Bug 2018248

Summary: [RGW-NFS] export at user-level crash on readdir
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Matt Benjamin (redhat) <mbenjamin>
Component: RGWAssignee: Matt Benjamin (redhat) <mbenjamin>
Status: CLOSED ERRATA QA Contact: Tejas <tchandra>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.2CC: cbodley, ceph-eng-bugs, gsitlani, kbader, mbenjamin, tchandra, tserlin, vereddy
Target Milestone: ---   
Target Release: 5.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-16.2.6-24.el8cp Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-04-04 10:22:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2017821    

Description Matt Benjamin (redhat) 2021-10-28 15:43:22 UTC 
Description of problem:

Oct 25 10:45:37 dael conmon[2737231]: *** Caught signal (Segmentation fault) **
Oct 25 10:45:37 dael conmon[2737231]:  in thread 7f41bc555700 thread_name:ganesha.nfsd
Oct 25 10:45:37 dael conmon[2737231]:  ceph version 17.0.0-7183-g54142666 (54142666e5705ced88e3e2d91ddc0ff29867a362) quincy (dev)
Oct 25 10:45:37 dael conmon[2737231]:  1: /lib64/libpthread.so.0(+0x12b20) [0x7f4219fceb20]
Oct 25 10:45:37 dael conmon[2737231]:  2: (rgw::ARN::ARN(rgw_bucket const&)+0x42) [0x7f41daf97262]
Oct 25 10:45:37 dael conmon[2737231]:  3: (verify_bucket_permission(DoutPrefixProvider const*, perm_state_base*, rgw_bucket const&, RGWAccessControlPolicy*, RGWAccessControlPolicy*, boost::optional<rgw::IAM::Policy> const&, std::vector<rgw::IAM::Policy, std::allocator<rgw::IAM::Policy> > const&, std::vector<rgw::IAM::Policy, std::allocator<rgw::IAM::Policy> > const&, unsigned long)+0xa2) [0x7f41dab95442]
Oct 25 10:45:37 dael conmon[2737231]:  4: (verify_bucket_permission(DoutPrefixProvider const*, req_state*, unsigned long)+0x83) [0x7f41dab96283]
Oct 25 10:45:37 dael conmon[2737231]:  5: (RGWListBucket::verify_permission(optional_yield)+0x12e) [0x7f41dac6079e]
Oct 25 10:45:37 dael conmon[2737231]:  6: (rgw::RGWLibProcess::process_request(rgw::RGWLibRequest*, rgw::RGWLibIO*)+0xd85) [0x7f41daada955]
Oct 25 10:45:37 dael conmon[2737231]:  7: (rgw::RGWLibProcess::process_request(rgw::RGWLibRequest*)+0x49) [0x7f41daadbaf9]
Oct 25 10:45:37 dael conmon[2737231]:  8: (rgw::RGWFileHandle::readdir(bool (*)(char const*, void*, unsigned long, stat*, unsigned int, unsigned int), void*, boost::variant<unsigned long*, char const*>, bool*, unsigned int)+0x184) [0x7f41daaf02d4]
Oct 25 10:45:37 dael conmon[2737231]:  9: rgw_readdir2()
Oct 25 10:45:37 dael conmon[2737231]:  10: /usr/lib64/ganesha/libfsalrgw.so(+0x5100) [0x7f41fc3e9100]
Oct 25 10:45:37 dael conmon[2737231]:  11: /lib64/libganesha_nfsd.so.3.5(+0x1278f7) [0x7f421bd718f7]
Oct 25 10:45:37 dael conmon[2737231]:  12: /lib64/libganesha_nfsd.so.3.5(+0x129173) [0x7f421bd73173]
Oct 25 10:45:37 dael conmon[2737231]:  13: fsal_readdir()
Oct 25 10:45:37 dael conmon[2737231]:  14: /lib64/libganesha_nfsd.so.3.5(+0xe7d95) [0x7f421bd31d95]
Oct 25 10:45:37 dael conmon[2737231]:  15: /lib64/libganesha_nfsd.so.3.5(+0xcf78f) [0x7f421bd1978f]
Oct 25 10:45:37 dael conmon[2737231]:  16: /lib64/libganesha_nfsd.so.3.5(+0xd0927) [0x7f421bd1a927]
Oct 25 10:45:37 dael conmon[2737231]:  17: /lib64/libganesha_nfsd.so.3.5(+0x50c46) [0x7f421bc9ac46]
Oct 25 10:45:37 dael conmon[2737231]:  18: /lib64/libntirpc.so.3.5(+0x25800) [0x7f421ba28800]
Oct 25 10:45:37 dael conmon[2737231]:  19: /lib64/libntirpc.so.3.5(+0x22bf9) [0x7f421ba25bf9]
Oct 25 10:45:37 dael conmon[2737231]:  20: /lib64/libntirpc.so.3.5(+0x235d8) [0x7f421ba265d8]
Oct 25 10:45:37 dael conmon[2737231]:  21: /lib64/libntirpc.so.3.5(+0x2e65d) [0x7f421ba3165d]
Oct 25 10:45:37 dael conmon[2737231]:  22: /lib64/libp

Version-Release number of selected component (if applicable):


How reproducible:
100%


Steps to Reproduce:
     

I'm reproducing this with this branch: https://github.com/liewegas/ceph/tree/nfs-rgw-by-user

bin/radosgw-admin user create --uid sage --display-name 'sage weil'
bin/ceph nfs cluster create foo --port 12345
bin/ceph nfs export create rgw foo /sage  --user-id sage


then on another host,

mount -t <ip>:/sage /mnt/foo -o port=12345
ls /mnt/foo   # triggers the crash
Comment 10 errata-xmlrpc 2022-04-04 10:22:22 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:1174
Comment 11 Red Hat Bugzilla 2023-09-15 01:16:48 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days