[LU-16342] BUG: KASAN: slab-out-of-bounds in mdt_quotactl+0x13ff/0x1430 [mdt] Created: 24/Nov/22  Updated: 28/Mar/23  Resolved: 03/Mar/23

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: Lustre 2.16.0, Lustre 2.15.3

Type: Bug Priority: Minor
Reporter: Sergey Cheremencev Assignee: Sergey Cheremencev
Resolution: Fixed Votes: 0
Labels: None

Severity: 3
Rank (Obsolete): 9223372036854775807

 Description    
[20681.530066] BUG: KASAN: slab-out-of-bounds in mdt_quotactl+0x13ff/0x1430 [mdt]
[20681.530107] Write of size 16 at addr ffff8880129a5398 by task mdt00_003/243049

[20681.530165] CPU: 0 PID: 243049 Comm: mdt00_003 Tainted: G        W  OE    --------- -  - 4.18.0-193.28.1.x5.0.26.x86_64+debug #1
[20681.530216] Hardware name: Radxa ROCK Pi X/ROCK Pi X, BIOS 5.11 09/24/2020
[20681.530250] Call Trace:
[20681.530286]  dump_stack+0x9a/0xf0
[20681.530322]  print_address_description.cold.3+0x9/0x23b
[20681.530362]  kasan_report.cold.4+0x65/0x95
[20681.530599]  mdt_quotactl+0x13ff/0x1430 [mdt]
[20681.530909]  tgt_request_handle+0x17de/0x4300 [ptlrpc]
[20681.531860]  ptlrpc_server_handle_request+0xa65/0x1ff0 [ptlrpc]
[20681.532154]  ptlrpc_main+0x1dd3/0x3810 [ptlrpc]
[20681.532903]  kthread+0x30c/0x3d0
[20681.532971]  ret_from_fork+0x3a/0x50

[20681.533032] Allocated by task 243049:
[20681.533063]  kasan_kmalloc+0xbf/0xe0
[20681.533089]  __kmalloc+0x13d/0x210
[20681.533354]  null_alloc_rs+0x1d6/0x7d0 [ptlrpc]
[20681.533621]  sptlrpc_svc_alloc_rs+0x19c/0x830 [ptlrpc]
[20681.533887]  lustre_pack_reply_v2+0x14c/0x8a0 [ptlrpc]
[20681.534153]  lustre_pack_reply_flags+0x126/0x380 [ptlrpc]
[20681.534421]  req_capsule_server_pack+0xa7/0x1f0 [ptlrpc]
[20681.534548]  mdt_quotactl+0x1cd/0x1430 [mdt]
[20681.534826]  tgt_request_handle+0x17de/0x4300 [ptlrpc]
[20681.535095]  ptlrpc_server_handle_request+0xa65/0x1ff0 [ptlrpc]
[20681.535365]  ptlrpc_main+0x1dd3/0x3810 [ptlrpc]
[20681.535398]  kthread+0x30c/0x3d0
[20681.535425]  ret_from_fork+0x3a/0x50
[20681.535450]  0xffffffffffffffff

[20681.535487] Freed by task 4965:
[20681.535515]  __kasan_slab_free+0x125/0x170
[20681.535542]  slab_free_freelist_hook+0x5a/0x120
[20681.535570]  kfree+0xd6/0x2c0
[20681.535595]  __kfree_skb+0xe/0x20
[20681.535622]  tcp_clean_rtx_queue+0x654/0x2640
[20681.535649]  tcp_ack+0x12cb/0x2da0
[20681.535673]  tcp_rcv_established+0x1324/0x1ff0
[20681.535702]  tcp_v4_do_rcv+0x522/0x790
[20681.535729]  __release_sock+0x11e/0x310
[20681.535756]  release_sock+0x4f/0x180
[20681.535781]  tcp_sendmsg+0x31/0x40
[20681.535806]  sock_sendmsg+0xc0/0x110
[20681.535830]  sock_write_iter+0x1ed/0x340
[20681.535858]  new_sync_write+0x412/0x620
[20681.535884]  vfs_write+0x157/0x460
[20681.535908]  ksys_write+0xb8/0x170
[20681.535934]  do_syscall_64+0xa5/0x4d0
[20681.535961]  entry_SYSCALL_64_after_hwframe+0x6a/0xdf
[20681.535990]  0xffffffffffffffff

[20681.536028] The buggy address belongs to the object at ffff8880129a5100
                which belongs to the cache kmalloc-1k of size 1024
[20681.536083] The buggy address is located 664 bytes inside of
                1024-byte region [ffff8880129a5100, ffff8880129a5500)


 Comments   
Comment by Gerrit Updater [ 24/Nov/22 ]

"Sergey Cheremencev <sergey.cheremencev@hpe.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/49242
Subject: LU-16342 mdt: not copy pool_name to quotactl in reply
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 642d745d0e916206e780a0db3d1e1c37357f5eb3

Comment by Gerrit Updater [ 13/Jan/23 ]

"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/49242/
Subject: LU-16342 mdt: not copy pool_name to quotactl in reply
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: 7e5f927458544bd2681027bfc3df6136d059121f

Comment by Gerrit Updater [ 27/Jan/23 ]

"Jian Yu <yujian@whamcloud.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/49806
Subject: LU-16342 mdt: not copy pool_name to quotactl in reply
Project: fs/lustre-release
Branch: b2_15
Current Patch Set: 1
Commit: bfda5897490c0232c9a52c00092247e1b7c59071

Comment by Cory Spitz [ 03/Mar/23 ]

scherementsev, congrats getting https://review.whamcloud.com/c/fs/lustre-release/+/49242 merged. You can resolve this ticket now, right?

Comment by Gerrit Updater [ 28/Mar/23 ]

"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/49806/
Subject: LU-16342 mdt: not copy pool_name to quotactl in reply
Project: fs/lustre-release
Branch: b2_15
Current Patch Set:
Commit: 101080a430f0aaceb4c1ca546390a85600fa9d0c

Generated at Sat Feb 10 03:26:11 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.