NetBSD Problem Report #59046
From www@netbsd.org Tue Feb 4 08:14:03 2025
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits)
client-signature RSA-PSS (2048 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 1C3BB1A923A
for <gnats-bugs@gnats.NetBSD.org>; Tue, 4 Feb 2025 08:14:03 +0000 (UTC)
Message-Id: <20250204081401.DD2421A923B@mollari.NetBSD.org>
Date: Tue, 4 Feb 2025 08:14:01 +0000 (UTC)
From: 6bone@6bone.informatik.uni-leipzig.de
Reply-To: 6bone@6bone.informatik.uni-leipzig.de
To: gnats-bugs@NetBSD.org
Subject: dhcpd issue
X-Send-Pr-Version: www-1.0
>Number: 59046
>Category: bin
>Synopsis: dhcpd issue
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: support
>Submitter-Id: net
>Arrival-Date: Tue Feb 04 08:15:00 +0000 2025
>Last-Modified: Mon Feb 17 09:35:01 +0000 2025
>Originator: Uwe
>Release: 10.1_STABLE NetBSD
>Organization:
University of Leipzig
>Environment:
NetBSD 6bone.informatik.uni-leipzig.de 10.1_STABLE NetBSD 10.1_STABLE (MYCONF10) #3: Sat Feb 1 23:06:25 CET 2025 root@6bone.informatik.uni-leipzig.de:/usr/obj/sys/arch/amd64/compile/MYCONF10 amd64
>Description:
I use netbsd's dhcpd (not pkgsrc) to assign IPv6 addresses. After starting and during runtime, I receive the following messages in the syslog:
dhcpd[23611]: /usr/src/external/mpl/dhcp/bin/server/../../dist/server/mdb6.c(2045): NULL pointer
dhcpd[23611]: /usr/src/external/mpl/dhcp/bin/server/../../dist/server/mdb6.c(2074): negative refcnt
The messages appear at irregular intervals. After a few hours of runtime, dhcpd crashes with a core dump. But no core file is written.
The problem also occurred on Netbsd-10.
Any ideas what the cause could be?
>How-To-Repeat:
I can't say if the problem is reproducible on another system.
>Fix:
>Audit-Trail:
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: bin/59046: dhcpd issue
Date: Tue, 4 Feb 2025 09:29:09 +0100
You probably missed a potentially relevant pullup by one or two days:
external/mpl/dhcp/dist/common/options.c 1.8
dhcpd(8): safety fix.
[christos, ticket #1045]
This *may* fix the issue you see, but I am not sure.
Martin
From: 6bone@6bone.informatik.uni-leipzig.de
To: gnats-bugs@netbsd.org
Cc: gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Subject: Re: Re: bin/59046: dhcpd issue
Date: Tue, 4 Feb 2025 22:09:38 +0100 (CET)
I tested again with the current source code from today. The problem still
exists.
On Tue, 4 Feb 2025, Martin Husemann via gnats wrote:
> The following reply was made to PR bin/59046; it has been noted by GNATS.
>
> From: Martin Husemann <martin@duskware.de>
> To: gnats-bugs@netbsd.org
> Cc:
> Subject: Re: bin/59046: dhcpd issue
> Date: Tue, 4 Feb 2025 09:29:09 +0100
>
> You probably missed a potentially relevant pullup by one or two days:
>
> external/mpl/dhcp/dist/common/options.c 1.8
>
> dhcpd(8): safety fix.
> [christos, ticket #1045]
>
> This *may* fix the issue you see, but I am not sure.
>
> Martin
>
>
From: 6bone@6bone.informatik.uni-leipzig.de
To: gnats-bugs@netbsd.org
Cc: gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Subject: Re: Re: Re: bin/59046: dhcpd issue
Date: Wed, 5 Feb 2025 07:28:13 +0100 (CET)
There seems to be a change in behavior after all. There is a new message
in the syslog.
Feb 5 07:02:09 6bone dhcpd[3152]: Null pointer in
option_cache_dereference: /usr/src/external/mpl/dhcp/bin/server/../../dist/server/dhcpv6.c(1980)
Feb 5 07:02:49 6bone syslogd[813]: last message repeated 260862 times
Feb 5 07:04:49 6bone syslogd[813]: last message repeated 890730 times
The dhcp process runs with a high CPU load and generates the messages.
On Tue, 4 Feb 2025, 6bone@6bone.informatik.uni-leipzig.de via gnats wrote:
> The following reply was made to PR bin/59046; it has been noted by GNATS.
>
> From: 6bone@6bone.informatik.uni-leipzig.de
> To: gnats-bugs@netbsd.org
> Cc: gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
> Subject: Re: Re: bin/59046: dhcpd issue
> Date: Tue, 4 Feb 2025 22:09:38 +0100 (CET)
>
> I tested again with the current source code from today. The problem still
> exists.
>
> On Tue, 4 Feb 2025, Martin Husemann via gnats wrote:
>
> > The following reply was made to PR bin/59046; it has been noted by GNATS.
> >
> > From: Martin Husemann <martin@duskware.de>
> > To: gnats-bugs@netbsd.org
> > Cc:
> > Subject: Re: bin/59046: dhcpd issue
> > Date: Tue, 4 Feb 2025 09:29:09 +0100
> >
> > You probably missed a potentially relevant pullup by one or two days:
> >
> > external/mpl/dhcp/dist/common/options.c 1.8
> >
> > dhcpd(8): safety fix.
> > [christos, ticket #1045]
> >
> > This *may* fix the issue you see, but I am not sure.
> >
> > Martin
> >
> >
>
>
From: Christos Zoulas <christos@zoulas.com>
To: 6bone@6bone.informatik.uni-leipzig.de
Cc: gnats-bugs@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Subject: Re: bin/59046: dhcpd issue
Date: Wed, 05 Feb 2025 14:49:16 -0500
On 2025-02-05 1:28 am, 6bone@6bone.informatik.uni-leipzig.de wrote:
> There seems to be a change in behavior after all. There is a new
> message in the syslog.
>
> Feb 5 07:02:09 6bone dhcpd[3152]: Null pointer in
> option_cache_dereference:
> /usr/src/external/mpl/dhcp/bin/server/../../dist/server/dhcpv6.c(1980)
> Feb 5 07:02:49 6bone syslogd[813]: last message repeated 260862 times
> Feb 5 07:04:49 6bone syslogd[813]: last message repeated 890730 times
Perhaps if you compile with -DPOINTER_DEBUG we are going
to get more information, because the code is going to abort() the first
time this happens and we'll see the call chain. (I don't see the code
calling option_cache_dereference din dhcpv6.c:1980...
christos
From: 6bone@6bone.informatik.uni-leipzig.de
To: gnats-bugs@netbsd.org
Cc: gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Subject: Re: Re: bin/59046: dhcpd issue
Date: Thu, 6 Feb 2025 15:31:08 +0100 (CET)
Can you give me a hint where in the Makefile I have to insert the define?
I tried in /usr/src/external/mpl/dhcp/Makefile.inc. When compiled,
however, a binary is created that is exactly the same size as before.
Thank you for your efforts
Regards
Uwe
On Wed, 5 Feb 2025, Christos Zoulas via gnats wrote:
> The following reply was made to PR bin/59046; it has been noted by GNATS.
