[dm-devel] [PATCH] libmultipath: set mpp->hwe NULL when free_path

lixiaokeng lixiaokeng at huawei.com
Mon Sep 21 11:04:41 UTC 2020 

Here the segfault causes in select_pgfailback again. As show:

Core was generated by `/sbin/multipathd -d -s'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x0000ffffa2eb4a20 in select_pgfailback (conf=conf at entry=0xaaaaf89d0dd0, mp=mp at entry=0xffff88006be0) at propsel.c:199
199 mp_set_hwe(pgfailback);

0 0x0000ffffa2eb4a20 in select_pgfailback (conf=conf at entry=0xaaaaf89d0dd0, mp=mp at entry=0xffff88006be0) at propsel.c:199
1 0x0000ffffa2ec97bc in setup_map (mpp=0xaaaae4ff5000, params=0x1 <error: Cannot access memory at address 0x1>, params_size=65535, vecs=0xaaaae4fdc0a8) at configure.c:294
2 0x0000aaaae4fd0830 in ev_add_path (pp=0xffff880190b0, vecs=0xaaaaf89d0630, need_do_map=1) at main.c:1017
3 0x0000aaaae4fd0d04 in uev_add_path (uev=0xffffa24adf40, vecs=0xffffa24ad000, need_do_map=-278187383) at main.c:916
4 0x0000aaaae4fd1790 in uev_trigger (uev=0xffffa24adf40, trigger_data=0xffffa24ad410) at main.c:1490
5 0x0000ffffa2ec00cc in service_uevq (tmpq=tmpq at entry=0xffffa24ad618) at uevent.c:390
6 0x0000ffffa2ec01d4 in uevent_dispatch (uev_trigger=<optimized out>, trigger_data=<optimized out>) at uevent.c:446
7 0x0000aaaae4fce56c in uevqloop (ap=0xffffe42a5d50) at main.c:1523
8 0x0000ffffa2d9e7ac in start_thread (arg=0xffffa2595380) at pthread_create.c:486
9 0x0000ffffa2b577dc in thread_start () at ../sysdeps/unix/sysv/linux/aarch64/clone.S:78

(gdb) bt
(gdb) p *mp->hwe
$2 = {allocated = 1937339183, slot = 0x616c702f73656369}

Here we set mpp->hwe NULL in free_path if mpp->hwe == pp->hwe.

Reported-by: Tianxiong Lu <lutianxiong at huawei.com>
Signed-off-by:lixiaokeng <lixiaokeng at huawei.com>
---
 libmultipath/structs.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libmultipath/structs.c b/libmultipath/structs.c
index 464596fc..35dbaac1 100644
--- a/libmultipath/structs.c
+++ b/libmultipath/structs.c
@@ -150,6 +150,11 @@ free_path (struct path * pp)
 	if (pp->vpd_data)
 		free(pp->vpd_data);

+	if (pp->mpp && (pp->hwe == pp->mpp->hwe)) {
+		condlog(0, "BUG: free path %s that holds hwe of %s",
+		        pp->dev, pp->mpp->alias);
+		pp->mpp->hwe = NULL;
+	}
 	vector_free(pp->hwe);

 	FREE(pp);
--

More information about the dm-devel mailing list