[Bug 2103596] [NEW] Activating a LVM RAID-1 volume causes a kernel BUG: "detected buffer overflow in strlen"

Marius Gedminas Wed, 19 Mar 2025 23:24:26 -0700

Public bug reported:

I have a server with four disks (two HDDs, two SSDs) that use both
traditional software RAID (md) and LVM with multiple volumes, most of
which use LVM raid1.  I've recently upgraded it to Ubuntu 22.04 LTS.


The problem: activating one of the LVM logical volumes causes a

Mar 19 12:18:58 fridge kernel: md/raid1:mdX: active with 2 out of 2 mirrors
Mar 19 12:18:58 fridge kernel: detected buffer overflow in strlen
Mar 19 12:18:58 fridge kernel: ------------[ cut here ]------------
Mar 19 12:18:58 fridge kernel: kernel BUG at lib/string.c:1165!
Mar 19 12:18:58 fridge kernel: invalid opcode: 0000 [#1] SMP PTI
Mar 19 12:18:58 fridge kernel: CPU: 1 PID: 132407 Comm: lvchange Not tainted 
5.15.0-134-generic #145-Ubuntu
Mar 19 12:18:58 fridge kernel: Hardware name: Gigabyte Technology Co., Ltd. 
H370M-DS3H/H370M DS3H-CF, BIOS F2 04/20/2018
Mar 19 12:18:58 fridge kernel: RIP: 0010:fortify_panic+0x13/0x15
Mar 19 12:18:59 fridge kernel: Code: 5c 44 88 e8 40 b5 fc ff 5b 41 5c 41 5d 41 
5e 41 5f 5d c3 cc cc cc cc 55 48 89 fe 48 c7 c7 e0 5c 44 88 48 89 e5 e8 1e b5 
fc ff <0f> 0b 41 0f b6 f5 48 c7 c7 10 73 ec 88 e8 cb ee 93 ff 48 8b 45 e0
Mar 19 12:18:59 fridge kernel: RSP: 0018:ffffbe47c178f9f8 EFLAGS: 00010246
Mar 19 12:18:59 fridge kernel: RAX: 0000000000000022 RBX: ffff9772c4cd7058 RCX: 
0000000000000027
Mar 19 12:18:59 fridge kernel: RDX: 0000000000000000 RSI: 0000000000000001 RDI: 
ffff97761e460580
Mar 19 12:18:59 fridge kernel: RBP: ffffbe47c178f9f8 R08: 0000000000000003 R09: 
0000000000cdcdcd
Mar 19 12:18:59 fridge kernel: R10: ffffffff880a7980 R11: ffff9772cba90320 R12: 
0000000000000000
Mar 19 12:18:59 fridge kernel: R13: ffff9774a3d19a00 R14: ffff9773dfa2ef00 R15: 
0000000000000000
Mar 19 12:18:59 fridge kernel: FS:  00007f2f2cbc58c0(0000) 
GS:ffff97761e440000(0000) knlGS:0000000000000000
Mar 19 12:18:59 fridge kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Mar 19 12:18:59 fridge kernel: CR2: 00007fd43877ce24 CR3: 0000000103d92005 CR4: 
00000000003726e0
Mar 19 12:18:59 fridge kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 
0000000000000000
Mar 19 12:18:59 fridge kernel: DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 
0000000000000400
Mar 19 12:18:59 fridge kernel: Call Trace:
Mar 19 12:18:59 fridge kernel:  <TASK>
Mar 19 12:18:59 fridge kernel:  ? show_trace_log_lvl+0x1d6/0x2ea
Mar 19 12:18:59 fridge kernel:  ? show_trace_log_lvl+0x1d6/0x2ea
Mar 19 12:18:59 fridge kernel:  ? md_bitmap_read_sb.cold+0x45/0xef
Mar 19 12:18:59 fridge kernel:  ? show_regs.part.0+0x23/0x29
Mar 19 12:18:59 fridge kernel:  ? __die_body.cold+0x8/0xd
Mar 19 12:18:59 fridge kernel:  ? __die+0x2b/0x37
Mar 19 12:18:59 fridge kernel:  ? die+0x30/0x60
