[Bug 2056682] [NEW] NFS writeback corruption - backport needed

[Dan Aloni]

Public bug reported:

Linux kernels 5.18 to 6.7 are affected by an issue that causes lost NFS
writes.

Reported here: https://marc.info/?l=linux-nfs=170861357200809=2

**A fix for it already exists in upstream**:

https://lore.kernel.org/linux-
nfs/170907634991.24797.14120500624611379...@noble.neil.brown.name/

Please make sure Ubuntu-maintained kernel packages receive the fix.
There are many setups using NFS to write files.

** Affects: linux (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2056682

Title:
  NFS writeback corruption - backport needed

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2056682/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 316348] [NEW] NFS kernel client crash in process exit path, utilizing unshare() syscall

[Dan Aloni]

Public bug reported:

Binary package hint: linux-image-2.6.27-9-generic

I used the unshare system call in order to isolate an NFS client mount
to a certain tree of processes. However, when those processes exit, I
noticed that the kernel crashed in the exit path.

This is the version of the kernel:

   [14:19 pts/3,dan-linux ~]# uname -a
   Linux dan-linux 2.6.27-9-generic #1 SMP Thu Nov 20 21:57:00 UTC 2008 i686 
GNU/Linux

I have used this 'unshare' wrapper utility:

#include stdio.h
#define _GNU_SOURCE
#include sched.h
  
int main(int argc, char *argv[])
{
int ret;

ret = unshare(CLONE_NEWNS);
if (ret) {
printf(unshare: failed\n);
return ret;
}

return execvp(argv[1], argv[1]);
}

Here is the dmesg:

