Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-127023

[NFS-over-TLS] mounting timed out with refcount_t warnings since selinux-policy-42.1.9-1.el10

Linking RHIVOS CVEs to...Migration: Automation ...RHELPRIO AssignedTeam ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-10.2
    • selinux-policy
    • None
    • Yes
    • Critical
    • rhel-security-selinux
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • All
    • None

      What were you trying to do that didn't work?

      Recently the NFS-over-TLS mounting starts to get failed (timed out). And several bisection tests confirmed that package selinux-policy is the source of the issue:

      Pass on selinux-policy-42.1.8-1.el10

      https://beaker.engineering.redhat.com/jobs/11894871

      Failed with selinux-policy-42.1.9-1.el10

      https://beaker.engineering.redhat.com/jobs/11878395

      https://beaker.engineering.redhat.com/jobs/11878400

      https://beaker.engineering.redhat.com/jobs/11878397

      https://beaker.engineering.redhat.com/jobs/11894401

      [21:22:20 root@ ~~]# mount dell-r730-054.bkr.lab.eng.rdu2.dc.redhat.com:/var/exportdir/default /mnt/nfsmp -o vers=4,xprtsec=tls
mount.nfs: Connection timed out for dell-r730-054.bkr.lab.eng.rdu2.dc.redhat.com:/var/exportdir/default on /mnt/nfsmp
:: [ 21:25:20 ] :: [   FAIL   ] ::  (Expected 0, got 32)

      And there are some warnings in the console.log:

