Re: [Dnsmasq-discuss] A segmentation fault occurred in dnsmasq

Sun, 28 Jul 2024 02:30:09 -0700 

Hi,
have you tried whether the most recent master commit PLUS the patch submitted by Erik Karlsson on April 29 fixes the issue as well? See https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q2/017561.html 


Concerning your observation about not crashing after adding a print 
statement: This is pretty common when you are compiling any project with 
optimizations enabled as printing variable contents prevents a few 
optimizations from happening causing the actual machine code realization 
to be quite different. Rather often this is sufficient to prevent 
certain bugs from showing up.


Best,
Dominik

On 28.07.24 10:19, renmingshuai via Dnsmasq-discuss wrote:


Hi,

I have a problem with a Segmentation fault. The log is as follows:


024-07-24T17:06:00.540592+08:00 info kernel[-][25317.980044] 
dnsmasq[597243]: segfault at 9 ip 000015257897bObe sp 00007fffba533380 
error 4 in libc.so.6 15257890c000+1710001



This Segmentation fault is triggered when dnsmasq clears dynamic 
config in the reload phase. The coredump is as follows:


[New LWP 2925451]

[Thread debugging using libthread_db enabled]

Using host libthread_db library "/usr/lib64/libthread_db.so.1".


Core was generated by `dnsmasq --no-hosts --no-resolv 
--pid-file=/var/lib/neutron/dhcp/d7435322-bf42-4'.


Program terminated with signal SIGSEGV, Segmentation fault.

#0  0x0000151e5168b0be in free () from /usr/lib64/libc.so.6

(gdb) bt

#0  0x0000151e5168b0be in free () from /usr/lib64/libc.so.6


#1  0x00005651025a08f0 in dhcp_netid_free (nid=0xc08b255501ae7f00) at 
option.c:1022


#2  dhcp_netid_list_free (netid=0x0) at option.c:1053

#3  dhcp_config_free (config=0x565104124bc0) at option.c:1071

#4  0x00005651025aa011 in clear_dynamic_conf () at option.c:5204

#5  reread_dhcp () at option.c:5245


#6  0x00005651025b2c53 in clear_cache_and_reload (now=1722067132) at 
dnsmasq.c:1699



#7  0x00005651025960ac in async_event (now=1722067132, pipe=15) at 
dnsmasq.c:1449


#8  main (argc=<optimized out>, argv=<optimized out>) at dnsmasq.c:1192

(gdb)

I also reproduced the issue on the latest dnsmasq.


I created multiple namespaces and ran dnsmasq in each namespace. The 
dnsmasq run parameters are as follows: (The path varies according to 
the dnsmasq process parameter.)



dnsmasq --no-hosts --no-resolv 
--pid-file=/var/lib/neutron/dhcp/d7435322-bf42-48a6-b95d-015e2953ff5f/pid 
--dhcp-hostsfile=/var/lib/neutron/dhcp/d7435322-bf42-48a6-b95d-015e2953ff5f/host 
--addn-hosts=/var/lib/neutron/dhcp/d7435322-bf42-48a6-b95d-015e2953ff5f/addn_hosts 
--dhcp-optsfile=/var/lib/neutron/dhcp/d7435322-bf42-48a6-b95d-015e2953ff5f/opts 
--dhcp-leasefile=/var/lib/neutron/dhcp/d7435322-bf42-48a6-b95d-015e2953ff5f/leases 
--dhcp-match=set:ipxe,175 --dhcp-userclass=set:ipxe6,iPXE 
--local-service --bind-dynamic --enable-ra 
--ra-param=tap75e693e7-82,0,0 
--dhcp-range=set:subnet-bcf0c6db-49ad-42e4-9651-a98c1d7ede7e,fc52:152:42:100::,ra-stateless,64,infinite 
--dhcp-lease-max=16777216 --conf-file=/etc/neutron/dnsmasq.conf 
--domain=openstacklocal



The issue does not reproduce the issue before the committe 10d8b5f001, 
and it does not reproduce the issue when I rollback 10d8b5f001 in the 
latest version.



Commit 10d8b5f001 removes duplicate code and replaces free 
(list->list) with dhcp_netid_free(tmplist->list).


Before:

clear_dynamic_conf

         for (list = configs->netid; list; list = tmplist)

             {

free(list->list);

               tmplist = list->next;

free(list);

             }

NOW:

clear_dynamic_conf

dhcp_config_free

dhcp_netid_list_free

while (netid)

{

struct dhcp_netid_list *tmplist = netid;

netid = netid->next;

dhcp_netid_free(tmplist->list);

free(tmplist);

}

Recurrence operation:

The following method may be used to reproduce the problem.


Keep adding new stuff to the optsfile and reload dnsmasq. This problem 
recurs when about 300 contents are added.


However, this problem does not recur on each host.


There is another strange phenomenon. When I add logs as follow, the 
problem cannot be reproduced:


diff --git a/src/option.c b/src/option.c

index f4ff7c0..958b761 100644

--- a/src/option.c

+++ b/src/option.c

@@ -1329,6 +1329,7 @@ static void dhcp_netid_free(struct dhcp_netid *nid)

     {

       struct dhcp_netid *tmp = nid;

       nid = nid->next;

+      my_syslog(MS_DHCP | LOG_INFO, "=====tmp->net=%p\n", tmp->net);

free(tmp->net);

       free(tmp);

     }


_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss






















					Reply via email to