>
> From: Christos Zoulas <christos@zoulas.com>
> To: 6bone@6bone.informatik.uni-leipzig.de
> Cc: gnats-bugs@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
> Subject: Re: bin/59046: dhcpd issue
> Date: Wed, 05 Feb 2025 14:49:16 -0500
>
> On 2025-02-05 1:28 am, 6bone@6bone.informatik.uni-leipzig.de wrote:
> > There seems to be a change in behavior after all. There is a new
> > message in the syslog.
> >
> > Feb 5 07:02:09 6bone dhcpd[3152]: Null pointer in
> > option_cache_dereference:
> > /usr/src/external/mpl/dhcp/bin/server/../../dist/server/dhcpv6.c(1980)
> > Feb 5 07:02:49 6bone syslogd[813]: last message repeated 260862 times
> > Feb 5 07:04:49 6bone syslogd[813]: last message repeated 890730 times
>
> Perhaps if you compile with -DPOINTER_DEBUG we are going
> to get more information, because the code is going to abort() the first
> time this happens and we'll see the call chain. (I don't see the code
> calling option_cache_dereference din dhcpv6.c:1980...
>
> christos
>
>
From: Christos Zoulas <christos@zoulas.com>
To: gnats-bugs@netbsd.org
Cc: gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org,
6bone@6bone.informatik.uni-leipzig.de
Subject: Re: bin/59046: dhcpd issue
Date: Thu, 6 Feb 2025 13:44:33 -0500
--Apple-Mail=_D099D053-9B59-4B68-84FE-BEF09C15F0FC
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=us-ascii
Thanks!
Index: Makefile.inc
===================================================================
RCS file: /cvsroot/src/external/mpl/dhcp/Makefile.inc,v
retrieving revision 1.13
diff -u -p -u -r1.13 Makefile.inc
--- Makefile.inc 19 Feb 2024 20:39:13 -0000 1.13
+++ Makefile.inc 6 Feb 2025 18:43:36 -0000
@@ -14,6 +14,7 @@ BIND:= ${.PARSEDIR}/bind
BINDDIST= ${BIND}/dist
.PATH: ${DIST}/${DHCPSRCDIR}
+CPPFLAGS+= -DPOINTER_DEBUG
.if (${USE_INET6} != "no")
CPPFLAGS+= -DDHCPv6
.endif
--Apple-Mail=_D099D053-9B59-4B68-84FE-BEF09C15F0FC
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iF0EARECAB0WIQS+BJlbqPkO0MDBdsRxESqxbLM7OgUCZ6UDEQAKCRBxESqxbLM7
OncCAJ9kczMAvm2EQWAhuZ95lz8HQsujQQCfZ4DGtQMhQB+sCSPTu5FuVXrThfg=
=A+fm
-----END PGP SIGNATURE-----
--Apple-Mail=_D099D053-9B59-4B68-84FE-BEF09C15F0FC--
From: 6bone@6bone.informatik.uni-leipzig.de
To: Christos Zoulas <christos@zoulas.com>
Cc: gnats-bugs@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Subject: Re: Re: bin/59046: dhcpd issue
Date: Sat, 8 Feb 2025 08:46:34 +0100 (CET)
I compiled the dhcpd with the specified options and started it at the
command line.
bash-5.2# dhcpd -6 -cf /etc/dhcpd6.conf -f -lf /var/db/dhcpd6.leases 2>dhcpd.output > dhcpd.output
Abort trap (core dumped)
The output shows:
Internet Systems Consortium DHCP Server 4.4.2
Copyright 2004-2022 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Config file: /etc/dhcpd6.conf
Database file: /var/db/dhcpd6.leases
PID file: dhcpd6.pid
Wrote 3 NA, 0 TA, 0 PD leases to lease file.
Bound to *:547
Listening on Socket/53/lagg0/2001:638:902:1::/64
Sending on Socket/53/lagg0/2001:638:902:1::/64
No subnet6 declaration for bnx1 (no IPv6 addresses).
** Ignoring requests on bnx1. If this is not what
you want, please write a subnet6 declaration
in your dhcpd.conf file for the network segment
to which interface bnx1 is attached. **
No subnet6 declaration for wm1 (no IPv6 addresses).
** Ignoring requests on wm1. If this is not what
you want, please write a subnet6 declaration
in your dhcpd.conf file for the network segment
to which interface wm1 is attached. **
No subnet6 declaration for wm0 (no IPv6 addresses).
** Ignoring requests on wm0. If this is not what
you want, please write a subnet6 declaration
in your dhcpd.conf file for the network segment
to which interface wm0 is attached. **
No subnet6 declaration for bnx0 (no IPv6 addresses).
** Ignoring requests on bnx0. If this is not what
you want, please write a subnet6 declaration
in your dhcpd.conf file for the network segment
to which interface bnx0 is attached. **
Server starting service.
Relay-forward message from 2001:638:902:1::1 port 547, link address
2001:638:902:200b::1, peer address fe80::1c53:2c7f:acc8:7e3e
Can't find option with code 16
Sending Relay-reply to 2001:638:902:1::1 port 547
Relay-forward message from 2001:638:902:1::1 port 547, link address
2001:638:902:200b::1, peer address fe80::1c53:2c7f:acc8:7e3e
Can't find option with code 16
Picking pool address 2001:638:902:200b::105a
Advertise NA: address 2001:638:902:200b::105a to client with duid
00:01:00:01:19:e6:6e:92:00:15:5d:08:d0:15 iaid = 251663709 valid for 1200
seconds
Sending Relay-reply to 2001:638:902:1::1 port 547
Relay-forward message from 2001:638:902:1::1 port 547, link address
2001:638:902:200b::1, peer address fe80::1c53:2c7f:acc8:7e3e
Can't find option with code 16
Reply NA: address 2001:638:902:200b::105a to client with duid
00:01:00:01:19:e6:6e:92:00:15:5d:08:d0:15 iaid = 251663709 valid for 1200
seconds
Sending Relay-reply to 2001:638:902:1::1 port 547
Relay-forward message from 2001:638:902:1::1 port 547, link address
2001:638:902:2003::1, peer address fe80::41b:f428:e4e9:b238
Sending Relay-reply to 2001:638:902:1::1 port 547
Relay-forward message from 2001:638:902:1::1 port 547, link address
2001:638:902:2009::1, peer address fe80::6eb0:ceff:fe20:322b
Picking pool address 2001:638:902:2009::1950
Advertise NA: address 2001:638:902:2009::1950 to client with duid
00:03:00:01:6c:b0:ce:20:32:2b iaid = 1 valid for 1200 seconds
Unable to pick client prefix: no IPv6 pools on this shared network
Sending Relay-reply to 2001:638:902:1::1 port 547
Relay-forward message from 2001:638:902:1::1 port 547, link address
2001:638:902:200c::1, peer address fe80::d2bf:9cff:febf:a93f
Reply NA: address 2001:638:902:200c::1653 to client with duid
00:03:00:01:d0:bf:9c:bf:a9:3f iaid = 2 valid for 1200 seconds
Sending Relay-reply to 2001:638:902:1::1 port 547
....
