I applied the patch and ran my smoke test here is the new core that I am
getting:
[New LWP 5727]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/powerpc-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/lib/quagga/ospfd --daemon -A 127.0.0.1'.
Program terminated with signal 11, Segmentation fault.
#0 0x0ffc0530 in ?? () from /usr/lib/libospf.so.0
#0 0x0ffc0530 in ?? () from /usr/lib/libospf.so.0
#1 0x0ff89270 in ospf_nsm_event (thread=<optimized out>) at ospf_nsm.c:791
#2 0x0ff11820 in thread_call (thread=thread@entry=0xbfc4c308) at
thread.c:1266
#3 0x0ff1194c in funcname_thread_execute (m=<optimized out>,
func=0xff891a0 <ospf_nsm_event>, arg=0x1007b980, val=val@entry=11,
funcname=funcname@entry=0xffbdcc6 "ospf_nsm_event",
schedfrom=schedfrom@entry=0xffbe63b "ospf_interface.c",
fromln=fromln@entry=310)
at thread.c:1323
#4 0x0ff84e10 in ospf_if_cleanup (oi=0x10079cc0) at ospf_interface.c:310
#5 0x0ff86c14 in ism_interface_down (oi=<optimized out>) at ospf_ism.c:394
#6 0x0ff86d08 in ospf_ism_event (thread=<optimized out>) at ospf_ism.c:616
#7 0x0ff11820 in thread_call (thread=thread@entry=0xbfc4c4d8) at
thread.c:1266
#8 0x0ff1194c in funcname_thread_execute (m=<optimized out>,
func=0xff86cb8 <ospf_ism_event>, arg=arg@entry=0x10079cc0, val=val@entry=7,
funcname=funcname@entry=0xffbe62c "ospf_ism_event",
schedfrom=schedfrom@entry=0xffbe63b "ospf_interface.c",
fromln=fromln@entry=848)
at thread.c:1323
#9 0x0ff85b94 in ospf_if_down (oi=oi@entry=0x10079cc0) at
ospf_interface.c:848
#10 0x0ff85bec in ospf_if_free (oi=oi@entry=0x10079cc0) at
ospf_interface.c:329
#11 0x0ff8280c in ospf_interface_address_delete (command=<optimized out>,
zclient=<optimized out>, length=<optimized out>, vrf_id=<optimized out>) at
ospf_zebra.c:318
#12 0x0ff2535c in zclient_read (thread=<optimized out>) at zclient.c:1131
#13 0x0ff11820 in thread_call (thread=thread@entry=0xbfc4c768) at
thread.c:1266
#14 0x10001388 in main (argc=4, argv=0xbfc4ca64) at ospf_main.c:341
nbr:
(gdb) p *nbr
$2 = {oi = 0xfe3e4e8, state = 15 '\017', dd_flags = 227 '\343', dd_seqnum =
268941688, address = {family = 2 '\002',
prefixlen = 24 '\030', u = {prefix = 12 '\f', prefix4 = {s_addr =
201326593}, prefix6 = {__in6_u = {
__u6_addr8 = "\f\000\000\001", '\000' <repeats 11 times>,
__u6_addr16 = {3072, 1, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {
201326593, 0, 0, 0}}}, lp = {id = {s_addr = 201326593},
adv_router = {s_addr = 0}},
val = "\f\000\000\001\000\000\000", ptr = 201326593}}, src = {s_addr
= 201326593}, router_id = {s_addr = 17},
options = 2 '\002', priority = 1, d_router = {s_addr = 0}, bd_router =
{s_addr = 0}, last_send = 0x0, last_send_ts = {
tv_sec = 0, tv_usec = 0}, last_recv = {options = 0 '\000', flags = 0
'\000', dd_seqnum = 0}, ls_rxmt = {type = {{count = 0,
count_self = 0, checksum = 0, db = 0x0}, {count = 0, count_self =
0, checksum = 0, db = 0x1007bca0}, {count = 0,
count_self = 0, checksum = 0, db = 0x1007bcb8}, {count = 0,
count_self = 0, checksum = 0, db = 0x1007bcd0}, {count = 0,
count_self = 0, checksum = 0, db = 0x1007bce8}, {count = 0,
count_self = 0, checksum = 0, db = 0x1007bd00}, {count = 0,
count_self = 0, checksum = 0, db = 0x1007bd18}, {count = 0,
count_self = 0, checksum = 0, db = 0x1007bd30}, {count = 0,
count_self = 0, checksum = 0, db = 0x1007bd48}, {count = 0,
