Sam Roberts wrote:
On Thu, Feb 19, 2009 at 4:47 AM, Philipp Kolmann <phil...@kolmann.at> wrote:
I have just upgraded to Lenny and wanted to set an IPv6 adress via
heartbeat's IPv6addr tool:
Did you apply my patch?
Now I did. I have not seen this crash with your patch anymore.
scs1:/etc/heartbeat/resource.d# ./IPv6addr 2001:629:3800:33::122 start
*** glibc detected *** /usr/lib/ocf/resource.d//heartbeat/IPv6addr: free():
invalid next size (fast): 0x00000000006042b0 ***
======= Backtrace: =========
/lib/libc.so.6[0x2b1f3250d948]
/lib/libc.so.6(cfree+0x76)[0x2b1f3250fa56]
/usr/lib/libnet.so.1(libnet_write+0x10b)[0x2b1f31c0cb6b]
This isn't enough information to debug.
I can give you information about how to modify the libnet source to
more clearly see what is happening if my patch doesn' work for you. I
fixed ipv4 related code, but your executable name suggests you're
using ipv6, so the specific patch might not help.
Easiest for me would be if you can show me how to reproduce this, or
where the code is thats constructing the pblock chain being passed to
libnet_write.
The program triggering this bug is IPv6addr:
http://hg.vergenet.net/linux-ha/dev/file/774ee922abe7/resources/OCF/IPv6addr.c
with gdb I see the following BT:
#0 0x00007fbcaa244ed5 in raise () from /lib/libc.so.6
#1 0x00007fbcaa2463f3 in abort () from /lib/libc.so.6
#2 0x00007fbcaa2813a8 in ?? () from /lib/libc.so.6
#3 0x00007fbcaa286948 in ?? () from /lib/libc.so.6
#4 0x00007fbcaa288a56 in free () from /lib/libc.so.6
#5 0x00007fbcab2e1b6b in libnet_write () from /usr/lib/libnet.so.1
#6 0x0000000000401fce in send_ua (src_ip=0x7fffb33f5560, if_name=<value
optimized out>) at IPv6addr.c:418
#7 0x0000000000402710 in main (argc=<value optimized out>, argv=<value
optimized out>) at IPv6addr.c:309
send_ua is here:
/* Send an unsolicited advertisement packet
* Please refer to rfc2461
*/
int
send_ua(struct in6_addr* src_ip, char* if_name)
{
int status = -1;
libnet_t *l;
char errbuf[LIBNET_ERRBUF_SIZE];
struct libnet_in6_addr dst_ip;
struct libnet_ether_addr *mac_address;
char payload[24];
if ((l=libnet_init(LIBNET_RAW6, if_name, errbuf)) == NULL) {
cl_log(LOG_ERR, "libnet_init failure on %s", if_name);
goto err;
}
mac_address = libnet_get_hwaddr(l);
if (!mac_address) {
cl_log(LOG_ERR, "libnet_get_hwaddr: %s", errbuf);
goto err;
}
dst_ip = libnet_name2addr6(l, BCAST_ADDR, LIBNET_DONT_RESOLVE);
memcpy(payload,src_ip->s6_addr,16);
payload[16] = 2; /* 2 for Target Link-layer Address */
payload[17] = 1; /* The length of the option */
memcpy(payload+18,mac_address->ether_addr_octet, 6);
libnet_seed_prand(l);
/* 0x2000: RSO */
libnet_build_icmpv4_echo(136,0,0,0x2000,0,(u_int8_t *)payload
,sizeof(payload), l, LIBNET_PTAG_INITIALIZER);
libnet_build_ipv6(0,0,LIBNET_ICMPV6_H +
sizeof(payload),IPPROTO_ICMP6,
255,*(struct libnet_in6_addr*)src_ip,
dst_ip,NULL,0,l,0);
if (libnet_write(l) == -1)
^^^^^^^^^^^^^^^^^^^^
here happens the crash
{
cl_log(LOG_ERR, "libnet_write: %s", libnet_geterror(l));
goto err;
}
status = 0;
err:
libnet_destroy(l);
return status;
}
thanks
Philipp
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
