[pkg-dhcp-devel] Bug#828972: isc-dhcp-server: segmentation fault in ddns.c during ipv6 DDNS updates

Alessandro Nozzoli alessandro.nozzoli at unifi.it
Wed Jun 29 13:22:19 UTC 2016 

Package: isc-dhcp-server
Version: 4.3.1-6+deb8u2
Severity: important
Tags: ipv6

Dear Maintainer,


After a random time depending on the amount of DDNS updates requested, a 
SEGV signo is
issued, causing the daemon to exit.

The core analysis reports:

Core was generated by `/usr/sbin/dhcpd -f -d -6 -cf 
/etc/dhcp/dhcpd6.conf -pf /var/run/dhcpd6.pid eth3'.
Program terminated with signal SIGSEGV, Segmentation fault.

(gdb) backtrace
#0  data_string_forget (data=data at entry=0x30, 
file=file at entry=0x7fcc65ece222 "ddns.c", line=line at entry=1780) at 
alloc.c:1281
#1  0x00007fcc65e942a2 in ddns_cb_free (ddns_cb=0x30, 
file=file at entry=0x7fcc65ece222 "ddns.c", line=line at entry=1780) at 
dns.c:584
#2  0x00007fcc65e78ed9 in ddns_removals (lease=lease at entry=0x0, 
lease6=lease6 at entry=0x7fcc663dbd90, add_ddns_cb=add_ddns_cb at entry=0x0,
     active=active at entry=isc_boolean_false) at ddns.c:1780
#3  0x00007fcc65e875c7 in move_lease_to_inactive 
(pool=pool at entry=0x7fcc66202690, lease=lease at entry=0x7fcc663dbd90, 
state=state at entry=3 '\003')
     at mdb6.c:1499
#4  0x00007fcc65e88f50 in expire_lease6 (leasep=0x7ffedfa76928, 
pool=0x7fcc66202690, now=1467201107) at mdb6.c:1550
#5  0x00007fcc65e8983f in lease_timeout_support (vpool=0x7fcc66202690) 
at mdb6.c:1916
#6  0x00007fcc65e9320d in isclib_timer_callback (taskp=<optimized out>, 
eventp=0x7fcc66055070) at dispatch.c:174
#7  0x00007fcc654becba in isc.taskmgr_dispatch () from 
/lib/x86_64-linux-gnu/libisc-export.so.95
#8  0x00007fcc654c2136 in ?? () from 
/lib/x86_64-linux-gnu/libisc-export.so.95
#9  0x00007fcc654c2c83 in ?? () from 
/lib/x86_64-linux-gnu/libisc-export.so.95
#10 0x00007fcc65e93351 in dispatch () at dispatch.c:114
#11 0x00007fcc65e48a1b in main (argc=<optimized out>, argv=<optimized 
out>) at dhcpd.c:804


The last lines in logfile are:

Added reverse map from 
3.6.2.e.1.0.0.0.0.0.0.0.0.0.0.0.5.0.0.1.5.0.c.2.0.6.7.0.1.0.0.2.ip6.arpa. 
to Marco-PC.lesc-ipv6
ddns.c(1278): Lease 2001:760:2c05:1005::1:e263 not found within pool.
Added reverse map from 
3.6.2.e.1.0.0.0.0.0.0.0.0.0.0.0.5.0.0.1.5.0.c.2.0.6.7.0.1.0.0.2.ip6.arpa. 
to Marco-PC.lesc-ipv6
ddns.c(1278): Lease 2001:760:2c05:1005::1:e263 not found within pool.
Renew message from fe80::4c7f:ea08:2dfd:fd6b port 546, transaction ID 
0x14ED6700
Reply NA: address 2001:760:2c05:1005::1:b609 to client with duid 
00:01:00:01:1b:30:89:53:e0:3f:49:86:cd:8f iaid = 518012745 valid for 
1800 seconds
ddns.c(1552): Failed to update internal lease structure with DDNS 
control block. Existing ddns_cb structure does not match 
expectations.IPv6=2001:760:2c05:1005::1:b609, old 
ddns_cb=0x7fcc66594320, triedto update to new ddns_cb=0x7fcc66594320
Sending Reply to fe80::4c7f:ea08:2dfd:fd6b port 546
Added new forward map from biancone.lesc-ipv6 to 
2001:760:2c05:1005::1:b609
Added reverse map from 
9.0.6.b.1.0.0.0.0.0.0.0.0.0.0.0.5.0.0.1.5.0.c.2.0.6.7.0.1.0.0.2.ip6.arpa. 
to biancone.lesc-ipv6
ddns.c(1278): Lease 2001:760:2c05:1005::1:b609 not found within pool.
Renew message from fe80::215:99ff:fe4b:1d8a port 546, transaction ID 
0xB83DD500
Discarding Renew from fe80::215:99ff:fe4b:1d8a; not our server 
identifier (CLIENTID 00:03:00:01:00:15:99:4b:1d:8a, SERVERID 
00:01:00:01:1d:6f:00:8c:00:50:56:00:00:03, server DUID 
00:01:00:01:1f:06:43:6b:00:50:56:00:00:03)
Renew message from fe80::215:99ff:fe4b:1d8a port 546, transaction ID 
0xB83DD500
Discarding Renew from fe80::215:99ff:fe4b:1d8a; not our server 
identifier (CLIENTID 00:03:00:01:00:15:99:4b:1d:8a, SERVERID 
00:01:00:01:1d:6f:00:8c:00:50:56:00:00:03, server DUID 
00:01:00:01:1f:06:43:6b:00:50:56:00:00:03)
Errore di segmentazione (core dump creato)


