<div dir="ltr">Hello, was anyone else able to reproduce this issue?<div>I've been able to reproduce it also using the code from master.</div><div><br></div><div>I paste some more info here, I hope they'll be useful to troubleshoot it.</div><div><br></div><div>Thanks</div><div><br></div><div>Pier Carlo</div><div><br></div><div><br></div><div><br></div><div>GDB:</div><div><br></div><div>bird: Started<br>bird: AS1_1: Started<br>bird: AS1_1: Incoming connection from 192.0.2.11 (port 44145) accepted<br>bird: AS1_1: BGP session established<br>bird: AS1_1: State changed to up<br>bird: AS1_1 > added [best] <a href="http://1.0.1.0/24">1.0.1.0/24</a> unicast<br>bird: AS1_1 < rejected by protocol <a href="http://1.0.1.0/24">1.0.1.0/24</a> unicast<br>bird: AS1_1 > added [best] <a href="http://1.0.3.0/24">1.0.3.0/24</a> unicast<br>bird: AS1_1 < rejected by protocol <a href="http://1.0.3.0/24">1.0.3.0/24</a> unicast<br>bird: AS1_1 > added [best] <a href="http://1.0.2.0/24">1.0.2.0/24</a> unicast<br>bird: AS1_1 < rejected by protocol <a href="http://1.0.2.0/24">1.0.2.0/24</a> unicast<br>bird: AS1_1 > added [best] <a href="http://1.0.5.0/24">1.0.5.0/24</a> unicast<br>bird: AS1_1 < rejected by protocol <a href="http://1.0.5.0/24">1.0.5.0/24</a> unicast<br>bird: Protocol AS1_1 hits route receive limit (4), action: disable<br><br>Program received signal SIGSEGV, Segmentation fault.<br>0x000055b5c20d8eb1 in net_format (N=0xcdcdcdcdcdcdcde5, buf=0x7ffc6c8d0570 "", buflen=257) at lib/net.c:82<br>82 switch (n->n.type)<br>(gdb)<br>(gdb)<br>(gdb) bt<br>#0 0x000055b5c20d8eb1 in net_format (N=0xcdcdcdcdcdcdcde5, buf=0x7ffc6c8d0570 "", buflen=257) at lib/net.c:82<br>#1 0x000055b5c20da380 in bvsnprintf (buf=0x7ffc6c8d0770 "AS1_1 > ignored [limit] \b", size=1000, fmt=0x55b5c218e478 "N %s",<br> args=0x7ffc6c8d0be0) at lib/printf.c:246<br>#2 0x000055b5c20db3af in buffer_vprint (buf=0x7ffc6c8d0ba0, fmt=0x55b5c218e46e "%s %c %s %N %s", args=0x7ffc6c8d0be0)<br> at lib/printf.c:531<br>#3 0x000055b5c2161d0a in vlog (class=2, msg=0x55b5c218e46e "%s %c %s %N %s", args=0x7ffc6c8d0be0) at sysdep/unix/log.c:219<br>#4 0x000055b5c2161e06 in log_msg (msg=0x55b5c218e46e "%s %c %s %N %s") at sysdep/unix/log.c:244<br>#5 0x000055b5c20f7d35 in rte_trace (p=0x55b5c3a026a0, e=0x55b5c3a15598, dir=62, msg=0x55b5c218e5f5 "ignored [limit]")<br> at nest/rt-table.c:555<br>#6 0x000055b5c20f7d79 in rte_trace_in (flag=4, p=0x55b5c3a026a0, e=0x55b5c3a15598, msg=0x55b5c218e5f5 "ignored [limit]")<br> at nest/rt-table.c:562<br>#7 0x000055b5c20fbf06 in rte_update_in (c=0x55b5c3a029e0, n=0x7ffc6c8d0e30, new=0x55b5c3a15598, src=0x55b5c3a0a5c0)<br> at nest/rt-table.c:2493<br>#8 0x000055b5c211984d in rte_update3 (c=0x55b5c3a029e0, n=0x7ffc6c8d0e30, new=0x55b5c3a15598, src=0x55b5c3a0a5c0)<br> at ./nest/protocol.h:638<br>#9 0x000055b5c211d17a in bgp_rte_update (s=0x7ffc6c8d0f90, n=0x7ffc6c8d0e30, path_id=0, a0=0x7ffc6c8d0e60)<br> at