count_self = 0, checksum = 0, db = 0x1007bd60}, {count = 0,
count_self = 0, checksum = 0, db = 0x1007bd78}, {count = 0,
count_self = 0, checksum = 0, db = 0x1007bd90}}, total = 0,
new_lsa_hook = 0, del_lsa_hook = 0}, db_sum = {type = {{count = 0,
count_self = 0, checksum = 0, db = 0x0}, {count = 0,
count_self = 0, checksum = 0, db = 0x10079e10}, {count = 0,
count_self = 0, checksum = 0, db = 0x1007b570}, {count = 0,
count_self = 0, checksum = 0, db = 0x1007a670}, {count = 0,
count_self = 0, checksum = 0, db = 0x1007a688}, {count = 0,
count_self = 0, checksum = 0, db = 0x1007a410}, {count = 0,
count_self = 0, checksum = 0, db = 0x1007a428}, {count = 0,
count_self = 0, checksum = 0, db = 0x10079860}, {count = 0,
count_self = 0, checksum = 0, db = 0x10079878}, {count = 0,
count_self = 0, checksum = 0, db = 0x10079890}, {count = 0,
count_self = 0, checksum = 0, db = 0x100798a8}, {count = 0,
count_self = 0, checksum = 0, db = 0x1007bc88}}, total = 0,
new_lsa_hook = 0, del_lsa_hook = 0}, ls_req = {type = {{
count = 0, count_self = 0, checksum = 0, db = 0x0}, {count = 0,
count_self = 0, checksum = 0, db = 0x1007bda8}, {
count = 0, count_self = 0, checksum = 0, db = 0x1007bdc0}, {count =
0, count_self = 0, checksum = 0, db = 0x1007bdd8}, {
count = 0, count_self = 0, checksum = 0, db = 0x1007bdf0}, {count =
0, count_self = 0, checksum = 0, db = 0x1007be08}, {
count = 0, count_self = 0, checksum = 0, db = 0x1007be20}, {count =
0, count_self = 0, checksum = 0, db = 0x1007be38}, {
count = 0, count_self = 0, checksum = 0, db = 0x1007be50}, {count =
0, count_self = 0, checksum = 0, db = 0x1007be68}, {
count = 0, count_self = 0, checksum = 0, db = 0x1007be80}, {count =
0, count_self = 0, checksum = 0, db = 0x1007be98}},
total = 0, new_lsa_hook = 0, del_lsa_hook = 0}, ls_req_last = 0x0,
crypt_seqnum = 0, v_inactivity = 40, v_db_desc = 5,
v_ls_req = 5, v_ls_upd = 5, t_inactivity = 0x0, t_db_desc = 0x0, t_ls_req
= 0x0, t_ls_upd = 0x0, t_hello_reply = 0x0,
nbr_nbma = 0x0, ts_last_progress = {tv_sec = 0, tv_usec = 0},
ts_last_regress = {tv_sec = 0, tv_usec = 0},
last_regress_str = 0x0, state_change = 0}
(gdb) p nbr->state
$3 = 15 '\017'
(gdb) p *nbr->oi
$6 = {ospf = 0xfe3e4e0, area = 0xfe3e4e0, lsa_pos_beg = 4103, lsa_pos_end =
47480, ifp = 0x1007b978, vl_data = 0xfe3e4f0,
obuf = 0xfe3e4f0, type = 15 '\017', state = 227 '\343',
multicast_memberships = 228 '\344', address = 0xfe3e4f8,
connected = 0xfe3e500, params = 0xfe3e500, crypt_seqnum = 266593544,
output_cost = 266593544, nbrs = 0xfe3e510,
nbr_self = 0xfe3e510, nbr_nbma = 0x10078ef0, network_lsa_self =
0x1007c7f8, opaque_lsa_self = 0xfe3e520,
ls_upd_queue = 0xfe3e520, ls_ack = 0xfe3e528, ls_ack_direct = {ls_ack =
0xfe3e528, dst = {s_addr = 266593584}},
v_ls_ack = 266593584, t_hello = 0xfe3e538, t_wait = 0xfe3e538, t_ls_ack =
0xfe3e540, t_ls_ack_direct = 0xfe3e540,
t_ls_upd_event = 0xfe3e548, t_opaque_lsa_self = 0xfe3e548, on_write_q =
266593616, hello_in = 266593616, hello_out = 266593624,
db_desc_in = 266593624, db_desc_out = 266593632, ls_req_in = 266593632,
ls_req_out = 266593640, ls_upd_in = 266593640,
ls_upd_out = 266593648, ls_ack_in = 266593648, ls_ack_out = 266593656,
discarded = 266593656, state_change = 266593664,
full_nbrs = 266593664}
(gdb)
nbr looks bogus.
