[Bug 1616213] Re: Core dump on multipathd shutdown - trusty 14.04.4

Dragan S. 1616213 at bugs.launchpad.net
Tue Aug 23 20:57:38 UTC 2016 

Other threads on the way out:

(gdb) info threads
  Id   Target Id         Frame 
  6    Thread 0x7f21ca11e700 (LWP 41583) pthread_cond_wait@@GLIBC_2.3.2 ()
    at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  5    Thread 0x7f21ca11f840 (LWP 41582) 0x00007f21c9111dfd in nanosleep () at ../sysdeps/unix/syscall-template.S:81
  4    Thread 0x7f21ca0b3700 (LWP 41632) (Exiting) 0x00007f21c9145967 in madvise ()
    at ../sysdeps/unix/syscall-template.S:81
  3    Thread 0x7f21ca0a2700 (LWP 41633) (Exiting) 0x00007f21c732a1d1 in ?? () from /lib/x86_64-linux-gnu/libgcc_s.so.1
  2    Thread 0x7f21ca10d700 (LWP 41584) (Exiting) __lll_lock_wait ()
    at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:135
* 1    Thread 0x7f21ca0c4700 (LWP 41631) 0x00000000004075db in checkerloop (ap=0x1b81040) at main.c:1150
(gdb)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to multipath-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1616213

Title:
  Core dump on multipathd shutdown - trusty 14.04.4

Status in multipath-tools package in Ubuntu:
  In Progress

Bug description:
  On ubuntu trusty 14.04.4 in multipath-tools version 0.4.9-3ubuntu7.14
  there is bug in multipathd on shutdown.

  The code will access pathvec pointer which is a valid address:

  Reading symbols from /sbin/multipathd...Reading symbols from /usr/lib/debug//sbin/multipathd...done.
  done.
  [New LWP 41631]
  [New LWP 41584]
  [New LWP 41633]
  [New LWP 41632]
  [New LWP 41582]
  [New LWP 41583]
  [Thread debugging using libthread_db enabled]
  Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
  Core was generated by `/sbin/multipathd'.
  Program terminated with signal SIGSEGV, Segmentation fault.
  #0  0x00000000004075db in checkerloop (ap=0x1b81040) at main.c:1150

  1150				vector_foreach_slot (vecs->pathvec, pp, i) {
  (gdb) list
  1145			pthread_cleanup_push(cleanup_lock, &vecs->lock);
  1146			lock(vecs->lock);
  1147			condlog(4, "tick");
  1148	
  1149			if (vecs->pathvec) {
  1150				vector_foreach_slot (vecs->pathvec, pp, i) {
  1151					check_path(vecs, pp);
  1152				}
  1153			}
  1154			if (vecs->mpvec) {

  Pathvec is a valid pointer:
  (gdb) p vecs->pathvec
  $1 = (vector) 0x1b81280

  But the contents of the structure are just garbage:

  (gdb) p *vecs->pathvec
  $2 = {allocated = 1651076143, slot = 0x756e696c2d34365f}
  (gdb)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/multipath-tools/+bug/1616213/+subscriptions

More information about the foundations-bugs mailing list