https://bugzilla.redhat.com/show_bug.cgi?id=1868696
Bug ID: 1868696
Summary: sssd_kcm loops on NFS server occasionally after an
NFSv4.0 mount using Kerberos
Product: Fedora
Version: 32
Hardware: All
OS: Linux
Status: NEW
Component: sssd
Severity: high
Assignee: sssd-maintainers(a)lists.fedoraproject.org
Reporter: chuck.lever(a)oracle.com
QA Contact: extras-qa(a)fedoraproject.org
CC: abokovoy(a)redhat.com, atikhono(a)redhat.com,
jhrozek(a)redhat.com, lslebodn(a)redhat.com,
mzidek(a)redhat.com, pbrezina(a)redhat.com,
rharwood(a)redhat.com, sbose(a)redhat.com,
ssorce(a)redhat.com,
sssd-maintainers(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
Description of problem:
Multi-homed Fedora 32 NFS client and server, both with keytabs. Sometimes after
performing an NFSv4.0 mount, the sssd_kcm daemon on the server runs at 100% and
fills up the sssd_kcm.log file (and eventually, the root partition).
(2020-08-10 15:03:04:680265): [kcm] [kcm_input_parse] (0x1000): Received
message with length 0
(2020-08-10 15:03:04:680284): [kcm] [kcm_input_parse] (0x0020): Illegal
zero-length message
(2020-08-10 15:03:04:680302): [kcm] [kcm_recv] (0x0010): Failed to parse
data (74, Bad message), aborting client
(2020-08-10 15:03:04:680319): [kcm] [kcm_reply_error] (0x0040): KCM
operation returs failure [74]: Bad message
(2020-08-10 15:03:04:680353): [kcm] [kcm_failbuf_construct] (0x1000): Sent
reply with error -1765328188
Version-Release number of selected component (if applicable):
sssd-kcm-2.3.1-2.fc32.x86_64
How reproducible:
Happens every second or third mount operation.
Steps to Reproduce:
1. Set up NFS client and server with keytabs
2. Repeat: "mount -o vers=4.0,sec=sys" / do some operations / umount
3. Watch the server with "top"
Actual results:
Sometimes sssd_kcm goes to 100% of a CPU and must be killed.
Expected results:
No looping.
Additional info:
The NFSv4.0 backchannel, in this case, is secured with GSS krb5i. It appears
that gssd on the server is accessing the Kerberos ticket cache while setting up
the backchannel, and sometimes this triggers the kcm loop.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.