Bug 557104 – dmeventd crash if both snapshot and mirror monitoring DSO are used

Bug 557104 - dmeventd crash if both snapshot and mirror monitoring DSO are used

Summary:	dmeventd crash if both snapshot and mirror monitoring DSO are used

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	lvm2 (Show other bugs)
Sub Component:
Version:	5.5
Hardware:	All Linux

Priority	high Severity high
Target Milestone:	rc
Target Release:	---
Assigned To:	Petr Rockai
QA Contact:	Cluster QE
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2010-01-20 07:46 EST by Milan Broz
Modified:	2013-02-28 23:09 EST (History)
CC List:	10 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2010-03-30 05:01:34 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Milan Broz 2010-01-20 07:46:44 EST

Description of problem:

Unsafe lvm2lib initialisation between two plugins cause memory corruption and dmeventd crash.

Version-Release number of selected component (if applicable):

lvm2-2.02.56-5.el5
device-mapper-1.02.39-1.el5

How reproducible:

1) run dmeventd in foreground mode "dmeventd -d" 

2)create VG with two mirrors and two snapshots, e.g.

# lvs vg_bar
  LV     VG     Attr   LSize Origin Snap%  Move Log        Copy%  Convert
  lv1    vg_bar owi-a- 4.00M
  lv1_s1 vg_bar swi-a- 4.00M lv1      0.20
  lv1_s2 vg_bar swi-a- 4.00M lv1      0.20
  lv2m   vg_bar mwi-a- 4.00M                    lv2m_mlog  100.00
  lv2m2  vg_bar mwi-a- 4.00M                    lv2m2_mlog 100.00

3) Activate and deactivate all volumes:
while :; do vgchange -a n vg_bar ; vgchange -a y vg_bar ; done

4) Enjoy the crash
# dmeventd -d     
You have a memory leak (not released memory pool):
 [0x9a5d458]                                      
 [0x9a5d478]                                      
 [0x9a5df48]                                      
 [0x9a5df68]                                      
 [0x9a83380]                                      
 [0x9a835a8]                                      
 [0x9a839d0]                                      
 [0x9a844d0]                                      
 [0x9a6c4c8]                                      
device-mapper: waitevent ioctl failed: Interrupted system call
You have a memory leak (not released memory pool):            
 [0x9a83380]                                                  
*** glibc detected *** dmeventd: realloc(): invalid next size: 0x09a73710 ***
======= Backtrace: =========                                                 
/lib/libc.so.6[0x7ff851]                                                     
/lib/libc.so.6(realloc+0xe6)[0x800276]                                       
/usr/lib/liblvm2cmd.so.2.02[0x1769be]                                        
/usr/lib/liblvm2cmd.so.2.02[0x176ad8]                                        
/usr/lib/liblvm2cmd.so.2.02[0x177845]                                        
/usr/lib/liblvm2cmd.so.2.02[0x1912f7]                                        
/usr/lib/liblvm2cmd.so.2.02(lvm2_init+0x1e)[0x19133e]                        
/lib/libdevmapper-event-lvm2mirror.so(register_device+0x9b)[0x6b3bbb]        
dmeventd[0x804aea9]
dmeventd(main+0xc93)[0x804be23]
/lib/libc.so.6(__libc_start_main+0xdc)[0x7a9e9c]

Expected results:

lvm2_init and lvm2_exit (and internal constructors/destructors) must use some kind od reference counting or globally allocated structs must be moved into command context.

Comment 2 Milan Broz 2010-01-27 08:40:49 EST

Fix in upstream cvs -> POST.

Comment 3 Milan Broz 2010-01-27 10:01:53 EST

Patch in lvm2-2_02_56-6_el5.

Comment 6 Corey Marthaler 2010-02-03 17:11:08 EST

Is this message still expected in the latest rpms?

device-mapper: waitevent ioctl failed: Interrupted system call

Comment 7 Corey Marthaler 2010-02-03 17:30:10 EST

The segfault in this bug is verified fixed in lvm2-2.02.56-6.el5. I also verified that multiple VGs containing multiple snaps/mirrors also works.

Waiting to put this into the VERIFIED state until the question in comment #6 is answered.

Comment 8 Milan Broz 2010-02-04 04:53:00 EST

(In reply to comment #6)
> device-mapper: waitevent ioctl failed: Interrupted system call    

yes, it is expected.
dmeventd has one thread per monitored device, every thread waits for event (in dm-ioctl syscall). If the device is removed waiting is interrupted.
This warning should be probably more quite (like debug level only) but it is just cosmetic change.

Comment 10 errata-xmlrpc 2010-03-30 05:01:34 EDT

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2010-0298.html

Note You need to log in before you can comment on or make changes to this bug.