* [pve-devel] [PATCH pve-network 1/1] fix #5949: avoid dnsmasq segfault when subnet has no gateway
@ 2025-11-26 15:49 Stefan Hanreich
2025-12-01 9:16 ` Stefan Hanreich
2026-01-14 14:49 ` Fiona Ebner
0 siblings, 2 replies; 4+ messages in thread
From: Stefan Hanreich @ 2025-11-26 15:49 UTC (permalink / raw)
To: pve-devel
When trying to start a guest with a network device in a VNet in a
simple zone that has DHCP enabled - but no gateway configured - a
SIGSEGV is triggered in dnsmasq. This seems to be an error in the
dnsmasq dbus handler that tries to allocate a lease, which fails
because there is no dhcp-range configured, and then leads to a
segfault.
Avoid the situation completely by always configuring a dhcp-range,
even if there is no gateway configured. Skip configuring the DHCP
option that returns the router instead, which is the only place in the
configure_subnet function that uses the gateway.
Dnsmasq is configured to listen on an interface, so any DHCP messages
that are received on this interface are dropped, because dnsmasq
recognizes that there is no IP configured on this interface:
Nov 26 16:35:49 ipam-test dnsmasq-dhcp[140272]: DHCP packet received on vnet1 which has no address
Nov 26 16:35:57 ipam-test dnsmasq-dhcp[140272]: DHCP packet received on vnet1 which has no address
An initial upstream patch to fix the segfault has been submitted here
[1].
[1] https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2025q4/018342.html
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
src/PVE/Network/SDN/Dhcp/Dnsmasq.pm | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm b/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
index db22e12..6a1e3b0 100644
--- a/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
+++ b/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
@@ -138,9 +138,6 @@ sub add_ip_mapping {
sub configure_subnet {
my ($class, $config, $dhcpid, $vnetid, $subnet_config) = @_;
- die "No gateway defined for subnet $subnet_config->{id}"
- if !$subnet_config->{gateway};
-
my $tag = $subnet_config->{id};
my ($zone, $network, $mask) = split(/-/, $tag);
@@ -155,7 +152,7 @@ sub configure_subnet {
my $option_string;
if (ip_is_ipv6($subnet_config->{network})) {
$option_string = 'option6';
- } else {
+ } elsif ($subnet_config->{gateway}) {
$option_string = 'option';
push @{$config}, "dhcp-option=tag:$tag,$option_string:router,$subnet_config->{gateway}";
}
--
2.47.3
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [pve-devel] [PATCH pve-network 1/1] fix #5949: avoid dnsmasq segfault when subnet has no gateway
2025-11-26 15:49 [pve-devel] [PATCH pve-network 1/1] fix #5949: avoid dnsmasq segfault when subnet has no gateway Stefan Hanreich
@ 2025-12-01 9:16 ` Stefan Hanreich
2026-01-14 14:49 ` Fiona Ebner
1 sibling, 0 replies; 4+ messages in thread
From: Stefan Hanreich @ 2025-12-01 9:16 UTC (permalink / raw)
To: pve-devel
the mentioned fix has been upstreamed:
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=eb601683820723df89858cfa695aa131012f1a63
On 11/26/25 4:48 PM, Stefan Hanreich wrote:
> When trying to start a guest with a network device in a VNet in a
> simple zone that has DHCP enabled - but no gateway configured - a
> SIGSEGV is triggered in dnsmasq. This seems to be an error in the
> dnsmasq dbus handler that tries to allocate a lease, which fails
> because there is no dhcp-range configured, and then leads to a
> segfault.
>
> Avoid the situation completely by always configuring a dhcp-range,
> even if there is no gateway configured. Skip configuring the DHCP
> option that returns the router instead, which is the only place in the
> configure_subnet function that uses the gateway.
>
> Dnsmasq is configured to listen on an interface, so any DHCP messages
> that are received on this interface are dropped, because dnsmasq
> recognizes that there is no IP configured on this interface:
>
> Nov 26 16:35:49 ipam-test dnsmasq-dhcp[140272]: DHCP packet received on vnet1 which has no address
> Nov 26 16:35:57 ipam-test dnsmasq-dhcp[140272]: DHCP packet received on vnet1 which has no address
>
> An initial upstream patch to fix the segfault has been submitted here
> [1].
