Package: mount
Version: 2.19.1-4
Severity: normal
mount seg faults when mounting /lib/init/rw as follows:
$ mount -n -t tmpfs -o nosuid,size=5242880,mode=755 tmpfs /lib/init/rw
mount[27577]: segfault at b79000 ip 00007f63c842eb20 sp 00007fff63d5f998
error 6 in libc-2.13.so[7f63c83b4000+17a000]
A backtrace and valgrind output are included below.
I tracked it down to try_mount_one which starts out by setting
mount_opts = extra_opts;
If SELinux is enabled, it then calls
append_context(..., &mount_opts);
append_context reallocates mount_opts, so extra_opts now points to an
invalid location.
But try_mount_opts goes on to pass extra_opts to fix_opts_string.
backtrace:
#0 strcat () at ../sysdeps/x86_64/strcat.S:218
#1 0x000000000040b9c4 in xstrconcat3 (
s=0x618940
"rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,"...,
t=0x40f6f4 ",",
u=0x618940
"rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,"...)
at sundries.c:58
#2 0x00000000004049cd in fix_opts_string (flags=0,
extra_opts=0x618940
"rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,rw,nosuid,"...,
user=0x0) at mount.c:619
#3 0x0000000000405fa7 in try_mount_one (spec0=0x618860 "tmpfs",
node0=0x7fffffffe935 "/lib/init/rw",
types0=0x7fffffffe909 "tmpfs", opts0=0x618830
"nosuid,size=5242880,mode=755", ro=0, pass=0, freq=0)
at mount.c:1635
#4 0x00000000004079a6 in mount_one (spec=0x618860 "tmpfs", node=0x7fffffffe935
"/lib/init/rw",
types=<value optimized out>, fstabopts=<value optimized out>,
cmdlineopts=0x618800 "nosuid,size=5242880,mode=755", pass=0, freq=0) at
mount.c:2028
#5 0x0000000000403d85 in main (argc=<value optimized out>, argv=<value
optimized out>) at mount.c:2671
valgrind output:
==27521== Memcheck, a memory error detector
==27521== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et
al.
==27521== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright
info
==27521== Command: debian/mount/bin/mount -n -t tmpfs -o
nosuid,size=5242880,mode=755 tmpfs /lib/init/rw
==27521==
==27521== Invalid read of size 1
==27521== at 0x404994: fix_opts_string (mount.c:618)
==27521== by 0x405FA6: try_mount_one.constprop.8 (mount.c:1635)
==27521== by 0x4079A5: mount_one.constprop.5 (mount.c:2028)
==27521== by 0x403D84: main (mount.c:2671)
==27521== Address 0x5e585f0 is 0 bytes inside a block of size 22 free'd
==27521== at 0x4C27882: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27521== by 0x40C288: xrealloc (xmalloc.c:31)
==27521== by 0x40B9A0: xstrconcat3 (sundries.c:54)
==27521== by 0x40504C: append_context (mount.c:410)
==27521== by 0x407192: try_mount_one.constprop.8 (mount.c:1619)
==27521== by 0x4079A5: mount_one.constprop.5 (mount.c:2028)
==27521== by 0x403D84: main (mount.c:2671)
==27521==
==27521== Invalid read of size 1
==27521== at 0x4C28072: strlen (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27521== by 0x40B987: xstrconcat3 (sundries.c:45)
==27521== by 0x4049CC: fix_opts_string (mount.c:619)
==27521== by 0x405FA6: try_mount_one.constprop.8 (mount.c:1635)
==27521== by 0x4079A5: mount_one.constprop.5 (mount.c:2028)
==27521== by 0x403D84: main (mount.c:2671)
==27521== Address 0x5e585f0 is 0 bytes inside a block of size 22 free'd
==27521== at 0x4C27882: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27521== by 0x40C288: xrealloc (xmalloc.c:31)
==27521== by 0x40B9A0: xstrconcat3 (sundries.c:54)
==27521== by 0x40504C: append_context (mount.c:410)
==27521== by 0x407192: try_mount_one.constprop.8 (mount.c:1619)
==27521== by 0x4079A5: mount_one.constprop.5 (mount.c:2028)
==27521== by 0x403D84: main (mount.c:2671)
==27521==
==27521== Invalid read of size 1
==27521== at 0x4C28084: strlen (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27521== by 0x40B987: xstrconcat3 (sundries.c:45)
==27521== by 0x4049CC: fix_opts_string (mount.c:619)
==27521== by 0x405FA6: try_mount_one.constprop.8 (mount.c:1635)
==27521== by 0x4079A5: mount_one.constprop.5 (mount.c:2028)
==27521== by 0x403D84: main (mount.c:2671)
==27521== Address 0x5e585f1 is 1 bytes inside a block of size 22 free'd
==27521== at 0x4C27882: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27521== by 0x40C288: xrealloc (xmalloc.c:31)
