Bug 241106 - rpc.svcgssd with krb5 segfault
rpc.svcgssd with krb5 segfault
Status: CLOSED DUPLICATE of bug 235055
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: nfs-utils (Show other bugs)
4.4
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Steve Dickson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-05-24 03:28 EDT by Markus Boelter
Modified: 2007-11-16 20:14 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-06-21 19:26:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Markus Boelter 2007-05-24 03:28:49 EDT
Description of problem:

rpc.svcgssd segaults when nfs-mounting (3 and 4) from a client with sed=krb5 enabled.


Version-Release number of selected component (if applicable):

[root@dolly ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux AS release 4 (Nahant Update 4)
[root@dolly ~]# uname -a
Linux dolly 2.6.9-42.ELsmp #1 SMP Wed Jul 12 23:32:02 EDT 2006 x86_64 x86_64 x86_64 GNU/Linux
Latest nfs-utils rpms from RHN:
[root@dolly ~]# rpm -qa|grep nfs
nfs-utils-lib-1.0.6-8
system-config-nfs-1.2.8-1
nfs-utils-1.0.6-80.EL4

How reproducible:
rpc.svcgssd ist started with -vvvv

Client:
marie# mount -t nfs4 -o sec=krb5  dolly:/export /dolly/

Serverog entries:
May 24 09:24:46 dolly rpc.svcgssd[2965]: leaving poll 
May 24 09:24:46 dolly rpc.svcgssd[2965]: handling null request 
May 24 09:24:46 dolly rpc.svcgssd[2965]: sname = nfs/marie.micronas.com@MICRONAS.COM 
May 24 09:24:46 dolly rpc.svcgssd[2965]: libnfsidmap: using domain: micronas.com 
May 24 09:24:46 dolly rpc.svcgssd[2965]: libnfsidmap: using translation method: nsswitch 
May 24 09:24:46 dolly rpc.svcgssd[2965]: nss_getpwnam: name 'nfs/
marie.micronas.com@MICRONAS.COM' domain '(null)': resulting localname 'nfs/marie.micronas.com' 
May 24 09:24:46 dolly kernel: rpc.svcgssd[2965]: segfault at 0000000000000000 rip 
0000000000000000 rsp 0000007fbfffd598 error 14


Actual results:
rpc.svcgssd is gone.


Additional info:
The server "dolly" can act as a NFSv4 client w/o problems when mounting from a Solaris 10 Fileserver. 
Machine credentials and krb5.conf should be valid. The problem is related only to rpc.svcgssd.

My next steps:
- get and install nfs-utils-debuginfo
- try to get a core file and attach it to the bug
- attach an strace output to the bug
- try this on x86 machine with identical setup
Comment 1 Markus Boelter 2007-05-24 07:35:48 EDT
gdb backtrace after debuginfo-rpm: (uploading attachements to bugzilla seems broken)

[...]
Loaded symbols for /lib64/libnsl.so.1
#0  0x0000000000000000 in ?? ()
(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x00000031fb30abd2 in clntudp_create () from /usr/lib64/librpcsecgss.so.1
#2  0x0000003e48705e0d in do_ypcall () from /lib64/libnsl.so.1
#3  0x0000003e487064f6 in yp_match () from /lib64/libnsl.so.1
#4  0x0000002a956f260c in _nss_nis_getpwnam_r () from /lib64/libnss_nis.so.2
#5  0x0000003e4048e85e in getpwnam_r@@GLIBC_2.2.5 () from /lib64/tls/libc.so.6
#6  0x00000031fb502f0a in nfs4_set_debug () from /usr/lib64/libnfsidmap.so.0
#7  0x00000031fb5031bd in nfs4_set_debug () from /usr/lib64/libnfsidmap.so.0
#8  0x00000031fb502a95 in nfs4_gss_princ_to_ids () from /usr/lib64/libnfsidmap.s
o.0
#9  0x00000000004026e7 in handle_nullreq (f=0x609f30) at svcgssd_proc.c:218
#10 0x0000000000401fea in gssd_run () at svcgssd_main_loop.c:83
#11 0x0000000000401dd1 in main (argc=Variable "argc" is not available.
) at svcgssd.c:237
#12 0x0000003e4041c3fb in __libc_start_main () from /lib64/tls/libc.so.6
#13 0x0000000000401a5a in _start ()
#14 0x0000007fbffff9b8 in ?? ()
#15 0x000000000000001c in ?? ()
#16 0x0000000000000003 in ?? ()
#17 0x0000007fbffffbb1 in ?? ()
#18 0x0000007fbffffbbd in ?? ()
#19 0x0000007fbffffbc3 in ?? ()
#20 0x0000000000000000 in ?? ()
(gdb) 

