dhcpcd-discuss

Home Other Lists Thread Index Date Index Search
Thread Prev Thread Next Date Prev Date Next Thread Index Date Index

Re: segmentation fault on interface state change

Roy Marples

Tue Mar 27 22:14:40 2018
Hi Klemens

On 27/03/2018 20:32, Klemens Nanni wrote:

Running dhcpcd on OpenBSD -CURRENT for stateless DHCPv6 to configure DNS,
both 7.0.1 and 7.0.2 dump core whenever my egress interface goes up after being
down, that is everytime I resume/suspend, switch wifi on/off, etc.

Versions and configuration:

	# sysctl kern.version
	kern.version=OpenBSD 6.3 (GENERIC.MP) #92: Wed Mar 21 15:23:36 MDT 2018
	    deraadt@xxxxxxxxxxxxxxxxx:/usr/src/sys/arch/amd64/compile/GENERIC.MP
	
	# dhcpcd --version
	dhcpcd 7.0.2
	Copyright (c) 2006-2018 Roy Marples
	Compiled in features: INET ARP ARPing IPv4LL INET6 DHCPv6 AUTH
	# cat /etc/dhcpcd.conf
	background
	ipv6only
	ipv6ra_fork
	ipv6ra_noautoconf
	option  domain_name domain_name_servers domain_search
	require domain_name_servers
	# rcctl get dhcpcd flags
	trunk0

Reproduction (note how the first `ifconfig' does not trigger it):

	# ifconfig trunk0 down up
	# rcctl check dhcpcd
	dhcpcd(ok)
	# ifconfig trunk0 down ; ifconfig trunk0 up
	# rcctl check dhcpcd
	dhcpcd(failed)

Analysis (compiled with `-g3 -ggdb'):

	# egdb -se $(which dhcpcd) -c /dhcpcd.core
	GNU gdb (GDB) 7.12.1
	[...]
	Reading symbols from /usr/local/sbin/dhcpcd...done.
	[New process 586556]
	Core was generated by `dhcpcd'.
	Program terminated with signal SIGSEGV, Segmentation fault.
	#0  0x0000139685c3f269 in dhcp6_handleifa (cmd=12, ia=0x13990027ac00, pid=0) at dhcp6.c:3895
	3895                ifp->options->options & DHCPCD_DHCP6 &&
	(gdb) p ifp->options
	$1 = (struct if_options *) 0x0
	(gdb) bt
	#0  0x0000139685c3f269 in dhcp6_handleifa (cmd=12, ia=0x13990027ac00, pid=0) at dhcp6.c:3895
	#1  0x0000139685c35cf6 in ipv6_handleifa (ctx=0x7f7ffffe5e48, cmd=12, ifs=0x139911d75000, ifname=0x1398d72e9fed "trunk0", addr=0x1398d72e9e90, prefix_len=64 '@', addrflags=0, pid=0)
	    at ipv6.c:1179
	#2  0x0000139685c0c418 in if_learnaddrs (ctx=0x7f7ffffe5e48, ifs=0x139911d75000, ifaddrs=0x7f7ffffe5ab8) at if.c:274
	#3  0x0000139685c040c9 in dhcpcd_handleinterface (arg=0x7f7ffffe5e48, action=0, ifname=0x139970f7df18 "trunk0") at dhcpcd.c:1016
	#4  0x0000139685c03b6a in dhcpcd_handlecarrier (ctx=0x7f7ffffe5e48, carrier=1, flags=34818, ifname=0x139970f7df18 "trunk0") at dhcpcd.c:739
	#5  0x0000139685c221a0 in if_ifinfo (ctx=0x7f7ffffe5e48, ifm=0x139908953a00) at if-bsd.c:965
	#6  0x0000139685c218db in if_dispatch (ctx=0x7f7ffffe5e48, rtm=0x139908953a00) at if-bsd.c:1199
	#7  0x0000139685c2181e in if_handlelink (ctx=0x7f7ffffe5e48) at if-bsd.c:1235
	#8  0x0000139685c0519d in dhcpcd_handlelink (arg=0x7f7ffffe5e48) at dhcpcd.c:1035
	#9  0x0000139685c0a68b in eloop_start (eloop=0x1398e9fc6a00, signals=0x7f7ffffe5f58) at eloop.c:963
	#10 0x0000139685c079ed in main (argc=2, argv=0x7f7ffffe61c8) at dhcpcd.c:1994

I have yet to look into this actually, but my time is limited. Feel free
to hit me with the clue-stick, I can also test other setups in order to
fix this.


Oh wow, this is totally my fault.
My testing on OpenBSD and FreeBSD is only on VMs with one interface which is hard to take up and down without losing connection to it so I haven't tested that in such a long time!
This time, conneting via console to the VM over VNC I can easily replicate it. 

Fixed here:
https://roy.marples.name/git/dhcpcd.git/commit/?id=fc7b79180448deedf5550d3c03a8ef0e66ad293d

Thanks for the report!

Roy
References:
segmentation fault on interface state changeKlemens Nanni
Archive administrator: postmaster@marples.name