Bug 722594

Summary: [abrt] rpcbind-0.2.0-10.fc15: svc_dg_reply: Process /sbin/rpcbind was killed by signal 11 (SIGSEGV)
Product: [Fedora] Fedora Reporter: Shawn Stephens <shawn.stephens>
Component: rpcbindAssignee: Steve Dickson <steved>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 15CC: curtis.madsen, steved
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:d4bc22c121759728b489a53fea77f1786236f552
Fixed In Version: libtirpc-0.2.2-1.1.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-07-31 03:32:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
File: backtrace
none
Core file from rpcbind none

Description Shawn Stephens 2011-07-15 18:50:28 UTC 
abrt version: 2.0.3
architecture:   x86_64
backtrace_rating: 4
cmdline:        rpcbind
comment:        
component:      rpcbind
crash_function: svc_dg_reply
executable:     /sbin/rpcbind
kernel:         2.6.38.8-35.fc15.x86_64
os_release:     Fedora release 15 (Lovelock)
package:        rpcbind-0.2.0-10.fc15
reason:         Process /sbin/rpcbind was killed by signal 11 (SIGSEGV)
time:           Fri Jul 15 13:30:14 2011
uid:            0
username:       root

backtrace:      Text file, 25322 bytes

build_ids:
:aac9177d9323042eaa779127c3f5b0dde9699c13
:381b4d1a68920ac7d5ce745f1eb2b324bb90dc03
:263808e67654286dd52d513eff5f47217feb6bf2
:9c7124f8172c2f993351b55d0e5db3439f9b1bb7
:0f49a26f52998458da62c426c34bb3b7242f366e
:020ea634b00e306a5ba5982d96f7f55c560bee88
:ebb6702a16d91f29f76e61e919170eba439029c5
:f5f65c7afe75ef68572ed0c3737d5fbd1a687951
:6991b93f58f41df59865a354a9e85169506da296
:02278e6fab817461af5d9daf1ba469161ef51a44

dso_list:
:/lib64/libdl-2.14.so glibc-2.14-4.x86_64 (Fedora Project) 1310329582
:/lib64/ld-2.14.so glibc-2.14-4.x86_64 (Fedora Project) 1310329582
:/lib64/libpthread-2.14.so glibc-2.14-4.x86_64 (Fedora Project) 1310329582
:/lib64/libwrap.so.0.7.6 tcp_wrappers-libs-7.6-60.fc15.x86_64 (Fedora Project) 1306333425
:/lib64/libnss_files-2.14.so glibc-2.14-4.x86_64 (Fedora Project) 1310329582
:/lib64/libgssglue.so.1.0.0 libgssglue-0.1-10.fc15.x86_64 (Fedora Project) 1306334932
:/lib64/libtirpc.so.1.0.10 libtirpc-0.2.2-1.fc15.x86_64 (Fedora Project) 1310562793
:/lib64/libc-2.14.so glibc-2.14-4.x86_64 (Fedora Project) 1310329582
:/sbin/rpcbind rpcbind-0.2.0-10.fc15.x86_64 (Fedora Project) 1306334933
:/lib64/libnsl-2.14.so glibc-2.14-4.x86_64 (Fedora Project) 1310329582

environ:
:PATH=/sbin:/usr/sbin:/bin:/usr/bin
:PWD=/
:LANG=en_US.UTF-8
:SHLVL=2
:_=/sbin/rpcbind

maps:
:7f5892d80000-7f5892d8c000 r-xp 00000000 fd:01 4980774                    /lib64/libnss_files-2.14.so
:7f5892d8c000-7f5892f8b000 ---p 0000c000 fd:01 4980774                    /lib64/libnss_files-2.14.so
:7f5892f8b000-7f5892f8c000 r--p 0000b000 fd:01 4980774                    /lib64/libnss_files-2.14.so
:7f5892f8c000-7f5892f8d000 rw-p 0000c000 fd:01 4980774                    /lib64/libnss_files-2.14.so
:7f5892f8d000-7f5892f8f000 r-xp 00000000 fd:01 4980757                    /lib64/libdl-2.14.so
:7f5892f8f000-7f589318f000 ---p 00002000 fd:01 4980757                    /lib64/libdl-2.14.so
:7f589318f000-7f5893190000 r--p 00002000 fd:01 4980757                    /lib64/libdl-2.14.so
:7f5893190000-7f5893191000 rw-p 00003000 fd:01 4980757                    /lib64/libdl-2.14.so
:7f5893191000-7f589319a000 r-xp 00000000 fd:01 4981101                    /lib64/libgssglue.so.1.0.0
:7f589319a000-7f5893399000 ---p 00009000 fd:01 4981101                    /lib64/libgssglue.so.1.0.0
:7f5893399000-7f589339a000 rw-p 00008000 fd:01 4981101                    /lib64/libgssglue.so.1.0.0
:7f589339a000-7f58933b0000 r-xp 00000000 fd:01 4980764                    /lib64/libnsl-2.14.so
:7f58933b0000-7f58935af000 ---p 00016000 fd:01 4980764                    /lib64/libnsl-2.14.so
:7f58935af000-7f58935b0000 r--p 00015000 fd:01 4980764                    /lib64/libnsl-2.14.so
:7f58935b0000-7f58935b1000 rw-p 00016000 fd:01 4980764                    /lib64/libnsl-2.14.so
:7f58935b1000-7f58935b3000 rw-p 00000000 00:00 0 
:7f58935b3000-7f5893742000 r-xp 00000000 fd:01 4980747                    /lib64/libc-2.14.so
:7f5893742000-7f5893941000 ---p 0018f000 fd:01 4980747                    /lib64/libc-2.14.so
:7f5893941000-7f5893945000 r--p 0018e000 fd:01 4980747                    /lib64/libc-2.14.so
:7f5893945000-7f5893946000 rw-p 00192000 fd:01 4980747                    /lib64/libc-2.14.so
:7f5893946000-7f589394c000 rw-p 00000000 00:00 0 
:7f589394c000-7f5893954000 r-xp 00000000 fd:01 4980830                    /lib64/libwrap.so.0.7.6
:7f5893954000-7f5893b53000 ---p 00008000 fd:01 4980830                    /lib64/libwrap.so.0.7.6
:7f5893b53000-7f5893b55000 rw-p 00007000 fd:01 4980830                    /lib64/libwrap.so.0.7.6
:7f5893b55000-7f5893b6b000 r-xp 00000000 fd:01 4980771                    /lib64/libpthread-2.14.so
:7f5893b6b000-7f5893d6a000 ---p 00016000 fd:01 4980771                    /lib64/libpthread-2.14.so
:7f5893d6a000-7f5893d6b000 r--p 00015000 fd:01 4980771                    /lib64/libpthread-2.14.so
:7f5893d6b000-7f5893d6c000 rw-p 00016000 fd:01 4980771                    /lib64/libpthread-2.14.so
:7f5893d6c000-7f5893d70000 rw-p 00000000 00:00 0 
:7f5893d70000-7f5893d96000 r-xp 00000000 fd:01 4980770                    /lib64/libtirpc.so.1.0.10
:7f5893d96000-7f5893f95000 ---p 00026000 fd:01 4980770                    /lib64/libtirpc.so.1.0.10
:7f5893f95000-7f5893f97000 rw-p 00025000 fd:01 4980770                    /lib64/libtirpc.so.1.0.10
:7f5893f97000-7f5893fb6000 r-xp 00000000 fd:01 4980741                    /lib64/ld-2.14.so
:7f58941a6000-7f58941ab000 rw-p 00000000 00:00 0 
:7f58941b4000-7f58941b5000 rw-p 00000000 00:00 0 
:7f58941b5000-7f58941b6000 r--p 0001e000 fd:01 4980741                    /lib64/ld-2.14.so
:7f58941b6000-7f58941b7000 rw-p 0001f000 fd:01 4980741                    /lib64/ld-2.14.so
:7f58941b7000-7f58941b8000 rw-p 00000000 00:00 0 
:7f58941b8000-7f58941c5000 r-xp 00000000 fd:01 2359418                    /sbin/rpcbind
:7f58943c4000-7f58943c5000 rw-p 0000c000 fd:01 2359418                    /sbin/rpcbind
:7f58943c5000-7f58943c6000 rw-p 00000000 00:00 0 
:7f5895e14000-7f5895e56000 rw-p 00000000 00:00 0                          [heap]
:7fff6b745000-7fff6b76a000 rw-p 00000000 00:00 0                          [stack]
:7fff6b7ff000-7fff6b800000 r-xp 00000000 00:00 0                          [vdso]
:ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

