Bug#963746: marked as done (nfs-common: Random Segmentation Violations of rpc.gssd Daemon)

To: Salvatore Bonaccorso <carnil@debian.org>
Subject: Bug#963746: marked as done (nfs-common: Random Segmentation Violations of rpc.gssd Daemon)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Tue, 14 Sep 2021 17:09:05 +0000
Message-id: <[🔎] handler.963746.D963746.163163913717219.ackdone@bugs.debian.org>
Reply-to: 963746@bugs.debian.org
References: <YUDWXWmkj2yr2+7E@eldamar.lan> <11402ec870c542b39899772f64a264bf@tu-berlin.de>

Your message dated Tue, 14 Sep 2021 19:05:33 +0200
with message-id <YUDWXWmkj2yr2+7E@eldamar.lan>
and subject line Re: severity of 963746 is important, tagging 963746 ...
has caused the Debian Bug report #963746,
regarding nfs-common: Random Segmentation Violations of rpc.gssd Daemon
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
963746: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963746
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: "submit@bugs.debian.org" <submit@bugs.debian.org>
Subject: nfs-common: Random Segmentation Violations of rpc.gssd Daemon
From: "Kraus, Sebastian" <sebastian.kraus@tu-berlin.de>
Date: Fri, 26 Jun 2020 11:26:48 +0000
Message-id: <11402ec870c542b39899772f64a264bf@tu-berlin.de>

Package: nfs-common
Version: 1:1.3.4-2.5
OS Release: Buster

Dear all:

Since september 2019, the rpc.gssd user space daemon on the NFSv4 file servers (VMware ESXi virtualized hosts) of my department provokes random segmentation violations. Security flavour of NFS exports is set to sec=krb5p. 
Some monthes back, all NFS server were still running on Debian Stretch. I am about to migrate all "my" NFS file servers to Debian Buster. 
Unfortunately, the problem persists with Debian Buster using the most recent versions of nfs-common package and Linux Kernel. 
I now managed to get a backtrace of a recent segfault incident on Debian Buster. 

Here is the full backtrace:

root@server:~# coredumpctl debug
           PID: 6356 (rpc.gssd)
           UID: 0 (root)
           GID: 0 (root)
        Signal: 11 (SEGV)
     Timestamp: Thu 2020-06-25 11:46:08 CEST (21h ago)
  Command Line: /usr/sbin/rpc.gssd -vvvvvvv -rrrrrrr -t 3600 -T 10
    Executable: /usr/sbin/rpc.gssd
 Control Group: /system.slice/rpc-gssd.service
          Unit: rpc-gssd.service
         Slice: system.slice
       Boot ID: (obfuscated)
    Machine ID: (obfuscated)
      Hostname: all
       Storage: /var/lib/systemd/coredump/core.rpc\x2egssd.0.7f31136228274af0a1a855b91ad1e75c.6356.1593078368000000.lz4
       Message: Process 6356 (rpc.gssd) of user 0 dumped core.
                
                Stack trace of thread 14174:
                #0  0x000056233fff038e n/a (rpc.gssd)
                #1  0x000056233fff09f8 n/a (rpc.gssd)
                #2  0x000056233fff0b92 n/a (rpc.gssd)
                #3  0x000056233fff13b3 n/a (rpc.gssd)
                #4  0x00007fb2eb8dbfa3 start_thread (libpthread.so.0)
                #5  0x00007fb2eb80c4cf __clone (libc.so.6)
                
                Stack trace of thread 6356:
                #0  0x00007fb2eb801819 __GI___poll (libc.so.6)
                #1  0x00007fb2eb6e7207 send_dg (libresolv.so.2)
                #2  0x00007fb2eb6e4c43 __GI___res_context_query (libresolv.so.2)
                #3  0x00007fb2eb6bf536 __GI__nss_dns_gethostbyaddr2_r (libnss_dns.so.2)
                #4  0x00007fb2eb6bf823 _nss_dns_gethostbyaddr_r (libnss_dns.so.2)
                #5  0x00007fb2eb81dee2 __gethostbyaddr_r (libc.so.6)
                #6  0x00007fb2eb8267d5 gni_host_inet_name (libc.so.6)
                #7  0x000056233ffef455 n/a (rpc.gssd)
                #8  0x000056233ffef82c n/a (rpc.gssd)
                #9  0x000056233fff01d0 n/a (rpc.gssd)
                #10 0x00007fb2ebab49ba n/a (libevent-2.1.so.6)
                #11 0x00007fb2ebab5537 event_base_loop (libevent-2.1.so.6)
                #12 0x000056233ffedeaa n/a (rpc.gssd)
                #13 0x00007fb2eb73709b __libc_start_main (libc.so.6)
                #14 0x000056233ffee03a n/a (rpc.gssd)

GNU gdb (Debian 8.2.1-2+b3) 8.2.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/sbin/rpc.gssd...Reading symbols from /usr/lib/debug/.build-id/08/a9957ac98e4e5a68f9238c4d763a95e9b4d492.debug...done.
done.
[New LWP 14174]
[New LWP 6356]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/rpc.gssd -vvvvvvv -rrrrrrr -t 3600 -T 10'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x000056233fff038e in create_auth_rpc_client (clp=clp@entry=0x562341008fa0, tgtname=tgtname@entry=0x562341011c8f "host@client.domain.tu-berlin.de", clnt_return=clnt_return@entry=0x7fb2eaeb9de8, auth_return=auth_return@entry=0x7fb2eaeb9d50, uid=uid@entry=0, cred=cred@entry=0x0, authtype=0) at gssd_proc.c:352
352	gssd_proc.c: No such file or directory.
[Current thread is 1 (Thread 0x7fb2eaeba700 (LWP 14174))]

