[LU-14276] NULL pointer dereference in obd_set_max_mod_rpcs_in_flight()

Tue, 22 Dec 2020 19:55:12 +0000

Lustre: DEBUG MARKER: == conf-sanity test 90c: check max_mod_rpcs_in_flight update limits ================================== 00:36:11 (1608665771)
..
Lustre: Unmounted lustre-client
Lustre: Modifying parameter lustre.mdc.lustre-MDT0000-mdc-*.max_rpcs_in_flight in log params
Lustre: Skipped 1 previous similar message
BUG: unable to handle kernel NULL pointer dereference at 00000000000000e0
PGD 143a13067 P4D 143a13067 PUD 120aa8067 PMD 0 
Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
CPU: 1 PID: 15115 Comm: lctl Tainted: G        W  O     --------- ---  4.18.0 #34
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
RIP: 0010:obd_set_max_mod_rpcs_in_flight+0x3a/0x2e0 [obdclass]
Code: be e7 ff 40 41 55 41 54 41 89 f4 55 89 f5 53 48 89 fb 4c 8b af c8 00 00 00 8b 87 4c 02 00 00 74 7d f6 05 18 be e7 ff 20 74 74 <49> 8b 95 e0 00 00 00 48 b9 20 00 00 00 5b 08 00 00 48 c7 c7 e0 ac
RSP: 0018:ffff880158a0fde8 EFLAGS: 00010202
RAX: 0000000000000008 RBX: ffff880145b050e0 RCX: 0000000000000007
RDX: 00000000ffffffbf RSI: 0000000000000007 RDI: ffff880145b050e0
RBP: 0000000000000007 R08: 0000000000000007 R09: 0000000000000001
R10: 000000000000000a R11: f000000000000000 R12: 0000000000000007
R13: 0000000000000000 R14: ffff880158a0ff10 R15: ffff880120a88e20
FS:  00007fc7a8b42740(0000) GS:ffff88016b000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000000000e0 CR3: 000000015ad60000 CR4: 00000000000006a0
Call Trace:
 max_mod_rpcs_in_flight_store+0x3c/0x50 [mdc]
 kernfs_fop_write+0x10d/0x190
 __vfs_write+0x1f/0x160
 ? rcu_sync_lockdep_assert+0x9/0x50
 ? __sb_start_write+0x13f/0x1a0
 ? vfs_write+0x183/0x1b0
 vfs_write+0xba/0x1b0
 ksys_write+0x3d/0xa0
 do_syscall_64+0x4b/0x1a0
 entry_SYSCALL_64_after_hwframe+0x6a/0xdf

in gdb:

(gdb) p/x &((struct client_obd *)0)->cl_import
$1 = 0xc8
(gdb) p/x &((struct client_obd *)0)->cl_max_rpcs_in_flight
$2 = 0x24c

in objdump:

000000000001e952 <obd_set_max_mod_rpcs_in_flight+0x22> mov    0xc8(%rdi),%r13
000000000001e959 <obd_set_max_mod_rpcs_in_flight+0x29> mov    0x24c(%rdi),%eax
000000000001e95f <obd_set_max_mod_rpcs_in_flight+0x2f> je     000000000001e9de <obd_set_max_mod_rpcs_in_flight+0xae>
000000000001e961 <obd_set_max_mod_rpcs_in_flight+0x31> testb  $0x20,0x0(%rip)        # 000000000001e968 <obd_set_max_mod_rpcs_in_flight+0x38>
                        1e963: R_X86_64_PC32    libcfs_subsystem_debug-0x5
000000000001e968 <obd_set_max_mod_rpcs_in_flight+0x38> je     000000000001e9de <obd_set_max_mod_rpcs_in_flight+0xae>
000000000001e96a <obd_set_max_mod_rpcs_in_flight+0x3a> mov    0xe0(%r13),%rdx

so this is cli->cl_import=NULL in

        ocd = &cli->cl_import->imp_connect_data;

Whamcloud Community JIRA

[LU-14276] NULL pointer dereference in obd_set_max_mod_rpcs_in_flight()