I just sent an email with the patch to fix this issue. The issue stems from the usage of MIN(X, stream_getc(s)) right above where the crash is happening.
MIN double accesses the stream. donald On Fri, Mar 11, 2016 at 3:29 PM, Martin Winter < [email protected]> wrote: > On 11 Mar 2016, at 5:09, Donald Sharp wrote: > > > Martin - > > > > If I could get a decode of this: > > > > 2016/03/09 09:42:20 BGP: [bt 3] bgpd(+0x5c2f0) [0x7f495cb132f0] > > > > I could probably fix/narrow down the problem real fast. > > Ok, did a run with full symbols and looked into the reason for it. > > Here is how I can reproduce it: > > Only single box needed, BGP neighbors do not need to exist > > Start with this basic BGP config with a redistribute static in it: > > interface eth1 > ip address 192.168.1.101/24 > no shutdown > ! > router bgp 500 > redistribute static > network 192.168.1.0/24 > neighbor 192.168.1.1 remote-as 501 > neighbor 192.168.1.1 timers 60 180 > neighbor 192.168.1.1 ebgp-multihop > end > > Now add a static route > config ter > ip route 30.0.6.0 255.255.255.0 192.168.2.1 > end > > Wait a few seconds, then remove static route > config ter > no ip route 30.0.6.0 255.255.255.0 192.168.2.1 > end > > —> crash > > Here is what some more crash info: > > Program received signal SIGABRT, Aborted. > 0x00007ffff74c8cc9 in __GI_raise (sig=sig@entry=6) > > (gdb) bt > #0 0x00007ffff74c8cc9 in __GI_raise (sig=sig@entry=6) > at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 > #1 0x00007ffff74cc0d8 in __GI_abort () at abort.c:89 > #2 0x00007ffff7b9daa3 in _zlog_assert_failed (assertion=0x7ffff7bb9b28 > "0", > file=0x7ffff7bb9970 "stream.c", line=413, > function=0x7ffff7bb9d11 <__func__.9032> "stream_getl") at log.c:669 > #3 0x00007ffff7b98612 in stream_getl (s=0x78b620) at stream.c:413 > #4 0x00000000004497ee in zebra_read_ipv4 (command=8, zclient=0x78b4f0, > length=17, vrf_id=0) at bgp_zebra.c:265 > #5 0x00007ffff7ba5a9f in zclient_read (thread=0x7fffffffeae0) > at zclient.c:1038 > #6 0x00007ffff7b898a9 in thread_call (thread=0x7fffffffeae0) at > thread.c:1260 > #7 0x00000000004075c2 in main (argc=1, argv=0x7fffffffec48) at > bgp_main.c:481 > > (gdb) up > #1 0x00007ffff74cc0d8 in __GI_abort () at abort.c:89 > 89 abort.c: No such file or directory. > (gdb) up > #2 0x00007ffff7b9daa3 in _zlog_assert_failed (assertion=0x7ffff7bb9b28 > "0", > file=0x7ffff7bb9970 "stream.c", line=413, > function=0x7ffff7bb9d11 <__func__.9032> "stream_getl") at log.c:669 > 669 abort(); > > (gdb) up > #3 0x00007ffff7b98612 in stream_getl (s=0x78b620) at stream.c:413 > 413 STREAM_BOUND_WARN (s, "get long"); > (gdb) list > 408 > 409 STREAM_VERIFY_SANE(s); > 410 > 411 if (STREAM_READABLE (s) < sizeof (u_int32_t)) > 412 { > 413 STREAM_BOUND_WARN (s, "get long"); > 414 return 0; > 415 } > 416 > 417 l = s->data[s->getp++] << 24; > > (gdb) up > #4 0x00000000004497ee in zebra_read_ipv4 (command=8, zclient=0x78b4f0, > length=17, vrf_id=0) at bgp_zebra.c:265 > 265 stream_getl (s); /* ifindex, unused */ > (gdb) list > 260 nexthop.s_addr = stream_get_ipv4 (s); > 261 } > 262 if (CHECK_FLAG (api.message, ZAPI_MESSAGE_IFINDEX)) > 263 { > 264 api.ifindex_num = stream_getc (s); > 265 stream_getl (s); /* ifindex, unused */ > 266 } > 267 if (CHECK_FLAG (api.message, ZAPI_MESSAGE_DISTANCE)) > 268 api.distance = stream_getc (s); > 269 if (CHECK_FLAG (api.message, ZAPI_MESSAGE_METRIC)) > > > Hope this helps > > - Martin > > > > On Thu, Mar 10, 2016 at 8:59 PM, Martin Winter < > > [email protected]> wrote: > > > >> (New thread so people actually see it) > >> > >> I really wish my suggestion to Donald/Paul would have been followed and > we > >> would have created a RC version first > >> or at least updated Master first with giving me a few days for some > >> checks… :-( > >> > >> Anyway, the brand new version 1.0.20160309 crashes in my BGP Tests: > >> > >> 2016/03/09 09:42:20 BGP: vty[??]@# exit > >> 2016/03/09 09:42:20 BGP: stream_getl: Attempt to get long out of bounds > >> 2016/03/09 09:42:20 BGP: &(struct stream): 0x7f495d91f6b0, size: 4096, > >> getp: 23, endp: 25 > >> > >> 2016/03/09 09:42:20 BGP: Assertion `0' failed in file stream.c, line > 413, > >> function stream_getl > >> 2016/03/09 09:42:20 BGP: Backtrace for 9 stack frames: > >> 2016/03/09 09:42:20 BGP: [bt 0] > >> /usr/lib/libzebra.so.0(zlog_backtrace+0x2b) [0x7f495c661c10] > >> 2016/03/09 09:42:20 BGP: [bt 1] > >> /usr/lib/libzebra.so.0(_zlog_assert_failed+0xa1) [0x7f495c66234c] > >> 2016/03/09 09:42:20 BGP: [bt 2] /usr/lib/libzebra.so.0(stream_getl+0x7f) > >> [0x7f495c65ef69] > >> 2016/03/09 09:42:20 BGP: [bt 3] bgpd(+0x5c2f0) [0x7f495cb132f0] > >> 2016/03/09 09:42:20 BGP: [bt 4] /usr/lib/libzebra.so.0(+0x34141) > >> [0x7f495c666141] > >> 2016/03/09 09:42:20 BGP: [bt 5] /usr/lib/libzebra.so.0(thread_call+0x7e) > >> [0x7f495c656728] > >> 2016/03/09 09:42:20 BGP: [bt 6] bgpd(main+0x417) [0x7f495caec22a] > >> 2016/03/09 09:42:20 BGP: [bt 7] > >> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7f495bf88ec5] > >> 2016/03/09 09:42:20 BGP: [bt 8] bgpd(+0x35267) [0x7f495caec267] > >> 2016/03/09 09:42:20 BGP: Current thread function zclient_read, scheduled > >> from file zclient.c, line 1131 > >> > >> This is on Ubuntu 14.04 > >> > >> I’ll start digging into the details, just wanted to give a heads up. > >> > >> Any hints on differences to the Proposed/6 branch? > >> > >> - Martin > >> (Would like to be excited on 1.0…) > >> > >> _______________________________________________ > >> Quagga-dev mailing list > >> [email protected] > >> https://lists.quagga.net/mailman/listinfo/quagga-dev >
_______________________________________________ Quagga-dev mailing list [email protected] https://lists.quagga.net/mailman/listinfo/quagga-dev
