/sbin/rpcbind crashes after failed mount

Solution In Progress - Updated -

Environment

  • Red Hat Enterprise Linux 6.4

Issue

RCPBIND stopped working after a failed mount request:

Dec 17 21:39:16 hostname1 rpc.statd[2584]: nsm_parse_reply: can't decode RPC reply
Dec 17 21:39:42 hostname1 rpc.mountd[6575]: refused mount request from 10.140.xxx.x for / (/): unmatched host
Dec 17 21:39:42 hostname1 rpc.mountd[6575]: refused mount request from 10.140.xxx.x for / (/): unmatched host
Dec 17 21:39:42 hostname1 rpc.mountd[6575]: refused mount request from 10.140.xxx.x for / (/): unmatched host
Dec 17 21:39:42 hostname1 rpc.mountd[6575]: refused mount request from 10.140.xxx.x for / (/): unmatched host
Dec 17 21:39:42 hostname1 rpc.mountd[6575]: refused mount request from 10.140.xxx.x for /NoExist (/NoExist): unmatched host
Dec 17 21:39:42 hostname1 rpc.mountd[6575]: refused mount request from 10.140.xxx.x for /NoExist (/NoExist): unmatched host
Dec 17 21:39:42 hostname1 rpc.mountd[6575]: refused mount request from 10.140.xxx.x for /NoExist (/NoExist): unmatched host
Dec 17 21:39:42 hostname1 rpc.mountd[6575]: refused mount request from 10.140.xxx.x for /NoExist (/NoExist): unmatched host
Dec 17 21:39:53 hostname1 abrt[17255]: Saved core dump of pid 2566 (/sbin/rpcbind) to /var/spool/abrt/ccpp-2013-12-17-21:39:53-2566 (598016 bytes)

The mounts appear to come from our Qualys server, but this runs weekly, and normally does not cause a crash.

Resolution

  • RHEL 6 - libtirpc-0.2.1-10.el6
    This package is available via Errata RHBA-2014-1419.

  • This issue was resolved in Red Hat Bugzilla 1056809

Root Cause

  • Due to buffer overruns in libtrpc, the rpcbind utility sometimes terminated
    unexpectedly with a segmentation fault. With this update, buffer is allocated by
    the svcauth_gss_validate() call, which avoids the buffer overruns and thus
    prevents the rpcbind crashes. (BZ#1056809)

Diagnostic Steps

  • Capture a core file and review for a stack trace similar to the following.
Core was generated by `rpcbind'.
Program terminated with signal 11, Segmentation fault.
#0  svc_vc_recv (xprt=0x7f4e07ca2850, msg=0x7fff823d1750) at svc_vc.c:613
613             if (cd->nonblock) {
(gdb) backtrace
#0  svc_vc_recv (xprt=0x7f4e07ca2850, msg=0x7fff823d1750) at svc_vc.c:613
#1  0x00007f4e067251cc in svc_getreq_common (fd=<value optimized out>) at svc.c:650
#2  0x00007f4e06725411 in svc_getreq_poll (pfdp=<value optimized out>, pollretval=1) at svc.c:761
#3  0x00007f4e06d6ab3e in my_svc_run () at rpcb_svc_com.c:1166
#4  0x00007f4e06d69998 in main (argc=<value optimized out>, argv=<value optimized out>) at rpcbind.c:257

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.