[dm-devel] multipathd segfault
David Strand
dpstrand at gmail.com
Fri Mar 27 17:08:14 UTC 2009
Yep, that was exactly it.
2009/3/27 Hannes Reinecke <hare at suse.de>:
> David Strand wrote:
>>
>> I am getting a multipathd segfault when I have more than 26 devices,
>> and the device names become 4 characters. (i.e. /dev/sdz is consumed
>> and the next device is /dev/sdaa).
>>
>> I was trying to hook gdb to a core dump, but it keeps complaining that
>> it needs device-mapper-libs-debuginfo, which I can not find. Can
>> anyone point me to this?
>>
>> I built multipathd with -g turned on and did not strip it. Here is the
>> last few lines of output when I run it as multipathd -v9 -d:
>>
>> Jul 04 05:01:26 | alpa-0x000080: discover
>> Jul 04 05:01:26 | libdevmapper: ioctl/libdm-iface.c(1606): dm table
>> alpa-0x000080 NF [16384]
>> Jul 04 05:01:26 | *word = 0, len = 1
>> Jul 04 05:01:26 | *word = 0, len = 1
>> Jul 04 05:01:26 | *word = 1, len = 1
>> Jul 04 05:01:26 | *word = 1, len = 1
>> Jul 04 05:01:26 | *word = 1, len = 1
>> Jul 04 05:01:26 | *word = 1, len = 1
>> Jul 04 05:01:26 | *word = 65:160, len = 6
>> Jul 04 05:01:26 | *word = 1000, len = 4
>> Jul 04 05:01:26 | libdevmapper: ioctl/libdm-iface.c(1606): dm status
>> alpa-0x000080 NF [16384]
>> Jul 04 05:01:26 | *word = 2, len = 1
>> Jul 04 05:01:26 | *word = 0, len = 1
>> Jul 04 05:01:26 | *word = 0, len = 1
>> Jul 04 05:01:26 | *word = 1, len = 1
>> Jul 04 05:01:26 | *word = E, len = 1
>> Jul 04 05:01:26 | *word = 1, len = 1
>> Jul 04 05:01:26 | *word = 0, len = 1
>> Jul 04 05:01:26 | *word = A, len = 1
>> Jul 04 05:01:26 | *word = 0, len = 1
>> Jul 04 05:01:26 | alpa-0x000080: rr_weight = 1 (internal default)
>> Jul 04 05:01:26 | alpa-0x000080: pgfailback = -2 (config file default)
>> Jul 04 05:01:26 | alpa-0x000080: no_path_retry = 3 (config file default)
>> Jul 04 05:01:26 | libdevmapper: ioctl/libdm-iface.c(1606): dm message
>> alpa-0x000080 NF queue_if_no_path
>> [16384]
>> Jul 04 05:01:26 | pg_timeout = NONE (internal default)
>> Jul 04 05:01:26 | alpa-0x000080: event checker started
>> Jul 04 05:01:26 | sdaa path added to devmap alpa-0x000080
>> Jul 04 05:01:26 | discard event on /block/sdaa/sdaa1
>> Segmentation fault
>>
> Oh, that one.
>
> Fixed by the attached path.
>
> Christophe, care to apply?
>
> Cheers,
>
> Hannes
> --
> Dr. Hannes Reinecke zSeries & Storage
> hare at suse.de +49 911 74053 688
> SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg
> GF: Markus Rex, HRB 16746 (AG Nürnberg)
>
> commit 223885b66311bbb47e439557eced066b3324ad8e
> Author: Hannes Reinecke <hare at suse.de>
> Date: Tue Mar 10 08:57:18 2009 +0100
>
> Stack overflow in uev_trigger()
>
> uev_discard uses sscanf to write a 10 byte string into an array,
> but I forgot to take the trailing NULL byte into account.
>
> References: bnc#476540
>
> Signed-off-by: Hannes Reinecke <hare at suse.de>
>
> diff --git a/multipathd/main.c b/multipathd/main.c
> index 7c995b6..1d8ff5a 100644
> --- a/multipathd/main.c
> +++ b/multipathd/main.c
> @@ -652,7 +652,7 @@ uxsock_trigger (char * str, char ** reply, int * len,
> void * trigger_data)
> static int
> uev_discard(char * devpath)
> {
> - char a[10], b[10], *c;
> + char a[11], b[11], *c;
>
> /*
> * keep only block devices, discard partitions
>
> --
> dm-devel mailing list
> dm-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/dm-devel
>
More information about the dm-devel
mailing list