Project

General

Profile

Bug #7342

kernel crash in rpcsec_gss after using gsscred

Added by Pavel Cahyna about 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
nfs - NFS server and client
Start date:
2016-08-30
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

After playing with gsscred (adding and changing principals to the table, restarting svc:/network/rpc/gss:default and testing with a NFS client) the kernel crashed with

# echo '::msgbuf' | mdb 0
MESSAGE                                                               
(...)
panic[cpu0]/thread=fffff0007d42dc40: 
BAD TRAP: type=e (#pf Page fault) rp=fffff0007d42d750 addr=1c occurred in module
 "tl" due to a NULL pointer dereference

sched: 
#pf Page fault
Bad kernel fault at addr=0x1c
pid=0, pc=0xfffffffff7f60120, sp=0xfffff0007d42d840, eflags=0x10246
cr0: 8005003b<pg,wp,ne,et,ts,mp,pe> cr4: 426f8<osxsav,vmxe,xmme,fxsr,pge,mce,pae
,pse,de>
cr2: 1c
cr3: c000000
cr8: 0

        rdi: fffff011659c2188 rsi: fffff011cf57c060 rdx:                0
        rcx: fffff0117592025c  r8:                0  r9:                0
        rax:               e8 rbx: fffff011cf57c060 rbp: fffff0007d42d870
        r10: 9382c13a1dc85b65 r11:         1c976f33 r12: fffff011659c2188
        r13:                0 r14:                0 r15:                0
        fsb:                0 gsb: fffffffffbc30c40  ds:               4b
         es:               4b  fs:                0  gs:              1c3
        trp:                e err:                0 rip: fffffffff7f60120
         cs:               30 rfl:            10246 rsp: fffff0007d42d840
         ss:               38

fffff0007d42d630 unix:die+df ()
fffff0007d42d740 unix:trap+db3 ()
fffff0007d42d750 unix:cmntrap+e6 ()
fffff0007d42d870 tl:tl_wput+f0 ()
fffff0007d42d8e0 unix:put+1b5 ()
fffff0007d42d950 rpcmod:svc_cots_ksend+8f ()
fffff0007d42d9d0 rpcmod:svc_sendreply+57 ()
fffff0007d42db30 rpcsec_gss:do_gss_accept+443 ()
fffff0007d42db60 rpcsec_gss:svcrpcsec_gss_taskq_func+2f ()
fffff0007d42dc20 genunix:taskq_thread+2d0 ()
fffff0007d42dc30 unix:thread_start+8 ()

syncing file systems...
 done
dumping to /dev/zvol/dsk/rpool/dump, offset 65536, content: kernel
NOTICE: ahci1: ahci_tran_reset_dport port 0 reset port
NOTICE: ahci1: ahci_tran_reset_dport port 1 reset port

I have seen this bug both on OpenIndiana oi_151a7 and omnios-c91bcdf.

Related issues

Is duplicate of illumos gate - Bug #3354: kernel crash in rpcsec_gss after using gsscredClosedAndy Fiddaman2012-11-13

Actions
#1

Updated by Marcel Telka about 4 years ago

  • Category set to nfs - NFS server and client

This looks like a duplicate of bug #3354.

#2

Updated by Marcel Telka about 4 years ago

  • Is duplicate of Bug #3354: kernel crash in rpcsec_gss after using gsscred added
#3

Updated by Pavel Cahyna about 4 years ago

Is it still useful to reproduce the issue with kmem_flags=0xf ?

#4

Updated by Marcel Telka about 4 years ago

IIRC, when I looked at #3354 almost 4 years ago I found the root cause (it is some sort of race, IIRC) and I started to work on the fix, but had no time to complete the work. So no, the repro with kmem_flags=0xf is not needed.

#5

Updated by Dan McDonald almost 4 years ago

An OmniOS customer is reporting a similar problem with r151014.

#6

Updated by Marcel Telka almost 4 years ago

  • Status changed from New to Closed

Closing. This is a duplicate of #3354.

Also available in: Atom PDF