Skip to content

operator/identitygc: fix nil pointer dereference on shutdown#45091

Merged
tklauser merged 1 commit intocilium:mainfrom
tsotne95:pr/fix-operator-identitygc-panic
Apr 1, 2026
Merged

operator/identitygc: fix nil pointer dereference on shutdown#45091
tklauser merged 1 commit intocilium:mainfrom
tsotne95:pr/fix-operator-identitygc-panic

Conversation

@tsotne95
Copy link
Copy Markdown
Contributor

@tsotne95 tsotne95 commented Mar 31, 2026

When DisableCiliumEndpointCRD is set (e.g. via --disable-endpoint-crd=true) and the CiliumEndpoint CRD is missing from the cluster, the startCRDModeGC startup function returns early to skip running the Garbage Collector.

However, the OnStop lifecycle hook unconditionally attempts to call RemoveAllAndWait() on the internal controller manager (gc.mgr). Since it remains uninitialized (nil) due to the early return, this causes a panic when the operator shuts down.

Fix this by adding a defensive nil check for gc.mgr in OnStop.

Fixes: #45087

@tsotne95
operator/identitygc: fix nil pointer dereference on shutdown
cb03b18 
When DisableCiliumEndpointCRD is set (e.g. via --disable-endpoint-crd=true)
and the CiliumEndpoint CRD is missing from the cluster, the startCRDModeGC
startup function returns early to skip running the Garbage Collector.

However, the OnStop lifecycle hook unconditionally attempts to call
RemoveAllAndWait() on the internal controller manager (gc.mgr). Since it
remains uninitialized (nil) due to the early return, this causes a panic
when the operator shuts down.

Fix this by adding a defensive nil check for gc.mgr in OnStop.

Fixes: cilium#45087

Signed-off-by: Tsotne Chakhvadze <tsotne@google.com>
@tsotne95 tsotne95 requested a review from a team as a code owner March 31, 2026 18:34
@tsotne95 tsotne95 requested a review from odinuge March 31, 2026 18:34
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Mar 31, 2026
@xtineskim
Copy link
Copy Markdown
Member

xtineskim commented Mar 31, 2026

/test

@tsotne95
Copy link
Copy Markdown
Contributor Author

tsotne95 commented Apr 1, 2026

/ci-ginkgo

@tklauser tklauser added the release-note/bug This PR fixes an issue in a previous release of Cilium. label Apr 1, 2026
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Apr 1, 2026
@tklauser tklauser added needs-backport/1.19 This PR / issue needs backporting to the v1.19 branch area/operator Impacts the cilium-operator component needs-backport/1.18 This PR / issue needs backporting to the v1.18 branch needs-backport/1.17 This PR / issue needs backporting to the v1.17 branch labels Apr 1, 2026
@tklauser tklauser enabled auto-merge April 1, 2026 09:36
@tklauser tklauser added this pull request to the merge queue Apr 1, 2026
@tklauser tklauser added the affects/v1.16 This issue affects v1.16 branch label Apr 1, 2026
Merged via the queue into cilium:main with commit 9792af9 Apr 1, 2026
84 of 85 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tklauser tklauser tklauser approved these changes

@odinuge odinuge Awaiting requested review from odinuge odinuge is a code owner automatically assigned from cilium/sig-policy

Assignees

No one assigned

Labels

affects/v1.16 This issue affects v1.16 branch area/operator Impacts the cilium-operator component needs-backport/1.17 This PR / issue needs backporting to the v1.17 branch needs-backport/1.18 This PR / issue needs backporting to the v1.18 branch needs-backport/1.19 This PR / issue needs backporting to the v1.19 branch release-note/bug This PR fixes an issue in a previous release of Cilium.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

panic: runtime error: invalid memory address or nil pointer dereference in identitygc

3 participants

@tsotne95 @xtineskim @tklauser