(gdb) bt full
#0  0x000056233fff038e in create_auth_rpc_client (clp=clp@entry=0x562341008fa0, tgtname=tgtname@entry=0x562341011c8f "host@client.domain.tu-berlin.de", clnt_return=clnt_return@entry=0x7fb2eaeb9de8, auth_return=auth_return@entry=0x7fb2eaeb9d50, uid=uid@entry=0, cred=cred@entry=0x0, authtype=0) at gssd_proc.c:352
        rpc_clnt = 0x0
        sec = {mech = 0x56233fffc590 <krb5oid>, qop = 0, svc = RPCSEC_GSS_SVC_NONE, cred = 0x7fb2dc000d60, req_flags = 2}
        auth = 0x0
        retval = -1
        min_stat = 256
        rpc_errmsg = '\000' <repeats 13 times>, "\001\000\000c\343\000\333@'\243\001\214\002\236ROO\257\303\351\267]<\033\236\250̺ \215\210o=o\316_]\v\266\301\207\307\313\377S\236\353\262\177\000\000c\301\207-\204\\\223\226\024\320E\347\025\307\021`0\314\340B\020'B\370\252\300\327Ɣ\000b3\341\064\r\320\315ۻ\026z\261\035@|⌁\023s\322&e\365\377S\236\353\262\177\000\000\347\351\233\022F\210[\274}!\225\252\213\260\377\343\016\267>$(\261:\313<ޖ\322F\314ᯨi\367\032\255\306\306Ja\203\355&\253\000\064\271M\023\026\243\266c\334\313\000\242\066p\361K\361$\320\357-\366\026)\240\063\320\f\000ܲ\177\000\000\260k"...
        protocol = 6
        timeout = {tv_sec = -418240567167153622, tv_usec = 6354052107285749079}
        addr = 0x5623410090f8
        salen = <optimized out>
#1  0x000056233fff09f8 in krb5_use_machine_creds (clp=clp@entry=0x562341008fa0, uid=uid@entry=0, tgtname=tgtname@entry=0x562341011c8f "host@client.domain.tu-berlin.de", service=service@entry=0x562341011cb5 "nfs", rpc_clnt=rpc_clnt@entry=0x7fb2eaeb9de8) at gssd_proc.c:558
        min_stat = 0
        auth = 0x0
        credlist = 0x7fb2dc02a910
        ccname = 0x7fb2dc02a910
        nocache = <optimized out>
        success = 0
#2  0x000056233fff0b92 in process_krb5_upcall (clp=clp@entry=0x562341008fa0, uid=uid@entry=0, fd=11, tgtname=tgtname@entry=0x562341011c8f "host@client.domain.tu-berlin.de", service=service@entry=0x562341011cb5 "nfs") at gssd_proc.c:646
        rpc_clnt = 0x0
        auth = <optimized out>
        pd = {pd_ctx = 0x0, pd_ctx_hndl = {length = 0, value = 0x0}, pd_seq_win = 0}
        token = {length = 0, value = 0x0}
        err = 1090591864
        downcall_err = -13
        maj_stat = <optimized out>
        min_stat = 1090560944
        lifetime_rec = 22051
        gacceptor = 0x0
        mech = 0x7fb2dc000020
        acceptor = {length = 0, value = 0x0}
#3  0x000056233fff13b3 in handle_gssd_upcall (info=0x562341011c70) at gssd_proc.c:805
        clp = 0x562341008fa0
        uid = 0
        p = 0x562341011c87 ""
        mech = <optimized out>
        uidstr = <optimized out>
        target = 0x562341011c8f "host@client.domain.tu-berlin.de"
        service = 0x562341011cb5 "nfs"
        enctypes = 0x562341011cc2 "18,17,16,23,3,1,2"
        upcall_str = 0x7fb2dc001000 "mech=krb5 uid=0 target=host@client.domain.tu-berlin.de service=nfs enctypes=18,17,16,23,3,1,2 "
        pbuf = 0x0
        __func__ = "handle_gssd_upcall"
#4  0x00007fb2eb8dbfa3 in start_thread (arg=<optimized out>) at pthread_create.c:486
        ret = <optimized out>
        pd = <optimized out>
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140406422218496, 1116452640567996153, 140736109338078, 140736109338079, 140406422218496, 94709414435248, -1145117077261373703, -1145118435554349319}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
#5  0x00007fb2eb80c4cf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
No locals.

