** Changed in: zfs-linux (Ubuntu Hirsute)
Assignee: (unassigned) => Andrea Righi (arighi)
** Changed in: zfs-linux (Ubuntu Hirsute)
Importance: Undecided => High
** Changed in: zfs-linux (Ubuntu Groovy)
Importance: Undecided => High
** Changed in: zfs-linux (Ubuntu Focal)
Importance: Undecided => High
** Changed in: zfs-linux (Ubuntu Bionic)
Importance: Undecided => High
** Changed in: zfs-linux (Ubuntu Xenial)
Importance: Undecided => High
** Changed in: zfs-linux (Ubuntu Hirsute)
Status: New => In Progress
** Changed in: zfs-linux (Ubuntu Groovy)
Status: New => In Progress
** Changed in: zfs-linux (Ubuntu Focal)
Status: New => In Progress
** Changed in: zfs-linux (Ubuntu Bionic)
Status: New => In Progress
** Changed in: zfs-linux (Ubuntu Xenial)
Status: New => In Progress
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to zfs-linux in Ubuntu.
https://bugs.launchpad.net/bugs/1902588
Title:
zfs mount -a: double free / memory corruption / segfault when
mountpoint of dataset is not empty
Status in zfs-linux package in Ubuntu:
In Progress
Status in zfs-linux source package in Xenial:
In Progress
Status in zfs-linux source package in Bionic:
In Progress
Status in zfs-linux source package in Focal:
In Progress
Status in zfs-linux source package in Groovy:
In Progress
Status in zfs-linux source package in Hirsute:
In Progress
Bug description:
== SRU Justification Focal ==
zfs mount -a when run on a nonempty mountpoint causes a double free,
memory corruption, and a segfault.
== Impact ==
Double free and memory corruption in ZFS when run as root and
attempting to mount all. While running this I observed other ZFS
volumes randomly unmounting, and mount points owner being spuriously
zeroed (set to root).
== Fix ==
https://github.com/openzfs/zfs/commit/d1b84da8c1a69c084f04b504beefe804591bca07
== Test ==
Steps are laid out in the ZFS issue:
https://github.com/openzfs/zfs/issues/9560
== Regression Potential ==
Limited to the behavior of zfs mount when a previous attempt to mount
has failed, or is still in progress. Changes the behavior in that case
to failure, instead of double-free.
Example case of running into this bug, with dmesg:
https://pastebin.com/YRXW8WgM
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.1 LTS
Release: 20.04
Codename: focal
$ apt-cache policy zfsutils-linux
zfsutils-linux:
Installed: 0.8.3-1ubuntu12.4
Candidate: 0.8.3-1ubuntu12.4
Version table:
*** 0.8.3-1ubuntu12.4 500
500 http://us.archive.ubuntu.com/ubuntu focal-updates/main amd64
Packages
100 /var/lib/dpkg/status
0.8.3-1ubuntu12 500
500 http://us.archive.ubuntu.com/ubuntu focal/main amd64 Packages
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1902588/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
