New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 757635 link

Starred by 1 user
Status: Available
Owner: ----
Cc:
abhishekbh@chromium.org
kirtika@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug



Sign in to add a comment

dhcpcd crashes

Project Member Reported by cernekee@chromium.org, Aug 21 2017 
The top crash on crash.corp for dhcpcd involves NULL pointer dereferences in arp_packet():

https://goto.google.com/ossih

		/* Run the conflicts */
		TAILQ_FOREACH_SAFE(astate, &state->arp_states, next, astaten) {
			if (astate->conflicted_cb)
				astate->conflicted_cb(astate, &arm);
		}

Newer versions of dhcpcd have refactored this code and changed |state| from struct dhcp_state to struct iarp_state.  It's not immediately clear to me what is going wrong.


The most *easily reproducible* crash for dhcpcd is triggered by `killall -SEGV shill`.  I think this happens any time shill crashes.  It appears to be a NULL pointer dereference in stop_interface():

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0000590500416c23 in stop_interface (ifp=0x792c3b2bcbd8 <main_arena+88>) at dhcpcd.c:334
334		ifp->options->options |= DHCPCD_STOPPING;
(gdb) bt
#0  0x0000590500416c23 in stop_interface (ifp=0x792c3b2bcbd8 <main_arena+88>) at dhcpcd.c:334
#1  0x0000590500417182 in dhcpcd_stop_interfaces (ctx=0x7ffd8140ba08) at dhcpcd.c:1067
#2  0x0000590500453827 in dhcpcd_dbus_filter (conn=0x5905019d0210, msg=0x5905019d1e70, 
    user_data=0x0) at dbus/rpc-dbus.c:674

Comment 1 by sjg@google.com, Aug 30 2017

Owner: sjg@chromium.org
Claiming for starter bug

Comment 2 by sjg@chromium.org, Sep 1 2017

Owner: athilenius@chromium.org
Status: Assigned (was: Available)
To Alec

Comment 3 by athilenius@chromium.org, May 29 2018

Owner: ----
Status: Available (was: Assigned)

Comment 4 by marcuskoehler@chromium.org, Jan 15

Labels: Enterprise-Triaged

Sign in to add a comment