Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 186801
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Roy Marples (RETIRED) <uberlord@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Norberto Bensa <nbensa@gmail.com>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:

Filename Description Type Creator Created Size Actions
dhcpcd-segfault.patch Don't free dhcp object on renew patch Roy Marples (RETIRED) 2007-07-28 15:29 0000 389 bytes Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 186801 depends on: Show dependency tree
Bug 186801 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-07-27 14:09 0000 
$ sudo dhcpcd -d -d -t 5 -h venkman -N eth0
Info, eth0: dhcpcd 3.1.1 starting
Info, eth0: hardware address = 00:16:17:b2:be:a1
Info, eth0: DUID = 00:01:00:01:0e:39:1d:a1:00:16:17:b2:be:a1
Info, eth0: broadcasting for a lease
Debug, eth0: sending DHCP_DISCOVER with xid 0x19b70a7e
Debug, eth0: waiting on select for 5 seconds
Debug, eth0: got a packet with xid 0x19b70a7e
Info, eth0: offered 192.168.1.250 from 192.168.1.254
Debug, eth0: sending DHCP_REQUEST with xid 0x19b70a7e
Debug, eth0: waiting on select for 5 seconds
Debug, eth0: got a packet with xid 0x19b70a7e
Info, eth0: checking 192.168.1.250 is available on attached networks
Debug, eth0: sending ARP probe #1
Debug, eth0: sending ARP probe #2
Debug, eth0: sending ARP probe #3
Debug, eth0: sending ARP claim #1
Debug, eth0: sending ARP claim #2
Info, eth0: leased 192.168.1.250 for 14400 seconds
Debug, eth0: renew in 7200 seconds
Debug, eth0: rebind in 12600 seconds
Info, eth0: adding IP address 192.168.1.250/24
Info, eth0: adding default route via 192.168.1.254 metric 0
Debug, eth0: writing /etc/resolv.conf
Debug, eth0: writing /var/lib/dhcpcd/dhcpcd-eth0.info
Debug, eth0: waiting on select for 7200 seconds
Info, eth0: renewing lease of 192.168.1.250
Debug, eth0: sending DHCP_REQUEST with xid 0x41950d85
Debug, eth0: waiting on select for 5400 seconds
Debug, eth0: got a packet with xid 0x41950d85
Segmentation fault


$ sudo emerge --info
Portage 2.1.3_rc9 (default-linux/x86/2007.0/desktop, gcc-4.2.0, glibc-2.6-r0,
2.6.22-gentoo-r1-cfs-v19 i686)
=================================================================
System uname: 2.6.22-gentoo-r1-cfs-v19 i686 Intel(R) Core(TM)2 CPU 6600 @
2.40GHz
Gentoo Base System release 1.12.10
Timestamp of tree: Fri, 27 Jul 2007 08:00:01 +0000
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.5.1-r2
dev-python/pycrypto: 2.0.1-r6
sys-apps/sandbox:    1.2.18.1
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.22-r2
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/init.d
/etc/revdep-rebuild /etc/splash /etc/terminfo /usr/X11R6/lib/X11/xkb"
CXXFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="distlocks metadata-transfer sandbox sfperms strict unmerge-orphans
userpriv usersandbox"
GENTOO_MIRRORS="http://distfiles.gentoo.org
http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LANG="en_US.UTF-8"
LC_ALL="en_US.UTF-8"
MAKEOPTS="-j5"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude=/distfiles --exclude=/local --exclude=/packages
--filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/layman/xeffects
/usr/portage/local/layman/sunrise /usr/portage/local/layman/vmware
/usr/portage/local/zoolook"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="7zip X X509 a52 aac accessibility acl acpi activefilter addbookmarks
additions adns aiglx aim akode alias alisp alsa amr ao ares arts
artswrappersuid async audiofile autoipd autoreplace avantgo berkdb binfilter
blender-game bluetooth branding browserplugin bsf bzip2 cairo canvas caps cdda
cddb cdinstall cdparanoia cdr chroot commercial connectionstatus contactnotes
cracklib crypt css cups curl custom-cflags custom-flags daap dbus deprecated
device-mapper dhcp disk-partition divx divx4linux djbfft dlloader dmi dri dts
dv dvb dvd dvdr dvdread dxr3 ecc emovix encode exif expat extensions faad fame
fat ffmpeg fftw firefox flac floppyboot fontconfig fping fpx freetype ft fuse
gadu gd gdbm gif glib glibc-omitfp glitz glut gmedia gmp gpg2-experimental
gpgme gphoto2 gpm graphviz groupwise gs gsm gstreamer gtk gtk2 gtkhtml hal
hardware-carrier hfs highlight history howl icq id3 ide idea idn ieee1394 ifp
ilbc imagemagick imap imlib insecure-savers ipod irc irda irmc ithreads jabber
jack java javascript jfs jingle jpeg jpeg2k js justify kde kdeenablefinal
kdepim kipi kqemu krb4 ladspa lame lcms ldap libedit libsamplerate lm_sensors
lua lzo lzw-tiff mad madwifi mbrola meanwhile midi mikmod mjpeg mmap mmx mng
mod modplug module mono motif mozbranding mozcalendar mozdevelop mozilla mozsvg
mp3 mp4 mp4live mpeg mpeg2 mpi mplayer msn mtp multiuser musepack musicbrainz
mysql nas ncurses net netboot netmeeting network newspr nfs nis nomalloccheck
nowlistening nptl nptlonly nsplugin nss ntfs numeric nvidia obex offensive ogg
oggvorbis on-the-fly-crypt openal openexr opengl ortp overlays pam pam_chroot
pam_timestamp pccts pch pcre pda pdf perl physfs pic png prediction pulseaudio
pwdb python qq qt qt3 qt3support qt4 quicktime radius readline real realmedia
reiser4 reiserfs restrict-javascript rle rtc rtsp ruby samba sametime sasl
scanner server sftplogging shout silc slang smime sms smtp sndfile sound speex
spell sqlite sqlite3 sse sse2 ssl startup-notification statistics stream
subtitles svg sysfs syslog system-libvncserver taglib tcl tcltk tcpd teamarena
texteffect theora threads tiff timidity tk translator transmitter truetype
truetype-fonts ucs2 udev unicode usb userlocales utempter v4l v4l2 vcd vdesktop
vditool vdr vidix visualization vorbis vorbis-psy wavpack webpresence wifi
win32codecs winpopup wmf wmp wxwindows x264 x86 xanim xattr xcb xcomposite
xface xforms xfs xine xml xml2 xorg xpm xprint xscreensaver xsl xv xvid xvmc
yahoo yp zephyr zlib" ALSA_CARDS="emu10k1 hda-intel intel8x0 intel8x0m via82xx
via82xx-modem atiixp atiixp-modem" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix
dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter
mulaw multi null plug rate route share shm softvol" CAMERAS="adc65 agfa-cl20
aox barbie canon casio clicksmart310 digigr8 digita dimera directory enigma13
fuji gsmart300 hp215 iclick jamcam jd11 kodak konica largan lg_gsm mars minolta
mustek panasonic pccam300 pccam600 polaroid ptp2 ricoh samsung sierra sipix
smal sonix sonydscf1 sonydscf55 soundvision spca50x sq905 stv0674 stv0680
sx330z template toshiba" ELIBC="glibc" INPUT_DEVICES="evdev keyboard mouse"
KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001
mtxorb ncurses text" LIRC_DEVICES="all" USERLAND="GNU" VIDEO_CARDS="nvidia"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, LINGUAS,
PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

