From: "bfields@fieldses.org" <bfields@fieldses.org>
To: Trond Myklebust <trondmy@hammerspace.com>
Cc: "chucklever@gmail.com" <chucklever@gmail.com>,
"schumakeranna@gmail.com" <schumakeranna@gmail.com>,
"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>
Subject: Re: NULL dereference in rpcauth_lookup_credcache
Date: Mon, 12 Nov 2018 13:24:54 -0500 [thread overview]
Message-ID: <20181112182454.GE16755@fieldses.org> (raw)
In-Reply-To: <c986450a2d19fa796078ed51b9d0fb8a79eda696.camel@hammerspace.com>
On Mon, Nov 12, 2018 at 05:59:33PM +0000, Trond Myklebust wrote:
> On Sat, 2018-11-10 at 16:49 -0500, Bruce Fields wrote:
> > Looks like it's the fault of
> >
> > 07d02a67b7faae "SUNRPC: Simplify lookup code"
>
> I'm having trouble reproducing this bug. I've tried both cthon and
> xfstests in a loop, so far without success (both NFSv3 and v4.1, but
> only sec=sys). Is there anything else you're doing that I might try?
>
> e.g. Are you running multiple workloads in parallel? Different users?..
Nothing that interesting. Currently it's connectathon over v4, v3,
v4/krb5, v3/krb5, v4/krb5i, v4/krb5p, v4.1, v4.1/krb5, but just serially
one after the other. Then some pynfs tests (which bypass the client),
then xfstests over v4.2/sys. And also a few one-off locking tests of my
own that probably aren't a factor here.
(Hah, I just realized I was mounting with vers=4 and assuming that meant
4.0, but actually it's changed over time depending on the defaults, so
currently those "v4" runs are actually all 4.2. Gah.)
--b.
>
> >
> > --b.
> >
> > On Fri, Nov 09, 2018 at 01:01:30PM -0500, Chuck Lever wrote:
> > >
> > > > On Nov 8, 2018, at 4:44 PM, J. Bruce Fields <bfields@fieldses.org
> > > > > wrote:
> > > >
> > > > Since -rc1 my regression tests crash my client. Is this a known
> > > > problem? I'll investigate some more, I haven't even looked at
> > > > the code
> > > > yet or checked which test exactly is hitting this.
> > > >
> > > > --b.
> > > >
> > > > [ 164.109570] BUG: unable to handle kernel NULL pointer
> > > > dereference at 0000000000000008
> > > > [ 164.111207] PGD 0 P4D 0
> > > > [ 164.111528] Oops: 0000 [#1] PREEMPT SMP PTI
> > > > [ 164.112303] CPU: 2 PID: 2947 Comm: kworker/u8:5 Not tainted
> > > > 4.20.0-rc1-13223-gafb6d1c474ef #1898
> > > > [ 164.113487] Hardware name: QEMU Standard PC (i440FX + PIIX,
> > > > 1996), BIOS ?-20180531_142017-buildhw-08.phx2.fedoraproject.org-
> > > > 1.fc28 04/01/2014
> > > > [ 164.115301] Workqueue: rpciod rpc_async_schedule [sunrpc]
> > > > [ 164.115920] RIP: 0010:rpcauth_lookup_credcache+0x3d/0x450
> > > > [sunrpc]
> > > > [ 164.116700] Code: 89 f5 41 54 41 89 d4 53 48 83 ec 38 89 4d b0
> > > > 4c 8b 7f 20 65 48 8b 04 25 28 00 00 00 48 89 45 d0 31 c0 48 8d 45
> > > > c0 48 89 45 c8 <41> 8b 77 08 48 89 45 c0 48 8b 47 10 4c 89 ef 48
> > > > 8b 40 28 e8 cb d2
> > > > [ 164.119299] RSP: 0018:ffffc90001ee3cf0 EFLAGS: 00010246
> > > > [ 164.119872] RAX: ffffc90001ee3d10 RBX: ffff88007cc18180 RCX:
> > > > 0000000000600040
> > > > [ 164.120800] RDX: 0000000000000001 RSI: ffffc90001ee3d60 RDI:
> > > > ffff88007cafb198
> > > > [ 164.121643] RBP: ffffc90001ee3d50 R08: 0000000000000000 R09:
> > > > 0000000000000000
> > > > [ 164.122464] R10: 0000000000000000 R11: 0000000000000000 R12:
> > > > 0000000000000001
> > > > [ 164.123373] R13: ffffc90001ee3d60 R14: ffff88007cafb198 R15:
> > > > 0000000000000000
> > > > [ 164.124296] FS: 0000000000000000(0000)
> > > > GS:ffff88007fd00000(0000) knlGS:0000000000000000
> > > > [ 164.125322] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > > > [ 164.126006] CR2: 0000000000000008 CR3: 000000007829c003 CR4:
> > > > 00000000001606e0
> > > > [ 164.126860] Call Trace:
> > > > [ 164.127045] ? call_retry_reserve+0x30/0x30 [sunrpc]
> > > > [ 164.127622] rpcauth_lookupcred+0xa0/0xc0 [sunrpc]
> > > > [ 164.128200] rpcauth_refreshcred+0x15f/0x170 [sunrpc]
> > > > [ 164.128807] __rpc_execute+0xa9/0x460 [sunrpc]
> > > > [ 164.129281] process_one_work+0x227/0x630
> > > > [ 164.129684] worker_thread+0x3c/0x390
> > > > [ 164.130062] ? process_one_work+0x630/0x630
> > > > [ 164.130609] kthread+0x11d/0x140
> > > > [ 164.130936] ? kthread_park+0x80/0x80
> > > > [ 164.131339] ret_from_fork+0x3a/0x50
> > > > [ 164.131676] Modules linked in: rpcsec_gss_krb5 nfsv4 nfs lockd
> > > > grace auth_rpcgss sunrpc
> > > > [ 164.132719] CR2: 0000000000000008
> > > > [ 164.133050] ---[ end trace b4028a6781a696ad ]---
> > > >
> > >
> > > I just encountered this repeatedly with cthon04 general tests.
> > >
> > > MNTOPTIONS="rw,proto=tcp,vers=4.1,sec=sys"
> > >
> > >
> > > --
> > > Chuck Lever
> > > chucklever@gmail.com
> > >
> > >
> --
> Trond Myklebust
> CTO, Hammerspace Inc
> 4300 El Camino Real, Suite 105
> Los Altos, CA 94022
> www.hammer.space
>
>
next prev parent reply other threads:[~2018-11-12 18:24 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-08 21:44 NULL dereference in rpcauth_lookup_credcache J. Bruce Fields
2018-11-09 18:01 ` Chuck Lever
2018-11-10 21:49 ` Bruce Fields
2018-11-12 17:59 ` Trond Myklebust
2018-11-12 18:16 ` Chuck Lever
2018-11-12 18:18 ` Trond Myklebust
2018-11-12 18:24 ` bfields [this message]
2018-11-12 21:17 ` Trond Myklebust
2018-11-12 23:01 ` bfields
2018-11-12 23:57 ` Trond Myklebust
2018-11-13 0:00 ` Chuck Lever
2018-11-13 0:08 ` Trond Myklebust
2018-11-13 0:17 ` Chuck Lever
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181112182454.GE16755@fieldses.org \
--to=bfields@fieldses.org \
--cc=chucklever@gmail.com \
--cc=linux-nfs@vger.kernel.org \
--cc=schumakeranna@gmail.com \
--cc=trondmy@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).