[Xorp-hackers] Crash due to stale cached xrl sender pointer.
Ben Greear
greearb at candelatech.com
Tue Oct 27 18:09:53 PDT 2009
XRL caches a pointer to the resolved_sender, but when something
deletes a sender, it doesn't appear to clean up any existing XRLs.
This leads to a crash on a highly loaded system (where senders must be
timing out
or something like that).
Looks like a good place for smart pointers. I'm going to attempt that
unless
someone has another idea...
Thanks,
Ben
XrlPFSender*
XrlRouter::get_sender(const Xrl& xrl, FinderDBEntry* dbe)
{
const Xrl& x = dbe->xrls().front();
XrlPFSender* s = NULL;
// Use the cache pointer to the sender.
if (xrl.resolved()) {
s = xrl.resolved_sender();
>>> CRASH HERE, s is pointing to bogus memory..probably deleted and
scribbled upon:
if (s->alive())
return s;
(gdb) bt
#0 0x00000000005e3eac in XrlRouter::get_sender (this=0x7fff13b9ae30,
xrl=@0x18ca130, dbe=0x18caa38) at libxipc/xrl_router.cc:424
#1 0x00000000005e39f1 in XrlRouter::send_resolved (this=0x7fff13b9ae30,
xrl=@0x18ca130, dbe=0x18caa38, cb=@0x7fff13b99730, direct_call=true)
at libxipc/xrl_router.cc:391
#2 0x00000000005e4784 in XrlRouter::send (this=0x7fff13b9ae30,
xrl=@0x18ca130, user_cb=@0x7fff13b99730) at libxipc/xrl_router.cc:630
#3 0x00000000005bdcc2 in
XrlRawPacket4V0p1Client::send_register_receiver (this=0x7fff13b997b0,
dst_xrl_target_name=0x189a938 "fea",
xrl_target_instance_name="ospfv2-4a020f2e6b53955e3362796be672a55e at 127.0.0.1",
if_name="17.100.17", vif_name="17.100.17",
ip_protocol=@0x7fff13b99808,
enable_multicast_loopback=@0x7fff13b99807, cb=@0x7fff13b997c0)
at obj/x86_64-linux-public17/xrl/interfaces/fea_rawpkt4_xif.cc:111
#4 0x00000000004a2956 in XrlIO<IPv4>::enable_interface_vif
(this=0x7fff13b9abd0, interface="17.100.17", vif="17.100.17") at
ospf/xrl_io.cc:215
#5 0x0000000000420f73 in Ospf<IPv4>::enable_interface_vif
(this=0x7fff13b9a8a0, interface="17.100.17", vif="17.100.17") at
ospf/ospf.cc:130
#6 0x000000000045e578 in PeerOut<IPv4>::start_receiving_packets
(this=0x18cdb50) at ospf/peer.cc:635
#7 0x000000000045ead4 in PeerOut<IPv4>::bring_up_peering
(this=0x18cdb50) at ospf/peer.cc:566
#8 0x000000000045c158 in PeerOut<IPv4>::peer_change (this=0x18cdb50) at
ospf/peer.cc:316
#9 0x000000000045c032 in PeerOut<IPv4>::set_link_status
(this=0x18cdb50, state=true) at ospf/peer.cc:297
#10 0x000000000043ae82 in PeerManager<IPv4>::vif_status_change
(this=0x7fff13b9a978, interface="17.100.17", vif="17.100.17", state=true)
at ospf/peer_manager.cc:789
#11 0x000000000045670e in XorpMemberCallback3B0<void, PeerManager<IPv4>,
std::string const&, std::string const&, bool>::dispatch (
this=0x18c4450, a1="17.100.17", a2="17.100.17", a3=true) at
./libxorp/callback_nodebug.hh:6801
#12 0x00000000004a4ea0 in XrlIO<IPv4>::updates_made
(this=0x7fff13b9abd0) at ospf/xrl_io.cc:1259
#13 0x0000000000596fa9 in IfMgrXrlMirror::do_updates
(this=0x7fff13b9aca8) at libfeaclient/ifmgr_xrl_mirror.cc:1168
#14 0x0000000000596e21 in IfMgrXrlMirror::updates_made