==27521== by 0x40B9A0: xstrconcat3 (sundries.c:54)
==27521== by 0x40504C: append_context (mount.c:410)
==27521== by 0x407192: try_mount_one.constprop.8 (mount.c:1619)
==27521== by 0x4079A5: mount_one.constprop.5 (mount.c:2028)
==27521== by 0x403D84: main (mount.c:2671)
==27521==
==27521== Invalid read of size 1
==27521== at 0x4C27D89: strcat (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27521== by 0x40B9C3: xstrconcat3 (sundries.c:58)
==27521== by 0x4049CC: fix_opts_string (mount.c:619)
==27521== by 0x405FA6: try_mount_one.constprop.8 (mount.c:1635)
==27521== by 0x4079A5: mount_one.constprop.5 (mount.c:2028)
==27521== by 0x403D84: main (mount.c:2671)
==27521== Address 0x5e585f0 is 0 bytes inside a block of size 22 free'd
==27521== at 0x4C27882: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27521== by 0x40C288: xrealloc (xmalloc.c:31)
==27521== by 0x40B9A0: xstrconcat3 (sundries.c:54)
==27521== by 0x40504C: append_context (mount.c:410)
==27521== by 0x407192: try_mount_one.constprop.8 (mount.c:1619)
==27521== by 0x4079A5: mount_one.constprop.5 (mount.c:2028)
==27521== by 0x403D84: main (mount.c:2671)
==27521==
==27521== Invalid read of size 1
==27521== at 0x4C27DA2: strcat (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27521== by 0x40B9C3: xstrconcat3 (sundries.c:58)
==27521== by 0x4049CC: fix_opts_string (mount.c:619)
==27521== by 0x405FA6: try_mount_one.constprop.8 (mount.c:1635)
==27521== by 0x4079A5: mount_one.constprop.5 (mount.c:2028)
==27521== by 0x403D84: main (mount.c:2671)
==27521== Address 0x5e585f1 is 1 bytes inside a block of size 22 free'd
==27521== at 0x4C27882: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27521== by 0x40C288: xrealloc (xmalloc.c:31)
==27521== by 0x40B9A0: xstrconcat3 (sundries.c:54)
==27521== by 0x40504C: append_context (mount.c:410)
==27521== by 0x407192: try_mount_one.constprop.8 (mount.c:1619)
==27521== by 0x4079A5: mount_one.constprop.5 (mount.c:2028)
==27521== by 0x403D84: main (mount.c:2671)
==27521==
==27521== Invalid read of size 1
==27521== at 0x404994: fix_opts_string (mount.c:618)
==27521== by 0x405D1E: try_mount_one.constprop.8 (mount.c:1679)
==27521== by 0x4079A5: mount_one.constprop.5 (mount.c:2028)
==27521== by 0x403D84: main (mount.c:2671)
==27521== Address 0x5e585f0 is 0 bytes inside a block of size 22 free'd
==27521== at 0x4C27882: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27521== by 0x40C288: xrealloc (xmalloc.c:31)
==27521== by 0x40B9A0: xstrconcat3 (sundries.c:54)
==27521== by 0x40504C: append_context (mount.c:410)
==27521== by 0x407192: try_mount_one.constprop.8 (mount.c:1619)
==27521== by 0x4079A5: mount_one.constprop.5 (mount.c:2028)
==27521== by 0x403D84: main (mount.c:2671)
==27521==
==27521== Invalid read of size 1
==27521== at 0x4C28072: strlen (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27521== by 0x40B987: xstrconcat3 (sundries.c:45)
==27521== by 0x4049CC: fix_opts_string (mount.c:619)
==27521== by 0x405D1E: try_mount_one.constprop.8 (mount.c:1679)
==27521== by 0x4079A5: mount_one.constprop.5 (mount.c:2028)
==27521== by 0x403D84: main (mount.c:2671)
==27521== Address 0x5e585f0 is 0 bytes inside a block of size 22 free'd
==27521== at 0x4C27882: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27521== by 0x40C288: xrealloc (xmalloc.c:31)
==27521== by 0x40B9A0: xstrconcat3 (sundries.c:54)
==27521== by 0x40504C: append_context (mount.c:410)
==27521== by 0x407192: try_mount_one.constprop.8 (mount.c:1619)
==27521== by 0x4079A5: mount_one.constprop.5 (mount.c:2028)
==27521== by 0x403D84: main (mount.c:2671)
==27521==
==27521== Invalid read of size 1
==27521== at 0x4C28084: strlen (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27521== by 0x40B987: xstrconcat3 (sundries.c:45)
==27521== by 0x4049CC: fix_opts_string (mount.c:619)
==27521== by 0x405D1E: try_mount_one.constprop.8 (mount.c:1679)
==27521== by 0x4079A5: mount_one.constprop.5 (mount.c:2028)
==27521== by 0x403D84: main (mount.c:2671)
==27521== Address 0x5e585f1 is 1 bytes inside a block of size 22 free'd