(gdb) thread apply all bt full

Thread 2 (Thread 0x7fb2eb6d9740 (LWP 6356)):
#0  0x00007fb2eb801819 in __GI___poll (fds=fds@entry=0x7fffadcdb658, nfds=nfds@entry=1, timeout=5000, timeout@entry=<error reading variable: That operation is not available on integers of more than 8 bytes.>) at ../sysdeps/unix/sysv/linux/poll.c:29
        resultvar = 18446744073709551100
        sc_cancel_oldtype = 0
        sc_ret = <optimized out>
#1  0x00007fb2eb6e7207 in send_dg (ansp2_malloced=<optimized out>, resplen2=<optimized out>, anssizp2=<optimized out>, ansp2=<optimized out>, anscp=<optimized out>, gotsomewhere=<synthetic pointer>, v_circuit=<synthetic pointer>, ns=<optimized out>, terrno=0x7fffadcdb618, anssizp=0x7fffadcdb750, 
    ansp=0x7fffadcdb608, buflen2=<optimized out>, buf2=<optimized out>, buflen=<optimized out>, buf=<optimized out>, statp=<optimized out>) at res_send.c:1112
        hp = <optimized out>
        from = {sin6_family = 6512, sin6_port = 16641, sin6_flowinfo = 22051, sin6_addr = {__in6_u = {__u6_addr8 = "\353Hn\353\262\177\000\000h\r\000\000\000\000\000", __u6_addr16 = {18667, 60270, 32690, 0, 3432, 0, 0, 0}, __u6_addr32 = {3949873387, 32690, 3432, 0}}}, sin6_scope_id = 3951866528}
        seconds = <optimized out>
        retval = <optimized out>
        recvresp1 = <optimized out>
        n = <optimized out>
        single_request_reopen = <optimized out>
        recvresp2 = <optimized out>
        timeout = {tv_sec = 5, tv_nsec = 0}
        save_gotsomewhere = <optimized out>
        hp2 = <optimized out>
        finish = {tv_sec = <optimized out>, tv_nsec = 56066000}
        pfd = {{fd = 25, events = 1, revents = 0}}
        resplen = 0
        single_request = <optimized out>
        now = {tv_sec = 1593078368, tv_nsec = 56066000}
        ptimeout = <optimized out>
        need_recompute = 0
        nwritten = <optimized out>
        hp = <optimized out>
        hp2 = <optimized out>
        now = <optimized out>
        timeout = <optimized out>
        finish = <optimized out>
        pfd = <optimized out>
        ptimeout = <optimized out>
        from = <optimized out>
        resplen = <optimized out>
        n = <optimized out>
        seconds = <optimized out>
        single_request_reopen = <optimized out>
        single_request = <optimized out>
        save_gotsomewhere = <optimized out>
        retval = <optimized out>
        need_recompute = <optimized out>
        nwritten = <optimized out>
        recvresp1 = <optimized out>
        recvresp2 = <optimized out>
        __PRETTY_FUNCTION__ = "send_dg"
        iov = <optimized out>
        iov2 = <optimized out>
        reqs = <optimized out>
        ndg = <optimized out>
        sr = <optimized out>
        thisanssizp = <optimized out>
        thisansp = <optimized out>
        thisresplenp = <optimized out>
        anhp = <optimized out>
        fromlen = <optimized out>
        newp = <optimized out>
#2  __res_context_send (ctx=ctx@entry=0x562341011970, buf=buf@entry=0x7fffadcdb780 "\222M\001", buflen=buflen@entry=46, buf2=buf2@entry=0x0, buflen2=buflen2@entry=0, ans=<optimized out>, ans@entry=0x7fffadcdb980 "d\253\205\200", anssiz=<optimized out>, ansp=<optimized out>, ansp2=<optimized out>, 
    nansp2=<optimized out>, resplen2=<optimized out>, ansp2_malloced=<optimized out>) at res_send.c:519
        ns = <optimized out>
        ns_shift = <optimized out>
        statp = <optimized out>
        gotsomewhere = <optimized out>
        terrno = 110
        try = <optimized out>
        v_circuit = 0
        resplen = <optimized out>
        n = <optimized out>
        ns_offset = <optimized out>
#3  0x00007fb2eb6e4c43 in __GI___res_context_query (ctx=ctx@entry=0x562341011970, name=name@entry=0x7fffadcdbdf0 "135.115.149.130.in-addr.arpa", class=class@entry=1, type=type@entry=12, answer=0x7fffadcdb980 "d\253\205\200", anslen=anslen@entry=1024, answerp=0x7fffadcdbde8, answerp2=0x0, nanswerp2=0x0, 
    resplen2=0x0, answerp2_malloced=0x0) at res_query.c:216
        statp = 0x7fb2eb8d2900 <_res>
        hp = 0x7fffadcdb980
        hp2 = <optimized out>
        n = <optimized out>
        use_malloc = 0
        bufsize = <optimized out>
        buf = 0x7fffadcdb780 "\222M\001"
        query1 = 0x7fffadcdb780 "\222M\001"
--Type <RET> for more, q to quit, c to continue without paging--
        nquery1 = <optimized out>
        query2 = 0x0
        nquery2 = 0
        __PRETTY_FUNCTION__ = "__res_context_query"
#4  0x00007fb2eb6bf536 in __GI__nss_dns_gethostbyaddr2_r (addr=<optimized out>, len=<optimized out>, af=<optimized out>, result=0x7fffadcdc390, buffer=0x7fffadcdc550 "\377\002", buflen=1024, errnop=0x7fb2eb6d96a0, h_errnop=0x7fffadcdc37c, ttlp=0x0) at nss_dns/dns-host.c:536
        mapped = "\000\000\000\000\000\000\000\000\000\000\377\377"
        tunnelled = '\000' <repeats 11 times>
        v6local = "\000\000\000\001"
        uaddr = <optimized out>
        host_data = 0x7fffadcdc550
        host_buffer = {buf = 0x7fffadcdb980, ptr = 0x7fffadcdb980 "d\253\205\200"}
        orig_host_buffer = 0x7fffadcdb980
        qbuf = "135.115.149.130.in-addr.arpa", '\000' <repeats 188 times>...
        qp = <optimized out>
        size = <optimized out>
        n = <optimized out>
        status = <optimized out>
        olderr = 22
        pad = 0
        ctx = 0x562341011970
#5  0x00007fb2eb6bf823 in _nss_dns_gethostbyaddr_r (addr=<optimized out>, len=<optimized out>, af=<optimized out>, result=<optimized out>, buffer=<optimized out>, buflen=<optimized out>, errnop=0x7fb2eb6d96a0, h_errnop=0x7fffadcdc37c) at nss_dns/dns-host.c:576
No locals.
#6  0x00007fb2eb81dee2 in __gethostbyaddr_r (addr=addr@entry=0x5623410090fc, len=len@entry=4, type=type@entry=2, resbuf=resbuf@entry=0x7fffadcdc390, buffer=<optimized out>, buflen=<optimized out>, result=<optimized out>, h_errnop=<optimized out>) at ../nss/getXXbyYY_r.c:315
        startp_initialized = true
        startp = 0xa338ee3dbe5a2ef9
        start_fct = 0xf01bb91bcc7a2ef9
        nip = 0x562340ffdef0
        do_merge = 0
        mergegrp = <optimized out>
        mergebuf = 0x0
        endptr = 0x0
        fct = {l = 0x7fb2eb6bf810 <_nss_dns_gethostbyaddr_r>, ptr = 0x7fb2eb6bf810 <_nss_dns_gethostbyaddr_r>}
        no_more = 0
        err = <optimized out>
        status = NSS_STATUS_UNAVAIL
        nscd_status = <optimized out>
        any_service = true
        res_ctx = <optimized out>
        res = <optimized out>
#7  0x00007fb2eb8267d5 in gni_host_inet_name (addrlen=<optimized out>, flags=8, hostlen=1025, host=0x7fffadcdc9d0 "client.domain.tu-berlin.de", sa=0x5623410090f8, tmpbuf=0x7fffadcdc540) at ../include/scratch_buffer.h:101
        sinp = <optimized out>
        herrno = 1
        th = {h_name = 0x7fffadcdc578 "ip6-allrouters", h_aliases = 0x7fffadcdc5a0, h_addrtype = 2, h_length = 4, h_addr_list = 0x7fffadcdc560}
        h = 0x0
        herrno = <optimized out>
        th = <optimized out>
        h = <optimized out>
        sin6p = <optimized out>
        sinp = <optimized out>
        c = <optimized out>
        do_idn = <optimized out>
        h_name = <optimized out>
        len = <optimized out>
        rc = <optimized out>
#8  gni_host_inet (addrlen=<optimized out>, flags=8, hostlen=1025, host=0x7fffadcdc9d0 "client.domain.tu-berlin.de", sa=0x5623410090f8, tmpbuf=0x7fffadcdc540) at getnameinfo.c:367