Mar 19 12:18:59 fridge kernel:  ? do_trap+0xbe/0x100
Mar 19 12:18:59 fridge kernel:  ? do_error_trap+0x6f/0xb0
Mar 19 12:18:59 fridge kernel:  ? fortify_panic+0x13/0x15
Mar 19 12:18:59 fridge kernel:  ? exc_invalid_op+0x53/0x70
Mar 19 12:18:59 fridge kernel:  ? fortify_panic+0x13/0x15
Mar 19 12:18:59 fridge kernel:  ? asm_exc_invalid_op+0x1b/0x20
Mar 19 12:18:59 fridge kernel:  ? fortify_panic+0x13/0x15
Mar 19 12:18:59 fridge kernel:  ? fortify_panic+0x13/0x15
Mar 19 12:18:59 fridge kernel:  md_bitmap_read_sb.cold+0x45/0xef
Mar 19 12:18:59 fridge kernel:  md_bitmap_create+0x182/0x250
Mar 19 12:18:59 fridge kernel:  md_run+0x3e0/0xa30
Mar 19 12:18:59 fridge kernel:  ? super_validate+0x124/0x1a0 [dm_raid]
Mar 19 12:18:59 fridge kernel:  raid_ctr+0x4af/0xbba [dm_raid]
Mar 19 12:18:59 fridge kernel:  dm_table_add_target+0x17c/0x370
Mar 19 12:18:59 fridge kernel:  table_load+0x127/0x350
Mar 19 12:18:59 fridge kernel:  ctl_ioctl+0x1e3/0x320
Mar 19 12:18:59 fridge kernel:  dm_ctl_ioctl+0xe/0x20
Mar 19 12:18:59 fridge kernel:  __x64_sys_ioctl+0x92/0xd0
Mar 19 12:18:59 fridge kernel:  x64_sys_call+0x1e5f/0x1fa0
Mar 19 12:18:59 fridge kernel:  do_syscall_64+0x56/0xb0
Mar 19 12:18:59 fridge kernel:  ? syscall_exit_to_user_mode+0x2c/0x50
Mar 19 12:18:59 fridge kernel:  ? do_syscall_64+0x63/0xb0
Mar 19 12:18:59 fridge kernel:  ? do_syscall_64+0x63/0xb0
Mar 19 12:18:59 fridge kernel:  ? exit_to_user_mode_prepare+0x96/0xb0
Mar 19 12:18:59 fridge kernel:  ? syscall_exit_to_user_mode+0x2c/0x50
Mar 19 12:18:59 fridge kernel:  ? do_syscall_64+0x63/0xb0
Mar 19 12:18:59 fridge kernel:  ? do_syscall_64+0x63/0xb0
Mar 19 12:18:59 fridge kernel:  ? do_syscall_64+0x63/0xb0
Mar 19 12:18:59 fridge kernel:  entry_SYSCALL_64_after_hwframe+0x6c/0xd6
Mar 19 12:18:59 fridge kernel: RIP: 0033:0x7f2f2d0cc94f
Mar 19 12:18:59 fridge kernel: Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 
04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 
0f 05 <41> 89 c0 3d 00 f0 ff ff 77 1f 48 8b 44 24 18 64 48 2b 04 25 28 00
Mar 19 12:18:59 fridge kernel: RSP: 002b:00007ffc4ff09db0 EFLAGS: 00000246 
ORIG_RAX: 0000000000000010
Mar 19 12:18:59 fridge kernel: RAX: ffffffffffffffda RBX: 00005597949ef960 RCX: 
00007f2f2d0cc94f
Mar 19 12:18:59 fridge kernel: RDX: 00005597b26b2820 RSI: 00000000c138fd09 RDI: 
0000000000000003
Mar 19 12:18:59 fridge kernel: RBP: 00007ffc4ff09ec0 R08: 0000559794b5d500 R09: 
00007ffc4ff09c70
Mar 19 12:18:59 fridge kernel: R10: 0000559794b5d228 R11: 0000000000000246 R12: 
0000559794b5c80a
Mar 19 12:18:59 fridge kernel: R13: 0000559794b5c80a R14: 0000559794b5c80a R15: 
0000559794b5c80a
Mar 19 12:18:59 fridge kernel:  </TASK>
Mar 19 12:18:59 fridge kernel: Modules linked in: xt_multiport tls softdog 
vhost_net vhost vhost_iotlb tap xt_CHECKSUM xt_MASQUERADE xt_conntrack 
ipt_REJECT nf_reject_ipv4 xt_tcpudp nft_compat nft_chain_nat nf_nat 
nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nft_counter nf_tables nfnetlink 
bridge stp llc binfmt_misc snd_hda_codec_hdmi snd_hda_codec_realtek 
snd_hda_codec_generic snd_sof_pci_intel_cnl snd_sof_intel_hda_common 
soundwire_intel nls_iso8859_1 soundwire_generic_allocation intel_rapl_msr 
soundwire_cadence mei_hdcp snd_sof_intel_hda snd_sof_pci snd_sof_xtensa_dsp 
snd_sof snd_soc_hdac_hda snd_hda_ext_core snd_soc_acpi_intel_match snd_soc_acpi 
soundwire_bus ledtrig_audio intel_rapl_common intel_tcc_cooling snd_soc_core 
x86_pkg_temp_thermal snd_compress intel_powerclamp i915 ac97_bus 
snd_pcm_dmaengine kvm_intel snd_hda_intel snd_intel_dspcfg kvm crct10dif_pclmul 
snd_intel_sdw_acpi ttm ghash_clmulni_intel drm_kms_helper sha256_ssse3 cec 
sha1_ssse3 snd_hda_codec snd_hda_core snd_hwdep snd_pcm
Mar 19 12:18:59 fridge kernel:  snd_seq_midi snd_seq_midi_event rc_core 
i2c_algo_bit aesni_intel snd_rawmidi crypto_simd cryptd snd_seq snd_seq_device 
rapl fb_sys_fops syscopyarea intel_cstate snd_timer gigabyte_wmi wmi_bmof 
input_leds snd ee1004 soundcore sysfillrect mei_me sysimgblt mei 
intel_pch_thermal mac_hid acpi_pad sch_fq_codel coretemp parport_pc ppdev lp 
parport drm efi_pstore ip_tables x_tables autofs4 raid10 raid0 multipath linear 
dm_raid raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor 
raid6_pq libcrc32c raid1 hid_generic usbhid hid crc32_pclmul e1000e xhci_pci 
i2c_i801 ahci i2c_smbus xhci_pci_renesas libahci wmi video pinctrl_cannonlake
Mar 19 12:18:59 fridge kernel: ---[ end trace 9d72257242c99198 ]---
Mar 19 12:18:59 fridge kernel: RIP: 0010:fortify_panic+0x13/0x15
Mar 19 12:18:59 fridge kernel: Code: 5c 44 88 e8 40 b5 fc ff 5b 41 5c 41 5d 41 
5e 41 5f 5d c3 cc cc cc cc 55 48 89 fe 48 c7 c7 e0 5c 44 88 48 89 e5 e8 1e b5 
fc ff <0f> 0b 41 0f b6 f5 48 c7 c7 10 73 ec 88 e8 cb ee 93 ff 48 8b 45 e0
Mar 19 12:18:59 fridge kernel: RSP: 0018:ffffbe47c178f9f8 EFLAGS: 00010246
Mar 19 12:18:59 fridge kernel: RAX: 0000000000000022 RBX: ffff9772c4cd7058 RCX: 
0000000000000027
Mar 19 12:18:59 fridge kernel: RDX: 0000000000000000 RSI: 0000000000000001 RDI: 
ffff97761e460580
Mar 19 12:18:59 fridge kernel: RBP: ffffbe47c178f9f8 R08: 0000000000000003 R09: 
0000000000cdcdcd
Mar 19 12:18:59 fridge kernel: R10: ffffffff880a7980 R11: ffff9772cba90320 R12: 
0000000000000000
Mar 19 12:18:59 fridge kernel: R13: ffff9774a3d19a00 R14: ffff9773dfa2ef00 R15: 
0000000000000000
Mar 19 12:18:59 fridge kernel: FS:  00007f2f2cbc58c0(0000) 
GS:ffff97761e440000(0000) knlGS:0000000000000000
Mar 19 12:18:59 fridge kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Mar 19 12:18:59 fridge kernel: CR2: 00007fd43877ce24 CR3: 0000000103d92005 CR4: 
00000000003726e0
Mar 19 12:18:59 fridge kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 
0000000000000000
Mar 19 12:18:59 fridge kernel: DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 
0000000000000400


