RHEL7: rpc.idmapd crashes in the kernel with stack-protector: Kernel stack is corrupted in: ffffffffa05b8a8c
Issue
Suddenly all machines seem to be panicing with rpc.idmapd with a stack corruption in idmap_pipe_downcall
[11558053.616565] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffffa05b8a8c
[11558053.639063] CPU: 6 PID: 9423 Comm: rpc.idmapd Tainted: G W ------------ T 3.10.0-514.el7.x86_64 #1
[11558053.641990] Hardware name: Red Hat OpenStack Compute, BIOS 1.10.2-3.el7_4.1 04/01/2014
[11558053.644462] ffffffff818c7bc0 00000000b1f3aec1 ffff880de0f9bd48 ffffffff81685eac
[11558053.646430] ffff880de0f9bdc8 ffffffff8167f2b3 ffffffff00000010 ffff880de0f9bdd8
[11558053.648313] ffff880de0f9bd78 00000000b1f3aec1 ffffffff811dcb03 ffffffffa05b8a8c
[11558053.650107] Call Trace:
[11558053.651347] [<ffffffff81685eac>] dump_stack+0x19/0x1b
[11558053.653013] [<ffffffff8167f2b3>] panic+0xe3/0x1f2
[11558053.666240] [<ffffffff811dcb03>] ? kfree+0x103/0x140
[11558053.682589] [<ffffffffa05b8a8c>] ? idmap_pipe_downcall+0x1cc/0x1e0 [nfsv4]
[11558053.689710] [<ffffffff810855db>] __stack_chk_fail+0x1b/0x30
[11558053.691619] [<ffffffffa05b8a8c>] idmap_pipe_downcall+0x1cc/0x1e0 [nfsv4]
[11558053.693867] [<ffffffffa00209d6>] rpc_pipe_write+0x56/0x70 [sunrpc]
[11558053.695763] [<ffffffff811fe12d>] vfs_write+0xbd/0x1e0
[11558053.702236] [<ffffffff810acccc>] ? task_work_run+0xac/0xe0
[11558053.704215] [<ffffffff811fec4f>] SyS_write+0x7f/0xe0
[11558053.709674] [<ffffffff816964c9>] system_call_fastpath+0x16/0x1b
Environment
- Red Hat Enterprise Linux 7 (NFS client)
- seen on kernel-3.10.0-514.el7
- all kernels until at least 3.10.0-862.el7 believed affected
- NFS4 with idmapping
- One or more groupid (gid) or userid (uid) values are > 2147483647 = 0x7fffffff
- idmapping is enabled (i.e. /sys/module/nfs/parameters/nfs4_disable_idmapping is set to 'N' on the NFS client and /sys/module/nfsd/parameters/nfs4_disable_idmapping is set to 'N' on the NFS server)
- NOTE: This is a non-default setting. For more information, see https://access.redhat.com/solutions/1749883 and https://access.redhat.com/articles/2252881
- rpc.idmapd is enabled
- NOTE: This is a non-default setting on an NFS client
- nfsidmap does not do the idmapping, but a fallback to rpc.idmapd occurs. This could happen due to either:
- nfsidmap fails due to some issue such as https://access.redhat.com/solutions/2898061 and as a result, rpc.idmapd is used to translate the name to an id.
- nfsidmap is disabled. For example, the nfsidmap line is commented out in /etc/request-key.d/id_resolver.conf
#create id_resolver * * /usr/sbin/nfsidmap %k %d
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.