Ubuntu

tc crashed with SIGSEGV in prio_print_opt()

Reported by Marques Johansson on 2008-01-14
50
Affects Status Importance Assigned to Milestone
iproute (Ubuntu)
Medium
Unassigned

Bug Description

Binary package hint: iproute

This may be related to Bug #24352.

mjohansson@bang:~$ sudo tc qdisc add dev eth0 root tbf rate 4Mbit burst 4Mb lat 2ms
mjohansson@bang:~$ tc qdisc show
qdisc tbf 8001: dev eth0 root rate 4000Kbit burst 4Mb lat 2.0ms
mjohansson@bang:~$ sudo tc qdisc del dev eth0 root
mjohansson@bang:~$ sudo tc qdisc add dev eth0 root pfifo_fast bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 multiqueue: on
qdisc 'pfifo_fast' does not support option parsing
mjohansson@bang:~$ sudo ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:0d:56:f0:d2:32 brd ff:ff:ff:ff:ff:ff

mjohansson@bang:~$ tc qdisc show
Segmentation fault (core dumped)

ProblemType: Crash
Architecture: i386
CrashCounter: 1
Date: Mon Jan 14 08:10:26 2008
Dependencies:
 libgcc1 1:4.2.2-5ubuntu2 [modified: lib/libgcc_s.so.1]
 libatm1 2.4.1-17.1build1
 gcc-4.2-base 4.2.2-5ubuntu2
 libdb4.6 4.6.21-3ubuntu1 [modified: usr/lib/libdb-4.6.so]
 libc6 2.7-5ubuntu2 [modified: lib/ld-2.7.so usr/lib/pt_chown usr/bin/iconv usr/bin/getent usr/bin/getconf usr/bin/zdump usr/bin/rpcinfo usr/sbin/zic usr/sbin/iconvconfig]
DistroRelease: Ubuntu 8.04
ExecutablePath: /sbin/tc
Package: iproute 20071016-1 [modified: bin/ip sbin/rtmon sbin/tc sbin/rtacct sbin/ss usr/bin/lnstat usr/bin/nstat usr/sbin/arpd]
PackageArchitecture: i386
ProcCmdline: tc qdisc show
ProcCwd: /home/mjohansson
ProcEnviron:
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin
 LANG=en_US.UTF-8
 SHELL=/bin/bash
Signal: 11
SourcePackage: iproute
Stacktrace:
 #0 0x0805988c in prio_print_opt ()
 #1 0x0804de19 in print_qdisc ()
 #2 0x0806e96a in rtnl_dump_filter ()
 #3 0x0804db4f in tc_qdisc_list ()
 #4 0x0804cf44 in _start ()
StacktraceTop:
 prio_print_opt ()
 print_qdisc ()
 rtnl_dump_filter ()
 tc_qdisc_list ()
 _start ()
Title: tc crashed with SIGSEGV in prio_print_opt()
Uname: Linux bang 2.6.24-2-generic #1 SMP Thu Dec 20 17:36:12 GMT 2007 i686 GNU/Linux
UserGroups:
SegvAnalysis:
 Segfault happened at: 0x805988c <prio_print_opt+204>: cmpb $0x0,0x4(%eax)
 PC (0x0805988c) ok
 source "$0x0" ok
 destination "0x4(%eax)" (0xff0a0004) not located in a known VMA region (needed writable region)!
SegvReason: writing unknown VMA

Marques Johansson (marques) wrote :

StacktraceTop:prio_print_opt ()
print_qdisc ()
rtnl_dump_filter ()
tc_qdisc_list ()
do_cmd ()

Changed in iproute:
importance: Undecided → Medium
Marques Johansson (marques) wrote :

I was able to get the show command to not segfault, then segfault again.

mjohansson@bang:~$ sudo tc qdisc replace dev eth0 root pfifo
mjohansson@bang:~$ sudo tc qdisc show
qdisc pfifo 8003: dev eth0 root limit 100p
mjohansson@bang:~$ sudo tc qdisc del dev eth0 root
mjohansson@bang:~$ sudo tc qdisc show
Segmentation fault (core dumped)

AlienMind (beawevou) wrote :

marques: that's because you're not using q_prio ;)

# strace tc qdisc show dev ppp0
..
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fce000
open("/usr/lib/tc/q_prio.so", O_RDONLY) = -1 ENOENT (No such file or directory)
--- SIGSEGV (Segmentation fault) @ 0 (0) ---

# ls /usr/lib/tc/q_prio.so
ls: cannot access /usr/lib/tc/q_prio.so: No such file or directory

hardy server after "apt-get upgrade":
iproute 20071016-1
linux-image-2.6.24-12-server
Linux servername 2.6.24-12-server #1 SMP Wed Mar 12 23:34:17 UTC 2008 i686 GNU/Linux

Is this bug reproducible with newer iproute, ie. on Intrepid?

Kees Cook (kees) on 2009-09-16
description: updated
Stéphane Graber (stgraber) wrote :

On quantal:

root@tpl-quantal-amd64-temp-UzLGMWj:~# tc qdisc add dev eth0 root tbf rate 4Mbit burst 4Mb lat 2ms
root@tpl-quantal-amd64-temp-UzLGMWj:~# tc qdisc show
qdisc tbf 8001: dev eth0 root refcnt 2 rate 4000Kbit burst 4Mb lat 2.0ms
root@tpl-quantal-amd64-temp-UzLGMWj:~# tc qdisc del dev eth0 root
root@tpl-quantal-amd64-temp-UzLGMWj:~# tc qdisc add dev eth0 root pfifo_fast bands 3 priomap 1 2 2 2 1 2
qdisc 'pfifo_fast' does not support option parsing
root@tpl-quantal-amd64-temp-UzLGMWj:~# ip link
1174: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 00:16:3e:2b:20:87 brd ff:ff:ff:ff:ff:ff
1176: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN mode DEFAULT
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
root@tpl-quantal-amd64-temp-UzLGMWj:~# tc qdisc show
qdisc pfifo_fast 0: dev eth0 root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1

Changed in iproute (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers