[Bug 1512554] Re: mdadm crash due to buffer overflow when device name is more than 30 chars
Andrea R.
1512554 at bugs.launchpad.net
Fri Jun 30 11:10:38 UTC 2017
Confirmed. It still happens to me on Ubuntu 16.04 LTS amd64 with
mdadm-3.3-2ubuntu7.2. I've also tried to upgrade to mdadm_3.4-4_amd64
from Zesty (https://launchpad.net/ubuntu/zesty/amd64/mdadm/3.4-4) with
same results.
#> sudo mdadm --verbose --create /dev/md1 --level=mirror --raid-devices=2 --size=2790G --metadata=1.2 --name=startech-usb-enclosure-4bay-3Tb2 /dev/sdd /dev/sde
mdadm: automatically enabling write-intent bitmap on large array
*** buffer overflow detected ***: mdadm terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7fda092407e5]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x5c)[0x7fda092e211c]
/lib/x86_64-linux-gnu/libc.so.6(+0x117120)[0x7fda092e0120]
/lib/x86_64-linux-gnu/libc.so.6(+0x116472)[0x7fda092df472]
mdadm[0x433553]
mdadm[0x41c1d7]
mdadm[0x405951]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7fda091e9830]
mdadm[0x4085e9]
======= Memory map: ========
00400000-00476000 r-xp 00000000 08:06 655416 /sbin/mdadm
00675000-00676000 r--p 00075000 08:06 655416 /sbin/mdadm
00676000-0067d000 rw-p 00076000 08:06 655416 /sbin/mdadm
0067d000-00691000 rw-p 00000000 00:00 0
01cd2000-01cf3000 rw-p 00000000 00:00 0 [heap]
7fda08fb3000-7fda08fc9000 r-xp 00000000 08:06 1574085 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fda08fc9000-7fda091c8000 ---p 00016000 08:06 1574085 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fda091c8000-7fda091c9000 rw-p 00015000 08:06 1574085 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fda091c9000-7fda09389000 r-xp 00000000 08:06 1577429 /lib/x86_64-linux-gnu/libc-2.23.so
7fda09389000-7fda09589000 ---p 001c0000 08:06 1577429 /lib/x86_64-linux-gnu/libc-2.23.so
7fda09589000-7fda0958d000 r--p 001c0000 08:06 1577429 /lib/x86_64-linux-gnu/libc-2.23.so
7fda0958d000-7fda0958f000 rw-p 001c4000 08:06 1577429 /lib/x86_64-linux-gnu/libc-2.23.so
7fda0958f000-7fda09593000 rw-p 00000000 00:00 0
7fda09593000-7fda095b9000 r-xp 00000000 08:06 1577305 /lib/x86_64-linux-gnu/ld-2.23.so
7fda09726000-7fda0975b000 r--s 00000000 08:06 1055715 /var/cache/nscd/group
7fda0975b000-7fda09790000 r--s 00000000 08:06 1055115 /var/cache/nscd/passwd
7fda09790000-7fda09793000 rw-p 00000000 00:00 0
7fda097b5000-7fda097b8000 rw-p 00000000 00:00 0
7fda097b8000-7fda097b9000 r--p 00025000 08:06 1577305 /lib/x86_64-linux-gnu/ld-2.23.so
7fda097b9000-7fda097ba000 rw-p 00026000 08:06 1577305 /lib/x86_64-linux-gnu/ld-2.23.so
7fda097ba000-7fda097bb000 rw-p 00000000 00:00 0
7ffd337fd000-7ffd3381e000 rw-p 00000000 00:00 0 [stack]
7ffd3391f000-7ffd33921000 r--p 00000000 00:00 0 [vvar]
7ffd33921000-7ffd33923000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Aborted (core dumped)
#> sudo mdadm --verbose --create /dev/md1 --level=mirror --raid-devices=2 --size=2790G --metadata=1.2 --name=startech-usb-enclosure-4bay-v2 /dev/sdd /dev/sdemdadm: automatically enabling write-intent bitmap on large array
mdadm: array /dev/md1 started.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to mdadm in Ubuntu.
https://bugs.launchpad.net/bugs/1512554
Title:
mdadm crash due to buffer overflow when device name is more than 30
chars
Status in mdadm package in Ubuntu:
Confirmed
Bug description:
$ cat /etc/issue
Ubuntu 14.04.2 LTS \n \l
$ sudo mdadm --version
mdadm - v3.2.5 - 18th May 2012
$ sudo mdadm --create /dev/md/dcb0db3a-81c6-11e5-84e5-08002780734e --level=mirror --raid-devices 2 /dev/sdc /dev/sdd
mdadm: Note: this array has metadata at the start and
may not be suitable as a boot device. If you plan to
store '/boot' on this device please ensure that
your boot-loader understands md/v1.x metadata, or use
--metadata=0.90
Continue creating array? yes
*** buffer overflow detected ***: ./mdadm terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x7338f)[0x7fb5e493d38f]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x5c)[0x7fb5e49d4c9c]
/lib/x86_64-linux-gnu/libc.so.6(+0x109b60)[0x7fb5e49d3b60]
./mdadm[0x42e045]
./mdadm[0x419873]
./mdadm[0x404fbb]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7fb5e48ebec5]
./mdadm[0x40821a]
======= Memory map: ========
00400000-0046a000 r-xp 00000000 ca:01 412228 /home/ubuntu/t/sbin/mdadm
00669000-0066a000 r--p 00069000 ca:01 412228 /home/ubuntu/t/sbin/mdadm
0066a000-00671000 rw-p 0006a000 ca:01 412228 /home/ubuntu/t/sbin/mdadm
00671000-00684000 rw-p 00000000 00:00 0
00957000-00994000 rw-p 00000000 00:00 0 [heap]
7fb5e3e78000-7fb5e3e8e000 r-xp 00000000 ca:01 396056 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fb5e3e8e000-7fb5e408d000 ---p 00016000 ca:01 396056 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fb5e408d000-7fb5e408e000 rw-p 00015000 ca:01 396056 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fb5e408e000-7fb5e4099000 r-xp 00000000 ca:01 396076 /lib/x86_64-linux-gnu/libnss_files-2.19.so
7fb5e4099000-7fb5e4298000 ---p 0000b000 ca:01 396076 /lib/x86_64-linux-gnu/libnss_files-2.19.so
7fb5e4298000-7fb5e4299000 r--p 0000a000 ca:01 396076 /lib/x86_64-linux-gnu/libnss_files-2.19.so
7fb5e4299000-7fb5e429a000 rw-p 0000b000 ca:01 396076 /lib/x86_64-linux-gnu/libnss_files-2.19.so
7fb5e429a000-7fb5e42a5000 r-xp 00000000 ca:01 396078 /lib/x86_64-linux-gnu/libnss_nis-2.19.so
7fb5e42a5000-7fb5e44a4000 ---p 0000b000 ca:01 396078 /lib/x86_64-linux-gnu/libnss_nis-2.19.so
7fb5e44a4000-7fb5e44a5000 r--p 0000a000 ca:01 396078 /lib/x86_64-linux-gnu/libnss_nis-2.19.so
7fb5e44a5000-7fb5e44a6000 rw-p 0000b000 ca:01 396078 /lib/x86_64-linux-gnu/libnss_nis-2.19.so
7fb5e44a6000-7fb5e44bd000 r-xp 00000000 ca:01 396073 /lib/x86_64-linux-gnu/libnsl-2.19.so
7fb5e44bd000-7fb5e46bc000 ---p 00017000 ca:01 396073 /lib/x86_64-linux-gnu/libnsl-2.19.so
7fb5e46bc000-7fb5e46bd000 r--p 00016000 ca:01 396073 /lib/x86_64-linux-gnu/libnsl-2.19.so
7fb5e46bd000-7fb5e46be000 rw-p 00017000 ca:01 396073 /lib/x86_64-linux-gnu/libnsl-2.19.so
7fb5e46be000-7fb5e46c0000 rw-p 00000000 00:00 0
7fb5e46c0000-7fb5e46c9000 r-xp 00000000 ca:01 396074 /lib/x86_64-linux-gnu/libnss_compat-2.19.so
7fb5e46c9000-7fb5e48c8000 ---p 00009000 ca:01 396074 /lib/x86_64-linux-gnu/libnss_compat-2.19.so
7fb5e48c8000-7fb5e48c9000 r--p 00008000 ca:01 396074 /lib/x86_64-linux-gnu/libnss_compat-2.19.so
7fb5e48c9000-7fb5e48ca000 rw-p 00009000 ca:01 396074 /lib/x86_64-linux-gnu/libnss_compat-2.19.so
7fb5e48ca000-7fb5e4a85000 r-xp 00000000 ca:01 396042 /lib/x86_64-linux-gnu/libc-2.19.so
7fb5e4a85000-7fb5e4c84000 ---p 001bb000 ca:01 396042 /lib/x86_64-linux-gnu/libc-2.19.so
7fb5e4c84000-7fb5e4c88000 r--p 001ba000 ca:01 396042 /lib/x86_64-linux-gnu/libc-2.19.so
7fb5e4c88000-7fb5e4c8a000 rw-p 001be000 ca:01 396042 /lib/x86_64-linux-gnu/libc-2.19.so
7fb5e4c8a000-7fb5e4c8f000 rw-p 00000000 00:00 0
7fb5e4c8f000-7fb5e4cb2000 r-xp 00000000 ca:01 396032 /lib/x86_64-linux-gnu/ld-2.19.so
7fb5e4ea5000-7fb5e4ea8000 rw-p 00000000 00:00 0
7fb5e4eac000-7fb5e4eb1000 rw-p 00000000 00:00 0
7fb5e4eb1000-7fb5e4eb2000 r--p 00022000 ca:01 396032 /lib/x86_64-linux-gnu/ld-2.19.so
7fb5e4eb2000-7fb5e4eb3000 rw-p 00023000 ca:01 396032 /lib/x86_64-linux-gnu/ld-2.19.so
7fb5e4eb3000-7fb5e4eb4000 rw-p 00000000 00:00 0
7ffc5258b000-7ffc525ac000 rw-p 00000000 00:00 0 [stack]
7ffc525b0000-7ffc525b2000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
I tried shorter name for device, and if it's less than 30 characters,
it would be fine.
The weird thing is, I've tried to compile from
source(http://archive.ubuntu.com/ubuntu/pool/main/m/mdadm/mdadm_3.2.5.orig.tar.bz2
and patch the patches in
http://archive.ubuntu.com/ubuntu/pool/main/m/mdadm/mdadm_3.2.5-5ubuntu4.debian.tar.bz2
). It works well.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mdadm/+bug/1512554/+subscriptions
More information about the foundations-bugs
mailing list