Bug#916288: kea-dhcp4-server: Segfault after running for several minutes

[Bernhard Übelacker]

Hello Anton,

> (gdb)   print/x $rax
> $7 = 0x0
> (gdb) print stmt->mysql
> $8 = (MYSQL *) 0x0
> (gdb) print *stmt->mysql
> Cannot access memory at address 0x0

>> (gdb) list libmysql.c:4134
>> 4134  if (stmt->mysql->options.report_data_truncation)

That null pointer seems to be the problem here, as the mysql client
dereferences it unconditionally.


>> I looked through upstream git history and commits [1] and [2] might be
>> related: they disable automatic reconnects.
>> No such commit seem to have reached the stretch version of kea-dhcp:
>> ./isc-kea-1.1.0/src/lib/dhcpsrv/mysql_connection.cc:138:    my_bool
>> auto_reconnect = MLM_TRUE;
> Hmmm ... but if you disable autoreconnect, doesn't this means each time
> you restart your database server for any reason your dhcp server would
> become in a not working state and it would require restart also?

I fear this needs to be answered by the package maintainers or upstream 
developers.

Kind regards,
Bernhard

Bug#916288: kea-dhcp4-server: Segfault after running for several minutes

[Anton Avramov]

Hello Burnhard,

On 2018-12-15 9:02 a.m., Bernhard Übelacker wrote:

Hello Anton,

On Fri, 14 Dec 2018 16:34:23 -0500 Anton Avramov  wrote:

Hello Bernhard,

Well no. I've actually installed. apt install
libmariadbclient18=10.1.26-0+deb9u1 libmariadbclient18-dbgsym

(gdb) display/i $pc
2: x/i $pc
=> 0x7479eccc :    movzbl 0x451(%rax),%eax

At this instruction $rax seems to contain the address stored in stmt->mysql.
This address seems to be invalid in your process.
And therefore accessing the options member crashes.


Could you please add the output of following commands, when the crash happened:
   print/x $rax
   print stmt->mysql
   print stmt
   set print pretty on
   print *stmt
   print *stmt->mysql
   set print pretty off
   up
   print 
conn_.statements_[isc::dhcp::MySqlHostDataSourceImpl::GET_HOST_SUBID4_DHCPID]
   up
   x/6xb identifier_begin


Here is the output of the requested commands:

(gdb)   print/x $rax
$7 = 0x0
(gdb) print stmt->mysql
$8 = (MYSQL *) 0x0
(gdb) print stmt
$9 = (MYSQL_STMT *) 0x558f6be8
(gdb) set print pretty on
(gdb) print *stmt
$10 = {
  mem_root = {
    free = 0x558f6f28,
    used = 0x558f9cb8,
    pre_alloc = 0x558f6f28,
    min_malloc = 32,
    block_size = 2009,
    block_num = 6,
    first_block_usage = 0,
    error_handler = 0x0
  },
  list = {
    prev = 0x0,
    next = 0x558f2c70,
    data = 0x558f6be8
  },
  mysql = 0x0,
  params = 0x558f9cd0,
  bind = 0x558f9e20,
  fields = 0x558f7770,
  result = {
    data = 0x0,
    embedded_info = 0x0,
    alloc = {
  free = 0x558f8c88,
  used = 0x0,
  pre_alloc = 0x558f8c88,
  min_malloc = 24,
  block_size = 4057,
  block_num = 4,
  first_block_usage = 0,
  error_handler = 0x0
    },
    rows = 0,
    fields = 0,
---Type  to continue, or q  to quit---
    extension = 0x0
  },
  data_cursor = 0x0,
  read_row_func = 0x7479d630 ,
  affected_rows = 18446744073709551615,
  insert_id = 0,
  stmt_id = 4269,
  flags = 0,
  prefetch_rows = 1,
  server_status = 2,
  last_errno = 2013,
  param_count = 3,
  field_count = 18,
  state = MYSQL_STMT_PREPARE_DONE,
  last_error = "Lost connection to MySQL server during query", '\000' 
,

  sqlstate = "HY000",
  send_types_to_server = 1 '\001',
  bind_param_done = 1 '\001',
  bind_result_done = 1 '\001',
  unbuffered_fetch_cancelled = 0 '\000',
  update_max_length = 0 '\000',
  extension = 0x558e7948
}
(gdb) print *stmt->mysql
Cannot access memory at address 0x0
(gdb) set print pretty off
(gdb) up
#1  0x77a9ed19 in 
isc::dhcp::MySqlHostDataSourceImpl::getHostCollection (this=0x558d6840,
stindex=isc::dhcp::MySqlHostDataSourceImpl::GET_HOST_SUBID4_DHCPID, 
bind=0x7fffd340, exchange=...,

    result=std::vector of length 0, capacity 0, single=true)
    at ../../../../src/lib/dhcpsrv/mysql_host_data_source.cc:2262
2262    ../../../../src/lib/dhcpsrv/mysql_host_data_source.cc: Няма 
такъв файл или директория.
(gdb) print 
conn_.statements_[isc::dhcp::MySqlHostDataSourceImpl::GET_HOST_SUBID4_DHCPID]