and the volume is not activated (/dev/mapper/fridge-jenkins never gets created, 
the volume never shows up in dmsetup output).  Any further vgchange operations 
on this LV hang in the kernel with /proc/$pid/wchan  showing dm_lock_md_type, 
and /proc/$pid/stack showing the full kernel stack to be

[<0>] dm_lock_md_type+0x12/0x20
[<0>] table_load+0xcb/0x350
[<0>] ctl_ioctl+0x1e3/0x320
[<0>] dm_ctl_ioctl+0xe/0x20
[<0>] __x64_sys_ioctl+0x92/0xd0
[<0>] x64_sys_call+0x1e5f/0x1fa0
[<0>] do_syscall_64+0x56/0xb0
[<0>] entry_SYSCALL_64_after_hwframe+0x6c/0xd6


I cannot test whether this volume can be activated with the older 5.4 kernel 
left over from Ubuntu 20.04 LTS, as do-release-upgrade regenerated all of the 
initramfses and now the old kernel fails to boot (kernel panic due to not 
finding the root filesystem (which is on one of the LVM raid1 volumes and works 
fine with kernel 5.15).

I've managed to extract the filesystem itself from the LV subvolumes.
The images on both RAID drives where identical, and the metadata blocks
differ in one bit (00 vs 01 at offset 13 decimal).

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: linux-image-5.15.0-134-generic 5.15.0-134.145
ProcVersionSignature: Ubuntu 5.15.0-134.145-generic 5.15.173
Uname: Linux 5.15.0-134-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.6
Architecture: amd64
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/by-path', 
'/dev/snd/controlC0', '/dev/snd/hwC0D2', '/dev/snd/hwC0D0', 
'/dev/snd/pcmC0D10p', '/dev/snd/pcmC0D9p', '/dev/snd/pcmC0D8p', 
'/dev/snd/pcmC0D7p', '/dev/snd/pcmC0D3p', '/dev/snd/pcmC0D2c', 
'/dev/snd/pcmC0D1p', '/dev/snd/pcmC0D0c', '/dev/snd/pcmC0D0p', '/dev/snd/seq', 
'/dev/snd/timer'] failed with exit code 1:
CasperMD5CheckResult: unknown
Date: Wed Mar 19 12:20:02 2025
HibernationDevice: RESUME=UUID=5cba47a1-e555-49e7-8ff0-4f0fb09e062f
Lsusb:
 Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
 Bus 001 Device 002: ID 0a81:0101 Chesen Electronics Corp. Keyboard
 Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Lsusb-t:
 /:  Bus 02.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/8p, 10000M
 /:  Bus 01.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/16p, 480M
     |__ Port 9: Dev 2, If 0, Class=Human Interface Device, Driver=usbhid, 1.5M
     |__ Port 9: Dev 2, If 1, Class=Human Interface Device, Driver=usbhid, 1.5M
MachineType: Gigabyte Technology Co., Ltd. H370M-DS3H
ProcEnviron:
 LC_CTYPE=lt_LT.UTF-8
 TERM=screen.xterm-256color
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcFB: 0 i915drmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.15.0-134-generic 
root=/dev/mapper/hostname-root ro nomdmonddf nomdmonisw
RelatedPackageVersions:
 linux-restricted-modules-5.15.0-134-generic N/A
 linux-backports-modules-5.15.0-134-generic  N/A
 linux-firmware                              20220329.git681281e4-0ubuntu3.36
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: Upgraded to jammy on 2025-03-18 (1 days ago)
dmi.bios.date: 04/20/2018
dmi.bios.release: 5.13
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: F2
dmi.board.asset.tag: Default string
dmi.board.name: H370M DS3H-CF
dmi.board.vendor: Gigabyte Technology Co., Ltd.
dmi.board.version: x.x
dmi.chassis.asset.tag: Default string
dmi.chassis.type: 3
dmi.chassis.vendor: Default string
dmi.chassis.version: Default string
dmi.modalias: 
dmi:bvnAmericanMegatrendsInc.:bvrF2:bd04/20/2018:br5.13:svnGigabyteTechnologyCo.,Ltd.:pnH370M-DS3H:pvrDefaultstring:rvnGigabyteTechnologyCo.,Ltd.:rnH370MDS3H-CF:rvrx.x:cvnDefaultstring:ct3:cvrDefaultstring:skuDefaultstring:
dmi.product.family: Default string
dmi.product.name: H370M-DS3H
dmi.product.sku: Default string
dmi.product.version: Default string
dmi.sys.vendor: Gigabyte Technology Co., Ltd.

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug jammy

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2103596

Title:
  Activating a LVM RAID-1 volume causes a kernel BUG: "detected buffer
  overflow in strlen"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2103596/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2103596] [NEW] Activating a LVM RAID-1 volume causes a kernel BUG: "detected buffer overflow in strlen"

Reply via email to