        result = <optimized out>
#9  gni_host (addrlen=<optimized out>, flags=8, hostlen=1025, host=0x7fffadcdc9d0 "client.domain.tu-berlin.de", sa=0x5623410090f8, tmpbuf=0x7fffadcdc540) at getnameinfo.c:409
No locals.
#10 __GI_getnameinfo (sa=0x5623410090f8, addrlen=<optimized out>, host=0x7fffadcdc9d0 "client.domain.tu-berlin.de", hostlen=1025, serv=0x0, servlen=0, flags=8) at getnameinfo.c:523
        result = <optimized out>
        tmpbuf = {data = 0x7fffadcdc550, length = 1024, __space = {__align = {__max_align_ll = 767, __max_align_ld = 5.13011199855208963934e-4937}, 
            __c = "\377\002", '\000' <repeats 13 times>, "\002P\305ͭ\377\177", '\000' <repeats 11 times>, "f02::2\000ip6-allrouters\000\000calhost\000ip6-loopback\000\000ap\202\305ͭ\377\177\000\000\220\305ͭ\377\177\000\000\000\000\000\000\000\000\000\000\064\306ͭ\377\177\000\000\260\310ͭ\377\177\000\000\200\035\211\353\262\177\000\000`\311ͭ\377\177\000\000\260\311ͭ\377\177\000\000P\316ͭ\377\177\000\000穂\353\262\177\000\000\000\315ͭ\377\177\000\000P\316ͭ\377\177\000\000\260\310ͭ\377\177\000\000\002", '\000' <repeats 15 times>, "\202W\177\353\262\177\000\000\000\000\000\000\000\000\000\000"...}}
#11 0x000056233ffef455 in gssd_get_servername (name=<optimized out>, sa=0x5623410090f8, addr=0x562341010e50 "130.149.115.135") at gssd.c:225
        addrlen = <optimized out>
        err = <optimized out>
        hbuf = "client.domain.tu-berlin.de\000\000\000lin.de\000\000\000\060\000\000\000\354\306\317\353\262\177\000\000\000\000\000\000\000\000\000\000\353\001\000\000\000\000\000\000\000U\217\353\262\177\000\000\001\000\000\000\000\000\000\000\200Rq\353\262\177\000\000\364\312\317\353\262\177\000\000\353\001\000\000\000\000\000\000\346\370|\353\262\177\000\000\000U\217\353\262\177\000\000\001\000\000\000\000\000\000\000\260\314ͭ\377\177\000\000@\273\214\353\262\177\000\000g\314ͭ\377\177\000\000\060\316\377@#V\000\000\356\037\000\000\000\000\000\000\241\254\376?#V\000\000\233\326\067\314\v\000\000\000\005\313ͭ\377\177\000\000\001\000\000\000\000\000\000\000\220\313ͭ"...
        buf = "\202\225s\207#V\000\000\000\000\000\000\000\000\000"
#12 0x000056233ffef82c in gssd_read_service_info (clp=0x562341008fa0, dirfd=11) at gssd.c:326
        server = 0x562340ffc5f0 "130.149.115.135"
        fd = <optimized out>
        info = 0x562340ffa790
        numfields = <optimized out>
        servername = 0x0
        service = 0x562341010d80 "nfs4_cb"
        program = 1073741824
        version = 1
        address = 0x562341010e50 "130.149.115.135"
--Type <RET> for more, q to quit, c to continue without paging--
        protoname = 0x562341011900 "tcp"
        port = 0x562341011860 "41205"
        fd = <optimized out>
        info = <optimized out>
        numfields = <optimized out>
        server = <optimized out>
        service = <optimized out>
        program = <optimized out>
        version = <optimized out>
        address = <optimized out>
        protoname = <optimized out>
        port = <optimized out>
        servername = <optimized out>
#13 gssd_scan_clnt (clp=0x562341008fa0) at gssd.c:551
        clntfd = 11
        gssd_was_closed = <optimized out>
        krb5_was_closed = <optimized out>
#14 0x000056233fff01d0 in gssd_create_clnt (name=0x7fffadcdced0 "clnt50f", tdi=0x562340ffe490) at gssd.c:568
        clp = <optimized out>
        clp = <optimized out>
#15 gssd_inotify_topdir (ev=0x7fffadcdcec0, tdi=0x562340ffe490) at gssd.c:709
No locals.
#16 gssd_inotify_cb (ifd=8, UNUSED_which=<optimized out>, UNUSED_data=<optimized out>) at gssd.c:793
        buf = "\005\000\000\000\000\001\000@\000\000\000\000\020\000\000\000clnt50f\000\000\000\000\000\000\000\000\000K\000\000\000\000\200\000\000\000\000\000\000\000\000\000\000gssd", '\000' <repeats 12 times>, "I\000\000\000\000\002\000\000\000\000\000\000\020\000\000\000info", '\000' <repeats 12 times>, "\005\000\000\000\000\001\000@\000\000\000\000\020\000\000\000clnt50d\000\000\000\000\000\000\000\000\000\070\070.167.149.130.in-addr.arpa\000\377\177\000\000\324\317ͭ\377\177\000\000\236\353\202\353\262\177\000\000\000\000\000\000\000\000\000\000\350\306k\353\262\177\000\000\370\302k\353\262\177\000\000 "...
        ev = 0x7fffadcdcec0
        len = <optimized out>
        ptr = 0x7fffadcdcec0 "\005"
        rescan = <optimized out>
        tdi = 0x562340ffe490
        clp = <optimized out>
#17 0x00007fb2ebab49ba in event_persist_closure (ev=<optimized out>, base=0x562340ffd410) at event.c:1580
        evcb_fd = <optimized out>
        evcb_callback = <optimized out>
        evcb_res = 2
        evcb_arg = 0x0
        evcb_callback = <optimized out>
        evcb_fd = <optimized out>
        evcb_res = <optimized out>
        evcb_arg = <optimized out>
        run_at = <optimized out>
        relative_to = <optimized out>
        delay = <optimized out>
        now = <optimized out>
        usec_mask = <optimized out>
#18 event_process_active_single_queue (base=base@entry=0x562340ffd410, activeq=0x562340ffd050, max_to_process=max_to_process@entry=2147483647, endtime=endtime@entry=0x0) at event.c:1639
        ev = <optimized out>
        evcb = <optimized out>
        count = 1
        __func__ = "event_process_active_single_queue"
#19 0x00007fb2ebab5537 in event_process_active (base=0x562340ffd410) at event.c:1738
        activeq = <optimized out>
        i = 0
        c = 0
        tv = {tv_sec = 94709414344352, tv_usec = 94709397571904}
        maxcb = <optimized out>
        endtime = 0x0
        limit_after_prio = 2147483647
        activeq = <optimized out>
        i = <optimized out>
        c = <optimized out>
        endtime = <optimized out>
        tv = <optimized out>
        maxcb = <optimized out>
        limit_after_prio = <optimized out>
#20 event_base_loop (base=0x562340ffd410, flags=<optimized out>) at event.c:1961
        n = <optimized out>
        evsel = 0x7fb2ebce5dc0 <epollops>
        tv = {tv_sec = 94709397548095, tv_usec = 94709414362848}
        tv_p = <optimized out>
        res = <optimized out>
        done = 0
        retval = 0
        __func__ = "event_base_loop"
#21 0x000056233ffedeaa in main (argc=<optimized out>, argv=0x7fffadcde1e8) at gssd.c:1006
        fg = 0
        verbosity = 7
        rpc_verbosity = 7
        opt = <optimized out>
        i = <optimized out>
--Type <RET> for more, q to quit, c to continue without paging--
        progname = <optimized out>
        ccachedir = <optimized out>
        sighup_ev = {ev_evcallback = {evcb_active_next = {tqe_next = 0x7fffadd76268, tqe_prev = 0x7fb2ebd1c730}, evcb_flags = 130, evcb_pri = 0 '\000', evcb_closure = 1 '\001', evcb_cb_union = {evcb_callback = 0x56233fff0260 <gssd_scan_cb>, evcb_selfcb = 0x56233fff0260 <gssd_scan_cb>, 
              evcb_evfinalize = 0x56233fff0260 <gssd_scan_cb>, evcb_cbfinalize = 0x56233fff0260 <gssd_scan_cb>}, evcb_arg = 0x0}, ev_timeout_pos = {ev_next_with_common_timeout = {tqe_next = 0xffffffff, tqe_prev = 0x0}, min_heap_idx = -1}, ev_fd = 1, ev_base = 0x562340ffd410, ev_ = {ev_io = {ev_io_next = {
                le_next = 0x0, le_prev = 0x562340ffcf50}, ev_timeout = {tv_sec = 140736109281280, tv_usec = 0}}, ev_signal = {ev_signal_next = {le_next = 0x0, le_prev = 0x562340ffcf50}, ev_ncalls = 0, ev_pncalls = 0x0}}, ev_events = 24, ev_res = 0, ev_timeout = {tv_sec = 0, tv_usec = 94709397543957}}

