Bug 1703316

Summary: [RHEL7] nvme show-regs /dev/nvme0 failed with nvme-cli-1.8.1-1.el7
Product: Red Hat Enterprise Linux 7 Reporter: Zhang Yi <yizhan>
Component: nvme-cliAssignee: David Milburn <dmilburn>
Status: CLOSED ERRATA QA Contact: Zhang Yi <yizhan>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.7CC: dmilburn
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1704515 (view as bug list) Environment:
Last Closed: 2019-08-06 13:17:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1704515    

Description Zhang Yi 2019-04-26 03:44:21 UTC 
Description of problem:
[RHEL7]nvme show-regs /dev/nvme0 failed with nvme-cli-1.8.1-1.el7

Version-Release number of selected component (if applicable):
nvme-cli-1.8.1-1.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
[FAIL][16:38:09][storageqe-62.rhts.eng.pek2.redhat.com]nvme show-regs /dev/nvme0 -H
STDOUT:
STDERR:*** Error in `nvme': double free or corruption (top): 0x0000000000f02fe0 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x81679)[0x7f35ecce5679]
nvme[0x41a1e7]
nvme[0x40ca21]
nvme[0x420580]
nvme[0x401c41]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7f35ecc86505]
nvme[0x401d23]
======= Memory map: ========
00400000-00453000 r-xp 00000000 fd:00 34453526                           /usr/sbin/nvme
00652000-00653000 r--p 00052000 fd:00 34453526                           /usr/sbin/nvme
00653000-00655000 rw-p 00053000 fd:00 34453526                           /usr/sbin/nvme
00655000-00656000 rw-p 00000000 00:00 0 
00f02000-00f23000 rw-p 00000000 00:00 0                                  [heap]
7f35e0000000-7f35e0021000 rw-p 00000000 00:00 0 
7f35e0021000-7f35e4000000 ---p 00000000 00:00 0 
7f35e6524000-7f35e6539000 r-xp 00000000 fd:00 33554508                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f35e6539000-7f35e6738000 ---p 00015000 fd:00 33554508                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f35e6738000-7f35e6739000 r--p 00014000 fd:00 33554508                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f35e6739000-7f35e673a000 rw-p 00015000 fd:00 33554508                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f35e673a000-7f35ecc64000 r--p 00000000 fd:00 1902                       /usr/lib/locale/locale-archive
7f35ecc64000-7f35ece27000 r-xp 00000000 fd:00 33599881                   /usr/lib64/libc-2.17.so
7f35ece27000-7f35ed027000 ---p 001c3000 fd:00 33599881                   /usr/lib64/libc-2.17.so
7f35ed027000-7f35ed02b000 r--p 001c3000 fd:00 33599881                   /usr/lib64/libc-2.17.so
7f35ed02b000-7f35ed02d000 rw-p 001c7000 fd:00 33599881                   /usr/lib64/libc-2.17.so
7f35ed02d000-7f35ed032000 rw-p 00000000 00:00 0 
7f35ed032000-7f35ed036000 r-xp 00000000 fd:00 33600005                   /usr/lib64/libuuid.so.1.3.0
7f35ed036000-7f35ed235000 ---p 00004000 fd:00 33600005                   /usr/lib64/libuuid.so.1.3.0
7f35ed235000-7f35ed236000 r--p 00003000 fd:00 33600005                   /usr/lib64/libuuid.so.1.3.0
7f35ed236000-7f35ed237000 rw-p 00004000 fd:00 33600005                   /usr/lib64/libuuid.so.1.3.0
7f35ed237000-7f35ed259000 r-xp 00000000 fd:00 33599874                   /usr/lib64/ld-2.17.so
7f35ed44a000-7f35ed44d000 rw-p 00000000 00:00 0 
7f35ed456000-7f35ed458000 rw-p 00000000 00:00 0 
7f35ed458000-7f35ed459000 r--p 00021000 fd:00 33599874                   /usr/lib64/ld-2.17.so
7f35ed459000-7f35ed45a000 rw-p 00022000 fd:00 33599874                   /usr/lib64/ld-2.17.so
7f35ed45a000-7f35ed45b000 rw-p 00000000 00:00 0 
7ffe9156d000-7ffe9158e000 rw-p 00000000 00:00 0                          [stack]
7ffe915f2000-7ffe915f4000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
RETURN:134

Actual results:


Expected results:


Additional info:
seems bellow patch fixed it.

commit d16e1d2784a48c9b25e58a0e821c737670c6cdc8
Author: Minwoo Im <minwoo.im>
Date:   Wed Apr 24 01:46:29 2019 +0100

    ioctl: Fix double-free in a loop of get_property
    
    As it was reported, *pbar could be double-freed in case
    get_property_helper() fails in the middle of the loop.
    
    This issue was reported by Ken Heitke on:
      https://github.com/linux-nvme/nvme-cli/pull/471
    
    Signed-off-by: Minwoo Im <minwoo.im>
Comment 2 David Milburn 2019-04-26 07:44:51 UTC 
Thanks Yi.
Comment 4 David Milburn 2019-04-29 21:15:09 UTC 
Hi Yi,

Do you want to clone for RHEL8 and qa_ack the BZ?

We should need the same fix. Thanks.
Comment 5 Zhang Yi 2019-04-30 02:31:28 UTC 
(In reply to David Milburn from comment #4)
> Hi Yi,
> 
> Do you want to clone for RHEL8 and qa_ack the BZ?
> 
> We should need the same fix. Thanks.

Yes, I've cloned it. :)


Thanks
YI
Comment 8 Zhang Yi 2019-05-08 02:43:54 UTC 
Verified with nvme-cli-1.8.1-2.el7.x86_64, move this bug to VERIFIED.
Comment 11 errata-xmlrpc 2019-08-06 13:17:54 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2317