https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 https://jira.whamcloud.com/browse/LU-16617 Lustre <p>A null-pointer dereference is detected in osc_request.c:3358 (function osc_iocontrol) and then crashes the kernel.</p> <ol> <li>Strace<br/> open(".", O_RDONLY) = 3<br/> ioctl(3, _IOC(_IOC_WRITE, 0x66, 0x85, 0x8), 0) = ?<br/> +++ killed by SIGSEGV +++<br/> Segmentation fault</li> </ol> Three server nodes and one client. Kernel version: Ubuntu-5.4.0-90.101 <br/> <br/> # MGS <br/> mkfs.lustre --fsname=lustre --mgs /dev/vda <br/> mount -t lustre /dev/vda /root/lustre-server <br/> <br/> # MDS <br/> mkfs.lustre --fsname=lustre --index=0 --mgsnode=$<a href='mailto:start_ip@tcp0'>start_ip@tcp0</a> --mdt /dev/vda <br/> mount -t lustre /dev/vda /root/lustre-server <br/> <br/> # OSS <br/> mkfs.lustre --ost --fsname=lustre --index=1 --reformat --mgsnode=$<a href='mailto:start_ip@tcp0'>start_ip@tcp0</a> /dev/vda <br/> mount -t lustre /dev/vda /root/lustre-server <br/> <br/> # Client <br/> mount -t lustre $<a href='mailto:start_ip@tcp0'>start_ip@tcp0</a>:/lustre /root/lustre-client LU-16617

A null-pointer dereference in osc_request.c:3358:function osc_iocontro

Bug Critical Resolved Duplicate WC Triage Tao Lyu Fri, 3 Mar 2023 13:33:50 +0000 Thu, 11 Jan 2024 12:05:03 +0000 Thu, 11 Jan 2024 12:05:03 +0000 0 3 <p>Concrete information:</p> <p> Lustre commit: 9ddcdee2c8b9ec14986b93cf3180d946cd4869f7 </p> <p>crash stack trace:</p> <p>root@dfs:~# [ 142.000320] kasan: CONFIG_KASAN_INLINE enabled<br/> [ 142.000869] kasan: GPF could be caused by NULL-ptr deref or user memory access<br/> [ 142.001675] general protection fault: 0000 <a href="#1" target="_blank" rel="noopener">1</a> SMP KASAN NOPTI<br/> [ 142.002347] CPU: 0 PID: 520 Comm: test Tainted: G O 5.4.148+ #7<br/> [ 142.003143] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014<br/> [ 142.004159] RIP: 0010:osc_iocontrol+0x2f7/0xe80 <span class="error">&#91;osc&#93;</span><br/> [ 142.004719] Code: 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 42 f9 b5 ce 49 8d bc 24 08 02 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 &lt;80&gt; 3c 02 00 0f 85 6f 0a 00 00 49 8d bf d8 05 00 00 49 8b b4 24 08<br/> [ 142.006938] RSP: 0018:ffff88824a88f6f0 EFLAGS: 00010206<br/> [ 142.007560] RAX: dffffc0000000000 RBX: ffffffffc0352780 RCX: ffffffffc0dbde1e<br/> [ 142.008362] RDX: 0000000000000041 RSI: 00000000c0086815 RDI: 0000000000000208<br/> [ 142.009128] RBP: ffff88824db93800 R08: ffff88824b3b9ec0 R09: 0000000000000000<br/> [ 142.009943] R10: ffff88824a88f940 R11: ffff88824a88fd34 R12: 0000000000000000<br/> [ 142.010754] R13: ffff88824db938e8 R14: 0000000040086685 R15: ffff88823d8336d8<br/> [ 142.011582] FS: 00007ffff7fc0540(0000) GS:ffff888257400000(0000) knlGS:0000000000000000<br/> [ 142.012552] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br/> [ 142.013215] CR2: 0000000020000100 CR3: 