NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Re: bin/59046: dhcpd issue

The following reply was made to PR bin/59046; it has been noted by GNATS.

From: 6bone%6bone.informatik.uni-leipzig.de@localhost
To: Christos Zoulas <christos%zoulas.com@localhost>
Cc: gnats-bugs%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
Subject: Re: Re: bin/59046: dhcpd issue
Date: Wed, 12 Feb 2025 14:42:09 +0100 (CET)

 With the additional switches, the error occurs immediately after startup. 
 The immediate crash is reproducible.
 
 Internet Systems Consortium DHCP Server 4.4.2
 Copyright 2004-2022 Internet Systems Consortium.
 All rights reserved.
 For info, please visit https://www.isc.org/software/dhcp/
 Config file: /etc/dhcpd6.conf
 Database file: /var/db/dhcpd6.leases
 PID file: dhcpd6.pid
 Wrote 5 NA, 0 TA, 0 PD leases to lease file.
 Bound to *:547
 Listening on Socket/53/lagg0/2001:638:902:1::/64
 Sending on   Socket/53/lagg0/2001:638:902:1::/64
 /usr/src/external/mpl/dhcp/bin/server/../../dist/server/mdb6.c(2045): NULL pointer
 /usr/src/external/mpl/dhcp/bin/server/../../dist/server/mdb6.c(2074): negative refcnt
 /usr/src/external/mpl/dhcp/bin/server/../../dist/server/mdb6.c(2074): freeing unknown memory: 70e1993bb6c0
 
 gdb output:
 
 This GDB was configured as "x86_64--netbsd".
 Type "show configuration" for configuration details.
 For bug reporting instructions, please see:
 <https://www.gnu.org/software/gdb/bugs/>.
 Find the GDB manual and other documentation resources online at:
      <http://www.gnu.org/software/gdb/documentation/>.
 
 For help, type "help".
 Type "apropos word" to search for commands related to "word"...
 Reading symbols from /usr/obj/external/mpl/dhcp/bin/server/dhcpd...
 [New process 13930]
 [New process 3448]
 [New process 26971]
 [New process 4688]
 [New process 15302]
 [New process 11937]
 [New process 14605]
 [New process 11483]
 [New process 21633]
 [New process 16858]
 [New process 27887]
 [New process 22524]
 [New process 4051]
 Core was generated by `dhcpd'.
 Program terminated with signal SIGABRT, Aborted.
 #0  0x000070e19677eeea in _lwp_kill () from /usr/lib/libc.so.12
 [Current thread is 1 (process 13930)]
 #0  0x000070e19677eeea in _lwp_kill () from /usr/lib/libc.so.12
 #1  0x000070e1967846e0 in abort () from /usr/lib/libc.so.12
 #2  0x000000012d2971f3 in dfree (ptr=<optimized out>, file=<optimized out>,
      line=<optimized out>)
      at /usr/src/external/mpl/dhcp/lib/omapip/../../dist/omapip/alloc.c:169
 #3  0x000000012d2536d0 in iasubopt_dereference (
      iasubopt=iasubopt@entry=0x70e1911f57b8,
      file=file@entry=0x12d45c928 "/usr/src/external/mpl/dhcp/bin/server/../../dist/server/mdb6.c", line=line@entry=2074)
      at /usr/src/external/mpl/dhcp/bin/server/../../dist/server/mdb6.c:307
 #4  0x000000012d255a0b in cleanup_old_expired (pool=0x70e19b637f80)
      at /usr/src/external/mpl/dhcp/bin/server/../../dist/server/mdb6.c:2074
 #5  lease_timeout_support (vpool=0x70e19b637f80)
      at /usr/src/external/mpl/dhcp/bin/server/../../dist/server/mdb6.c:2120
 #6  0x000000012d25c79f in isclib_timer_callback (taskp=<optimized out>,
      eventp=<optimized out>)
      at /usr/src/external/mpl/dhcp/lib/common/../../dist/common/dispatch.c:181
 #7  0x000000012d42749b in task_run (task=0x70e19b6375a0)
      at /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/task.c:861
 #8  isc_task_run (task=0x70e19b6375a0)
      at /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/task.c:955
 #9  0x000000012d41e2c0 in isc__nm_async_task (worker=0x70e19b3b6d90,
      ev0=0x70e198b7b000)
      at /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/netmgr/netmgr.c:883
 #10 process_netievent (worker=worker@entry=0x70e19b3b6d90,
      ievent=0x70e198b7b000)
      at /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/netmgr/netmgr.c:955
 #11 0x000000012d41e97e in process_queue (worker=worker@entry=0x70e19b3b6d90,
      type=type@entry=NETIEVENT_TASK)
      at /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/netmgr/netmgr.c:1021
 #12 0x000000012d41f2ed in process_all_queues (worker=0x70e19b3b6d90)
      at 
 /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/netmgr/netmgr.c:796
 #13 async_cb (handle=0x70e19b3b70c8)
      at /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/netmgr/netmgr.c:825
 #14 0x000000012d44c32c in ?? ()
 #15 0x000000012d44195c in uv.io_poll ()
 #16 0x000000012d4499d4 in uv_run ()
 #17 0x000000012d41ebee in nm_thread (worker0=0x70e19b3b6d90)
      at /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/netmgr/netmgr.c:727
 #18 0x000000012d439193 in isc__trampoline_run (arg=0x70e19b66d820)
      at /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/trampoline.c:215
 #19 0x000070e19ac0c89f in ?? () from /usr/lib/libpthread.so.1
 #20 0x000070e1966930e0 in ?? () from /usr/lib/libc.so.12
 #21 0x0000000000200000 in ?? ()
 #22 0x0000000000000000 in ?? ()
 
 
 Best Regards
 Uwe
 
 
 On Tue, 11 Feb 2025, Christos Zoulas wrote:
 
 > On 2025-02-11 6:27 am, 6bone%6bone.informatik.uni-leipzig.de@localhost wrote:
 >
 > Seems to be dying elsewhere now (in mdb6.c). So something is corrupting 
 > memory.
 > This code is just too complicated. Lets try to build with all the memory 
 > debugging
 > it provides to see if it can detect the problem itself. Can you build with:
 > -DDEBUG_MEMORY_LEAKAGE) -DDEBUG_MALLOC_POOL) -DDEBUG_MEMORY_LEAKAGE_ON_EXIT 
 > -DDEBUG_MALLOC_POOL_EXHAUSTIVELY
 >
 > and see if that get's us somewhere? If that does not work, we could try 
 > -fsanitize=memory...
 >
 > christos
 >
Home | Main Index | Thread Index | Old Index