>
> [1] https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2025q4/018342.html
>
> Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
> ---
> src/PVE/Network/SDN/Dhcp/Dnsmasq.pm | 5 +----
> 1 file changed, 1 insertion(+), 4 deletions(-)
>
> diff --git a/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm b/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
> index db22e12..6a1e3b0 100644
> --- a/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
> +++ b/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
> @@ -138,9 +138,6 @@ sub add_ip_mapping {
> sub configure_subnet {
> my ($class, $config, $dhcpid, $vnetid, $subnet_config) = @_;
>
> - die "No gateway defined for subnet $subnet_config->{id}"
> - if !$subnet_config->{gateway};
> -
> my $tag = $subnet_config->{id};
>
> my ($zone, $network, $mask) = split(/-/, $tag);
> @@ -155,7 +152,7 @@ sub configure_subnet {
> my $option_string;
> if (ip_is_ipv6($subnet_config->{network})) {
> $option_string = 'option6';
> - } else {
> + } elsif ($subnet_config->{gateway}) {
> $option_string = 'option';
> push @{$config}, "dhcp-option=tag:$tag,$option_string:router,$subnet_config->{gateway}";
> }
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [pve-devel] [PATCH pve-network 1/1] fix #5949: avoid dnsmasq segfault when subnet has no gateway
2025-11-26 15:49 [pve-devel] [PATCH pve-network 1/1] fix #5949: avoid dnsmasq segfault when subnet has no gateway Stefan Hanreich
2025-12-01 9:16 ` Stefan Hanreich
@ 2026-01-14 14:49 ` Fiona Ebner
2026-01-14 18:18 ` Stefan Hanreich
1 sibling, 1 reply; 4+ messages in thread
From: Fiona Ebner @ 2026-01-14 14:49 UTC (permalink / raw)
To: Proxmox VE development discussion, Stefan Hanreich
Am 26.11.25 um 4:49 PM schrieb Stefan Hanreich:
> When trying to start a guest with a network device in a VNet in a
> simple zone that has DHCP enabled - but no gateway configured - a
> SIGSEGV is triggered in dnsmasq. This seems to be an error in the
> dnsmasq dbus handler that tries to allocate a lease, which fails
> because there is no dhcp-range configured, and then leads to a
> segfault.
>
> Avoid the situation completely by always configuring a dhcp-range,
> even if there is no gateway configured. Skip configuring the DHCP
> option that returns the router instead, which is the only place in the
> configure_subnet function that uses the gateway.
>
> Dnsmasq is configured to listen on an interface, so any DHCP messages
> that are received on this interface are dropped, because dnsmasq
> recognizes that there is no IP configured on this interface:
>
> Nov 26 16:35:49 ipam-test dnsmasq-dhcp[140272]: DHCP packet received on vnet1 which has no address
> Nov 26 16:35:57 ipam-test dnsmasq-dhcp[140272]: DHCP packet received on vnet1 which has no address
>
> An initial upstream patch to fix the segfault has been submitted here
> [1].
>
> [1] https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2025q4/018342.html
>
> Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
> ---
> src/PVE/Network/SDN/Dhcp/Dnsmasq.pm | 5 +----
> 1 file changed, 1 insertion(+), 4 deletions(-)
>
> diff --git a/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm b/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
> index db22e12..6a1e3b0 100644
> --- a/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
> +++ b/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
> @@ -138,9 +138,6 @@ sub add_ip_mapping {
> sub configure_subnet {
> my ($class, $config, $dhcpid, $vnetid, $subnet_config) = @_;
>
> - die "No gateway defined for subnet $subnet_config->{id}"
> - if !$subnet_config->{gateway};
> -
> my $tag = $subnet_config->{id};
>
> my ($zone, $network, $mask) = split(/-/, $tag);
1. How "ugly" do you consider the workaround here? How much better than
the segfault from a user perspective? Would it be nicer to go back to
the old behavior with the clear error in the future once the dnsmasq fix
is in downstream? If yes, we should add a reminder comment to do so.
2. What is the situation for IPv6 when there is no gateway? Would it be
worth to keep the early die with the explicit error in the IPv6 case?