000000024aea6005 CR4: 0000000000760ef0<br/> [ 142.014046] PKRU: 55555554<br/> [ 142.014363] Call Trace:<br/> [ 142.015213] lov_iocontrol+0x4ba/0x5de0 <span class="error">&#91;lov&#93;</span><br/> [ 142.021510] ll_dir_ioctl+0x2834/0x17cc0 <span class="error">&#91;lustre&#93;</span><br/> [ 142.048571] do_vfs_ioctl+0x405/0x660<br/> [ 142.049029] ksys_ioctl+0x5e/0x90<br/> [ 142.049444] __x64_sys_ioctl+0x16/0x20<br/> [ 142.049904] do_syscall_64+0x48/0x140<br/> [ 142.050360] entry_SYSCALL_64_after_hwframe+0x44/0xa9<br/> [ 142.051005] RIP: 0033:0x7ffff7ee870d<br/> [ 142.051448] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 &lt;48&gt; 3d 01 f0 ff ff 73 01 c3 48 8b 0d 53 f7 0c 00 f7 d8 64 89 01 48<br/> [ 142.053593] RSP: 002b:00007fffffffe348 EFLAGS: 00000213 ORIG_RAX: 0000000000000010<br/> [ 142.054686] RAX: ffffffffffffffda RBX: 0000555555555290 RCX: 00007ffff7ee870d<br/> [ 142.055484] RDX: 0000000000000000 RSI: 0000000040086685 RDI: 0000000000000003<br/> [ 142.056285] RBP: 00007fffffffe360 R08: 00007fffffffe450 R09: 00007fffffffe450<br/> [ 142.057102] R10: 0000000000000000 R11: 0000000000000213 R12: 0000555555555080<br/> [ 142.057909] R13: 00007fffffffe450 R14: 0000000000000000 R15: 0000000000000000<br/> [ 142.058715] Modules linked in: mgc(O) lustre(O) lmv(O) mdc(O) fid(O) lov(O) fld(O) osc(O) ksocklnd(O) ptlrpc(O) obdclass(O) lnet(O) libcfs(O)<br/> [ 142.060313] --<del>[ end trace 9c88039dbe2366d5 ]</del>--<br/> [ 142.060919] RIP: 0010:osc_iocontrol+0x2f7/0xe80 <span class="error">&#91;osc&#93;</span><br/> [ 142.061569] Code: 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 42 f9 b5 ce 49 8d bc 24 08 02 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 &lt;80&gt; 3c 02 00 0f 85 6f 0a 00 00 49 8d bf d8 05 00 00 49 8b b4 24 08<br/> [ 142.064004] RSP: 0018:ffff88824a88f6f0 EFLAGS: 00010206<br/> [ 142.064817] RAX: dffffc0000000000 RBX: ffffffffc0352780 RCX: ffffffffc0dbde1e<br/> [ 142.065573] RDX: 0000000000000041 RSI: 00000000c0086815 RDI: 0000000000000208<br/> [ 142.066227] RBP: ffff88824db93800 R08: ffff88824b3b9ec0 R09: 0000000000000000<br/> [ 142.066887] R10: ffff88824a88f940 R11: ffff88824a88fd34 R12: 0000000000000000<br/> [ 142.067513] R13: ffff88824db938e8 R14: 0000000040086685 R15: ffff88823d8336d8<br/> [ 142.068139] FS: 00007ffff7fc0540(0000) GS:ffff888257400000(0000) knlGS:0000000000000000<br/> [ 142.068921] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br/> [ 142.069568] CR2: 0000000020000100 CR3: 000000024aea6005 CR4: 0000000000760ef0<br/> [ 142.070358] PKRU: 55555554</p> <p>This will likely also be handled by the <a href="https://jira.whamcloud.com/browse/LU-16634" title="Null pointer dereference in lustre_set_wire_obdo" class="issue-link" data-issue-key="LU-16634"><del>LU-16634</del></a> patch.</p> <p>Okay, thanks!</p> Duplicate Related LU-16634 LU-16616 Development Rank 1|i03fmf: Rank (Obsolete) 9223372036854775807 Severity