FS#20082 - [nfs-utils] rpc.gssd segfaults when trying to mount NFSv4 sec=krb5 shares

Attached to Project: Arch Linux
Opened by Christian Neukirchen (chneukirchen) - Monday, 05 July 2010, 19:37 GMT
Last edited by Tobias Powalowski (tpowa) - Friday, 26 August 2011, 12:50 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Tobias Powalowski (tpowa)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 3
Private No

Details

Description:
When trying to mount a kerberized NFSv4 share, id.gssd segfaults:

[root@nfs4client ~]# mount -vvv -t nfs4 -o sec=krb5 server.nfs4.test:/ /mnt
mount: fstab path: "/etc/fstab"
mount: mtab path: "/etc/mtab"
mount: lock path: "/etc/mtab~"
mount: temp path: "/etc/mtab.tmp"
mount: UID: 0
mount: eUID: 0
mount: spec: "server.nfs4.test:/"
mount: node: "/mnt"
mount: types: "nfs4"
mount: opts: "sec=krb5"
mount: external mount: argv[0] = "/sbin/mount.nfs4"
mount: external mount: argv[1] = "server.nfs4.test:/"
mount: external mount: argv[2] = "/mnt"
mount: external mount: argv[3] = "-v"
mount: external mount: argv[4] = "-o"
mount: external mount: argv[5] = "rw,sec=krb5"
mount.nfs4: timeout set for Mon Jul 5 21:31:42 2010
mount.nfs4: trying text-based options 'sec=krb5,addr=10.153.59.63,clientaddr=10.153.59.64'


Starting program: /usr/sbin/rpc.gssd -fnrrrvvv
[Thread debugging using libthread_db enabled]
Warning: rpcsec_gss library does not support setting debug level
beginning poll
handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt32)
handle_gssd_upcall: 'mech=krb5 uid=0 '
handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt32)
process_krb5_upcall: service is '<null>'
getting credentials for client with uid 0 for server server.nfs4.test
CC file '/tmp/krb5cc_machine_NFS4.TEST' being considered, with preferred realm 'NFS4.TEST'
CC file '/tmp/krb5cc_machine_NFS4.TEST'(nfs/client.nfs4.test@NFS4.TEST) passed all checks and has mtime of 1278358099
CC file '/tmp/krb5cc_0' being considered, with preferred realm 'NFS4.TEST'
CC file '/tmp/krb5cc_0'(nfs/client.nfs4.test@NFS4.TEST) passed all checks and has mtime of 1278357206
CC file '/tmp/krb5cc_machine_NFS4.TEST' is our current best match with mtime of 1278358099
using FILE:/tmp/krb5cc_machine_NFS4.TEST as credentials cache for client with uid 0 for server server.nfs4.test
using gss_krb5_ccache_name to select krb5 ccache FILE:/tmp/krb5cc_machine_NFS4.TEST
creating context using fsuid 0 (save_uid 0)
creating tcp client for server server.nfs4.test
DEBUG: port already set to 2049
creating context with server nfs@server.nfs4.test

Program received signal SIGSEGV, Segmentation fault.
0xb7a59c8e in __gss_get_mechanism_cred () from /usr/lib/libgssglue.so.1
(gdb) bt
#0 0xb7a59c8e in __gss_get_mechanism_cred () from /usr/lib/libgssglue.so.1
#1 0xb7a5ac2c in gss_init_sec_context () from /usr/lib/libgssglue.so.1
#2 0xb7f0e215 in authgss_refresh () from /usr/lib/libtirpc.so.1
#3 0xb7f0e67d in authgss_create () from /usr/lib/libtirpc.so.1
#4 0xb7f0e779 in authgss_create_default () from /usr/lib/libtirpc.so.1
#5 0x0804cbdc in ?? ()
#6 0x0804d0b5 in ?? ()
#7 0x0804d7c8 in ?? ()
#8 0x0804b7a8 in ?? ()
#9 0x0804b309 in ?? ()
#10 0xb7dbec76 in __libc_start_main () from /lib/libc.so.6
#11 0x0804a621 in ?? ()

Additional info:
* nfs-utils 1.2.2-3, heimdal 1.3.3-1
* Plain kinit works, I also see the mount AS-REQ, so this seems to be NFS-specific.
* Possibly related to http://bugs.gentoo.org/293593
This task depends upon

Closed by  Tobias Powalowski (tpowa)
Friday, 26 August 2011, 12:50 GMT
Reason for closing:  Fixed
Comment by Allan McRae (Allan) - Thursday, 08 July 2010, 06:22 GMT
Is this a recent occurrence? i.e. related to an update?
Comment by Christian Neukirchen (chneukirchen) - Sunday, 11 July 2010, 13:12 GMT
I never set it up before.

But nfs-utils 1.2.0 works.
Comment by Allan McRae (Allan) - Sunday, 11 July 2010, 13:20 GMT
With the latest heimdal?
Comment by Christian Neukirchen (chneukirchen) - Sunday, 11 July 2010, 13:28 GMT
nfs-utils 1.2.0 with 1.3.3-1.

I just built it locally and ran it from the build directory. But it does not crash.
Comment by Allan McRae (Allan) - Thursday, 15 July 2010, 04:19 GMT
Unassigning myself. Appears to be a nfs-utils issue.
Comment by Maxime de Roucy (akira86) - Monday, 25 October 2010, 00:09 GMT
same problem here ... it seams that heimdal can no longer be used by nfs-utils :
http://permalink.gmane.org/gmane.linux.nfsv4/11375

heimdal 1.3.3-1
nfs-utils 1.2.2-3
Comment by Maxime de Roucy (akira86) - Monday, 25 October 2010, 04:37 GMT
You should have a look at :
http://bugs.gentoo.org/293593

Diego is incredible ...
Comment by Maxime de Roucy (akira86) - Tuesday, 02 November 2010, 17:26 GMT
I just tried nfs-utils 1.2.2-4 from trunk and it didn't change anything.
I still get a broken pipe.

kernel: rpc.gssd[4453] general protection ip:7fc4f57d893e sp:7fff638da0d8 error:0 in libgssglue.so.1.0.0[7fc4f57d5000+8000]
Comment by Tobias Powalowski (tpowa) - Wednesday, 03 November 2010, 15:45 GMT
you need libtirpc too
Comment by Maxime de Roucy (akira86) - Wednesday, 03 November 2010, 16:02 GMT
I already have libtirpc ... but testing repositories aren't enable on my system (I downloaded nfs-utils 1.2.2-4 PKGBUILD and build/install it manually).

I just realised that you updated libtirpc to 0.2.1-2 to solve this bug (but it's still in testing).

I will try it this evening.
Do I need another package from testing to make it work ?

Thanks for your work :-)

PS : maybe 1.2.2-4 should have depend on libtirpc>=0.2.1-2
Comment by Maxime de Roucy (akira86) - Wednesday, 03 November 2010, 22:42 GMT
I just enable the testing repository and make an update...

It doesn't crash anymore .. but it doesn't work either, what I get is :
kernel: rpc.gssd[4487] general protection ip:7ff716a1f951 sp:7fffd47b50e8 error:0 in libgssglue.so.1.0.0[7ff716a1c000+8000]
kernel: RPC: AUTH_GSS upcall timed out.
kernel: Please check user daemon is running.

After that if try to kill the mount process ; the CPU load got to 100% and make the computer unresponsive, which lead to an hard reboot :-(
Comment by Maxime de Roucy (akira86) - Thursday, 04 November 2010, 00:15 GMT
I just enable the testing repository and make an update...

It doesn't crash anymore .. but it doesn't work either, what I get is :
kernel: rpc.gssd[4487] general protection ip:7ff716a1f951 sp:7fffd47b50e8 error:0 in libgssglue.so.1.0.0[7ff716a1c000+8000]
kernel: RPC: AUTH_GSS upcall timed out.
kernel: Please check user daemon is running.

After that if try to kill the mount process ; the CPU load got to 100% and make the computer unresponsive, which lead to an hard reboot :-(
Comment by Maxime de Roucy (akira86) - Thursday, 04 November 2010, 03:02 GMT
I just enable the testing repository and make an update...

It doesn't crash anymore .. but it doesn't work either, what I get is :
kernel: rpc.gssd[4487] general protection ip:7ff716a1f951 sp:7fffd47b50e8 error:0 in libgssglue.so.1.0.0[7ff716a1c000+8000]
kernel: RPC: AUTH_GSS upcall timed out.
kernel: Please check user daemon is running.

After that if try to kill the mount process ; the CPU load got to 100% and make the computer unresponsive, which lead to an hard reboot :-(
Comment by Allan McRae (Allan) - Thursday, 04 November 2010, 03:04 GMT
@akira86: Stop refreshing your browser
Comment by Dmitry Kuzmenko (mallrat) - Tuesday, 15 March 2011, 21:51 GMT
How is going? I've just got the same issue. My config is the following:
heimdal 1.3.3-4
nfs-utils 1.2.2-6
libtirpc 0.2.1-2
Comment by Tobias Powalowski (tpowa) - Thursday, 14 July 2011, 20:39 GMT
This issue should be fixed with krb5 and not using heimdal anymore.
Comment by Maxime de Roucy (akira86) - Tuesday, 19 July 2011, 10:58 GMT
Yes rpc.gssd doesn't crash anymore (I think you can close the bug) ... but this raise another bug :
https://bugs.archlinux.org/task/25169

Loading...