autofs 5.1.2-1ubuntu2 crashes on nfs mount

here same on bionic server

Status changed to 'Confirmed' because the bug affects multiple users.

 $ sudo gdb --args /usr/sbin/automount $OPTIONS -d -v -f

(gdb) run
Starting program: /usr/sbin/automount -d -v -f
[...]
attempting to mount entry /net/wanda
lookup_mount: lookup(hosts): wanda -> (null)
get_exports: lookup(hosts): fetchng export list for wanda

Thread 6 "automount" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff7fc8700 (LWP 13530)]
0x0000000000000000 in ?? ()
(gdb) bt
#0 0x0000000000000000 in ?? ()
#1 0x00007ffff42fb8dc in ?? () from /lib/x86_64-linux-gnu/libtirpc.so.1
#2 0x00007ffff18b01ec in ?? () from /usr/lib/x86_64-linux-gnu/autofs/lookup_hosts.so
#3 0x00007ffff18b13fa in rpc_get_exports () from /usr/lib/x86_64-linux-gnu/autofs/lookup_hosts.so
#4 0x00007ffff18ac516 in ?? () from /usr/lib/x86_64-linux-gnu/autofs/lookup_hosts.so
#5 0x00007ffff18ad013 in lookup_mount () from /usr/lib/x86_64-linux-gnu/autofs/lookup_hosts.so
#6 0x000055555556c70d in do_lookup_mount ()
#7 0x000055555556d441 in lookup_nss_mount ()
#8 0x00005555555634d5 in ?? ()
#9 0x00007ffff7bbd6db in start_thread (arg=0x7ffff7fc8700) at pthread_create.c:463
#10 0x00007ffff732188f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
(gdb)
#0 0x0000000000000000 in ?? ()
#1 0x00007ffff42fb8dc in ?? () from /lib/x86_64-linux-gnu/libtirpc.so.1
#2 0x00007ffff18b01ec in ?? () from /usr/lib/x86_64-linux-gnu/autofs/lookup_hosts.so
#3 0x00007ffff18b13fa in rpc_get_exports () from /usr/lib/x86_64-linux-gnu/autofs/lookup_hosts.so
#4 0x00007ffff18ac516 in ?? () from /usr/lib/x86_64-linux-gnu/autofs/lookup_hosts.so
#5 0x00007ffff18ad013 in lookup_mount () from /usr/lib/x86_64-linux-gnu/autofs/lookup_hosts.so
#6 0x000055555556c70d in do_lookup_mount ()
#7 0x000055555556d441 in lookup_nss_mount ()
#8 0x00005555555634d5 in ?? ()
#9 0x00007ffff7bbd6db in start_thread (arg=0x7ffff7fc8700) at pthread_create.c:463
#10 0x00007ffff732188f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

 $ lsb_release -rd
Description: Ubuntu Bionic Beaver (development branch)
Release: 18.04

Beta2

Package versions are the same as well.

Note the libtirpc version appears to be 1.0.10 and not 0.2.5-1.2

 $ ll /lib/x86_64-linux-gnu/libtirpc.so.1
lrwxrwxrwx 1 root root 18 May 5 2017 /lib/x86_64-linux-gnu/libtirpc.so.1 -> libtirpc.so.1.0.10
 $ file /lib/x86_64-linux-gnu/libtirpc.so.1.0.10
/lib/x86_64-linux-gnu/libtirpc.so.1.0.10: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=539908bd2e69d701d81bc12577b1532e4964a8f4, stripped

Although the latest version here appears to be 1.0.3
https://sourceforge.net/projects/libtirpc/files/libtirpc/

Linked to this change.
https://bugs.launchpad.net/ubuntu/+source/autofs/+bug/1101779

Adding ahasenack as he was the one assigned to the above issue.

Tested building autofs without --with-libtirpc and segfault went away.

 $ mkdir build
 $ cd build/
 $ sudo apt install flex bison build-essential autoconf debhelper
 $ sudo apt-get build-dep autofs
 $ apt-get source autofs
 $ cd autofs-5.1.2/
 $ dpkg-buildpackage -rfakeroot -b
 $ sed 's/--with-libtirpc//' debian/rules -i
 $ dpkg-buildpackage -rfakeroot -b
 $ mkdir INSTALL
 $ make DESTDIR=$PWD/INSTALL install
 $ mkdir ../system_lib/
 $ sudo mv /usr/lib/x86_64-linux-gnu/autofs/* ../system_lib/
 $ sudo mv INSTALL/usr/lib/x86_64-linux-gnu/autofs/* /usr/lib/x86_64-linux-gnu/autofs/

 $ sudo INSTALL/usr/sbin/automount --pid-file /var/run/autofs.pid -f -d
 $ ls /net/wanda # Mounted and No crash

 $ sudo automount --pid-file /var/run/autofs.pid -f -d
 $ ls /net/wanda # Mounted and No crash

Thanks for the troubleshooting. I'm taking a look.

Sounds good. Let me know if there is more information I can get out of gdb.

On Fri, Apr 13, 2018 at 8:14 AM, Andreas Hasenack <email address hidden>
wrote:

> Thanks for the troubleshooting. I'm taking a look.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1745817
>
> Title:
> autofs 5.1.2-1ubuntu2 crashes on nfs mount
>
> Status in autofs package in Ubuntu:
> Confirmed
>
> Bug description:
> Using the latest autofs package (with libtirpc support) the automount
> process crashes when mounting a nfs share (at least when using IPv4).
>
> I am using a file /etc/auto.master.d/net.autofs to be able to mount
> arbitrary nfs shares to /net:
>
> /net -hosts -intr,soft --timeout=60
>
> When trying to access a share (e.g. with the command "cd
> /net/192.168.1.104" - using the hostname has the same effect)
> automount crashes:
>
> $ sudo systemctl stop autofs.service
> $ source /etc/default/autofs
> $ sudo gdb --args /usr/sbin/automount $OPTIONS -d -v -f
> (gdb) run
> [...]
> attempting to mount entry /net/192.168.1.104
> lookup_mount: lookup(hosts): 192.168.1.104 -> (null)
> get_exports: lookup(hosts): fetchng export list for 192.168.1.104
>
> Thread 6 "automount" received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x7ffff7fc7700 (LWP 4640)]
> 0x0000000000000000 in ?? ()
> (gdb) bt
> #0 0x0000000000000000 in ?? ()
> #1 0x00007ffff435b8dc in ?? () from /lib/x86_64-linux-gnu/libtirpc.so.1
> #2 0x00007ffff29b11ec in ?? () from /usr/lib/x86_64-linux-gnu/
> autofs/lookup_hosts.so
> #3 0x00007ffff29b23fa in rpc_get_exports () from
> /usr/lib/x86_64-linux-gnu/autofs/lookup_hosts.so
> #4 0x00007ffff29ad516 in ?? () from /usr/lib/x86_64-linux-gnu/
> autofs/lookup_hosts.so
> #5 0x00007ffff29ae013 in lookup_mount () from /usr/lib/x86_64-linux-gnu/
> autofs/lookup_hosts.so
> #6 0x000055555556c70d in do_lookup_mount ()
> #7 0x000055555556d441 in lookup_nss_mount ()
> #8 0x00005555555634d5 in ?? ()
> #9 0x00007ffff7bbd7fc in start_thread () from /lib/x86_64-linux-gnu/
> libpthread.so.0
> #10 0x00007ffff7325b0f in clone () from /lib/x86_64-linux-gnu/libc.so.6
>
> The segfault disappears if the autofs package is recompiled without
> "--with-libtirpc" in debian/rules.
>
> $ lsb_release -rd
> Description: Ubuntu Bionic Beaver (development branch)
> Release: 18.04
>
> $ apt-cache policy autofs
> autofs:
> Installiert: 5.1.2-1ubuntu2
> Installationskandidat: 5.1.2-1ubuntu2
> Versionstabelle:
> *** 5.1.2-1ubuntu2 500
> 500 http://de.archive.ubuntu.com/ubuntu bionic/main amd64
> Packages
> 100 /var/lib/dpkg/status
>
> $ apt-cache policy libtirpc1
> libtirpc1:
> Installiert: 0.2.5-1.2
> Installationskandidat: 0.2.5-1.2
> Versionstabelle:
> *** 0.2.5-1.2 500
> 500 http://de.archive.ubuntu.com/ubuntu bionic/main amd64
> Packages
> 100 /var/lib/dpkg/status
>
> BTW: libtirpc1 seems to be quite old in Ubuntu, the current release is
> 1.0.2
>
> To manage notifications about this bug go to:
>...

