Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug
report.
http://bugzilla.quagga.net/show_bug.cgi?id=392 ------- Additional Comments From gardiner@purdigital.net 2007-08-13 14:09 -------
Sorry, I'm not really accustomed to the programming internals. Here is the
stack trace
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...
(gdb) run
Starting program: /usr/local/sbin/bgpd
bgpd in free(): error: junk pointer, too high to make sense
Program received signal SIGABRT, Aborted.
0x2824becb in kill () from /lib/libc.so.6
(gdb) bt
#0 0x2824becb in kill () from /lib/libc.so.6
#1 0x2824be68 in raise () from /lib/libc.so.6
#2 0x2824ab78 in abort () from /lib/libc.so.6
#3 0x281e7fdb in _UTF8_init () from /lib/libc.so.6
#4 0xbfbfedf8 in ?? ()
#5 0x28251dd3 in sys_nsig () from /lib/libc.so.6
#6 0x28251cd3 in sys_nsig () from /lib/libc.so.6
#7 0x28251df0 in sys_nsig () from /lib/libc.so.6
#8 0x00000000 in ?? ()
#9 0x2825cd80 in ?? () from /lib/libc.so.6
#10 0xbfbfe828 in ?? ()
#11 0x281e8009 in _UTF8_init () from /lib/libc.so.6
#12 0x2825cd80 in ?? () from /lib/libc.so.6
#13 0x28272a24 in _nsyyin () from /lib/libc.so.6
#14 0xbfbfe8d8 in ?? ()
#15 0x281e8d69 in _UTF8_init () from /lib/libc.so.6
#16 0x082514d0 in ?? ()
#17 0x00000000 in ?? ()
#18 0x00000010 in ?? ()
#19 0x082514d0 in ?? ()
#20 0x00000001 in ?? ()
#21 0x2816046c in __JCR_LIST__ () from /usr/local/lib/libzebra.so.0
#22 0xbfbfe878 in ?? ()
#23 0x2816046c in __JCR_LIST__ () from /usr/local/lib/libzebra.so.0
---Type <return> to continue, or q <return> to quit---
#24 0xbfbfec10 in ?? ()
#25 0x2812db2c in alloc_inc (type=673566080) at memory.c:224
Previous frame inner to this frame (corrupt stack?)
------- Additional Comments From gert@greenie.muc.de 2007-08-14 08:29 -------
Hi,
I am also observing this bug - FreeBSD 6.2 on Sparc64, Quagga 0.99.8 from the
FreeBSD ports, but also using non-port-patched (pristine) Quagga sources.
There are two different sorts of crashes:
- when loading a config that has neighbour statements, it will crash right
away, and the back trace looks like this:
#0 0x00000000407206a8 in kill () from /lib/libc.so.6
#1 0x000000004071f0d4 in abort () from /lib/libc.so.6
#2 0x00000000406abc24 in _UTF8_init () from /lib/libc.so.6
#3 0x00000000406abc84 in _UTF8_init () from /lib/libc.so.6
#4 0x00000000406ad028 in _UTF8_init () from /lib/libc.so.6
#5 0x0000000000159b94 in stream_free (s=0x492440) at stream.c:125
#6 0x0000000000128518 in bgp_write (thread=0x13) at bgp_packet.c:99
#7 0x00000000001539b0 in thread_call (thread=0x7fdffffe9c0) at thread.c:1051
#8 0x0000000000102d84 in main (argc=5, argv=0x7fdffffec50) at bgp_main.c:323
if I load a configuration that has no neighbour statements, and then add a
single neighbour with an outgoing route-map:
neighbor 193.149.44.249 remote-as 5539
neighbor 193.149.44.249 route-map set-no-export out
where the route-map exists, and looks like this:
route-map set-no-export permit 10
set community no-export
then I get a crash that looks like this:
#2 0x000000000015d5d0 in _zlog_assert_failed (assertion=0x1a5258 "(((s)->endp)
<= (s)->size)", file=0x1a5178 "stream.c", line=191, function=0x1a4ed0
"stream_get_endp") at log.c:605
#3 0x0000000000159fb4 in stream_get_endp (s=0x49e700) stream.c:191
#4 0x0000000000128340 in bgp_write (thread=0x7fdffffe9f0) at bgp_packet.c:633
to track that down, I have instrumented bgp_write_packet() in bgp_packet.c
with a number of printf()s (not changing anything else!) and from that moment
on, bgpd worked like a charm, no more crashes. Which is bad, otherwise I might
have been able to pinpoint this more closely.
I have the feeling that something is overwriting its bounds in
bgp_update_packet() (I had one crash with corrupt stack frame), but can't see
anything obvious.
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
_______________________________________________
Quagga-bugs mailing list
Quagga-bugs@lists.quagga.net
http://lists.quagga.net/mailman/listinfo/quagga-bugs