Debian
iproute2 package

iproute2: seg fault with 'ip link type gre ...' commands

Bug #1522371 reported by Nicolas Dichtel
18
This bug affects 1 person
Affects Status Importance Assigned to Milestone
iproute2 (Debian)
Fix Released
Unknown
iproute2 (Ubuntu)
Fix Released
High
Kick In

Bug Description

This upstream patch needs to be backported:
bde5baa5476c gre: raising the size of the buffer holding nl messages.
https://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/commit/?id=bde5baa5476c

Example:
root@ubuntu1404:~# ip link add dummy1 type dummy
root@ubuntu1404:~# ip a a 10.200.0.1/24 dev dummy1
root@ubuntu1404:~# ip link add gre2 type gre local 10.200.0.1 remote 10.200.0.2 dev dummy1
root@ubuntu1404:~# ip link set gre2 type gre ttl 32
addattr_l ERROR: message exceeded bound of 1024
addattr_l ERROR: message exceeded bound of 1024
addattr_l ERROR: message exceeded bound of 1024
addattr_l ERROR: message exceeded bound of 1024
addattr_l ERROR: message exceeded bound of 1024
addattr_l ERROR: message exceeded bound of 1024
addattr_l ERROR: message exceeded bound of 1024
addattr_l ERROR: message exceeded bound of 1024
addattr_l ERROR: message exceeded bound of 1024
*** stack smashing detected ***: ip terminated
Aborted
root@ubuntu1404:~# uname -a
Linux ubuntu1404 3.13.0-66-generic #108-Ubuntu SMP Wed Oct 7 15:20:27 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
root@ubuntu1404:~# ip -V
ip utility, iproute2-ss131122
root@ubuntu1404:~#

Tags: bitesize 6wind
Robie Basak (racb)
Changed in iproute2 (Ubuntu):
status: New → Triaged
importance: Undecided → High
tags: added: bitesize
Revision history for this message
Nicolas Dichtel (nicolas-dichtel) wrote :

After this patch, there is still another segfault:
$ ip -f inet6 tunnel add gre2 mode ip6gre local fd00:125::1:1 remote fd00:125::1:2 dev eth1
$ ip link set gre2 type ip6gre hoplimit 32

Here is the fix:
http://patchwork.ozlabs.org/patch/552378/
This fix depends on commit https://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/commit/?id=c079e121a73a

Revision history for this message
Nicolas Dichtel (nicolas-dichtel) wrote :

The last patch is now upstream:
https://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/commit/?id=ed108cfc0260b6b751647982b77d6363b1defb15

Jean-Mickael Guerin (jean-mickael-guerin)
tags: added: 6wind
Revision history for this message
Sebastien Bacher (seb128) wrote :

Thanks, the patch fromt he description is in https://launchpad.net/ubuntu/+source/iproute2/4.1.1-1ubuntu1 since wily

The other patch is not a release yet, it might be a good idea to send it to Debian as well and backport that before xenial if there is no new upstream version before that

Revision history for this message
Nicolas Dichtel (nicolas-dichtel) wrote :

Done here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812102

Bug Watch Updater (bug-watch-updater)
Changed in iproute2 (Debian):
status: Unknown → New
Jon Grimm (jgrimm)
Changed in iproute2 (Ubuntu):
assignee: nobody → Kick In (kick-d)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package iproute2 - 4.3.0-1ubuntu3

---------------
iproute2 (4.3.0-1ubuntu3) xenial; urgency=medium

  * Add d/p/1003-fix-variable-in-libnetlink.patch (LP: #1522371), fix a variable name
    collision issuing a segfault; from upstream.
  * Add TIPC support (LP: #1508225):
    - d/control: add libmnl-dev to BDs, to include TIPC support.
    - d/iproute2.install: add tipc binary.

 -- Pierre-André MOREY <email address hidden> Tue, 05 Apr 2016 09:43:44 +0200

Changed in iproute2 (Ubuntu):
status: Triaged → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in iproute2 (Debian):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.