[systemd-devel] [212] systemd-networkd crashes with simple network config
Tom Gundersen
teg at jklm.no
Sun Mar 30 15:28:16 PDT 2014
On Sun, Mar 30, 2014 at 10:18 PM, Kai Krakow <hurikhan77 at gmail.com> wrote:
> Tom Gundersen <teg at jklm.no> schrieb:
>
>> On Sun, Mar 30, 2014 at 6:07 PM, Kai Krakow <hurikhan77 at gmail.com> wrote:
>>> Tom Gundersen <teg at jklm.no> schrieb:
>>>
>>>>> Starting it from command line shows:
>>>>>
>>>>> # /usr/lib/systemd/systemd-networkd
>>>>> enp4s0: link is up
>>>>> enp4s0: carrier on
>>>>> segmentation fault (core dumped)
>>>>
>>>> If you could reproduce this with debug symbols included, that would be
>>>> very helpful (I cannot reproduce it here).
>>>
>>> I managed to get at least this backtrace. Somehow gdb did not autoload
>>> the symbols for systemd from /usr/lib/debug/usr/lib/systemd...
>>>
>>> It is probably more helpful now (at least I hope).
>>>
>>> #0 0x0000003c49a82a7d in __libc_calloc (n=<optimized out>,
>>> elem_size=<optimized out>) at malloc.c:3172
>>> av = 0x3c49da9640 <main_arena>
>>> oldtop = 0x6884d0
>>> p = <optimized out>
>>> bytes = 88
>>> sz = 88
>>> csz = <optimized out>
>>> oldtopsize = 23344
>>> mem = 0x6715f0
>>> clearsize = <optimized out>
>>> nclears = <optimized out>
>>> d = <optimized out>
>>> hook = <optimized out>
>>> __func__ = "__libc_calloc"
>>
>> Hm, so the segfault happens in glibc... It is triggered by us calling
>> calloc(1, 88), which I think is a supported thing to do ;) At least as
>> far as I can tell this is not a bug on our side...
>
> BTW: It works when running through valgrind:
>
> ==6041== Memcheck, a memory error detector
> ==6041== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
> ==6041== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
> ==6041== Command: /usr/lib/systemd/systemd-networkd
> ==6041==
> ==6041== Conditional jump or move depends on uninitialised value(s)
> ==6041== at 0x3C49617AB6: index (strchr.S:55)
> ==6041== by 0x3C49607A12: expand_dynamic_string_token (dl-load.c:431)
> ==6041== by 0x3C49608304: _dl_map_object (dl-load.c:2299)
> ==6041== by 0x3C4960181D: map_doit (rtld.c:626)
> ==6041== by 0x3C4960E985: _dl_catch_error (dl-error.c:177)
> ==6041== by 0x3C496010EF: do_preload (rtld.c:815)
> ==6041== by 0x3C496039D7: dl_main (rtld.c:1629)
> ==6041== by 0x3C496152B7: _dl_sysdep_start (dl-sysdep.c:241)
> ==6041== by 0x3C49604E94: _dl_start (rtld.c:331)
> ==6041== by 0x3C49601637: ??? (in /lib64/ld-2.17.so)
> ==6041==
> ==6041== Conditional jump or move depends on uninitialised value(s)
> ==6041== at 0x3C49617ABB: index (strchr.S:58)
> ==6041== by 0x3C49607A12: expand_dynamic_string_token (dl-load.c:431)
> ==6041== by 0x3C49608304: _dl_map_object (dl-load.c:2299)
> ==6041== by 0x3C4960181D: map_doit (rtld.c:626)
> ==6041== by 0x3C4960E985: _dl_catch_error (dl-error.c:177)
> ==6041== by 0x3C496010EF: do_preload (rtld.c:815)
