[linux-lvm] LVM2.2.02.88 - segfault when using lv_t pointers obtained from lvm_vg_list_lvs

Alexander Lyakas alex.bolshoy at gmail.com
Sun Oct 9 19:46:08 UTC 2011 

Hello Zdenek,

I have done several runs with Valgrind, but unfortunately this problem
did not reproduce yet.

There are, however, several other observations from Valgrind and
non-Valgrind runs.

1) The following warning from Valgrind has appeared a couple of times:
==25539== Syscall param stat(file_name) points to unaddressable byte(s)
==25539==    at 0x61BE715: _xstat (xstat.c:38)
==25539==    by 0x50E016F: _insert (in /lib/liblvm2app.so.2.2)
==25539==    by 0x50E07CD: _full_scan (in /lib/liblvm2app.so.2.2)
==25539==    by 0x50E5DA8: persistent_filter_wipe (in /lib/liblvm2app.so.2.2)
==25539==    by 0x50E11D9: dev_iter_create (in /lib/liblvm2app.so.2.2)
==25539==    by 0x50D765C: lvmcache_label_scan (in /lib/liblvm2app.so.2.2)
==25539==    by 0x5109773: _vg_read (in /lib/liblvm2app.so.2.2)
==25539==    by 0x5109CDB: vg_read_internal (in /lib/liblvm2app.so.2.2)
==25539==    by 0x5109EE4: vg_read (in /lib/liblvm2app.so.2.2)
==25539==    by 0x50D2B74: lvm_vg_open (in /lib/liblvm2app.so.2.2)
==25539==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==25539==

2) Another warning from Valgrind
==25539== Warning: noted but unhandled ioctl 0x1261 with no size/direction hints
==25539==    This could cause spurious value errors to appear.
==25539==    See README_MISSING_SYSCALL_OR_IOCTL for guidance on
writing a proper wrapper.

3) With the new LVM version (88) there are a lot of error messages like:
semid 32997377: semop failed for cookie 0xd4d4ab7: incorrect semaphore state
Failed to set a proper state for notification semaphore identified by
cookie value 223169207 (0xd4d4ab7) to initialize waiting for incoming
notifications.

These messages mostly turn up after calling lvm_vg_close() after
removing an LV, and sometimes after activating an LV. I did not
compile LVM with debug info yet, to see who causes these messages
there.

4) Internal error: Maps lock 260780032 < unlock 260796416
This message also happens on lvm_vg_close(), right before the previous
error message

5) Additional error that is now frequently seen in syslog
Oct  5 06:49:54 i-0000067c prog: Wiping cache of LVM-capable devices
Oct  5 06:49:54 i-0000067c prog: device-mapper: status ioctl failed:
Invalid argument
Oct  5 06:49:54 i-0000067c prog: Failed to get state of mapped device
Oct  5 06:49:54 i-0000067c prog: device-mapper: status ioctl failed:
Invalid argument
Oct  5 06:49:54 i-0000067c prog: Failed to get state of mapped device
Oct  5 06:49:54 i-0000067c prog: device-mapper: status ioctl failed:
Invalid argument
Oct  5 06:49:54 i-0000067c prog: Failed to get state of mapped device
Oct  5 06:49:54 i-0000067c prog: device-mapper: status ioctl failed:
Invalid argument

I realize that there are several directions to follow here. So I would
really appreciate if you could advise what seems to look like a real
issue out of these. I will also continue trying to reproduce the
original segfault.

Thanks for your help,
  Alex.



On Wed, Sep 28, 2011 at 2:34 PM, Zdenek Kabelac
<zdenek.kabelac at gmail.com> wrote:
> 2011/9/28 Alexander Lyakas <alex.bolshoy at gmail.com>:
>> Hi everybody,
>> we started to work with this LVM version, and sometimes we hit an
>> issue when using lv_t pointers obtained from lvm_vg_list_lvs() API.
>> Here are a couple of examples:
>>
>> #0  0x00007f4487816d05 in raise () from /lib/x86_64-linux-gnu/libc.so.6
>> (gdb) bt
>> #0  0x00007f4487816d05 in raise () from /lib/x86_64-linux-gnu/libc.so.6
>> #1  0x00007f448781aa47 in abort () from /lib/x86_64-linux-gnu/libc.so.6
>> #2  0x00007f448784fd7b in ?? () from /lib/x86_64-linux-gnu/libc.so.6
>> #3  0x00007f448785cd7a in ?? () from /lib/x86_64-linux-gnu/libc.so.6
>> #4  0x00007f448785f31e in malloc () from /lib/x86_64-linux-gnu/libc.so.6
>> #5  0x00007f448784e75f in open_memstream () from /lib/x86_64-linux-gnu/libc.so.6
>
> Looks like you hit some internal glibc malloc  integrity selfcheck -
> so some memory has been unexpectedly modified - I'd advise to use
> valgrind tool to find proper place when the memory is overwritten.
>
>>        if (lv_list != NULL) {
>>                dm_list_iterate_items(lv_list_entry, lv_list) {
>>                        const char * lv_name_from_list = lvm_lv_get_name(lv_list_entry->lv);
>>                        if (strcmp(lv_name_from_list, lv_name) == 0) {
>>                                lv_handle = lv_list_entry->lv;
>>                                break;
>>                        }
>>                }
>>        }
>>
>> This is the code that we obtain the lv_t pointers from. Looking at the
>> new  lvm_lv_from_name() API, it does exactly the same (without giving
>> away copies of the list, names etc).  We started using the new API
>> anyways, and did not see any crashes with it (yet).
>>
>> Is there anything wrong in the way we obtain lv_t pointers? Could this
>> be some other issue?
>
>
> Depends on, what do you do with pointers - you can't use them once you
> free vg handle.
> But I think valgrind will be here better then 1000 words....
>
> Zdenek
>

More information about the linux-lvm mailing list