$11 = (st_mysql_stmt *) 0x558f6be8
(gdb) up
#2  0x77a9f540 in isc::dhcp::MySqlHostDataSourceImpl::getHost 
(this=0x558d6840,
    subnet_id=@0x7fffd8ac: 1, identifier_type=@0x55883830: 
isc::dhcp::Host::IDENT_HWADDR,

    identifier_begin=0x55834300 "\b", identifier_len=6,
stindex=isc::dhcp::MySqlHostDataSourceImpl::GET_HOST_SUBID4_DHCPID, 
exchange=...)

    at ../../../../src/lib/dhcpsrv/mysql_host_data_source.cc:2345
2345    in ../../../../src/lib/dhcpsrv/mysql_host_data_source.cc
(gdb) x/6xb identifier_begin
0x55834300:    0x08    0x00    0x27    0x04    0xcc    0x0e




The last line should output 6 bytes showing the MAC address of the
requesting client. Maybe you could check if that crash is
triggered always by the same client or kind of client.
Each time the identifier is different, so I would say it is not caused 
by a particular client.

The clients are identical dhclient that is the default with debian


I looked through upstream git history and commits [1] and [2] might be
related: they disable automatic reconnects.
No such commit seem to have reached the stretch version of kea-dhcp:
./isc-kea-1.1.0/src/lib/dhcpsrv/mysql_connection.cc:138:my_bool 
auto_reconnect = MLM_TRUE;
Hmmm ... but if you disable autoreconnect, doesn't this means each time 
you restart your database server for any reason your dhcp server would 
become in a not working state and it would require restart also?



Kind regards,
Bernhard

Thank you very much for all your effort.
Best regards.



(gdb) list libmysql.c:4134
4129  field->type, param_count);
4130  DBUG_RETURN(1);
4131}
4132  }
4133  stmt->bind_result_done= BIND_RESULT_DONE;
4134  if (stmt->mysql->options.report_data_truncation)
4135stmt->bind_result_done|= REPORT_DATA_TRUNCATION;
4136
4137  DBUG_RETURN(0);
4138}


[1] 

Bug#916288: kea-dhcp4-server: Segfault after running for several minutes

[Bernhard Übelacker]

Hello Anton,

On Fri, 14 Dec 2018 16:34:23 -0500 Anton Avramov  wrote:
> Hello Bernhard,
> 
> Well no. I've actually installed. apt install 
> libmariadbclient18=10.1.26-0+deb9u1 libmariadbclient18-dbgsym
> 
> (gdb) display/i $pc
> 2: x/i $pc
> => 0x7479eccc :    movzbl 0x451(%rax),%eax

At this instruction $rax seems to contain the address stored in stmt->mysql.
This address seems to be invalid in your process.
And therefore accessing the options member crashes.


Could you please add the output of following commands, when the crash happened:
  print/x $rax
  print stmt->mysql
  print stmt
  set print pretty on
  print *stmt
  print *stmt->mysql
  set print pretty off
  up
  print 
conn_.statements_[isc::dhcp::MySqlHostDataSourceImpl::GET_HOST_SUBID4_DHCPID]
  up
  x/6xb identifier_begin


The last line should output 6 bytes showing the MAC address of the
requesting client. Maybe you could check if that crash is
triggered always by the same client or kind of client.


I looked through upstream git history and commits [1] and [2] might be
related: they disable automatic reconnects.
No such commit seem to have reached the stretch version of kea-dhcp:
./isc-kea-1.1.0/src/lib/dhcpsrv/mysql_connection.cc:138:my_bool 
auto_reconnect = MLM_TRUE;


Kind regards,
Bernhard


(gdb) list libmysql.c:4134
4129  field->type, param_count);
4130  DBUG_RETURN(1);
4131}
4132  }
4133  stmt->bind_result_done= BIND_RESULT_DONE;
4134  if (stmt->mysql->options.report_data_truncation)
4135stmt->bind_result_done|= REPORT_DATA_TRUNCATION;
4136
4137  DBUG_RETURN(0);
4138}


[1] 
https://gitlab.isc.org/isc-projects/kea/commit/9881ef6d772f27de82c048e198ba0ff9e71b9351
[2] 
https://gitlab.isc.org/isc-projects/kea/commit/6b278a3f54ecf6bd6e2d381047a9eced4bf165f5


# From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916288#5

Thread 1 "kea-dhcp4" received signal SIGSEGV, Segmentation fault.
0x747f525c in mysql_stmt_bind_result () from 
/usr/lib/x86_64-linux-gnu/libmariadbclient.so.18
(gdb) (gdb) bt
#0  0x747f525c in mysql_stmt_bind_result () from 
/usr/lib/x86_64-linux-gnu/libmariadbclient.so.18
#1  0x77a9ed19 in ?? () from 
/usr/lib/x86_64-linux-gnu/libkea-dhcpsrv.so.6
#2  0x77a9f540 in ?? () from 
/usr/lib/x86_64-linux-gnu/libkea-dhcpsrv.so.6
#3  0x77aa0551 in isc::dhcp::MySqlHostDataSource::get4(unsigned int 
const&, isc::dhcp::Host::IdentifierType const&, unsigned char const*, unsigned 
long) const ()from /usr/lib/x86_64-linux-gnu/libkea-dhcpsrv.so.6
#4  0x77a5acba in isc::dhcp::HostMgr::get4(unsigned int const&, 
isc::dhcp::Host::IdentifierType const&, unsigned char const*, unsigned long) 
const ()from /usr/lib/x86_64-linux-gnu/libkea-dhcpsrv.so.6
#5  0x779eeb8c in boost::shared_ptr 
boost::_mfi::cmf4, isc::dhcp::HostMgr, 
unsigned int const&, isc::dhcp::Host::IdentifierType const&, unsigned char 
const*, unsigned long>::call(isc::dhcp::HostMgr* const&, void const*, unsigned int const&, 
isc::dhcp::Host::IdentifierType const&, unsigned char const*&, unsigned long&) 
const () from /usr/lib/x86_64-linux-gnu/libkea-dhcpsrv.so.6
#6  0x779ed9b1 in boost::shared_ptr 
boost::_mfi::cmf4, isc::dhcp::HostMgr, 
unsigned int const&, isc::dhcp::Host::IdentifierType const&, unsigned char 
const*, unsigned long>::operator()(isc::dhcp::HostMgr* 
const&, unsigned int const&, isc::dhcp::Host::IdentifierType const&, unsigned 
char const*, unsigned long) const () from 
/usr/lib/x86_64-linux-gnu/libkea-dhcpsrv.so.6
#7  0x779ec881 in boost::shared_ptr 
boost::_bi::list5, boost::arg<1>, 
boost::arg<2>, boost::arg<3>, boost::arg<4> 
>::operator(), 
boost::_mfi::cmf4, isc::dhcp::HostMgr, 
unsigned int const&, isc::dhcp::Host::IdentifierType const&, unsigned char 
const*, unsigned long>, boost::_bi::rrlist4 
>(boost::_bi::type >, 
boost::_mfi::cmf4, isc::dhcp::HostMgr, 
unsigned int const&, isc::dhcp::Host::IdentifierType const&, unsigned char 
const*, unsigned long>&, boost::_bi::rrlist4&, 
long) () from /usr/lib/x86_64-linux-gnu/libkea-dhcpsrv.so.6
#8  0x779eadbe in boost::shared_ptr 
boost::_bi::bind_t, 
boost::_mfi::cmf4, isc::dhcp::HostMgr, 
unsigned int const&, isc::dhcp::Host::IdentifierType const&, unsigned char 
const*, unsigned long>, 
boost::_bi::list5, boost::arg<1>, 
boost::arg<2>, boost::arg<3>, boost::arg<4> > >::operator()(unsigned int const&, isc::dhcp::Host::IdentifierType const&, unsigned 
char const*&&, unsigned long&&) () from 
/usr/lib/x86_64-linux-gnu/libkea-dhcpsrv.so.6
#9  0x779e83e8 in 
boost::detail::function::function_obj_invoker4, boost::_mfi::cmf4, 
isc::dhcp::HostMgr, unsigned int const&, isc::dhcp::Host::IdentifierType 
const&, unsigned char const*, unsigned long>, 
boost::_bi::list5, boost::arg<1>, 
boost::arg<2>, boost::arg<3>, boost::arg<4> > >, 
boost::shared_ptr, unsigned int const&, 
isc::dhcp::Host::IdentifierType const&, unsigned char const*, unsigned 

Bug#916288: kea-dhcp4-server: Segfault after running for several minutes

[Anton Avramov]

Hello Bernhard,

On 2018-12-14 12:38 p.m., Bernhard Übelacker wrote:

Hello Anton,
sorry, did completely miss the option that upstream could
also provide dbgsym packages ...

Just to be sure, the last backtrace was retrieved with upstream
binaries of version 10.2.19+maria~stretch?
And debug symbols are contained in libmariadb3-dbgsym?


Well no. I've actually installed. apt install 
libmariadbclient18=10.1.26-0+deb9u1 libmariadbclient18-dbgsym


I've tried libmariadb3 libmariadb3-dbgsym, but then the servers doesn't 
lease an IP at all. In the log I just see:


2018-12-14 21:29:28.325 INFO  [kea-dhcp4.leases/2286] DHCP4_LEASE_ADVERT 
[hwtype=1 08:00:27:04:cc:0e], cid=[no info], tid=0xc3158b1a: lease 
172.16.66.12 will be advertised
2018-12-14 21:29:28.327 ERROR [kea-dhcp4.alloc-engine/2286] 
ALLOC_ENGINE_V4_ALLOC_ERROR [hwtype=1 08:00:27:04:cc:0e], cid=[no info], 
tid=0xc3158b1a: error during attempt to allocate an IPv4 address: unable 
to bind parameters for valid_lifetime, expire, subnet_id, fqdn_fwd, fqdn_rev, hostname, state) 
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)>, reason:  (error code 0)





Because your last backtrace shows mysql_stmt_bind_result
from "./libmysql/libmysql.c:4134".
But in [1] I just found a "./libmysqld/libmysql.c"
(the directory is not equal).
And in that line 4134 is the end of the expected function.

But attaching a debugger to a live process and setting a breakpoint
to mysql_stmt_bind_result shows ./libmariadb/libmariadb/mariadb_stmt.c:1210
in my test environment.
And in that file is another implementation for mysql_stmt_bind_result ...

Therefore you probably can supply another backtrace with the output of
following additional commands?

   display/i $pc
   info share

(gdb) display/i $pc
2: x/i $pc
=> 0x7479eccc :    movzbl 0x451(%rax),%eax

(gdb) info share
From    To  Syms Read   Shared Object Library
0x77dd9aa0  0x77df5070  Yes /lib64/ld-linux-x86-64.so.2
0x779c2330  0x77b0aad0  Yes 
/usr/lib/x86_64-linux-gnu/libkea-dhcpsrv.so.6
0x7747fd00  0x774a3802  Yes 
/usr/lib/x86_64-linux-gnu/libkea-eval.so.4
0x77204d80  0x7722901c  Yes 
/usr/lib/x86_64-linux-gnu/libkea-dhcp_ddns.so.1
0x76f9aa20  0x76fa8ab5  Yes 
/usr/lib/x86_64-linux-gnu/libkea-stats.so.1
0x76d49190  0x76d6316a  Yes 
/usr/lib/x86_64-linux-gnu/libkea-cfgclient.so.2
0x76a184f0  0x76ab5b1b  Yes 
/usr/lib/x86_64-linux-gnu/libkea-dhcp++.so.4
0x766b5fb0  0x766cd099  Yes 
/usr/lib/x86_64-linux-gnu/libkea-asiolink.so.3
0x76457c00  0x7646c56d  Yes 
/usr/lib/x86_64-linux-gnu/libkea-cc.so.1
0x76229420  0x7622ce37  Yes 
/usr/lib/x86_64-linux-gnu/libkea-cryptolink.so.1
0x75ffb2d0  0x7600f8b6  Yes 
/usr/lib/x86_64-linux-gnu/libkea-hooks.so.2
0x75d95ce0  0x75daeca9  Yes 
/usr/lib/x86_64-linux-gnu/libkea-log.so.2
0x75b0ac90  0x75b3be06  Yes 
/usr/lib/x86_64-linux-gnu/libkea-util.so.2
0x758b2370  0x758b29f3  Yes 
/usr/lib/x86_64-linux-gnu/libkea-exceptions.so.0
0x756ae060  0x756aed06  Yes (*) 
/usr/lib/x86_64-linux-gnu/libboost_system.so.1.62.0
0x753b67e0  0x7545ed49  Yes (*) 
/usr/lib/x86_64-linux-gnu/libstdc++.so.6
0x75116a90  0x75126895  Yes (*) 
/lib/x86_64-linux-gnu/libgcc_s.so.1