[  218.776385] IP: [f8fd] :sunrpc:rpc_new_client+0x1dd/0x320
[  218.776401] *pde =  
[  218.776405] Oops:  [#1] SMP 
[  218.776408] Modules linked in: nfs lockd nfs_acl sunrpc tun af_packet 
binfmt_misc bridge rfcomm stp bnep sco l2cap bluetooth ppdev lp ipv6 
acpi_cpufreq cpufreq_ondemand cpufreq_powersave cpufreq_conservative 
cpufreq_userspace cpufreq_stats freq_table sbs video output bay wmi container 
sbshc pci_slot battery ac snd_hda_intel snd_pcm_oss snd_mixer_oss snd_pcm 
snd_seq_dummy snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq 
snd_timer pcspkr dcdbas serio_raw evdev nvidia(P) psmouse snd_seq_device 
parport_pc i2c_core intel_agp parport agpgart iTCO_wdt iTCO_vendor_support 
button snd soundcore heci snd_page_alloc shpchp pci_hotplug ext3 jbd mbcache 
usbhid hid sd_mod crc_t10dif sg ata_generic ahci ehci_hcd uhci_hcd pata_acpi 
usbcore libata e1000e scsi_mod dock thermal processor fan fbcon tileblit font 
bitblit softcursor fuse
[  218.776483] 
[  218.776486] Pid: 6369, comm: server.sh Tainted: P  (2.6.27-9-generic 
#1)
[  218.776488] EIP: 0060:[f8fd] EFLAGS: 00010287 CPU: 1
[  218.776501] EIP is at rpc_new_client+0x1dd/0x320 [sunrpc]
[  218.776504] EAX:  EBX: f3701000 ECX: f370109c EDX: f3701000
[  218.776506] ESI: f8f28028 EDI: f8f27ba0 EBP: f2df9cb8 ESP: f2df9c84
[  218.776508]  DS: 007b ES: 007b FS: 00d8 GS:  SS: 0068
[  218.776510] Process server.sh (pid: 6369, ti=f2df8000 task=f2d83ed0 
task.ti=f2df8000)
[  218.776513] Stack: f2e5c000 f2e5c2ac f2df9c94 c0255816 f2df9d60 f2e5c000 
f37010f4 f8f28028 
[  218.776519]f8f280e4  f2e5c000 f2df9d60 f8f152b4 f2df9d44 
f8f001c4 0032 
[  218.776526]c21c8618 0001 0046 f09e6399 0032 f2d83ed0 
c21c8620 c21cc180 
[  218.776533] Call Trace:
[  218.776535]  [c0255816] ? random32+0x16/0x20
[  218.776544]  [f8f001c4] ? rpc_create+0x74/0x210 [sunrpc]
[  218.776558]  [c014a72d] ? enqueue_hrtimer+0x7d/0x130
[  218.776563]  [c014b474] ? hrtimer_start+0xc4/0x1c0
[  218.776569]  [f8f0d7ed] ? rpcb_register_call+0x6d/0xe0 [sunrpc]
[  218.776585]  [c01acbb1] ? __slab_free+0x91/0xf0
[  218.776592]  [f8f0d8f8] ? rpcb_register+0x98/0xe0 [sunrpc]
[  218.776607]  [c01c7faa] ? generic_forget_inode+0x15a/0x180
[  218.776611]  [c01acb2e] ? __slab_free+0xe/0xf0
[  218.776618]  [f8f081fe] ? svc_register+0x9e/0x170 [sunrpc]
[  218.776632]  [c037e6dd] ? _spin_lock+0xd/0x10
[  218.776637]  [f8f08384] ? svc_destroy+0xb4/0x150 [sunrpc]
[  218.776651]  [f8f084b9] ? svc_exit_thread+0x99/0xb0 [sunrpc]
[  218.776665]  [f8f084b9] ? svc_exit_thread+0x99/0xb0 [sunrpc]
[  218.776679]  [f8f084c8] ? svc_exit_thread+0xa8/0xb0 [sunrpc]
[  218.776694]  [f8e2f702] ? lockd_down+0x42/0x90 [lockd]
[  218.776702]  [f8e2d092] ? nlmclnt_done+0x12/0x20 [lockd]
[  218.776709]  [f8f888c0] ? nfs_destroy_server+0x20/0x30 [nfs]
[  218.776722]  [f8f88cf0] ? nfs_free_server+0x70/0x110 [nfs]
[  218.776732]  [c01b40d7] ? kill_anon_super+0x37/0x40
[  218.776737]  [f8f94b10] ? nfs_kill_super+0x30/0x40 [nfs]
[  218.776750]  [c01eb240] ? vfs_quota_off+0x0/0x380
[  218.776754]  [c01b4364] ? deactivate_super+0x64/0x90
[  218.776758]  [c01cb170] ? mntput_no_expire+0xc0/0x120
[  218.776763]  [c01cb252] ? release_mounts+0x82/0x90
[  218.776766]  [c01cafef] ? umount_tree+0x11f/0x150
[  218.776770]  [c01cb2d1] ? __put_mnt_ns+0x71/0x90
[  218.776774]  [c014bacf] ? free_nsproxy+0x5f/0x70
[  218.776777]  [c014bb25] ? switch_task_namespaces+0x45/0x60
[  218.776781]  [c014bb4f] ? exit_task_namespaces+0xf/0x20
[  218.776785]  [c0135b8a] ? exit_notify+0x1a/0x180
[  218.776789]  [c0135e92] ? do_exit+0x1a2/0x360
[  218.776793]  [c01b26cd] ? vfs_read+0x9d/0x110
[  218.776796]  [c01b1e40] ? do_sync_read+0x0/0x120
[  218.776800]  [c0136085] ? do_group_exit+0x35/0xa0
[  218.776803]  [c0136108] ? sys_exit_group+0x18/0x20
[  218.776807]  [c0103f7b] ? sysenter_do_call+0x12/0x2f
[  218.776811]  [c037] ? netdev_exit+0x10/0x20
[  218.776815]  ===
[  218.776816] Code: 88 d1 00 00 00 8b 55 dc 8b 42 20 89 da e8 1c 70 00 00 3d 
00 f0 ff ff 89 c7 0f 87 83 00 00 00 64 a1 00 c0 50 c0 8b 80 cc 03 00 00 8b 40 
04 83 c0 45 e8 78 42 35 c7 83 f8 20 89 43 4c 7e 07 c7 43