Bug#1114964: dhcpcd segfault on boot

[Daniel Richard G.]

Package: dhcpcd-base
Version: 1:10.1.0-11

I am seeing a segfault from dhcpcd during the boot process. It is
recorded in syslog with the following:

    2025-09-09T23:16:19.340385-04:00 test-debian64 kernel: dhcpcd.real[775]: 
segfault at 20 ip 000055e44c77ed0f sp 00007fff3392fca0 error 4 in 
dhcpcd.real[2cd0f,55e44c75b000+3e000] likely on CPU 0 (core 0, socket 0)
    2025-09-09T23:16:19.340392-04:00 test-debian64 kernel: Code: e8 fd ff ff 31 
d2 66 41 89 54 24 60 e9 8e fe ff ff e8 15 c9 fd ff 0f 1f 44 00 00 f3 0f 1e fa 
41 54 48 8d 57 38 41 89 f4 55 53 <48> 8b 47 20 48 89 fb 48 8d 3d 14 bf 01 00 48 
8d 70 18 31 c0 e8 48

The daemon is being invoked from NetworkManager. The crash appears to
be the cause of an unusual delay during boot for the systemd unit
"NetworkManager-wait-online.service", but the system does eventually
join the network.

I was not able to obtain a core dump until I rebuilt the package with
the --disable-privsep compile-time option. Here is the backtrace from
the core dump:

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00005555734227da in ipv4_deladdr (addr=0x0, keeparp=0)
    at ./src/ipv4.c:527
527             logdebugx("%s: deleting IP address %s",
(gdb) bt
#0  0x00005555734227da in ipv4_deladdr (addr=0x0, keeparp=0)
    at ./src/ipv4.c:527
#1  0x0000555573422e9a in ipv4_applyaddr (arg=0x5555829fd9b0)
    at ./src/ipv4.c:763
#2  0x000055557341d3c5 in dhcp_drop (ifp=0x5555829fd9b0, 
    reason=0x55557344258f "EXPIRE") at ./src/dhcp.c:2806
#3  0x00005555734211c2 in dhcp_handleifa (cmd=21, ia=0x5555829da860, pid=753)
    at ./src/dhcp.c:4215
#4  0x000055557342343b in ipv4_handleifa (ctx=0x7fffff4f2500, cmd=21, 
    ifs=0x5555829fcc70, ifname=0x5555829fd9c8 "enp0s3", addr=0x7fffff4ee184, 
    mask=0x7fffff4ee188, brd=0x7fffff4ee18c, addrflags=0, pid=753)
    at ./src/ipv4.c:953
#5  0x00005555734130ad in link_addr (ctx=0x7fffff4f2500, ifp=0x5555829fd9b0, 
    nlm=0x7fffff4ee370) at ./src/if-linux.c:886
#6  0x000055557341347e in link_netlink (ctx=0x7fffff4f2500, arg=0x0, 
    nlm=0x7fffff4ee370) at ./src/if-linux.c:998
#7  0x000055557341288d in if_getnetlink (ctx=0x7fffff4f2500, 
    iov=0x7fffff4ee360, fd=8, flags=64, cb=0x555573413403 <link_netlink>, 
    cbarg=0x0) at ./src/if-linux.c:650
#8  0x000055557341389e in if_handlelink (ctx=0x7fffff4f2500)
    at ./src/if-linux.c:1102
#9  0x00005555733f7d75 in dhcpcd_handlelink (arg=0x7fffff4f2500, events=1)
    at ./src/dhcpcd.c:1141
#10 0x00005555733fda4e in eloop_run_ppoll (eloop=0x5555829d8690, 
    ts=0x7fffff4f2440, signals=0x7fffff4f2740) at ./src/eloop.c:1106
#11 0x00005555733fdc8e in eloop_start (eloop=0x5555829d8690, 
    signals=0x7fffff4f2740) at ./src/eloop.c:1228
#12 0x00005555733fbd33 in main (argc=2, argv=0x7fffff4f2a48, 
    envp=0x7fffff4f2a60) at ./src/dhcpcd.c:2651


If I put a simple workaround into ipv4_deladdr() of the form

    if (!addr) return 0;

then dhcpcd does not segfault, but behaves somewhat erratically,
setting up and then releasing the network connection two or three times
before stabilizing (online). Likely something more is needed for an
interim fix.