0x74d94940  0x74ebe3d3  Yes /lib/x86_64-linux-gnu/libc.so.6
0x74799e00  0x7483ffec  Yes 
/usr/lib/x86_64-linux-gnu/libmariadbclient.so.18
0x7454b8e0  0x74565ab4  Yes (*) 
/usr/lib/x86_64-linux-gnu/libpq.so.5
0x7432aab0  0x74337811  Yes 
/lib/x86_64-linux-gnu/libpthread.so.0
0x74017d70  0x740c3103  Yes 
/usr/lib/x86_64-linux-gnu/libkea-dns++.so.1
0x73d184c0  0x73d1b4f7  Yes 
/usr/lib/x86_64-linux-gnu/libkea-threads.so.1
0x73ac57f0  0x73af8e91  Yes (*) 
/usr/lib/x86_64-linux-gnu/liblog4cplus-1.1.so.9
0x73646000  0x737dca39  Yes (*) 
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1

0x733b8d80  0x733b994e  Yes /lib/x86_64-linux-gnu/libdl.so.2
0x730b9680  0x731258da  Yes /lib/x86_64-linux-gnu/libm.so.6
0x72eae0e0  0x72eb0ecf  Yes /lib/x86_64-linux-gnu/librt.so.1
0x72c941c0  0x72ca4afe  Yes (*) 
/lib/x86_64-linux-gnu/libz.so.1
0x72a21980  0x72a6b3e6  Yes (*) 
/usr/lib/x86_64-linux-gnu/libssl.so.1.1
0x727c4f80  0x727f46b9  Yes (*) 
/usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2
0x725763a0  0x725a5aa2  Yes (*) 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
0x722b3740  0x7230e1e5  Yes (*) 
/usr/lib/x86_64-linux-gnu/libkrb5.so.3
0x7205fa70  0x7207c790  Yes (*) 
/usr/lib/x86_64-linux-gnu/libk5crypto.so.3

---Type  to continue, or q  to quit---
0x71e583c0  0x71e58f83  Yes (*) 

Bug#916288: kea-dhcp4-server: Segfault after running for several minutes

[Bernhard Übelacker]

Hello Anton,
sorry, did completely miss the option that upstream could
also provide dbgsym packages ...

Just to be sure, the last backtrace was retrieved with upstream
binaries of version 10.2.19+maria~stretch?
And debug symbols are contained in libmariadb3-dbgsym?

Because your last backtrace shows mysql_stmt_bind_result
from "./libmysql/libmysql.c:4134".
But in [1] I just found a "./libmysqld/libmysql.c"
(the directory is not equal).
And in that line 4134 is the end of the expected function.

But attaching a debugger to a live process and setting a breakpoint
to mysql_stmt_bind_result shows ./libmariadb/libmariadb/mariadb_stmt.c:1210
in my test environment.
And in that file is another implementation for mysql_stmt_bind_result ...

Therefore you probably can supply another backtrace with the output of
following additional commands?

  display/i $pc
  info share

And maybe what this command outputs:
  ls -lisah /usr/lib/x86_64-linux-gnu/{*maria*,*mysql*}

Kind regards,
Bernhard


[1] Get:1 http://mirror.23media.de/mariadb/repo/10.2/debian stretch/main 
mariadb-10.2 10.2.19+maria~stretch (dsc) [3275 B]
Get:2 http://mirror.23media.de/mariadb/repo/10.2/debian stretch/main 
mariadb-10.2 10.2.19+maria~stretch (tar) [45.6 MB]

Bug#916288: kea-dhcp4-server: Segfault after running for several minutes

[Anton Avramov]

Hi Bernhard,

Thank you for replying.

On 2018-12-13 11:15 a.m., Bernhard Übelacker wrote:

Hello Anton Avramov,
not involved in packaging of isc-kea I just read
your report and may have some points.