Relay-forward message from 2001:638:902:1::1 port 547, link address
2001:638:902:2004::1, peer address fe80::abf:b8ff:fe36:ae27
Reply NA: address 2001:638:902:2004::1223 to client with duid
00:03:00:01:08:bf:b8:36:ae:27 iaid = 11111 valid for 1200 seconds
Sending Relay-reply to 2001:638:902:1::1 port 547
Relay-forward message from 2001:638:902:1::1 port 547, link address
2001:638:902:2007::1, peer address fe80::642:1aff:fe1b:1729
Reply NA: address 2001:638:902:2007::1bb3 to client with duid
00:03:00:01:04:42:1a:1b:17:29 iaid = 22222 valid for 1200 seconds
Sending Relay-reply to 2001:638:902:1::1 port 547
/usr/src/external/mpl/dhcp/bin/server/../../dist/server/mdb6.c(2045): NULL
pointer
/usr/src/external/mpl/dhcp/bin/server/../../dist/server/mdb6.c(2074):
negative refcnt
Relay-forward message from 2001:638:902:1::1 port 547, link address
2001:638:902:2009::1, peer address fe80::6eb0:ceff:fe20:322b
Picking pool address 2001:638:902:2009::1950
Advertise NA: address 2001:638:902:2009::1950 to client with duid
00:03:00:01:6c:b0:ce:20:32:2b iaid = 1 valid for 1200 seconds
....
Advertise NA: address 2001:638:902:2009::1950 to client with duid
00:03:00:01:6c:b0:ce:20:32:2b iaid = 1 valid for 1200 seconds
Unable to pick client prefix: no IPv6 pools on this shared network
Sending Relay-reply to 2001:638:902:1::1 port 547
/usr/src/external/mpl/dhcp/bin/server/../../dist/server/mdb6.c(2045): NULL
pointer
/usr/src/external/mpl/dhcp/bin/server/../../dist/server/mdb6.c(2074):
negative refcnt
Relay-forward message from 2001:638:902:1::1 port 547, link address
2001:638:902:2008::1, peer address fe80::ce79:de58:8247:1605
....
The dhcpd works for a few hours with the messages shown here. The log file
ends with:
....
Sending Relay-reply to 2001:638:902:1::1 port 547
Relay-forward message from 2001:638:902:1::1 port 547, link address
2001:638:902:200b::1, peer address fe80::1c53:2c7f:acc8:7e3e
Can't find option with code 16
Reply NA: address 2001:638:902:200b::105a to client with duid
00:01:00:01:19:e6:6e:92:00:15:5d:08:d0:15 iaid = 251663709 valid for 1200
seconds
/usr/src/external/mpl/dhcp/bin/server/../../dist/server/dhcpv6.c(7008):
negative refcnt!
(END)
If it helps I can provide the complete output file for download. During
the last test a core file was also created. I can offer that too.
Thank you for your efforts
Regards
Uwe
On Thu, 6 Feb 2025, Christos Zoulas wrote:
> Thanks!
>
> Index: Makefile.inc
> ===================================================================
> RCS file: /cvsroot/src/external/mpl/dhcp/Makefile.inc,v
> retrieving revision 1.13
> diff -u -p -u -r1.13 Makefile.inc
> --- Makefile.inc 19 Feb 2024 20:39:13 -0000 1.13
> +++ Makefile.inc 6 Feb 2025 18:43:36 -0000
> @@ -14,6 +14,7 @@ BIND:= ${.PARSEDIR}/bind
> BINDDIST= ${BIND}/dist
> .PATH: ${DIST}/${DHCPSRCDIR}
>
> +CPPFLAGS+= -DPOINTER_DEBUG
> .if (${USE_INET6} != "no")
> CPPFLAGS+= -DDHCPv6
> .endif
>
>
From: 6bone@6bone.informatik.uni-leipzig.de
To: Christos Zoulas <christos@zoulas.com>
Cc: gnats-bugs@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Subject: Re: Re: bin/59046: dhcpd issue
Date: Sat, 8 Feb 2025 08:53:46 +0100 (CET)
I forgot to mention that the dhcpd is operated on a lagg0 interface. The
message
"No subnet6 declaration for (bnx0, bnx1, wm0, wm1)"
is therefore correct. These are the participants of the lagg0 interface.
Regards
Uwe
On Thu, 6 Feb 2025, Christos Zoulas wrote:
> Thanks!
>
> Index: Makefile.inc
> ===================================================================
> RCS file: /cvsroot/src/external/mpl/dhcp/Makefile.inc,v
> retrieving revision 1.13
> diff -u -p -u -r1.13 Makefile.inc
> --- Makefile.inc 19 Feb 2024 20:39:13 -0000 1.13
> +++ Makefile.inc 6 Feb 2025 18:43:36 -0000
> @@ -14,6 +14,7 @@ BIND:= ${.PARSEDIR}/bind
> BINDDIST= ${BIND}/dist
> .PATH: ${DIST}/${DHCPSRCDIR}
>
> +CPPFLAGS+= -DPOINTER_DEBUG
> .if (${USE_INET6} != "no")
> CPPFLAGS+= -DDHCPv6
> .endif
>
>
From: Christos Zoulas <christos@zoulas.com>
To: gnats-bugs@netbsd.org
Cc: gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org,
6bone@6bone.informatik.uni-leipzig.de
Subject: Re: bin/59046: dhcpd issue
Date: Sat, 8 Feb 2025 12:24:34 -0500
--Apple-Mail=_F68946E3-C96E-42B8-8308-B26DED8030E4
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
Can you show the stack trace from gdb and the core file?
gdb dhcpd dhcpd.core
where
christos
> On Feb 8, 2025, at 2:55=E2=80=AFAM, =
6bone@6bone.informatik.uni-leipzig.de via gnats <gnats-admin@netbsd.org> =
wrote:
>=20
> The following reply was made to PR bin/59046; it has been noted by =
GNATS.
>=20
> From: 6bone@6bone.informatik.uni-leipzig.de
> To: Christos Zoulas <christos@zoulas.com>
> Cc: gnats-bugs@netbsd.org, gnats-admin@netbsd.org, =
netbsd-bugs@netbsd.org
> Subject: Re: Re: bin/59046: dhcpd issue
> Date: Sat, 8 Feb 2025 08:53:46 +0100 (CET)
>=20
> I forgot to mention that the dhcpd is operated on a lagg0 interface. =
The=20
> message
>=20
> "No subnet6 declaration for (bnx0, bnx1, wm0, wm1)"
>=20
> is therefore correct. These are the participants of the lagg0 =
interface.
>=20
>=20
> Regards
> Uwe
>=20
>=20
> On Thu, 6 Feb 2025, Christos Zoulas wrote:
>=20
>> Thanks!
>>=20
>> Index: Makefile.inc
>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>> RCS file: /cvsroot/src/external/mpl/dhcp/Makefile.inc,v
>> retrieving revision 1.13
>> diff -u -p -u -r1.13 Makefile.inc
>> --- Makefile.inc 19 Feb 2024 20:39:13 -0000 1.13
>> +++ Makefile.inc 6 Feb 2025 18:43:36 -0000
>> @@ -14,6 +14,7 @@ BIND:=3D ${.PARSEDIR}/bind
>> BINDDIST=3D ${BIND}/dist
>> .PATH: ${DIST}/${DHCPSRCDIR}
>>=20
>> +CPPFLAGS+=3D -DPOINTER_DEBUG
>> .if (${USE_INET6} !=3D "no")
>> CPPFLAGS+=3D -DDHCPv6
>> .endif
>>=20
>>=20
>=20
--Apple-Mail=_F68946E3-C96E-42B8-8308-B26DED8030E4
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iF0EARECAB0WIQS+BJlbqPkO0MDBdsRxESqxbLM7OgUCZ6eTUgAKCRBxESqxbLM7
OuEZAKC8Nd2yW8dzSv1euM550O2giAQsfwCgsN3gBhGbLsW+uSiOqyhAG6s4Ivw=
=r0oG
-----END PGP SIGNATURE-----
--Apple-Mail=_F68946E3-C96E-42B8-8308-B26DED8030E4--
From: 6bone@6bone.informatik.uni-leipzig.de
To: Christos Zoulas <christos@zoulas.com>
Cc: gnats-bugs@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Subject: Re: Re: bin/59046: dhcpd issue
Date: Sat, 8 Feb 2025 18:58:55 +0100 (CET)
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from dhcpd...
(No debugging symbols found in dhcpd)
[New process 8940]
[New process 22425]
[New process 6525]
[New process 9041]
[New process 512]
[New process 27077]
[New process 6305]
[New process 23824]
[New process 3103]
[New process 16903]
[New process 17743]
[New process 12274]
[New process 27431]
Core was generated by `dhcpd'.
Program terminated with signal SIGABRT, Aborted.
#0 0x00007903d8d7eeea in _lwp_kill () from /usr/lib/libc.so.12
[Current thread is 1 (process 8940)]
(gdb) where
#0 0x00007903d8d7eeea in _lwp_kill () from /usr/lib/libc.so.12
#1 0x00007903d8d846e0 in abort () from /usr/lib/libc.so.12
#2 0x0000000001e669c0 in buffer_dereference ()
#3 0x0000000001e6754c in data_string_forget ()
#4 0x0000000001e30942 in build_dhcpv6_reply ()
#5 0x0000000001e30f75 in dhcpv6 ()
#6 0x0000000001e744a4 in do_packet6 ()
#7 0x0000000001e5e10f in got_one_v6 ()
#8 0x0000000001e91f2a in ?? ()
#9 0x000000000200d834 in ?? ()
#10 0x0000000002037713 in isc.trampoline_run ()
#11 0x00007903dd20c89f in ?? () from /usr/lib/libpthread.so.1
#12 0x00007903d8c930e0 in ?? () from /usr/lib/libc.so.12
#13 0x0000000000200000 in ?? ()
#14 0x0000000000000000 in ?? ()
Regards
Uwe
On Sat, 8 Feb 2025, Christos Zoulas wrote:
> Can you show the stack trace from gdb and the core file?
>
> gdb dhcpd dhcpd.core
> where
>
> christos
>
>> On Feb 8, 2025, at 2:55?AM, 6bone@6bone.informatik.uni-leipzig.de via gnats <gnats-admin@netbsd.org> wrote:
>>
>> The following reply was made to PR bin/59046; it has been noted by GNATS.
>>
>> From: 6bone@6bone.informatik.uni-leipzig.de
>> To: Christos Zoulas <christos@zoulas.com>
>> Cc: gnats-bugs@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
>> Subject: Re: Re: bin/59046: dhcpd issue
>> Date: Sat, 8 Feb 2025 08:53:46 +0100 (CET)
>>
>> I forgot to mention that the dhcpd is operated on a lagg0 interface. The
>> message
>>
>> "No subnet6 declaration for (bnx0, bnx1, wm0, wm1)"
>>
>> is therefore correct. These are the participants of the lagg0 interface.
>>
>>
>> Regards
>> Uwe
>>
>>
>> On Thu, 6 Feb 2025, Christos Zoulas wrote:
>>
>>> Thanks!
>>>
>>> Index: Makefile.inc
>>> ===================================================================
>>> RCS file: /cvsroot/src/external/mpl/dhcp/Makefile.inc,v
>>> retrieving revision 1.13
>>> diff -u -p -u -r1.13 Makefile.inc
>>> --- Makefile.inc 19 Feb 2024 20:39:13 -0000 1.13
>>> +++ Makefile.inc 6 Feb 2025 18:43:36 -0000
>>> @@ -14,6 +14,7 @@ BIND:= ${.PARSEDIR}/bind
>>> BINDDIST= ${BIND}/dist
>>> .PATH: ${DIST}/${DHCPSRCDIR}
>>>
>>> +CPPFLAGS+= -DPOINTER_DEBUG
>>> .if (${USE_INET6} != "no")
>>> CPPFLAGS+= -DDHCPv6
>>> .endif
>>>
>>>
>>
>
>
From: Christos Zoulas <christos@zoulas.com>
To: gnats-bugs@netbsd.org
Cc: gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org,
6bone@6bone.informatik.uni-leipzig.de
Subject: Re: bin/59046: dhcpd issue
Date: Sat, 8 Feb 2025 18:57:54 -0500
--Apple-Mail=_8B368190-82A0-40E5-A950-274B07EB9770
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=us-ascii
Can you compile with -g (symbols)? I can't tell which call is that.
Thanks,
christos
--Apple-Mail=_8B368190-82A0-40E5-A950-274B07EB9770
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iF0EARECAB0WIQS+BJlbqPkO0MDBdsRxESqxbLM7OgUCZ6fvggAKCRBxESqxbLM7
OpsQAKCxAhfGSxzsSamZlb7OdxLT/CDOuACfUYkDZoEoW8iWLAjLKLsys1L6+Dc=
=AsMz
-----END PGP SIGNATURE-----
--Apple-Mail=_8B368190-82A0-40E5-A950-274B07EB9770--
From: 6bone@6bone.informatik.uni-leipzig.de
To: Christos Zoulas <christos@zoulas.com>
Cc: gnats-bugs@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Subject: Re: Re: bin/59046: dhcpd issue
Date: Mon, 10 Feb 2025 08:56:37 +0100 (CET)
This GDB was configured as "x86_64--netbsd".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/obj/external/mpl/dhcp/bin/server/dhcpd...
[New process 25706]
[New process 487]
[New process 13393]
[New process 27458]
[New process 4164]
[New process 6709]
[New process 10550]
[New process 11044]
[New process 13596]
[New process 597]
[New process 153]
[New process 15800]
[New process 21849]
Core was generated by `dhcpd'.
Program terminated with signal SIGSEGV, Segmentation fault.