proto/bgp/packets.c:1331<br>#10 0x000055b5c211d6e9 in bgp_decode_nlri_ip4 (s=0x7ffc6c8d0f90, pos=0x55b5c3a0d33f "", len=0, a=0x7ffc6c8d0e60)<br> at proto/bgp/packets.c:1479<br>#11 0x000055b5c211f2b5 in bgp_decode_nlri (s=0x7ffc6c8d0f90, afi=65537, nlri=0x55b5c3a0d32b "\030\001", len=20,<br> ea=0x55b5c3a132b0, nh=0x55b5c3a0d327 "\300", nh_len=4) at proto/bgp/packets.c:2410<br>#12 0x000055b5c211f743 in bgp_rx_update (conn=0x55b5c3a028a8, pkt=0x55b5c3a0d300 '\377' <repeats 16 times>, len=63)<br> at proto/bgp/packets.c:2505<br>#13 0x000055b5c2120b75 in bgp_rx_packet (conn=0x55b5c3a028a8, pkt=0x55b5c3a0d300 '\377' <repeats 16 times>, len=63)<br> at proto/bgp/packets.c:3097<br>#14 0x000055b5c2120d02 in bgp_rx (sk=0x55b5c3a0d1b0, size=63) at proto/bgp/packets.c:3142<br>#15 0x000055b5c215dd41 in call_rx_hook (s=0x55b5c3a0d1b0, size=63) at sysdep/unix/io.c:1796<br>#16 0x000055b5c215e116 in sk_read (s=0x55b5c3a0d1b0, revents=1) at sysdep/unix/io.c:1884<br>#17 0x000055b5c215f028 in io_loop () at sysdep/unix/io.c:2342<br>#18 0x000055b5c2164109 in main (argc=5, argv=0x7ffc6c8d13d8) at sysdep/unix/main.c:923<br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div>valgrind:<br></div><div><br></div><div>root@c8fa0d485dcd:~# valgrind --leak-check=yes bird -c /etc/bird/bird.conf -d -f<br></div><div>==270== Memcheck, a memory error detector<br>==270== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.<br>==270== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info<br>==270== Command: bird -c /etc/bird/bird.conf -d -f<br>==270==<br></div><div>...</div><div>bird: AS1_1: Started<br>bird: AS1_1: Incoming connection from 192.0.2.11 (port 59019) accepted<br>bird: AS1_1: BGP session established<br>bird: AS1_1: State changed to up<br>bird: AS1_1 > added [best] <a href="http://1.0.1.0/24">1.0.1.0/24</a> unicast<br>bird: AS1_1 < rejected by protocol <a href="http://1.0.1.0/24">1.0.1.0/24</a> unicast<br>bird: AS1_1 > added [best] <a href="http://1.0.3.0/24">1.0.3.0/24</a> unicast<br>bird: AS1_1 < rejected by protocol <a href="http://1.0.3.0/24">1.0.3.0/24</a> unicast<br>bird: AS1_1 > added [best] <a href="http://1.0.2.0/24">1.0.2.0/24</a> unicast<br>bird: AS1_1 < rejected by protocol <a href="http://1.0.2.0/24">1.0.2.0/24</a> unicast<br>bird: AS1_1 > added [best] <a href="http://1.0.5.0/24">1.0.5.0/24</a> unicast<br>bird: AS1_1 < rejected by protocol <a href="http://1.0.5.0/24">1.0.5.0/24</a> unicast<br>bird: Protocol AS1_1 hits route receive limit (4), action: disable<br>==270== Invalid read of size 1<br>==270== at 0x159EB1: net_format (net.c:82)<br>==270== by 0x15B37F: bvsnprintf (printf.c:246)<br>==270== by 0x15C3AE: buffer_vprint (printf.c:531)<br>==270== by 0x1E2D09: vlog (log.c:219)<br>==270== by 0x1E2E05: log_msg (log.c:244)<br>==270== by 0x178D34: rte_trace (rt-table.c:555)<br>==270== by 0x178D78: rte_trace_in (rt-table.c:562)<br>==270== by 0x17CF05: rte_update_in (rt-table.c:2493)<br>==270== by 0x19A84C: rte_update3 (protocol.h:638)<br>==270== by 0x19E179: bgp_rte_update (packets.c:1331)<br>==270== by 0x19E6E8: bgp_decode_nlri_ip4 (packets.c:1479)<br>==270== by 0x1A02B4: bgp_decode_nlri (packets.c:2410)<br>==270== Address 0xcdcdcdcdcdcdcde5 is not stack'd, malloc'd or (recently) free'd<br>==270==<br>==270==<br>==270== Process terminating with default action of signal 11 (SIGSEGV)<br>==270== General Protection Fault<br>==270== at 0x159EB1: net_format (net.c:82)<br>==270== by 0x15B37F: bvsnprintf (printf.c:246)<br>==270== by 0x15C3AE: buffer_vprint (printf.c:531)<br>==270== by 0x1E2D09: vlog (log.c:219)<br>==270== by 0x1E2E05: log_msg (log.c:244)<br>==270== by 0x178D34: rte_trace (rt-table.c:555)<br>==270== by 0x178D78: rte_trace_in (rt-table.c:562)<br>==270== by 0x17CF05: rte_update_in (rt-table.c:2493)<br>==270== by 0x19A84C: rte_update3 (protocol.h:638)<br>==270== by 0x19E179: bgp_rte_update (packets.c:1331)<br>==270== by 0x19E6E8: bgp_decode_nlri_ip4 (packets.c:1479)<br>==270== by 0x1A02B4: bgp_decode_nlri (packets.c:2410)<br>==270==<br>==270== HEAP SUMMARY:<br>==270== in use at exit: 156,337 bytes in 589 blocks<br>==270== total heap usage: 867 allocs, 278 frees, 406,303 bytes allocated<br>==270==<br>==270== LEAK SUMMARY:<br>==270== definitely lost: 0 bytes in 0 blocks<br>==270== indirectly lost: 0 bytes in 0 blocks<br>==270== possibly lost: 0 bytes in 0 blocks<br>==270== still reachable: 156,337 bytes in 589 blocks<br>==270== suppressed: 0 bytes in 0 blocks<br>==270== Reachable blocks (those to which a pointer was found) are not shown.<br>==270== To see them, rerun with: --leak-check=full --show-leak-kinds=all<br>==270==<br>==270== For counts of detected and suppressed errors, rerun with: -v<br>==270== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)<br>Segmentation fault<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, 24 Oct 2020 at 16:17, Pier Carlo Chiodi <<a href="mailto:pierky@pierky.com">pierky@pierky.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hello,<br><br>I'm getting a "Segmentation fault" error on BIRD 2.0.7 when I use 'receive limit X'. I've got the error when using either 'action block' or 'action disable'. In the same scenario, if I change the config to use 'import limit X' everything works fine.<div><br></div><div>The error happens as soon as the daemon receives the first "extra" route from its peer (in the example, the 5th route while the limit is 4). Output of '-d -f' can be found at the bottom of this msg. If the number of routes received from the peer is equal to the limit, the issue is not hit.<br><br>I was able to consistently reproduce what I've mentioned above using the following config on a Docker container based on Debian 10.1 (Linux f484b919cd3a 4.19.76-linuxkit #1 SMP Tue May 26 11:42:35 UTC 2020 x86_64 GNU/Linux - Dockerfile can be found here <a href="https://github.com/pierky/dockerfiles/blob/master/bird/2.0.7/Dockerfile" target="_blank">https://github.com/pierky/dockerfiles/blob/master/bird/2.0.7/Dockerfile</a>).