Bird 1.6.6_1 crashes, most likely after receiving an unexpected self-originated LSA, as log says: 17:08:06 xxx bird: Received unexpected self-originated LSA 17:08:06 xxx bird: Installing LSA: Type: 2002, Id: 192.168.144.12, Rt: 192.168.144.12, Seq: 80000001, Age: 3600 17:08:06 xxx bird: Received unexpected self-originated LSA 17:08:06 xxx bird: Installing LSA: Type: 2002, Id: 169.254.1.0, Rt: 192.168.144.12, Seq: 80000001, Age: 3600 17:08:07 xxx kernel: pid 2091 (bird), uid 0: exited on signal 11 (core dumped) The backtrace is: --- snip --- # gdb bird bird.core-pkg ... Core was generated by `/usr/local/sbin/bird -c router.bird4.conf'. Program terminated with signal 11, Segmentation fault. #0 0x0000000000429c90 in ospf_rt_notify (P=0x80126e320, tbl=<value optimized out>, n=0x8012202a0, new=<value optimized out>, old=<value optimized out>, ea=0xc) at ../../../proto/ospf/topology.c:1281 1281 u32 tag = ea_get_int(ea, EA_OSPF_TAG, 0); (gdb) backtrace full #0 0x0000000000429c90 in ospf_rt_notify (P=0x80126e320, tbl=<value optimized out>, n=0x8012202a0, new=<value optimized out>, old=<value optimized out>, ea=0xc) at ../../../proto/ospf/topology.c:1281 p = (struct ospf_proto *) 0x80126e320 a = (rta *) 0x80123ca28 m1 = 19006112 m2 = <value optimized out> metric = 32767 fwd = <value optimized out> tag = <value optimized out> oa = <value optimized out> ebit = <value optimized out> nf = <value optimized out> #1 0x000000000042b414 in ospf_rx_hook (sk=0x80126e320, len=<value optimized out>) at ../../../proto/ospf/packet.c:418 err_val = <value optimized out> ifa = (struct ospf_iface *) 0x7fffffffe890 p = (struct ospf_proto *) 0x8012203e0 pkt = (struct ospf_packet *) 0x80126e320 plen = <value optimized out> err_dsc = <value optimized out> areaid = <value optimized out> rid = <value optimized out> instance_id = <value optimized out> n = (struct ospf_neighbor *) 0x80126e320 #2 0x0000000000429632 in ospf_update_lsadb (p=0x0) at ../../../proto/ospf/topology.c:483 real_age = <value optimized out> en = (struct top_hash_entry *) 0x80122d190 nxt = (struct top_hash_entry *) 0x0 #3 0x000000000044b3df in krt_do_scan () at krt-sock.c:886 krt_bufmin = 6793000 krt_buffer_owner = (struct proto *) 0x0 krt_buffer = (byte *) 0x677578 "ð{g" krt_table_cf = 0x67a700 krt_buflen = 6793008 kif_proto = (struct kif_proto *) 0x67a940 krt_max_tables = 0 #4 0x0000000000451604 in number (str=0x429632 "À\017\204J\002", num=34378797456, base=1, size=-1062711132, precision=0, type=19059136, remains=<value optimized out>) at printf.c:65 tmp = 0x7fffffffe960 "\001" digits = 0x0 sign = Cannot access memory at address 0x0 Current language: auto; currently minimal --- snip --- I was not able to reproduce the crash in bird 1.6.6 compiled manually from sources, i. e. without the FreeBSD patches to the bird (see bug #232231).
Hi, following exchange with original author of the port's OSPF patch: Your core dump shows that you didn't have the patch applied: file topology.c, line 1281 calling ea_get_int(). If you apply the patch, line 1281 is an empty line and can't call ea_get_int(). So, are you sure you meet the problem WITH the patch applied ?
(In reply to Olivier Cochard from comment #1) I'm sorry, you are right. The backtrace I sent was bad, but the fact that I can reproduce the crash only when using Bird with the patch still stands. I've tried to make the right backtrace, but it looks to contain less information and I don't know why. I have added --enable-debug to CONFIGURE_ARGS in /usr/ports/net/bird/Makefile, rebuilt and reinstalled the daemon, crashed it and tried to generate the backtrace: --- snip --- # gdb bird bird.core-ports GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-marcel-freebsd"...(no debugging symbols found)... Core was generated by `/usr/local/sbin/bird -c /usr/local/kernun/etc/router.bird4.conf'. Program terminated with signal 11, Segmentation fault. Reading symbols from /lib/libthr.so.3...(no debugging symbols found)...done. Loaded symbols for /lib/libthr.so.3 Reading symbols from /lib/libc.so.7...(no debugging symbols found)...done. Loaded symbols for /lib/libc.so.7 Reading symbols from /libexec/ld-elf.so.1...(no debugging symbols found)...done. Loaded symbols for /libexec/ld-elf.so.1 #0 0x000000000042ab70 in ospf_originate_lsa () (gdb) backtrace full #0 0x000000000042ab70 in ospf_originate_lsa () No symbol table info available. #1 0x000000000042c3dd in ospf_update_topology () No symbol table info available. #2 0x000000000042a512 in ospf_disp () No symbol table info available. #3 0x000000000044cc5f in io_loop () No symbol table info available. #4 0x000000000045307a in main () No symbol table info available. --- snip --- I don't know why there is no symbol table info available.
A commit references this bug: Author: olivier Date: Wed Aug 28 03:15:33 UTC 2019 New revision: 510039 URL: https://svnweb.freebsd.org/changeset/ports/510039 Log: Custom OSPF "wrong LSA collision detection patch" is in conflict with the fix included in bird 1.6.7 and generate crashes, so remove it. PR: 238496 Submitted by: pbd@pbd.name Reported by: Ondrej Zajicek <santiago@crfreenet.org> Changes: head/net/bird/Makefile head/net/bird/files/patch-proto__ospf__lsupd.c head/net/bird/files/patch-proto__ospf__topology.c
This problem was fixed in a different way in the latest bird (1.6.7), and this patch was generating a crash, so it was removed. If you meet problem with 1.6.6, this should mean it was already creating problem on this version. Sorry for the delay.