Hi BIRD Team,
I wanna report a crash with BIRD 3.1.5 running on NixOS.
The crash triggers a `bug()` assertion failure related to locking mechanisms
during interface lookup (`if_find_by_index`).
I have successfully reproduced this issue locally with a minimal configuration.
Environment:
- BIRD Version: 3.1.5
- OS: NixOS unstable (glibc 2.40)
- Kernel: Linux 6.17.9 #1-NixOS SMP PREEMPT_DYNAMIC x86_64 GNU/Linux
Reproduction Steps:
1. Configure a BGP protocol using an IPv6 Link-Local neighbor on a physical
interface.
2. Start BIRD. Wait for the protocol to enter 'Active' or 'Connect' state so
the port is listening.
3. Initiate a TCP connection to the BGP port:
$ nc -6 -v <Link-Local-IP>%<interface> <port>
4. BIRD crashes immediately upon receiving the connection.
Crash Summary (from GDB):
The main thread (Thread 1) hits a bug() assertion:
#3 0x000056536f6ef97a in bug (msg=<optimized out>) at sysdep/unix/log.c:412
#4 0x000056536f6fa9a1 in do_lock (dg=0x5653774ace60, lsp=0x7fba0208a2a8) at
sysdep/unix/domain.c:116
#5 0x000056536f64c8ac in if_find_by_index (idx=23) at nest/iface.c:721
#6 0x000056536f6e4ac8 in sockaddr_read6 ... at sysdep/unix/io.c:583
#8 0x000056536f6ecfd7 in sk_passive_connected ... at sysdep/unix/io.c:1451
Attachments:
1. backtrace.txt: Full GDB backtrace.
2. config_snippet.txt: The minimal config used to reproduce the crash.
Best regards,
Moraxyc
log stderr all;
router id 10.0.0.1;
protocol device {
scan time 20;
}
# 1. Using an IPv6 Link-Local neighbor on a real interface.
# 2. Protocol state transitions to Active/Connect (socket opens).
# 3. An incoming TCP connection hits the port.
protocol bgp crash_test {
local as 65000;
local port 17999;
neighbor fe80::1234 % 'eth0' as 65001;
ipv4 { import all; export all; };
ipv6 { import all; export all; };
}
(gdb) set pagination off
(gdb) bt full
#0 0x00007fba01e9caac in __pthread_kill_implementation ()
from /nix/store/xx7cm72qy2c0643cm1ipngd87aqwkcdp-glibc-2.40-66/lib/libc.so.6
No symbol table info available.
#1 0x00007fba01e4190e in raise () from
/nix/store/xx7cm72qy2c0643cm1ipngd87aqwkcdp-glibc-2.40-66/lib/libc.so.6
No symbol table info available.
#2 0x00007fba01e28942 in abort () from
/nix/store/xx7cm72qy2c0643cm1ipngd87aqwkcdp-glibc-2.40-66/lib/libc.so.6
No symbol table info available.
#3 0x000056536f6ef97a in bug (msg=<optimized out>) at sysdep/unix/log.c:412
args = {{gp_offset = 8, fp_offset = 48, overflow_arg_area =
0x7fff7fe3b670, reg_save_area = 0x7fff7fe3b5b0}}
#4 0x000056536f6fa9a1 in do_lock (dg=0x5653774ace60, lsp=0x7fba0208a2a8) at
sysdep/unix/domain.c:116
stack_copy = {the_bird = 0x56536f7a1700 <the_bird_domain_gen.lto_priv>,
meta = 0x0, control = 0x0, proto = 0x0,
service = 0x0, rtable = 0x5653774b9140, attrs = 0x0, logging = 0x0,
resource = 0x0}
lll = <optimized out>
lock_begin = <optimized out>
duration = <optimized out>
wdw = <optimized out>
#5 0x000056536f64c8ac in if_find_by_index (idx=23) at nest/iface.c:721
i = <optimized out>
#6 0x000056536f6e4ac8 in sockaddr_read6 (sa=0x5653774b9140, a=0x56537750ce10,
ifa=0x56537750cdd8, port=0x56537750ce38)
at sysdep/unix/io.c:583
No locals.
#7 sockaddr_read (sa=sa@entry=0x7fff7fe3b780, af=<optimized out>,
a=a@entry=0x56537750cd98, ifa=ifa@entry=0x56537750cdd8,
port=port@entry=0x56537750cdc0) at sysdep/unix/io.c:595
No locals.
#8 0x000056536f6ecfd7 in sk_passive_connected (s=0x56537760f790,
type=<optimized out>) at sysdep/unix/io.c:1451
loc_sa = {sa = {sa_family = 10, sa_data =
"\000\263\000\000\000\000\376\200\000\000\000\000\000"},
padding = "\000\000\000\000\000\0000\021\027\000\000\000SV\000"}
rem_sa = {sa = {sa_family = 10, sa_data =
"\263\223\000\000\000\000\376\200\000\000\000\000\000"},
padding = "\000\000\000\000\000\000\0254\027\000\000\000\272\000\000"}
loc_sa_len = 28
rem_sa_len = 28
fd = 22
sock_lock = <optimized out>
t = 0x56537750cd60
#9 0x000056536f618de2 in sk_read (s=<optimized out>, revents=<optimized out>)
at sysdep/unix/io.c:2330
e = <optimized out>
e = <optimized out>
#10 io_loop () at sysdep/unix/io.c:2777
s = <optimized out>
count = 1
timeout = <optimized out>
pout = <optimized out>
poll_tout = <optimized out>
events = <optimized out>
t = <optimized out>
pfd = {pfd = {data = 0x5653775f9f70, used = 5, size = 16}, loop = {data
= 0x5653775fa030, used = 5, size = 16}}
poll_tout = <optimized out>
timeout = <optimized out>
events = <optimized out>
pout = <optimized out>
t = <optimized out>
pfd = <optimized out>
next2 = <optimized out>
count = <optimized out>
_orig = <optimized out>
_ptr = <optimized out>
_ = <optimized out>
s = <optimized out>
e = <optimized out>
steps = <optimized out>
_orig = <optimized out>
_ptr = <optimized out>
_ = <optimized out>
s = <optimized out>
#11 main (argc=<optimized out>, argv=<optimized out>) at sysdep/unix/main.c:1106
use_uid = <optimized out>
use_gid = <optimized out>
conf = <optimized out>
(gdb) thread apply all bt full
Thread 3 (Thread 0x7fba015ff6c0 (LWP 857837)):
#0 0x00007fba01f1443d in poll () from
/nix/store/xx7cm72qy2c0643cm1ipngd87aqwkcdp-glibc-2.40-66/lib/libc.so.6
No symbol table info available.
#1 0x000056536f6f669e in poll (__fds=<optimized out>, __nfds=<optimized out>,
__timeout=<optimized out>, __fds=<optimized out>, __nfds=<optimized out>,
__timeout=<optimized out>) at
/nix/store/gi4cz4ir3zlwhf1azqfgxqdnczfrwsr7-glibc-2.40-66-dev/include/bits/poll2.h:44
No locals.
#2 bird_thread_main (arg=0x5653775fa520) at sysdep/unix/io-loop.c:1013
thr_loop_start = <optimized out>
timeout = 2794
thr_before_run = <optimized out>
idle_force = <optimized out>
busy_now = <optimized out>
rv = <optimized out>
__atomic_load_ptr = <optimized out>
__atomic_load_ptr = <optimized out>
loop = <optimized out>
__atomic_load_ptr = <optimized out>
__atomic_load_ptr = <optimized out>
__atomic_load_tmp = <optimized out>
__atomic_load_tmp = <optimized out>
__atomic_load_tmp = <optimized out>
__atomic_load_tmp = <optimized out>
more_events = <optimized out>
thr = 0x5653775fa520
pfd = {pfd = {data = 0x5653775fc420, used = 3, size = 16}, loop = {data
= 0x5653775fc4e0, used = 3, size = 16}}
#3 0x00007fba01e9a97a in start_thread () from
/nix/store/xx7cm72qy2c0643cm1ipngd87aqwkcdp-glibc-2.40-66/lib/libc.so.6
No symbol table info available.
#4 0x00007fba01f22d2c in __clone3 () from
/nix/store/xx7cm72qy2c0643cm1ipngd87aqwkcdp-glibc-2.40-66/lib/libc.so.6
No symbol table info available.
Thread 2 (Thread 0x7fba00dfe6c0 (LWP 857838)):
#0 0x00007fba01f1443d in poll () from
/nix/store/xx7cm72qy2c0643cm1ipngd87aqwkcdp-glibc-2.40-66/lib/libc.so.6
No symbol table info available.
#1 0x000056536f6f669e in poll (__fds=<optimized out>, __nfds=<optimized out>,
__timeout=<optimized out>, __fds=<optimized out>, __nfds=<optimized out>,
__timeout=<optimized out>) at
/nix/store/gi4cz4ir3zlwhf1azqfgxqdnczfrwsr7-glibc-2.40-66-dev/include/bits/poll2.h:44
No locals.
#2 bird_thread_main (arg=0x5653775fad10) at sysdep/unix/io-loop.c:1013
thr_loop_start = <optimized out>
timeout = -1
thr_before_run = <optimized out>
idle_force = <optimized out>
busy_now = <optimized out>
rv = <optimized out>
__atomic_load_ptr = <optimized out>
__atomic_load_ptr = <optimized out>
loop = <optimized out>
__atomic_load_ptr = <optimized out>
__atomic_load_ptr = <optimized out>
__atomic_load_tmp = <optimized out>
__atomic_load_tmp = <optimized out>
__atomic_load_tmp = <optimized out>
__atomic_load_tmp = <optimized out>
more_events = <optimized out>
thr = 0x5653775fad10
pfd = {pfd = {data = 0x56537760dc30, used = 5, size = 16}, loop = {data
= 0x56537760dcf0, used = 5, size = 16}}
#3 0x00007fba01e9a97a in start_thread () from
/nix/store/xx7cm72qy2c0643cm1ipngd87aqwkcdp-glibc-2.40-66/lib/libc.so.6
No symbol table info available.
