RHEL 9 [NFS v4] Crash in file_has_perm() when dereferencing a NULL file->f_security

Solution Verified - Updated -

Issue

System crashes with the console messages and kernel stack trace:

[ 7886.767600] Leaked POSIX lock on dev=0xfd:0x9 ino=0x33364eeb93  fl_owner=000000006de0bef7 fl_flags=0x1001 fl_type=0x1 fl_pid=8168
[ 7886.775029] Leaked POSIX lock on dev=0xfd:0x5 ino=0x45077a84e8  fl_owner=00000000ae1b5970 fl_flags=0x1001 fl_type=0x1 fl_pid=8134
[ 7886.779697] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 7886.779733] #PF: supervisor read access in kernel mode
[ 7886.780079] Leaked POSIX lock on dev=0xfd:0x9 ino=0x1c0c7cba46  fl_owner=00000000cd073bee fl_flags=0x1 fl_type=0x1 fl_pid=8198
[ 7886.780621] #PF: error_code(0x0000) - not-present page
[ 7886.784231] PGD 0 P4D 0 
[ 7886.785181] Oops: 0000 [#1] PREEMPT SMP NOPTI
[ 7886.786061] CPU: 34 PID: 8199 Comm: nfsd Kdump: loaded Not tainted 5.14.0-229.jlayton.nfsd92.2.el9.x86_64 #1
[ 7886.786949] Hardware name: Supermicro Super Server/H11SSL-NC, BIOS 1.0b 04/27/2018
[ 7886.787882] RIP: 0010:file_has_perm+0x52/0xd0
[ 7886.788750] Code: 25 28 00 00 00 48 89 44 24 20 31 c0 48 03 96 c0 00 00 00 48 63 05 8e d9 03 01 c6 04 24 0c 48 03 47 78 8b 70 04 4c 89 74 24 08 <8b> 12 39 f2 74 29 49 89 e1 41 b8 01 00 00 00 b9 09 00 00 00 48 c7
[ 7886.790440] RSP: 0018:ffff9edfd49f7bf0 EFLAGS: 00010282
[ 7886.790443] RAX: ffff8bba98d9de20 RBX: ffffffffb8ee5a28 RCX: 0000000000000617
[ 7886.790446] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8bb952237080
[ 7886.793505] RBP: ffff8bb952237080 R08: 0000000000000000 R09: ffff8bbf86388af8
[ 7886.794345] R10: ffff8bbc0f7a8700 R11: ffff8bba98d9de20 R12: 0000000000000040
[ 7886.795180] R13: ffff8bbb41d32900 R14: ffff8bb975b7bd00 R15: 0000000000000000
[ 7886.796016] FS:  0000000000000000(0000) GS:ffff8bbd0f880000(0000) knlGS:0000000000000000
[ 7886.796852] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 7886.797662] CR2: 0000000000000000 CR3: 000000047d0a8000 CR4: 00000000003506e0
[ 7886.798472] Call Trace:
[ 7886.799267]  <TASK>
[ 7886.800050]  security_file_lock+0x28/0x40
[ 7886.800835]  generic_setlease+0x6b/0x2f0
[ 7886.801613]  nfs4_set_delegation+0x30b/0x710 [nfsd]
[ 7886.802412]  ? nfs4_get_vfs_file+0x1ba/0x360 [nfsd]
[ 7886.803209]  nfs4_open_delegation+0xca/0x1e0 [nfsd]
[ 7886.803993]  nfsd4_process_open2+0x53b/0x9f0 [nfsd]
[ 7886.804485] Leaked POSIX lock on dev=0xfd:0x9 ino=0xe6003d9a4a  fl_owner=00000000a40c3abd fl_flags=0x1001 fl_type=0x1 fl_pid=8156
[ 7886.804775]  ? fh_verify+0x1ea/0x260 [nfsd]
[ 7886.807915]  nfsd4_open+0x3ce/0x4b0 [nfsd]
[ 7886.808876]  nfsd4_proc_compound+0x44b/0x6f0 [nfsd]
[ 7886.809757]  nfsd_dispatch+0x15e/0x290 [nfsd]
[ 7886.810576]  svc_process_common+0x3bc/0x5e0 [sunrpc]
[ 7886.811378]  ? nfsd_svc+0x190/0x190 [nfsd]
[ 7886.812133]  ? nfsd_shutdown_threads+0xa0/0xa0 [nfsd]
[ 7886.812883]  svc_process+0xb7/0xf0 [sunrpc]
[ 7886.813634]  nfsd+0xd5/0x190 [nfsd]
[ 7886.814361]  kthread+0xd9/0x100
[ 7886.815059]  ? kthread_complete_and_exit+0x20/0x20
[ 7886.815761]  ret_from_fork+0x22/0x30
[ 7886.816462]  </TASK>

Environment

  • Red Hat Enterprise Linux 9
  • kernel preceding kernel-5.14.0-253.el9
  • NFS v4 mounted file systems with delegations enabled (where the server delegates a file management to the client)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content