BUG: dhcpcd 6.3.1 crashes after an interface signals carrier detection.
Sergey Kvachonok
Thu Mar 06 08:03:22 2014
dhcpcd repeatably crashed on my systemd system when lan0 went up.
The core dump retrieved from journald looks like this:
Core was generated by `/sbin/dhcpcd -q -B'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000000000000000e in ?? ()
(gdb) bt
#0 0x000000000000000e in ?? ()
#1 0x00007f2cbc0c2e8c in udev_handle_device (ctx=0x7fffe9609c20) at udev.c:95
#2 0x0000000000406de5 in eloop_start (dctx=dctx@entry=0x7fffe9609c20) at eloop.c:398
#3 0x00000000004032a1 in main (argc=<optimized out>, argv=0x7fffe9609ef8) at dhcpcd.c:1504
Brief investigation showed that the udev plugin initialization routine
was storing a pointer to the temporary storage (see dev.c) which caused a crash
when referencing it from another context.
I used the patch shown below to temporarily fix it:
==== PATCH ====
diff --git a/dev/udev.c b/dev/udev.c
index 57c27cd..2c6b9ea 100644
--- a/dev/udev.c
+++ b/dev/udev.c
@@ -44,7 +44,7 @@ static const char udev_name[]="udev";
static struct udev *udev;
static struct udev_monitor *monitor;
-static const struct dev_dhcpcd *dhcpcd;
+static struct dev_dhcpcd dhcpcd;
static int
udev_listening(void)
@@ -92,9 +92,9 @@ udev_handle_device(void *ctx)
if (strcmp(subsystem, "net") == 0) {
syslog(LOG_DEBUG, "%s: libudev: %s", ifname, action);
if (strcmp(action, "add") == 0 || strcmp(action, "move") == 0)
- dhcpcd->handle_interface(ctx, 1, ifname);
+ dhcpcd.handle_interface(ctx, 1, ifname);
else if (strcmp(action, "remove") == 0)
- dhcpcd->handle_interface(ctx, -1, ifname);
+ dhcpcd.handle_interface(ctx, -1, ifname);
}
udev_device_unref(device);
@@ -173,7 +173,7 @@ dev_init(struct dev *dev, const struct dev_dhcpcd *dev_dhcpcd)
dev->stop = udev_stop;
dev->start = udev_start;
- dhcpcd = dev_dhcpcd;
+ dhcpcd = *dev_dhcpcd;
return 0;
}
Archive administrator: postmaster@marples.name