Description of problem: The kernel panics when an already inserted rpcsec_gss_krb5 kernel module is removed (rmmod) and re-inserted (insmod or modprobe). The bug has already been fixed in the upstream mainline kernel. Version-Release number of selected component (if applicable): * RHEL 5.4 * kernel-2.6.18-164.el5 How reproducible: * Always Steps to Reproduce: 1. Make sure the kernel module "rpcsec_gss_krb5" is inserted 2. rmmod rpcsec_gss_krb5 3. modprobe rpcsec_gss_krb5 Actual results: * Kernel Panic Expected results: * The kernel module rpcsec_gss_krb5 should be inserted and the kernel should not panic. Additional info: * Oops message: ------------------------------------------------------------ Unable to handle kernel paging request at 000000000dca2015 RIP: [<ffffffff883cc0fc>] :sunrpc:auth_domain_put+0x23/0x4d PGD 16520067 PUD 16b4d067 PMD 0 Oops: 0002 [1] SMP last sysfs file: /block/dm-1/range CPU 0 Modules linked in: rpcsec_gss_krb5 auth_rpcgss autofs4 hidp rfcomm l2cap bluetooth lockd sunrpc ip6t_REJECT xt_tcpudp ip6table_filter ip6_tables x_tables ipv6 xfrm_nalgo crypto_api dm_multipath scsi_dh video hwmon backlight sbs i2c_ec button battery asus_acpi acpi_memhotplug ac parport_pc lp parport floppy 8139too virtio_pci 8139cp i2c_piix4 ide_cd virtio_ring i2c_core virtio mii cdrom serio_raw pcspkr dm_raid45 dm_message dm_region_hash dm_mem_cache dm_snapshot dm_zero dm_mirror dm_log dm_mod ata_piix libata sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd ehci_hcd Pid: 2657, comm: insmod Not tainted 2.6.18-164.el5 #1 RIP: 0010:[<ffffffff883cc0fc>] [<ffffffff883cc0fc>] :sunrpc:auth_domain_put+0x23/0x4d RSP: 0000:ffff810016181ed8 EFLAGS: 00010202 RAX: 12b1801529ba3cc8 RBX: ffff81001ca8b900 RCX: ffff81001ca8b908 RDX: 000000000dca2015 RSI: ffffffff883e5a40 RDI: ffffffff883e5a40 RBP: ffff810016e9f5a0 R08: 73732f6b72623508 R09: ffff810016e9f5a9 R10: 0000000000000000 R11: 0000000000000000 R12: 000000000005f373 R13: ffffffff8849c127 R14: 0000000000000000 R15: ffffffff8848ae3e FS: 00002b97168ca210(0000) GS:ffffffff803c0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 000000000dca2015 CR3: 0000000016912000 CR4: 00000000000006e0 Process insmod (pid: 2657, threadinfo ffff810016180000, task ffff810014bc3100) Stack: ffff81001ca8b900 ffffffff88488b1b ffff810016e9f5a0 ffffffff8849d440 ffffffff8849d3a0 ffffffff88487e60 ffff81001d56b040 ffffffff8849d500 00000000127b5030 000000000000bb98 00000000127b5050 0000000000010000 Call Trace: [<ffffffff88488b1b>] :auth_rpcgss:svcauth_gss_register_pseudoflavor+0x86/0x9c [<ffffffff88487e60>] :auth_rpcgss:gss_mech_register+0x8e/0x112 [<ffffffff8825f00d>] :rpcsec_gss_krb5:init_kerberos_module+0xd/0x25 [<ffffffff800a5a2e>] sys_init_module+0xaf/0x1f2 [<ffffffff8005d28d>] tracesys+0xd5/0xe0 Code: 48 89 02 74 04 48 89 50 08 48 c7 41 08 00 02 20 00 48 8b 43 RIP [<ffffffff883cc0fc>] :sunrpc:auth_domain_put+0x23/0x4d RSP <ffff810016181ed8> ------------------------------------------------------------ ------------------------------------------------------------ crash> bt PID: 2657 TASK: ffff810014bc3100 CPU: 0 COMMAND: "insmod" #0 [ffff810016181c30] crash_kexec at ffffffff800ac5b9 #1 [ffff810016181cf0] __die at ffffffff80065127 #2 [ffff810016181d30] do_page_fault at ffffffff80066da7 #3 [ffff810016181e20] error_exit at ffffffff8005dde9 [exception RIP: auth_domain_put+35] RIP: ffffffff883cc0fc RSP: ffff810016181ed8 RFLAGS: 00010202 RAX: 12b1801529ba3cc8 RBX: ffff81001ca8b900 RCX: ffff81001ca8b908 RDX: 000000000dca2015 RSI: ffffffff883e5a40 RDI: ffffffff883e5a40 RBP: ffff810016e9f5a0 R8: 73732f6b72623508 R9: ffff810016e9f5a9 R10: 0000000000000000 R11: 0000000000000000 R12: 000000000005f373 R13: ffffffff8849c127 R14: 0000000000000000 R15: ffffffff8848ae3e ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0000 #4 [ffff810016181ed0] auth_domain_put at ffffffff883cc0e9 #5 [ffff810016181ee0] svcauth_gss_register_pseudoflavor at ffffffff88488b1b #6 [ffff810016181f00] gss_mech_register at ffffffff88487e60 #7 [ffff810016181f50] sys_init_module at ffffffff800a5a2e #8 [ffff810016181f80] tracesys at ffffffff8005d28d (via system_call) RIP: 0000003e3cad408a RSP: 00007fff389e3378 RFLAGS: 00000206 RAX: ffffffffffffffda RBX: ffffffff8005d28d RCX: ffffffffffffffff RDX: 00000000127b5030 RSI: 000000000000bb98 RDI: 00000000127b5050 RBP: 000000000000bb98 R8: 0000000000010010 R9: 0000000000000003 R10: ffffffffffffffff R11: 0000000000000206 R12: 00007fff389e3bd3 R13: 0000000000000003 R14: 00000000127b5050 R15: 0000000000010000 ORIG_RAX: 00000000000000af CS: 0033 SS: 002b ------------------------------------------------------------ * The mainline kernel commit that fixes the bug: ------------------------------------------------------------ commit cb276805803b8e0616159d80a441ab26a931ada4 Author: J. Bruce Fields <bfields.edu> Date: Mon Jul 23 18:43:52 2007 -0700 nfsd: fix possible oops on re-insertion of rpcsec_gss modules The handling of the re-registration case is wrong here; the "test" that was returned from auth_domain_lookup will not be used again, so that reference should be put. And auth_domain_lookup never did anything with "new" in this case, so we should just clean it up ourself. Thanks to Akinobu Mita for bug report, analysis, and testing. ------------------------------------------------------------
Created attachment 397469 [details] Patch
in kernel-2.6.18-199.el5 You can download this test kernel from http://people.redhat.com/jwilson/el5 Please update the appropriate value in the Verified field (cf_verified) to indicate this fix has been successfully verified. Include a comment with verification details.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2011-0017.html