------- Comment #1 From Dmitry Karasik 2007-07-27 15:45:01 0000 ------- 
It consistently segfaults for me trying to renew the lease. I can reproduce
every time by sending SIGALRM to dhcpcd.

Here's a back trace:

#0  0x0805238f in free_route (routes=0x805a310) at interface.c:80
        p = (route_t *) 0x61
        n = (route_t *) 0x61
#1  0x0804e182 in free_dhcp (dhcp=0x805a258) at dhcp.c:419
No locals.
#2  0x0804b232 in dhcp_run (options=0xbf8c8584, pidfd=0xbf8c8560) at
client.c:599
        valid = 1
        new_dhcp = (struct dhcp_t *) 0x805a0f0
        iface = (interface_t *) 0x8058008
        mode = 1
        state = 4
        tv = {tv_sec = 2, tv_usec = 996666}
        xid = 322095066
        timeout = 12150
        rset = {fds_bits = {128, 0 <repeats 31 times>}}
        maxfd = 7
        retval = 1
        message = {op = 2 '\002', hwtype = 1 '\001', hwlen = 6 '\006',
hwopcount = 1 '\001', xid = 322095066, secs = 0, flags = 0,
  ciaddr = 583408137, yiaddr = 583408137, siaddr = 0, giaddr = 29760009, chaddr
= "\000\fv\202°d\000\000\000\000\000\000\000\000\000",
  servername = '\0' <repeats 63 times>, bootfile = '\0' <repeats 127 times>,
cookie = 1666417251,
  options =
"5\001\0056\004\t\032À(3\004\000\000~\220:\004\000\000?H;\004\000\000n¾\001\004ÿÿÿ\000\034\004\t\032Æÿ\003\004\t\032Æ\001\017\016ottawa.ibm.com\006\b\t\032À(\t\032Ä)ÿ",
'\0' <repeats 1141 times>}
        dhcp = (dhcp_t *) 0x805a258
        type = 5
        last_type = 3
        daemonised = true
        start = 934263
        last_send = 934263
        sig = 0
        buffer = (unsigned char *) 0x80590e8 ""
        buffer_len = 340
        buffer_pos = 0
#3  0x080509ad in main (argc=4, argv=0xbf8c9844) at dhcpcd.c:487
        options = {interface = "eth0", '\0' <repeats 11 times>, hostname =
"wsdkarasik", '\0' <repeats 53 times>, fqdn = 0,
  classid = "dhcpcd 3.1.1", '\0' <repeats 35 times>, classid_len = 12, clientid
= '\0' <repeats 47 times>, clientid_len = 0,
  userclass = '\0' <repeats 254 times>, userclass_len = 0, leasetime = 0,
timeout = 20, metric = 0, doarp = true, dodns = true,
  dodomainname = false, dogateway = true, dohostname = 0, domtu = true, donis =
true, dontp = true, dolastlease = false, doinform = false,
  dorequest = false, doipv4ll = true, request_address = {s_addr = 0},
request_netmask = {s_addr = 0}, signal = 0, persistent = false,
  keep_address = false, daemonise = true, test = false, script = 0x8055d01
"/etc/dhcpcd.sh",
  pidfile = "/var/run/dhcpcd-eth0.pid", '\0' <repeats 4071 times>}
        doversion = 0
        dohelp = 0
        userclasses = 0
        opt = -1
        option_index = 0
        prefix = "eth0: ", '\0' <repeats 12 times>
        pid = 6858
        debug = 0
        i = 0
        pidfd = 3
        longopts = {{name = 0x8055c2c "arp", has_arg = 0, flag = 0x0, val =
97}, {name = 0x8055c30 "script", has_arg = 1, flag = 0x0,
    val = 99}, {name = 0x8055c37 "debug", has_arg = 0, flag = 0x0, val = 100},
{name = 0x8055c3d "hostname", has_arg = 2, flag = 0x0,
    val = 104}, {name = 0x8055c46 "classid", has_arg = 2, flag = 0x0, val =
105}, {name = 0x8055c4e "release", has_arg = 0, flag = 0x0,
    val = 107}, {name = 0x8055c56 "leasetime", has_arg = 1, flag = 0x0, val =
108}, {name = 0x8055c60 "metric", has_arg = 1, flag = 0x0,
    val = 109}, {name = 0x8055c67 "renew", has_arg = 0, flag = 0x0, val = 110},
{name = 0x8055c6d "persistent", has_arg = 0, flag = 0x0,
    val = 112}, {name = 0x8055c78 "inform", has_arg = 2, flag = 0x0, val =
115}, {name = 0x8055c7f "request", has_arg = 2, flag = 0x0,
    val = 114}, {name = 0x8055c87 "timeout", has_arg = 1, flag = 0x0, val =
116}, {name = 0x8055c8f "userclass", has_arg = 1, flag = 0x0,
    val = 117}, {name = 0x8055c99 "lastlease", has_arg = 0, flag = 0x0, val =
69}, {name = 0x8055ca3 "fqdn", has_arg = 1, flag = 0x0,
    val = 70}, {name = 0x8055ca8 "nogateway", has_arg = 0, flag = 0x0, val =
71}, {name = 0x8055cb2 "sethostname", has_arg = 0, flag = 0x0,
    val = 72}, {name = 0x8055cbe "clientid", has_arg = 2, flag = 0x0, val =
73}, {name = 0x8055cc7 "noipv4ll", has_arg = 0, flag = 0x0,
    val = 76}, {name = 0x8055cd0 "nomtu", has_arg = 0, flag = 0x0, val = 77},
{name = 0x8055cd6 "nontp", has_arg = 0, flag = 0x0, val = 78},
  {name = 0x8055cdc "nodns", has_arg = 0, flag = 0x0, val = 82}, {name =
0x8055ce2 "test", has_arg = 0, flag = 0x0, val = 84}, {
    name = 0x8055ce7 "nonis", has_arg = 0, flag = 0x0, val = 89}, {name =
0x8055ced "help", has_arg = 0, flag = 0xbf8c857c, val = 1}, {
    name = 0x8055cf2 "version", has_arg = 0, flag = 0xbf8c8580, val = 1}, {name
= 0x0, has_arg = 0, flag = 0x0, val = 0}}

------- Comment #2 From Dmitry Karasik 2007-07-27 16:22:49 0000 ------- 
What happens is that the dhcp structure is freed at client.c:505, but pointers
are not cleared. Then it is freed again at client.c:599

This patch fixes it for me:

--- client.c.old        2007-07-27 12:17:14.006505915 -0400
+++ client.c    2007-07-27 12:16:47.008361414 -0400
@@ -508,6 +508,7 @@
                                        SOCKET_MODE (SOCKET_OPEN);
                                        SEND_MESSAGE (DHCP_REQUEST);
                                        timeout = dhcp->rebindtime -
dhcp->renewaltime;
+                                       memset (dhcp, 0, sizeof (dhcp_t));
                                        state = STATE_REBINDING;
                                        break;
                                case STATE_REBINDING:

------- Comment #3 From Norberto Bensa 2007-07-28 02:57:21 0000 ------- 
Patch fixes the problem. Many thanks Dmitry!

------- Comment #4 From Roy Marples (RETIRED) 2007-07-28 15:29:02 0000 ------- 
Created an attachment (id=126236) [details]
Don't free dhcp object on renew

I don't think we should be freeing the object there anyway.
Try this patch instead :)

------- Comment #5 From Norberto Bensa 2007-07-28 18:14:23 0000 ------- 
Thanks Roy, your patch works too.

------- Comment #6 From Roy Marples (RETIRED) 2007-07-31 10:06:04 0000 ------- 
Fixed in 3.1.2, thanks
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug