Re: DHCPCD crashed with segfault when trying to add PPP host route in other interfaces
Roy Marples
Tue Dec 31 14:05:41 2019
Hi
On 31/12/2019 04:07, Hiroki Takeuchi wrote:
I'm using debian/ubuntu variant of DHCPCD 7.1.0 patched with
https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7&id=75f2832a88b8f5a3078179404b149b7cd9623dbf
However, I noticed sometimes it still crashes with a segfault. I am able to
reproduce the problem under gdb. Here's the stack trace:
#0 sa_in_init (sa=sa@entry=0x5555557c9210, addr=0x10) at sa.c:438
#1 0x000055555557b33f in inet_routerhostroute (routes=0x7fffffffcf80,
ifp=0x5555557c5330) at ipv4.c:418
#2 inet_getroutes (ctx=ctx@entry=0x7fffffffe090,
routes=routes@entry=0x7fffffffcf80) at ipv4.c:438
#3 0x000055555556c4b3 in rt_build (ctx=0x7fffffffe090, af=af@entry=2) at
route.c:515
#4 0x000055555557bd5b in ipv4_applyaddr (arg=arg@entry=0x5555557a7510) at
ipv4.c:761
#5 0x0000555555576508 in dhcp_bind (ifp=ifp@entry=0x5555557a7510) at dhcp.c:2340
#6 0x000055555557682b in dhcp_arp_bind (ifp=0x5555557a7510) at dhcp.c:2451
#7 dhcp_static (ifp=ifp@entry=0x5555557a4010) at dhcp.c:2481
#8 0x000055555557a028 in dhcp_start1 (arg=0x5555557a4010,
arg@entry=0x5555557a7510) at dhcp.c:3697
#9 0x000055555557a9f0 in dhcp_start (ifp=0x5555557a7510) at dhcp.c:3871
#10 0x000055555556155c in dhcpcd_startinterface (arg=0x5555557a7510) at dhcpcd.c:921
#11 0x0000555555561881 in reconf_reboot (action=1, argc=3, argv=0x7fffffffd390,
oi=2, ctx=<optimized out>) at dhcpcd.c:1219
#12 0x00005555555627de in dhcpcd_handleargs (ctx=0x7fffffffe090,
fd=fd@entry=0x5555557bcd90, argc=argc@entry=3, argv=argv@entry=0x7fffffffd390)
at dhcpcd.c:1477
#13 0x000055555555f5ba in control_handle_data (arg=0x5555557bcd90) at control.c:143
#14 0x0000555555563aab in eloop_start (eloop=0x5555557b6340,
signals=0x7fffffffe198) at eloop.c:978
#15 0x000055555555e36b in main (argc=<optimized out>, argv=<optimized out>) at
dhcpcd.c:2024
As noticed, sa_in_init second parameter addr is 0x10 which is odd, I am guessing
it is reading a null-pointed structure offset. Hence, I printed the "state" in
the frame for inet_routerhostroute.
{state = DHS_DISCOVER, sent = 0x0, sent_len = 0, offer = 0x0, offer_len = 0, new
= 0x0, new_len = 0, old = 0x0, old_len = 0, lease = {addr = {s_addr = 0}, mask =
{s_addr = 0}, brd = {s_addr = 0}, leasetime = 0, renewaltime = 0, rebindtime =
0, server = {s_addr = 0}, frominfo = 0 '\000', cookie = 0}, reason =
0x55555558f32d "PREINIT", interval = 16, nakoff = 0, xid = 3583177864, socket =
0, bpf_fd = 14, bpf_flags = 0, addr = 0x0, added = 0 '\000', leasefile =
"/var/lib/dhcpcd/eno1.lease", '\000' <repeats 144 times>, started = {tv_sec =
605530, tv_nsec = 82764151}, clientid = 0x5555557c03f0 "\017\377}\377",
<incomplete sequence \305>, auth = {replay = 0, token = 0x0, reconf = 0x0},
arping_index = -1}
As expected, state->addr is NULL. In my environment, eno1 (which is the ifp it
crashes), it has an IP address which I added to it manually. Referencing
ipv4_hasaddr, I guess dhcp_state addr may be NULL if ifp haven't acquire a
lease, kindly correct me if I am wrong. If that is the case, I can merely make
the following changes inet_routerhostroute to address this issue.
if ((state = D_CSTATE(ifp)) == NULL)
continue;
to
if ((state = D_CSTATE(ifp)) == NULL || state->addr == NULL)
continue;
Is there any other things that need to be noticed or suggestions to fix this
issue? Thanks!
Well, dhcpcd thinks we need the host route still.
We really only need the lease address to specify the source address of the
route. We don't really need that part so I've pushed a fix here which should fix
the problem:
https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7&id=8d7414a6d80f54ca82887e3dbb05fed9b568a9a8
Please let me know!
Roy
Archive administrator: postmaster@marples.name