Bug 141759

Summary: automount *** buffer overflow detected ***
Product: [Fedora] Fedora Reporter: Thomas J. Baker <tjb>
Component: util-linuxAssignee: Elliot Lee <sopwith>
Status: CLOSED RAWHIDE QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: bressers, jakub, jmoyer, sopwith, wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-12-09 16:47:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Thomas J. Baker 2004-12-03 16:41:49 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20041111 Firefox/1.0

Description of problem:
Since the Nov 30 rawhide updates, nfs mounting has failed:

[root@katratzi tjb]# mount wintermute:/home /xxx
*** buffer overflow detected ***
Aborted
[root@katratzi tjb]

automounts also fail:

Dec  2 16:15:52 katratzi automount[4056]: >> *** buffer overflow
detected ***
Dec  2 16:16:13 katratzi automount[4103]: >> *** buffer overflow
detected ***
Dec  2 16:16:13 katratzi automount[4105]: >> *** buffer overflow
detected ***
Dec  2 16:16:16 katratzi automount[4131]: >> *** buffer overflow
detected ***
Dec  2 16:18:41 katratzi automount[4252]: >> *** buffer overflow
detected ***

At first I thought this was related to selinux because I had
corresponding audits about portmap but that has since been fixed. (See
bug #141483)



Version-Release number of selected component (if applicable):
kernel-smp-2.6.9-1.1009_FC4, nfs-utils-1.0.6-43, autofs-4.1.3-41

How reproducible:
Always

Steps to Reproduce:
1. try to mount any nfs directory
2.
3.
    

Actual Results:  buffer overflow detected

Expected Results:  remote filesystem is mounted

Additional info:
Comment 1 Thomas J. Baker 2004-12-04 11:53:51 UTC 
This got switched to autofs but it also fails with the regular mount command. I
think that if it's not a kernel problem, it's a mount problem then, not autofs.
Should it be switched to util-linux?
Comment 2 Arjan van de Ven 2004-12-04 15:10:30 UTC 
probably should.

Can you do us a favor? Run "ulimit -c" first ( so that coredumps get enabled ),
then make the mount crash, and then run "gdb /bin/mount core"
inside gdb, type "bt" to get a backtrace, this is the information we need.
(and with "quite" you can exit gdb again)
Comment 3 Arjan van de Ven 2004-12-04 15:30:44 UTC 
ok this LOOKS like a dupe of 141733
Comment 4 Thomas J. Baker 2004-12-04 16:02:29 UTC 
[root@katratzi ~]# script
Script started, file is typescript
[root@katratzi ~]# ulimit -c 1000000
[root@katratzi ~]# mount wintermute:/home /xxx
*** buffer overflow detected ***
Aborted (core dumped)
[root@katratzi ~]# gdb /bin/mount core.21026
GNU gdb Red Hat Linux (6.1post-1.20040607.61rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...(no debugging symbols
found)...Using host libthread_db library "/lib/tls/libthread_db.so.1".

Core was generated by `mount wintermute:/home /xxx'.
Program terminated with signal 6, Aborted.
Reading symbols from /lib/tls/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib/tls/libc.so.6
Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /lib/libnss_nis.so.2...(no debugging symbols
found)...done.Loaded symbols for /lib/libnss_nis.so.2
Reading symbols from /lib/libnsl.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libnsl.so.1
#0  0x00b137a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
(gdb) bt
#0  0x00b137a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1  0x00b53955 in raise () from /lib/tls/libc.so.6
#2  0x00b55319 in abort () from /lib/tls/libc.so.6
#3  0x00b86f2a in __libc_message () from /lib/tls/libc.so.6
#4  0x00b86f64 in __libc_fatal () from /lib/tls/libc.so.6
#5  0x00c05e50 in __chk_fail () from /lib/tls/libc.so.6
#6  0x00c056d8 in _IO_str_chk_overflow () from /lib/tls/libc.so.6
#7  0x00b8aaff in _IO_default_xsputn_internal () from /lib/tls/libc.so.6
#8  0x00b694ff in vfprintf () from /lib/tls/libc.so.6
#9  0x00c0578b in __vsprintf_chk () from /lib/tls/libc.so.6
#10 0x00c056cd in __sprintf_chk () from /lib/tls/libc.so.6
#11 0x08053d73 in error ()
#12 0x0804aca0 in ?? ()
#13 0x088dcc50 in ?? ()
#14 0x088dcc68 in ?? ()
#15 0xfee34d78 in ?? ()
#16 0xfee34d7c in ?? ()
#17 0xfee34d4c in ?? ()
#18 0xfee34d50 in ?? ()
#19 0x00000000 in ?? ()
(gdb) quit
[root@katratzi ~]# exit
Script done, file is typescript
Comment 5 Thomas J. Baker 2004-12-04 16:04:03 UTC 
Looks like that last trace is pretty useless. Which debuginfo rpms should I
install to make it more useful? util-unix at least?
Comment 6 Thomas J. Baker 2004-12-09 15:11:04 UTC 
Latest util-unix seems to fix this bug.
Comment 7 Jeff Moyer 2004-12-09 15:24:57 UTC 
Okay, reassigning to util-linux.  Owner there can decide how to close the bug.
Comment 8 Elliot Lee 2004-12-09 16:47:38 UTC 
If it's gone in the latest util-linux then all is well.