Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: rhel-9.4
Affects Version/s: rhel-9.2.0.z, rhel-9.3.0.z
Component/s: kernel / File Systems / NFS
Labels:
- batch3

Fixed in Build:
kernel-5.14.0-410.el9
Severity:
Normal
Epic Link:
RHELPLAN-146588
Keywords:

ZStream

Pool Team:

sst_filesystems
Sub-System Group:

ssg_filesystems_storage_and_HA

Dev Target Milestone:
21
Internal Target Milestone:
23
Story Points:
5
ACKs Check:

QE ack, Dev ack
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Products:

Red Hat Enterprise Linux
Release Blocker:
Approved Blocker

Preliminary Testing:
Pass
Testable Builds:

Hide
The following Merge Request has pipeline job artifacts available:

Title: NFS: Use parent's objective cred in nfs_access_login_time()
MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/3595
MR Pipeline: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/pipelines/1136623127

The Repo URLs are *not* accessible from a web browser! They only function as a dnf or yum baseurl.

Artifacts expire six weeks after creation. If artifacts are needed after that time please rerun the pipeline by visiting the MR's 'Pipelines' tab and clicking the 'Run pipeline' button.

----------------------------------------

Downstream Pipeline Name: RHEL_COMPAT (c9s_rhel9_compat_merge_request)
Downstream Pipeline: https://gitlab.com/redhat/red-hat-ci-tools/kernel/cki-internal-pipelines/cki-internal-contributors/-/pipelines/1136623209
Repo URL: https://s3.upshift.redhat.com/DH-PROD-CKI/internal/1136623209/$basearch/5.14.0-407.3595_1136623127.el9.$basearch
Debug Repo URL: https://s3.upshift.redhat.com/DH-PROD-CKI/internal/1136623209/$basearch-debug/5.14.0-407.3595_1136623127.el9.$basearch

5.14.0-407.3595_1136623127.el9.s390x:
Artifacts (RPMs): https://s3.upshift.redhat.com/DH-PROD-CKI/index.html?prefix=internal-artifacts/1136623209/publish_s390x/5921037609/artifacts/repo/5.14.0-407.3595_1136623127.el9.s390x/

5.14.0-407.3595_1136623127.el9.aarch64:
Artifacts (RPMs): https://s3.upshift.redhat.com/DH-PROD-CKI/index.html?prefix=internal-artifacts/1136623209/publish_aarch64/5921037603/artifacts/repo/5.14.0-407.3595_1136623127.el9.aarch64/

5.14.0-407.3595_1136623127.el9.ppc64le:
Artifacts (RPMs): https://s3.upshift.redhat.com/DH-PROD-CKI/index.html?prefix=internal-artifacts/1136623209/publish_ppc64le/5921037601/artifacts/repo/5.14.0-407.3595_1136623127.el9.ppc64le/

5.14.0-407.3595_1136623127.el9.x86_64-debug:
Artifacts (RPMs): https://s3.upshift.redhat.com/DH-PROD-CKI/index.html?prefix=internal-artifacts/1136623209/publish_x86_64_debug/5921037598/artifacts/repo/5.14.0-407.3595_1136623127.el9.x86_64/

5.14.0-407.3595_1136623127.el9.x86_64:
Artifacts (RPMs): https://s3.upshift.redhat.com/DH-PROD-CKI/index.html?prefix=internal-artifacts/1136623209/publish_x86_64/5921037596/artifacts/repo/5.14.0-407.3595_1136623127.el9.x86_64/

----------------------------------------

Downstream Pipeline Name: REALTIME (c9s_rt_merge_request)
Downstream Pipeline: https://gitlab.com/redhat/red-hat-ci-tools/kernel/cki-internal-pipelines/cki-trusted-contributors/-/pipelines/1136623185

5.14.0-407.3595_1136623127.el9.x86_64-debug:
Artifacts (RPMs): https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/index.html?prefix=trusted-artifacts/1136623185/publish_x86_64_debug/5921037337/artifacts/repo/5.14.0-407.3595_1136623127.el9.x86_64/
Repo URL: https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/trusted-artifacts/1136623185/publish_x86_64_debug/5921037337/artifacts/repo/5.14.0-407.3595_1136623127.el9.x86_64/

5.14.0-407.3595_1136623127.el9.x86_64:
Artifacts (RPMs): https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/index.html?prefix=trusted-artifacts/1136623185/publish_x86_64/5921037334/artifacts/repo/5.14.0-407.3595_1136623127.el9.x86_64/
Repo URL: https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/trusted-artifacts/1136623185/publish_x86_64/5921037334/artifacts/repo/5.14.0-407.3595_1136623127.el9.x86_64/