Why do you use the upstream binary of libmariadbclient.so.18.
Is the stretch packaged version 10.1.37-0+deb9u1 too old? [1]
Yes. We are using mariadb 2.10 for our implementation across hundreds of 
installations. We don't have problems with the other services connecting 
to mariadb using the installed libmariadbclient


And it looks like you installed the debug symbol package 
kea-dhcp4-server-dbgsym?
Maybe you could also add kea-common-dbgsym?
And if it fails with libmariadbclient18 from stretch also
I would have suggested to install libmariadbclient18-dbgsym,
but unfortunately it looks like there are no debug symbols from
security packages broadly available [2].
OK. I've installed libmariadbclient18-dbgsym from the upstream packages 
with the corresponding libmariadbclient18 package.


Here is the result:

---

Thread 1 "kea-dhcp4" received signal SIGSEGV, Segmentation fault.
mysql_stmt_bind_result (stmt=0x558f6be8, my_bind=) at 
./libmysql/libmysql.c:4134

4134    ./libmysql/libmysql.c: Няма такъв файл или директория.
(gdb)
(gdb)
(gdb) bt
#0  mysql_stmt_bind_result (stmt=0x558f6be8, my_bind=out>) at ./libmysql/libmysql.c:4134
#1  0x77a9ed19 in 
isc::dhcp::MySqlHostDataSourceImpl::getHostCollection 
(this=0x558d6840, 
stindex=isc::dhcp::MySqlHostDataSourceImpl::GET_HOST_SUBID4_DHCPID, 
bind=0x7fffd340, exchange=...,
    result=std::vector of length 0, capacity 0, single=true) at 
../../../../src/lib/dhcpsrv/mysql_host_data_source.cc:2262
#2  0x77a9f540 in isc::dhcp::MySqlHostDataSourceImpl::getHost 
(this=0x558d6840, subnet_id=@0x7fffd8ac: 1, 
identifier_type=@0x55914250: isc::dhcp::Host::IDENT_HWADDR, 
identifier_begin=0x55884550 "\b",
    identifier_len=6, 
stindex=isc::dhcp::MySqlHostDataSourceImpl::GET_HOST_SUBID4_DHCPID, 
exchange=...) at ../../../../src/lib/dhcpsrv/mysql_host_data_source.cc:2345
#3  0x77aa0551 in isc::dhcp::MySqlHostDataSource::get4 
(this=0x55849370, subnet_id=@0x7fffd8ac: 1, 
identifier_type=@0x55914250: isc::dhcp::Host::IDENT_HWADDR, 
identifier_begin=0x55884550 "\b",
    identifier_len=6) at 
../../../../src/lib/dhcpsrv/mysql_host_data_source.cc:2521
#4  0x77a5acba in isc::dhcp::HostMgr::get4 (this=0x558492b0, 
subnet_id=@0x7fffd8ac: 1, identifier_type=@0x55914250: 
isc::dhcp::Host::IDENT_HWADDR, identifier_begin=0x55884550 "\b", 
identifier_len=6)

    at ../../../../src/lib/dhcpsrv/host_mgr.cc:134
#5  0x779eeb8c in 
boost::_mfi::cmf4, 
isc::dhcp::HostMgr, unsigned int const&, isc::dhcp::Host::IdentifierType 
const&, unsigned char const*, unsigned long>::callconst, unsigned int const, isc::dhcp::Host::IdentifierType const, 
unsigned char const*, unsigned long> (this=0x7fffd988, 
u=@0x7fffd998: 0x558492b0, b1=@0x7fffd8ac: 1,
    b2=@0x55914250: isc::dhcp::Host::IDENT_HWADDR, 
b3=@0x7fffd630: 0x55884550 "\b", b4=@0x7fffd680: 6) at 
/usr/include/boost/bind/mem_fn_template.hpp:561
#6  0x779ed9b1 in 
boost::_mfi::cmf4, 
isc::dhcp::HostMgr, unsigned int const&, isc::dhcp::Host::IdentifierType 
const&, unsigned char const*, unsigned 
long>::operator() (this=0x7fffd988, 
u=@0x7fffd998: 0x558492b0, a1=@0x7fffd8ac: 1, 
a2=@0x55914250: isc::dhcp::Host::IDENT_HWADDR, a3=0x55884550 
"\b", a4=6) at /usr/include/boost/bind/mem_fn_template.hpp:571
#7  0x779ec881 in 
boost::_bi::list5, boost::arg<1>, 
boost::arg<2>, boost::arg<3>, boost::arg<4> 
>::operator(), 
boost::_mfi::cmf4, 
isc::dhcp::HostMgr, unsigned int const&, isc::dhcp::Host::IdentifierType 
const&, unsigned char const*, unsigned long>, 
boost::_bi::rrlist4const&, unsigned char const*, unsigned long> > (this=0x7fffd998, 
f=..., a=...) at /usr/include/boost/bind/bind.hpp:521
#8  0x779eadbe in 
boost::_bi::bind_t, 
boost::_mfi::cmf4, 
isc::dhcp::HostMgr, unsigned int const&, isc::dhcp::Host::IdentifierType 
const&, unsigned char const*, unsigned long>, 
boost::_bi::list5, boost::arg<1>, 
boost::arg<2>, boost::arg<3>, boost::arg<4> > >::operator()const&, isc::dhcp::Host::IdentifierType const&, unsigned char const*, 
unsigned long>(unsigned int const&, isc::dhcp::Host::IdentifierType 
const&, unsigned char const*&&, unsigned long&&) (this=0x7fffd988, 
a1=@0x7fffd8ac: 1,
    a2=@0x55914250: isc::dhcp::Host::IDENT_HWADDR, a3=in 
/usr/lib/debug/.build-id/f9/bc9131c938ea0212083231a71f5a9cbed76ac0.debug, 
CU 0xbaca, DIE 0x68cf1>,
    a4=/usr/lib/debug/.build-id/f9/bc9131c938ea0212083231a71f5a9cbed76ac0.debug, 
CU 0xbaca, DIE 0x68cfd>) at /usr/include/boost/bind/bind.hpp:1342
#9  0x779e83e8 in 
boost::detail::function::function_obj_invoker4const>, boost::_mfi::cmf4, 
isc::dhcp::HostMgr, unsigned int const&, 

