From owner-freebsd-net@freebsd.org  Wed Aug  8 19:01:13 2018
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 694921067A7B
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Wed,  8 Aug 2018 19:01:12 +0000 (UTC)
 (envelope-from jhay@meraka.org.za)
Received: from marge.meraka.csir.co.za (marge.meraka.csir.co.za
 [IPv6:2001:4200:7000:3::1])
 by mx1.freebsd.org (Postfix) with ESMTP id 6A93C8E3FD
 for <freebsd-net@freebsd.org>; Wed,  8 Aug 2018 19:01:10 +0000 (UTC)
 (envelope-from jhay@meraka.org.za)
Received: from marge.meraka.csir.co.za (localhost [127.0.0.1])
 by marge.meraka.csir.co.za (Postfix) with ESMTP id D504F49ED
 for <freebsd-net@freebsd.org>; Wed,  8 Aug 2018 21:01:00 +0200 (SAST)
X-Virus-Scanned: amavisd-new at meraka.org.za
Received: from marge.meraka.csir.co.za ([127.0.0.1])
 by marge.meraka.csir.co.za (marge.meraka.csir.co.za [127.0.0.1]) (amavisd-new,
 port 10024) with ESMTP id N4ffL6U2-HF5 for <freebsd-net@freebsd.org>;
 Wed,  8 Aug 2018 21:00:59 +0200 (SAST)
Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com
 [209.85.221.53])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by marge.meraka.csir.co.za (Postfix) with ESMTPSA
 for <freebsd-net@freebsd.org>; Wed,  8 Aug 2018 21:00:58 +0200 (SAST)
Received: by mail-wr1-f53.google.com with SMTP id h15-v6so2924644wrs.7
 for <freebsd-net@freebsd.org>; Wed, 08 Aug 2018 12:00:58 -0700 (PDT)
X-Gm-Message-State: AOUpUlG2OBPw+YLjGG/IBjDyKQM99GWE2Zdd24/WkYrXWTwSXw3P2rk+
 Mq8WG/mn+Esn3MyZN/dT0SRmpp4laYdAO+2ASXwI4A==
X-Google-Smtp-Source: AA+uWPz+H6j/DgsNgAzaw1XkN2HXuYdpHfVVxGtkraI9ukUcBtQFgiYM8sglHUcsk+xuNyQOhytcMWBdHAQFVofenuU=
X-Received: by 2002:adf:fdcd:: with SMTP id
 i13-v6mr2592095wrs.276.1533754856706; 
 Wed, 08 Aug 2018 12:00:56 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:adf:e40c:0:0:0:0:0 with HTTP;
 Wed, 8 Aug 2018 12:00:56 -0700 (PDT)
From: John Hay <jhay@meraka.org.za>
Date: Wed, 8 Aug 2018 21:00:56 +0200
X-Gmail-Original-Message-ID: <CAGv8uaotGHMqgPLBjOFmu6pGHsAycdXv5O6MBO9S7RTXJ5+iOw@mail.gmail.com>
Message-ID: <CAGv8uaotGHMqgPLBjOFmu6pGHsAycdXv5O6MBO9S7RTXJ5+iOw@mail.gmail.com>
Subject: route6d terminated with signal 11, Segmentation fault,
 Was: Bug in route6d?
To: freebsd-net@freebsd.org
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.27
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Aug 2018 19:01:13 -0000

Hi,

I have logged it as a bug with a possible patch:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229807

Regards

John

On 8 July 2018 at 09:46, John Hay <jhay@meraka.org.za> wrote:

> Hi All,
>
> I have a small ntp server (PC Engines APU), with an ipv6 subnet on lo0
> with route6d to advertise it. A few minutes after almost every reboot,
> route6d will crash with a sig 11. If I then restart route6d, it will run
> until the next time I reboot. I think it is when re0 finally gets a global
> ipv6 address.
>
> Currently it is running 11.2, but the problem is not new. It has been
> there in 10.x and before.
>
> A sanitised piece of rc.conf looks like this:
> <snip>
> # Disable to make ipv6 work
> ifconfig_re0="-rxcsum -txcsum"
> ipv4_addrs_re0="X.Y.8.18/24"
> ipv4_addrs_lo0="X.Y.58.41/32"
> ifconfig_re0_ipv6="inet6 accept_rtadv"
> ifconfig_lo0_alias0="inet6 2001:A:B:C::1/64"
> defaultrouter="X.Y.8.1"
> route6d_enable="YES"
> route6d_flags="-s"
> ipv6_gateway_enable="YES"
> </snip>
>
> Gdb says:
>
> <snip>
> root@tick:/ # gdb /usr/sbin/route6d /route6d.old.core
> GNU gdb 6.1.1 [FreeBSD]
> ...
> Core was generated by `/usr/sbin/route6d -s'.
> Program terminated with signal 11, Segmentation fault.
> Reading symbols from /lib/libc.so.7...Reading symbols from
> /usr/lib/debug//lib/libc.so.7.debug...done.
> done.
> Loaded symbols for /lib/libc.so.7
> Reading symbols from /libexec/ld-elf.so.1...Reading symbols from
> /usr/lib/debug//libexec/ld-elf.so.1.debug...done.
> done.
> Loaded symbols for /libexec/ld-elf.so.1
> #0  ifrt (ifcp=0x800e38000, again=1) at /usr/src/usr.sbin/route6d/
> route6d.c:2206
> 2206                    TAILQ_REMOVE(&riprt_head, rrt, rrt_next);
> (gdb)
> </snip>
>
> Looking at the code, I think rrt should not be removed, but rather
> search_rrt and it should be freed afterwards? Route6d has now survived a
> few reboots with the following patch.
>
> <snip>
> --- route6d.c.org       2018-06-22 01:03:51.000000000 +0200
> +++ route6d.c   2018-07-08 08:23:53.279925000 +0200
> @@ -2203,8 +2203,9 @@
>                                         goto next;
>                                 }
>
> -                               TAILQ_REMOVE(&riprt_head, rrt, rrt_next);
> -                               delroute(&rrt->rrt_info, &rrt->rrt_gw);
> +                               TAILQ_REMOVE(&riprt_head, search_rrt,
> rrt_next);
> +                               delroute(&search_rrt->rrt_info,
> &search_rrt->rrt_gw);
> +                               free(search_rrt);
>                         }
>                         /* Attach the route to the list */
>                         trace(1, "route: %s/%d: register route (%s)\n",
> </snip>
>
> Regards
>
> John
> --
> John Hay
>
>