#4 0x00007fba01f22d2c in __clone3 () from
/nix/store/xx7cm72qy2c0643cm1ipngd87aqwkcdp-glibc-2.40-66/lib/libc.so.6
No symbol table info available.
Thread 1 (Thread 0x7fba0208adc0 (LWP 857835)):
#0 0x00007fba01e9caac in __pthread_kill_implementation () from
/nix/store/xx7cm72qy2c0643cm1ipngd87aqwkcdp-glibc-2.40-66/lib/libc.so.6
No symbol table info available.
#1 0x00007fba01e4190e in raise () from
/nix/store/xx7cm72qy2c0643cm1ipngd87aqwkcdp-glibc-2.40-66/lib/libc.so.6
No symbol table info available.
#2 0x00007fba01e28942 in abort () from
/nix/store/xx7cm72qy2c0643cm1ipngd87aqwkcdp-glibc-2.40-66/lib/libc.so.6
No symbol table info available.
#3 0x000056536f6ef97a in bug (msg=<optimized out>) at sysdep/unix/log.c:412
args = {{gp_offset = 8, fp_offset = 48, overflow_arg_area =
0x7fff7fe3b670, reg_save_area = 0x7fff7fe3b5b0}}
#4 0x000056536f6fa9a1 in do_lock (dg=0x5653774ace60, lsp=0x7fba0208a2a8) at
sysdep/unix/domain.c:116
stack_copy = {the_bird = 0x56536f7a1700 <the_bird_domain_gen.lto_priv>,
meta = 0x0, control = 0x0, proto = 0x0, service = 0x0, rtable = 0x5653774b9140,
attrs = 0x0, logging = 0x0, resource = 0x0}
lll = <optimized out>
lock_begin = <optimized out>
duration = <optimized out>
wdw = <optimized out>
#5 0x000056536f64c8ac in if_find_by_index (idx=23) at nest/iface.c:721
i = <optimized out>
#6 0x000056536f6e4ac8 in sockaddr_read6 (sa=0x5653774b9140, a=0x56537750ce10,
ifa=0x56537750cdd8, port=0x56537750ce38) at sysdep/unix/io.c:583
No locals.
#7 sockaddr_read (sa=sa@entry=0x7fff7fe3b780, af=<optimized out>,
a=a@entry=0x56537750cd98, ifa=ifa@entry=0x56537750cdd8,
port=port@entry=0x56537750cdc0) at sysdep/unix/io.c:595
No locals.
#8 0x000056536f6ecfd7 in sk_passive_connected (s=0x56537760f790,
type=<optimized out>) at sysdep/unix/io.c:1451
loc_sa = {sa = {sa_family = 10, sa_data =
"\000\263\000\000\000\000\376\200\000\000\000\000\000"}, padding =
"\000\000\000\000\000\0000\021\027\000\000\000SV\000"}
rem_sa = {sa = {sa_family = 10, sa_data =
"\263\223\000\000\000\000\376\200\000\000\000\000\000"}, padding =
"\000\000\000\000\000\000\0254\027\000\000\000\272\000\000"}
loc_sa_len = 28
rem_sa_len = 28
fd = 22
sock_lock = <optimized out>
t = 0x56537750cd60
#9 0x000056536f618de2 in sk_read (s=<optimized out>, revents=<optimized out>)
at sysdep/unix/io.c:2330
e = <optimized out>
e = <optimized out>
#10 io_loop () at sysdep/unix/io.c:2777
s = <optimized out>
count = 1
timeout = <optimized out>
pout = <optimized out>
poll_tout = <optimized out>
events = <optimized out>
t = <optimized out>
pfd = {pfd = {data = 0x5653775f9f70, used = 5, size = 16}, loop = {data
= 0x5653775fa030, used = 5, size = 16}}
poll_tout = <optimized out>
timeout = <optimized out>
events = <optimized out>
pout = <optimized out>
t = <optimized out>
pfd = <optimized out>
next2 = <optimized out>
count = <optimized out>
_orig = <optimized out>
_ptr = <optimized out>
_ = <optimized out>
s = <optimized out>
e = <optimized out>
steps = <optimized out>
_orig = <optimized out>
_ptr = <optimized out>
_ = <optimized out>
s = <optimized out>
#11 main (argc=<optimized out>, argv=<optimized out>) at sysdep/unix/main.c:1106
use_uid = <optimized out>
use_gid = <optimized out>
conf = <optimized out>
(gdb) quit
