Bug 730000 - segfault in nfs-utils-1.2.3-7.el6 when showmount -a is run after umount
Summary: segfault in nfs-utils-1.2.3-7.el6 when showmount -a is run after umount
Keywords:
Status: CLOSED DUPLICATE of bug 723438
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: nfs-utils
Version: 6.1
Hardware: x86_64
OS: Linux
high
medium
Target Milestone: rc
: ---
Assignee: Steve Dickson
QA Contact: yanfu,wang
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-08-11 14:00 UTC by Jon Magrini
Modified: 2018-11-14 11:09 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-08-11 22:01:30 UTC


Attachments (Terms of Use)
coredump details (4.25 MB, application/x-bzip)
2011-08-11 14:00 UTC, Jon Magrini
no flags Details
kbase (14.67 KB, application/pdf)
2011-08-11 14:05 UTC, Jon Magrini
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Legacy) 60829 None None None Never

Description Jon Magrini 2011-08-11 14:00:23 UTC
Created attachment 517813 [details]
coredump details

Description of problem:
rpc.mountd segfault on NFSv3 server after "umount" followed by "showmount -a" on client system

Version-Release number of selected component (if applicable):

NFS Server:

kernel: 2.6.32-131.6.1.el6.x86_64
arch: x86_64
nfs: 
nfs-utils-1.2.3-7.el6.x86_64
nfs4-acl-tools-0.3.3-5.el6.x86_64
nfs-utils-lib-1.1.5-3.el6.x86_64

# cat /etc/exports 
/san_disk *(rw,fsid=0,sync,all_squash,anonuid=500,anongid=500)

[root@bignasty ~]# showmount -e 
Export list for bignasty.usersys.redhat.com:
/san_disk *


Client: 

kernel: 2.6.32-131.6.1.el6.x86_64
arch: x86_64
nfs: 
nfs-utils-lib-1.1.5-3.el6.x86_64
nfs4-acl-tools-0.3.3-5.el6.x86_64
nfs-utils-1.2.3-7.el6.x86_64

How reproducible:
repeatable

Steps to Reproduce:
1. Create nfs export on server
2. Client mounts export
mount -t nfs <ip>:/san_disk -o nfsvers=3,nolock /mnt/nfs_share/
3. On client, run showmount -a <server_ip>
4. On client, unmount /mnt/nfs_share
5. On client, run showmount -a <server_ip>
6. segfault occurs on nfs server

More Details: 
Server: 
# cat /etc/exports 
/san_disk *(rw,fsid=0,sync,all_squash,anonuid=500,anongid=500)

# showmount -e 
Export list for <nfs_server>:
/san_disk *

Client: 
# mount -t nfs <server_ip>:/san_disk -o nfsvers=3,nolock /mnt/nfs_share/
# mount
...
<ip>:/san_disk on /mnt/nfs_share type nfs (rw,nfsvers=3,nolock,addr=<server_ip>)

# showmount -a <server_ip>
All mount points on <server_ip>:
<client_ip>:/san_disk

# umount /mnt/nfs_share/
# showmount -a <server_ip>
rpc mount dump: RPC: Unable to receive; errno = Connection reset by peer
  
Actual results:
Aug 11 09:09:57 bignasty rpc.mountd[3785]: Version 1.2.3 starting
Aug 11 09:12:22 bignasty rpc.mountd[3785]: authenticated mount request from <client_ip>:873 for /san_disk (/san_disk)
Aug 11 09:12:48 bignasty rpc.mountd[3785]: authenticated unmount request from <client_ip>:1023 for /san_disk (/san_disk)
Aug 11 09:13:11 bignasty kernel: __ratelimit: 414 callbacks suppressed
Aug 11 09:13:11 bignasty kernel: rpc.mountd[3785] general protection ip:7f886cfc886f sp:7fff57180fd8 error:0 in libc-2.12.so[7f886cea2000+187000]
Aug 11 09:13:11 bignasty abrt[4065]: saved core dump of pid 3785 (/usr/sbin/rpc.mountd) to /var/spool/abrt/ccpp-1313068391-3785.new/coredump (761856 bytes)
Aug 11 09:13:11 bignasty abrtd: Directory 'ccpp-1313068391-3785' creation detected
Aug 11 09:13:11 bignasty abrtd: Crash is in database already (dup of /var/spool/abrt/ccpp-1313021207-29619)
Aug 11 09:13:11 bignasty abrtd: Deleting crash ccpp-1313068391-3785 (dup of ccpp-1313021207-29619), sending dbus signal

Expected results:
no segfault, and command exists cleanly.

Comment 2 Jon Magrini 2011-08-11 14:05:24 UTC
Created attachment 517816 [details]
kbase

Comment 3 Dave Wysochanski 2011-08-11 14:07:03 UTC
Just verified that the patch from fedora bug 669065 is not in
nfs-utils-1.2.3-7.el6, so this should be a simple backport of that one-line
patch:

diff -rNup nfs-utils-1.2.3_orig/utils/mountd/rmtab.c
nfs-utils-1.2.3/utils/mountd/rmtab.c
--- nfs-utils-1.2.3/utils/mountd/rmtab.c 2010-09-28 14:24:16.000000000 +0200
+++ nfs-utils-1.2.3/utils/mountd/rmtab.c 2011-01-12 14:44:22.320000000 +0100
@@ -205,6 +205,7 @@ mountlist_list(void)
  }
  if (stb.st_mtime != last_mtime) {
   mountlist_freeall(mlist);
+  mlist=NULL;
   last_mtime = stb.st_mtime;

   setrmtabent("r");

Comment 4 Steve Dickson 2011-08-11 22:01:30 UTC

*** This bug has been marked as a duplicate of bug 723438 ***


Note You need to log in before you can comment on or make changes to this bug.