----------------------------------------

Downstream Pipeline Name: AUTOMOTIVE (c9s_automotive_check_merge_request)
Downstream Pipeline: https://gitlab.com/redhat/red-hat-ci-tools/kernel/cki-internal-pipelines/cki-trusted-contributors/-/pipelines/1136623181

5.14.0-407.361.3595_1136623127.el9iv.aarch64-debug:
Artifacts (RPMs): https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/index.html?prefix=trusted-artifacts/1136623181/publish_aarch64_debug/5921037341/artifacts/repo/5.14.0-407.361.3595_1136623127.el9iv.aarch64/
Repo URL: https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/trusted-artifacts/1136623181/publish_aarch64_debug/5921037341/artifacts/repo/5.14.0-407.361.3595_1136623127.el9iv.aarch64/

5.14.0-407.361.3595_1136623127.el9iv.aarch64:
Artifacts (RPMs): https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/index.html?prefix=trusted-artifacts/1136623181/publish_aarch64/5921037339/artifacts/repo/5.14.0-407.361.3595_1136623127.el9iv.aarch64/
Repo URL: https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/trusted-artifacts/1136623181/publish_aarch64/5921037339/artifacts/repo/5.14.0-407.361.3595_1136623127.el9iv.aarch64/

5.14.0-407.361.3595_1136623127.el9iv.x86_64-debug:
Artifacts (RPMs): https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/index.html?prefix=trusted-artifacts/1136623181/publish_x86_64_debug/5921037336/artifacts/repo/5.14.0-407.361.3595_1136623127.el9iv.x86_64/
Repo URL: https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/trusted-artifacts/1136623181/publish_x86_64_debug/5921037336/artifacts/repo/5.14.0-407.361.3595_1136623127.el9iv.x86_64/

5.14.0-407.361.3595_1136623127.el9iv.x86_64:
Artifacts (RPMs): https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/index.html?prefix=trusted-artifacts/1136623181/publish_x86_64/5921037325/artifacts/repo/5.14.0-407.361.3595_1136623127.el9iv.x86_64/
Repo URL: https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/trusted-artifacts/1136623181/publish_x86_64/5921037325/artifacts/repo/5.14.0-407.361.3595_1136623127.el9iv.x86_64/

----------------------------------------

Downstream Pipeline Name: 64K (c9s_64k_merge_request)
Downstream Pipeline: https://gitlab.com/redhat/red-hat-ci-tools/kernel/cki-internal-pipelines/cki-trusted-contributors/-/pipelines/1136623198

5.14.0-407.3595_1136623127.el9.aarch64:
Artifacts (RPMs): https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/index.html?prefix=trusted-artifacts/1136623198/publish_aarch64/5921037432/artifacts/repo/5.14.0-407.3595_1136623127.el9.aarch64/
Repo URL: https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/trusted-artifacts/1136623198/publish_aarch64/5921037432/artifacts/repo/5.14.0-407.3595_1136623127.el9.aarch64/

----------------------------------------

Updated 2024-01-12 19:45 UTC by buglinker:
- KWF FAQ: https://red.ht/kernel_workflow_doc
- Slack #team-kernel-workflow: https://redhat-internal.slack.com/archives/C04LRUPMJQ5
- Source: https://gitlab.com/cki-project/kernel-workflow/-/blob/main/webhook/buglinker.py
- Documentation: https://gitlab.com/cki-project/kernel-workflow/-/blob/main/docs/README.buglinker.md
- Report an issue: https://gitlab.com/cki-project/kernel-workflow/-/issues/new?issue%5Btitle%5D=buglinker%20webhook%20issue