      [   56.573105] restraintd[3510]: ** Running task: 205482705 [/nfs-utils/ktls-utils/function/nfs-rpc-with-tls-local] 
[   78.896219] RPC: Registered rdma transport module. 
[   78.901574] RPC: Registered rdma backchannel transport module. 
[   79.017215] NFSD: Using nfsdcld client tracking operations. 
[   79.023430] NFSD: no clients to reclaim, skipping NFSv4 grace period (net f0000000) 
[   80.016290] netfs: FS-Cache loaded 
[   80.116839] Key type dns_resolver registered 
[   80.348554] NFS: Registering the id_resolver key type 
[   80.354192] Key type id_resolver registered 
[   80.358862] Key type id_legacy registered 
[   85.729430] ------------[ cut here ]------------ 
[   85.734593] refcount_t: underflow; use-after-free. 
[   85.739952] WARNING: CPU: 19 PID: 0 at lib/refcount.c:28 refcount_warn_saturate+0xbe/0x110 
[   85.749185] Modules linked in: rpcsec_gss_krb5 nfsv4 dns_resolver nfs netfs rpcrdma rdma_cm iw_cm ib_cm ib_core nfsd auth_rpcgss nfs_acl lockd grace nfs_localio sunrpc intel_rapl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel platform_profile ipmi_ssif kvm dell_wmi_descriptor sparse_keymap rfkill mei_me video irqbypass acpi_power_meter iTCO_wdt ixgbe rapl mgag200 iTCO_vendor_support ipmi_si dcdbas mei ioatdma cdc_ether intel_cstate acpi_ipmi pcspkr i2c_algo_bit tg3 intel_uncore ipmi_devintf usbnet mdio mxm_wmi lpc_ich mii dca ipmi_msghandler sg loop fuse nfnetlink xfs sd_mod ahci libahci crct10dif_pclmul libata crc32_pclmul crc32c_intel megaraid_sas ghash_clmulni_intel wmi dm_mirror dm_region_hash dm_log dm_mod 
[   85.823509] CPU: 19 UID: 0 PID: 0 Comm: swapper/19 Kdump: loaded Not tainted 6.12.0-152.el10.x86_64 #1 PREEMPT(voluntary)  
[   85.835838] Hardware name: Dell Inc. PowerEdge R730/072T6D, BIOS 2.8.0 005/17/2018 
[   85.844287] RIP: 0010:refcount_warn_saturate+0xbe/0x110 
[   85.850120] Code: 02 01 e8 c5 c6 9f ff 0f 0b c3 cc cc cc cc 80 3d d3 0b 01 02 00 75 85 48 c7 c7 18 aa f2 8a c6 05 c3 0b 01 02 01 e8 a2 c6 9f ff <0f> 0b c3 cc cc cc cc 80 3d b1 0b 01 02 00 0f 85 5e ff ff ff 48 c7 
[   85.871075] RSP: 0018:ffffd3ef8695ccd8 EFLAGS: 00010286 
[   85.876907] RAX: 0000000000000000 RBX: ffff8e92c5d54800 RCX: 000000000000083f 
[   85.884871] RDX: 0000000000000000 RSI: 00000000000000f6 RDI: 000000000000003f 
[   85.892833] RBP: ffff8ea24d907340 R08: 0000000000000000 R09: ffffffff8bbe26c8 
[   85.900797] R10: ffffffff8bb22688 R11: 0000000000000003 R12: ffff8ea24d907200 
[   85.908762] R13: 0000000000000000 R14: 0000000000000002 R15: ffff8e92c5dd0120 
[   85.916725] FS:  0000000000000000(0000) GS:ffff8eb1ffc40000(0000) knlGS:0000000000000000 
[   85.925756] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033 
[   85.932170] CR2: 00007fbd41f85b80 CR3: 0000000862622006 CR4: 00000000001726f0 
[   85.940134] Call Trace: 
[   85.942864]  <IRQ> 
[   85.945106]  ? show_trace_log_lvl+0x1b0/0x2f0 
[   85.949971]  ? show_trace_log_lvl+0x1b0/0x2f0 
[   85.954834]  ? tcp_v4_rcv+0xd7f/0x1080 
[   85.959019]  ? refcount_warn_saturate+0xbe/0x110 
[   85.964171]  ? __warn.cold+0x93/0xf4 
[   85.968165]  ? refcount_warn_saturate+0xbe/0x110 
[   85.973318]  ? report_bug+0xff/0x140 
[   85.977299]  ? handle_bug+0x53/0x90 
[   85.981190]  ? exc_invalid_op+0x17/0x70 
[   85.985470]  ? asm_exc_invalid_op+0x1a/0x20 
