: 00000000000006a0 Call Trace: max_mod_rpcs_in_flight_store+0x3c/0x50 [mdc] kernfs_fop_write+0x10d/0x190 __vfs_write+0x1f/0x160 ? rcu_sync_lockdep_assert+0x9/0x50 ? __sb_start_write+0x13f/0x1a0 ? vfs_write+0x183/0x1b0 vfs_write+0xba/0x1b0 ksys_write+0x3d/0xa0 do_syscall_64+0x4b/0x1a0 entry_SYSCALL_64_after_hwframe+0x6a/0xdf in gdb: (gdb) p/x &((struct client_obd *)0)->cl_import $1 = 0xc8 (gdb) p/x &((struct client_obd *)0)->cl_max_rpcs_in_flight $2 = 0x24c in objdump:
000000000001e952 <obd_set_max_mod_rpcs_in_flight+0x22> mov 0xc8(%rdi),%r13
000000000001e959 <obd_set_max_mod_rpcs_in_flight+0x29> mov 0x24c(%rdi),%eax
000000000001e95f <obd_set_max_mod_rpcs_in_flight+0x2f> je 000000000001e9de <obd_set_max_mod_rpcs_in_flight+0xae>
000000000001e961 <obd_set_max_mod_rpcs_in_flight+0x31> testb $0x20,0x0(%rip) # 000000000001e968 <obd_set_max_mod_rpcs_in_flight+0x38>
1e963: R_X86_64_PC32 libcfs_subsystem_debug-0x5
000000000001e968 <obd_set_max_mod_rpcs_in_flight+0x38> je 000000000001e9de <obd_set_max_mod_rpcs_in_flight+0xae>
000000000001e96a <obd_set_max_mod_rpcs_in_flight+0x3a> mov 0xe0(%r13),%rdx
so this is cli->cl_import=NULL in
ocd = &cli->cl_import->imp_connect_data;
|