Thread 1 (Thread 0x7fb2eaeba700 (LWP 14174)):
#0  0x000056233fff038e in create_auth_rpc_client (clp=clp@entry=0x562341008fa0, tgtname=tgtname@entry=0x562341011c8f "host@client.domain.tu-berlin.de", clnt_return=clnt_return@entry=0x7fb2eaeb9de8, auth_return=auth_return@entry=0x7fb2eaeb9d50, uid=uid@entry=0, cred=cred@entry=0x0, authtype=0) at gssd_proc.c:352
        rpc_clnt = 0x0
        sec = {mech = 0x56233fffc590 <krb5oid>, qop = 0, svc = RPCSEC_GSS_SVC_NONE, cred = 0x7fb2dc000d60, req_flags = 2}
        auth = 0x0
        retval = -1
        min_stat = 256
        rpc_errmsg = '\000' <repeats 13 times>, "\001\000\000c\343\000\333@'\243\001\214\002\236ROO\257\303\351\267]<\033\236\250̺ \215\210o=o\316_]\v\266\301\207\307\313\377S\236\353\262\177\000\000c\301\207-\204\\\223\226\024\320E\347\025\307\021`0\314\340B\020'B\370\252\300\327Ɣ\000b3\341\064\r\320\315ۻ\026z\261\035@|⌁\023s\322&e\365\377S\236\353\262\177\000\000\347\351\233\022F\210[\274}!\225\252\213\260\377\343\016\267>$(\261:\313<ޖ\322F\314ᯨi\367\032\255\306\306Ja\203\355&\253\000\064\271M\023\026\243\266c\334\313\000\242\066p\361K\361$\320\357-\366\026)\240\063\320\f\000ܲ\177\000\000\260k"...
        protocol = 6
        timeout = {tv_sec = -418240567167153622, tv_usec = 6354052107285749079}
        addr = 0x5623410090f8
        salen = <optimized out>
#1  0x000056233fff09f8 in krb5_use_machine_creds (clp=clp@entry=0x562341008fa0, uid=uid@entry=0, tgtname=tgtname@entry=0x562341011c8f "host@client.domain.tu-berlin.de", service=service@entry=0x562341011cb5 "nfs", rpc_clnt=rpc_clnt@entry=0x7fb2eaeb9de8) at gssd_proc.c:558
        min_stat = 0
        auth = 0x0
        credlist = 0x7fb2dc02a910
        ccname = 0x7fb2dc02a910
        nocache = <optimized out>
        success = 0
#2  0x000056233fff0b92 in process_krb5_upcall (clp=clp@entry=0x562341008fa0, uid=uid@entry=0, fd=11, tgtname=tgtname@entry=0x562341011c8f "host@client.domain.tu-berlin.de", service=service@entry=0x562341011cb5 "nfs") at gssd_proc.c:646
        rpc_clnt = 0x0
        auth = <optimized out>
        pd = {pd_ctx = 0x0, pd_ctx_hndl = {length = 0, value = 0x0}, pd_seq_win = 0}
        token = {length = 0, value = 0x0}
        err = 1090591864
        downcall_err = -13
        maj_stat = <optimized out>
        min_stat = 1090560944
        lifetime_rec = 22051
        gacceptor = 0x0
        mech = 0x7fb2dc000020
        acceptor = {length = 0, value = 0x0}
#3  0x000056233fff13b3 in handle_gssd_upcall (info=0x562341011c70) at gssd_proc.c:805
        clp = 0x562341008fa0
        uid = 0
        p = 0x562341011c87 ""
        mech = <optimized out>
        uidstr = <optimized out>
        target = 0x562341011c8f "host@client.domain.tu-berlin.de"
        service = 0x562341011cb5 "nfs"
        enctypes = 0x562341011cc2 "18,17,16,23,3,1,2"
        upcall_str = 0x7fb2dc001000 "mech=krb5 uid=0 target=host@client.domain.tu-berlin.de service=nfs enctypes=18,17,16,23,3,1,2 "
        pbuf = 0x0
        __func__ = "handle_gssd_upcall"
#4  0x00007fb2eb8dbfa3 in start_thread (arg=<optimized out>) at pthread_create.c:486
        ret = <optimized out>
        pd = <optimized out>
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140406422218496, 1116452640567996153, 140736109338078, 140736109338079, 140406422218496, 94709414435248, -1145117077261373703, -1145118435554349319}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
#5  0x00007fb2eb80c4cf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
No locals.