[   85.990140]  ? refcount_warn_saturate+0xbe/0x110 
[   85.995293]  ? refcount_warn_saturate+0xbe/0x110 
[   86.000443]  tcp_v4_rcv+0xd7f/0x1080 
[   86.004434]  ? raw_v4_input+0x141/0x260 
[   86.008716]  ip_protocol_deliver_rcu+0x32/0x180 
[   86.013774]  ip_local_deliver_finish+0x76/0xa0 
[   86.018726]  ip_local_deliver+0x68/0x100 
[   86.023104]  __netif_receive_skb_one_core+0x87/0xa0 
[   86.028551]  process_backlog+0x9c/0x150 
[   86.032831]  __napi_poll+0x2b/0x160 
[   86.036725]  net_rx_action+0x339/0x420 
[   86.040901]  handle_softirqs+0xe5/0x2a0 
[   86.045185]  irq_exit_rcu+0x9b/0xc0 
[   86.049077]  sysvec_apic_timer_interrupt+0x71/0x90 
[   86.054426]  </IRQ> 
[   86.056765]  <TASK> 
[   86.059103]  asm_sysvec_apic_timer_interrupt+0x1a/0x20 
[   86.064838] RIP: 0010:cpuidle_enter_state+0xc0/0x410 
[   86.070370] Code: d3 01 00 00 e8 91 d9 37 ff e8 1c f0 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 7d 3a 36 ff 45 84 ff 0f 85 a5 01 00 00 fb 45 85 f6 <0f> 88 84 01 00 00 49 63 d6 48 8d 04 52 48 8d 04 82 49 8d 0c c4 48 
[   86.091326] RSP: 0018:ffffd3ef8450fe70 EFLAGS: 00000202 
[   86.097156] RAX: ffff8eb1ffc40000 RBX: 0000000000000002 RCX: 0000000000000000 
[   86.105119] RDX: 00000013f5de99b1 RSI: 000000b050571642 RDI: 0000000000000000 
[   86.113084] RBP: ffff8eb1ffc7b7e0 R08: 0000000000000002 R09: 00000000048b3edb 
[   86.121046] R10: 0000000000005203 R11: ffff8eb1ffc70cac R12: ffffffff8bcd7360 
[   86.129011] R13: 00000013f5de99b1 R14: 0000000000000002 R15: 0000000000000000 
[   86.136976]  cpuidle_enter+0x2d/0x40 
[   86.140967]  cpuidle_idle_call+0xef/0x150 
[   86.145445]  do_idle+0x73/0xd0 
[   86.148844]  cpu_startup_entry+0x29/0x30 
[   86.153223]  start_secondary+0x115/0x140 
[   86.157599]  common_startup_64+0x13e/0x141 
[   86.162174]  </TASK> 
[   86.164610] ---[ end trace 0000000000000000 ]--- 
[   90.808494] ------------[ cut here ]------------ 
[   90.813658] refcount_t: decrement hit 0; leaking memory. 
[   90.819593] WARNING: CPU: 5 PID: 233 at lib/refcount.c:31 refcount_warn_saturate+0xff/0x110 
[   90.828921] Modules linked in: rpcsec_gss_krb5 nfsv4 dns_resolver nfs netfs rpcrdma rdma_cm iw_cm ib_cm ib_core nfsd auth_rpcgss nfs_acl lockd grace nfs_localio sunrpc intel_rapl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel platform_profile ipmi_ssif kvm dell_wmi_descriptor sparse_keymap rfkill mei_me video irqbypass acpi_power_meter iTCO_wdt ixgbe rapl mgag200 iTCO_vendor_support ipmi_si dcdbas mei ioatdma cdc_ether intel_cstate acpi_ipmi pcspkr i2c_algo_bit tg3 intel_uncore ipmi_devintf usbnet mdio mxm_wmi lpc_ich mii dca ipmi_msghandler sg loop fuse nfnetlink xfs sd_mod ahci libahci crct10dif_pclmul libata crc32_pclmul crc32c_intel megaraid_sas ghash_clmulni_intel wmi dm_mirror dm_region_hash dm_log dm_mod 
[   90.903157] CPU: 5 UID: 0 PID: 233 Comm: kworker/u130:9 Kdump: loaded Tainted: G        W          ------  ---  6.12.0-152.el10.x86_64 #1 PREEMPT(voluntary)  
[   90.918883] Tainted: [W]=WARN 
[   90.922193] Hardware name: Dell Inc. PowerEdge R730/072T6D, BIOS 2.8.0 005/17/2018 
[   90.930642] Workqueue: xprtiod xprt_autoclose [sunrpc] 
[   90.936431] RIP: 0010:refcount_warn_saturate+0xff/0x110 
