system panic in 'svc_process_common()' due to a use after free issue
Issue
NFS Client, with 4.1 (or higher) nfsvers share, crash with the following stack:
PID: 18933 TASK: ffff8b7845b4c650 CPU: 23 COMMAND: "nfsv4.1-svc"
#0 [ffff8b751c3fbb28] machine_kexec at ffffffff9d463674
#1 [ffff8b751c3fbb88] __crash_kexec at ffffffff9d51cef2
#2 [ffff8b751c3fbc58] crash_kexec at ffffffff9d51cfe0
#3 [ffff8b751c3fbc70] oops_end at ffffffff9db6c758
#4 [ffff8b751c3fbc98] die at ffffffff9d42f95b
#5 [ffff8b751c3fbcc8] do_general_protection at ffffffff9db6c052
#6 [ffff8b751c3fbd00] general_protection at ffffffff9db6b6f8
[exception RIP: svc_process_common+103]
RIP: ffffffffc0a828b7 RSP: ffff8b751c3fbdb0 RFLAGS: 00010202
RAX: 6b6b6b6b6b6b6b6b RBX: ffff8b752daaa338 RCX: 00000000000000cc
RDX: 00000000000000c4 RSI: ffff8b752daaa2f8 RDI: ffff8b752daaa158
RBP: ffff8b751c3fbe08 R8: ffff8b751c3fbe80 R9: ffff88006f222148
R10: 0000000000000004 R11: 0000000000000005 R12: ffff8b752daaa158
R13: ffff8b6c5ceed2e0 R14: ffff8b752daaa2f8 R15: ffff8b752daaa2f8
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
#7 [ffff8b751c3fbe10] bc_svc_process at ffffffffc0a8334d [sunrpc]
#8 [ffff8b751c3fbe50] nfs41_callback_svc at ffffffffc0bee365 [nfsv4]
#9 [ffff8b751c3fbec8] kthread at ffffffff9d4c1c31
Environment
- RHEL 7 NFS client with 4.1 (or higher) (before
kernel-3.10.0-1062.el7) - RHEL 8 NFS client with 4.1 (or higher) (before
kernel-4.18.0-132.el8) - Use of network namespaces (typically used in containers).
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.