Loading...

Type: Bug
Resolution: Done-Errata
Priority: Normal
Fix Version/s: rhel-8.10.z
Affects Version/s: rhel-8.9.0.z
Component/s: kernel / File Systems / NFS
Labels:

Fixed in Build:
kernel-4.18.0-553.20.1.el8_10
Regression:
None
Severity:
Moderate
Epic Link:
RHELPLAN-170040
Keywords:

TestCaseProvided

Pool Team:

rhel-sst-filesystems
Sub-System Group:

ssg_filesystems_storage_and_HA

Story Points:
2
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Products:

Red Hat Enterprise Linux
Sprint:
None

Preliminary Testing:
Pass
Test Link:
https://polarion.engineering.redhat.com/polarion/#/project/RHELKERNEL/workitem?id=KERNEL-294711
Testable Builds:

Hide
The following Merge Request has pipeline job artifacts available:

Title: nfsd: fix crash on LOCKT on reexported NFSv3
MR: https://gitlab.com/redhat/rhel/src/kernel/rhel-8/-/merge_requests/7700
MR Pipeline: https://gitlab.com/redhat/rhel/src/kernel/rhel-8/-/pipelines/1420402674

The Repo URLs are *not* accessible from a web browser! They only function as a dnf or yum baseurl.

Artifacts expire six weeks after creation. If artifacts are needed after that time please rerun the pipeline by visiting the MR's 'Pipelines' tab and clicking the 'Run pipeline' button.

----------------------------------------

Downstream Pipeline Name: RHEL (rhel8_merge_request)
DataWarehouse Checkout: https://datawarehouse.cki-project.org/kcidb/checkouts/redhat:1420402830

4.18.0-553.18.1.el8_10.7700_1420402674.s390x-debug:
Artifacts (RPMs): https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/index.html?prefix=internal-artifacts/1420402830/publish_s390x_debug/7624912776/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.s390x/
Repo URL: https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/internal-artifacts/1420402830/publish_s390x_debug/7624912776/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.s390x/

4.18.0-553.18.1.el8_10.7700_1420402674.s390x:
Artifacts (RPMs): https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/index.html?prefix=internal-artifacts/1420402830/publish_s390x/7624912773/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.s390x/
Repo URL: https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/internal-artifacts/1420402830/publish_s390x/7624912773/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.s390x/

4.18.0-553.18.1.el8_10.7700_1420402674.aarch64-debug:
Artifacts (RPMs): https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/index.html?prefix=internal-artifacts/1420402830/publish_aarch64_debug/7624912765/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.aarch64/
Repo URL: https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/internal-artifacts/1420402830/publish_aarch64_debug/7624912765/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.aarch64/

4.18.0-553.18.1.el8_10.7700_1420402674.aarch64:
Artifacts (RPMs): https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/index.html?prefix=internal-artifacts/1420402830/publish_aarch64/7624912761/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.aarch64/
Repo URL: https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/internal-artifacts/1420402830/publish_aarch64/7624912761/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.aarch64/

4.18.0-553.18.1.el8_10.7700_1420402674.ppc64le-debug:
Artifacts (RPMs): https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/index.html?prefix=internal-artifacts/1420402830/publish_ppc64le_debug/7624912757/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.ppc64le/
Repo URL: https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/internal-artifacts/1420402830/publish_ppc64le_debug/7624912757/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.ppc64le/

4.18.0-553.18.1.el8_10.7700_1420402674.ppc64le:
Artifacts (RPMs): https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/index.html?prefix=internal-artifacts/1420402830/publish_ppc64le/7624912753/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.ppc64le/
Repo URL: https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/internal-artifacts/1420402830/publish_ppc64le/7624912753/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.ppc64le/

4.18.0-553.18.1.el8_10.7700_1420402674.x86_64-debug:
Artifacts (RPMs): https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/index.html?prefix=internal-artifacts/1420402830/publish_x86_64_debug/7624912750/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.x86_64/
Repo URL: https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/internal-artifacts/1420402830/publish_x86_64_debug/7624912750/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.x86_64/

4.18.0-553.18.1.el8_10.7700_1420402674.x86_64:
Artifacts (RPMs): https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/index.html?prefix=internal-artifacts/1420402830/publish_x86_64/7625258123/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.x86_64/
Repo URL: https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/internal-artifacts/1420402830/publish_x86_64/7625258123/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.x86_64/