On Mon, Dec 21, 2015 at 8:07 AM, Paul Jakma <[email protected]> wrote:
> On Mon, 21 Dec 2015, Joakim Tjernlund wrote:
>
> Perhaps add ASAN (gcc option) to Q would narrow it down? I think ASAN
>> should be added as a configure flag as it is a really good tool to find
>> memory related errors.
>>
>
> It's probably something silly like the vty command changing the type
> before doing the down/up cycle. Down, then change, then up (as needed),
> would be better.
>
> I don't know if it fixes it, cause it's so hard to trigger, but I've got a
> gdb running a breakpoint script to re-run after the command finished, and
> an expect script in a loop to do run the command, and it's been going quite
> a while without a crash.
>
> See below.
>
> I'd change from OSPF_ISM_EVENT_EXECUTE to ospf_if_{down,up} for the actual
> commit, but left it on execute to keep it within vty context for testing.
>
> Also, move the interface state twiddling stuff out of ospf_vty to
> ospf_interface for better encapsulation.
>
> -----8<---------8<---------8<---------8<---------8<---------8<----
> From 09d4f74fb0eeec829cf02a0f7043db168dbc9c1e Mon Sep 17 00:00:00 2001
> From: Paul Jakma <[email protected]>
> Date: Mon, 21 Dec 2015 12:57:31 +0000
> Subject: ospfd: 'ip ospf network' interface should down iface before
> changing
> type
>
> * ospf_vty.c: (ip_ospf_network) This function changes the interface type
> and only then downs/ups the interface if already up. So the down happens
> with the interface type already altered. However, the interface type
> can have major ramifications for how underlying state is stored/indexed,
> which may cause problems.
>
> Further, bit of an encapsulation violation to twiddle state here.
> (no_ip_ospf_network) ditto.
> * ospf_interface.c: (ospf_if_reset_type) New function to reset the OSPF
> interface type on an interface. Ensure the interface is downed before
> the type is changed.