(this=0x7fff13b9aca8) at libfeaclient/ifmgr_xrl_mirror.cc:1145
#15 0x000000000059540e in
IfMgrXrlMirrorTarget::fea_ifmgr_mirror_0_1_hint_updates_made
(this=0x18b3c00) at libfeaclient/ifmgr_xrl_mirror.cc:927
#16 0x00000000005cae6a in
XrlFeaIfmgrMirrorTargetBase::handle_fea_ifmgr_mirror_0_1_hint_updates_made
(this=0x18b3c00, xa_inputs=@0x18bae28)
at obj/x86_64-linux-public17/xrl/targets/fea_ifmgr_mirror_base.cc:1362
#17 0x00000000005cb57a in XorpMemberCallback2B0<XrlCmdError const,
XrlFeaIfmgrMirrorTargetBase, XrlArgs const&, XrlArgs*>::dispatch (
this=0x18b5f60, a1=@0x18bae28, a2=0x7fff13b99f80) at
./libxorp/callback_nodebug.hh:4616
#18 0x00000000005f9692 in XrlCmdEntry::dispatch (this=0x18b6008,
inputs=@0x18bae28, outputs=0x7fff13b99f80) at libxipc/xrl_cmd_map.hh:44
#19 0x000000000060032c in XrlDispatcher::dispatch_xrl_fast
(this=0x18b3420, xi=@0x18bae10, outputs=@0x7fff13b99f80)
at libxipc/xrl_dispatcher.cc:83
#20 0x000000000060114a in STCPRequestHandler::do_dispatch
(this=0x18bf610, packed_xrl=0x7f2947ae1776 "", packed_xrl_bytes=0,
response=@0x7fff13b99f80) at libxipc/xrl_pf_stcp.cc:288
#21 0x0000000000601237 in STCPRequestHandler::dispatch_request
(this=0x18bf610, seqno=518, batch=false,
packed_xrl=0x7f2947ae171f <incomplete sequence \314>,
packed_xrl_bytes=87) at libxipc/xrl_pf_stcp.cc:300
#22 0x0000000000600dc9 in STCPRequestHandler::read_event
(this=0x18bf610, ev=BufferedAsyncReader::DATA, buffer=0x7f2947ae1707
"STCP\1\1",
buffer_bytes=111) at libxipc/xrl_pf_stcp.cc:234
---Type <return> to continue, or q <return> to quit---
#23 0x000000000060a12a in XorpMemberCallback4B0<void,
STCPRequestHandler, BufferedAsyncReader*, BufferedAsyncReader::Event,
unsigned char*, unsigned long>::dispatch (this=0x18b9410, a1=0x18bf620,
a2=BufferedAsyncReader::DATA, a3=0x7f2947ae1707 "STCP\1\1", a4=111)
at ./libxorp/callback_nodebug.hh:8966
#24 0x0000000000620728 in BufferedAsyncReader::announce_event
(this=0x18bf620, ev=BufferedAsyncReader::DATA) at
libxorp/buffered_asyncio.cc:261
#25 0x0000000000620600 in BufferedAsyncReader::io_event (this=0x18bf620,
fd={_filedesc = 48}, type=IOT_READ) at libxorp/buffered_asyncio.cc:214
#26 0x0000000000620eda in XorpMemberCallback2B0<void,
BufferedAsyncReader, XorpFd, IoEventType>::dispatch (this=0x18bde50,
a1={_filedesc = 48},
a2=IOT_READ) at ./libxorp/callback_nodebug.hh:4636
#27 0x0000000000634b46 in SelectorList::Node::run_hooks (this=0x1885990,
m=SEL_RD, fd={_filedesc = 48}) at libxorp/selector.cc:200
#28 0x0000000000634004 in SelectorList::wait_and_dispatch
(this=0x7fff13b9a540, timeout=@0x7fff13b9a320) at libxorp/selector.cc:523
#29 0x0000000000622be9 in EventLoop::do_work (this=0x7fff13b9a3b0,
can_block=true) at libxorp/eventloop.cc:147
#30 0x0000000000622a7e in EventLoop::run (this=0x7fff13b9a3b0) at
libxorp/eventloop.cc:100
#31 0x000000000040514a in main (argv=0x7fff13b9b098) at
ospf/xorp_ospfv2.cc:77
(gdb)
--
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the Xorp-hackers
mailing list