occasional crashes: glibc detected double free or corruption

Bug #674645 reported by Dave Walker on 2010-11-12
16
This bug affects 1 person
Affects Status Importance Assigned to Milestone
dnsmasq (Debian)
Fix Released
Unknown
dnsmasq (Ubuntu)
Medium
Dave Walker
Lucid
Undecided
Unassigned
Maverick
Undecided
Unassigned

Bug Description

Binary package hint: dnsmasq

*** glibc detected *** /usr/sbin/dnsmasq: double free or corruption (top): 0x08ab60b8 ***

(As initially reported: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2010q3/004369.html)

IMPACT: Under heavy work load, dnsmasq occasionally crashes.
RESOLUTION: Patch on upstream, as linked in report
REPRODUCE: Put dnsmasq under heavy work load, with frequent requests - and watch for crash.
REGRESSION POTENTIAL: Low, patch in both upstream trunk, Natty and Debian already.

Dave Walker (davewalker) on 2010-11-12
Changed in dnsmasq (Ubuntu):
status: New → Confirmed
assignee: nobody → Dave Walker (davewalker)
importance: Undecided → Medium
Dave Walker (davewalker) wrote :

This is fixed on Natty, with a trivial patch.

Requires backporting to Lucid and Maverick.

dann frazier (dannf) wrote :

On 12/11/10 19:09, Dave Walker wrote:
> Public bug reported:
>
> Binary package hint: dnsmasq
>
> *** glibc detected *** /usr/sbin/dnsmasq: double free or corruption
> (top): 0x08ab60b8 ***
>
> (As initially reported: http://lists.thekelleys.org.uk/pipermail
> /dnsmasq-discuss/2010q3/004369.html)
>

This was fixed in Debian with 2.55-2. That will be added to Ubuntu
automatically, yes?

Simon.

Dave Walker (davewalker) on 2010-11-12
description: updated
tags: added: patch
Dave Walker (davewalker) wrote :

@Simon, yes - It is fixed in the latest development version via the fix from Debian. However, the fix will not automatically happen in both Maverick and Lucid.

Martin Pitt (pitti) wrote :

> This is fixed on Natty, with a trivial patch.

.. so please close the bug.

Thanks!

Changed in dnsmasq (Ubuntu):
status: Confirmed → Fix Released
Changed in dnsmasq (Ubuntu Lucid):
status: New → Fix Committed
tags: added: verification-needed

Accepted dnsmasq into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Imre Gergely (cemc) wrote :

I've managed to reproduce the crash 3 consecutive times, like this:

- installed dnsmasq on the host (ubuntu 10.04 64bit), and started it like this:

/usr/sbin/dnsmasq -d -x /var/run/dnsmasq/dnsmasq.pid -udnsmasq -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --dhcp-option=3,172.16.21.253 --dhcp-script=/tmp/myscript.sh

- myscript.sh contains the following:

#!/bin/bash

sleep 10
echo $@
exit 0

- ran 4 ubuntu guests in KVM
- logged in on every guest, and ran the following command from console:

while [ true ]; do dhclient3 eth0 ; done (this basically renews the lease on the guests all the time, generating some load for dnsmasq)

After ~10 minutes dnsmasq crashed with "*** glibc detected *** /usr/sbin/dnsmasq: double free or corruption (fasttop): 0x00000000006a1040 ***" (this happened 3 times out of 3 runs).

After installing the package from -proposed, I tried once more, same setup but it did not crash. It's been running like this for >30 minutes.

I'll let it run for a couple of hours to see if anything happens.

Imre Gergely (cemc) wrote :

It ran for over 8 hours and it did not crash. I consider this a successful test.

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package dnsmasq - 2.52-1ubuntu0.1

---------------
dnsmasq (2.52-1ubuntu0.1) lucid-proposed; urgency=low

  * src/rfc2131.c: Fix crash on double free. Patch courtesy of
    upstream. (LP: #674645)
 -- Dave Walker (Daviey) <email address hidden> Fri, 12 Nov 2010 13:18:56 -0600

Changed in dnsmasq (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in dnsmasq (Debian):
status: Unknown → Fix Released
Rolf Leggewie (r0lf) wrote :

Maverick has long since stopped to receive any updates. Marking the Maverick task for this ticket as "Won't Fix".

Changed in dnsmasq (Ubuntu Maverick):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.