Open
Conversation
The spftree has a new property called algorithm which is id used to identify the algorithm that separates it in the same IGP network. This is used in Flex-Algo. In other cases than Flex-Algo, the algorithm id is always zero. Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com> Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
The information in prefix-sid has a new property called algorithm id. This is used to identify the algorithm that separates it in the same IGP network. This is used in Flex-Algo.In all other cases, the algorithm id is basically 0. Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com> Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
The information in prefix-sid has a new property called algorithm id. This is used to identify the algorithm that separates it in the same IGP network. This is used in Flex-Algo.In all other cases, the algorithm id is basically 0. Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com> Signed-off-by: Eric Kinzie <ekinzie@labn.net> Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Before this commit, SR_ALGORITHM_COUNT was set to 2, and each was hardcoded with router capability tlv. When Flex-Algo is supported, SR-Algorithm may be variably supported up to 256. Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com> Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
isis_tlvs_add_extended_ip_reach adds IS-IS Extended IP reachability to the LSP. In this case, if the pcfg argument is not NULL, you can add IGP Prefix-SID as its sub tlv. Before this commit, only one Prefix-SID can be added. After this commit, the argument is not a single pointer but an array of pointers, and multiple Prefix-SIDs can be added. This feature is necessary because Flex-Algo requires multiple Prefix-SIDs for each Algorithm. Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com> Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Prefix-SID nexthops and backup nexthops are stored respectively in isis_route_info->nexthops and isis_route_info->backup->nexthops. With Flex-Algo, there are multiple Prefix-SIDs for a single prefix in different algorithms. Each of these Prefix-SIDs performs SPF calculation with a separate contract and sets a nexthops, so it is necessary to store a different set nexthops for each Prefix-SID. Add a nexthops and backup nethops list into the Prefix-SID isis_sr_psid_info struct and use these lists instead of the when needed After this commit, the nexthops for each Prefix-SID is not taken from route_info, but the nexthop set inside the Prefix-SID is taken. This works for backup nexthops as well. Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com> Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Before this commit, there was only one sr psid info included in route_info. In fact, in RFC8667, Algorithm ID, which is a property of Prefix-SID, has 8 bits of information. That is, each Prefix can hold up to 256 Prefix-SIDs. This commit implements it. The previously implemented single Prefix-SID will be continued as Algorithm 0. Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com> Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Many of the enum definitions defined in isis_tlvs.h are often extended at the end. The c/c++ allows commas at the end of a list. This commit simplifies the patching of later extensions. Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com> Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
