Bug 1298933 - tc segfaults when it tries to show filters
Summary: tc segfaults when it tries to show filters
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: iproute
Version: 6.8
Hardware: i386
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Phil Sutter
QA Contact: Jaroslav Aster
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-01-15 12:43 UTC by Jaroslav Aster
Modified: 2016-05-11 00:20 UTC (History)
1 user (show)

Fixed In Version: iproute-2.6.32-53.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-05-11 00:20:32 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:0895 0 normal SHIPPED_LIVE iproute bug fix and enhancement update 2016-05-10 22:50:11 UTC

Description Jaroslav Aster 2016-01-15 12:43:47 UTC 
Description of problem:

Tc segfaults when it tries to show filters if one filter is cgroup. It appears only on i386. The other architectures work fine, there are no segfaults.

It is not an regression. It appears on iproute-2.6.32-45.el6 too.

Version-Release number of selected component (if applicable):

iproute-2.6.32-51.el6

How reproducible:

100%

Steps to Reproduce:
# ip link add TestIface type dummy

# ip link set TestIface up

# tc qdisc add dev TestIface root handle 1:0 htb default 14

# tc filter add dev TestIface parent 1:0 prio 3 handle 6 cgroup

# tc filter show dev TestIface
filter parent 1: protocol [768] pref 3 cgroup handle 0x6 
Segmentation fault (core dumped)

Actual results:

Segfaults.

Expected results:

No segfaults.

Additional info:
Comment 3 Phil Sutter 2016-01-18 16:31:20 UTC 
OK, issue reproduced (thanks again for the test system access) and fix identified:

commit 4b45abd1f000f62df9b624e393d9f3d62751a266
Author: Stephen Hemminger <stephen.hemminger>
Date:   Thu Jul 29 18:03:35 2010 -0700

    Fix NULL pointer reference when using basic match
    
    If basic match has no tree of matches underneath
    then print_ematch would core dump.


With this commit backported, the segfault does no longer happen.
Comment 8 errata-xmlrpc 2016-05-11 00:20:32 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0895.html
Note You need to log in before you can comment on or make changes to this bug.