Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 1457288 - SIGABRT of mulitpathd caused by double free of 'show maps json'
SIGABRT of mulitpathd caused by double free of 'show maps json'
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: device-mapper-multipath (Show other bugs)
7.4
x86_64 Linux
medium Severity medium
: rc
: ---
Assigned To: Ben Marzinski
Lin Li
:
Depends On:
Blocks: 1469559
  Show dependency treegraph
 
Reported: 2017-05-31 09:06 EDT by Gris Ge
Modified: 2018-04-10 12:10 EDT (History)
6 users (show)

See Also:
Fixed In Version: device-mapper-multipath-0.4.9-112.el7
Doc Type: Bug Fix
Doc Text:
Cause: Mutipathd wasn't allocating any space for a reply if "multipathd show maps json" was called and there were no multipath devices. Consequence: Multipathd was crashing when "multipathd show maps json" was called and there were no multipath devices. Fix: Multipathd now allocates space for a reply when there are no devices Result: Multipathd no longer crashes when "multipathd show maps json" is called and there are no multipath devices.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-04-10 12:10:28 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2018:0884 normal SHIPPED_LIVE device-mapper-multipath bug fix and enhancement update 2018-04-10 09:47:14 EDT

  None (edit)
Description Gris Ge 2017-05-31 09:06:33 EDT
Description of problem:
Got SIGABRT of multipathd when doing `show maps json` with 
`multipath -F; multipath -f`

```
#0  0x00007ffff691c1f7 in raise () from /lib64/libc.so.6
#1  0x00007ffff691d8e8 in abort () from /lib64/libc.so.6
#2  0x00007ffff695bf47 in __libc_message () from /lib64/libc.so.6
#3  0x00007ffff6963619 in _int_free () from /lib64/libc.so.6
#4  0x0000555555560038 in show_maps_json (r=0x7ffff7faad08, len=0x7ffff7faacf8, vecs=0x555555774280) at cli_handlers.c:157
#5  0x000055555555f4a7 in parse_cmd (cmd=cmd@entry=0x7fffe8001f70 "show maps json", reply=reply@entry=0x7ffff7faad08, len=len@entry=0x7ffff7faacf8, data=data@entry=0x555555774280)
    at cli.c:439
#6  0x0000555555559d29 in uxsock_trigger (str=<optimized out>, reply=reply@entry=0x7ffff7faad08, len=len@entry=0x7ffff7faacf8, is_root=is_root@entry=true, 
    trigger_data=trigger_data@entry=0x555555774280) at main.c:888
#7  0x000055555555e145 in uxsock_listen (uxsock_trigger=uxsock_trigger@entry=0x555555559cc0 <uxsock_trigger>, trigger_data=trigger_data@entry=0x555555774280) at uxlsnr.c:200
#8  0x000055555555a8b3 in uxlsnrloop (ap=0x555555774280) at main.c:1057
#9  0x00007ffff7bc6e25 in start_thread () from /lib64/libpthread.so.0
#10 0x00007ffff69df34d in clone () from /lib64/libc.so.6
```

Version-Release number of selected component (if applicable):
device-mapper-multipath-0.4.9-111.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. In a new terminal run
    for x in `seq 1 1000`; do sudo multipath -F ; sudo multipath -r; done
2. In a new terminal run
    for x in `seq 1 100`; do sudo  multipathd -k'show maps json'; done
3.

Actual results:
multipathd crash

Expected results:
multipathd dont crash

Additional info:
Comment 1 Ben Marzinski 2017-06-01 17:59:54 EDT
This actually happens if you run

# multipathd show maps json

When there are no multipath devices. I have a fix, but I'm not sure that this is worthy of an exception. The fix is simple, but the workaround is to not do this when there are no multipath devices.
Comment 2 Ben Marzinski 2017-09-19 20:08:52 EDT
Multipath now correctly handles the case where there are no multipath maps when

# multipathd show maps json

is run
Comment 6 Lin Li 2018-01-29 13:06:57 EST
change to verified according to comment 4.
Comment 9 errata-xmlrpc 2018-04-10 12:10:28 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:0884

Note You need to log in before you can comment on or make changes to this bug.