Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ospfv3 is failing in topotests #1135

Closed
donaldsharp opened this issue Sep 8, 2017 · 5 comments
Closed

ospfv3 is failing in topotests #1135

donaldsharp opened this issue Sep 8, 2017 · 5 comments
Assignees
Milestone

Comments

@donaldsharp
Copy link
Member

Address Sanitizer is returning this: ```2017/09/07 17:05:58 OSPF6: SPF: Scheduled in 0 msec

r2: ospf6d triggered an exception by AddressSanitizer
ERROR: AddressSanitizer: heap-use-after-free on address 0x61000000d070 at pc 0x00000042e8ca bp 0x7ffeafa44df0 sp 0x7ffeafa44de0
READ of size 4 at 0x61000000d070 thread T0
#0 0x42e8c9 in ospf6_intra_brouter_calculation ospf6d/ospf6_intra.c:1559
#1 0x45429d in ospf6_spf_calculation_thread ospf6d/ospf6_spf.c:611
#2 0x4cc3ca in thread_call lib/thread.c:1482
#3 0x493039 in frr_run lib/libfrr.c:870
#4 0x412fc9 in main ospf6d/ospf6_main.c:209
#5 0x7ff49078982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#6 0x412bd8 in _start (/usr/lib/frr/ospf6d+0x412bd8)

0x61000000d070 is located 48 bytes inside of 184-byte region [0x61000000d040,0x61000000d0f8)
freed by thread T0 here:
#0 0x7ff49193e2ca in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x982ca)
#1 0x4994fe in qfree lib/memory.c:87
#2 0x44b5cb in ospf6_route_delete ospf6d/ospf6_route.c:357
#3 0x44ba5c in ospf6_route_unlock ospf6d/ospf6_route.c:397
#4 0x44dbfb in ospf6_route_next ospf6d/ospf6_route.c:852
#5 0x42e8a7 in ospf6_intra_brouter_calculation ospf6d/ospf6_intra.c:1558
#6 0x45429d in ospf6_spf_calculation_thread ospf6d/ospf6_spf.c:611
#7 0x4cc3ca in thread_call lib/thread.c:1482
#8 0x493039 in frr_run lib/libfrr.c:870
#9 0x412fc9 in main ospf6d/ospf6_main.c:209
#10 0x7ff49078982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

previously allocated by thread T0 here:
#0 0x7ff49193e79a in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9879a)
#1 0x499230 in qcalloc lib/memory.c:68
#2 0x44b502 in ospf6_route_create ospf6d/ospf6_route.c:345
#3 0x46735a in ospf6_abr_examin_summary ospf6d/ospf6_abr.c:886
#4 0x468706 in ospf6_area_lsdb_hook_add ospf6d/ospf6_area.c:79
#5 0x4336c3 in ospf6_lsdb_add ospf6d/ospf6_lsdb.c:122
#6 0x41b308 in ospf6_install_lsa ospf6d/ospf6_flood.c:242
#7 0x41c4d7 in ospf6_receive_lsa ospf6d/ospf6_flood.c:857
#8 0x43cabb in ospf6_lsupdate_recv ospf6d/ospf6_message.c:1376
#9 0x43cabb in ospf6_receive ospf6d/ospf6_message.c:1628
#10 0x4cc3ca in thread_call lib/thread.c:1482
#11 0x493039 in frr_run lib/libfrr.c:870
#12 0x412fc9 in main ospf6d/ospf6_main.c:209
#13 0x7ff49078982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: heap-use-after-free ospf6d/ospf6_intra.c:1559 ospf6_intra_brouter_calculation
Shadow bytes around the buggy address:
0x0c207fff99b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
0x0c207fff99c0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c207fff99d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
0x0c207fff99e0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c207fff99f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
=>0x0c207fff9a00: fa fa fa fa fa fa fa fa fd fd fd fd fd fd[fd]fd
0x0c207fff9a10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
0x0c207fff9a20: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c207fff9a30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
0x0c207fff9a40: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c207fff9a50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe```

@mwinter-osr
Copy link
Member

Somehow forgot to enforce the Address Sanitizer Tests. They were run, but the results were ignored.
Please someone ping me after this is fixed and merged to enable them, so future PRs breaking this get flagged.

@mwinter-osr
Copy link
Member

Address Sanitizer was ok on Master until June 30. The first merge which broke it was Git sha 8186327
and there are multiple breakages since then. Some of these errors are in 3.0 as well and probably need to be addressed or at least evaluated before the release

@donaldsharp donaldsharp added this to the 3.0 milestone Sep 19, 2017
@donaldsharp donaldsharp self-assigned this Sep 19, 2017
@mwinter-osr
Copy link
Member

@donaldsharp
Copy link
Member Author

I would like to recommend that this be removed from the 3.0 milestone. As that there is no way this is not a long standing issue that I would say even exists back in 2.0 and further back into Quagga itself. @mwinter-osr thoughts?

@rwestphal
Copy link
Member

Fixed by #1217.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants