mdadm segfaults in lxd container

Bug #1691763 reported by Brian Candler
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
mdadm (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Inside a 16.04 lxd container (running in default unprivileged mode), inside a 16.04 host:

# /etc/cron.daily/mdadm
Segmentation fault (core dumped)

# strace -f /sbin/mdadm --monitor --scan --oneshot
...
brk(0x1ba1000) = 0x1ba1000
mknod("/dev/.tmp.md1", S_IFBLK|0600, makedev(9, 1)) = -1 EPERM (Operation not permitted)
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0} ---
+++ killed by SIGSEGV (core dumped) +++
Segmentation fault (core dumped)

This is troublesome because (a) mdadm is installed by default, (b) mdadm runs under a daily cron job, (c) cron sends out errors via E-mail. So you get spammed from each container.

As others have observed[^1], the workaround is to remove mdadm from inside lxd containers.

[^1] https://blog.sleeplessbeastie.eu/2017/05/04/how-to-fix-mdadm-segfault-inside-lxc-container/

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: mdadm 3.3-2ubuntu7.2
ProcVersionSignature: Ubuntu 4.8.0-52.55~16.04.1-generic 4.8.17
Uname: Linux 4.8.0-52-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: amd64
Date: Thu May 18 13:48:22 2017
Lsusb:
 Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
 Bus 001 Device 002: ID 413c:a001 Dell Computer Corp. Hub
 Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
MachineType: Dell Inc. PowerEdge R230
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.8.0-52-generic root=/dev/mapper/ix--mon2-root ro console=tty1 console=ttyS0,115200
SourcePackage: mdadm
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 01/12/2017
dmi.bios.vendor: Dell Inc.
dmi.bios.version: 2.0.8
dmi.board.name: 0DWX9P
dmi.board.vendor: Dell Inc.
dmi.board.version: A00
dmi.chassis.type: 23
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvr2.0.8:bd01/12/2017:svnDellInc.:pnPowerEdgeR230:pvr:rvnDellInc.:rn0DWX9P:rvrA00:cvnDellInc.:ct23:cvr:
dmi.product.name: PowerEdge R230
dmi.sys.vendor: Dell Inc.
etc.blkid.tab: Error: [Errno 2] No such file or directory: '/etc/blkid.tab'
initrd.files: Error: [Errno 2] No such file or directory: '/boot/initrd.img-4.8.0-52-generic'

Revision history for this message
Brian Candler (b-candler) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in mdadm (Ubuntu):
status: New → Confirmed
Revision history for this message
lordaro (charlespigott) wrote :

I just encountered this myself. Was a bit bored, so did some testing.

mdadm master HEAD (4.0) does not segfault, nor does the HEAD of the branch mdadm-3.3.4

However, if you acquire the actual version of source used by ubuntu (3.3, from 2013(!)) and compile, and run through gdb, you get:

Program received signal SIGSEGV, Segmentation fault.
strlen () at ../sysdeps/x86_64/strlen.S:106
106 ../sysdeps/x86_64/strlen.S: No such file or directory.
(gdb) bt
#0 strlen () at ../sysdeps/x86_64/strlen.S:106
#1 0x00007ffff7a9847e in __GI___strdup (s=0x0) at strdup.c:41
#2 0x0000000000477ddf in xstrdup (str=0x0) at xmalloc.c:66
#3 0x0000000000435009 in add_new_arrays (mdstat=0x6b4480, statelist=0x7fffffffe020, test=0, info=0x7fffffffe070)
    at Monitor.c:670
#4 0x00000000004336e7 in Monitor (devlist=0x0, mailaddr=0x6b4510 "root", alert_cmd=0x0, c=0x7fffffffe210,
    daemonise=0, oneshot=1, dosyslog=0, pidfile=0x0, increments=20, share=0) at Monitor.c:223
#5 0x0000000000406cd1 in main (argc=4, argv=0x7fffffffe6d8) at mdadm.c:1448

Monitor.c:670 is

st->devname = xstrdup(get_md_name(mse->devnm));

with the obvious unchecked return value of get_md_name

Looking through the git history, this was fixed with http://git.neil.brown.name/?p=mdadm.git;a=commitdiff;h=1e08717f0b7856b389e9d5eb2dc330d146636183

I'd recommend backporting this patch :)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.