SR Algorithms are independent of specific IGPs such as IS-IS and OSPF. This commit adds lib/sr to aggregate IGP agnostic functions and constants. Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com> Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com> Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Basically in frrouting source code principle, the log string should not be a complicated abstraction or streamlined for grep. But for log format for the "TLV size does not match ..." can be unified, which makes development easier. > $ grep "TLV size does not match expected size for" isisd/isis_tlvs.c > "TLV size does not match expected size for Administrative Group!\n"); > "TLV size does not match expected size for Local IPv6 address!\n"); > ...(snip)... > "TLV size does not match expected size for Adjacency SID!\n"); > "TLV size does not match expected size for Adjacency SID!\n"); > "TLV size does not match expected size for Adjacency SID!\n"); > "TLV size does not match expected size for LAN-Adjacency SID!\n"); > "TLV size does not match expected size for LAN-Adjacency SID!\n"); > "TLV size does not match expected size for LAN-Adjacency SID!\n"); > > $ grep "TLV size does not match expected size for" isisd/isis_tlvs.c | wc -l > 25 Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com> Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
IS-IS Extensions for Segment Routing (RFC8667) defines a variable length SR-Algorithm Sub-TLV (of the router capability TLV) that includes a list of supported SR algorithms. Each algorithm number is one octet. Only two algorithms were defined at the time 8667 was written: SPF (0) and Strict SPF (1). draft-ietf-lsr-flex-algo-18 reserves the range of algorithm numbers from 128 to 255 for Flex-Algo definitions. As a result, the SR-Algorithm Sub-TLV may now, in practice, hold more than two algorithm identifiers. The internal "struct ls_node", defined in link_state.h, has storage space for only two algorithm IDs. Extend this array to 256 entries. Adjust ls_node comparison logic, etc., to accommodate the longer array. Note that the Router Capability TLV allows a maximum of 250 octets for sub-TLVs and that this is not sufficient to hold a list of all possible algorithm IDs. These changes do not account for that limitation. Signed-off-by: Eric Kinzie <ekinzie@labn.net> Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Add the ability to configure a Segment-Routing prefix SID for a given algorithm. For example: > segment-routing prefix 10.10.10.10/32 algorithm 128 index 100 Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com> Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Add the ability to configure a Segment-Routing prefix SID for a given algorithm. For example: > segment-routing prefix 10.10.10.10/32 algorithm 128 index 100 Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com> Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Add a function to copy a bitfield_t structure. Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com> Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Add a library to deal with Flexible Algorithm that will be common to IS-IS and OSPF. The functions enables to deal with: - Affinity-maps - Extended Admin Group (RFC7308) - Flex-Algo structures that contains the flex-algo configurations Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com> Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Define the IS-IS flex-algo structure in yang, the CLI configuration commands and the skeletons of frontend and backend functions that are called by the CLI code. Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com> Signed-off-by: Eric Kinzie <ekinzie@labn.net> Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Add a function to returns a human readable string of the metric types that are defined in yang. Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
7d23c15 to
dd4f50b
Compare
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Adds basic functionality to Flex-Algo for IS-IS wrapping lib/flex_algo. The configuration interface will be added in the next commit. Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com> Signed-off-by: Eric Kinzie <ekinzie@labn.net> Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Add the backend functions for the flex-algo configuration. Signed-off-by: Hiroki Shirokura <hiroki.shirokura@linecorp.com> Signed-off-by: Eric Kinzie <ekinzie@labn.net> Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
