Red Hat Bugzilla – Bug 154014
tc segfaults when parsing some erronous parameters
Last modified: 2007-11-30 17:07:17 EST
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050323 Firefox/1.0.2 Fedora/1.0.2-1.3.1 Description of problem: tc segfaults when parsing some erronous parameters Version-Release number of selected component (if applicable): iproute-2.6.9-3 How reproducible: Always Steps to Reproduce: 1. tc qdisc add dev eth0 handle ffff: police rate 1kbit 2. 3. Actual Results: gdb tc (gdb) set args qdisc add dev eth0 handle ffff: police rate 1kbit (gdb) r Starting program: /sbin/tc qdisc add dev eth0 handle ffff: police rate 1kbit Program received signal SIGSEGV, Segmentation fault. 0x00006563 in ?? () (gdb) bt full #0 0x00006563 in ?? () No symbol table info available. #1 0x0804b65f in tc_qdisc_modify (cmd=0, flags=1536, argc=2, argv=0xbfff7094) at tc_qdisc.c:130 handle = 4294901760 rth = {fd = 0, local = {nl_family = 27708, nl_pad = 49151, nl_pid = 5922819, nl_groups = 164458504}, peer = { nl_family = 53236, nl_pad = 102, nl_pid = 6744064, nl_groups = 164458504}, seq = 3221187672, dump = 5933818} q = (struct qdisc_util *) 0x8063220 est = {interval = 0 '\0', ewma_log = 0 '\0'} d = "eth0", '\0' <repeats 11 times> k = "police\000\000\000\000\000\000\000\000\000" req = {n = {nlmsg_len = 47, nlmsg_type = 36, nlmsg_flags = 1537, nlmsg_seq = 0, nlmsg_pid = 0}, t = { tcm_family = 0 '\0', tcm__pad1 = 0 '\0', tcm__pad2 = 0, tcm_ifindex = 0, tcm_handle = 4294901760, tcm_parent = 0, tcm_info = 0}, buf = "\v\000\001\000police", '\0' <repeats 65525 times>} #2 0x0804c0d1 in do_qdisc (argc=8, argv=0xbfff707c) at tc_qdisc.c:359 No locals. #3 0x0804b0bd in main (argc=10, argv=0xbfff7074) at tc.c:288 batch = (FILE *) 0xbfff7074 ... largc = -1073778572 (gdb) Expected Results: There must be an error message about the missing parameters Additional info:
I've just managed to close those 15 empty bugs you've submited to me.... Which kernel are you currently using? I've never played with queueing policy, so I'm not sure how can I reproduce it. When calling your step I get an error message Unknown qdisc "police", hence option "rate" is unparsable Which seems like a correct error message to me. Or do I need to specify "police" somehow before doing this step?
Sorry for the empty bug reports but bugzilla send an error 500. I had to remove some stuff from gdb output to get the message accepted. It seems you got the correct error message I have been able to reproduce the bug on 3 servers - kernel-2.6.10-1.770_FC3 glibc-2.3.4-2.fc3 - kernel-2.6.10-1.770_FC3 glibc-2.3.4-10 - kernel-2.6.9-1.724_FC3 glibc-2.3.4-2.fc3 There is no prior configuration to setup, you don't even need to have a valid interface or to be root. sh-3.00$ /sbin/tc qdisc add dev fakedev handle ffff: police rate 1kbit Segmentation fault Old version iproute-2.4.7-7.90.1 (RH9) and iproute-2.4.7-14 (FC2) are not affected /sbin/tc qdisc add dev fakedev handle ffff: police rate 1kbit Unknown qdisc "police", hence option "rate" is unparsable
Ok, I've managed to reproduce this bug on a RHEL4 system. My machine doesn't seem to be affected and also new version of iproute doesn't have this issue. Can you also please try the latest iproute from devel branch? (iproute-2.6.11-2)
Only version 2.6.11-1 is avaible at http://download.fedora.redhat.com/pub/fedora/linux/core/development/SRPMS I have rebuild it under FC3, version 2.6.11-1 is not affected by this bug
I'm moving this bugzilla to RHEL4.
The patch iproute2-2.6.9-tc.patch that is in the U4 beta breaks tc when using it for traffic shaping with the popular wshaper script. This will need to be fixed before U4 can ship.
*** Bug 200651 has been marked as a duplicate of this bug. ***
Created attachment 133318 [details] structures.patch Proposed patch for this issue.
Comment on attachment 133318 [details] structures.patch >- table = calloc(sizeof(double), TABLESIZE); >+ table = calloc(TABLESIZE+1, sizeof(double)); Small change in previous attachment
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2007-0184.html