What I got so far:

a) Using "/net /etc/auto.net -intr,soft --timeout=60" works around it
b) The crash is in AUTH_WRAP(cl->cl_auth, xdrs, xargs, argsp):

367 if ((! XDR_PUTINT32(xdrs, (int32_t *)&proc)) ||
368 (! AUTH_MARSHALL(cl->cl_auth, xdrs)) ||
369 (! AUTH_WRAP(cl->cl_auth, xdrs, xargs, argsp))) {
370 cu->cu_error.re_status = RPC_CANTENCODEARGS;
371 goto out;
372 }

For some reason, the ah_wrap and ah_unwrap functions are not set:
(gdb) p *cl->cl_auth->ah_ops
$21 = {ah_nextverf = 0x7ffff7354e50 <authunix_nextverf>, ah_marshal = 0x7ffff7354e60 <authunix_marshal>, ah_validate = 0x7ffff7355090 <authunix_validate>, ah_refresh = 0x7ffff7354ed0 <authunix_refresh>,
  ah_destroy = 0x7ffff7354e80 <authunix_destroy>, ah_wrap = 0x0, ah_unwrap = 0x0}

AUTH_WRAP() in particular wants ah_wrap.

It works if I build autofs with libtirpc 1.0.3, so the bug must have been fixed between the ancient version ubuntu is carrying, and 1.0.3. Debian has 1.0.2 in experimental.

I'm out of ideas. We can't upgrade libtirpc to 1.0.3 for Bionic I'm afraid, so it looks like reverting the linking with libtirpc (and reopening #1101779) is the only option for now.

For release team members looking at this bug, the attached MP has a simple test case that reproduces the segfault and shows that the fixed package does not crash.

This bug was fixed in the package autofs - 5.1.2-1ubuntu3

---------------
autofs (5.1.2-1ubuntu3) bionic; urgency=medium

  * Revert the previous change, as it introduced a segfault when using the
    builtin -hosts map. This will reopen #1101779. (LP: #1745817)

 -- Andreas Hasenack <email address hidden> Fri, 13 Apr 2018 16:29:51 -0300

Thanks for the quick response.

How do I get and test this update? Running apt update and apt-cache show autofs still shows Version: 5.1.2-1ubuntu2

Maybe your mirror is lagging behind a bit. I already see it in the .br mirror:
  Version table:
     5.1.2-1ubuntu3 500
        500 http://ubuntu.c3sl.ufpr.br/ubuntu bionic/main amd64 Packages

Apparently so, rerunning apt update && apt dist-upgrade now shows the update.

 $ apt-cache show autofs | grep -i version
Version: 5.1.2-1ubuntu3
 style automounter under Linux. A recent version of the kernel

 $ automount -V

Linux automount version 5.1.2

Directories:
        config dir: /etc/default
        maps dir: /etc
        modules dir: /usr/lib/x86_64-linux-gnu/autofs

Compile options:
  DISABLE_MOUNT_LOCKING ENABLE_FORCED_SHUTDOWN ENABLE_IGNORE_BUSY_MOUNTS
  WITH_HESIOD WITH_LDAP WITH_SASL LIBXML2_WORKAROUND

Nfs automount no longer crashes when using -net. Awesome. Thanks