https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 https://jira.whamcloud.com/browse/LU-13956 Lustre <p>Hello,<br/> This is likely not very important as it's a contrived situation, but I am reliably able to crash an MDS running 2.12.5, by setting the project id on a file to '4294967295'.</p> <p>I only stumbled on it, as I was curious what the upper limit of project IDs would be, so tried this value and get a MDS crash.</p> <p>I attach the vmcore-dmesg.txt file - I can supply a vmcore file too if requested. Is this a kernel issue rather than a lustre issue?</p> <p>Obviously this isn't a major issue, but I just thought I'd raise the bug report in case it's a simple fix.</p> <p>Cheers,<br/> Matt</p> kernel: 3.10.0-1127.8.2.el7_lustre <br/> e2fsprogs: LU-13956

crash - kernel NULL pointer deference when setting project id to 4294967295

Bug Major Resolved Duplicate Wang Shilong Matt Rásó-Barnett Fri, 11 Sep 2020 10:46:10 +0000 Wed, 16 Sep 2020 07:01:34 +0000 Tue, 15 Sep 2020 18:57:03 +0000 Lustre 2.12.5 0 5 <p>Shilong</p> <p>As Matt suggests, this is relatively low priority but is likely a simple thing to tidy up</p> <p>Peter</p> <p>Would you mind sharing steps to reproduce the problem:</p> <p>It looks working for me:<br/> <span class="error">&#91;root@server_el7_vm1 lustre&#93;</span># lfs project -p 4294967295 file<br/> <span class="error">&#91;root@server_el7_vm1 lustre&#93;</span># lfs project file<br/> 4294967295 - file</p> <p>Interesting, I didn't know about 'lfs project' - I get the same issue with that command as well though, just running what you showed exactly.</p> <p>Perhaps there is something with my setup then, I'm using RHEL 7.8, 3.10.0-1127.8.2.el7_lustre, Lustre 2.12.5. I'll redeploy this filesystem and see if the issue goes away.</p> <p>Thanks for checking it for me.</p> <p>Matt, there was a patch landed recently that may have hidden this?</p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre>commit 3d9900e78e180a211c50ea1030fa147c5a330f22 Author: Etienne AUJAMES &lt;eaujames@ddn.com&gt; LU-12549 utils: Check range of quota ID for "lfs" arguments strtoul function return a 64bits value on a 64bits system, so an overflow occurs when we store user value into a quota/project structure. This commit apply the same 32 bits verification for "lfs" project, quota,setquota and find commands on uid, gid and project id arguments. Signed-off-by: Etienne AUJAMES &lt;eaujames@ddn.com&gt; Change-Id: I809e9ac55d4bc676c20b18c6c198a69eaba9cff6 Reviewed-on: https://review.whamcloud.com/38938 </pre> </div></div> <p>However, that only affects the user tools. If the MDS crashes due to bad input, that should be fixed as well.</p> <p>Could you please attach reproducer steps and a stack trace, so that the MDS can be suitably hardened.</p> <p>Maybe i should try b2_12, at least i tried to revert " <a href="https://jira.whamcloud.com/browse/LU-12549" title="Lustre project PID 32-bit overflow" class="issue-link" data-issue-key="LU-12549"><del>LU-12549</del></a> utils: Check range of quota ID for "lfs" arguments" on master, could not reproduce the problem.</p> <p>Sorry, I didn't see the vmcore file, it already has the stack:</p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre>[ 1160.328702] BUG: unable to handle kernel NULL pointer dereference at 000000000000007e [ 1160.336576] IP: [&lt;ffffffffa14bbe26&gt;] check_idq.constprop.23+0x16/0x1c0 [ 1160.343128] PGD 0 [ 1160.345166] Oops: 0000 [#1] SMP [ 1160.460913] CPU: 21 PID: 5663 Comm: mdt01_012 3.10.0-1127.8.2.el7_lustre.x86_64 #1 [ 1160.488092] RIP: 0010:[&lt;ffffffffa14bbe26&gt;] [&lt;ffffffffa14bbe26&gt;] check_idq.constprop.23+0x16/0x1c0 [ 1160.575912] Call Trace: [ 1160.578361] [&lt;ffffffffa14bf1ac&gt;] __dquot_transfer+0x32c/0x510 [ 1160.630492] [&lt;ffffffffc16e354f&gt;] osd_transfer_project+0x14f/0x1a0 [osd_ldiskfs] [ 1160.638470] [&lt;ffffffffc16e3630&gt;] osd_quota_transfer+0x90/0x230 [osd_ldiskfs] [ 1160.653446] [&lt;ffffffffc16f0d3f&gt;] osd_attr_set+0x11f/0xb90 [osd_ldiskfs] [ 1160.660718] [&lt;ffffffffc198ab68&gt;] lod_sub_attr_set+0x1c8/0x460 [lod] [ 1160.675739] [&lt;ffffffffc197370a&gt;] lod_attr_set+0xba/0x9e0 [lod] [ 1160.689502] [&lt;ffffffffc19f24d0&gt;] mdd_attr_set_internal+0x120/0x2a0 [mdd] [ 1160.696819] [&lt;ffffffffc19f4f08&gt;] mdd_attr_set+0x928/0xda0 [mdd] [ 1160.711153] [&lt;ffffffffc18a4bcb&gt;] mdt_reint_setattr+0x9db/0x1290 [mdt] [ 1160.718202] [&lt;ffffffffc18a6963&gt;] mdt_reint_rec+0x83/0x210 [mdt] [ 1160.724713] [&lt;ffffffffc1883273&gt;] mdt_reint_internal+0x6e3/0xaf0 [mdt] [ 1160.731738] [&lt;ffffffffc188e6e7&gt;] mdt_reint+0x67/0x140 [mdt] [ 1160.737905] [&lt;ffffffffc14799da&gt;] tgt_request_handle+0xada/0x1570 [ptlrpc] [ 1160.760792] [&lt;ffffffffc141e48b&gt;] ptlrpc_server_handle_request+0x24b/0xab0 [ptlrpc] [ 1160.781758] [&lt;ffffffffc1421df4&gt;] ptlrpc_main+0xb34/0x1470 [ptlrpc] </pre> </div></div> <p>Hello,</p> <p>I have already created a ticket on the subject: <a href="https://jira.whamcloud.com/browse/LU-13845" title="Kernel crash on: lfs quota -u $(( (1&lt;&lt;32) -1))" class="issue-link" data-issue-key="LU-13845"><del>LU-13845</del></a></p> <p>(patch: <a href="https://review.whamcloud.com/39559" class="external-link" target="_blank" rel="nofollow noopener">https://review.whamcloud.com/39559</a>)</p> <p>Ah thanks for pointing that out. Happy for this to be closed as dupe of that.<br/> Cheers,<br/> Matt</p> Duplicate LU-13845 Development Rank 1|i019lr: Rank (Obsolete) 9223372036854775807