[Current thread is 1 (process 25706)]
#0 0x00007bbf3510f8e8 in free () from /usr/lib/libc.so.12
#1 0x00000001a9695d28 in dfree (ptr=<optimized out>, file=<optimized out>,
line=<optimized out>)
at /usr/src/external/mpl/dhcp/lib/omapip/../../dist/omapip/alloc.c:208
#2 0x00000001a9666998 in buffer_dereference (ptr=ptr@entry=0x7bbf2dfefc80,
file=file@entry=0x1a9852728 "/usr/src/external/mpl/dhcp/bin/server/../../dist/server/dhcpv6.c", line=line@entry=7807)
at /usr/src/external/mpl/dhcp/lib/common/../../dist/common/alloc.c:757
#3 0x00000001a966754c in data_string_forget (data=data@entry=0x7bbf2dfefc80,
file=file@entry=0x1a9852728 "/usr/src/external/mpl/dhcp/bin/server/../../dist/server/dhcpv6.c", line=line@entry=7807)
at /usr/src/external/mpl/dhcp/lib/common/../../dist/common/alloc.c:1350
#4 0x00000001a963105a in dhcpv6 (packet=0x7bbf3888f000)
at /usr/src/external/mpl/dhcp/bin/server/../../dist/server/dhcpv6.c:7807
#5 0x00000001a96744a4 in do_packet6 (interface=<optimized out>,
packet=0x7bbf2dfefde0 "\f", len=164, from_port=8962, from=<optimized out>,
was_unicast=<optimized out>)
at /usr/src/external/mpl/dhcp/lib/common/../../dist/common/options.c:4236
#6 0x00000001a965e10f in got_one_v6 (h=<optimized out>)
at /usr/src/external/mpl/dhcp/lib/common/../../dist/common/discover.c:1219
#7 0x00000001a9691f2a in omapi_iscsock_cb (task=<optimized out>,
socket=<optimized out>, cbarg=0x7bbf3a0fc180, flags=1)
at /usr/src/external/mpl/dhcp/lib/omapip/../../dist/omapip/dispatch.c:172
#8 0x00000001a980d834 in internal_fdwatch_read (sock=0x7bbf3a0bf700)
at /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/unix/socket.c:3208
#9 dispatch_recv (sock=0x7bbf3a0bf700)
at /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/unix/socket.c:2718
#10 process_fd (writeable=<optimized out>, readable=<optimized out>,
fd=<optimized out>, thread=0x7bbf3a148ca0)
at /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/unix/socket.c:3279
#11 process_fds (nevents=<optimized out>, events=<optimized out>,
thread=0x7bbf3a148ca0)
at /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/unix/socket.c:3326
#12 netthread (uap=0x7bbf3a148ca0)
at /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/unix/socket.c:3613
#13 0x00000001a9837713 in isc__trampoline_run (arg=0x7bbf3a13aa30)
at /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/trampoline.c:215
#14 0x00007bbf3960c89f in ?? () from /usr/lib/libpthread.so.1
#15 0x00007bbf350930e0 in ?? () from /usr/lib/libc.so.12
#16 0x0000000000200000 in ?? ()
#17 0x0000000000000000 in ?? ()
Last log entry before the crash was:
Client 00:01:00:01:27:3e:db:f2:b0:5c:da:40:02:08 releases address 2001:638:902:200c::1269
Sending Relay-reply to 2001:638:902:1::1 port 547
Regards
Uwe
On Sat, 8 Feb 2025, Christos Zoulas wrote:
> Can you compile with -g (symbols)? I can't tell which call is that.
>
> Thanks,
>
> christos
>
>
>
From: Christos Zoulas <christos@zoulas.com>
To: gnats-bugs@netbsd.org
Cc: gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org,
6bone@6bone.informatik.uni-leipzig.de
Subject: Re: bin/59046: dhcpd issue
Date: Mon, 10 Feb 2025 12:42:55 -0500
--Apple-Mail=_DF768B98-A019-4C84-898A-EC6D7ED72CA2
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
Can you print the message type in:
static void
build_dhcpv6_reply(struct data_string *reply, struct packet *packet) {
memset(reply, 0, sizeof(*reply));
=20
/* I would like to classify the client once here, but
* as I don't want to classify all of the incoming packets
* I need to do it before handling specific types.
* We don't need to classify if we are tossing the packet
* or if it is a relay - the classification step will get
* done when we process the inner client packet.
*/
switch (packet->dhcpv6_msg_type) {
?
Thanks
christos
> On Feb 10, 2025, at 3:00=E2=80=AFAM, =
6bone@6bone.informatik.uni-leipzig.de via gnats <gnats-admin@netbsd.org> =
wrote:
>=20
> The following reply was made to PR bin/59046; it has been noted by =
GNATS.
>=20
> From: 6bone@6bone.informatik.uni-leipzig.de
> To: Christos Zoulas <christos@zoulas.com>
> Cc: gnats-bugs@netbsd.org, gnats-admin@netbsd.org, =
netbsd-bugs@netbsd.org
> Subject: Re: Re: bin/59046: dhcpd issue
> Date: Mon, 10 Feb 2025 08:56:37 +0100 (CET)
>=20
> This GDB was configured as "x86_64--netbsd".
> Type "show configuration" for configuration details.
> For bug reporting instructions, please see:
> <https://www.gnu.org/software/gdb/bugs/>.
> Find the GDB manual and other documentation resources online at:
> <http://www.gnu.org/software/gdb/documentation/>.
>=20
> For help, type "help".
> Type "apropos word" to search for commands related to "word"...
> Reading symbols from /usr/obj/external/mpl/dhcp/bin/server/dhcpd...
> [New process 25706]
> [New process 487]
> [New process 13393]
> [New process 27458]
> [New process 4164]
> [New process 6709]
> [New process 10550]
> [New process 11044]
> [New process 13596]
> [New process 597]
> [New process 153]
> [New process 15800]
> [New process 21849]
> Core was generated by `dhcpd'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> [Current thread is 1 (process 25706)]
> #0 0x00007bbf3510f8e8 in free () from /usr/lib/libc.so.12
> #1 0x00000001a9695d28 in dfree (ptr=3D<optimized out>, =
file=3D<optimized out>,
> line=3D<optimized out>)
> at =
/usr/src/external/mpl/dhcp/lib/omapip/../../dist/omapip/alloc.c:208
> #2 0x00000001a9666998 in buffer_dereference =
(ptr=3Dptr@entry=3D0x7bbf2dfefc80,
> file=3Dfile@entry=3D0x1a9852728 =
"/usr/src/external/mpl/dhcp/bin/server/../../dist/server/dhcpv6.c", =
line=3Dline@entry=3D7807)
> at =
/usr/src/external/mpl/dhcp/lib/common/../../dist/common/alloc.c:757
> #3 0x00000001a966754c in data_string_forget =
(data=3Ddata@entry=3D0x7bbf2dfefc80,
> file=3Dfile@entry=3D0x1a9852728 =
"/usr/src/external/mpl/dhcp/bin/server/../../dist/server/dhcpv6.c", =
line=3Dline@entry=3D7807)
> at =
/usr/src/external/mpl/dhcp/lib/common/../../dist/common/alloc.c:1350
> #4 0x00000001a963105a in dhcpv6 (packet=3D0x7bbf3888f000)
> at =
/usr/src/external/mpl/dhcp/bin/server/../../dist/server/dhcpv6.c:7807
> #5 0x00000001a96744a4 in do_packet6 (interface=3D<optimized out>,
> packet=3D0x7bbf2dfefde0 "\f", len=3D164, from_port=3D8962, =
from=3D<optimized out>,
> was_unicast=3D<optimized out>)
> at =
/usr/src/external/mpl/dhcp/lib/common/../../dist/common/options.c:4236
> #6 0x00000001a965e10f in got_one_v6 (h=3D<optimized out>)
> at =
/usr/src/external/mpl/dhcp/lib/common/../../dist/common/discover.c:1219
> #7 0x00000001a9691f2a in omapi_iscsock_cb (task=3D<optimized out>,
> socket=3D<optimized out>, cbarg=3D0x7bbf3a0fc180, flags=3D1)
> at =
/usr/src/external/mpl/dhcp/lib/omapip/../../dist/omapip/dispatch.c:172
> #8 0x00000001a980d834 in internal_fdwatch_read (sock=3D0x7bbf3a0bf700)
> at =
/usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/unix/socket.=
c:3208
> #9 dispatch_recv (sock=3D0x7bbf3a0bf700)
> at =
/usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/unix/socket.=
c:2718
> #10 process_fd (writeable=3D<optimized out>, readable=3D<optimized =
out>,
> fd=3D<optimized out>, thread=3D0x7bbf3a148ca0)
> at =
/usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/unix/socket.=
c:3279
> #11 process_fds (nevents=3D<optimized out>, events=3D<optimized out>,
> thread=3D0x7bbf3a148ca0)
> at =
/usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/unix/socket.=
c:3326
> #12 netthread (uap=3D0x7bbf3a148ca0)
> at =
/usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/unix/socket.=
c:3613
> #13 0x00000001a9837713 in isc__trampoline_run (arg=3D0x7bbf3a13aa30)
> at =
/usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/trampoline.c=
:215
> #14 0x00007bbf3960c89f in ?? () from /usr/lib/libpthread.so.1
> #15 0x00007bbf350930e0 in ?? () from /usr/lib/libc.so.12
> #16 0x0000000000200000 in ?? ()
> #17 0x0000000000000000 in ?? ()
>=20
> Last log entry before the crash was:
> Client 00:01:00:01:27:3e:db:f2:b0:5c:da:40:02:08 releases address =
2001:638:902:200c::1269
> Sending Relay-reply to 2001:638:902:1::1 port 547
>=20
>=20
> Regards
> Uwe
>=20
>=20
> On Sat, 8 Feb 2025, Christos Zoulas wrote:
>=20
>> Can you compile with -g (symbols)? I can't tell which call is that.
