> Op 15 apr. 2014 om 13:13 heeft Kenneth Westerback <kwesterb...@gmail.com> het > volgende geschreven: > >> On 15 April 2014 08:34, Otto Moerbeek <o...@drijf.net> wrote: >>> On Mon, Apr 14, 2014 at 09:32:43PM -0400, sven falempin wrote: >>> >>> so i got gdb back to the machine because i cannot reproduce outside of the >>> box. >>> gdb too old cannot gcore. >>> >>> The state is nasty, but i do get the trace of the dhcp transaction. >>> >>> [..] >>> DHCPREQUEST on trunk0 to 255.255.255.255 port 67 >>> DHCPACK from 10.0.0.254 (96:4f:87:9c:ad:67) >>> >>> Program received signal SIGSEGV, Segmentation fault. >>> 0x1c005b26 in add_classless_static_routes (rdomain=13684944, >>> classless_static_routes=0x0) at /usr/src/sbin/dhclient/dhclient.c:2408 >>> 2408 /usr/src/sbin/dhclient/dhclient.c: No such file or directory. >>> in /usr/src/sbin/dhclient/dhclient.c >>> (gdb) bt >>> #0 0x1c005b26 in add_classless_static_routes (rdomain=13684944, >>> classless_static_routes=0x0) at /usr/src/sbin/dhclient/dhclient.c:2408 >>> #1 0xd0d0d0d0 in ?? () >>> #2 0x00d0d0d0 in ?? () >>> #3 0x00000000 in ?? () >> >> ... the line in 5.4 is : >> >> 2405: i += bytes; >> 2406: >> 2407: memset(&gateway, 0, sizeof(gateway)); >> 2408: memcpy(&gateway, &classless_static_routes->data[i], 4); >> >> The memcpy segfaults. > > Not surprising *if* the gdb info is correct and the pointer parameter > 'classless_static_routes' is NULL. :-) > >> Current and 5.5 have a rewritten version of this code. >> Can you reproduce on current? > > That would be good to check, but if there a NULL pointer being passed > I fear it will still fault. > >> >> -Otto > > [snip] > >>> >>> 1397524674.011308 96:4f:87:9c:ad:67 fe:e1:ba:d0:8e:d0 0800 373: >>> 10.0.0.254.67 > 10.0.0.126.68: xid:0x95ce17 Y:10.0.0.126 S:10.0.0.254 >>> vend-rfc1048 DHCP:ACK SID:10.0.0.254 LT:43200 RN:21600 RB:37800 >>> SM:255.255.255.0 BR:10.0.0.255 HN:"ulis-v12-GW" >>> T121:415279105,3232236030,415279114,3232236030,3232236030,167772414 >>> NS:10.0.0.254 DG:10.0.0.254 (DF) >>> 0000: fee1 bad0 8ed0 964f 879c ad67 0800 4500 .......O...g..E. >>> 0010: 0167 0000 4000 4011 240b 0a00 00fe 0a00 .g..@.@.$....... >>> 0020: 007e 0043 0044 0153 9aa6 0201 0600 0095 .~.C.D.S........ >>> 0030: ce17 0000 0000 0000 0000 0a00 007e 0a00 .............~.. >>> 0040: 00fe 0000 0000 fee1 bad0 8ed0 0000 0000 ................ >>> 0050: 0000 0000 0000 0000 0000 0000 0000 0000 ................ >>> 0060: 0000 0000 0000 0000 0000 0000 0000 0000 ................ >>> 0070: 0000 0000 0000 0000 0000 0000 0000 0000 ................ >>> 0080: 0000 0000 0000 0000 0000 0000 0000 0000 ................ >>> 0090: 0000 0000 0000 0000 0000 0000 0000 0000 ................ >>> 00a0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ >>> 00b0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ >>> 00c0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ >>> 00d0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ >>> 00e0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ >>> 00f0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ >>> 0100: 0000 0000 0000 0000 0000 0000 0000 0000 ................ >>> 0110: 0000 0000 0000 6382 5363 3501 0536 040a ......c.Sc5..6.. >>> 0120: 0000 fe33 0400 00a8 c03a 0400 0054 603b ...3.....:...T`; >>> 0130: 0400 0093 a801 04ff ffff 001c 040a 0000 ................ >>> 0140: ff0c 0b75 6c69 732d 7631 322d 4757 7918 ...ulis-v12-GWy. >>> 0150: 18c0 a801 c0a8 01fe 18c0 a80a c0a8 01fe ................ >>> 0160: c0a8 01fe 0a00 00fe 0604 0a00 00fe 0304 ................ >>> 0170: 0a00 00fe ff ..... > > Pulling out the options provided we get > > Options > ======= > > 6382 5363 /* Cookie */ > 35 01 05 /* DHCP message type */ > 36 04 0a 00 00 fe /* DHCP server id */ > 33 04 00 00 a8 c0 /* DHCP lease time */ > 3a 04 00 00 54 60 /* DHCP renewal time */ > 3b 04 00 00 93 a8 /* DHCP rebinding time */ > 01 04 ff ff ff 00 /* Subnet Mask */ > 1c 04 0a 00 00 ff /* Broadcast Address */ > 0c 0b 75 6c 69 73 2d 76 31 32 2d 47 57 /* Hostname */ > 79 18 18 c0 a8 01 c0 a8 01 fe 18 c0 a8 0a c0 a8 01 fe c0 a8 01 fe 0a > 00 00 fe /Classless static routes */ > 06 04 0a 00 00 fe /* Domain Name Servers */ > 03 04 0a 00 00 fe /* Routers */ > ff /* End of Options */ > > > And looking at the classless static routes closer we see > > 79 18 > 18 c0 a8 01 c0 a8 01 fe /* 192.168.1/24 via 192.168.1.254 */ > 18 c0 a8 0a c0 a8 01 fe /* 192.168.10/24 via 192.168.1.254 */ > c0 a8 01 fe 0a 00 00 fe /* ??? */ > > Where the last one is, to use the technical term, fucked. It seems to > specify a network with 'c0' == 192 bits. I can't see how this would > cause > a NULL pointer to be passed though. > > .... Ken
I think the NULL is a red herring. If I see thing correctly the value comes from an & expression which should never be NULL. It's pretty common for gdb to get locals or rags wrong or maybe the stack is smashed. -Otto