----------------------------------------

Downstream Pipeline Name: REALTIME (rhel8_realtime_check_merge_request)
DataWarehouse Checkout: https://datawarehouse.cki-project.org/kcidb/checkouts/redhat:1420402867

4.18.0-553.18.1.rt7.359.el8_10.7700_1420402674.x86_64-debug:
Artifacts (RPMs): https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/index.html?prefix=internal-artifacts/1420402867/publish_x86_64_debug/7624913148/artifacts/repo/4.18.0-553.18.1.rt7.359.el8_10.7700_1420402674.x86_64/
Repo URL: https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/internal-artifacts/1420402867/publish_x86_64_debug/7624913148/artifacts/repo/4.18.0-553.18.1.rt7.359.el8_10.7700_1420402674.x86_64/

4.18.0-553.18.1.rt7.359.el8_10.7700_1420402674.x86_64:
Artifacts (RPMs): https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/index.html?prefix=internal-artifacts/1420402867/publish_x86_64/7624913143/artifacts/repo/4.18.0-553.18.1.rt7.359.el8_10.7700_1420402674.x86_64/
Repo URL: https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/internal-artifacts/1420402867/publish_x86_64/7624913143/artifacts/repo/4.18.0-553.18.1.rt7.359.el8_10.7700_1420402674.x86_64/

----------------------------------------

Updated 2024-08-20 20:06 UTC by buglinker:
- KWF FAQ: https://red.ht/kernel_workflow_doc
- Slack #team-kernel-workflow: https://redhat-internal.slack.com/archives/C04LRUPMJQ5
- Source: https://gitlab.com/cki-project/kernel-workflow/-/blob/main/webhook/buglinker.py
- Documentation: https://gitlab.com/cki-project/kernel-workflow/-/blob/main/docs/README.buglinker.md
- Report an issue: https://gitlab.com/cki-project/kernel-workflow/-/issues/new?issue%5Btitle%5D=buglinker%20webhook%20issue

