Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 186801 - net-misc/dhcpcd 3.1.1 segfaults
Summary: net-misc/dhcpcd 3.1.1 segfaults
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: x86 Linux
: High normal (vote)
Assignee: Roy Marples (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-07-27 14:09 UTC by Norberto Bensa
Modified: 2007-07-31 10:06 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Don't free dhcp object on renew (dhcpcd-segfault.patch,389 bytes, patch)
2007-07-28 15:29 UTC, Roy Marples (RETIRED)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Norberto Bensa 2007-07-27 14:09:40 UTC
$ sudo dhcpcd -d -d -t 5 -h venkman -N eth0
Info, eth0: dhcpcd 3.1.1 starting
Info, eth0: hardware address = 00:16:17:b2:be:a1
Info, eth0: DUID = 00:01:00:01:0e:39:1d:a1:00:16:17:b2:be:a1
Info, eth0: broadcasting for a lease
Debug, eth0: sending DHCP_DISCOVER with xid 0x19b70a7e
Debug, eth0: waiting on select for 5 seconds
Debug, eth0: got a packet with xid 0x19b70a7e
Info, eth0: offered 192.168.1.250 from 192.168.1.254
Debug, eth0: sending DHCP_REQUEST with xid 0x19b70a7e
Debug, eth0: waiting on select for 5 seconds
Debug, eth0: got a packet with xid 0x19b70a7e
Info, eth0: checking 192.168.1.250 is available on attached networks
Debug, eth0: sending ARP probe #1
Debug, eth0: sending ARP probe #2
Debug, eth0: sending ARP probe #3
Debug, eth0: sending ARP claim #1
Debug, eth0: sending ARP claim #2
Info, eth0: leased 192.168.1.250 for 14400 seconds
Debug, eth0: renew in 7200 seconds
Debug, eth0: rebind in 12600 seconds
Info, eth0: adding IP address 192.168.1.250/24
Info, eth0: adding default route via 192.168.1.254 metric 0
Debug, eth0: writing /etc/resolv.conf
Debug, eth0: writing /var/lib/dhcpcd/dhcpcd-eth0.info
Debug, eth0: waiting on select for 7200 seconds
Info, eth0: renewing lease of 192.168.1.250
Debug, eth0: sending DHCP_REQUEST with xid 0x41950d85
Debug, eth0: waiting on select for 5400 seconds
Debug, eth0: got a packet with xid 0x41950d85
Segmentation fault


$ sudo emerge --info
Portage 2.1.3_rc9 (default-linux/x86/2007.0/desktop, gcc-4.2.0, glibc-2.6-r0, 2.6.22-gentoo-r1-cfs-v19 i686)
=================================================================
System uname: 2.6.22-gentoo-r1-cfs-v19 i686 Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Gentoo Base System release 1.12.10
Timestamp of tree: Fri, 27 Jul 2007 08:00:01 +0000
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.5.1-r2
dev-python/pycrypto: 2.0.1-r6
sys-apps/sandbox:    1.2.18.1
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.22-r2
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/init.d /etc/revdep-rebuild /etc/splash /etc/terminfo /usr/X11R6/lib/X11/xkb"
CXXFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="distlocks metadata-transfer sandbox sfperms strict unmerge-orphans userpriv usersandbox"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LANG="en_US.UTF-8"
LC_ALL="en_US.UTF-8"
MAKEOPTS="-j5"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/layman/xeffects /usr/portage/local/layman/sunrise /usr/portage/local/layman/vmware /usr/portage/local/zoolook"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="7zip X X509 a52 aac accessibility acl acpi activefilter addbookmarks additions adns aiglx aim akode alias alisp alsa amr ao ares arts artswrappersuid async audiofile autoipd autoreplace avantgo berkdb binfilter blender-game bluetooth branding browserplugin bsf bzip2 cairo canvas caps cdda cddb cdinstall cdparanoia cdr chroot commercial connectionstatus contactnotes cracklib crypt css cups curl custom-cflags custom-flags daap dbus deprecated device-mapper dhcp disk-partition divx divx4linux djbfft dlloader dmi dri dts dv dvb dvd dvdr dvdread dxr3 ecc emovix encode exif expat extensions faad fame fat ffmpeg fftw firefox flac floppyboot fontconfig fping fpx freetype ft fuse gadu gd gdbm gif glib glibc-omitfp glitz glut gmedia gmp gpg2-experimental gpgme gphoto2 gpm graphviz groupwise gs gsm gstreamer gtk gtk2 gtkhtml hal hardware-carrier hfs highlight history howl icq id3 ide idea idn ieee1394 ifp ilbc imagemagick imap imlib insecure-savers ipod irc irda irmc ithreads jabber jack java javascript jfs jingle jpeg jpeg2k js justify kde kdeenablefinal kdepim kipi kqemu krb4 ladspa lame lcms ldap libedit libsamplerate lm_sensors lua lzo lzw-tiff mad madwifi mbrola meanwhile midi mikmod mjpeg mmap mmx mng mod modplug module mono motif mozbranding mozcalendar mozdevelop mozilla mozsvg mp3 mp4 mp4live mpeg mpeg2 mpi mplayer msn mtp multiuser musepack musicbrainz mysql nas ncurses net netboot netmeeting network newspr nfs nis nomalloccheck nowlistening nptl nptlonly nsplugin nss ntfs numeric nvidia obex offensive ogg oggvorbis on-the-fly-crypt openal openexr opengl ortp overlays pam pam_chroot pam_timestamp pccts pch pcre pda pdf perl physfs pic png prediction pulseaudio pwdb python qq qt qt3 qt3support qt4 quicktime radius readline real realmedia reiser4 reiserfs restrict-javascript rle rtc rtsp ruby samba sametime sasl scanner server sftplogging shout silc slang smime sms smtp sndfile sound speex spell sqlite sqlite3 sse sse2 ssl startup-notification statistics stream subtitles svg sysfs syslog system-libvncserver taglib tcl tcltk tcpd teamarena texteffect theora threads tiff timidity tk translator transmitter truetype truetype-fonts ucs2 udev unicode usb userlocales utempter v4l v4l2 vcd vdesktop vditool vdr vidix visualization vorbis vorbis-psy wavpack webpresence wifi win32codecs winpopup wmf wmp wxwindows x264 x86 xanim xattr xcb xcomposite xface xforms xfs xine xml xml2 xorg xpm xprint xscreensaver xsl xv xvid xvmc yahoo yp zephyr zlib" ALSA_CARDS="emu10k1 hda-intel intel8x0 intel8x0m via82xx via82xx-modem atiixp atiixp-modem" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" CAMERAS="adc65 agfa-cl20 aox barbie canon casio clicksmart310 digigr8 digita dimera directory enigma13 fuji gsmart300 hp215 iclick jamcam jd11 kodak konica largan lg_gsm mars minolta mustek panasonic pccam300 pccam600 polaroid ptp2 ricoh samsung sierra sipix smal sonix sonydscf1 sonydscf55 soundvision spca50x sq905 stv0674 stv0680 sx330z template toshiba" ELIBC="glibc" INPUT_DEVICES="evdev keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIRC_DEVICES="all" USERLAND="GNU" VIDEO_CARDS="nvidia"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 Dmitry Karasik 2007-07-27 15:45:01 UTC
It consistently segfaults for me trying to renew the lease. I can reproduce every time by sending SIGALRM to dhcpcd.

Here's a back trace:

#0  0x0805238f in free_route (routes=0x805a310) at interface.c:80
        p = (route_t *) 0x61
        n = (route_t *) 0x61
#1  0x0804e182 in free_dhcp (dhcp=0x805a258) at dhcp.c:419
No locals.
#2  0x0804b232 in dhcp_run (options=0xbf8c8584, pidfd=0xbf8c8560) at client.c:599
        valid = 1
        new_dhcp = (struct dhcp_t *) 0x805a0f0
        iface = (interface_t *) 0x8058008
        mode = 1
        state = 4
        tv = {tv_sec = 2, tv_usec = 996666}
        xid = 322095066
        timeout = 12150
        rset = {fds_bits = {128, 0 <repeats 31 times>}}
        maxfd = 7
        retval = 1
        message = {op = 2 '\002', hwtype = 1 '\001', hwlen = 6 '\006', hwopcount = 1 '\001', xid = 322095066, secs = 0, flags = 0,
  ciaddr = 583408137, yiaddr = 583408137, siaddr = 0, giaddr = 29760009, chaddr = "\000\fv\202°d\000\000\000\000\000\000\000\000\000",
  servername = '\0' <repeats 63 times>, bootfile = '\0' <repeats 127 times>, cookie = 1666417251,
  options = "5\001\0056\004\t\032À(3\004\000\000~\220:\004\000\000?H;\004\000\000n¾\001\004ÿÿÿ\000\034\004\t\032Æÿ\003\004\t\032Æ\001\017\016ottawa.ibm.com\006\b\t\032À(\t\032Ä)ÿ", '\0' <repeats 1141 times>}
        dhcp = (dhcp_t *) 0x805a258
        type = 5
        last_type = 3
        daemonised = true
        start = 934263
        last_send = 934263
        sig = 0
        buffer = (unsigned char *) 0x80590e8 ""
        buffer_len = 340
        buffer_pos = 0
#3  0x080509ad in main (argc=4, argv=0xbf8c9844) at dhcpcd.c:487
        options = {interface = "eth0", '\0' <repeats 11 times>, hostname = "wsdkarasik", '\0' <repeats 53 times>, fqdn = 0,
  classid = "dhcpcd 3.1.1", '\0' <repeats 35 times>, classid_len = 12, clientid = '\0' <repeats 47 times>, clientid_len = 0,
  userclass = '\0' <repeats 254 times>, userclass_len = 0, leasetime = 0, timeout = 20, metric = 0, doarp = true, dodns = true,
  dodomainname = false, dogateway = true, dohostname = 0, domtu = true, donis = true, dontp = true, dolastlease = false, doinform = false,
  dorequest = false, doipv4ll = true, request_address = {s_addr = 0}, request_netmask = {s_addr = 0}, signal = 0, persistent = false,
  keep_address = false, daemonise = true, test = false, script = 0x8055d01 "/etc/dhcpcd.sh",
  pidfile = "/var/run/dhcpcd-eth0.pid", '\0' <repeats 4071 times>}
        doversion = 0
        dohelp = 0
        userclasses = 0
        opt = -1
        option_index = 0
        prefix = "eth0: ", '\0' <repeats 12 times>
        pid = 6858
        debug = 0
        i = 0
        pidfd = 3
        longopts = {{name = 0x8055c2c "arp", has_arg = 0, flag = 0x0, val = 97}, {name = 0x8055c30 "script", has_arg = 1, flag = 0x0,
    val = 99}, {name = 0x8055c37 "debug", has_arg = 0, flag = 0x0, val = 100}, {name = 0x8055c3d "hostname", has_arg = 2, flag = 0x0,
    val = 104}, {name = 0x8055c46 "classid", has_arg = 2, flag = 0x0, val = 105}, {name = 0x8055c4e "release", has_arg = 0, flag = 0x0,
    val = 107}, {name = 0x8055c56 "leasetime", has_arg = 1, flag = 0x0, val = 108}, {name = 0x8055c60 "metric", has_arg = 1, flag = 0x0,
    val = 109}, {name = 0x8055c67 "renew", has_arg = 0, flag = 0x0, val = 110}, {name = 0x8055c6d "persistent", has_arg = 0, flag = 0x0,
    val = 112}, {name = 0x8055c78 "inform", has_arg = 2, flag = 0x0, val = 115}, {name = 0x8055c7f "request", has_arg = 2, flag = 0x0,
    val = 114}, {name = 0x8055c87 "timeout", has_arg = 1, flag = 0x0, val = 116}, {name = 0x8055c8f "userclass", has_arg = 1, flag = 0x0,
    val = 117}, {name = 0x8055c99 "lastlease", has_arg = 0, flag = 0x0, val = 69}, {name = 0x8055ca3 "fqdn", has_arg = 1, flag = 0x0,
    val = 70}, {name = 0x8055ca8 "nogateway", has_arg = 0, flag = 0x0, val = 71}, {name = 0x8055cb2 "sethostname", has_arg = 0, flag = 0x0,
    val = 72}, {name = 0x8055cbe "clientid", has_arg = 2, flag = 0x0, val = 73}, {name = 0x8055cc7 "noipv4ll", has_arg = 0, flag = 0x0,
    val = 76}, {name = 0x8055cd0 "nomtu", has_arg = 0, flag = 0x0, val = 77}, {name = 0x8055cd6 "nontp", has_arg = 0, flag = 0x0, val = 78},
  {name = 0x8055cdc "nodns", has_arg = 0, flag = 0x0, val = 82}, {name = 0x8055ce2 "test", has_arg = 0, flag = 0x0, val = 84}, {
    name = 0x8055ce7 "nonis", has_arg = 0, flag = 0x0, val = 89}, {name = 0x8055ced "help", has_arg = 0, flag = 0xbf8c857c, val = 1}, {
    name = 0x8055cf2 "version", has_arg = 0, flag = 0xbf8c8580, val = 1}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}}
Comment 2 Dmitry Karasik 2007-07-27 16:22:49 UTC
What happens is that the dhcp structure is freed at client.c:505, but pointers are not cleared. Then it is freed again at client.c:599

This patch fixes it for me:

--- client.c.old        2007-07-27 12:17:14.006505915 -0400
+++ client.c    2007-07-27 12:16:47.008361414 -0400
@@ -508,6 +508,7 @@
                                        SOCKET_MODE (SOCKET_OPEN);
                                        SEND_MESSAGE (DHCP_REQUEST);
                                        timeout = dhcp->rebindtime - dhcp->renewaltime;
+                                       memset (dhcp, 0, sizeof (dhcp_t));
                                        state = STATE_REBINDING;
                                        break;
                                case STATE_REBINDING:
Comment 3 Norberto Bensa 2007-07-28 02:57:21 UTC
Patch fixes the problem. Many thanks Dmitry!
Comment 4 Roy Marples (RETIRED) gentoo-dev 2007-07-28 15:29:02 UTC
Created attachment 126236 [details, diff]
Don't free dhcp object on renew

I don't think we should be freeing the object there anyway.
Try this patch instead :)
Comment 5 Norberto Bensa 2007-07-28 18:14:23 UTC
Thanks Roy, your patch works too.
Comment 6 Roy Marples (RETIRED) gentoo-dev 2007-07-31 10:06:04 UTC
Fixed in 3.1.2, thanks