[systemd-bugs] [Bug 88340] New: Wierd Segfault in sd_rtnl_message_unref (libnss_myhostname.so.2 by sshd )
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Mon Jan 12 13:13:41 PST 2015
https://bugs.freedesktop.org/show_bug.cgi?id=88340
Bug ID: 88340
Summary: Wierd Segfault in sd_rtnl_message_unref
(libnss_myhostname.so.2 by sshd )
Product: systemd
Version: unspecified
Hardware: x86-64 (AMD64)
OS: Linux (All)
Status: NEW
Severity: critical
Priority: medium
Component: general
Assignee: systemd-bugs at lists.freedesktop.org
Reporter: svenne at krap.dk
QA Contact: systemd-bugs at lists.freedesktop.org
On Arch X64 using 218-1 (first packaging of 218) I have run into the
following wierd problem.
When trying to connect to a ssh server running dualstack (both ipv4 and
ipv6) by ipv6, ssh segfaults when I have loaded the full ipv4 bgp
routing table (~500k+ routes). IPv4 connections works for some reason,
and Ipv6 recovers if I kill the routing daemon (bird).
The stack trace of the core-file starts with
Stack trace of thread 515:
#0 0x00007f48334a3dd5 _int_free (libc.so.6)
#1 0x00007f4834a1e62a sd_rtnl_message_unref (libnss_myhostname.so.2)
#2 0x00007f4834a1e657 sd_rtnl_message_unref (libnss_myhostname.so.2)
And continues with that line (#1 and #2) until frame 63.
I have looked in src/libsystemd/sd-rtnl/rtnl-message.c and have two
observations (my C is very rusty so feel free to correct me).
Line 589, shouldn't the line
if (m && REFCNT_DEC(m->n_ref) <=3D 0) {
be
if (m && REFCNT_DEC(m->n_ref) >=3D 0) {
(I.e. greater-than-equal instead of less-than-equal)
Also, perhaps a test of whether m->next is equal to m on line 597....
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-bugs/attachments/20150112/e2865aee/attachment.html>
More information about the systemd-bugs
mailing list