Show
The following Merge Request has pipeline job artifacts available: Title: nfsd: fix crash on LOCKT on reexported NFSv3 MR: https://gitlab.com/redhat/rhel/src/kernel/rhel-8/-/merge_requests/7700 MR Pipeline: https://gitlab.com/redhat/rhel/src/kernel/rhel-8/-/pipelines/1420402674 The Repo URLs are *not* accessible from a web browser! They only function as a dnf or yum baseurl. Artifacts expire six weeks after creation. If artifacts are needed after that time please rerun the pipeline by visiting the MR's 'Pipelines' tab and clicking the 'Run pipeline' button. ---------------------------------------- Downstream Pipeline Name: RHEL (rhel8_merge_request) DataWarehouse Checkout: https://datawarehouse.cki-project.org/kcidb/checkouts/redhat:1420402830 4.18.0-553.18.1.el8_10.7700_1420402674.s390x-debug: Artifacts (RPMs): https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/index.html?prefix=internal-artifacts/1420402830/publish_s390x_debug/7624912776/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.s390x/ Repo URL: https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/internal-artifacts/1420402830/publish_s390x_debug/7624912776/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.s390x/ 4.18.0-553.18.1.el8_10.7700_1420402674.s390x: Artifacts (RPMs): https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/index.html?prefix=internal-artifacts/1420402830/publish_s390x/7624912773/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.s390x/ Repo URL: https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/internal-artifacts/1420402830/publish_s390x/7624912773/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.s390x/ 4.18.0-553.18.1.el8_10.7700_1420402674.aarch64-debug: Artifacts (RPMs): https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/index.html?prefix=internal-artifacts/1420402830/publish_aarch64_debug/7624912765/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.aarch64/ Repo URL: https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/internal-artifacts/1420402830/publish_aarch64_debug/7624912765/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.aarch64/ 4.18.0-553.18.1.el8_10.7700_1420402674.aarch64: Artifacts (RPMs): https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/index.html?prefix=internal-artifacts/1420402830/publish_aarch64/7624912761/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.aarch64/ Repo URL: https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/internal-artifacts/1420402830/publish_aarch64/7624912761/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.aarch64/ 4.18.0-553.18.1.el8_10.7700_1420402674.ppc64le-debug: Artifacts (RPMs): https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/index.html?prefix=internal-artifacts/1420402830/publish_ppc64le_debug/7624912757/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.ppc64le/ Repo URL: https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/internal-artifacts/1420402830/publish_ppc64le_debug/7624912757/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.ppc64le/ 4.18.0-553.18.1.el8_10.7700_1420402674.ppc64le: Artifacts (RPMs): https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/index.html?prefix=internal-artifacts/1420402830/publish_ppc64le/7624912753/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.ppc64le/ Repo URL: https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/internal-artifacts/1420402830/publish_ppc64le/7624912753/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.ppc64le/ 4.18.0-553.18.1.el8_10.7700_1420402674.x86_64-debug: Artifacts (RPMs): https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/index.html?prefix=internal-artifacts/1420402830/publish_x86_64_debug/7624912750/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.x86_64/ Repo URL: https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/internal-artifacts/1420402830/publish_x86_64_debug/7624912750/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.x86_64/ 4.18.0-553.18.1.el8_10.7700_1420402674.x86_64: Artifacts (RPMs): https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/index.html?prefix=internal-artifacts/1420402830/publish_x86_64/7625258123/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.x86_64/ Repo URL: https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/internal-artifacts/1420402830/publish_x86_64/7625258123/artifacts/repo/4.18.0-553.18.1.el8_10.7700_1420402674.x86_64/ ---------------------------------------- Downstream Pipeline Name: REALTIME (rhel8_realtime_check_merge_request) DataWarehouse Checkout: https://datawarehouse.cki-project.org/kcidb/checkouts/redhat:1420402867 4.18.0-553.18.1.rt7.359.el8_10.7700_1420402674.x86_64-debug: Artifacts (RPMs): https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/index.html?prefix=internal-artifacts/1420402867/publish_x86_64_debug/7624913148/artifacts/repo/4.18.0-553.18.1.rt7.359.el8_10.7700_1420402674.x86_64/ Repo URL: https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/internal-artifacts/1420402867/publish_x86_64_debug/7624913148/artifacts/repo/4.18.0-553.18.1.rt7.359.el8_10.7700_1420402674.x86_64/ 4.18.0-553.18.1.rt7.359.el8_10.7700_1420402674.x86_64: Artifacts (RPMs): https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/index.html?prefix=internal-artifacts/1420402867/publish_x86_64/7624913143/artifacts/repo/4.18.0-553.18.1.rt7.359.el8_10.7700_1420402674.x86_64/ Repo URL: https://artifacts.internal.cki-project.org/arr-cki-prod-internal-artifacts/internal-artifacts/1420402867/publish_x86_64/7624913143/artifacts/repo/4.18.0-553.18.1.rt7.359.el8_10.7700_1420402674.x86_64/ ---------------------------------------- Updated 2024-08-20 20:06 UTC by buglinker: - KWF FAQ: https://red.ht/kernel_workflow_doc - Slack #team-kernel-workflow: https://redhat-internal.slack.com/archives/C04LRUPMJQ5 - Source: https://gitlab.com/cki-project/kernel-workflow/-/blob/main/webhook/buglinker.py - Documentation: https://gitlab.com/cki-project/kernel-workflow/-/blob/main/docs/README.buglinker.md - Report an issue: https://gitlab.com/cki-project/kernel-workflow/-/issues/new?issue%5Btitle%5D=buglinker%20webhook%20issue
Errata Link:
https://errata.engineering.redhat.com/advisory/137305
Test Coverage:

Automated

Experience:

PX Impact Score:
PX Technical Impact:
PX Impact Range:
PX Priority Data:
PX Review Complete:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

What were you trying to do that didn't work?

While locking and testing locks on a re-exported nfs v3 mount simultaneously from both the client-server and a client which has mounted the re-exported filesystem, nfsd can crash the system in nlmclnt_setlockargs while servicing a LOCKT, due to a null file_lock->fl_file

