[Bug 1611360] Re: Xenial 32-bit: multipath exits with SIGSEGV

Mon Oct 17 19:56:42 UTC 2016

Here were the steps I used to recreate this bug.

1) Create 32-bit ubuntu guest (xenial or yakkety). Note: my guest is
named 'x32multipath'.

$ uvt-kvm create x32multipath release=xenial arch=i386

2) In your guest, install multipath tools

$ sudo apt install multipath-tools

3) From host, attach virtio-scsi controller into guest
(Note, you may have to disable apparmor - I ran into what was possibly a bug blocking me, but it doesn't seem to reproduce now that I've re-installed apparmor).  

$ sudo echo "<controller type='scsi' model='virtio-scsi'/>" > ./scsi.xml
$ sudo virsh attach-device --config  ./scsi.xml
$ sudo virsh shutdown x32multipath
$ sudo virsh start x32multipath

4) Create a disk-image for attaching to the guest.

$ sudo qemu-img create /tmp/scsidisk.img 20M
Formatting '/tmp/scsidisk.img', fmt=raw size=20971520

5) Attach this disk to the guest as both sda and sdb.

$ sudo virsh attach-disk x32multipath /tmp/scsidisk.img sda --cache none --serial 0001
$ sudo virsh attach-disk x32multipath /tmp/scsidisk.img sdb --cache none --serial 0002

6) From your guest, execute show paths. 

$ sudo multipathd -k"show paths"
error -5 receiving packet

You'll find a segfault in your 'dmesg':
...
...
[12979.571708] scsi 2:0:0:0: Direct-Access     QEMU     QEMU HARDDISK    2.5+ PQ: 0 ANSI: 5
[12979.574653] sd 2:0:0:0: Attached scsi generic sg0 type 0
[12979.574889] sd 2:0:0:0: [sda] 40960 512-byte logical blocks: (21.0 MB/20.0 MiB)
[12979.575290] sd 2:0:0:0: [sda] Write Protect is off
[12979.575294] sd 2:0:0:0: [sda] Mode Sense: 63 00 00 08
[12979.575418] sd 2:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[12979.578059] sd 2:0:0:0: [sda] Attached SCSI disk
[12985.008262] scsi 2:0:0:1: Direct-Access     QEMU     QEMU HARDDISK    2.5+ PQ: 0 ANSI: 5
[12985.010632] sd 2:0:0:1: Attached scsi generic sg1 type 0
[12985.010793] sd 2:0:0:1: [sdb] 40960 512-byte logical blocks: (21.0 MB/20.0 MiB)
[12985.011144] sd 2:0:0:1: [sdb] Write Protect is off
[12985.011148] sd 2:0:0:1: [sdb] Mode Sense: 63 00 00 08
[12985.011261] sd 2:0:0:1: [sdb] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[12985.013457] sd 2:0:0:1: [sdb] Attached SCSI disk
[13071.000211] multipathd[2387]: segfault at 0 ip b75d492a sp b7149030 error 4 in libmultipath.so.0[b75b2000+45000]

AFTER FIX:

After applying the update you should get something more pleasant:
$ sudo multipathd -k"show paths"
hcil    dev dev_t pri dm_st  chk_st dev_st  next_check     
2:0:0:0 sda 8:0   1   active ready  running XXX....... 3/10
2:0:0:1 sdb 8:16  1   active ready  running XXXX...... 4/10

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to multipath-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1611360

Title:
  Xenial 32-bit: multipath exits with SIGSEGV

Status in multipath-tools package in Ubuntu:
  Triaged

Bug description:
  Ubuntu release:
  Description:	Ubuntu 16.04 LTS
  Release:	16.04

  Package version: 0.5.0+git1.656f8865-5ubuntu2.1

  The current version of multipath-tools for Xenial (0.5.0+git1.656f8865-5ubuntu2.1) causes segmentation fault when trying to run, for example, "show paths" from the daemon.
  When further investigating the issue, it seems that since Ubuntu 14.04, the enum describing the keyword type in cli.h is now of size 35. This leads to overflows as later on values are left-shifted by the values in these enum, and some of those exceed 31 (the maximum legal shift amount in 32-bit int).
  This leads to wrong choice of the handler in the command parsing stage (cli.c - find_handler). Specifically in "show paths" it leads to choosing cli_list_paths_fmt instead of cli_list_paths, and later to null dereferencing and segmentation fault.

  GDB Backtrace:
  #0  snprint_path_header (line=0xb78010e0 "", len=1200, format=0x0) at print.c:795
  #1  0x08052a6e in show_paths (r=0xb7b52210, len=0xb7b52208, vecs=0x809f650, style=0x0, pretty=1) at cli_handlers.c:47
  #2  0x080532af in cli_list_paths_fmt (v=0xb7800678, reply=0xb7b52210, len=0xb7b52208, data=0x809f650) at cli_handlers.c:235
  #3  0x08052369 in parse_cmd (cmd=0xb7800f68 "show paths", reply=0xb7b52210, len=0xb7b52208, data=0x809f650) at cli.c:438
  #4  0x0804cf49 in uxsock_trigger (str=0xb7800f68 "show paths", reply=0xb7b52210, len=0xb7b52208, trigger_data=0x809f650) at main.c:780
  #5  0x08050e5a in uxsock_listen (uxsock_trigger=0x804cf00 <uxsock_trigger>, trigger_data=0x809f650) at uxlsnr.c:252
  #6  0x0804da3b in uxlsnrloop (ap=0x809f650) at main.c:946
  #7  0xb7fb82b5 in start_thread (arg=0xb7b52b40) at pthread_create.c:333
  #8  0xb7da216e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:114

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/multipath-tools/+bug/1611360/+subscriptions