var_log_messages:
:Jul 15 09:25:33 hestia systemd[1]: rpcbind.service: main process exited, code=killed, status=11
:Jul 15 09:25:33 hestia kernel: [145335.781360] rpcbind[952]: segfault at 0 ip 00007f2e0a59ee92 sp 00007fff64844200 error 4 in libtirpc.so.1.0.10[7f2e0a589000+26000]
:Jul 15 09:27:55 hestia systemd[1]: Unit rpcbind.service entered failed state.
:Jul 15 09:28:13 hestia systemd[1]: rpcbind.service: main process exited, code=killed, status=11
:Jul 15 09:28:13 hestia kernel: [145495.757364] rpcbind[18398]: segfault at 0 ip 00007f4b3cefde92 sp 00007fff67c4b650 error 4 in libtirpc.so.1.0.10[7f4b3cee8000+26000]
:Jul 15 11:02:10 hestia rpcbind: rpcbind terminating on signal. Restart with "rpcbind -w"
:Jul 15 12:56:14 hestia systemd[1]: rpcbind.service: main process exited, code=killed, status=11
:Jul 15 12:56:14 hestia kernel: [  162.953481] rpcbind[947]: segfault at 0 ip 00007f15d2461e92 sp 00007fff9db50970 error 4 in libtirpc.so.1.0.10[7f15d244c000+26000]
:Jul 15 13:22:14 hestia systemd[1]: rpcbind.service: main process exited, code=killed, status=11
:Jul 15 13:22:14 hestia kernel: [  449.448038] rpcbind[931]: segfault at 0 ip 00007f3420e56e92 sp 00007fff3cb50930 error 4 in libtirpc.so.1.0.10[7f3420e41000+26000]
:Jul 15 13:30:14 hestia kernel: [  334.077570] rpcbind[955]: segfault at 0 ip 00007f5893d85e92 sp 00007fff6b766d80 error 4 in libtirpc.so.1.0.10[7f5893d70000+26000]
:Jul 15 13:30:14 hestia abrt[1574]: saved core dump of pid 955 (/sbin/rpcbind) to /var/spool/abrt/ccpp-2011-07-15-13:30:14-955.new/coredump (634880 bytes)
:Jul 15 13:30:14 hestia systemd[1]: rpcbind.service: main process exited, code=dumped, status=11
Comment 1 Shawn Stephens 2011-07-15 18:50:31 UTC 
Created attachment 513430 [details]
File: backtrace
Comment 2 Shawn Stephens 2011-07-15 18:53:00 UTC 
Whenever I start ypserv, rpcbind segfaults.  I have been able to repeat it several times (while getting abrt set up to submit this bug).

Here's an example:
[root@hestia ~]# ps -eaf | grep rpc
root       955     1  0 13:24 ?        00:00:00 rpcbind
rpcuser   1006     1  0 13:25 ?        00:00:00 rpc.statd
root      1039     2  0 13:25 ?        00:00:00 [rpciod]
root      1047     1  0 13:25 ?        00:00:00 rpc.idmapd
root      1065     1  0 13:25 ?        00:00:00 /usr/sbin/rpc.ypxfrd
root      1539  1524  0 13:29 pts/0    00:00:00 grep --color=auto rpc
[root@hestia ~]# ps -eaf | grep yp
root        63     2  0 13:24 ?        00:00:00 [crypto]
root      1065     1  0 13:25 ?        00:00:00 /usr/sbin/rpc.ypxfrd
root      1541  1524  0 13:29 pts/0    00:00:00 grep --color=auto yp
[root@hestia ~]# rpcinfo -p localhost
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  56477  status
    100024    1   tcp  52019  status
 600100069    1   udp    818  fypxfrd
 600100069    1   tcp    820  fypxfrd
[root@hestia ~]# service ypserv start
Starting ypserv (via systemctl):                           [  OK  ]
[root@hestia ~]# ps -eaf | grep ypserv
root      1572     1  0 13:30 ?        00:00:00 /usr/sbin/ypserv
root      1592  1524  0 13:30 pts/0    00:00:00 grep --color=auto ypserv
[root@hestia ~]# ps -eaf | grep rpc
rpcuser   1006     1  0 13:25 ?        00:00:00 rpc.statd
root      1039     2  0 13:25 ?        00:00:00 [rpciod]
root      1047     1  0 13:25 ?        00:00:00 rpc.idmapd
root      1065     1  0 13:25 ?        00:00:00 /usr/sbin/rpc.ypxfrd
root      1594  1524  0 13:30 pts/0    00:00:00 grep --color=auto rpc
[root@hestia ~]# tail /var/log/messages
Jul 15 13:26:12 hestia ntpd[665]: 0.0.0.0 c614 04 freq_mode
Jul 15 13:26:13 hestia ntpd[665]: 0.0.0.0 c618 08 no_sys_peer
Jul 15 13:30:14 hestia kernel: [  334.077570] rpcbind[955]: segfault at 0 ip 00007f5893d85e92 sp 00007fff6b766d80 error 4 in libtirpc.so.1.0.10[7f5893d70000+26000]
Comment 3 curtis.madsen 2011-07-16 00:29:39 UTC 
I believe that my setup is suffering from this same bug.  I am able to start ypserv after starting rpcbind on my server which is a 64-bit machine; however, rpcbind segfaults when one of my 32-bit machines tries to start the ypbind service to connect to the yp server.
Comment 4 Shawn Stephens 2011-07-16 00:38:43 UTC 
I don't think I have any 32-bit clients.  I do have some pretty old OS servers/clients (OpenSuSE 10.1 and CentOS 4).  The NIS master is a CentOS 4.2 OS.
Comment 5 curtis.madsen 2011-07-16 00:53:40 UTC 
Actually, I just found that rpcbind segfaulted on my NIS master without any of my 32-bit clients.  So it appears that I am experiencing a similar problem to what you are experiencing.
Comment 6 Steve Dickson 2011-07-18 18:15:51 UTC 
Well problem is occurring in the libtirpc library code.  I just
set up a NIS domain with ypserv running on a f15 and rawhide box
and nither one seems to show the problem... 