==27521== at 0x4C27882: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27521== by 0x40C288: xrealloc (xmalloc.c:31)
==27521== by 0x40B9A0: xstrconcat3 (sundries.c:54)
==27521== by 0x40504C: append_context (mount.c:410)
==27521== by 0x407192: try_mount_one.constprop.8 (mount.c:1619)
==27521== by 0x4079A5: mount_one.constprop.5 (mount.c:2028)
==27521== by 0x403D84: main (mount.c:2671)
==27521==
==27521== Invalid read of size 1
==27521== at 0x4C27D89: strcat (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27521== by 0x40B9C3: xstrconcat3 (sundries.c:58)
==27521== by 0x4049CC: fix_opts_string (mount.c:619)
==27521== by 0x405D1E: try_mount_one.constprop.8 (mount.c:1679)
==27521== by 0x4079A5: mount_one.constprop.5 (mount.c:2028)
==27521== by 0x403D84: main (mount.c:2671)
==27521== Address 0x5e585f0 is 0 bytes inside a block of size 22 free'd
==27521== at 0x4C27882: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27521== by 0x40C288: xrealloc (xmalloc.c:31)
==27521== by 0x40B9A0: xstrconcat3 (sundries.c:54)
==27521== by 0x40504C: append_context (mount.c:410)
==27521== by 0x407192: try_mount_one.constprop.8 (mount.c:1619)
==27521== by 0x4079A5: mount_one.constprop.5 (mount.c:2028)
==27521== by 0x403D84: main (mount.c:2671)
==27521==
==27521== Invalid read of size 1
==27521== at 0x4C27DA2: strcat (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27521== by 0x40B9C3: xstrconcat3 (sundries.c:58)
==27521== by 0x4049CC: fix_opts_string (mount.c:619)
==27521== by 0x405D1E: try_mount_one.constprop.8 (mount.c:1679)
==27521== by 0x4079A5: mount_one.constprop.5 (mount.c:2028)
==27521== by 0x403D84: main (mount.c:2671)
==27521== Address 0x5e585f1 is 1 bytes inside a block of size 22 free'd
==27521== at 0x4C27882: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27521== by 0x40C288: xrealloc (xmalloc.c:31)
==27521== by 0x40B9A0: xstrconcat3 (sundries.c:54)
==27521== by 0x40504C: append_context (mount.c:410)
==27521== by 0x407192: try_mount_one.constprop.8 (mount.c:1619)
==27521== by 0x4079A5: mount_one.constprop.5 (mount.c:2028)
==27521== by 0x403D84: main (mount.c:2671)
==27521==
==27521== Invalid free() / delete / delete[]
==27521== at 0x4C268FE: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27521== by 0x405BFE: try_mount_one.constprop.8 (mount.c:1939)
==27521== by 0x4079A5: mount_one.constprop.5 (mount.c:2028)
==27521== by 0x403D84: main (mount.c:2671)
==27521== Address 0x5e585f0 is 0 bytes inside a block of size 22 free'd
==27521== at 0x4C27882: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27521== by 0x40C288: xrealloc (xmalloc.c:31)
==27521== by 0x40B9A0: xstrconcat3 (sundries.c:54)
==27521== by 0x40504C: append_context (mount.c:410)
==27521== by 0x407192: try_mount_one.constprop.8 (mount.c:1619)
==27521== by 0x4079A5: mount_one.constprop.5 (mount.c:2028)
==27521== by 0x403D84: main (mount.c:2671)
==27521==
==27521==
==27521== HEAP SUMMARY:
==27521== in use at exit: 2,015 bytes in 25 blocks
==27521== total heap usage: 99 allocs, 75 frees, 15,500 bytes
allocated
==27521==
==27521== LEAK SUMMARY:
==27521== definitely lost: 171 bytes in 3 blocks
==27521== indirectly lost: 1,671 bytes in 16 blocks
==27521== possibly lost: 0 bytes in 0 blocks
==27521== still reachable: 173 bytes in 6 blocks
==27521== suppressed: 0 bytes in 0 blocks
==27521== Rerun with --leak-check=full to see details of leaked memory
==27521==
==27521== For counts of detected and suppressed errors, rerun with: -v
==27521== ERROR SUMMARY: 91 errors from 11 contexts (suppressed: 4 from
4)
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.39 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages mount depends on:
ii libblkid1 2.19.1-4 block device id library
ii libc6 2.13-10 Embedded GNU C Library: Shared lib
ii libmount1 2.19.1-4 block device id library
ii libselinux1 2.0.98-1.1 SELinux runtime shared libraries
ii libsepol1 2.0.42-1 SELinux library for manipulating b
mount recommends no packages.
Versions of packages mount suggests:
pn nfs-common <none> (no description available)
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