Remark: The additonal command line parameters only being used in order to debug the segfaults via syslog. The segfaults are completely idependent of these parameters. Putting the timeout switches "-T" and "-t" seems to "cure" the problem a little bit and lessens the number of segfault hits per day.

For backtracing purposes, these packages were installed explicitly:
systemd-coredump 
debian-goodies libipc-system-simple-perl libfile-which-perl elfutils dctrl-tools 
libcom-err2-dbgsym libevent-2.1-6-dbgsym nfs-common-dbgsym


Furthermore, system journal shows the following (most interesting part framed by hashtags) debug messages from RPC stack:

Jun 25 11:46:08 server rpcbind[14166]: connect from 130.149.115.135 to null()
Jun 25 11:46:08 server rpcbind[14167]: connect from 130.149.115.135 to getport/addr(nfs)
Jun 25 11:46:08 server rpcbind[14168]: connect from 130.149.115.135 to null()
Jun 25 11:46:08 server rpcbind[14169]: connect from 130.149.115.135 to getport/addr(nfs)
Jun 25 11:46:08 server rpcbind[14170]: connect from 130.149.115.135 to null()
Jun 25 11:46:08 server rpcbind[14171]: connect from 130.149.115.135 to getport/addr(nfs)
Jun 25 11:46:08 server rpcbind[14172]: connect from 130.149.115.135 to null()
Jun 25 11:46:08 server rpcbind[14173]: connect from 130.149.115.135 to getport/addr(nfs)
Jun 25 11:46:08 server rpc.svcgssd[19640]: leaving poll
Jun 25 11:46:08 server rpc.svcgssd[19640]: handling null request
Jun 25 11:46:08 server rpc.svcgssd[19640]: svcgssd_limit_krb5_enctypes: Calling gss_set_allowable_enctypes with 7 enctypes from the kernel
Jun 25 11:46:08 server rpc.svcgssd[19640]: sname = host/client.domain.tu-berlin.de@TU-BERLIN.DE
Jun 25 11:46:08 server rpc.svcgssd[19640]: nfs4_gss_princ_to_ids: calling nsswitch->princ_to_ids
Jun 25 11:46:08 server rpc.svcgssd[19640]: nss_getpwnam: name 'host/client.domain.tu-berlin.de@TU-BERLIN.DE' domain '(null)': resulting localname 'host/client.domain.tu-berlin.de'
Jun 25 11:46:08 server rpc.svcgssd[19640]: nss_ldap: reconnecting to LDAP server...
Jun 25 11:46:08 server rpc.svcgssd[19640]: nss_ldap: reconnected to LDAP server ldaps://ldap-slaves.tu-berlin.de after 1 attempt
Jun 25 11:46:08 server rpc.svcgssd[19640]: nfs4_gss_princ_to_ids: nsswitch->princ_to_ids returned -2
Jun 25 11:46:08 server rpc.svcgssd[19640]: nfs4_gss_princ_to_ids: final return value is -2
Jun 25 11:46:08 server rpc.svcgssd[19640]: DEBUG: serialize_krb5_ctx: lucid version!
Jun 25 11:46:08 server rpc.svcgssd[19640]: prepare_krb5_rfc4121_buffer: protocol 1
Jun 25 11:46:08 server rpc.svcgssd[19640]: prepare_krb5_rfc4121_buffer: serializing key with enctype 18 and size 32
Jun 25 11:46:08 server rpc.svcgssd[19640]: doing downcall
Jun 25 11:46:08 server rpc.svcgssd[19640]: mech: krb5, hndl len: 4, ctx len 52, timeout: 1593108198 (29830 from now), clnt: host@client.domain.tu-berlin.de, uid: -1, gid: -1, num aux grps: 0:
Jun 25 11:46:08 server rpc.svcgssd[19640]: sending null reply
Jun 25 11:46:08 server rpc.svcgssd[19640]: writing message: \x \x608202cf06092a864886f71201020201006e8202be308202baa003020105a10302010ea20703050020000000a3820194618201903082018ca003020105a10e1b0c54552d4245524c494e2e4445a2273025a003020103a11e
Jun 25 11:46:08 server rpc.svcgssd[19640]: finished handling null request
Jun 25 11:46:08 server rpc.svcgssd[19640]: entering poll
Jun 25 11:46:08 server rpc.gssd[6356]: inotify event for topdir (nfsd4_cb) - ev->wd (5) ev->name (clnt50e) ev->mask (0x40000100)
Jun 25 11:46:08 server rpc.gssd[6356]: 
                                    handle_gssd_upcall: 'mech=krb5 uid=0 target=host@client.domain.tu-berlin.de service=nfs enctypes=18,17,16,23,3,1,2 ' (nfsd4_cb/clnt50e)
Jun 25 11:46:08 server rpc.gssd[6356]: krb5_use_machine_creds: uid 0 tgtname host@client.domain.tu-berlin.de
Jun 25 11:46:08 server rpc.gssd[6356]: inotify event for clntdir (nfsd4_cb/clnt50e) - ev->wd (75) ev->name (krb5) ev->mask (0x00000200)
Jun 25 11:46:08 server rpc.gssd[6356]: inotify event for clntdir (nfsd4_cb/clnt50e) - ev->wd (75) ev->name (gssd) ev->mask (0x00000200)
Jun 25 11:46:08 server rpc.gssd[6356]: inotify event for clntdir (nfsd4_cb/clnt50e) - ev->wd (75) ev->name (info) ev->mask (0x00000200)
Jun 25 11:46:08 server rpc.gssd[6356]: inotify event for clntdir (nfsd4_cb/clnt50e) - ev->wd (75) ev->name (<?>) ev->mask (0x00008000)
Jun 25 11:46:08 server rpc.gssd[6356]: inotify event for topdir (nfsd4_cb) - ev->wd (5) ev->name (clnt50f) ev->mask (0x40000100)
Jun 25 11:46:08 server rpc.gssd[6356]: Full hostname for '' is 'client.domain.tu-berlin.de'
Jun 25 11:46:08 server rpc.gssd[6356]: Full hostname for 'server.domain.tu-berlin.de' is 'server.domain.tu-berlin.de'
Jun 25 11:46:08 server rpc.gssd[6356]: Success getting keytab entry for 'nfs/server.domain.tu-berlin.de@TU-BERLIN.DE'
Jun 25 11:46:08 server rpc.gssd[6356]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_TU-BERLIN.DE' are good until 1593101766
Jun 25 11:46:08 server rpc.gssd[6356]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_TU-BERLIN.DE' are good until 1593101766
###############################################
Jun 25 11:46:08 server rpc.gssd[6356]: creating (null) client for server (null)