Would it be possible to get a using binary core so I code dig
around? What I'm looking is to see if any part of the following
pointer
     xprt->xp_auth->svc_ah_ops->svc_ah_wrap

is NULL. If so that's where the problem is.
Comment 7 Shawn Stephens 2011-07-18 18:57:28 UTC 
Created attachment 513667 [details]
Core file from rpcbind
Comment 8 Steve Dickson 2011-07-19 19:17:56 UTC 
(In reply to comment #7)
> Created attachment 513667 [details]
> Core file from rpcbind

Thanks for the core file... It does appear xprt->xp_auth is
definitely NULL which is the cause of the crash... 

I'm on it... for I would suggest doing a yum downgrade libtirpc

What I don't understand is one, how this got pass my testing and
why is only a small set of people seeing this problem...
Comment 9 Steve Dickson 2011-07-20 13:51:13 UTC 
I have a scratch build building at:
    http://koji.fedoraproject.org/koji/taskinfo?taskID=3214717

which should take care of the problem. Please let me know
Comment 10 Shawn Stephens 2011-07-20 14:18:15 UTC 
That works!  ypserv is running successfully as a slave, and I'm getting all of the yppush over ypxfrd too.

Thanks for the fix!
Comment 11 Fedora Update System 2011-07-20 15:22:23 UTC 
libtirpc-0.2.2-1.1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/libtirpc-0.2.2-1.1.fc15
Comment 12 Steve Dickson 2011-07-20 15:24:41 UTC 
(In reply to comment #10)
> That works!  ypserv is running successfully as a slave, and I'm getting all of
> the yppush over ypxfrd too.

Thank you for taking the time to do the testing... Its appreciated!
Comment 13 Fedora Update System 2011-07-22 19:27:47 UTC 
Package libtirpc-0.2.2-1.1.fc15:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing libtirpc-0.2.2-1.1.fc15'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/libtirpc-0.2.2-1.1.fc15
then log in and leave karma (feedback).
Comment 14 Steve Dickson 2011-07-25 16:21:08 UTC 
(In reply to comment #13)
> Package libtirpc-0.2.2-1.1.fc15:
> * should fix your issue,
> * was pushed to the Fedora 15 testing repository,
> * should be available at your local mirror within two days.
> Update it with:
> # su -c 'yum update --enablerepo=updates-testing libtirpc-0.2.2-1.1.fc15'
> as soon as you are able to.
> Please go to the following url:
> https://admin.fedoraproject.org/updates/libtirpc-0.2.2-1.1.fc15
> then log in and leave karma (feedback).

Shawn,

Would you mind downloading this version of libitrpc to
ensure the problem stays fixed. Its the same code as I
supplied you, its just an official build. If things worked
out well, giving some good karma would help move things along..

tia...
Comment 15 Shawn Stephens 2011-07-25 16:37:12 UTC 
That worked....  Added karma....

Thanks Steve!
Comment 16 Fedora Update System 2011-07-31 03:32:35 UTC 
libtirpc-0.2.2-1.1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.