> @@ -155,7 +152,7 @@ sub configure_subnet {
> my $option_string;
> if (ip_is_ipv6($subnet_config->{network})) {
> $option_string = 'option6';
> - } else {
> + } elsif ($subnet_config->{gateway}) {
> $option_string = 'option';
> push @{$config}, "dhcp-option=tag:$tag,$option_string:router,$subnet_config->{gateway}";
> }
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [pve-devel] [PATCH pve-network 1/1] fix #5949: avoid dnsmasq segfault when subnet has no gateway
2026-01-14 14:49 ` Fiona Ebner
@ 2026-01-14 18:18 ` Stefan Hanreich
0 siblings, 0 replies; 4+ messages in thread
From: Stefan Hanreich @ 2026-01-14 18:18 UTC (permalink / raw)
To: Fiona Ebner, Proxmox VE development discussion
On 1/14/26 3:48 PM, Fiona Ebner wrote:
> Am 26.11.25 um 4:49 PM schrieb Stefan Hanreich:
>> When trying to start a guest with a network device in a VNet in a
>> simple zone that has DHCP enabled - but no gateway configured - a
>> SIGSEGV is triggered in dnsmasq. This seems to be an error in the
>> dnsmasq dbus handler that tries to allocate a lease, which fails
>> because there is no dhcp-range configured, and then leads to a
>> segfault.
>>
>> Avoid the situation completely by always configuring a dhcp-range,
>> even if there is no gateway configured. Skip configuring the DHCP
>> option that returns the router instead, which is the only place in the
>> configure_subnet function that uses the gateway.
>>
>> Dnsmasq is configured to listen on an interface, so any DHCP messages
>> that are received on this interface are dropped, because dnsmasq
>> recognizes that there is no IP configured on this interface:
>>
>> Nov 26 16:35:49 ipam-test dnsmasq-dhcp[140272]: DHCP packet received on vnet1 which has no address
>> Nov 26 16:35:57 ipam-test dnsmasq-dhcp[140272]: DHCP packet received on vnet1 which has no address
>>
>> An initial upstream patch to fix the segfault has been submitted here
>> [1].
>>
>> [1] https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2025q4/018342.html
>>
>> Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
>> ---
>> src/PVE/Network/SDN/Dhcp/Dnsmasq.pm | 5 +----
>> 1 file changed, 1 insertion(+), 4 deletions(-)
>>
>> diff --git a/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm b/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
>> index db22e12..6a1e3b0 100644
>> --- a/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
>> +++ b/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
>> @@ -138,9 +138,6 @@ sub add_ip_mapping {
>> sub configure_subnet {
>> my ($class, $config, $dhcpid, $vnetid, $subnet_config) = @_;
>>
>> - die "No gateway defined for subnet $subnet_config->{id}"
>> - if !$subnet_config->{gateway};
>> -
>> my $tag = $subnet_config->{id};
>>
>> my ($zone, $network, $mask) = split(/-/, $tag);
>
> 1. How "ugly" do you consider the workaround here? How much better than
> the segfault from a user perspective? Would it be nicer to go back to
> the old behavior with the clear error in the future once the dnsmasq fix
> is in downstream? If yes, we should add a reminder comment to do so.
from user pov better imo, since it only requires the user to configure a
gateway when they run into the issue, whereas otherwise they'd need to
restart the correct dnsmasq service as well. The unit file from upstream
we're using sets `Restart=No`.
Since it doesn't really make sense to have DHCP configured without a
gateway for the VNet, I'd reintroduce the warning after the upstream fix
has found its way to us. Will add a comment in a v2.
> 2. What is the situation for IPv6 when there is no gateway? Would it be
> worth to keep the early die with the explicit error in the IPv6 case?
Yes, would make sense imo - since the segfault doesn't occur for the
IPv6 case. I'll double-check tomorrow to make sure, only did some
cursory checks now.
>> @@ -155,7 +152,7 @@ sub configure_subnet {
>> my $option_string;
>> if (ip_is_ipv6($subnet_config->{network})) {
>> $option_string = 'option6';
>> - } else {
>> + } elsif ($subnet_config->{gateway}) {
>> $option_string = 'option';
>> push @{$config}, "dhcp-option=tag:$tag,$option_string:router,$subnet_config->{gateway}";
>> }
>
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2026-01-14 18:18 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-11-26 15:49 [pve-devel] [PATCH pve-network 1/1] fix #5949: avoid dnsmasq segfault when subnet has no gateway Stefan Hanreich
2025-12-01 9:16 ` Stefan Hanreich
2026-01-14 14:49 ` Fiona Ebner
2026-01-14 18:18 ` Stefan Hanreich
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.