Jun 25 11:46:08 all kernel: rpc.gssd[14174]: segfault at 0 ip 000056233fff038e sp 00007fb2eaeb9880 error 4 in rpc.gssd[56233ffed000+9000]
Jun 25 11:46:08 all kernel: Code: 00 00 41 89 c4 48 8d 35 b8 6b 00 00 31 c0 e8 b9 eb ff ff 48 8b 73 40 b9 04 00 00 00 48 8d 3d a1 6a 00 00 0f b7 93 58 01 00 00 <f3> a6 0f 97 c0 1c 00 0f be c0 83 f8 01 45 19 ff 41 83 e7 0b 41 83
###############################################
Jun 25 11:46:08 server rpc.svcgssd[19640]: leaving poll
Jun 25 11:46:08 server rpc.svcgssd[19640]: handling null request
Jun 25 11:46:08 server rpc.svcgssd[19640]: svcgssd_limit_krb5_enctypes: Calling gss_set_allowable_enctypes with 7 enctypes from the kernel
Jun 25 11:46:08 server rpc.svcgssd[19640]: sname = host/client.domain.tu-berlin.de@TU-BERLIN.DE
Jun 25 11:46:08 server rpc.svcgssd[19640]: nfs4_gss_princ_to_ids: calling nsswitch->princ_to_ids
Jun 25 11:46:08 server rpc.svcgssd[19640]: nss_getpwnam: name 'host/client.domain.tu-berlin.de@TU-BERLIN.DE' domain '(null)': resulting localname 'host/client.domain.tu-berlin.de'
Jun 25 11:46:08 server rpc.svcgssd[19640]: nfs4_gss_princ_to_ids: nsswitch->princ_to_ids returned -2
Jun 25 11:46:08 server rpc.svcgssd[19640]: nfs4_gss_princ_to_ids: final return value is -2
Jun 25 11:46:08 server rpc.svcgssd[19640]: DEBUG: serialize_krb5_ctx: lucid version!
Jun 25 11:46:08 server rpc.svcgssd[19640]: prepare_krb5_rfc4121_buffer: protocol 1
Jun 25 11:46:08 server rpc.svcgssd[19640]: prepare_krb5_rfc4121_buffer: serializing key with enctype 18 and size 32
Jun 25 11:46:08 server rpc.svcgssd[19640]: doing downcall
Jun 25 11:46:08 server rpc.svcgssd[19640]: mech: krb5, hndl len: 4, ctx len 52, timeout: 1593108198 (29830 from now), clnt: host@client.domain.tu-berlin.de, uid: -1, gid: -1, num aux grps: 0:
Jun 25 11:46:08 server rpc.svcgssd[19640]: sending null reply
Jun 25 11:46:08 server rpc.svcgssd[19640]: writing message: \x \x608202cf06092a864886f71201020201006e8202be308202baa003020105a10302010ea20703050020000000a3820194618201903082018ca003020105a10e1b0c54552d4245524c494e2e4445a2273025a003020103a11e
Jun 25 11:46:08 server rpc.svcgssd[19640]: finished handling null request
Jun 25 11:46:08 server rpc.svcgssd[19640]: entering poll
Jun 25 11:46:08 server rpc.svcgssd[19640]: leaving poll
Jun 25 11:46:08 server rpc.svcgssd[19640]: handling null request
Jun 25 11:46:08 server rpc.svcgssd[19640]: svcgssd_limit_krb5_enctypes: Calling gss_set_allowable_enctypes with 7 enctypes from the kernel
Jun 25 11:46:08 server rpc.svcgssd[19640]: sname = claurjec@TU-BERLIN.DE
Jun 25 11:46:08 server rpc.svcgssd[19640]: nfs4_gss_princ_to_ids: calling nsswitch->princ_to_ids
Jun 25 11:46:08 server rpc.svcgssd[19640]: nss_getpwnam: name 'claurjec@TU-BERLIN.DE' domain '(null)': resulting localname 'claurjec'
Jun 25 11:46:08 server rpc.svcgssd[19640]: nfs4_gss_princ_to_ids: nsswitch->princ_to_ids returned 0
Jun 25 11:46:08 server rpc.svcgssd[19640]: nfs4_gss_princ_to_ids: final return value is 0
Jun 25 11:46:08 server rpc.svcgssd[19640]: nfs4_gss_princ_to_grouplist: calling nsswitch->gss_princ_to_grouplist
Jun 25 11:46:08 server rpc.svcgssd[19640]: nss_getpwnam: name 'claurjec@TU-BERLIN.DE' domain '(null)': resulting localname 'claurjec'
Jun 25 11:46:08 all systemd[1]: Started Process Core Dump (PID 14175/UID 0).
Jun 25 11:46:08 server rpc.svcgssd[19640]: nfs4_gss_princ_to_grouplist: nsswitch->gss_princ_to_grouplist returned 0
Jun 25 11:46:08 server rpc.svcgssd[19640]: nfs4_gss_princ_to_grouplist: final return value is 0
Jun 25 11:46:08 server rpc.svcgssd[19640]: DEBUG: serialize_krb5_ctx: lucid version!
Jun 25 11:46:08 server rpc.svcgssd[19640]: prepare_krb5_rfc4121_buffer: protocol 1
Jun 25 11:46:08 server rpc.svcgssd[19640]: prepare_krb5_rfc4121_buffer: serializing key with enctype 18 and size 32
Jun 25 11:46:08 server rpc.svcgssd[19640]: doing downcall
Jun 25 11:46:08 server rpc.svcgssd[19640]: mech: krb5, hndl len: 4, ctx len 52, timeout: 1593108198 (29830 from now), clnt: <null>, uid: 17942, gid: 100, num aux grps: 5:
Jun 25 11:46:08 server rpc.svcgssd[19640]:   (   1) 100
Jun 25 11:46:08 server rpc.svcgssd[19640]:   (   2) 8959
Jun 25 11:46:08 server rpc.svcgssd[19640]:   (   3) 9477
Jun 25 11:46:08 server rpc.svcgssd[19640]:   (   4) 10395
Jun 25 11:46:08 server rpc.svcgssd[19640]:   (   5) 10568
Jun 25 11:46:08 server rpc.svcgssd[19640]: sending null reply
Jun 25 11:46:08 server rpc.svcgssd[19640]: writing message: \x \x6082029d06092a864886f71201020201006e82028c30820288a003020105a10302010ea20703050020000000a382017c6182017830820174a003020105a10e1b0c54552d4245524c494e2e4445a2273025a003020103a11e
Jun 25 11:46:08 server rpc.svcgssd[19640]: finished handling null request
Jun 25 11:46:08 server rpc.svcgssd[19640]: entering poll
Jun 25 11:46:08 server rpc.mountd[19637]: nss_ldap: reconnecting to LDAP server...
Jun 25 11:46:08 server rpc.mountd[19637]: nss_ldap: reconnected to LDAP server ldaps://ldap-slaves.tu-berlin.de after 1 attempt
Jun 25 11:46:08 all systemd[1]: rpc-gssd.service: Main process exited, code=killed, status=11/SEGV
Jun 25 11:46:08 all systemd[1]: rpc-gssd.service: Failed with result 'signal'.
Jun 25 11:46:09 all systemd-coredump[14176]: Process 6356 (rpc.gssd) of user 0 dumped core.
                                             
