From owner-freebsd-net@freebsd.org Sun Jul 8 07:46:30 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3AD0BFF9CDB for ; Sun, 8 Jul 2018 07:46:30 +0000 (UTC) (envelope-from jhay@meraka.org.za) Received: from marge.meraka.csir.co.za (marge.meraka.csir.co.za [IPv6:2001:4200:7000:3::1]) by mx1.freebsd.org (Postfix) with ESMTP id 709A086BA3 for ; Sun, 8 Jul 2018 07:46:28 +0000 (UTC) (envelope-from jhay@meraka.org.za) Received: from marge.meraka.csir.co.za (localhost [127.0.0.1]) by marge.meraka.csir.co.za (Postfix) with ESMTP id ABF5F89B6 for ; Sun, 8 Jul 2018 09:46:17 +0200 (SAST) X-Virus-Scanned: amavisd-new at meraka.org.za Received: from marge.meraka.csir.co.za ([127.0.0.1]) by marge.meraka.csir.co.za (marge.meraka.csir.co.za [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id acPL9Zg9EGgs for ; Sun, 8 Jul 2018 09:46:15 +0200 (SAST) Received: from mail-wm0-f46.google.com (mail-wm0-f46.google.com [74.125.82.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by marge.meraka.csir.co.za (Postfix) with ESMTPSA for ; Sun, 8 Jul 2018 09:46:14 +0200 (SAST) Received: by mail-wm0-f46.google.com with SMTP id v3-v6so14168015wmh.0 for ; Sun, 08 Jul 2018 00:46:14 -0700 (PDT) X-Gm-Message-State: APt69E0W8LkpEtWNZWIYdOfegz3DWtgNpJim4GyJuA9l1LwK1ELGNxBg OVeUyosW5f6/YPgkymnjv8eMuaPAoliOVtSOrZwKpQ== X-Google-Smtp-Source: AAOMgpekHHblGPB2GLpLORscC2QTsfnczwqTu2iYjLsw6eOaXG480q6s/SzDZ23HtExzsDJL8z3IZiwVk1ObIteWoo0= X-Received: by 2002:a1c:e041:: with SMTP id x62-v6mr9077117wmg.155.1531035971942; Sun, 08 Jul 2018 00:46:11 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a5d:4043:0:0:0:0:0 with HTTP; Sun, 8 Jul 2018 00:46:11 -0700 (PDT) From: John Hay Date: Sun, 8 Jul 2018 09:46:11 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Bug in route6d? To: freebsd-net@freebsd.org Content-Type: multipart/mixed; boundary="0000000000003f3c6405707817cc" X-Content-Filtered-By: Mailman/MimeDel 2.1.27 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Jul 2018 07:46:30 -0000 --0000000000003f3c6405707817cc Content-Type: text/plain; charset="UTF-8" Hi All, I have a small ntp server (PC Engines APU), with an ipv6 subnet on lo0 with route6d to advertise it. A few minutes after almost every reboot, route6d will crash with a sig 11. If I then restart route6d, it will run until the next time I reboot. I think it is when re0 finally gets a global ipv6 address. Currently it is running 11.2, but the problem is not new. It has been there in 10.x and before. A sanitised piece of rc.conf looks like this: # Disable to make ipv6 work ifconfig_re0="-rxcsum -txcsum" ipv4_addrs_re0="X.Y.8.18/24" ipv4_addrs_lo0="X.Y.58.41/32" ifconfig_re0_ipv6="inet6 accept_rtadv" ifconfig_lo0_alias0="inet6 2001:A:B:C::1/64" defaultrouter="X.Y.8.1" route6d_enable="YES" route6d_flags="-s" ipv6_gateway_enable="YES" Gdb says: root@tick:/ # gdb /usr/sbin/route6d /route6d.old.core GNU gdb 6.1.1 [FreeBSD] ... Core was generated by `/usr/sbin/route6d -s'. Program terminated with signal 11, Segmentation fault. Reading symbols from /lib/libc.so.7...Reading symbols from /usr/lib/debug//lib/libc.so.7.debug...done. done. Loaded symbols for /lib/libc.so.7 Reading symbols from /libexec/ld-elf.so.1...Reading symbols from /usr/lib/debug//libexec/ld-elf.so.1.debug...done. done. Loaded symbols for /libexec/ld-elf.so.1 #0 ifrt (ifcp=0x800e38000, again=1) at /usr/src/usr.sbin/route6d/route6d.c:2206 2206 TAILQ_REMOVE(&riprt_head, rrt, rrt_next); (gdb) Looking at the code, I think rrt should not be removed, but rather search_rrt and it should be freed afterwards? Route6d has now survived a few reboots with the following patch. --- route6d.c.org 2018-06-22 01:03:51.000000000 +0200 +++ route6d.c 2018-07-08 08:23:53.279925000 +0200 @@ -2203,8 +2203,9 @@ goto next; } - TAILQ_REMOVE(&riprt_head, rrt, rrt_next); - delroute(&rrt->rrt_info, &rrt->rrt_gw); + TAILQ_REMOVE(&riprt_head, search_rrt, rrt_next); + delroute(&search_rrt->rrt_info, &search_rrt->rrt_gw); + free(search_rrt); } /* Attach the route to the list */ trace(1, "route: %s/%d: register route (%s)\n", Regards John -- John Hay --0000000000003f3c6405707817cc Content-Type: text/x-patch; charset="US-ASCII"; name="route6d.c.diff" Content-Disposition: attachment; filename="route6d.c.diff" Content-Transfer-Encoding: base64 X-Attachment-Id: f_jjcis8rl0 LS0tIHJvdXRlNmQuYy5vcmcJMjAxOC0wNi0yMiAwMTowMzo1MS4wMDAwMDAwMDAgKzAyMDAKKysr IHJvdXRlNmQuYwkyMDE4LTA3LTA4IDA4OjIzOjUzLjI3OTkyNTAwMCArMDIwMApAQCAtMjIwMyw4 ICsyMjAzLDkgQEAKIAkJCQkJZ290byBuZXh0OwogCQkJCX0KIAotCQkJCVRBSUxRX1JFTU9WRSgm cmlwcnRfaGVhZCwgcnJ0LCBycnRfbmV4dCk7Ci0JCQkJZGVscm91dGUoJnJydC0+cnJ0X2luZm8s ICZycnQtPnJydF9ndyk7CisJCQkJVEFJTFFfUkVNT1ZFKCZyaXBydF9oZWFkLCBzZWFyY2hfcnJ0 LCBycnRfbmV4dCk7CisJCQkJZGVscm91dGUoJnNlYXJjaF9ycnQtPnJydF9pbmZvLCAmc2VhcmNo X3JydC0+cnJ0X2d3KTsKKwkJCQlmcmVlKHNlYXJjaF9ycnQpOwogCQkJfQogCQkJLyogQXR0YWNo IHRoZSByb3V0ZSB0byB0aGUgbGlzdCAqLwogCQkJdHJhY2UoMSwgInJvdXRlOiAlcy8lZDogcmVn aXN0ZXIgcm91dGUgKCVzKVxuIiwK --0000000000003f3c6405707817cc--