>>=20
>> Thanks,
>>=20
>> christos
>>=20
>>=20
>>=20
>=20
--Apple-Mail=_DF768B98-A019-4C84-898A-EC6D7ED72CA2
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iF0EARECAB0WIQS+BJlbqPkO0MDBdsRxESqxbLM7OgUCZ6o6nwAKCRBxESqxbLM7
Ok3jAJ0Us2NyRXyx0EsI6cNBj8h+xp0G+gCfa0phV42j2Cx42ywMcuCTPRirgtI=
=aNA+
-----END PGP SIGNATURE-----
--Apple-Mail=_DF768B98-A019-4C84-898A-EC6D7ED72CA2--
From: 6bone@6bone.informatik.uni-leipzig.de
To: Christos Zoulas <christos@zoulas.com>
Cc: gnats-bugs@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Subject: Re: Re: bin/59046: dhcpd issue
Date: Tue, 11 Feb 2025 12:27:49 +0100 (CET)
I have included an output before the switch statement:
log_debug("build_dhcpv6_reply packet->dhcpv6_msg_type is %d", packet->dhcpv6_msg_type);
The last lines of the output:
....
Relay-forward message from 2001:638:902:1::1 port 547, link address
2001:638:902:200b::1, peer address fe80::1c53:2c7f:acc8:7e3e
build_dhcpv6_reply packet->dhcpv6_msg_type is 12
Can't find option with code 16
build_dhcpv6_reply packet->dhcpv6_msg_type is 5
Reply NA: address 2001:638:902:200b::105a to client with duid
00:01:00:01:19:e6:6e:92:00:15:5d:08:d0:15 iaid = 251663709 valid for 1200 seconds
Sending Relay-reply to 2001:638:902:1::1 port 547
Relay-forward message from 2001:638:902:1::1 port 547, link address
2001:638:902:2015::1, peer address fe80::240:caff:fea5:b1ff
build_dhcpv6_reply packet->dhcpv6_msg_type is 12
build_dhcpv6_reply packet->dhcpv6_msg_type is 11
Sending Relay-reply to 2001:638:902:1::1 port 547
Relay-forward message from 2001:638:902:1::1 port 547, link address
2001:638:902:200c::1, peer address fe80::d2bf:9cff:febf:a93f
build_dhcpv6_reply packet->dhcpv6_msg_type is 12
build_dhcpv6_reply packet->dhcpv6_msg_type is 5
Reply NA: address 2001:638:902:200c::1653 to client with duid
00:03:00:01:d0:bf:9c:bf:a9:3f iaid = 2 valid for 1200 seconds
Sending Relay-reply to 2001:638:902:1::1 port 547
and the gdb output from the core file
This GDB was configured as "x86_64--netbsd".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/obj/external/mpl/dhcp/bin/server/dhcpd...
[New process 26684]
[New process 21095]
[New process 9706]
[New process 14977]
[New process 18003]
[New process 3662]
[New process 26573]
[New process 25771]
[New process 25429]
[New process 19916]
[New process 8241]
[New process 25435]
[New process 6788]
Core was generated by `dhcpd'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007013494d58ac in je_large_dalloc () from /usr/lib/libc.so.12
[Current thread is 1 (process 26684)]
#0 0x00007013494d58ac in je_large_dalloc () from /usr/lib/libc.so.12
#1 0x00000000a4a52e20 in iasubopt_dereference (iasubopt=<optimized out>,
file=file@entry=0xa4c5ae68
"/usr/src/external/mpl/dhcp/bin/server/../../dist/server/mdb6.c",
line=line@entry=2045)
at /usr/src/external/mpl/dhcp/bin/server/../../dist/server/mdb6.c:307
#2 0x00000000a4a531fc in ia_remove_iasubopt (ia=0x70134b9d4fc0,
iasubopt=0x70134c03c080,
file=file@entry=0xa4c5ae68
"/usr/src/external/mpl/dhcp/bin/server/../../dist/server/mdb6.c",
line=line@entry=2045)
at /usr/src/external/mpl/dhcp/bin/server/../../dist/server/mdb6.c:491
#3 0x00000000a4a550f9 in ia_remove_iasubopt (line=2045,
file=0xa4c5ae68
"/usr/src/external/mpl/dhcp/bin/server/../../dist/server/mdb6.c",
iasubopt=<optimized out>, ia=<optimized out>)
at /usr/src/external/mpl/dhcp/bin/server/../../dist/server/mdb6.c:485
#4 cleanup_old_expired (pool=0x70134e484c40)
at /usr/src/external/mpl/dhcp/bin/server/../../dist/server/mdb6.c:2045
#5 lease_timeout_support (vpool=0x70134e484c40)
at /usr/src/external/mpl/dhcp/bin/server/../../dist/server/mdb6.c:2120
#6 0x00000000a4a5bc7f in isclib_timer_callback (taskp=<optimized out>,
eventp=<optimized out>)
at
/usr/src/external/mpl/dhcp/lib/common/../../dist/common/dispatch.c:181
#7 0x00000000a4c25a2b in task_run (task=0x70134e4fd1c0)
at
/usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/task.c:861
#8 isc_task_run (task=0x70134e4fd1c0)
at
/usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/task.c:955
#9 0x00000000a4c1c850 in isc__nm_async_task (worker=0x70134e482d90,
ev0=0x70134c079b40)
at
/usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/netmgr/netmgr.c:883
#10 process_netievent (worker=worker@entry=0x70134e482d90,
ievent=0x70134c079b40)
at
/usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/netmgr/netmgr.c:955
#11 0x00000000a4c1cf0e in process_queue
(worker=worker@entry=0x70134e482d90,
type=type@entry=NETIEVENT_TASK)
at
/usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/netmgr/netmgr.c:1021
#12 0x00000000a4c1d87d in process_all_queues (worker=0x70134e482d90)
at
/usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/netmgr/netmgr.c:796
#13 async_cb (handle=0x70134e4830c8)
at
/usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/netmgr/netmgr.c:825
#14 0x00000000a4c4a8bc in ?? ()
#15 0x00000000a4c3feec in uv.io_poll ()
#16 0x00000000a4c47f64 in uv_run ()
#17 0x00000000a4c1d17e in nm_thread (worker0=0x70134e482d90)
at
/usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/netmgr/netmgr.c:727
#18 0x00000000a4c37723 in isc__trampoline_run (arg=0x70134e5359a0)
at
/usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/trampoline.c:215
#19 0x000070134da0c89f in ?? () from /usr/lib/libpthread.so.1
#20 0x00007013494930e0 in ?? () from /usr/lib/libc.so.12
#21 0x0000000000200000 in ?? ()
#22 0x0000000000000000 in ?? ()
Regards
Uwe
On Mon, 10 Feb 2025, Christos Zoulas wrote:
> Can you print the message type in:
>
> static void
> build_dhcpv6_reply(struct data_string *reply, struct packet *packet) {
> memset(reply, 0, sizeof(*reply));
>
> /* I would like to classify the client once here, but
> * as I don't want to classify all of the incoming packets
> * I need to do it before handling specific types.
> * We don't need to classify if we are tossing the packet
> * or if it is a relay - the classification step will get
> * done when we process the inner client packet.
> */
>
> switch (packet->dhcpv6_msg_type) {
>
> ?
>
> Thanks
>
> christos
>
>> On Feb 10, 2025, at 3:00?AM, 6bone@6bone.informatik.uni-leipzig.de via gnats <gnats-admin@netbsd.org> wrote:
>>
>> The following reply was made to PR bin/59046; it has been noted by GNATS.
>>
>> From: 6bone@6bone.informatik.uni-leipzig.de
>> To: Christos Zoulas <christos@zoulas.com>
>> Cc: gnats-bugs@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
>> Subject: Re: Re: bin/59046: dhcpd issue
>> Date: Mon, 10 Feb 2025 08:56:37 +0100 (CET)
>>
>> This GDB was configured as "x86_64--netbsd".
>> Type "show configuration" for configuration details.
>> For bug reporting instructions, please see:
>> <https://www.gnu.org/software/gdb/bugs/>.
>> Find the GDB manual and other documentation resources online at:
>> <http://www.gnu.org/software/gdb/documentation/>.
>>
>> For help, type "help".
>> Type "apropos word" to search for commands related to "word"...
>> Reading symbols from /usr/obj/external/mpl/dhcp/bin/server/dhcpd...
>> [New process 25706]
>> [New process 487]
>> [New process 13393]
>> [New process 27458]
>> [New process 4164]
>> [New process 6709]
>> [New process 10550]
>> [New process 11044]
>> [New process 13596]
>> [New process 597]
>> [New process 153]
>> [New process 15800]
>> [New process 21849]
>> Core was generated by `dhcpd'.
>> Program terminated with signal SIGSEGV, Segmentation fault.
>> [Current thread is 1 (process 25706)]
>> #0 0x00007bbf3510f8e8 in free () from /usr/lib/libc.so.12
>> #1 0x00000001a9695d28 in dfree (ptr=<optimized out>, file=<optimized out>,
>> line=<optimized out>)
>> at /usr/src/external/mpl/dhcp/lib/omapip/../../dist/omapip/alloc.c:208
>> #2 0x00000001a9666998 in buffer_dereference (ptr=ptr@entry=0x7bbf2dfefc80,
>> file=file@entry=0x1a9852728 "/usr/src/external/mpl/dhcp/bin/server/../../dist/server/dhcpv6.c", line=line@entry=7807)
>> at /usr/src/external/mpl/dhcp/lib/common/../../dist/common/alloc.c:757
>> #3 0x00000001a966754c in data_string_forget (data=data@entry=0x7bbf2dfefc80,
>> file=file@entry=0x1a9852728 "/usr/src/external/mpl/dhcp/bin/server/../../dist/server/dhcpv6.c", line=line@entry=7807)
>> at /usr/src/external/mpl/dhcp/lib/common/../../dist/common/alloc.c:1350
>> #4 0x00000001a963105a in dhcpv6 (packet=0x7bbf3888f000)
>> at /usr/src/external/mpl/dhcp/bin/server/../../dist/server/dhcpv6.c:7807
>> #5 0x00000001a96744a4 in do_packet6 (interface=<optimized out>,
>> packet=0x7bbf2dfefde0 "\f", len=164, from_port=8962, from=<optimized out>,
>> was_unicast=<optimized out>)
>> at /usr/src/external/mpl/dhcp/lib/common/../../dist/common/options.c:4236
>> #6 0x00000001a965e10f in got_one_v6 (h=<optimized out>)
>> at /usr/src/external/mpl/dhcp/lib/common/../../dist/common/discover.c:1219
>> #7 0x00000001a9691f2a in omapi_iscsock_cb (task=<optimized out>,
>> socket=<optimized out>, cbarg=0x7bbf3a0fc180, flags=1)
>> at /usr/src/external/mpl/dhcp/lib/omapip/../../dist/omapip/dispatch.c:172
>> #8 0x00000001a980d834 in internal_fdwatch_read (sock=0x7bbf3a0bf700)
>> at /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/unix/socket.c:3208
>> #9 dispatch_recv (sock=0x7bbf3a0bf700)
>> at /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/unix/socket.c:2718
>> #10 process_fd (writeable=<optimized out>, readable=<optimized out>,
>> fd=<optimized out>, thread=0x7bbf3a148ca0)
>> at /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/unix/socket.c:3279
>> #11 process_fds (nevents=<optimized out>, events=<optimized out>,
>> thread=0x7bbf3a148ca0)
>> at /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/unix/socket.c:3326
>> #12 netthread (uap=0x7bbf3a148ca0)
>> at /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/unix/socket.c:3613
>> #13 0x00000001a9837713 in isc__trampoline_run (arg=0x7bbf3a13aa30)
>> at /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/trampoline.c:215
>> #14 0x00007bbf3960c89f in ?? () from /usr/lib/libpthread.so.1
>> #15 0x00007bbf350930e0 in ?? () from /usr/lib/libc.so.12
>> #16 0x0000000000200000 in ?? ()
>> #17 0x0000000000000000 in ?? ()
>>
>> Last log entry before the crash was:
>> Client 00:01:00:01:27:3e:db:f2:b0:5c:da:40:02:08 releases address 2001:638:902:200c::1269
>> Sending Relay-reply to 2001:638:902:1::1 port 547
>>
>>
>> Regards
>> Uwe
>>
>>
>> On Sat, 8 Feb 2025, Christos Zoulas wrote:
>>
>>> Can you compile with -g (symbols)? I can't tell which call is that.
>>>
>>> Thanks,
>>>
>>> christos
>>>
>>>
>>>
>>
>
>
From: Christos Zoulas <christos@zoulas.com>
To: 6bone@6bone.informatik.uni-leipzig.de
Cc: gnats-bugs@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Subject: Re: bin/59046: dhcpd issue
Date: Tue, 11 Feb 2025 09:36:56 -0500
On 2025-02-11 6:27 am, 6bone@6bone.informatik.uni-leipzig.de wrote:
Seems to be dying elsewhere now (in mdb6.c). So something is corrupting
memory.
