Whamcloud Community JIRA https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 [LU-10450] NULL pointer deref in mdd_changelog_data_store_by_fid+0xfa https://jira.whamcloud.com/browse/LU-10450 Lustre <p>Seems to be introduced by <a href="https://jira.whamcloud.com/browse/LU-9727" title="Lustre Audit with Changelogs" class="issue-link" data-issue-key="LU-9727"><del>LU-9727</del></a> patch <a href="https://review.whamcloud.com/28114" class="external-link" target="_blank" rel="nofollow noopener">https://review.whamcloud.com/28114</a></p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre>[75525.109249] Lustre: DEBUG MARKER: == sanity test 232a: failed lock should not block umount ============================================= 21:15:03 (1514081703) [75525.200932] Lustre: *** cfs_fail_loc=31c, val=0*** [75525.201581] LustreError: 11-0: lustre-OST0000-osc-ffff88029158c800: operation ldlm_enqueue to node 0@lo failed: rc = -12 [75526.044646] BUG: unable to handle kernel NULL pointer dereference at 0000000000000018 [75526.046450] IP: [&lt;ffffffffa124d9ba&gt;] mdd_changelog_data_store_by_fid+0xfa/0x1c0 [mdd] [75526.047346] PGD 0 [75526.047757] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC [75526.048211] Modules linked in: brd lustre(OE) ofd(OE) osp(OE) lod(OE) ost(OE) mdt(OE) mdd(OE) mgs(OE) osd_zfs(OE) lquota(OE) lfsck(OE) obdecho(OE) mgc(OE) lov(OE) mdc(OE) osc(OE) lmv(OE) fid(OE) fld(OE) ptlrpc_gss(OE) ptlrpc(OE) obdclass(OE) ksocklnd(OE) lnet(OE) libcfs(OE) ext4 mbcache loop zfs(PO) zunicode(PO) zavl(PO) icp(PO) zcommon(PO) znvpair(PO) spl(O) zlib_deflate jbd2 syscopyarea ata_generic sysfillrect pata_acpi sysimgblt ttm drm_kms_helper ata_piix i2c_piix4 drm virtio_balloon virtio_console pcspkr i2c_core libata serio_raw virtio_blk floppy nfsd ip_tables rpcsec_gss_krb5 [last unloaded: libcfs] [75526.053084] CPU: 0 PID: 19445 Comm: mdt00_001 Tainted: P OE ------------ 3.10.0-debug #2 [75526.053959] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [75526.054557] task: ffff8800a0182600 ti: ffff8802d4fc8000 task.ti: ffff8802d4fc8000 [75526.055830] RIP: 0010:[&lt;ffffffffa124d9ba&gt;] [&lt;ffffffffa124d9ba&gt;] mdd_changelog_data_store_by_fid+0xfa/0x1c0 [mdd] [75526.057220] RSP: 0018:ffff8802d4fcbaa0 EFLAGS: 00010246 [75526.057688] RAX: 0000000000000040 RBX: ffff8802d4fcbbf0 RCX: 0000000000000060 [75526.058159] RDX: 0000000000000042 RSI: 0000000000000001 RDI: ffff8802ac9b9f90 [75526.058727] RBP: ffff8802d4fcbae8 R08: ffff88024fe15dc8 R09: ffff8800bb225480 [75526.059197] R10: 0000000000009042 R11: 0000000000000000 R12: ffff8802ac9b9f80 [75526.061825] R13: 0000000000000000 R14: ffff8802ac9b9f90 R15: 0000000000000000 [75526.062445] FS: 0000000000000000(0000) GS:ffff88033e400000(0000) knlGS:0000000000000000 [75526.063454] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [75526.063987] CR2: 0000000000000018 CR3: 00000002a55f6000 CR4: 00000000000006f0 [75526.064553] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [75526.065395] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [75526.066085] Stack: [75526.066502] ffff8800bb225480 0000000b00000000 ffff88025241fc00 0000007000009042 [75526.067576] ffff880304158fa0 ffff8802d4fcbbf0 ffff8800bb225480 0000000000000000 [75526.068786] 0000000000000000 ffff8802d4fcbb08 ffffffffa124ea80 ffff880304158fa0 [75526.069698] Call Trace: [75526.070168] [&lt;ffffffffa124ea80&gt;] mdd_changelog_data_store+0xf0/0x220 [mdd] [75526.070687] [&lt;ffffffffa124f95b&gt;] mdd_close+0x25b/0xcf0 [mdd] [75526.071207] [&lt;ffffffffa12c1b58&gt;] mdt_mfd_close+0x478/0x730 [mdt] [75526.071709] [&lt;ffffffffa12904a1&gt;] mdt_obd_disconnect+0x371/0x680 [mdt] [75526.072335] [&lt;ffffffffa05c024f&gt;] target_handle_disconnect+0x13f/0x4c0 [ptlrpc] [75526.073287] [&lt;ffffffffa065c817&gt;] tgt_disconnect+0x37/0x140 [ptlrpc] [75526.073869] [&lt;ffffffffa06651ab&gt;] tgt_request_handle+0x93b/0x13e0 [ptlrpc] [75526.074395] [&lt;ffffffffa060a141&gt;] ptlrpc_server_handle_request+0x261/0xaf0 [ptlrpc] [75526.075333] [&lt;ffffffffa060def8&gt;] ptlrpc_main+0xa58/0x1df0 [ptlrpc] [75526.075895] [&lt;ffffffffa060d4a0&gt;] ? ptlrpc_register_service+0xeb0/0xeb0 [ptlrpc] [75526.076806] [&lt;ffffffff810a2eba&gt;] kthread+0xea/0xf0 [75526.077250] [&lt;ffffffff810a2dd0&gt;] ? kthread_create_on_node+0x140/0x140 [75526.077772] [&lt;ffffffff8170fb98&gt;] ret_from_fork+0x58/0x90 [75526.078239] [&lt;ffffffff810a2dd0&gt;] ? kthread_create_on_node+0x140/0x140 [75526.078744] Code: 56 08 4d 8d 74 24 10 49 89 44 24 30 31 c0 45 85 ff 49 89 54 24 38 66 41 89 44 24 10 75 53 be 01 00 00 00 4c 89 f7 e8 76 23 ff ff &lt;41&gt; 8b 55 18 41 8b 75 14 4c 89 f7 e8 a6 23 ff ff 48 8b 0c 24 48 [75526.080697] RIP [&lt;ffffffffa124d9ba&gt;] mdd_changelog_data_store_by_fid+0xfa/0x1c0 [mdd] [75526.081632] RSP &lt;ffff8802d4fcbaa0&gt; [75526.082083] CR2: 0000000000000018 </pre> </div></div> <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> <pre class="code-java">(gdb) l *(mdd_changelog_data_store_by_fid+0xfa) 0x219ea is in mdd_changelog_data_store_by_fid (/home/green/git/lustre-release/lustre/mdd/mdd_object.c:675). 670 mdd_changelog_rec_ext_jobid(&amp;rec-&gt;cr, uc-&gt;uc_jobid); 671 672 <span class="code-keyword">if</span> (flags &amp; CLF_EXTRA_FLAGS) { 673 mdd_changelog_rec_ext_extra_flags(&amp;rec-&gt;cr, xflags); 674 <span class="code-keyword">if</span> (xflags &amp; CLFE_UIDGID) 675 mdd_changelog_rec_extra_uidgid(&amp;rec-&gt;cr, 676 uc-&gt;uc_uid, uc-&gt;uc_gid); 677 } 678 679 rc = mdd_changelog_store(env, mdd, rec, handle); (gdb) quit </pre> </div></div> <p>If we look at this function, we can see this bit of code at the start:</p> <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> <pre class="code-java"> <span class="code-object">int</span> xflags = CLFE_INVALID; ... flags = (flags &amp; CLF_FLAGMASK) | CLF_VERSION | CLF_EXTRA_FLAGS; <span class="code-keyword">if</span> (uc != NULL &amp;&amp; uc-&gt;uc_jobid[0] != <span class="code-quote">'\0'</span>) flags |= CLF_JOBID; xflags |= CLFE_UIDGID; </pre> </div></div> <p>It looks like we really need to move that xflags assignment into under the if case?</p> <p>Also should we really be ORin the new flags onto invalid bit, or sohuld that just become a proper assignment?</p> LU-10450 NULL pointer deref in mdd_changelog_data_store_by_fid+0xfa Bug Major Resolved Duplicate Sebastien Buisson Oleg Drokin Wed, 3 Jan 2018 17:16:02 +0000 Thu, 4 Jan 2018 17:35:25 +0000 Thu, 4 Jan 2018 17:35:25 +0000 Lustre 2.11.0 Lustre 2.11.0 0 5 <p>Yep. I just seen it in my testing as well.</p> <p>Sebastien</p> <p>Could you please investigate?</p> <p>Peter</p> Duplicate LU-10454 Related LU-9727 Development Rank 1|hzzqbb: Rank (Obsolete) 9223372036854775807 Severity