[   90.942267] Code: e8 a9 f2 8a c6 05 9d 0b 01 02 01 e8 7b c6 9f ff 0f 0b c3 cc cc cc cc 48 c7 c7 40 aa f2 8a c6 05 81 0b 01 02 01 e8 61 c6 9f ff <0f> 0b c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 
[   90.963227] RSP: 0018:ffffd3ef86c83ce8 EFLAGS: 00010282 
[   90.969053] RAX: 0000000000000000 RBX: ffff8ea24d901300 RCX: 0000000000000000 
[   90.977017] RDX: ffff8eb1ffaab880 RSI: ffff8eb1ffa9d1c0 RDI: ffff8eb1ffa9d1c0 
[   90.984983] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8bbe26c8 
[   90.992950] R10: ffffffff8bb22688 R11: 0000000000000003 R12: ffff8ea2833939e4 
[   91.000905] R13: 0000000000000000 R14: ffff8ea24abb0e40 R15: 0000000000000000 
[   91.008870] FS:  0000000000000000(0000) GS:ffff8eb1ffa80000(0000) knlGS:0000000000000000 
[   91.017902] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033 
[   91.024315] CR2: 00005632530679c8 CR3: 0000000108888001 CR4: 00000000001726f0 
[   91.032281] Call Trace: 
[   91.035009]  <TASK> 
[   91.037350]  ? show_trace_log_lvl+0x1b0/0x2f0 
[   91.042214]  ? show_trace_log_lvl+0x1b0/0x2f0 
[   91.047077]  ? tcp_done+0x60/0x100 
[   91.050874]  ? refcount_warn_saturate+0xff/0x110 
[   91.056028]  ? __warn.cold+0x93/0xf4 
[   91.060020]  ? refcount_warn_saturate+0xff/0x110 
[   91.065174]  ? report_bug+0xff/0x140 
[   91.069164]  ? handle_bug+0x53/0x90 
[   91.073057]  ? exc_invalid_op+0x17/0x70 
[   91.077337]  ? asm_exc_invalid_op+0x1a/0x20 
[   91.082008]  ? refcount_warn_saturate+0xff/0x110 
[   91.087154]  ? refcount_warn_saturate+0xff/0x110 
[   91.092300]  tcp_done+0x60/0x100 
[   91.095895]  tcp_rcv_state_process+0x451/0x7d0 
[   91.100856]  tcp_v4_do_rcv+0xd3/0x2b0 
[   91.104937]  __release_sock+0xb8/0xd0 
[   91.109029]  release_sock+0x2f/0xa0 
[   91.112924]  inet_shutdown+0x9b/0xf0 
[   91.116916]  xs_reset_transport+0x6a/0x1b0 [sunrpc] 
[   91.122399]  xs_tcp_shutdown+0x96/0x110 [sunrpc] 
[   91.127588]  xprt_autoclose+0x59/0x100 [sunrpc] 
[   91.132679]  process_one_work+0x177/0x330 
[   91.137147]  worker_thread+0x256/0x3a0 
[   91.141331]  ? __pfx_worker_thread+0x10/0x10 
[   91.146097]  kthread+0xfd/0x240 
[   91.149606]  ? __pfx_kthread+0x10/0x10 
[   91.153792]  ret_from_fork+0x34/0x50 
[   91.157784]  ? __pfx_kthread+0x10/0x10 
[   91.161962]  ret_from_fork_asm+0x1a/0x30 
[   91.166343]  </TASK> 
[   91.168780] ---[ end trace 0000000000000000 ]--- 
[   91.173943] ------------[ cut here ]------------ 
[   91.179088] refcount_t: saturated; leaking memory. 
[   91.184443] WARNING: CPU: 5 PID: 233 at lib/refcount.c:22 refcount_warn_saturate+0x55/0x110 
[   91.193759] Modules linked in: rpcsec_gss_krb5 nfsv4 dns_resolver nfs netfs rpcrdma rdma_cm iw_cm ib_cm ib_core nfsd auth_rpcgss nfs_acl lockd grace nfs_localio sunrpc intel_rapl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel platform_profile ipmi_ssif kvm dell_wmi_descriptor sparse_keymap rfkill mei_me video irqbypass acpi_power_meter iTCO_wdt ixgbe rapl mgag200 iTCO_vendor_support ipmi_si dcdbas mei ioatdma cdc_ether intel_cstate acpi_ipmi pcspkr i2c_algo_bit tg3 intel_uncore ipmi_devintf usbnet mdio mxm_wmi lpc_ich mii dca ipmi_msghandler sg loop fuse nfnetlink xfs sd_mod ahci libahci crct10dif_pclmul libata crc32_pclmul crc32c_intel megaraid_sas ghash_clmulni_intel wmi dm_mirror dm_region_hash dm_log dm_mod 