> ==6041== by 0x3C496039D7: dl_main (rtld.c:1629)
> ==6041== by 0x3C496152B7: _dl_sysdep_start (dl-sysdep.c:241)
> ==6041== by 0x3C49604E94: _dl_start (rtld.c:331)
> ==6041== by 0x3C49601637: ??? (in /lib64/ld-2.17.so)
> ==6041==
> ==6041== Invalid read of size 8
> ==6041== at 0x40C617: rtnl_message_parse (rtnl-message.c:1090)
> ==6041== by 0x40CB11: sd_rtnl_message_rewind (rtnl-message.c:1276)
> ==6041== by 0x40CDA4: socket_read_message (rtnl-message.c:1213)
> ==6041== by 0x417DE1: sd_rtnl_process (sd-rtnl.c:274)
> ==6041== by 0x4180C2: io_callback (sd-rtnl.c:764)
> ==6041== by 0x415C9D: source_dispatch (sd-event.c:1943)
> ==6041== by 0x416500: sd_event_run (sd-event.c:2225)
> ==6041== by 0x416A47: sd_event_loop (sd-event.c:2244)
> ==6041== by 0x40401B: main (networkd.c:108)
> ==6041== Address 0x4cd28e8 is 0 bytes after a block of size 264 alloc'd
> ==6041== at 0x4A07462: calloc (vg_replace_malloc.c:593)
> ==6041== by 0x40C59E: rtnl_message_parse (rtnl-message.c:1076)
> ==6041== by 0x40CB11: sd_rtnl_message_rewind (rtnl-message.c:1276)
> ==6041== by 0x40CDA4: socket_read_message (rtnl-message.c:1213)
> ==6041== by 0x417DE1: sd_rtnl_process (sd-rtnl.c:274)
> ==6041== by 0x4180C2: io_callback (sd-rtnl.c:764)
> ==6041== by 0x415C9D: source_dispatch (sd-event.c:1943)
> ==6041== by 0x416500: sd_event_run (sd-event.c:2225)
> ==6041== by 0x416A47: sd_event_loop (sd-event.c:2244)
> ==6041== by 0x40401B: main (networkd.c:108)
> ==6041==
> ==6041== Invalid write of size 8
> ==6041== at 0x40C62E: rtnl_message_parse (rtnl-message.c:1093)
> ==6041== by 0x40CB11: sd_rtnl_message_rewind (rtnl-message.c:1276)
> ==6041== by 0x40CDA4: socket_read_message (rtnl-message.c:1213)
> ==6041== by 0x417DE1: sd_rtnl_process (sd-rtnl.c:274)
> ==6041== by 0x4180C2: io_callback (sd-rtnl.c:764)
> ==6041== by 0x415C9D: source_dispatch (sd-event.c:1943)
> ==6041== by 0x416500: sd_event_run (sd-event.c:2225)
> ==6041== by 0x416A47: sd_event_loop (sd-event.c:2244)
> ==6041== by 0x40401B: main (networkd.c:108)
> ==6041== Address 0x4cd28e8 is 0 bytes after a block of size 264 alloc'd
> ==6041== at 0x4A07462: calloc (vg_replace_malloc.c:593)
> ==6041== by 0x40C59E: rtnl_message_parse (rtnl-message.c:1076)
> ==6041== by 0x40CB11: sd_rtnl_message_rewind (rtnl-message.c:1276)
> ==6041== by 0x40CDA4: socket_read_message (rtnl-message.c:1213)
> ==6041== by 0x417DE1: sd_rtnl_process (sd-rtnl.c:274)
> ==6041== by 0x4180C2: io_callback (sd-rtnl.c:764)
> ==6041== by 0x415C9D: source_dispatch (sd-event.c:1943)
> ==6041== by 0x416500: sd_event_run (sd-event.c:2225)
> ==6041== by 0x416A47: sd_event_loop (sd-event.c:2244)
> ==6041== by 0x40401B: main (networkd.c:108)
> ==6041==
> enp4s0: link is up
> enp4s0: carrier on
> enp4s0: DHCPv4 address 192.168.4.45/24 via 192.168.4.254
> enp4s0: link configured
Thanks, that's useful. I'll have a look.
Cheers,
Tom
More information about the systemd-devel
mailing list