Please provide the package NVR for which bug is seen:

kernel-4.18.0-513.5.1.el8_9.x86_64

How reproducible:

easy, see reproducer

Steps to reproduce

reproducer requires 3 systems and attached test program

 system 1 (nfs server):
  # mkdir /exports
  # touch /exports/testfile
  /etc/exports:
    /exports *(rw,no_root_squash)
  # exportfs -av

system 2 (nfs client + server):
  # mkdir /exports
  # mount system1:/exports /exports -overs=3
  /etc/exports:
    /exports *(rw,no_root_squash,fsid=50)
  # exportfs -av
  copy test_lock_crash.c to /tmp
  # gcc /tmp/test_lock_crash.c -o /tmp/test_lock_crash
  # /tmp/test_lock_crash /exports/testfile

system 3 (nfs client):
  # mkdir /mnt
  # mount system2:/exports /mnt -overs=4
  copy test_lock_crash.c to /tmp
  # gcc /tmp/test_lock_crash.c -o /tmp/test_lock_crash  # /tmp/test_lock_crash /mnt/testfile

Expected results

no crash

Actual results

nfsd process crashes while dereferencing null pointer:

[70489.133762] BUG: unable to handle kernel NULL pointer dereference at 0000000000000020
[70489.133899] PGD 0 P4D 0 
[70489.133935] Oops: 0000 [#1] SMP NOPTI
[70489.133982] CPU: 10 PID: 49117 Comm: nfsd Kdump: loaded Not tainted 4.18.0-513.18.1.el8_9.x86_64 #1
[70489.134077] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020
[70489.134185] RIP: 0010:nlmclnt_setlockargs+0x3a/0xf0 [lockd]

The crash occurs in nlmclnt_setlockargs on the following instruction:

 0xffffffffc07590ba <nlmclnt_setlockargs+0x3a>:  mov    0x20(%rax),%rdx

    RAX: 0000000000000000  RBX: ffff947ae5cc7c00  RCX: ffff947ae5cc7c44

 PID: 49117    TASK: ffff947b17a44000  CPU: 10   COMMAND: "nfsd"
    [exception RIP: nlmclnt_setlockargs+0x3a]
    RIP: ffffffffc07590ba  RSP: ffffa052045efd38  RFLAGS: 00010286
...
 #8 [ffffa052045efd50] nlmclnt_proc at ffffffffc075935a [lockd]
 #9 [ffffa052045efda8] nfsd4_lockt at ffffffffc07a7443 [nfsd]
#10 [ffffa052045efdf8] nfsd4_proc_compound at ffffffffc07936f1 [nfsd]
#11 [ffffa052045efe58] nfsd_dispatch at ffffffffc077ecee [nfsd]
#12 [ffffa052045efe80] svc_process_common at ffffffffc06b4320 [sunrpc]
#13 [ffffa052045efed8] svc_process at ffffffffc06b4637 [sunrpc]
#14 [ffffa052045efef0] nfsd at ffffffffc077e663 [nfsd]
#15 [ffffa052045eff10] kthread at ffffffff8491eb44

crashing instruction is on line 132 of fs/lockd/clntproc.c:

125 static void nlmclnt_setlockargs(struct nlm_rqst *req, struct file_lock *fl)
126 {
127         struct nlm_args *argp = &req->a_args;
128         struct nlm_lock *lock = &argp->lock;
129         char *nodename = req->a_host->h_rpcclnt->cl_nodename;
130 
131         nlmclnt_next_cookie(&argp->cookie);
132         memcpy(&lock->fh, NFS_FH(locks_inode(fl->fl_file)), sizeof(struct nfs_fh));

the file_lock (fl) passed into the function is still in %rbp

     RBP: ffff947a8afa1bd8   R8: 0000000000000000   R9: 0000000000000000

crash> file_lock.fl_file ffff947a8afa1bd8
  fl_file = 0x0,

The 'struct file' was then dereferenced as 'file->f_inode' inside locks_inode()

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

test_lock_crash.c
1 kB
2024/04/03 6:36 PM

is blocked by

RHEL-56652 nfsd: crash while testing a lock on a re-exported nfs v3 mount simultaneously from local system and client [KWF:kernel-rt]

Closed

links to

Merge Request: nfsd: fix crash on LOCKT on reexported NFSv3

nfsd: crash while testing a lock on a re-exported nfs v3 mount simultaneously from local system and client

RHBA-2024:139083 updated el8/flatpak-sdk container image

RHBA-2024:139253 updated rhel8/go-toolset container image

RHBA-2024:139586 updated rhel8/support-tools container image

RHSA-2024:137305 kernel security, bug fix, and enhancement update

(2 links to)

Details

Description

What were you trying to do that didn't work?

Please provide the package NVR for which bug is seen:

How reproducible:

Steps to reproduce

Expected results

Actual results

Attachments

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates