2.16.1, BFD-related crash in nest/password.c:password_find_by_id()

Lexi Winter lexi at hemlock.eden.le-fay.org
Tue Mar 4 09:51:19 CET 2025 

hello,

i'm running into a crash on 2.16.1 on FreeBSD/amd64 15.0.  it happens
sometimes (not always) when reconfiguring BIRD with BFD enabled.

(gdb) run -f
Starting program: /usr/local/bird/sbin/bird -f
[New LWP 101873 of process 58914]

Thread 2 received signal SIGSEGV, Segmentation fault.
Address not mapped to object.
[Switching to LWP 101873 of process 58914]
0x00000000002bcd70 in password_find_by_id (l=0x800e913e0, id=1) at nest/password.c:52
warning: 52     nest/password.c: No such file or directory
(gdb) bt
#0  0x00000000002bcd70 in password_find_by_id (l=0x800e913e0, id=1) at nest/password.c:52
#1  0x00000000002d2b3c in bfd_check_authentication (p=p at entry=0x801215a20, s=s at entry=0x800def920, pkt=0xffffffff00000000, pkt at entry=0x801296780) at proto/bfd/packets.c:246
#2  0x00000000002d2755 in bfd_rx_hook (sk=0x8012288c0, len=<optimized out>) at proto/bfd/packets.c:384
#3  0x0000000000312a3a in sk_read_noflush (s=0x8012288c0, revents=<optimized out>) at sysdep/unix/io.c:2144
#4  sk_read (s=0x8012288c0, revents=revents at entry=0) at sysdep/unix/io.c:2153
#5  0x00000000002d1f49 in sockets_fire (loop=0x80129e020) at proto/bfd/io.c:376
#6  birdloop_main (arg=0x80129e020) at proto/bfd/io.c:526
#7  0x00000008003fad32 in thread_start (curthread=0x800e0b808) at /build/src/freebsd/lf/main/lib/libthr/thread/thr_create.c:289
#8  0x0000000000000000 in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffdfffe000
(gdb)

line 52 is:	  WALK_LIST(pi, *l)

(gdb) print pi
$1 = <optimized out>
(gdb) print l
$2 = (list *) 0x800e913e0
(gdb) print *l
$3 = {{head_node = {next = 0xffffffff00000000, prev = 0x0}, head_padding = 0x0}, {tail_padding = 0xffffffff00000000, tail_node = {next = 0x0, prev = 0x0}}, {head = 0xffffffff00000000, null = 0x0,
    tail = 0x0}}

my BFD configuration is fairly straightforward:

protocol bfd {
        interface "wg.*" {
                interval 200ms;
                password "...";
                authentication keyed sha1;
        };

        multihop {
                interval 1s;
                multiplier 5;
                password "...";
                authentication keyed sha1;
        };
}

and it's enabled (bfd yes;) for OSPFv3 peers and multihop IBGP peers.

i have a binary with debuggiing symbols and a core dump if any more
debugging is required.

 	regards, lexi.

More information about the Bird-users mailing list