> * ospf_interface.h: (ospf_if_reset_type) Export, for ospf_vty.c
>
> diff --git a/ospfd/ospf_interface.c b/ospfd/ospf_interface.c
> index f41c4f1..f05f116 100644
> --- a/ospfd/ospf_interface.c
> +++ b/ospfd/ospf_interface.c
> @@ -144,6 +144,31 @@ ospf_if_reset_variables (struct ospf_interface *oi)
> oi->v_ls_ack = 1;
> }
>
> +void
> +ospf_if_reset_type (struct interface *ifp, u_char type)
> +{
> + struct route_node *rn;
> + + for (rn = route_top (IF_OIFS (ifp)); rn; rn = route_next (rn))
> + {
> + struct ospf_interface *oi = rn->info;
> + u_char orig_ism_state;
> + + if (!oi)
> + continue;
> + + orig_ism_state = oi->state;
> + //ospf_if_down (oi);
> + OSPF_ISM_EVENT_EXECUTE (oi, ISM_InterfaceDown);
> + + oi->type = IF_DEF_PARAMS (ifp)->type;
> + + if (orig_ism_state > ISM_Down)
> + OSPF_ISM_EVENT_EXECUTE (oi, ISM_InterfaceUp);
> + //ospf_if_up (oi);
> + }
> +}
> +
> /* lookup oi for specified prefix/ifp */
> struct ospf_interface *
> ospf_if_table_lookup (struct interface *ifp, struct prefix *prefix)
> diff --git a/ospfd/ospf_interface.h b/ospfd/ospf_interface.h
> index 2ed426f..9154b0e 100644
> --- a/ospfd/ospf_interface.h
> +++ b/ospfd/ospf_interface.h
> @@ -280,6 +280,7 @@ extern void ospf_if_init (void);
> extern void ospf_if_stream_set (struct ospf_interface *);
> extern void ospf_if_stream_unset (struct ospf_interface *);
> extern void ospf_if_reset_variables (struct ospf_interface *);
> +extern void ospf_if_reset_type (struct interface *, u_char type);
> extern int ospf_if_is_enable (struct ospf_interface *);
> extern int ospf_if_get_output_cost (struct ospf_interface *);
> extern void ospf_if_recalculate_output_cost (struct interface *);
> diff --git a/ospfd/ospf_vty.c b/ospfd/ospf_vty.c
> index 45a19c0..084c5c1 100644
> --- a/ospfd/ospf_vty.c
> +++ b/ospfd/ospf_vty.c
> @@ -5433,7 +5433,6 @@ DEFUN (ip_ospf_network,
> {
> struct interface *ifp = vty->index;
> int old_type = IF_DEF_PARAMS (ifp)->type;
> - struct route_node *rn;
>
> if (old_type == OSPF_IFTYPE_LOOPBACK)
> {
> @@ -5454,23 +5453,7 @@ DEFUN (ip_ospf_network,
> return CMD_SUCCESS;
>
> SET_IF_PARAM (IF_DEF_PARAMS (ifp), type);
> -
> - for (rn = route_top (IF_OIFS (ifp)); rn; rn = route_next (rn))
> - {
> - struct ospf_interface *oi = rn->info;
> -
> - if (!oi)
> - continue;
> - - oi->type = IF_DEF_PARAMS (ifp)->type;
> - - if (oi->state > ISM_Down)
> - {
> - OSPF_ISM_EVENT_EXECUTE (oi, ISM_InterfaceDown);
> - OSPF_ISM_EVENT_EXECUTE (oi, ISM_InterfaceUp);
> - }
> - }
> -
> + ospf_if_reset_type (ifp, IF_DEF_PARAMS (ifp)->type);
> return CMD_SUCCESS;
> }
>
> @@ -5494,29 +5477,14 @@ DEFUN (no_ip_ospf_network,
> {
> struct interface *ifp = vty->index;
> int old_type = IF_DEF_PARAMS (ifp)->type;
> - struct route_node *rn;
>
> IF_DEF_PARAMS (ifp)->type = ospf_default_iftype(ifp);
>
> if (IF_DEF_PARAMS (ifp)->type == old_type)
> return CMD_SUCCESS;
> -
> - for (rn = route_top (IF_OIFS (ifp)); rn; rn = route_next (rn))
> - {
> - struct ospf_interface *oi = rn->info;
> -
> - if (!oi)
> - continue;
> - - oi->type = IF_DEF_PARAMS (ifp)->type;
> - - if (oi->state > ISM_Down)
> - {
> - OSPF_ISM_EVENT_EXECUTE (oi, ISM_InterfaceDown);
> - OSPF_ISM_EVENT_EXECUTE (oi, ISM_InterfaceUp);
> - }
> - }
> -
> + + ospf_if_reset_type (ifp, IF_DEF_PARAMS (ifp)->type);
> +
> return CMD_SUCCESS;
> }
>
>
> regards,
> --
> Paul Jakma [email protected] @pjakma Key ID: 64A2FF6A
> Fortune:
> Freedom of the press is for those who happen to own one.
>
_______________________________________________
Quagga-dev mailing list
[email protected]
https://lists.quagga.net/mailman/listinfo/quagga-dev