Show
The following Merge Request has pipeline job artifacts available: Title: NFS: Use parent's objective cred in nfs_access_login_time() MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/3595 MR Pipeline: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/pipelines/1136623127 The Repo URLs are *not* accessible from a web browser! They only function as a dnf or yum baseurl. Artifacts expire six weeks after creation. If artifacts are needed after that time please rerun the pipeline by visiting the MR's 'Pipelines' tab and clicking the 'Run pipeline' button. ---------------------------------------- Downstream Pipeline Name: RHEL_COMPAT (c9s_rhel9_compat_merge_request) Downstream Pipeline: https://gitlab.com/redhat/red-hat-ci-tools/kernel/cki-internal-pipelines/cki-internal-contributors/-/pipelines/1136623209 Repo URL: https://s3.upshift.redhat.com/DH-PROD-CKI/internal/1136623209/$basearch/5.14.0-407.3595_1136623127.el9.$basearch Debug Repo URL: https://s3.upshift.redhat.com/DH-PROD-CKI/internal/1136623209/$basearch-debug/5.14.0-407.3595_1136623127.el9.$basearch 5.14.0-407.3595_1136623127.el9.s390x: Artifacts (RPMs): https://s3.upshift.redhat.com/DH-PROD-CKI/index.html?prefix=internal-artifacts/1136623209/publish_s390x/5921037609/artifacts/repo/5.14.0-407.3595_1136623127.el9.s390x/ 5.14.0-407.3595_1136623127.el9.aarch64: Artifacts (RPMs): https://s3.upshift.redhat.com/DH-PROD-CKI/index.html?prefix=internal-artifacts/1136623209/publish_aarch64/5921037603/artifacts/repo/5.14.0-407.3595_1136623127.el9.aarch64/ 5.14.0-407.3595_1136623127.el9.ppc64le: Artifacts (RPMs): https://s3.upshift.redhat.com/DH-PROD-CKI/index.html?prefix=internal-artifacts/1136623209/publish_ppc64le/5921037601/artifacts/repo/5.14.0-407.3595_1136623127.el9.ppc64le/ 5.14.0-407.3595_1136623127.el9.x86_64-debug: Artifacts (RPMs): https://s3.upshift.redhat.com/DH-PROD-CKI/index.html?prefix=internal-artifacts/1136623209/publish_x86_64_debug/5921037598/artifacts/repo/5.14.0-407.3595_1136623127.el9.x86_64/ 5.14.0-407.3595_1136623127.el9.x86_64: Artifacts (RPMs): https://s3.upshift.redhat.com/DH-PROD-CKI/index.html?prefix=internal-artifacts/1136623209/publish_x86_64/5921037596/artifacts/repo/5.14.0-407.3595_1136623127.el9.x86_64/ ---------------------------------------- Downstream Pipeline Name: REALTIME (c9s_rt_merge_request) Downstream Pipeline: https://gitlab.com/redhat/red-hat-ci-tools/kernel/cki-internal-pipelines/cki-trusted-contributors/-/pipelines/1136623185 5.14.0-407.3595_1136623127.el9.x86_64-debug: Artifacts (RPMs): https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/index.html?prefix=trusted-artifacts/1136623185/publish_x86_64_debug/5921037337/artifacts/repo/5.14.0-407.3595_1136623127.el9.x86_64/ Repo URL: https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/trusted-artifacts/1136623185/publish_x86_64_debug/5921037337/artifacts/repo/5.14.0-407.3595_1136623127.el9.x86_64/ 5.14.0-407.3595_1136623127.el9.x86_64: Artifacts (RPMs): https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/index.html?prefix=trusted-artifacts/1136623185/publish_x86_64/5921037334/artifacts/repo/5.14.0-407.3595_1136623127.el9.x86_64/ Repo URL: https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/trusted-artifacts/1136623185/publish_x86_64/5921037334/artifacts/repo/5.14.0-407.3595_1136623127.el9.x86_64/ ---------------------------------------- Downstream Pipeline Name: AUTOMOTIVE (c9s_automotive_check_merge_request) Downstream Pipeline: https://gitlab.com/redhat/red-hat-ci-tools/kernel/cki-internal-pipelines/cki-trusted-contributors/-/pipelines/1136623181 5.14.0-407.361.3595_1136623127.el9iv.aarch64-debug: Artifacts (RPMs): https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/index.html?prefix=trusted-artifacts/1136623181/publish_aarch64_debug/5921037341/artifacts/repo/5.14.0-407.361.3595_1136623127.el9iv.aarch64/ Repo URL: https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/trusted-artifacts/1136623181/publish_aarch64_debug/5921037341/artifacts/repo/5.14.0-407.361.3595_1136623127.el9iv.aarch64/ 5.14.0-407.361.3595_1136623127.el9iv.aarch64: Artifacts (RPMs): https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/index.html?prefix=trusted-artifacts/1136623181/publish_aarch64/5921037339/artifacts/repo/5.14.0-407.361.3595_1136623127.el9iv.aarch64/ Repo URL: https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/trusted-artifacts/1136623181/publish_aarch64/5921037339/artifacts/repo/5.14.0-407.361.3595_1136623127.el9iv.aarch64/ 5.14.0-407.361.3595_1136623127.el9iv.x86_64-debug: Artifacts (RPMs): https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/index.html?prefix=trusted-artifacts/1136623181/publish_x86_64_debug/5921037336/artifacts/repo/5.14.0-407.361.3595_1136623127.el9iv.x86_64/ Repo URL: https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/trusted-artifacts/1136623181/publish_x86_64_debug/5921037336/artifacts/repo/5.14.0-407.361.3595_1136623127.el9iv.x86_64/ 5.14.0-407.361.3595_1136623127.el9iv.x86_64: Artifacts (RPMs): https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/index.html?prefix=trusted-artifacts/1136623181/publish_x86_64/5921037325/artifacts/repo/5.14.0-407.361.3595_1136623127.el9iv.x86_64/ Repo URL: https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/trusted-artifacts/1136623181/publish_x86_64/5921037325/artifacts/repo/5.14.0-407.361.3595_1136623127.el9iv.x86_64/ ---------------------------------------- Downstream Pipeline Name: 64K (c9s_64k_merge_request) Downstream Pipeline: https://gitlab.com/redhat/red-hat-ci-tools/kernel/cki-internal-pipelines/cki-trusted-contributors/-/pipelines/1136623198 5.14.0-407.3595_1136623127.el9.aarch64: Artifacts (RPMs): https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/index.html?prefix=trusted-artifacts/1136623198/publish_aarch64/5921037432/artifacts/repo/5.14.0-407.3595_1136623127.el9.aarch64/ Repo URL: https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/trusted-artifacts/1136623198/publish_aarch64/5921037432/artifacts/repo/5.14.0-407.3595_1136623127.el9.aarch64/ ---------------------------------------- Updated 2024-01-12 19:45 UTC by buglinker: - KWF FAQ: https://red.ht/kernel_workflow_doc - Slack #team-kernel-workflow: https://redhat-internal.slack.com/archives/C04LRUPMJQ5 - Source: https://gitlab.com/cki-project/kernel-workflow/-/blob/main/webhook/buglinker.py - Documentation: https://gitlab.com/cki-project/kernel-workflow/-/blob/main/docs/README.buglinker.md - Report an issue: https://gitlab.com/cki-project/kernel-workflow/-/issues/new?issue%5Btitle%5D=buglinker%20webhook%20issue
Test Coverage:

SanityOnly

Experience:

PX Impact Score:
PX Impact Range:
PX Priority Data:
PX Review Complete:
SFDC Cases Counter:
SFDC Cases Links:

What were you trying to do that didn't work?

System crashed with an invalid address for a cred->group_info in cred_fscmp:

[363434.546053] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b6f: 0000 [#1] PREEMPT SMP PTI
[363434.547463] CPU: 39 PID: 564685 Comm: ifind Kdump: loaded Not tainted 5.14.0-378.el9.x86_64 #1
[363434.548736] Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 07/18/2022
[363434.550031] RIP: 0010:cred_fscmp+0x53/0xa0

PID: 564685   TASK: ffff8a3016c2d8c0  CPU: 39   COMMAND: "ifind"
    [exception RIP: cred_fscmp+0x53]
 #6 [ffffa8548626bae0] nfs_access_get_cached at ffffffffc172f198 [nfs]
 #7 [ffffa8548626bb30] nfs_do_access at ffffffffc172fedf [nfs]
 #8 [ffffa8548626bbc8] nfs_permission at ffffffffc17301f3 [nfs]
 #9 [ffffa8548626bbf0] inode_permission at ffffffffa3e32410
#10 [ffffa8548626bc20] link_path_walk at ffffffffa3e37426
#11 [ffffa8548626bc80] path_lookupat at ffffffffa3e37b0e
#12 [ffffa8548626bcb8] filename_lookup at ffffffffa3e38f2f
#13 [ffffa8548626bdd8] vfs_statx at ffffffffa3e2ad9d
#14 [ffffa8548626be30] vfs_fstatat at ffffffffa3e2b1b4
#15 [ffffa8548626be58] __do_sys_newlstat at ffffffffa3e2b523

the crashing instruction:

0xffffffffa3b3b4e3 <cred_fscmp+0x53>:   movslq 0x4(%rdx),%rsi
    RDX: 6b6b6b6b6b6b6b6b  RSI: ffff8ab810ba19c0  RDI: ffff8a25a2c5b940

more analysis below

Please provide the package NVR for which bug is seen:

internal kernel-5.14.0-378.el9.x86_64

How reproducible:

unknown, crash experienced once thus far

Steps to reproduce

unknown

Expected results

no crash

Actual results

the crashing instruction:

 0xffffffffa3b3b4e3 <cred_fscmp+0x53>:   movslq 0x4(%rdx),%rsi
    RDX: 6b6b6b6b6b6b6b6b  RSI: ffff8ab810ba19c0  RDI: ffff8a25a2c5b940

where %rdx contains a struct group_info, and came from %rdi+0x98 (cred->group_info) slightly earlier:

0xffffffffa3b3b4c6 <cred_fscmp+0x36>:   mov    0x98(%rdi),%rdx
0xffffffffa3b3b4cd <cred_fscmp+0x3d>:   mov    0x98(%rsi),%rcx
0xffffffffa3b3b4d4 <cred_fscmp+0x44>:   cmp    %rcx,%rdx
0xffffffffa3b3b4d7 <cred_fscmp+0x47>:   je     0xffffffffa3b3b529 <cred_fscmp+0x99>
0xffffffffa3b3b4d9 <cred_fscmp+0x49>:   test   %rdx,%rdx
0xffffffffa3b3b4dc <cred_fscmp+0x4c>:   je     0xffffffffa3b3b515 <cred_fscmp+0x85>
0xffffffffa3b3b4de <cred_fscmp+0x4e>:   test   %rcx,%rcx
0xffffffffa3b3b4e1 <cred_fscmp+0x51>:   je     0xffffffffa3b3b524 <cred_fscmp+0x94>
0xffffffffa3b3b4e3 <cred_fscmp+0x53>:   movslq 0x4(%rdx),%rsi

however %rdi+0x98 contains a different (and expected) value:

crash> cred.group_info ffff8a25a2c5b940
  group_info = 0xffffffffa565ed90 <init_groups>,

so %rdx should not have the bogus value

626 int cred_fscmp(const struct cred *a, const struct cred *b)
627 {
628         struct group_info *ga, *gb;
629         int g;
630 
631         if (a == b)
632                 return 0;
633         if (uid_lt(a->fsuid, b->fsuid))
634                 return -1;
635         if (uid_gt(a->fsuid, b->fsuid))
636                 return 1;
637 
638         if (gid_lt(a->fsgid, b->fsgid))
639                 return -1;
640         if (gid_gt(a->fsgid, b->fsgid))
641                 return 1;
642 
643         ga = a->group_info;
644         gb = b->group_info;
645         if (ga == gb)
646                 return 0;
647         if (ga == NULL)
648                 return -1;
649         if (gb == NULL)
650                 return 1;
651         if (ga->ngroups < gb->ngroups) <<<<

called from the following:

 3054 int nfs_access_get_cached(struct inode *inode, const struct cred *cred,
3055                           u32 *mask, bool may_block)
3056 {
3057         int status;
3058 
3059         status = nfs_access_get_cached_rcu(inode, cred, mask);
  3022 static int nfs_access_get_cached_rcu(struct inode *inode, const struct cred *cred, u32 *mask)
  3023 {
  3024         /* Only check the most recently returned cache entry,
  3025          * but do it without locking.
  3026          */
  3027         struct nfs_inode *nfsi = NFS_I(inode);
  3028         u64 login_time = nfs_access_login_time(current, cred);
    2956 static u64 nfs_access_login_time(const struct task_struct *task,
    2957                                  const struct cred *cred)
    2958 {
    2959         const struct task_struct *parent;
    2960         const struct cred *pcred;
    2961         u64 ret;
    2962 
    2963         rcu_read_lock();
    2964         for (;;) {
    2965                 parent = rcu_dereference(task->real_parent);
    2966                 pcred = rcu_dereference(parent->cred);
    2967                 if (parent == task || cred_fscmp(pcred, cred) != 0)

links to

Merge Request: NFS: Use parent's objective cred in nfs_access_login_time()

RHEL 9: panic at cred_fscmp+0x53

RHSA-2023:120102 kernel bug fix and enhancement update

mentioned on

Commit - kernel-5.14.0-410.el9

Merge request - kernel-5.14.0-410.el9

Assignee:: Scott Mayhew

Reporter:: Frank Sorenson

Developer:: Scott Mayhew

QA Contact:: Zhi Li

Votes:: 0 Vote for this issue

Watchers:: 11 Start watching this issue

Created:: 2023/11/08 7:24 PM

Updated:: 2024/05/03 6:22 AM

Resolved:: 2024/04/30 10:37 AM

Dev Target end:: 2024/01/22

Target end:: 2024/02/05

Release Date:: 2024/04/30

Details

Description

What were you trying to do that didn't work?

Please provide the package NVR for which bug is seen:

How reproducible:

Steps to reproduce

Expected results

Actual results

Attachments

Issue Links

Activity

People

Dates