Bug#916288: kea-dhcp4-server: Segfault after running for several minutes

[Bernhard Übelacker]

Hello Anton Avramov,
not involved in packaging of isc-kea I just read
your report and may have some points.

Why do you use the upstream binary of libmariadbclient.so.18.
Is the stretch packaged version 10.1.37-0+deb9u1 too old? [1]

And it looks like you installed the debug symbol package 
kea-dhcp4-server-dbgsym?
Maybe you could also add kea-common-dbgsym?
And if it fails with libmariadbclient18 from stretch also
I would have suggested to install libmariadbclient18-dbgsym,
but unfortunately it looks like there are no debug symbols from
security packages broadly available [2].
(Maybe a set of local rebuilt packages for 10.1.37-0+deb9u1
including the dbgsym package?)

Kind regards,
Bernhard

[1] https://packages.debian.org/stretch/libmariadbclient18
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894081

Bug#916288: kea-dhcp4-server: Segfault after running for several minutes

[Anton Avramov]

Package: kea-dhcp4-server
Version: 1.1.0-1
Severity: important

Dear Maintainer,

I'm trying kea with mariadb as a backend. Relevant package installed from
mariadb website (libmariadbclient18=10.2.19+maria~stretch). I have 
inserted several host reservations. Initially the server gives

out leases but in some point (I suspect on renew) it crashes.
Here is a debug trace of what I've collected:
--
[New Thread 0x7fffef838700 (LWP 25166)]


Thread 1 "kea-dhcp4" received signal SIGSEGV, Segmentation fault.
0x747f525c in mysql_stmt_bind_result () from 
/usr/lib/x86_64-linux-gnu/libmariadbclient.so.18

(gdb) (gdb) bt
#0 0x747f525c in mysql_stmt_bind_result () from 
/usr/lib/x86_64-linux-gnu/libmariadbclient.so.18
#1 0x77a9ed19 in ?? () from 
/usr/lib/x86_64-linux-gnu/libkea-dhcpsrv.so.6
#2 0x77a9f540 in ?? () from 
/usr/lib/x86_64-linux-gnu/libkea-dhcpsrv.so.6
#3 0x77aa0551 in isc::dhcp::MySqlHostDataSource::get4(unsigned 
int const&, isc::dhcp::Host::IdentifierType const&, unsigned char 
const*, unsigned long) const ()

from /usr/lib/x86_64-linux-gnu/libkea-dhcpsrv.so.6
#4 0x77a5acba in isc::dhcp::HostMgr::get4(unsigned int const&, 
isc::dhcp::Host::IdentifierType const&, unsigned char const*, unsigned 
long) const ()