dd4f50b to
cdcdf50
Compare
louis-6wind
pushed a commit
that referenced
this pull request
Sep 21, 2022
CID 1519843 (#2 of 2): Uninitialized scalar variable (UNINIT) 43. uninit_use_in_call: Using uninitialized value pkt_src->sin6_addr when calling gm_rx_process Signed-off-by: Mobashshera Rasool <mrasool@vmware.com>
louis-6wind
added a commit
that referenced
this pull request
Oct 18, 2022
A isisd crash happens when the IS-IS system-id is defined after a flex-algo definition and before IS-IS segment-routing. After the isisd startup, do: > router isis 1 > is-type level-1 > flex-algo 128 > advertise-definition > dataplane sr-mpls > affinity include-all blue green > net 49.0000.0000.0000.1000.00 It causes this crash: > #0 raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50 > #1 0x00007fb9403c2ac4 in core_handler (signo=6, siginfo=0x7ffd6a538130, context=0x7ffd6a538000) at /build/tools-build-framework/output/_packages/cp-routing/src/lib/sigevent.c:262 > #2 <signal handler called> > #3 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 > FRRouting#4 0x00007fb9400c0859 in __GI_abort () at abort.c:79 > FRRouting#5 0x00007fb940400608 in _zlog_assert_failed ( xref=0x559ed6e3baa0 <_xref.21401>, extra=0x0) at /build/tools-build-framework/output/_packages/cp-routing/src/lib/zlog.c:557 > FRRouting#6 0x0000559ed6d8191e in copy_tlv_router_cap (router_cap=0x559ed7d7b8b0) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_tlvs.c:3681 > FRRouting#7 0x0000559ed6d86133 in pack_tlvs (tlvs=0x559ed7d7b4f0, stream=0x559ed7d7c1e0, fragment_tlvs=0x559ed7d7c7d0, new_fragment=0x559ed6d863ab <new_fragment>, new_fragment_arg=0x559ed7d70c50) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_tlvs.c:5393 > FRRouting#8 0x0000559ed6d8644b in isis_fragment_tlvs (tlvs=0x559ed7d7b4f0, size=1470) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_tlvs.c:5476 > FRRouting#9 0x0000559ed6d4b014 in lsp_build (lsp=0x559ed7d7adb0, area=0x559ed7d40a40) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_lsp.c:1361 > FRRouting#10 0x0000559ed6d4b496 in lsp_generate (area=0x559ed7d40a40, level=1) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_lsp.c:1434 > FRRouting#11 0x0000559ed6d9fee5 in isis_instance_area_address_create ( args=0x7ffd6a54fe70) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_nb_config.c:229 > FRRouting#12 0x00007fb940393e1f in nb_callback_create (context=0x7ffd6a550480, nb_node=0x559ed7b8ad70, event=NB_EV_APPLY, dnode=0x559ed7d54e20, resource=0x559ed7d7aa28, errmsg=0x7ffd6a550490 "", errmsg_len=8192) at /build/tools-build-framework/output/_packages/cp-routing/src/lib/northbound.c:1035 isis_lsp_set_router_capability_fad() only sets cap_fad[fa->algorithm] when segment-routing is enabled. cap_fad[fa->algorithm] admin-group data pointers are not allocated when segment-routing is off. However, when setting the flex-algo definition into router capabilities, cap_fad[fa->algorithm] is copied. Flex-algo definitions are set even segment-routing is not set (which complies with the flex-algo IETF draft). When copying the router capability later, a crash happens because a admin-group pointer is NULL. Set cap_fad[fa->algorithm] even if segment-routing is off. Fixes: 93b0b7f ("isisd: add isis flex-algo lsp advertisement") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
louis-6wind
added a commit
that referenced
this pull request
Oct 18, 2022
