touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #50678
[Bug 1415340] [NEW] lvconvert segmentation fault on merge
Public bug reported:
1: System information
root@saturn:~# lsb_release -rd
Description: Ubuntu 14.04.1 LTS
Release: 14.04
2: Package information
root@saturn:~# apt-cache policy lvm2
lvm2:
Installed: 2.02.98-6ubuntu2
Candidate: 2.02.98-6ubuntu2
Version table:
*** 2.02.98-6ubuntu2 0
500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
100 /var/lib/dpkg/status
root@saturn:~#
3. Expected behavior:
lvconvert --merge should not segfault after merge is successful.
4. Actual behavior:
root@saturn:~# mount /dev/saturn/rings.two /mnt
root@saturn:~# touch /mnt/foo
root@saturn:~# umount /mnt
root@saturn:~# valgrind lvconvert --merge /dev/saturn/rings.two
==23772== Memcheck, a memory error detector
==23772== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==23772== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright info
==23772== Command: lvconvert --merge /dev/saturn/rings.two
==23772==
==23772== Warning: invalid file descriptor 1024 in syscall close()
==23772== Warning: invalid file descriptor 1025 in syscall close()
==23772== Warning: invalid file descriptor 1026 in syscall close()
==23772== Warning: invalid file descriptor 1027 in syscall close()
==23772== Use --log-fd=<number> to select an alternative log fd.
==23772== Warning: invalid file descriptor 1028 in syscall close()
==23772== Warning: invalid file descriptor 1029 in syscall close()
==23772== Warning: invalid file descriptor 1030 in syscall close()
Merging of volume rings.two started.
Internal error: Reserved memory (126324736) not enough: used 126881792. Increase activation/reserved_memory?
rings: Merged: 97.0%
==23772== Invalid read of size 8
==23772== at 0x481A79: lv_is_merging_cow (in /sbin/lvm)
==23772== by 0x4997DD: dev_manager_snapshot_percent (in /sbin/lvm)
==23772== by 0x43AF2B: lv_snapshot_percent (in /sbin/lvm)
==23772== by 0x417110: ??? (in /sbin/lvm)
==23772== by 0x427C3F: ??? (in /sbin/lvm)
==23772== by 0x4281BC: poll_daemon (in /sbin/lvm)
==23772== by 0x41853B: lvconvert_poll (in /sbin/lvm)
==23772== by 0x41862A: ??? (in /sbin/lvm)
==23772== by 0x41A9D2: ??? (in /sbin/lvm)
==23772== by 0x42EF21: process_each_lv_in_vg (in /sbin/lvm)
==23772== by 0x4304B4: process_each_lv (in /sbin/lvm)
==23772== by 0x41B3DC: lvconvert (in /sbin/lvm)
==23772== Address 0x28 is not stack'd, malloc'd or (recently) free'd
==23772==
==23772==
==23772== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==23772== Access not within mapped region at address 0x28
==23772== at 0x481A79: lv_is_merging_cow (in /sbin/lvm)
==23772== by 0x4997DD: dev_manager_snapshot_percent (in /sbin/lvm)
==23772== by 0x43AF2B: lv_snapshot_percent (in /sbin/lvm)
==23772== by 0x417110: ??? (in /sbin/lvm)
==23772== by 0x427C3F: ??? (in /sbin/lvm)
==23772== by 0x4281BC: poll_daemon (in /sbin/lvm)
==23772== by 0x41853B: lvconvert_poll (in /sbin/lvm)
==23772== by 0x41862A: ??? (in /sbin/lvm)
==23772== by 0x41A9D2: ??? (in /sbin/lvm)
==23772== by 0x42EF21: process_each_lv_in_vg (in /sbin/lvm)
==23772== by 0x4304B4: process_each_lv (in /sbin/lvm)
==23772== by 0x41B3DC: lvconvert (in /sbin/lvm)
==23772== If you believe this happened as a result of a stack
==23772== overflow in your program's main thread (unlikely but
==23772== possible), you can try to increase the size of the
==23772== main thread stack using the --main-stacksize= flag.
==23772== The main thread stack size used in this run was 8388608.
==23772==
==23772== HEAP SUMMARY:
==23772== in use at exit: 586,786 bytes in 712 blocks
==23772== total heap usage: 9,622 allocs, 8,910 frees, 19,027,414 bytes allocated
==23772==
==23772== LEAK SUMMARY:
==23772== definitely lost: 0 bytes in 0 blocks
==23772== indirectly lost: 0 bytes in 0 blocks
==23772== possibly lost: 0 bytes in 0 blocks
==23772== still reachable: 586,786 bytes in 712 blocks
==23772== suppressed: 0 bytes in 0 blocks
==23772== Rerun with --leak-check=full to see details of leaked memory
==23772==
==23772== For counts of detected and suppressed errors, rerun with: -v
==23772== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault (core dumped)
Merge was successful:
root@saturn:~# mount /dev/saturn/rings /mnt
root@saturn:~# ls /mnt -la
total 17
drwxr-xr-x 3 root root 1024 Jan 28 00:01 .
drwxr-xr-x 22 root root 4096 Jan 17 06:36 ..
-rw-r--r-- 1 root root 0 Jan 28 00:01 foo
drwx------ 2 root root 12288 Jan 28 00:00 lost+found
Replication steps (For me, anyways):
1) Create empty lv (lv0)
2) create snapshot of lv (lv1)
3) Create filesystem on lv0
4) Create snapshot of lv0 (lv2)
5) mount lv2 and use touch to create a file
6) unmount lv2
7) lvconvert --merge /dev/vol00/lv2
** Affects: lvm2 (Ubuntu)
Importance: Undecided
Status: New
** Attachment added: "Core file from valgrind/lvconvert in initial description"
https://bugs.launchpad.net/bugs/1415340/+attachment/4307016/+files/vgcore.23772
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lvm2 in Ubuntu.
https://bugs.launchpad.net/bugs/1415340
Title:
lvconvert segmentation fault on merge
Status in lvm2 package in Ubuntu:
New
Bug description:
1: System information
root@saturn:~# lsb_release -rd
Description: Ubuntu 14.04.1 LTS
Release: 14.04
2: Package information
root@saturn:~# apt-cache policy lvm2
lvm2:
Installed: 2.02.98-6ubuntu2
Candidate: 2.02.98-6ubuntu2
Version table:
*** 2.02.98-6ubuntu2 0
500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
100 /var/lib/dpkg/status
root@saturn:~#
3. Expected behavior:
lvconvert --merge should not segfault after merge is successful.
4. Actual behavior:
root@saturn:~# mount /dev/saturn/rings.two /mnt
root@saturn:~# touch /mnt/foo
root@saturn:~# umount /mnt
root@saturn:~# valgrind lvconvert --merge /dev/saturn/rings.two
==23772== Memcheck, a memory error detector
==23772== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==23772== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright info
==23772== Command: lvconvert --merge /dev/saturn/rings.two
==23772==
==23772== Warning: invalid file descriptor 1024 in syscall close()
==23772== Warning: invalid file descriptor 1025 in syscall close()
==23772== Warning: invalid file descriptor 1026 in syscall close()
==23772== Warning: invalid file descriptor 1027 in syscall close()
==23772== Use --log-fd=<number> to select an alternative log fd.
==23772== Warning: invalid file descriptor 1028 in syscall close()
==23772== Warning: invalid file descriptor 1029 in syscall close()
==23772== Warning: invalid file descriptor 1030 in syscall close()
Merging of volume rings.two started.
Internal error: Reserved memory (126324736) not enough: used 126881792. Increase activation/reserved_memory?
rings: Merged: 97.0%
==23772== Invalid read of size 8
==23772== at 0x481A79: lv_is_merging_cow (in /sbin/lvm)
==23772== by 0x4997DD: dev_manager_snapshot_percent (in /sbin/lvm)
==23772== by 0x43AF2B: lv_snapshot_percent (in /sbin/lvm)
==23772== by 0x417110: ??? (in /sbin/lvm)
==23772== by 0x427C3F: ??? (in /sbin/lvm)
==23772== by 0x4281BC: poll_daemon (in /sbin/lvm)
==23772== by 0x41853B: lvconvert_poll (in /sbin/lvm)
==23772== by 0x41862A: ??? (in /sbin/lvm)
==23772== by 0x41A9D2: ??? (in /sbin/lvm)
==23772== by 0x42EF21: process_each_lv_in_vg (in /sbin/lvm)
==23772== by 0x4304B4: process_each_lv (in /sbin/lvm)
==23772== by 0x41B3DC: lvconvert (in /sbin/lvm)
==23772== Address 0x28 is not stack'd, malloc'd or (recently) free'd
==23772==
==23772==
==23772== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==23772== Access not within mapped region at address 0x28
==23772== at 0x481A79: lv_is_merging_cow (in /sbin/lvm)
==23772== by 0x4997DD: dev_manager_snapshot_percent (in /sbin/lvm)
==23772== by 0x43AF2B: lv_snapshot_percent (in /sbin/lvm)
==23772== by 0x417110: ??? (in /sbin/lvm)
==23772== by 0x427C3F: ??? (in /sbin/lvm)
==23772== by 0x4281BC: poll_daemon (in /sbin/lvm)
==23772== by 0x41853B: lvconvert_poll (in /sbin/lvm)
==23772== by 0x41862A: ??? (in /sbin/lvm)
==23772== by 0x41A9D2: ??? (in /sbin/lvm)
==23772== by 0x42EF21: process_each_lv_in_vg (in /sbin/lvm)
==23772== by 0x4304B4: process_each_lv (in /sbin/lvm)
==23772== by 0x41B3DC: lvconvert (in /sbin/lvm)
==23772== If you believe this happened as a result of a stack
==23772== overflow in your program's main thread (unlikely but
==23772== possible), you can try to increase the size of the
==23772== main thread stack using the --main-stacksize= flag.
==23772== The main thread stack size used in this run was 8388608.
==23772==
==23772== HEAP SUMMARY:
==23772== in use at exit: 586,786 bytes in 712 blocks
==23772== total heap usage: 9,622 allocs, 8,910 frees, 19,027,414 bytes allocated
==23772==
==23772== LEAK SUMMARY:
==23772== definitely lost: 0 bytes in 0 blocks
==23772== indirectly lost: 0 bytes in 0 blocks
==23772== possibly lost: 0 bytes in 0 blocks
==23772== still reachable: 586,786 bytes in 712 blocks
==23772== suppressed: 0 bytes in 0 blocks
==23772== Rerun with --leak-check=full to see details of leaked memory
==23772==
==23772== For counts of detected and suppressed errors, rerun with: -v
==23772== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault (core dumped)
Merge was successful:
root@saturn:~# mount /dev/saturn/rings /mnt
root@saturn:~# ls /mnt -la
total 17
drwxr-xr-x 3 root root 1024 Jan 28 00:01 .
drwxr-xr-x 22 root root 4096 Jan 17 06:36 ..
-rw-r--r-- 1 root root 0 Jan 28 00:01 foo
drwx------ 2 root root 12288 Jan 28 00:00 lost+found
Replication steps (For me, anyways):
1) Create empty lv (lv0)
2) create snapshot of lv (lv1)
3) Create filesystem on lv0
4) Create snapshot of lv0 (lv2)
5) mount lv2 and use touch to create a file
6) unmount lv2
7) lvconvert --merge /dev/vol00/lv2
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1415340/+subscriptions
Follow ups
References
