<html class="apple-mail-supports-explicit-dark-mode">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body dir="auto">
Hi Caifeng,
<div>Could you please file this issue in Jira (https://jira.whamcloud.com/ ) and potentially push the fix patch to Gerrit (<a href="https://wiki.lustre.org/Submitting_Changes">https://wiki.lustre.org/Submitting_Changes</a> )</div>
<div><br id="lineBreakAtBeginningOfSignature">
<div dir="ltr">Cheers, Andreas</div>
<div dir="ltr"><br>
<blockquote type="cite">On Dec 22, 2025, at 07:26, caifengzhu via lustre-devel <lustre-devel@lists.lustre.org> wrote:<br>
<br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr"><span>Hi,</span><br>
<span></span><br>
<span>It seems osp_md_index_it_next() have a bug. Consider the case that 'ent' is non</span><br>
<span>null and points to the last entry in the current index page. In this case, a</span><br>
<span>new index page will be loaded with osp_it_next_page() and after the loading,</span><br>
<span>'ent' remains intact. The entry retrieving based on 'ent' is wrong.  Even</span><br>
<span>worse, it may cause kernel crash by accessing an unmaped page.</span><br>
<span></span><br>
<span>A simple fix may be like below.</span><br>
<span></span><br>
<span>diff --git a/lustre/osp/osp_md_object.c b/lustre/osp/osp_md_object.c</span><br>
<span>index 975249d498..88f3cb0002 100644</span><br>
<span>--- a/lustre/osp/osp_md_object.c</span><br>
<span>+++ b/lustre/osp/osp_md_object.c</span><br>
<span>@@ -663,7 +663,7 @@ static int osp_md_index_it_next(const struct lu_env *env, struct dt_it *di)</span><br>
<span>{</span><br>
<span>       struct osp_it           *it = (struct osp_it *)di;</span><br>
<span>       struct lu_idxpage       *idxpage;</span><br>
<span>-       struct lu_dirent        *ent = (struct lu_dirent *)it->ooi_ent;</span><br>
<span>+       struct lu_dirent        *ent;</span><br>
<span>       int                     rc;</span><br>
<span>       ENTRY;</span><br>
<span></span><br>
<span>@@ -674,7 +674,7 @@ again:</span><br>
<span>                       RETURN(1);</span><br>
<span></span><br>
<span>               it->ooi_pos_ent++;</span><br>
<span>-               if (ent == NULL) {</span><br>
<span>+               if ((ent = (struct lu_dirent *)it->ooi_ent) == NULL) {</span><br>
<span>                       it->ooi_ent =</span><br>
<span>                             (struct lu_dirent *)idxpage->lip_entries;</span><br>
<span>                       RETURN(0);</span><br>
<span></span><br>
<span>Best Regards!</span><br>
<span>_______________________________________________</span><br>
<span>lustre-devel mailing list</span><br>
<span>lustre-devel@lists.lustre.org</span><br>
<span>http://lists.lustre.org/listinfo.cgi/lustre-devel-lustre.org</span><br>
</div>
</blockquote>
</div>
</body>
</html>