A isisd crash happens when the IS-IS system-id is defined after a flex-algo definition and before IS-IS segment-routing. After the isisd startup, do: > router isis 1 > is-type level-1 > flex-algo 128 > advertise-definition > dataplane sr-mpls > affinity include-all blue green > net 49.0000.0000.0000.1000.00 It causes this crash: > #0 raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50 > #1 0x00007fb9403c2ac4 in core_handler (signo=6, siginfo=0x7ffd6a538130, context=0x7ffd6a538000) at /build/tools-build-framework/output/_packages/cp-routing/src/lib/sigevent.c:262 > #2 <signal handler called> > #3 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 > FRRouting#4 0x00007fb9400c0859 in __GI_abort () at abort.c:79 > FRRouting#5 0x00007fb940400608 in _zlog_assert_failed ( xref=0x559ed6e3baa0 <_xref.21401>, extra=0x0) at /build/tools-build-framework/output/_packages/cp-routing/src/lib/zlog.c:557 > FRRouting#6 0x0000559ed6d8191e in copy_tlv_router_cap (router_cap=0x559ed7d7b8b0) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_tlvs.c:3681 > FRRouting#7 0x0000559ed6d86133 in pack_tlvs (tlvs=0x559ed7d7b4f0, stream=0x559ed7d7c1e0, fragment_tlvs=0x559ed7d7c7d0, new_fragment=0x559ed6d863ab <new_fragment>, new_fragment_arg=0x559ed7d70c50) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_tlvs.c:5393 > FRRouting#8 0x0000559ed6d8644b in isis_fragment_tlvs (tlvs=0x559ed7d7b4f0, size=1470) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_tlvs.c:5476 > FRRouting#9 0x0000559ed6d4b014 in lsp_build (lsp=0x559ed7d7adb0, area=0x559ed7d40a40) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_lsp.c:1361 > FRRouting#10 0x0000559ed6d4b496 in lsp_generate (area=0x559ed7d40a40, level=1) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_lsp.c:1434 > FRRouting#11 0x0000559ed6d9fee5 in isis_instance_area_address_create ( args=0x7ffd6a54fe70) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_nb_config.c:229 > FRRouting#12 0x00007fb940393e1f in nb_callback_create (context=0x7ffd6a550480, nb_node=0x559ed7b8ad70, event=NB_EV_APPLY, dnode=0x559ed7d54e20, resource=0x559ed7d7aa28, errmsg=0x7ffd6a550490 "", errmsg_len=8192) at /build/tools-build-framework/output/_packages/cp-routing/src/lib/northbound.c:1035 isis_lsp_set_router_capability_fad() only sets cap_fad[fa->algorithm] when segment-routing is enabled. cap_fad[fa->algorithm] admin-group data pointers are not allocated when segment-routing is off. However, when setting the flex-algo definition into router capabilities, cap_fad[fa->algorithm] is copied. Flex-algo definitions are set even segment-routing is not set (which complies with the flex-algo IETF draft). When copying the router capability later, a crash happens because a admin-group pointer is NULL. Set cap_fad[fa->algorithm] even if segment-routing is off. Fixes: 93b0b7f ("isisd: add isis flex-algo lsp advertisement") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
louis-6wind
added a commit
that referenced
this pull request
Nov 9, 2022
A isisd crash happens when the IS-IS system-id is defined after a flex-algo definition and before IS-IS segment-routing. After the isisd startup, do: > router isis 1 > is-type level-1 > flex-algo 128 > advertise-definition > dataplane sr-mpls > affinity include-all blue green > net 49.0000.0000.0000.1000.00 It causes this crash: > #0 raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50 > #1 0x00007fb9403c2ac4 in core_handler (signo=6, siginfo=0x7ffd6a538130, context=0x7ffd6a538000) at /build/tools-build-framework/output/_packages/cp-routing/src/lib/sigevent.c:262 > #2 <signal handler called> > #3 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 > FRRouting#4 0x00007fb9400c0859 in __GI_abort () at abort.c:79 > FRRouting#5 0x00007fb940400608 in _zlog_assert_failed ( xref=0x559ed6e3baa0 <_xref.21401>, extra=0x0) at /build/tools-build-framework/output/_packages/cp-routing/src/lib/zlog.c:557 > FRRouting#6 0x0000559ed6d8191e in copy_tlv_router_cap (router_cap=0x559ed7d7b8b0) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_tlvs.c:3681 > FRRouting#7 0x0000559ed6d86133 in pack_tlvs (tlvs=0x559ed7d7b4f0, stream=0x559ed7d7c1e0, fragment_tlvs=0x559ed7d7c7d0, new_fragment=0x559ed6d863ab <new_fragment>, new_fragment_arg=0x559ed7d70c50) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_tlvs.c:5393 > FRRouting#8 0x0000559ed6d8644b in isis_fragment_tlvs (tlvs=0x559ed7d7b4f0, size=1470) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_tlvs.c:5476 > FRRouting#9 0x0000559ed6d4b014 in lsp_build (lsp=0x559ed7d7adb0, area=0x559ed7d40a40) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_lsp.c:1361 > FRRouting#10 0x0000559ed6d4b496 in lsp_generate (area=0x559ed7d40a40, level=1) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_lsp.c:1434 > FRRouting#11 0x0000559ed6d9fee5 in isis_instance_area_address_create ( args=0x7ffd6a54fe70) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_nb_config.c:229 > FRRouting#12 0x00007fb940393e1f in nb_callback_create (context=0x7ffd6a550480, nb_node=0x559ed7b8ad70, event=NB_EV_APPLY, dnode=0x559ed7d54e20, resource=0x559ed7d7aa28, errmsg=0x7ffd6a550490 "", errmsg_len=8192) at /build/tools-build-framework/output/_packages/cp-routing/src/lib/northbound.c:1035 isis_lsp_set_router_capability_fad() only sets cap_fad[fa->algorithm] when segment-routing is enabled. cap_fad[fa->algorithm] admin-group data pointers are not allocated when segment-routing is off. However, when setting the flex-algo definition into router capabilities, cap_fad[fa->algorithm] is copied. Flex-algo definitions are set even segment-routing is not set (which complies with the flex-algo IETF draft). When copying the router capability later, a crash happens because a admin-group pointer is NULL. Set cap_fad[fa->algorithm] even if segment-routing is off. Fixes: 93b0b7f ("isisd: add isis flex-algo lsp advertisement") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
louis-6wind
added a commit
that referenced
this pull request
Nov 14, 2022
A isisd crash happens when the IS-IS system-id is defined after a flex-algo definition and before IS-IS segment-routing. After the isisd startup, do: > router isis 1 > is-type level-1 > flex-algo 128 > advertise-definition > dataplane sr-mpls > affinity include-all blue green > net 49.0000.0000.0000.1000.00 It causes this crash: > #0 raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50 > #1 0x00007fb9403c2ac4 in core_handler (signo=6, siginfo=0x7ffd6a538130, context=0x7ffd6a538000) at /build/tools-build-framework/output/_packages/cp-routing/src/lib/sigevent.c:262 > #2 <signal handler called> > #3 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 > FRRouting#4 0x00007fb9400c0859 in __GI_abort () at abort.c:79 > FRRouting#5 0x00007fb940400608 in _zlog_assert_failed ( xref=0x559ed6e3baa0 <_xref.21401>, extra=0x0) at /build/tools-build-framework/output/_packages/cp-routing/src/lib/zlog.c:557 > FRRouting#6 0x0000559ed6d8191e in copy_tlv_router_cap (router_cap=0x559ed7d7b8b0) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_tlvs.c:3681 > FRRouting#7 0x0000559ed6d86133 in pack_tlvs (tlvs=0x559ed7d7b4f0, stream=0x559ed7d7c1e0, fragment_tlvs=0x559ed7d7c7d0, new_fragment=0x559ed6d863ab <new_fragment>, new_fragment_arg=0x559ed7d70c50) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_tlvs.c:5393 > FRRouting#8 0x0000559ed6d8644b in isis_fragment_tlvs (tlvs=0x559ed7d7b4f0, size=1470) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_tlvs.c:5476 > FRRouting#9 0x0000559ed6d4b014 in lsp_build (lsp=0x559ed7d7adb0, area=0x559ed7d40a40) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_lsp.c:1361 > FRRouting#10 0x0000559ed6d4b496 in lsp_generate (area=0x559ed7d40a40, level=1) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_lsp.c:1434 > FRRouting#11 0x0000559ed6d9fee5 in isis_instance_area_address_create ( args=0x7ffd6a54fe70) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_nb_config.c:229 > FRRouting#12 0x00007fb940393e1f in nb_callback_create (context=0x7ffd6a550480, nb_node=0x559ed7b8ad70, event=NB_EV_APPLY, dnode=0x559ed7d54e20, resource=0x559ed7d7aa28, errmsg=0x7ffd6a550490 "", errmsg_len=8192) at /build/tools-build-framework/output/_packages/cp-routing/src/lib/northbound.c:1035 isis_lsp_set_router_capability_fad() only sets cap_fad[fa->algorithm] when segment-routing is enabled. cap_fad[fa->algorithm] admin-group data pointers are not allocated when segment-routing is off. However, when setting the flex-algo definition into router capabilities, cap_fad[fa->algorithm] is copied. Flex-algo definitions are set even segment-routing is not set (which complies with the flex-algo IETF draft). When copying the router capability later, a crash happens because a admin-group pointer is NULL. Set cap_fad[fa->algorithm] even if segment-routing is off. Fixes: 93b0b7f ("isisd: add isis flex-algo lsp advertisement") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