-- System Information:
Debian Release: 8.5
   APT prefers stable-updates
   APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages isc-dhcp-server depends on:
ii  debconf [debconf-2.0]  1.5.56
ii  debianutils            4.4+b1
ii  isc-dhcp-common        4.3.1-6+deb8u2
ii  libc6                  2.19-18+deb8u4
ii  libdns-export100       1:9.9.5.dfsg-9+deb8u6
ii  libirs-export91        1:9.9.5.dfsg-9+deb8u6
ii  libisc-export95        1:9.9.5.dfsg-9+deb8u6
ii  lsb-base               4.1+Debian13+nmu1

isc-dhcp-server recommends no packages.

Versions of packages isc-dhcp-server suggests:
pn  isc-dhcp-server-ldap  <none>

-- Configuration Files:
/etc/dhcp/dhcpd.conf changed:
ddns-update-style standard;
ddns-updates on;
key dhcpupdateV4 {
   algorithm hmac-md5;
   secret "/suLcXaBX/DnNSTE7OdqmA==";
};
option domain-name-servers 10.108.1.2;
option netbios-name-servers 10.108.1.4;
option subnet-mask 255.255.255.0;
option time-servers 150.217.4.5;
default-lease-time 21600;
max-lease-time 43200;
authoritative;
log-facility local4;
subnet 10.108.1.0 netmask 255.255.255.0 {
   range 10.108.1.200 10.108.1.249;
   option domain-name "lesc-lart";
   option broadcast-address 10.108.1.255;
   option routers 10.108.1.1;
}
host nas.lesc-lart {
   hardware ethernet 00:50:56:00:00:40;
   fixed-address 10.108.1.4;
}
host swlesc0.lesc-lart {
   hardware ethernet f4:8e:38:0b:8f:b9;
   fixed-address 10.108.1.244;
}
host swlesc-cnit.lesc-lart {
   hardware ethernet 00:30:6e:74:e6:80;
   fixed-address 10.108.1.245;
}
host swlesc1.lesc-lart {
   hardware ethernet 5c:26:0a:8c:05:4c;
   fixed-address 10.108.1.246;
}
host swlart1.lesc-lart {
   hardware ethernet 5c:26:0a:c0:26:cf;
   fixed-address 10.108.1.247;
}
host swlesc11.lesc-lart {
   hardware ethernet 5c:26:0a:c0:2f:17;
   fixed-address 10.108.1.248;
}
host swlesc12.lesc-lart {
   hardware ethernet 5c:26:0a:b4:4d:f6;
   fixed-address 10.108.1.249;
}
host RielloUPS.lesc-lart {
   hardware ethernet 60:19:29:00:67:09;
   fixed-address 10.108.1.251;
}
host web {
   hardware ethernet 00:50:56:00:00:30;
   fixed-address 10.108.3.33;
}
host doccia {
   hardware ethernet 00:50:56:00:00:32;
   fixed-address 10.108.3.199;
}
subnet 10.108.10.0 netmask 255.255.255.0 {
   range 10.108.10.100 10.108.10.150;
   ddns-domainname "dyn.lesc";
   option domain-name "lesc dyn.lesc";
   option domain-name-servers 10.108.1.2;
   option broadcast-address 10.108.10.255;
   option routers 10.108.10.1;
   zone dyn.lesc. {
     primary 10.108.1.2;
     key "dhcpupdatev4";
   }
}
host stampella.lesc {
   hardware ethernet 00:00:aa:a9:4d:4e;
   fixed-address 10.108.10.8;
}
host aleardo.lesc {
