Date: Wed, 8 Aug 2018 21:00:56 +0200 From: John Hay <jhay@meraka.org.za> To: freebsd-net@freebsd.org Subject: route6d terminated with signal 11, Segmentation fault, Was: Bug in route6d? Message-ID: <CAGv8uaotGHMqgPLBjOFmu6pGHsAycdXv5O6MBO9S7RTXJ5%2BiOw@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi, I have logged it as a bug with a possible patch: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229807 Regards John On 8 July 2018 at 09:46, John Hay <jhay@meraka.org.za> wrote: > Hi All, > > I have a small ntp server (PC Engines APU), with an ipv6 subnet on lo0 > with route6d to advertise it. A few minutes after almost every reboot, > route6d will crash with a sig 11. If I then restart route6d, it will run > until the next time I reboot. I think it is when re0 finally gets a global > ipv6 address. > > Currently it is running 11.2, but the problem is not new. It has been > there in 10.x and before. > > A sanitised piece of rc.conf looks like this: > <snip> > # Disable to make ipv6 work > ifconfig_re0="-rxcsum -txcsum" > ipv4_addrs_re0="X.Y.8.18/24" > ipv4_addrs_lo0="X.Y.58.41/32" > ifconfig_re0_ipv6="inet6 accept_rtadv" > ifconfig_lo0_alias0="inet6 2001:A:B:C::1/64" > defaultrouter="X.Y.8.1" > route6d_enable="YES" > route6d_flags="-s" > ipv6_gateway_enable="YES" > </snip> > > Gdb says: > > <snip> > root@tick:/ # gdb /usr/sbin/route6d /route6d.old.core > GNU gdb 6.1.1 [FreeBSD] > ... > Core was generated by `/usr/sbin/route6d -s'. > Program terminated with signal 11, Segmentation fault. > Reading symbols from /lib/libc.so.7...Reading symbols from > /usr/lib/debug//lib/libc.so.7.debug...done. > done. > Loaded symbols for /lib/libc.so.7 > Reading symbols from /libexec/ld-elf.so.1...Reading symbols from > /usr/lib/debug//libexec/ld-elf.so.1.debug...done. > done. > Loaded symbols for /libexec/ld-elf.so.1 > #0 ifrt (ifcp=0x800e38000, again=1) at /usr/src/usr.sbin/route6d/ > route6d.c:2206 > 2206 TAILQ_REMOVE(&riprt_head, rrt, rrt_next); > (gdb) > </snip> > > Looking at the code, I think rrt should not be removed, but rather > search_rrt and it should be freed afterwards? Route6d has now survived a > few reboots with the following patch. > > <snip> > --- route6d.c.org 2018-06-22 01:03:51.000000000 +0200 > +++ route6d.c 2018-07-08 08:23:53.279925000 +0200 > @@ -2203,8 +2203,9 @@ > goto next; > } > > - TAILQ_REMOVE(&riprt_head, rrt, rrt_next); > - delroute(&rrt->rrt_info, &rrt->rrt_gw); > + TAILQ_REMOVE(&riprt_head, search_rrt, > rrt_next); > + delroute(&search_rrt->rrt_info, > &search_rrt->rrt_gw); > + free(search_rrt); > } > /* Attach the route to the list */ > trace(1, "route: %s/%d: register route (%s)\n", > </snip> > > Regards > > John > -- > John Hay > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGv8uaotGHMqgPLBjOFmu6pGHsAycdXv5O6MBO9S7RTXJ5%2BiOw>