Hi all, I have a dnsmasq running in version 2.89, which sometimes, not always, segfaults on a SIGHUP (reload). This came up while updating dnsmasq from 2.85 to 2.89. The segfault is not reproducible with 2.85, while using the exact same configuration.
I dug a bit through the code and debugged with gdb, but I'm stuck and would appreciate some help. A backtrace shows that the segfault originates from a free called in dhcp_netid_free Thread 3.1 "dnsmasq" received signal SIGHUP, Hangup. [Switching to Thread 0x7ffff7dd7740 (LWP 110698)] 0x00007ffff7ed7800 in poll () from /lib64/libc.so.6 (gdb) c Continuing. Thread 3.1 "dnsmasq" received signal SIGABRT, Aborted. 0x00007ffff7e62e3c in ?? () from /lib64/libc.so.6 (gdb) bt #0 0x00007ffff7e62e3c in ?? () from /lib64/libc.so.6 #1 0x00007ffff7e120da in raise () from /lib64/libc.so.6 #2 0x00007ffff7dfc47c in abort () from /lib64/libc.so.6 #3 0x00007ffff7e56c91 in ?? () from /lib64/libc.so.6 #4 0x00007ffff7e6c91a in ?? () from /lib64/libc.so.6 #5 0x00007ffff7e6e9c8 in ?? () from /lib64/libc.so.6 #6 0x00007ffff7e7119a in free () from /lib64/libc.so.6 #7 0x000055555556ba44 in dhcp_netid_free (nid=0x7ffff7e70074) at option.c:1297 #8 0x000055555556bb17 in dhcp_netid_list_free (netid=0x5555555e4900) at option.c:1328 #9 0x000055555556bb8a in dhcp_config_free (config=0x5555555e4840) at option.c:1346 #10 0x0000555555578e2a in clear_dynamic_conf () at option.c:5661 #11 0x0000555555578ed8 in reread_dhcp () at option.c:5694 #12 0x0000555555587569 in clear_cache_and_reload (now=1685708321) at dnsmasq.c:1725 #13 0x0000555555586d4c in async_event (pipe=13, now=1685708321) at dnsmasq.c:1475 #14 0x000055555558668c in main (argc=5, argv=0x7fffffffe308) at dnsmasq.c:1218 If I look at frame 8, I see that dhcp_netid_free is called with the pointer tmplist->list of the type dhcp_netid (gdb) f 8 #8 0x000055555556bb17 in dhcp_netid_list_free (netid=0x5555555e4900) at option.c:1328 1328 dhcp_netid_free(tmplist->list); dhcp_netid_free then tries to free the net field, which has an invalid pointer: (gdb) f 7 #7 0x000055555556ba44 in dhcp_netid_free (nid=0x7ffff7e70074) at option.c:1297 1297 free(tmp->net); (gdb) p tmp->net $14 = 0x7fff00000018 <error: Cannot access memory at address 0x7fff00000018> As this is not happening on every SIGHUP and starting dnsmasq always works, I'm tempted to think that the pointer is changed at runtime. I also wasn't able to reproduce this locally, but only in an environment where dnsmasq actually serves requests. Ideas on why this could happen or how to further approach this are very welcome. Cheers Felix _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