This code is just too complicated. Lets try to build with all the memory
debugging
it provides to see if it can detect the problem itself. Can you build
with:
-DDEBUG_MEMORY_LEAKAGE) -DDEBUG_MALLOC_POOL)
-DDEBUG_MEMORY_LEAKAGE_ON_EXIT -DDEBUG_MALLOC_POOL_EXHAUSTIVELY
and see if that get's us somewhere? If that does not work, we could try
-fsanitize=memory...
christos
From: 6bone@6bone.informatik.uni-leipzig.de
To: Christos Zoulas <christos@zoulas.com>
Cc: gnats-bugs@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Subject: Re: Re: bin/59046: dhcpd issue
Date: Wed, 12 Feb 2025 14:42:09 +0100 (CET)
With the additional switches, the error occurs immediately after startup.
The immediate crash is reproducible.
Internet Systems Consortium DHCP Server 4.4.2
Copyright 2004-2022 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Config file: /etc/dhcpd6.conf
Database file: /var/db/dhcpd6.leases
PID file: dhcpd6.pid
Wrote 5 NA, 0 TA, 0 PD leases to lease file.
Bound to *:547
Listening on Socket/53/lagg0/2001:638:902:1::/64
Sending on Socket/53/lagg0/2001:638:902:1::/64
/usr/src/external/mpl/dhcp/bin/server/../../dist/server/mdb6.c(2045): NULL pointer
/usr/src/external/mpl/dhcp/bin/server/../../dist/server/mdb6.c(2074): negative refcnt
/usr/src/external/mpl/dhcp/bin/server/../../dist/server/mdb6.c(2074): freeing unknown memory: 70e1993bb6c0
gdb output:
This GDB was configured as "x86_64--netbsd".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/obj/external/mpl/dhcp/bin/server/dhcpd...
[New process 13930]
[New process 3448]
[New process 26971]
[New process 4688]
[New process 15302]
[New process 11937]
[New process 14605]
[New process 11483]
[New process 21633]
[New process 16858]
[New process 27887]
[New process 22524]
[New process 4051]
Core was generated by `dhcpd'.
Program terminated with signal SIGABRT, Aborted.
#0 0x000070e19677eeea in _lwp_kill () from /usr/lib/libc.so.12
[Current thread is 1 (process 13930)]
#0 0x000070e19677eeea in _lwp_kill () from /usr/lib/libc.so.12
#1 0x000070e1967846e0 in abort () from /usr/lib/libc.so.12
#2 0x000000012d2971f3 in dfree (ptr=<optimized out>, file=<optimized out>,
line=<optimized out>)
at /usr/src/external/mpl/dhcp/lib/omapip/../../dist/omapip/alloc.c:169
#3 0x000000012d2536d0 in iasubopt_dereference (
iasubopt=iasubopt@entry=0x70e1911f57b8,
file=file@entry=0x12d45c928 "/usr/src/external/mpl/dhcp/bin/server/../../dist/server/mdb6.c", line=line@entry=2074)
at /usr/src/external/mpl/dhcp/bin/server/../../dist/server/mdb6.c:307
#4 0x000000012d255a0b in cleanup_old_expired (pool=0x70e19b637f80)
at /usr/src/external/mpl/dhcp/bin/server/../../dist/server/mdb6.c:2074
#5 lease_timeout_support (vpool=0x70e19b637f80)
at /usr/src/external/mpl/dhcp/bin/server/../../dist/server/mdb6.c:2120
#6 0x000000012d25c79f in isclib_timer_callback (taskp=<optimized out>,
eventp=<optimized out>)
at /usr/src/external/mpl/dhcp/lib/common/../../dist/common/dispatch.c:181
#7 0x000000012d42749b in task_run (task=0x70e19b6375a0)
at /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/task.c:861
#8 isc_task_run (task=0x70e19b6375a0)
at /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/task.c:955
#9 0x000000012d41e2c0 in isc__nm_async_task (worker=0x70e19b3b6d90,
ev0=0x70e198b7b000)
at /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/netmgr/netmgr.c:883
#10 process_netievent (worker=worker@entry=0x70e19b3b6d90,
ievent=0x70e198b7b000)
at /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/netmgr/netmgr.c:955
#11 0x000000012d41e97e in process_queue (worker=worker@entry=0x70e19b3b6d90,
type=type@entry=NETIEVENT_TASK)
at /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/netmgr/netmgr.c:1021
#12 0x000000012d41f2ed in process_all_queues (worker=0x70e19b3b6d90)
at
/usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/netmgr/netmgr.c:796
#13 async_cb (handle=0x70e19b3b70c8)
at /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/netmgr/netmgr.c:825
#14 0x000000012d44c32c in ?? ()
#15 0x000000012d44195c in uv.io_poll ()
#16 0x000000012d4499d4 in uv_run ()
#17 0x000000012d41ebee in nm_thread (worker0=0x70e19b3b6d90)
at /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/netmgr/netmgr.c:727
#18 0x000000012d439193 in isc__trampoline_run (arg=0x70e19b66d820)
at /usr/src/external/mpl/dhcp/bind/lib/libisc/../../dist/lib/isc/trampoline.c:215
#19 0x000070e19ac0c89f in ?? () from /usr/lib/libpthread.so.1
#20 0x000070e1966930e0 in ?? () from /usr/lib/libc.so.12
#21 0x0000000000200000 in ?? ()
#22 0x0000000000000000 in ?? ()
Best Regards
Uwe
On Tue, 11 Feb 2025, Christos Zoulas wrote:
> On 2025-02-11 6:27 am, 6bone@6bone.informatik.uni-leipzig.de wrote:
>
> Seems to be dying elsewhere now (in mdb6.c). So something is corrupting
> memory.
> This code is just too complicated. Lets try to build with all the memory
> debugging
> it provides to see if it can detect the problem itself. Can you build with:
> -DDEBUG_MEMORY_LEAKAGE) -DDEBUG_MALLOC_POOL) -DDEBUG_MEMORY_LEAKAGE_ON_EXIT
> -DDEBUG_MALLOC_POOL_EXHAUSTIVELY
>
> and see if that get's us somewhere? If that does not work, we could try
> -fsanitize=memory...
>
> christos
>
From: Christos Zoulas <christos@zoulas.com>
To: gnats-bugs@netbsd.org
Cc: gnats-admin@netbsd.org, netbsd-bugs@netbsd.org,
6bone@6bone.informatik.uni-leipzig.de
Subject: Re: bin/59046: dhcpd issue
Date: Wed, 12 Feb 2025 17:19:10 -0500
Should be fixed with:
cvs commit mdb6.c
/cvsroot/src/external/mpl/dhcp/dist/server/mdb6.c,v <-- mdb6.c
new revision: 1.8; previous revision: 1.7
Best,
christos
From: 6bone@6bone.informatik.uni-leipzig.de
To: Christos Zoulas <christos@zoulas.com>
Cc: gnats-bugs@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Subject: Re: Re: bin/59046: dhcpd issue
Date: Mon, 17 Feb 2025 10:33:37 +0100 (CET)
The patch seems to prevent the crash. The case can be closed.
Thank you for your efforts
Uwe
On Wed, 12 Feb 2025, Christos Zoulas wrote:
>
> Should be fixed with:
>
> cvs commit mdb6.c
> /cvsroot/src/external/mpl/dhcp/dist/server/mdb6.c,v <-- mdb6.c
> new revision: 1.8; previous revision: 1.7
>
> Best,
>
> christos
>
>
(Contact us)
$NetBSD: query-full-pr,v 1.49 2026/05/14 01:52:41 riastradh Exp $
$NetBSD: gnats_config.sh,v 1.10 2026/05/13 22:00:09 riastradh Exp $
Copyright © 1994-2026
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home