This is a kernel oops that appears to occur under heavy load. Unfortunately, it is not easy to reproduce, and I haven't been able to isolate whether it's associated with NFS load, CPU load, both, or neither. (NFS appears to be relevant, I'm using NFS4 with Kerberos in krb5p, and the oops is in GSS code. I am not using Kerberos for login or other features.)
The oops output is attached. Nothing occurs in the console output for hours before it, and I suspect the second oops is related to the first one in some way. Shortly afterward, soft lockups on all other cores (including those on a physically separate processor) make the computer unresponsive.
The issue appears to be in net/sunrpc/auth_gss/auth_gss.c's gss_wrap_req_priv, in the following line:
tmp = page_address(rqstp->rq_enc_pages[rqstp->rq_enc_pages_num - 1]);
It appears that rqstp is set, but both rqstp->rq_enc_Pages and rqstp->rq_enc_pages_num are zero, leading the kernel to attempt dereferencing an invalid address. Because this surfaces only under load, and is on a multiple-processor system, I'm inclined to guess there is a race condition between accesses to rqstp on different cores, but I haven't been able to determine where at this point.
Unfortunately, /proc/version_signature isn't currently available as the computer got updated to a 3.13.0-77-generic upon restart, but this was running on a stock "3.13.0-76-generic #120-Ubuntu" kernel on 14.04/trusty.
This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:
apport-collect 1559563
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.