   hardware ethernet 00:00:aa:5c:08:1d;
   fixed-address 10.108.10.9;
}
host printer.lesc {
   hardware ethernet 00:00:aa:a9:63:a8;
   fixed-address 10.108.10.10;
}
host ursula.lesc {
   hardware ethernet 00:00:85:bb:2b:a8;
   fixed-address 10.108.10.11;
}
host bacheca.lesc {
   hardware ethernet 00:13:d4:e4:7b:c2;
   fixed-address 10.108.10.19;
}
host nas-delre.lesc {
   hardware ethernet 00:10:75:07:35:06;
   fixed-address 10.108.10.20;
}
host cubone.lesc {
   hardware ethernet 00:10:75:07:32:94;
   fixed-address 10.108.10.21;
}
host nas-lesc.lesc {
   hardware ethernet e0:46:9a:a0:64:39;
   fixed-address 10.108.10.22;
}
host nozzoli-desktop.lesc {
   hardware ethernet 00:1a:a0:35:cc:c5;
   fixed-address 10.108.10.170;
}
host nozzoli-laptop.lesc {
   hardware ethernet f0:76:1C:75:07:ae;
   fixed-address 10.108.10.171;
}
host piva-pc.lesc {
   hardware ethernet 00:25:64:a2:06:59;
   fixed-address 10.108.10.172;
}
host dellalenew.lesc {
   hardware ethernet 00:24:9b:0a:1d:23;
   fixed-address 10.108.10.173;
}
host dante.lesc {
   hardware ethernet 00:22:19:29:14:ed;
   fixed-address 10.108.10.174;
}
host marco-mcwin.lesc {
   hardware ethernet 00:26:4a:18:3d:d0;
   fixed-address 10.108.10.175;
}
host giotto.lesc {
   hardware ethernet 00:22:64:9c:76:3c;
   fixed-address 10.108.10.180;
}
host vasari.lesc {
   hardware ethernet 90:e6:ba:ab:00:ea;
   fixed-address 10.108.10.181;
}
host forlab.lesc {
   hardware ethernet 00:02:a5:3f:f1:72;
   fixed-address 10.108.10.182;
}
host virgilio.lesc {
   hardware ethernet 90:b1:1c:7d:7e:7b;
   fixed-address 10.108.10.183;
}
host scanner.lesc {
   hardware ethernet 00:17:08:2a:9d:03;
   fixed-address 10.108.10.190;
}
subnet 10.108.20.0 netmask 255.255.255.0 {
   range 10.108.20.50 10.108.20.99;
   option domain-name "lart";
   option broadcast-address 10.108.20.255;
   option routers 10.108.20.1;
}
host lartattack.lart {
   hardware ethernet 00:15:99:4b:1d:8a;
   fixed-address 10.108.20.8;
}
host dania-pc.lart {
   hardware ethernet 78:2b:cb:7f:33:fe;
   fixed-address 10.108.20.100;
}
host francis-pc.lart {
   hardware ethernet 78:2b:cb:7f:20:be;
   fixed-address 10.108.20.101;
}
host dario-pc.lart {
   hardware ethernet 90:b1:1c:77:c5:9c;
   fixed-address 10.108.20.102;
}
host tommy-pc.lart {
   hardware ethernet 34:15:9e:17:01:40;
   fixed-address 10.108.20.120;
}
host nightwatch.lart {
   hardware ethernet d4:be:d9:98:45:14;
   fixed-address 10.108.20.147;
}
host kali.lart {
   hardware ethernet 78:2b:cb:7f:22:98;
   fixed-address 10.108.20.148;
}


-- debconf information:
   isc-dhcp-server/interfaces: eth0 eth2 eth3 eth4

More information about the pkg-dhcp-devel mailing list