from /usr/lib/x86_64-linux-gnu/libkea-dhcpsrv.so.6
#5 0x779eeb8c in boost::shared_ptr 
boost::_mfi::cmf4, 
isc::dhcp::HostMgr, unsigned int const&, isc::dhcp::Host::IdentifierType 
const&, unsigned char const*, unsigned long>::callconst, unsigned int const, isc::dhcp::Host::IdentifierType const, 
unsigned char const*, unsigned long>(isc::dhcp::HostMgr* const&, void 
const*, unsigned int const&, isc::dhcp::Host::IdentifierType const&, 
unsigned char const*&, unsigned long&) const () from 
/usr/lib/x86_64-linux-gnu/libkea-dhcpsrv.so.6
#6 0x779ed9b1 in boost::shared_ptr 
boost::_mfi::cmf4, 
isc::dhcp::HostMgr, unsigned int const&, isc::dhcp::Host::IdentifierType 
const&, unsigned char const*, unsigned 
long>::operator()(isc::dhcp::HostMgr* const&, 
unsigned int const&, isc::dhcp::Host::IdentifierType const&, unsigned 
char const*, unsigned long) const () from 
/usr/lib/x86_64-linux-gnu/libkea-dhcpsrv.so.6
#7 0x779ec881 in boost::shared_ptr 
boost::_bi::list5, boost::arg<1>, 
boost::arg<2>, boost::arg<3>, boost::arg<4> 
>::operator(), 
boost::_mfi::cmf4, 
isc::dhcp::HostMgr, unsigned int const&, isc::dhcp::Host::IdentifierType 
const&, unsigned char const*, unsigned long>, 
boost::_bi::rrlist4const&, unsigned char const*, unsigned long> 
>(boost::_bi::type >, 
boost::_mfi::cmf4, 
isc::dhcp::HostMgr, unsigned int const&, isc::dhcp::Host::IdentifierType 
const&, unsigned char const*, unsigned long>&, 
boost::_bi::rrlist4const&, unsigned char const*, unsigned long>&, long) () from 
/usr/lib/x86_64-linux-gnu/libkea-dhcpsrv.so.6
#8 0x779eadbe in boost::shared_ptr 
boost::_bi::bind_t, 
boost::_mfi::cmf4, 
isc::dhcp::HostMgr, unsigned int const&, isc::dhcp::Host::IdentifierType 
const&, unsigned char const*, unsigned long>, 
boost::_bi::list5, boost::arg<1>, 
boost::arg<2>, boost::arg<3>, boost::arg<4> > >::operator()const&, isc::dhcp::Host::IdentifierType const&, unsigned char const*, 
unsigned long>(unsigned int const&, isc::dhcp::Host::IdentifierType 
const&, unsigned char const*&&, unsigned long&&) () from 
/usr/lib/x86_64-linux-gnu/libkea-dhcpsrv.so.6
#9 0x779e83e8 in 
boost::detail::function::function_obj_invoker4const>, boost::_mfi::cmf4, 
isc::dhcp::HostMgr, unsigned int const&, isc::dhcp::Host::IdentifierType 
const&, unsigned char const*, unsigned long>, 
boost::_bi::list5, boost::arg<1>, 
boost::arg<2>, boost::arg<3>, boost::arg<4> > >, 
boost::shared_ptr, unsigned int const&, 
isc::dhcp::Host::IdentifierType const&, unsigned char const*, unsigned 
long>::invoke(boost::detail::function::function_buffer&, unsigned int 
const&, isc::dhcp::Host::IdentifierType const&, unsigned char const*, 
unsigned long) () from /usr/lib/x86_64-linux-gnu/libkea-dhcpsrv.so.6
#10 0x779e0a28 in 
boost::function4, unsigned int 
const&, isc::dhcp::Host::IdentifierType const&, unsigned char const*, 
unsigned long>::operator()(unsigned int const&, 
isc::dhcp::Host::IdentifierType const&, unsigned char const*, unsigned 
long) const () from /usr/lib/x86_64-linux-gnu/libkea-dhcpsrv.so.6
#11 0x779de266 in void 
isc::dhcp::AllocEngine::findReservationInternal(isc::dhcp::AllocEngine::ClientContext4&, 
boost::function (unsigned int 
const&, isc::dhcp::Host::IdentifierType const&, unsigned char const*, 
unsigned long)> const&) () from 
/usr/lib/x86_64-linux-gnu/libkea-dhcpsrv.so.6
#12 0x779d2ef2 in 
isc::dhcp::AllocEngine::findReservation(isc::dhcp::AllocEngine::ClientContext4&) 
() from /usr/lib/x86_64-linux-gnu/libkea-dhcpsrv.so.6
#13 0x555d6c6c in isc::dhcp::Dhcpv4Exchange::Dhcpv4Exchange 
(this=0x7fffdc90, alloc_engine=..., query=..., subnet=...) at