Bird routing daemon memory segfault issue submission

noc at tohunet.com noc at tohunet.com
Thu Jun 22 14:52:35 CEST 2023 

Hello Bird Development Team:

 

We are AS140731, aka TOHUNET, we use bird as our routing program, we have a
problem that may be related to the memory address of bird. 

 

Here are the problem details:

 

We designed a function for anycast to balance the unequal length ASPATH
between different upstreams and different nodes, it has this structure:

 

function anycast(int AS;int Region;int Country;int NodeID) {

       if net ~ [2406:840:eb8c::/48] then

       {

              case NodeID {

                     1: {

                            case AS {

                                   6939:
{bgp_path.prepend(140731);bgp_path.prepend(140731);}

                            }

                     }

              }

       }

}

 

Among them, AS represents the peer AS of this session, and NodeID represents
the ID of this node. After the conditional statement in the case matches the
peer AS, as you can see, it will execute bgp_path.prepend, and it works well
when the curly braces of the conditional statement are not empty. But the
aspath of some of our nodes is long enough that they don't need to be
prepend, so we have the following configuration:

 

function anycast(int AS;int Region;int Country;int NodeID) {

       if net ~ [2406:840:eb8c::/48] then

       {

              case NodeID {

                     1: {

                            case AS {

                                   6939:     {}

                            }

                     }

              }

       }

}

 

 

Then the problem occurred. In our example, when the Session at 6939 was
established, the conditional statement matched 6939, but the content in the
curly braces was empty. At this time, bird will be automatically killed and
restarted by Linux due to a memory segment fault. The following is the
information we get in journalctl:

 

kernel: bird[11433]: segfault at 0 ip 0000559bb2900c28 sp 00007ffcd21d1fc0
error 4 in bird[559bb2886000+9d000]

kernel: Code: 8b 7b 04 83 03 01 41 8d 4f ff 0f 1f 84 00 00 00 00 00 89 cd 48
8d 44 6d 00 48 8d 14 c3 4c 8b a2 08 80 01 00 8b 82 10 80 01 00 <41> 3b 04 24
0f >

systemd[1]: bird.service: Main process exited, code=killed, status=11/SEGV

 

The version number we are currently using is: v2.13-5-gf8ba8280 debian11,
but we have tried to roll back to v2.13 and update to v2.13-10-gf8bcb037,
these problems still exist.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20230622/ea405898/attachment.htm>

More information about the Bird-users mailing list