Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Description of problem:
lldpad can crash on certain network configurations
Version-Release number of selected component (if applicable):
lldpad-1.0.1-3.git036e314
How reproducible:
On certain network configuration - always
After one of our autotests, abrt reports that lldpad killed by SIGSEGV.
Report contains the following backtrace:
Program terminated with signal 11, Segmentation fault.
#0 0x0000562b97f6dbcc in get_saddr6 (ifname=ifname@entry=0x562b993d97c0 "vethfd5c38f1", saddr=saddr@entry=0x7ffed42e4870) at lldp_util.c:1043
1043 if ((ifa->ifa_addr->sa_family == AF_INET6) &&
(gdb) bt
#0 0x0000562b97f6dbcc in get_saddr6 (ifname=ifname@entry=0x562b993d97c0 "vethfd5c38f1", saddr=saddr@entry=0x7ffed42e4870) at lldp_util.c:1043
#1 0x0000562b97f6dc71 in get_ipaddr6 (ifname=ifname@entry=0x562b993d97c0 "vethfd5c38f1", in6=in6@entry=0x7ffed42e48e2) at lldp_util.c:1060
#2 0x0000562b97f6e863 in mand_bld_portid_tlv (md=md@entry=0x562b993d97c0, agent=0x562b993d8a60) at lldp_mand.c:382
#3 0x0000562b97f6ec85 in mand_bld_tlv (md=md@entry=0x562b993d97c0, agent=agent@entry=0x562b993d8a60) at lldp_mand.c:475
#4 0x0000562b97f6f17c in mand_ifup (ifname=0x7ffed42e4cf0 "vethfd5c38f1", agent=0x562b993d8a60) at lldp_mand.c:606
#5 0x0000562b97f555a5 in oper_add_device (device_name=device_name@entry=0x7ffed42e4cf0 "vethfd5c38f1") at event_iface.c:218
#6 0x0000562b97f55f0e in event_if_decode_nlmsg (len=<optimized out>, data=0x7ffed42e4d10, route_type=16) at event_iface.c:313
#7 event_if_process_recvmsg (nlmsg=0x7ffed42e4d00) at event_iface.c:334
#8 event_iface_receive (sock=<optimized out>, eloop_ctx=<optimized out>, sock_ctx=<optimized out>) at event_iface.c:412
#9 0x0000562b97f56504 in eloop_sock_table_dispatch (table=table@entry=0x562b981acbf0 <eloop+16>, fds=fds@entry=0x562b993d3140) at eloop.c:209
#10 0x0000562b97f56c73 in eloop_run () at eloop.c:526
#11 0x0000562b97f512ea in main (argc=<optimized out>, argv=<optimized out>) at lldpad.c:459
(gdb) p ifa
$1 = (struct ifaddrs *) 0x55a64c323f18
(gdb) p ifa->ifa_addr
$2 = (struct sockaddr *) 0x0
^^^
ifa_addr is zero. And this is legal, getaddrinfo can return NULL for ifa_addr. In our case this happened for interface which had only the following address configured:
inet6 fe80::1/128 scope link
We have a customer reporting this and I had given them a fix similar to this, but John Pittman then found this bug.
Customer is on 7.7.
Is the latest version of lldpad fixed now meaning this bug can be closed errata
Hello
Customer experienced this in 7.7 and I checked the latest package available and the fix is not in.
I had come up with a similar fix to the BZ here and gave them a test package.
The latest revision of this package is not fixed
lldpad-1.0.1-5.git036e314.el7.src.rpm
{
struct ecp22_user_data *eud;
struct ecp22 *ecp;
LLDPAD_DBG("%s:%s start ecp\n", __func__, ifname);
eud = find_module_user_data_by_id(&lldp_head, LLDP_MOD_ECP22);
if (!eud) {
LLDPAD_DBG("%s:%s no ECP module\n", __func__, ifname);
return;
}
ecp = find_ecpdata(ifname, eud);
if (!ecp)
ecp = ecp22_create(ifname, eud);
The fix I gave them is this and its needed because they use docker and interfaces can leave the configuration.
void ecp22_start(char *ifname)
{
struct ecp22_user_data *eud;
struct ecp22 *ecp;
LLDPAD_DBG("%s:%s start ecp\n", __func__, ifname);
eud = find_module_user_data_by_id(&lldp_head, LLDP_MOD_ECP22);
if (!eud) {
LLDPAD_DBG("%s:%s no ECP module\n", __func__, ifname);
return;
}
ecp = find_ecpdata(ifname, eud);
if (!ecp)
ecp = ecp22_create(ifname, eud); /*** This is never checked for NULL ***/
if (!ecp) /*** If null because interface is gone just return **/
Hello
Given this change is only specific to lldpad and that its not a kernel change so very narrow exposure
we are asking to get this into the latest possible change for 7.9 zstream please.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (lldpad bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2022:5940