RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1513337 - lldpad killed by SIGSEGV [rhel-7.9.z]
Summary: lldpad killed by SIGSEGV [rhel-7.9.z]
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: lldpad
Version: 7.4
Hardware: Unspecified
OS: Linux
high
high
Target Milestone: rc
: ---
Assignee: Aaron Conole
QA Contact: Matt Lucius
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-15 08:51 UTC by Denis Silakov
Modified: 2022-08-09 11:55 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-08-09 11:54:25 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
Possible patch (604 bytes, patch)
2017-11-15 08:52 UTC, Denis Silakov 		no flags Details | Diff
Improved patch (1.19 KB, patch)
2018-01-12 15:23 UTC, Denis Silakov 		no flags Details | Diff
LLDPAD with proposed fix (282.15 KB, application/x-rpm)
2019-09-09 17:48 UTC, Aaron Conole 		no flags Details
Show Obsolete (1) View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-101239 0 None None None 2021-11-01 14:22:38 UTC
Red Hat Product Errata RHBA-2022:5940 0 None None None 2022-08-09 11:54:27 UTC

Description Denis Silakov 2017-11-15 08:51:01 UTC 
Description of problem:
lldpad can crash on certain network configurations

Version-Release number of selected component (if applicable):
lldpad-1.0.1-3.git036e314

How reproducible:
On certain network configuration - always

After one of our autotests, abrt reports that lldpad killed by SIGSEGV.

Report contains the following backtrace:

Program terminated with signal 11, Segmentation fault.
#0  0x0000562b97f6dbcc in get_saddr6 (ifname=ifname@entry=0x562b993d97c0 "vethfd5c38f1", saddr=saddr@entry=0x7ffed42e4870) at lldp_util.c:1043
1043                            if ((ifa->ifa_addr->sa_family == AF_INET6) &&
(gdb) bt
#0  0x0000562b97f6dbcc in get_saddr6 (ifname=ifname@entry=0x562b993d97c0 "vethfd5c38f1", saddr=saddr@entry=0x7ffed42e4870) at lldp_util.c:1043
#1  0x0000562b97f6dc71 in get_ipaddr6 (ifname=ifname@entry=0x562b993d97c0 "vethfd5c38f1", in6=in6@entry=0x7ffed42e48e2) at lldp_util.c:1060
#2  0x0000562b97f6e863 in mand_bld_portid_tlv (md=md@entry=0x562b993d97c0, agent=0x562b993d8a60) at lldp_mand.c:382
#3  0x0000562b97f6ec85 in mand_bld_tlv (md=md@entry=0x562b993d97c0, agent=agent@entry=0x562b993d8a60) at lldp_mand.c:475
#4  0x0000562b97f6f17c in mand_ifup (ifname=0x7ffed42e4cf0 "vethfd5c38f1", agent=0x562b993d8a60) at lldp_mand.c:606
#5  0x0000562b97f555a5 in oper_add_device (device_name=device_name@entry=0x7ffed42e4cf0 "vethfd5c38f1") at event_iface.c:218
#6  0x0000562b97f55f0e in event_if_decode_nlmsg (len=<optimized out>, data=0x7ffed42e4d10, route_type=16) at event_iface.c:313
#7  event_if_process_recvmsg (nlmsg=0x7ffed42e4d00) at event_iface.c:334
#8  event_iface_receive (sock=<optimized out>, eloop_ctx=<optimized out>, sock_ctx=<optimized out>) at event_iface.c:412
#9  0x0000562b97f56504 in eloop_sock_table_dispatch (table=table@entry=0x562b981acbf0 <eloop+16>, fds=fds@entry=0x562b993d3140) at eloop.c:209
#10 0x0000562b97f56c73 in eloop_run () at eloop.c:526
#11 0x0000562b97f512ea in main (argc=<optimized out>, argv=<optimized out>) at lldpad.c:459
  

(gdb) p ifa
$1 = (struct ifaddrs *) 0x55a64c323f18
(gdb) p ifa->ifa_addr
$2 = (struct sockaddr *) 0x0


^^^
ifa_addr is zero. And this is legal, getaddrinfo can return NULL for ifa_addr. In our case this happened for interface which had only the following address configured:

  inet6 fe80::1/128 scope link
Comment 2 Denis Silakov 2017-11-15 08:52:43 UTC 
Created attachment 1352445 [details]
Possible patch
Comment 3 Denis Silakov 2018-01-12 15:23:15 UTC 
Created attachment 1380451 [details]
Improved patch

Improved version of the patch. Should handle all possible failures we met in our tests.
Comment 4 Gerben Meijer 2018-05-04 10:37:50 UTC 
Works great on Debian package as well, thanks!
Comment 11 Aaron Conole 2019-09-09 17:48:20 UTC 
Created attachment 1613291 [details]
LLDPAD with proposed fix
Comment 21 loberman 2021-12-21 12:31:20 UTC 
We have a customer reporting this and I had given them a fix similar to this, but John Pittman then found this bug.

Customer is on 7.7.

Is the latest version of lldpad fixed now meaning this bug can be closed errata
Comment 22 loberman 2021-12-21 12:40:19 UTC 
Hello

Customer experienced this in 7.7 and I checked the latest package available and the fix is not in.

I had come up with a similar fix to the BZ here and gave them a test package.


The latest revision of this package is not fixed
lldpad-1.0.1-5.git036e314.el7.src.rpm



{
        struct ecp22_user_data *eud;
        struct ecp22 *ecp;

        LLDPAD_DBG("%s:%s start ecp\n", __func__, ifname);
        eud = find_module_user_data_by_id(&lldp_head, LLDP_MOD_ECP22);
        if (!eud) {
                LLDPAD_DBG("%s:%s no ECP module\n", __func__, ifname);
                return;
        }
        ecp = find_ecpdata(ifname, eud);
        if (!ecp)
                ecp = ecp22_create(ifname, eud);

The fix I gave them is this and its needed because they use docker and interfaces can leave the configuration.


void ecp22_start(char *ifname)
{
        struct ecp22_user_data *eud;
        struct ecp22 *ecp;

        LLDPAD_DBG("%s:%s start ecp\n", __func__, ifname);
        eud = find_module_user_data_by_id(&lldp_head, LLDP_MOD_ECP22);
        if (!eud) {
                LLDPAD_DBG("%s:%s no ECP module\n", __func__, ifname);
                return;
        }
        ecp = find_ecpdata(ifname, eud);
        if (!ecp)
                ecp = ecp22_create(ifname, eud);     /*** This is never checked for NULL ***/
        if (!ecp)                                    /*** If null because interface is gone just return **/
Comment 23 loberman 2021-12-21 13:13:56 UTC 
Opening again
Comment 25 John Pittman 2021-12-21 13:17:03 UTC 
Hi Aaron, could you please look at this and apply the patch from upstream for the next zstream?  Thanks!
Comment 27 loberman 2022-06-02 16:36:27 UTC 
Hello
Given this change is only specific to lldpad and that its not a kernel change so very narrow exposure
we are asking to get this into the latest possible change for 7.9 zstream please.
Comment 37 Matt Lucius 2022-07-11 16:02:11 UTC 
No luck so far reproducing using the information provided, including Aaron's suggestion to repeatedly bounce the IPv6 address.
Comment 44 errata-xmlrpc 2022-08-09 11:54:25 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (lldpad bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:5940
Note You need to log in before you can comment on or make changes to this bug.