[   91.268020] CPU: 5 UID: 0 PID: 233 Comm: kworker/u130:9 Kdump: loaded Tainted: G        W          ------  ---  6.12.0-152.el10.x86_64 #1 PREEMPT(voluntary)  
[   91.283745] Tainted: [W]=WARN 
[   91.287056] Hardware name: Dell Inc. PowerEdge R730/072T6D, BIOS 2.8.0 005/17/2018 
[   91.295505] Workqueue: xprtiod xprt_autoclose [sunrpc] 
[   91.301275] RIP: 0010:refcount_warn_saturate+0x55/0x110 
[   91.307100] Code: 84 bc 00 00 00 c3 cc cc cc cc 85 f6 74 46 80 3d 3e 0c 01 02 00 75 ee 48 c7 c7 c0 a9 f2 8a c6 05 2e 0c 01 02 01 e8 0b c7 9f ff <0f> 0b c3 cc cc cc cc 80 3d 17 0c 01 02 00 75 cb 48 c7 c7 70 aa f2 
[   91.328050] RSP: 0018:ffffd3ef86c83d10 EFLAGS: 00010286 
[   91.333883] RAX: 0000000000000000 RBX: ffff8ea24d901300 RCX: 0000000000000000 
[   91.341850] RDX: ffff8eb1ffaab880 RSI: ffff8eb1ffa9d1c0 RDI: ffff8eb1ffa9d1c0 
[   91.349805] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8bbe26c8 
[   91.357770] R10: ffffffff8bb22688 R11: 0000000000000003 R12: 0000000000000007 
[   91.365734] R13: 0000000000000000 R14: ffff8e92cd54e540 R15: 0000000000000000 
[   91.373698] FS:  0000000000000000(0000) GS:ffff8eb1ffa80000(0000) knlGS:0000000000000000 
[   91.382730] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033 
[   91.389155] CR2: 00005632530679c8 CR3: 0000000108888001 CR4: 00000000001726f0 
[   91.397121] Call Trace: 
[   91.399851]  <TASK> 
[   91.402192]  ? show_trace_log_lvl+0x1b0/0x2f0 
[   91.407055]  ? show_trace_log_lvl+0x1b0/0x2f0 
[   91.411920]  ? __tcp_close+0x33f/0x3e0 
[   91.416105]  ? refcount_warn_saturate+0x55/0x110 
[   91.421258]  ? __warn.cold+0x93/0xf4 
[   91.425250]  ? refcount_warn_saturate+0x55/0x110 
[   91.430403]  ? report_bug+0xff/0x140 
[   91.434396]  ? handle_bug+0x53/0x90 
[   91.438289]  ? exc_invalid_op+0x17/0x70 
[   91.442568]  ? asm_exc_invalid_op+0x1a/0x20 
[   91.447239]  ? refcount_warn_saturate+0x55/0x110 
[   91.452393]  __tcp_close+0x33f/0x3e0 
[   91.456383]  tcp_close+0x23/0x80 
[   91.459986]  inet_release+0x43/0x80 
[   91.463881]  __sock_release+0x3d/0xb0 
[   91.467972]  sock_close+0x15/0x20 
[   91.471678]  __fput+0xdf/0x2a0 
[   91.475089]  xs_reset_transport+0x135/0x1b0 [sunrpc] 
[   91.480659]  xs_tcp_shutdown+0x96/0x110 [sunrpc] 
[   91.485839]  xprt_autoclose+0x59/0x100 [sunrpc] 
[   91.490930]  process_one_work+0x177/0x330 
[   91.495407]  worker_thread+0x256/0x3a0 
[   91.499591]  ? __pfx_worker_thread+0x10/0x10 
[   91.504358]  kthread+0xfd/0x240 
[   91.507864]  ? __pfx_kthread+0x10/0x10 
[   91.512041]  ret_from_fork+0x34/0x50 
[   91.516056]  ? __pfx_kthread+0x10/0x10 
[   91.520240]  ret_from_fork_asm+0x1a/0x30 
[   91.524623]  </TASK> 
[   91.527062] ---[ end trace 0000000000000000 ]---

      What is the impact of this issue to you?

      Please provide the package NVR for which the bug is seen:

      since selinux-policy-42.1.9-1.el10

      How reproducible is this bug?:

      always

      Steps to reproduce

      1. Mounting NFS with TLS enabled
      2.  
      3.  

      Expected results

      Actual results

              rhn-support-zpytela Zdenek Pytela
              rhn-support-yoyang Yongcheng Yang
              Zdenek Pytela
              Zdenek Pytela Zdenek Pytela
              SSG Security QE SSG Security QE
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated: