NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: bin/57476: dhcpd dumps core
The following reply was made to PR bin/57476; it has been noted by GNATS.
From: Martin Husemann <martin%duskware.de@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc:
Subject: Re: bin/57476: dhcpd dumps core
Date: Sun, 10 Sep 2023 11:07:48 +0200
I saw my added printf triggering and got another crash in
lookup_hashed_option() :
hashix = compute_option_hash (code);
for (bptr = hash [hashix]; bptr; bptr = bptr -> cdr) {
>>>> if (((struct option_cache *)(bptr -> car)) -> option -> code ==
code)
return (struct option_cache *)(bptr -> car);
}
again with bptr -> car == NULL:
#1 0x000000000b960ddc in lookup_option (code=<optimized out>,
options=0xfb0d4de0d160, universe=0xba06e98 <dhcp_universe>)
at /work/src-10/external/mpl/dhcp/lib/common/../../dist/common/options.c:2475
2475 in /work/src-10/external/mpl/dhcp/lib/common/../../dist/common/options.c
(gdb) list
2470 in /work/src-10/external/mpl/dhcp/lib/common/../../dist/common/options.c
(gdb) dow
#0 0x000000000b95ec68 in lookup_hashed_option (universe=<optimized out>,
options=<optimized out>, code=59)
at /work/src-10/external/mpl/dhcp/lib/common/../../dist/common/options.c:2500
2500 in /work/src-10/external/mpl/dhcp/lib/common/../../dist/common/options.c
(gdb) p bptr
$1 = (pair) 0xfb0d4de011b0
(gdb) p *bptr
$2 = {car = 0x0, cdr = 0xfb0d4de01480}
full bt:
(gdb) bt
#0 0x000000000b95ec68 in lookup_hashed_option (universe=<optimized out>,
options=<optimized out>, code=59)
at /work/src-10/external/mpl/dhcp/lib/common/../../dist/common/options.c:2500
#1 0x000000000b960ddc in lookup_option (code=<optimized out>,
options=0xfb0d4de0d160, universe=0xba06e98 <dhcp_universe>)
at /work/src-10/external/mpl/dhcp/lib/common/../../dist/common/options.c:2475
#2 store_options (ocount=0xfb0d4b7e3874, ocount@entry=0xfb0d4b7e5204,
buffer=0xfb0d4b7e4144 "5\001\002\066\004\300\250\226\274\063\004",
buffer@entry=0xfb0d4b7e4140 "c\202Sc5\001\002\066\004\300\250\226\274\063\004", index=index@entry=4, buflen=1424, packet=packet@entry=0xfb0d4de0f000,
lease=lease@entry=0xfb0d4ff61430, client_state=client_state@entry=0x0,
in_options=in_options@entry=0xfb0d4de0d0f0, cfg_options=0xfb0d4de0d160,
scope=0xba07450 <global_scope>, scope@entry=0xfb0d4b7e5210,
priority_list=<optimized out>, priority_list@entry=0xfb0d4b7e3c90,
priority_len=<optimized out>, priority_len@entry=21,
first_cutoff=<optimized out>, second_cutoff=<optimized out>,
second_cutoff@entry=1364, terminate=0,
terminate@entry=<error reading variable: Cannot access memory at address 0xfb0d4b7e6ad8>, vuname=0x0,
vuname@entry=<error reading variable: Cannot access memory at address 0xfb0d4b7e6af0>)
at /work/src-10/external/mpl/dhcp/lib/common/../../dist/common/options.c:1364
#3 0x000000000b9619a8 in cons_options (inpacket=0xfb0d4de0f000,
outpacket=0xfb0d502ba16c <_vsprintf_l+108>,
outpacket@entry=0xfb0d4b7e5230, lease=lease@entry=0xfb0d4ff61430,
client_state=client_state@entry=0x0, mms=<optimized out>,
in_options=0xfb0d4de0d0f0, cfg_options=<optimized out>,
scope=0xfb0d4b7e5210, overload_avail=<optimized out>,
overload_avail@entry=3, terminate=<optimized out>, bootpp=<optimized out>,
prl=<optimized out>, prl@entry=0xfb0d4d3be028, vuname=<optimized out>,
vuname@entry=0x0)
at /work/src-10/external/mpl/dhcp/lib/common/../../dist/common/options.c:827
#4 0x000000000b9111a0 in dhcp_reply (lease=0xfb0d4ff61430)
at /work/src-10/external/mpl/dhcp/bin/server/../../dist/server/dhcp.c:3973
#5 0x000000000b94c060 in isclib_timer_callback (taskp=<optimized out>,
eventp=<optimized out>)
at /work/src-10/external/mpl/dhcp/lib/common/../../dist/common/dispatch.c:181
#6 0x0000fb0d51033330 in task_run (task=0xfb0d50daab40)
at /work/src-10/external/mpl/bind/lib/libisc/../../dist/lib/isc/task.c:861
#7 isc_task_run (task=0xfb0d50daab40)
at /work/src-10/external/mpl/bind/lib/libisc/../../dist/lib/isc/task.c:955
#8 0x0000fb0d5102a18c in isc__nm_async_task (worker=0xfb0d5066e168,
ev0=0xfb0d4d36ef20)
at /work/src-10/external/mpl/bind/lib/libisc/../../dist/lib/isc/netmgr/netmgr.c:873
#9 process_netievent (worker=worker@entry=0xfb0d5066e168,
ievent=0xfb0d4d36ef20)
at /work/src-10/external/mpl/bind/lib/libisc/../../dist/lib/isc/netmgr/netmgr.c:945
#10 0x0000fb0d5102a530 in process_queue (worker=worker@entry=0xfb0d5066e168,
type=type@entry=NETIEVENT_TASK)
at /work/src-10/external/mpl/bind/lib/libisc/../../dist/lib/isc/netmgr/netmgr.c:1011
#11 0x0000fb0d5102ae30 in process_all_queues (worker=0xfb0d5066e168)
at /work/src-10/external/mpl/bind/lib/libisc/../../dist/lib/isc/netmgr/netmgr.c:792
#12 async_cb (handle=0xfb0d5066e498)
at /work/src-10/external/mpl/bind/lib/libisc/../../dist/lib/isc/netmgr/netmgr.c:821
#13 0x0000fb0d5105646c in uv__async_io (loop=0xfb0d5066e178,
w=<optimized out>, events=<optimized out>)
at /work/src-10/external/mit/libuv/lib/../dist/src/unix/async.c:163
#14 0x0000fb0d5104b758 in uv__io_poll (loop=loop@entry=0xfb0d5066e178,
timeout=<optimized out>)
at /work/src-10/external/mit/libuv/lib/../dist/src/unix/kqueue.c:390
#15 0x0000fb0d51053928 in uv_run (loop=loop@entry=0xfb0d5066e178,
mode=mode@entry=UV_RUN_DEFAULT)
at /work/src-10/external/mit/libuv/lib/../dist/src/unix/core.c:406
#16 0x0000fb0d5102a7c4 in nm_thread (worker0=0xfb0d5066e168)
at /work/src-10/external/mpl/bind/lib/libisc/../../dist/lib/isc/netmgr/netmgr.c:723
#17 0x0000fb0d510463d0 in isc__trampoline_run (arg=0xfb0d50e2d940)
at /work/src-10/external/mpl/bind/lib/libisc/../../dist/lib/isc/trampoline.c:215
It seems we need to make the code deal with car=NULL everywhere, unless we
find the culprit that corrupts memory or explicitly sets this pointer to
NULL.
Martin
Home |
Main Index |
Thread Index |
Old Index