Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 31 Jan 2020 13:49:53 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 243759] SIGBUS from "rpcinfo -m"
Message-ID:  <bug-243759-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D243759

            Bug ID: 243759
           Summary: SIGBUS from "rpcinfo -m"
           Product: Base System
           Version: 11.3-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: bugs@FreeBSD.org
          Reporter: martin@lispworks.com

Running rpcinfo -m gets a SIGBUS with the following backtrace:

#0  xdr_rpcbs_rmtcalllist (xdrs=3D0x800e25418, objp=3D0xa486010001000000) at
/usr/src/lib/libc/rpc/rpcb_st_xdr.c:151
#1  0x0000000800902d3f in xdr_pointer (xdrs=3D0x800e25418, objpp=3D0x800fb9=
1ec,
obj_size=3D<value optimized out>, xdr_obj=3D0x800871160 <xdr_rpcbs_rmtcalll=
ist>) at
/usr/src/lib/libc/xdr/xdr_reference.c:97
#2  0x0000000800871260 in xdr_rpcbs_rmtcalllist (xdrs=3D0x800e25418, objp=
=3D<value
optimized out>) from /lib/libc.so.7
#3  0x0000000800902d3f in xdr_pointer (xdrs=3D0x800e25418, objpp=3D0x7fffff=
ffe9c8,
obj_size=3D<value optimized out>, xdr_obj=3D0x800871160 <xdr_rpcbs_rmtcalll=
ist>) at
/usr/src/lib/libc/xdr/xdr_reference.c:97
#4  0x0000000800871444 in xdr_rpcb_stat (xdrs=3D0x800e25418, objp=3D<value
optimized out>) at /usr/src/lib/libc/rpc/rpcb_st_xdr.c:220
#5  0x000000080090d04b in xdr_vector (xdrs=3D0x800e25418, basep=3D0x7ffffff=
fe980
"\022\001", nelem=3D3, elemsize=3D80, xdr_elem=3D0x8008713c0 <xdr_rpcb_stat=
>) at
/usr/src/lib/libc/xdr/xdr_array.c:154
#6  0x000000080087147a in xdr_rpcb_stat_byvers (xdrs=3D<value optimized out=
>,
objp=3D<value optimized out>) at /usr/src/lib/libc/rpc/rpcb_st_xdr.c:256
#7  0x0000000800909d89 in clnt_vc_call (cl=3D0x800e2a000, proc=3D12,
xdr_args=3D0x401654 <xdr_void@plt>, args_ptr=3D0x0, xdr_results=3D0x401934
<xdr_rpcb_stat_byvers@plt>, results_ptr=3D0x7fffffffe980, timeout=3D{tv_sec=
 =3D 60,
tv_usec =3D 0}) at /usr/src/lib/libc/rpc/clnt_vc.c:432
#8  0x00000000004022c4 in main (argc=3D<value optimized out>,
argv=3D0x7fffffffeaf8) at /usr/src/usr.bin/rpcinfo/rpcinfo.c:1025
#9  0x0000000000401a2d in _start ()
#10 0x0000000800629000 in ?? ()
#11 0x0000000000000000 in ?? ()

I think the problem might be caused by base r173763, where the variable pne=
xt
in xdr_rpcbs_rmtcalllist is uninitialized in 2 of the 3 calls to xdr_pointe=
r.=20
Probably ``pnext =3D &objp->next;'' should be moved outside the if statemen=
ts.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-243759-227>