[systemd-devel] [212] systemd-networkd crashes with simple network config

Kai Krakow hurikhan77 at gmail.com
Sun Mar 30 13:18:12 PDT 2014 

Tom Gundersen <teg at jklm.no> schrieb:

> On Sun, Mar 30, 2014 at 6:07 PM, Kai Krakow <hurikhan77 at gmail.com> wrote:
>> Tom Gundersen <teg at jklm.no> schrieb:
>>
>>>> Starting it from command line shows:
>>>>
>>>> # /usr/lib/systemd/systemd-networkd
>>>> enp4s0: link is up
>>>> enp4s0: carrier on
>>>> segmentation fault (core dumped)
>>>
>>> If you could reproduce this with debug symbols included, that would be
>>> very helpful (I cannot reproduce it here).
>>
>> I managed to get at least this backtrace. Somehow gdb did not autoload
>> the symbols for systemd from /usr/lib/debug/usr/lib/systemd...
>>
>> It is probably more helpful now (at least I hope).
>>
>> #0  0x0000003c49a82a7d in __libc_calloc (n=<optimized out>,
>> elem_size=<optimized out>) at malloc.c:3172
>>         av = 0x3c49da9640 <main_arena>
>>         oldtop = 0x6884d0
>>         p = <optimized out>
>>         bytes = 88
>>         sz = 88
>>         csz = <optimized out>
>>         oldtopsize = 23344
>>         mem = 0x6715f0
>>         clearsize = <optimized out>
>>         nclears = <optimized out>
>>         d = <optimized out>
>>         hook = <optimized out>
>>         __func__ = "__libc_calloc"
> 
> Hm, so the segfault happens in glibc... It is triggered by us calling
> calloc(1, 88), which I think is a supported thing to do ;) At least as
> far as I can tell this is not a bug on our side...

BTW: It works when running through valgrind:

==6041== Memcheck, a memory error detector
==6041== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==6041== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==6041== Command: /usr/lib/systemd/systemd-networkd
==6041== 
==6041== Conditional jump or move depends on uninitialised value(s)
==6041==    at 0x3C49617AB6: index (strchr.S:55)
==6041==    by 0x3C49607A12: expand_dynamic_string_token (dl-load.c:431)
==6041==    by 0x3C49608304: _dl_map_object (dl-load.c:2299)
==6041==    by 0x3C4960181D: map_doit (rtld.c:626)
==6041==    by 0x3C4960E985: _dl_catch_error (dl-error.c:177)
==6041==    by 0x3C496010EF: do_preload (rtld.c:815)
==6041==    by 0x3C496039D7: dl_main (rtld.c:1629)
==6041==    by 0x3C496152B7: _dl_sysdep_start (dl-sysdep.c:241)
==6041==    by 0x3C49604E94: _dl_start (rtld.c:331)
==6041==    by 0x3C49601637: ??? (in /lib64/ld-2.17.so)
==6041== 
==6041== Conditional jump or move depends on uninitialised value(s)
==6041==    at 0x3C49617ABB: index (strchr.S:58)
==6041==    by 0x3C49607A12: expand_dynamic_string_token (dl-load.c:431)
==6041==    by 0x3C49608304: _dl_map_object (dl-load.c:2299)
==6041==    by 0x3C4960181D: map_doit (rtld.c:626)
==6041==    by 0x3C4960E985: _dl_catch_error (dl-error.c:177)
==6041==    by 0x3C496010EF: do_preload (rtld.c:815)
==6041==    by 0x3C496039D7: dl_main (rtld.c:1629)
==6041==    by 0x3C496152B7: _dl_sysdep_start (dl-sysdep.c:241)
==6041==    by 0x3C49604E94: _dl_start (rtld.c:331)
==6041==    by 0x3C49601637: ??? (in /lib64/ld-2.17.so)
==6041== 
==6041== Invalid read of size 8
==6041==    at 0x40C617: rtnl_message_parse (rtnl-message.c:1090)
==6041==    by 0x40CB11: sd_rtnl_message_rewind (rtnl-message.c:1276)
==6041==    by 0x40CDA4: socket_read_message (rtnl-message.c:1213)
==6041==    by 0x417DE1: sd_rtnl_process (sd-rtnl.c:274)
==6041==    by 0x4180C2: io_callback (sd-rtnl.c:764)
==6041==    by 0x415C9D: source_dispatch (sd-event.c:1943)
==6041==    by 0x416500: sd_event_run (sd-event.c:2225)
==6041==    by 0x416A47: sd_event_loop (sd-event.c:2244)
==6041==    by 0x40401B: main (networkd.c:108)
==6041==  Address 0x4cd28e8 is 0 bytes after a block of size 264 alloc'd
==6041==    at 0x4A07462: calloc (vg_replace_malloc.c:593)
==6041==    by 0x40C59E: rtnl_message_parse (rtnl-message.c:1076)
==6041==    by 0x40CB11: sd_rtnl_message_rewind (rtnl-message.c:1276)
==6041==    by 0x40CDA4: socket_read_message (rtnl-message.c:1213)
==6041==    by 0x417DE1: sd_rtnl_process (sd-rtnl.c:274)
==6041==    by 0x4180C2: io_callback (sd-rtnl.c:764)
==6041==    by 0x415C9D: source_dispatch (sd-event.c:1943)
==6041==    by 0x416500: sd_event_run (sd-event.c:2225)
==6041==    by 0x416A47: sd_event_loop (sd-event.c:2244)
==6041==    by 0x40401B: main (networkd.c:108)
==6041== 
==6041== Invalid write of size 8
==6041==    at 0x40C62E: rtnl_message_parse (rtnl-message.c:1093)
==6041==    by 0x40CB11: sd_rtnl_message_rewind (rtnl-message.c:1276)
==6041==    by 0x40CDA4: socket_read_message (rtnl-message.c:1213)
==6041==    by 0x417DE1: sd_rtnl_process (sd-rtnl.c:274)
==6041==    by 0x4180C2: io_callback (sd-rtnl.c:764)
==6041==    by 0x415C9D: source_dispatch (sd-event.c:1943)
==6041==    by 0x416500: sd_event_run (sd-event.c:2225)
==6041==    by 0x416A47: sd_event_loop (sd-event.c:2244)
==6041==    by 0x40401B: main (networkd.c:108)
==6041==  Address 0x4cd28e8 is 0 bytes after a block of size 264 alloc'd
==6041==    at 0x4A07462: calloc (vg_replace_malloc.c:593)
==6041==    by 0x40C59E: rtnl_message_parse (rtnl-message.c:1076)
==6041==    by 0x40CB11: sd_rtnl_message_rewind (rtnl-message.c:1276)
==6041==    by 0x40CDA4: socket_read_message (rtnl-message.c:1213)
==6041==    by 0x417DE1: sd_rtnl_process (sd-rtnl.c:274)
==6041==    by 0x4180C2: io_callback (sd-rtnl.c:764)
==6041==    by 0x415C9D: source_dispatch (sd-event.c:1943)
==6041==    by 0x416500: sd_event_run (sd-event.c:2225)
==6041==    by 0x416A47: sd_event_loop (sd-event.c:2244)
==6041==    by 0x40401B: main (networkd.c:108)
==6041== 
enp4s0: link is up
enp4s0: carrier on
enp4s0: DHCPv4 address 192.168.4.45/24 via 192.168.4.254
enp4s0: link configured

-- 
Replies to list only preferred.

More information about the systemd-devel mailing list