                                             Stack trace of thread 14174:
                                             #0  0x000056233fff038e n/a (rpc.gssd)
                                             #1  0x000056233fff09f8 n/a (rpc.gssd)
                                             #2  0x000056233fff0b92 n/a (rpc.gssd)
                                             #3  0x000056233fff13b3 n/a (rpc.gssd)
                                             #4  0x00007fb2eb8dbfa3 start_thread (libpthread.so.0)
                                             #5  0x00007fb2eb80c4cf __clone (libc.so.6)
                                             
                                             Stack trace of thread 6356:
                                             #0  0x00007fb2eb801819 __GI___poll (libc.so.6)
                                             #1  0x00007fb2eb6e7207 send_dg (libresolv.so.2)
                                             #2  0x00007fb2eb6e4c43 __GI___res_context_query (libresolv.so.2)
                                             #3  0x00007fb2eb6bf536 __GI__nss_dns_gethostbyaddr2_r (libnss_dns.so.2)
                                             #4  0x00007fb2eb6bf823 _nss_dns_gethostbyaddr_r (libnss_dns.so.2)
                                             #5  0x00007fb2eb81dee2 __gethostbyaddr_r (libc.so.6)
                                             #6  0x00007fb2eb8267d5 gni_host_inet_name (libc.so.6)
                                             #7  0x000056233ffef455 n/a (rpc.gssd)
                                             #8  0x000056233ffef82c n/a (rpc.gssd)
                                             #9  0x000056233fff01d0 n/a (rpc.gssd)
                                             #10 0x00007fb2ebab49ba n/a (libevent-2.1.so.6)
                                             #11 0x00007fb2ebab5537 event_base_loop (libevent-2.1.so.6)
                                             #12 0x000056233ffedeaa n/a (rpc.gssd)
                                             #13 0x00007fb2eb73709b __libc_start_main (libc.so.6)
                                             #14 0x000056233ffee03a n/a (rpc.gssd)
Jun 25 11:46:09 all systemd[1]: rpc-gssd.service: Service RestartSec=100ms expired, scheduling restart.
Jun 25 11:46:09 all systemd[1]: rpc-gssd.service: Scheduled restart job, restart counter is at 4.
Jun 25 11:46:09 all systemd[1]: systemd-coredump@2-14175-0.service: Succeeded.
Jun 25 11:46:09 all systemd[1]: Stopped RPC security service for NFS client and server.
Jun 25 11:46:09 all systemd[1]: Starting Preprocess NFS configuration...
Jun 25 11:46:09 all systemd[1]: nfs-config.service: Succeeded.
Jun 25 11:46:09 all systemd[1]: Started Preprocess NFS configuration.
Jun 25 11:46:09 all systemd[1]: Starting RPC security service for NFS client and server...
Jun 25 11:46:09 server rpc.gssd[14184]: libtirpc: debug level 7
Jun 25 11:46:09 server rpc.gssd[14185]: doing a full rescan
Jun 25 11:46:09 server rpc.gssd[14185]: 
                                     handle_gssd_upcall: 'mech=krb5 uid=0 target=host@client.domain.tu-berlin.de service=nfs enctypes=18,17,16,23,3,1,2 ' (nfsd4_cb/clnt50f)
Jun 25 11:46:09 server rpc.gssd[14185]: krb5_use_machine_creds: uid 0 tgtname host@client.domain.tu-berlin.de
Jun 25 11:46:09 all systemd[1]: Started RPC security service for NFS client and server.
Jun 25 11:46:09 server rpc.gssd[14185]: Full hostname for 'client.domain.tu-berlin.de' is 'client.domain.tu-berlin.de'
Jun 25 11:46:09 server rpc.gssd[14185]: Full hostname for 'server.domain.tu-berlin.de' is 'server.domain.tu-berlin.de'
Jun 25 11:46:09 server rpc.gssd[14185]: Success getting keytab entry for 'nfs/server.domain.tu-berlin.de@TU-BERLIN.DE'
Jun 25 11:46:09 server rpc.gssd[14185]: gssd_get_single_krb5_cred: principal 'nfs/server.domain.tu-berlin.de@TU-BERLIN.DE' ccache:'FILE:/tmp/krb5ccmachine_TU-BERLIN.DE'
Jun 25 11:46:09 server rpc.gssd[14185]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_TU-BERLIN.DE' are good until 1593114369
Jun 25 11:46:09 server rpc.gssd[14185]: creating tcp client for server client.domain.tu-berlin.de
Jun 25 11:46:09 server rpc.gssd[14185]: DEBUG: port already set to 41205
Jun 25 11:46:09 server rpc.gssd[14185]: creating context with server host@client.domain.tu-berlin.de
Jun 25 11:46:09 server rpc.gssd[14185]: in authgss_create_default()
Jun 25 11:46:09 server rpc.gssd[14185]: in authgss_create()
Jun 25 11:46:09 server rpc.gssd[14185]: authgss_create: name is 0x7f864800bc60
Jun 25 11:46:09 server rpc.gssd[14185]: authgss_create: gd->name is 0x7f8648009d80
Jun 25 11:46:09 server rpc.gssd[14185]: in authgss_refresh()
Jun 25 11:46:09 server rpc.gssd[14185]: gss_init_sec_context: Unspecified GSS failure.  Minor code may provide more information - KDC returned error string: NO PREAUTH
Jun 25 11:46:09 server rpc.gssd[14185]: authgss_create_default: freeing name 0x7f864800bc60
Jun 25 11:46:09 server rpc.gssd[14185]: WARNING: Failed to create krb5 context for user with uid 0 for server host@client.domain.tu-berlin.de
Jun 25 11:46:09 server rpc.gssd[14185]: WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_TU-BERLIN.DE for server client.domain.tu-berlin.de
Jun 25 11:46:09 server rpc.gssd[14185]: WARNING: Machine cache prematurely expired or corrupted trying to recreate cache for server client.domain.tu-berlin.de
Jun 25 11:46:09 server rpc.gssd[14185]: Full hostname for 'client.domain.tu-berlin.de' is 'client.domain.tu-berlin.de'
Jun 25 11:46:09 server rpc.gssd[14185]: Full hostname for 'server.domain.tu-berlin.de' is 'server.domain.tu-berlin.de'
Jun 25 11:46:09 server rpc.gssd[14185]: Success getting keytab entry for 'nfs/server.domain.tu-berlin.de@TU-BERLIN.DE'
Jun 25 11:46:09 server rpc.gssd[14185]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_TU-BERLIN.DE' are good until 1593114369
Jun 25 11:46:09 server rpc.gssd[14185]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_TU-BERLIN.DE' are good until 1593114369
Jun 25 11:46:09 server rpc.gssd[14185]: creating tcp client for server client.domain.tu-berlin.de
Jun 25 11:46:09 server rpc.gssd[14185]: DEBUG: port already set to 41205
Jun 25 11:46:09 server rpc.gssd[14185]: creating context with server host@client.domain.tu-berlin.de
Jun 25 11:46:09 server rpc.gssd[14185]: in authgss_create_default()
Jun 25 11:46:09 server rpc.gssd[14185]: in authgss_create()
Jun 25 11:46:09 server rpc.gssd[14185]: authgss_create: name is 0x7f8648003170
Jun 25 11:46:09 server rpc.gssd[14185]: authgss_create: gd->name is 0x7f86480060d0
Jun 25 11:46:09 server rpc.gssd[14185]: in authgss_refresh()
Jun 25 11:46:09 server rpc.gssd[14185]: gss_init_sec_context: Unspecified GSS failure.  Minor code may provide more information - KDC returned error string: NO PREAUTH
Jun 25 11:46:09 server rpc.gssd[14185]: authgss_create_default: freeing name 0x7f8648003170
Jun 25 11:46:09 server rpc.gssd[14185]: WARNING: Failed to create krb5 context for user with uid 0 for server host@client.domain.tu-berlin.de
Jun 25 11:46:09 server rpc.gssd[14185]: WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_TU-BERLIN.DE for server client.domain.tu-berlin.de
Jun 25 11:46:09 server rpc.gssd[14185]: ERROR: Failed to create machine krb5 context with any credentials cache for server client.domain.tu-berlin.de
Jun 25 11:46:09 server rpc.gssd[14185]: doing error downcall


As far as I see, there are two uncatched NULL pointers forcing rpc.gssd to segfault. Frankly spoken, I have no idea, where the NULL pointers are coming from. Saidly, the debugger shows a lot of  <optimized out> within the trace. 
What the heck about these mysterous '(null)' strings showing up in the syslog:
Jun 25 11:46:08 server rpc.gssd[6356]: creating (null) client for server (null)


For time to time, I observe binary crap instead of '(null)' strings in respective log messages of rpc.gssd:
Mar 09 10:11:07 server rpc.gssd[980]: creating  <C2><F8><87>^FV client for server x<AB><BD><A5><F1>^?

In cases of connection attemps without trouble, rpc.gssd logs the following:
Mar 09 10:11:07 server rpc.gssd[980]: creating tcp client for server client.domain.tu-berlin.de

In other cases, rpc.gssd experiences segfaults in libc:
Mar 08 14:08:06 server kernel: rpc.gssd[12104]: segfault at ffffffffffffffc0 ip 00007f03f16e16e4 sp 00007f03f0c1c0f8 error 5 in libc-2.24.so[7f03f1661000+195000]


Additonal information about system setup:

Debian_version: 10.4
Kernel Version: Linux all 4.19.0-9-amd64 #1 SMP Debian 4.19.118-2+deb10u1 (2020-06-07) x86_64 GNU/Linux
nfs-kernel-server: Version 1:1.3.4-2.5
libc6: Version 2.28-10 


Hope, anyone of the maintainers will care about fixing this segfault issue with Debian Buster.


Best and be firm
Sebastian


Sebastian Kraus
Team IT am Institut für Chemie
Gebäude C, Straße des 17. Juni 115, Raum C7

Technische Universität Berlin
Fakultät II
Institut für Chemie
Sekretariat C3
Straße des 17. Juni 135
10623 Berlin

Email: sebastian.kraus@tu-berlin.de

--- End Message ---

--- Begin Message ---

To: 963746-done@bugs.debian.org

Subject: Re: severity of 963746 is important, tagging 963746 ...

From: Salvatore Bonaccorso <carnil@debian.org>

Date: Tue, 14 Sep 2021 19:05:33 +0200

Message-id: <YUDWXWmkj2yr2+7E@eldamar.lan>

In-reply-to: <1593666429-970-bts-carnil@debian.org>

References: <1593666429-970-bts-carnil@debian.org>
Source: nfs-utils
Source-Version: 1:2.5.4-1~exp1

On Thu, Jul 02, 2020 at 07:07:09AM +0200, Salvatore Bonaccorso wrote:
> severity 963746 important
> tags 963746 + upstream
> forwarded 963746 https://lore.kernel.org/linux-nfs/406fe972135846dc8a23b60be59b0590@tu-berlin.de/

07e4e94bf57b ("gssd: Refcount struct clnt_info to protect multithread
usage") has been included upstream in nfs-utils-2-5-2-rc1.

Regards,
Salvatore
--- End Message ---

Reply to:

Prev by Date: Processed: closing 534416
Next by Date: Processed: forcibly merging 717890 993319
Previous by thread: Processed: closing 534416
Next by thread: Processed: forcibly merging 717890 993319
Index(es):
- Date
- Thread