Comment 2 Markus Boelter 2007-05-24 08:20:33 EDT
gdb Backtrace after installing nfs-utils-lib-debuginfo-1.0.6-8:

#0  0x0000000000000000 in ?? ()
(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x00000031fb30abd2 in clntudp_call (cl=0x60e090, proc=Variable "proc" is not available.
) at clnt_udp.c:262
#2  0x0000003e48705e0d in do_ypcall () from /lib64/libnsl.so.1
#3  0x0000003e487064f6 in yp_match () from /lib64/libnsl.so.1
#4  0x0000002a956f260c in _nss_nis_getpwnam_r () from /lib64/libnss_nis.so.2
#5  0x0000003e4048e85e in getpwnam_r@@GLIBC_2.2.5 () from /lib64/tls/libc.so.6
#6  0x00000031fb502f0a in nss_getpwnam (name=0x60b160 "nfs/
marie.micronas.com@MICRONAS.COM", domain=0x0, err_p=0x7fbfffd5b4) at nss.c:177
#7  0x00000031fb5031bd in nss_gss_princ_to_ids (secname=Variable "secname" is not available.
) at nss.c:254
#8  0x00000031fb502a95 in nfs4_gss_princ_to_ids (secname=0x5054f0 "krb5", princ=0x60b160 "nfs/
marie.micronas.com@MICRONAS.COM", uid=0x7fbfffd634, gid=0x7fbfffd638) at libnfsidmap.c:243
#9  0x00000000004026e7 in handle_nullreq (f=0x609f60) at svcgssd_proc.c:218
#10 0x0000000000401fea in gssd_run () at svcgssd_main_loop.c:83
#11 0x0000000000401dd1 in main (argc=Variable "argc" is not available.
) at svcgssd.c:237
#12 0x0000003e4041c3fb in __libc_start_main () from /lib64/tls/libc.so.6
#13 0x0000000000401a5a in _start ()
#14 0x0000007fbffff9b8 in ?? ()
#15 0x000000000000001c in ?? ()
#16 0x0000000000000003 in ?? ()
#17 0x0000007fbffffbb1 in ?? ()
#18 0x0000007fbffffbbd in ?? ()
#19 0x0000007fbffffbc3 in ?? ()
#20 0x0000000000000000 in ?? ()
Comment 3 Markus Boelter 2007-05-25 05:02:08 EDT
After some searching in the internet I found this:

http://linux-nfs.org/pipermail/nfsv4/2006-March/003796.html

I disabled NIS in /etc/nsswitch.conf and now rpc.svcgssd doesn't crash anymore, but it's still not 
working:

[root@dolly ~]# rpc.svcgssd -vvvv -f 
entering poll
leaving poll
handling null request
sname = nfs/marie.micronas.com@MICRONAS.COM
doing downcall: mech krb5 channel /proc/net/rpc/auth.rpcsec.context/channel
finished handling null request
entering poll
Comment 4 Steve Dickson 2007-06-21 19:26:52 EDT

*** This bug has been marked as a duplicate of 235055 ***

Note You need to log in before you can comment on or make changes to this bug.