<br><br>BIRD 1.6.8 works fine.</div><div><br>Thanks.<br><br>Pier Carlo<br><br><br>router id 192.0.2.2;<br>define rs_as = 999;<br><br>log "/var/log/bird.log" all;<br>log syslog all;<br>debug protocols { states, routes, filters, interfaces, events };<br><br>timeformat base iso long;<br>timeformat log iso long;<br>timeformat protocol iso long;<br>timeformat route iso long;<br><br>protocol device {};<br><br>ipv4 table master4 sorted;<br>ipv6 table master6 sorted;<br><br>filter receive_from_AS1_1 {<br> if !(source = RTS_BGP ) then<br> reject "source != RTS_BGP - REJECTING ", net;<br><br> if !(net.type = NET_IP4) then<br> reject "AFI not enabled for this peer - REJECTING ", net;<br><br> accept;<br>}<br><br>protocol bgp AS1_1 {<br><br> local as 999;<br> neighbor 192.0.2.11 as 1;<br> rs client;<br><br> passive on;<br> ttl security off;<br> interpret communities off;<br><br> # ---------------------------------------<br> ipv4 {<br> table master4;<br><br> secondary;<br><br> receive limit 4 action block;<br><br> import table on;<br> import keep filtered on;<br> import filter receive_from_AS1_1;<br><br></div><div> export none;<br><br> # ---------------------------------------<br> };<br>}<br></div><div><br></div><div><br></div><div><br></div><div><br></div><div>Output of '-d -f':</div><div><br></div><div><br></div><div>root@f484b919cd3a:~# bird -c /etc/bird/bird.conf -d -f<br>bird: device1: Initializing<br>bird: AS1_1: Channel ipv4 connected to table master4<br>bird: AS1_1: Initializing<br>bird: device1: Starting<br>bird: device1: Scanning interfaces<br>bird: device1: State changed to up<br>bird: AS1_1: Starting<br>bird: AS1_1: State changed to start<br>bird: Started<br>bird: AS1_1: Started<br>bird: AS1_1: Incoming connection from 192.0.2.11 (port 49457) accepted<br>bird: AS1_1: BGP session established<br>bird: AS1_1: State changed to up<br>bird: AS1_1 > added [best] <a href="http://1.0.1.0/24" target="_blank">1.0.1.0/24</a> unicast<br>bird: AS1_1 < rejected by protocol <a href="http://1.0.1.0/24" target="_blank">1.0.1.0/24</a> unicast<br>bird: AS1_1 > added [best] <a href="http://1.0.3.0/24" target="_blank">1.0.3.0/24</a> unicast<br>bird: AS1_1 < rejected by protocol <a href="http://1.0.3.0/24" target="_blank">1.0.3.0/24</a> unicast<br>bird: AS1_1 > added [best] <a href="http://1.0.2.0/24" target="_blank">1.0.2.0/24</a> unicast<br>bird: AS1_1 < rejected by protocol <a href="http://1.0.2.0/24" target="_blank">1.0.2.0/24</a> unicast<br>bird: AS1_1 > added [best] <a href="http://1.0.5.0/24" target="_blank">1.0.5.0/24</a> unicast<br>bird: AS1_1 < rejected by protocol <a href="http://1.0.5.0/24" target="_blank">1.0.5.0/24</a> unicast<br>bird: Protocol AS1_1 hits route receive limit (4), action: disable<br>Segmentation fault<br></div></div>
</blockquote></div>