From owner-freebsd-bugs@freebsd.org Mon Jul 16 14:56:03 2018 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C76D1102B938 for ; Mon, 16 Jul 2018 14:56:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 5DD2B74BA2 for ; Mon, 16 Jul 2018 14:56:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 178DB102B937; Mon, 16 Jul 2018 14:56:03 +0000 (UTC) Delivered-To: bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E3159102B936 for ; Mon, 16 Jul 2018 14:56:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7913774BA1 for ; Mon, 16 Jul 2018 14:56:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id C44AE133C0 for ; Mon, 16 Jul 2018 14:56:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w6GEu1Gl086330 for ; Mon, 16 Jul 2018 14:56:01 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w6GEu1lw086329 for bugs@FreeBSD.org; Mon, 16 Jul 2018 14:56:01 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 229807] route6d terminate with signal 11 Date: Mon, 16 Jul 2018 14:56:01 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: misc X-Bugzilla-Version: 11.2-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: john@sanren.ac.za X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jul 2018 14:56:04 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229807 Bug ID: 229807 Summary: route6d terminate with signal 11 Product: Base System Version: 11.2-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: misc Assignee: bugs@FreeBSD.org Reporter: john@sanren.ac.za Created attachment 195173 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D195173&action= =3Dedit patch that I am using I have a small ntp server (PC Engines APU), with an ipv6 subnet on lo0 with route6d to advertise it. A few minutes after almost every reboot, route6d w= ill crash with a sig 11. If I then restart route6d, it will run until the next = time I reboot. I think it is when re0 finally gets a global ipv6 address. Currently it is running 11.2, but the problem is not new. It has been there= in 10.x and before. A sanitised piece of rc.conf looks like this: # Disable to make ipv6 work ifconfig_re0=3D"-rxcsum -txcsum" ipv4_addrs_re0=3D"X.Y.8.18/24" ipv4_addrs_lo0=3D"X.Y.58.41/32" ifconfig_re0_ipv6=3D"inet6 accept_rtadv" ifconfig_lo0_alias0=3D"inet6 2001:A:B:C::1/64" defaultrouter=3D"X.Y.8.1" route6d_enable=3D"YES" route6d_flags=3D"-s" ipv6_gateway_enable=3D"YES" Gdb says: root@tick:/ # gdb /usr/sbin/route6d /route6d.old.core GNU gdb 6.1.1 [FreeBSD] ... Core was generated by `/usr/sbin/route6d -s'. Program terminated with signal 11, Segmentation fault. Reading symbols from /lib/libc.so.7...Reading symbols from /usr/lib/debug//lib/libc.so.7.debug...done. done. Loaded symbols for /lib/libc.so.7 Reading symbols from /libexec/ld-elf.so.1...Reading symbols from /usr/lib/debug//libexec/ld-elf.so.1.debug...done. done. Loaded symbols for /libexec/ld-elf.so.1 #0 ifrt (ifcp=3D0x800e38000, again=3D1) at /usr/src/usr.sbin/route6d/route6d.c:2206 2206 TAILQ_REMOVE(&riprt_head, rrt, rrt_next); (gdb) Looking at the code, I think rrt should not be removed, but rather search_r= rt and it should be freed afterwards? Route6d has now survived a few reboots w= ith the following patch. --- route6d.c.org 2018-06-22 01:03:51.000000000 +0200 +++ route6d.c 2018-07-08 08:23:53.279925000 +0200 @@ -2203,8 +2203,9 @@ goto next; } - TAILQ_REMOVE(&riprt_head, rrt, rrt_next); - delroute(&rrt->rrt_info, &rrt->rrt_gw); + TAILQ_REMOVE(&riprt_head, search_rrt, rrt_next); + delroute(&search_rrt->rrt_info, &search_rrt->rrt_gw); + free(search_rrt); } /* Attach the route to the list */ trace(1, "route: %s/%d: register route (%s)\n", --=20 You are receiving this mail because: You are the assignee for the bug.=