[pve-devel] [PATCH pve-network 1/1] fix #5949: avoid dnsmasq segfault when subnet has no gateway

[Stefan Hanreich]

On 1/14/26 3:48 PM, Fiona Ebner wrote:
> Am 26.11.25 um 4:49 PM schrieb Stefan Hanreich:
>> When trying to start a guest with a network device in a VNet in a
>> simple zone that has DHCP enabled - but no gateway configured - a
>> SIGSEGV is triggered in dnsmasq. This seems to be an error in the
>> dnsmasq dbus handler that tries to allocate a lease, which fails
>> because there is no dhcp-range configured, and then leads to a
>> segfault.
>>
>> Avoid the situation completely by always configuring a dhcp-range,
>> even if there is no gateway configured. Skip configuring the DHCP
>> option that returns the router instead, which is the only place in the
>> configure_subnet function that uses the gateway.
>>
>> Dnsmasq is configured to listen on an interface, so any DHCP messages
>> that are received on this interface are dropped, because dnsmasq
>> recognizes that there is no IP configured on this interface:
>>
>> Nov 26 16:35:49 ipam-test dnsmasq-dhcp[140272]: DHCP packet received on vnet1 which has no address
>> Nov 26 16:35:57 ipam-test dnsmasq-dhcp[140272]: DHCP packet received on vnet1 which has no address
>>
>> An initial upstream patch to fix the segfault has been submitted here
>> [1].
>>
>> [1] https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2025q4/018342.html
>>
>> Signed-off-by: Stefan Hanreich <s.hanreich at proxmox.com>
>> ---
>>  src/PVE/Network/SDN/Dhcp/Dnsmasq.pm | 5 +----
>>  1 file changed, 1 insertion(+), 4 deletions(-)
>>
>> diff --git a/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm b/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
>> index db22e12..6a1e3b0 100644
>> --- a/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
>> +++ b/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
>> @@ -138,9 +138,6 @@ sub add_ip_mapping {
>>  sub configure_subnet {
>>      my ($class, $config, $dhcpid, $vnetid, $subnet_config) = @_;
>>  
>> -    die "No gateway defined for subnet $subnet_config->{id}"
>> -        if !$subnet_config->{gateway};
>> -
>>      my $tag = $subnet_config->{id};
>>  
>>      my ($zone, $network, $mask) = split(/-/, $tag);
> 
> 1. How "ugly" do you consider the workaround here? How much better than
> the segfault from a user perspective? Would it be nicer to go back to
> the old behavior with the clear error in the future once the dnsmasq fix
> is in downstream? If yes, we should add a reminder comment to do so.

from user pov better imo, since it only requires the user to configure a
gateway when they run into the issue, whereas otherwise they'd need to
restart the correct dnsmasq service as well. The unit file from upstream
we're using sets `Restart=No`.

Since it doesn't really make sense to have DHCP configured without a
gateway for the VNet, I'd reintroduce the warning after the upstream fix
has found its way to us. Will add a comment in a v2.

> 2. What is the situation for IPv6 when there is no gateway? Would it be
> worth to keep the early die with the explicit error in the IPv6 case?

Yes, would make sense imo - since the segfault doesn't occur for the
IPv6 case. I'll double-check tomorrow to make sure, only did some
cursory checks now.

>> @@ -155,7 +152,7 @@ sub configure_subnet {
>>      my $option_string;
>>      if (ip_is_ipv6($subnet_config->{network})) {
>>          $option_string = 'option6';
>> -    } else {
>> +    } elsif ($subnet_config->{gateway}) {
>>          $option_string = 'option';
>>          push @{$config}, "dhcp-option=tag:$tag,$option_string:router,$subnet_config->{gateway}";
>>      }
>