[Dnsmasq-discuss] A segmentation fault occurred in dnsmasq

Dominik Derigs dl6er at dl6er.de
Sun Jul 28 09:23:56 UTC 2024 

Hi,

have you tried whether the most recent master commit PLUS the patch 
submitted by Erik Karlsson on April 29 fixes the issue as well?
See 
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q2/017561.html

Concerning your observation about not crashing after adding a print 
statement: This is pretty common when you are compiling any project with 
optimizations enabled as printing variable contents prevents a few 
optimizations from happening causing the actual machine code realization 
to be quite different. Rather often this is sufficient to prevent 
certain bugs from showing up.

Best,
Dominik

On 28.07.24 10:19, renmingshuai via Dnsmasq-discuss wrote:
>
> Hi,
>
> I have a problem with a Segmentation fault. The log is as follows:
>
> 024-07-24T17:06:00.540592+08:00 info kernel[-][25317.980044] 
> dnsmasq[597243]: segfault at 9 ip 000015257897bObe sp 00007fffba533380 
> error 4 in libc.so.6 15257890c000+1710001
>
> This Segmentation fault is triggered when dnsmasq clears dynamic 
> config in the reload phase. The coredump is as follows:
>
> [New LWP 2925451]
>
> [Thread debugging using libthread_db enabled]
>
> Using host libthread_db library "/usr/lib64/libthread_db.so.1".
>
> Core was generated by `dnsmasq --no-hosts --no-resolv 
> --pid-file=/var/lib/neutron/dhcp/d7435322-bf42-4'.
>
> Program terminated with signal SIGSEGV, Segmentation fault.
>
> #0  0x0000151e5168b0be in free () from /usr/lib64/libc.so.6
>
> (gdb) bt
>
> #0  0x0000151e5168b0be in free () from /usr/lib64/libc.so.6
>
> #1  0x00005651025a08f0 in dhcp_netid_free (nid=0xc08b255501ae7f00) at 
> option.c:1022
>
> #2  dhcp_netid_list_free (netid=0x0) at option.c:1053
>
> #3  dhcp_config_free (config=0x565104124bc0) at option.c:1071
>
> #4  0x00005651025aa011 in clear_dynamic_conf () at option.c:5204
>
> #5  reread_dhcp () at option.c:5245
>
> #6  0x00005651025b2c53 in clear_cache_and_reload (now=1722067132) at 
> dnsmasq.c:1699
>
> #7  0x00005651025960ac in async_event (now=1722067132, pipe=15) at 
> dnsmasq.c:1449
>
> #8  main (argc=<optimized out>, argv=<optimized out>) at dnsmasq.c:1192
>
> (gdb)
>
> I also reproduced the issue on the latest dnsmasq.
>
> I created multiple namespaces and ran dnsmasq in each namespace. The 
> dnsmasq run parameters are as follows: (The path varies according to 
> the dnsmasq process parameter.)
>
> dnsmasq --no-hosts --no-resolv 
> --pid-file=/var/lib/neutron/dhcp/d7435322-bf42-48a6-b95d-015e2953ff5f/pid 
> --dhcp-hostsfile=/var/lib/neutron/dhcp/d7435322-bf42-48a6-b95d-015e2953ff5f/host 
> --addn-hosts=/var/lib/neutron/dhcp/d7435322-bf42-48a6-b95d-015e2953ff5f/addn_hosts 
> --dhcp-optsfile=/var/lib/neutron/dhcp/d7435322-bf42-48a6-b95d-015e2953ff5f/opts 
> --dhcp-leasefile=/var/lib/neutron/dhcp/d7435322-bf42-48a6-b95d-015e2953ff5f/leases 
> --dhcp-match=set:ipxe,175 --dhcp-userclass=set:ipxe6,iPXE 
> --local-service --bind-dynamic --enable-ra 
> --ra-param=tap75e693e7-82,0,0 
> --dhcp-range=set:subnet-bcf0c6db-49ad-42e4-9651-a98c1d7ede7e,fc52:152:42:100::,ra-stateless,64,infinite 
> --dhcp-lease-max=16777216 --conf-file=/etc/neutron/dnsmasq.conf 
> --domain=openstacklocal
>
> The issue does not reproduce the issue before the committe 10d8b5f001, 
> and it does not reproduce the issue when I rollback 10d8b5f001 in the 
> latest version.
>
> Commit 10d8b5f001 removes duplicate code and replaces free 
> (list->list) with dhcp_netid_free(tmplist->list).
>
> Before:
>
> clear_dynamic_conf
>
>          for (list = configs->netid; list; list = tmplist)
>
>              {
>
> free(list->list);
>
>                tmplist = list->next;
>
> free(list);
>
>              }
>
> NOW:
>
> clear_dynamic_conf
>
> dhcp_config_free
>
> dhcp_netid_list_free
>
> while (netid)
>
> {
>
> struct dhcp_netid_list *tmplist = netid;
>
> netid = netid->next;
>
> dhcp_netid_free(tmplist->list);
>
> free(tmplist);
>
> }
>
> Recurrence operation:
>
> The following method may be used to reproduce the problem.
>
> Keep adding new stuff to the optsfile and reload dnsmasq. This problem 
> recurs when about 300 contents are added.
>
> However, this problem does not recur on each host.
>
> There is another strange phenomenon. When I add logs as follow, the 
> problem cannot be reproduced:
>
> diff --git a/src/option.c b/src/option.c
>
> index f4ff7c0..958b761 100644
>
> --- a/src/option.c
>
> +++ b/src/option.c
>
> @@ -1329,6 +1329,7 @@ static void dhcp_netid_free(struct dhcp_netid *nid)
>
>      {
>
>        struct dhcp_netid *tmp = nid;
>
>        nid = nid->next;
>
> +      my_syslog(MS_DHCP | LOG_INFO, "=====tmp->net=%p\n", tmp->net);
>
> free(tmp->net);
>
>        free(tmp);
>
>      }
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20240728/64069c5c/attachment-0001.htm>

More information about the Dnsmasq-discuss mailing list