<div class="zcontentRow"> <p>Hello Ben,</p><p><br></p><p><span style="font-size: 13px;font-family: Arial, sans-serif">This bugs occurred in out automatic testing environment</span>,</p><p style="margin-top:5px;margin-right:0;margin-bottom:5px;margin-left: 0;line-height:19px"><span style="font-size: 13px;font-family: Arial, sans-serif">I think it is triggered by "dmsetup remove maps" command because </span></p><p style="margin-top:5px;margin-right:0;margin-bottom:5px;margin-left: 0;line-height:19px"><span style="font-size: 13px;font-family: Arial, sans-serif">there are many uevent messages which indicating that</span></p><p style="margin-top:5px;margin-right:0;margin-bottom:5px;margin-left: 0;line-height:19px"><span style="font-size: 13px;font-family: Arial, sans-serif">dm device have been removed before the segment fault occurred.</span></p><p style="margin-top:5px;margin-right:0;margin-bottom:5px;margin-left: 0;line-height:19px"><span style="font-size: 13px;font-family: Arial, sans-serif"><br></span></p><p style="margin: 5px 0px;"><font face="Arial, sans-serif"><span style="font-size: 13px; line-height: 19.5px;">Cherrs,</span></font></p><p style="margin: 5px 0px;"><font face="Arial, sans-serif"><span style="font-size: 13px; line-height: 19.5px;">Tang</span></font></p><p><br></p><p><br></p><div><div class="zhistoryRow" style="display:block"><div id="zwriteHistoryContainer"><div class="control-group zhistoryPanel"><div><span style="font-size:10px;color:#5F5F5F;font-family:sans-serif">发件人:       </span><span style="font-size:10px;font-family:sans-serif">"Benjamin Marzinski" ＜bmarzins@redhat.com＞</span><br> <span style="font-size:10px;color:#5F5F5F;font-family:sans-serif">收件人:   </span><span style="font-size:10px;font-family:sans-serif">tang.junhui@zte.com.cn, </span><br> <span style="font-size:10px;color:#5F5F5F;font-family:sans-serif">抄送:      </span><span style="font-size:10px;font-family:sans-serif">dm-devel@redhat.com, zhang.kai16@zte.com.cn</span><br> <span style="font-size:10px;color:#5F5F5F;font-family:sans-serif">日期:   </span><span style="font-size:10px;font-family:sans-serif">2016-10-19 00:29</span><br> <span style="font-size:10px;color:#5F5F5F;font-family:sans-serif">主题:      </span><span style="font-size:10px;font-family:sans-serif">Re: [dm-devel] [PATCH 1/3] segment faulty occured in dm_get_status()</span><br> <span style="font-size:10px;color:#5F5F5F;font-family:sans-serif">发件人:       </span><span style="font-size:10px;font-family:sans-serif">dm-devel-bounces@redhat.com</span><br> <hr width="100%" size="2" align="left" noshade="" style="color:#8091A5; "><br> <br> <br> <tt><span style="font-size:12px">On Tue, Oct 18, 2016 at 10:51:07AM +0800, tang.junhui@zte.com.cn wrote:<br> ＞ From: "tang.junhui" ＜tang.junhui@zte.com.cn＞<br> ＞ <br> ＞ Signed-off-by: tang.junhui ＜tang.junhui@zte.com.cn＞<br> <br> ACK. Obviously we don't want uninitialized pointers.  But do you know<br> what as going on with the device that caused it to return no target? Was<br> there simply no table loaded for the device? <br> <br> -Ben<br> <br> ＞ <br> ＞ segment faulty occured in dm_get_status(), the call trace is:<br> ＞ ----------------------------------------------------------------------<br> ＞ (gdb) bt<br> ＞ 0  0x000000338ec328a5 in raise () from /lib64/libc.so.6<br> ＞ 1  0x000000338ec3400d in abort () from /lib64/libc.so.6<br> ＞ 2  0x000000000040596d in sigsegv ()<br> ＞ 3  ＜signal handler called＞<br> ＞ 4  0x000000338ec480ac in vfprintf () from /lib64/libc.so.6<br> ＞ 5  0x000000338ec6f9d2 in vsnprintf () from /lib64/libc.so.6<br> ＞ 6  0x000000338ec4f4a3 in snprintf () from /lib64/libc.so.6<br> ＞ 7  0x00007f43fe66bbb9 in dm_get_status (name=0x7f43f0001eb0 "spathe",<br> ＞ outstatus=＜value optimized out＞) at devmapper.c:521<br> ＞ 8  0x00007f43fe68c058 in update_multipath_status (mpp=0x7f43f000ad60,<br> ＞ pathvec=＜value optimized out＞) at structs_vec.c:465<br> ＞ 9  update_multipath_strings (mpp=0x7f43f000ad60, pathvec=＜value optimized<br> ＞ out＞) at structs_vec.c:495<br> ＞ 10 0x0000000000409056 in check_path ()<br> ＞ 11 0x0000000000409c7e in checkerloop ()<br> ＞ 12 0x0000003b27207851 in start_thread () from /lib64/libpthread.so.0<br> ＞ 13 0x000000338ece890d in clone () from /lib64/libc.so.6<br> ＞ -----------------------------------------------------------------------<br> ＞ we debuged the code, and found that targets information storing in the<br> ＞ list dmt-＞head which fetching from kernel by executing dm_task_run()<br> ＞ is null.<br> ＞ -----------------------------------------------------------------------<br> ＞ rbx            0x7f43c4000d60   139929027874144<br> ＞ (gdb) p *(struct dm_task *)0x7f43c4000d60<br> ＞ $3 = {type = 10, dev_name = 0x7f43c4000d40 "spathe", head = 0x0, tail =<br> ＞ 0x0, read_only = 0, event_nr = 0, major = -1, minor = -1,<br> ＞   allow_default_major_fallback = 1, uid = 0, gid = 0, mode = 384,<br> ＞   read_ahead = 4294967295, read_ahead_flags = 0, dmi = {<br> ＞       v4 = 0x7f43c40011e0, v1 = 0x7f43c40011e0}, newname = 0x0, message =<br> ＞       0x0, geometry = 0x0, sector = 0, no_flush = 0,<br> ＞         no_open_count = 1, skip_lockfs = 0, query_inactive_table = 0,<br> ＞                 suppress_identical_reload = 0, existing_table_size = 0,<br> ＞             cookie_set = 0, uuid = 0x0}<br> ＞ -----------------------------------------------------------------------<br> ＞ since status is not initioned to null, so after calling<br> ＞ dm_get_next_target(dmt, next, &start, &length,&target_type,<br> ＞ &status),status becaming wild pointer, which lead snprintf() into the<br> ＞ situation of segment faulty.<br> ＞ ---<br> ＞  libmultipath/devmapper.c | 8 ++++++--<br> ＞  1 file changed, 6 insertions(+), 2 deletions(-)<br> ＞ <br> ＞ diff --git a/libmultipath/devmapper.c b/libmultipath/devmapper.c<br> ＞ index 5eb1713..89aa5da 100644<br> ＞ --- a/libmultipath/devmapper.c<br> ＞ +++ b/libmultipath/devmapper.c<br> ＞ @@ -534,8 +534,8 @@ dm_get_status(char * name, char * outstatus)<br> ＞                   int r = 1;<br> ＞                   struct dm_task *dmt;<br> ＞                 uint64_t start, length;<br> ＞ -                 char *target_type;<br> ＞ -              char *status;<br> ＞ +           char *target_type = NULL;<br> ＞ +               char *status = NULL;<br> ＞  <br> ＞            if (!(dmt = dm_task_create(DM_DEVICE_STATUS)))<br> ＞                               return 1;<br> ＞ @@ -551,6 +551,10 @@ dm_get_status(char * name, char * outstatus)<br> ＞            /* Fetch 1st target */<br> ＞               dm_get_next_target(dmt, NULL, &start, &length,<br> ＞                                                  &target_type, &status);<br> ＞ +            if (!status) {<br> ＞ +                          condlog(2, "get null status.");<br> ＞ +                               goto out;<br> ＞ +               }<br> ＞  <br> ＞               if (snprintf(outstatus, PARAMS_SIZE, "%s", status) ＜= PARAMS_SIZE)<br> ＞                               r = 0;<br> ＞ -- <br> ＞ 2.8.1.windows.1<br> <br> --<br> dm-devel mailing list<br> dm-devel@redhat.com<br> </span></tt><tt><span style="font-size:12px"><a href="https://www.redhat.com/mailman/listinfo/dm-devel" target="_blank">https://www.redhat.com/mailman/listinfo/dm-devel</a></span></tt><tt><span style="font-size:12px"><br> </span></tt></div><p><br></p></div></div></div></div><p><br></p> </div>