bin/52656: dhcpcd dumps core on carrier down/up

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: bin/52656: dhcpcd dumps core on carrier down/up
From: bouyer%antioche.eu.org@localhost
Date: Wed, 25 Oct 2017 19:30:00 +0000 (UTC)

>Number:         52656
>Category:       bin
>Synopsis:       dhcpcd dumps core on carrier down/up
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Oct 25 19:30:00 +0000 2017
>Originator:     Manuel Bouyer
>Release:        NetBSD 8.0_BETA
>Organization:
>Environment:
System: NetBSD chartplotter 8.0_BETA NetBSD 8.0_BETA (CHARTPLOTTER) #4: Mon Oct 16 17:21:57 CEST 2017 bouyer%bop.soc.lip6.fr@localhost:/dsk/l1/misc/bouyer/tmp/earmv7hf/obj/dsk/l1/misc/bouyer/netbsd-8/src/sys/arch/evbarm/compile/CHARTPLOTTER evbarm
Architecture: earmv7hf
Machine: evbarm
>Description:
	On an ipv6-enabled network, this device stays up but the network
	cable can be disconnected for several hours.
	On reconnect, dhcpcd dumps core.
	I tracked it down to ifp being NULL in ipv6_addaddr1() at line 675.
	This looks expected as this is the exit condition of the loop
	before.
	Changing it to ap->iface->name, as in the patch below, prevents the
	NULL dereference. On cable connect the messages are:
Oct 25 20:36:32 chartplotter dhcpcd[9821]: axe0: carrier acquired
Oct 25 20:36:33 chartplotter dhcpcd[9821]: axe0: 2001:7a8:242c:0:412d:f5ec:a38c:ded7/64: lifetime overflow
Oct 25 20:36:33 chartplotter dhcpcd[9821]: axe0: expired address 2001:7a8:242c:0:412d:f5ec:a38c:ded7/64
Oct 25 20:36:33 chartplotter dhcpcd[9821]: axe0: deleting route to 2001:7a8:242c::/64
Oct 25 20:36:33 chartplotter dhcpcd[9821]: axe0: IAID 86:f1:6b:4d
Oct 25 20:36:33 chartplotter dhcpcd[9821]: axe0: adding route to 2001:7a8:242c::/64
Oct 25 20:36:33 chartplotter dhcpcd[9821]: axe0: soliciting a DHCP lease
Oct 25 20:36:33 chartplotter dhcpcd[9821]: axe0: offered 10.0.2.12 from 10.0.0.254

>How-To-Repeat:
	disconnect and reconnect several hours later the ethernet cable
	on my IPv6-enabled network (maybe any network ?)
>Fix:
	this patch gives me the expected behavior. From my understanding
of the code it should be correct but I'll let Roy double-check it.

Index: dist/src/ipv6.c
===================================================================
RCS file: /cvsroot/src/external/bsd/dhcpcd/dist/src/ipv6.c,v
retrieving revision 1.1.1.3
diff -u -p -u -r1.1.1.3 ipv6.c
--- dist/src/ipv6.c	10 May 2017 11:00:37 -0000	1.1.1.3
+++ dist/src/ipv6.c	25 Oct 2017 19:19:59 -0000
@@ -672,7 +672,7 @@ ipv6_addaddr1(struct ipv6_addr *ap, cons
 			/* This should never happen. */
 			if (ap->prefix_vltime > vltime) {
 				logerrx("%s: %s: lifetime overflow",
-				    ifp->name, ap->saddr);
+				    ap->iface->name, ap->saddr);
 				ap->prefix_vltime = ap->prefix_pltime = 0;
 			}
 		}

Prev by Date: PR/52653 CVS commit: src/sys/ufs/ufs
Next by Date: Re: bin/52656 (dhcpcd dumps core on carrier down/up)
Previous by Thread: PR/52653 CVS commit: src/sys/ufs/ufs
Next by Thread: Re: bin/52656 (dhcpcd dumps core on carrier down/up)
Indexes:

Home | Main Index | Thread Index | Old Index