louis-6wind
added a commit
that referenced
this pull request
Nov 14, 2022
A isisd crash happens when the IS-IS system-id is defined after a flex-algo definition and before IS-IS segment-routing. After the isisd startup, do: > router isis 1 > is-type level-1 > flex-algo 128 > advertise-definition > dataplane sr-mpls > affinity include-all blue green > net 49.0000.0000.0000.1000.00 It causes this crash: > #0 raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50 > #1 0x00007fb9403c2ac4 in core_handler (signo=6, siginfo=0x7ffd6a538130, context=0x7ffd6a538000) at /build/tools-build-framework/output/_packages/cp-routing/src/lib/sigevent.c:262 > #2 <signal handler called> > #3 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 > FRRouting#4 0x00007fb9400c0859 in __GI_abort () at abort.c:79 > FRRouting#5 0x00007fb940400608 in _zlog_assert_failed ( xref=0x559ed6e3baa0 <_xref.21401>, extra=0x0) at /build/tools-build-framework/output/_packages/cp-routing/src/lib/zlog.c:557 > FRRouting#6 0x0000559ed6d8191e in copy_tlv_router_cap (router_cap=0x559ed7d7b8b0) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_tlvs.c:3681 > FRRouting#7 0x0000559ed6d86133 in pack_tlvs (tlvs=0x559ed7d7b4f0, stream=0x559ed7d7c1e0, fragment_tlvs=0x559ed7d7c7d0, new_fragment=0x559ed6d863ab <new_fragment>, new_fragment_arg=0x559ed7d70c50) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_tlvs.c:5393 > FRRouting#8 0x0000559ed6d8644b in isis_fragment_tlvs (tlvs=0x559ed7d7b4f0, size=1470) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_tlvs.c:5476 > FRRouting#9 0x0000559ed6d4b014 in lsp_build (lsp=0x559ed7d7adb0, area=0x559ed7d40a40) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_lsp.c:1361 > FRRouting#10 0x0000559ed6d4b496 in lsp_generate (area=0x559ed7d40a40, level=1) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_lsp.c:1434 > FRRouting#11 0x0000559ed6d9fee5 in isis_instance_area_address_create ( args=0x7ffd6a54fe70) at /build/tools-build-framework/output/_packages/cp-routing/src/isisd/isis_nb_config.c:229 > FRRouting#12 0x00007fb940393e1f in nb_callback_create (context=0x7ffd6a550480, nb_node=0x559ed7b8ad70, event=NB_EV_APPLY, dnode=0x559ed7d54e20, resource=0x559ed7d7aa28, errmsg=0x7ffd6a550490 "", errmsg_len=8192) at /build/tools-build-framework/output/_packages/cp-routing/src/lib/northbound.c:1035 isis_lsp_set_router_capability_fad() only sets cap_fad[fa->algorithm] when segment-routing is enabled. cap_fad[fa->algorithm] admin-group data pointers are not allocated when segment-routing is off. However, when setting the flex-algo definition into router capabilities, cap_fad[fa->algorithm] is copied. Flex-algo definitions are set even segment-routing is not set (which complies with the flex-algo IETF draft). When copying the router capability later, a crash happens because a admin-group pointer is NULL. Set cap_fad[fa->algorithm] even if segment-routing is off. Fixes: 93b0b7f ("isisd: add isis flex-algo lsp advertisement") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
louis-6wind
pushed a commit
that referenced
this pull request
Sep 12, 2023
This commit ensures that sequence data
and associated structures are correctly deleted to prevent memory leaks
The ASan leak log for reference:
```
Direct leak of 432 byte(s) in 1 object(s) allocated from:
#0 0x7f911ebaba37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
#1 0x7f911e749a4e in qcalloc ../lib/memory.c:105
#2 0x564fd444b2d3 in pbrms_get ../pbrd/pbr_map.c:527
#3 0x564fd443a82d in pbr_map ../pbrd/pbr_vty.c:90
FRRouting#4 0x7f911e691d61 in cmd_execute_command_real ../lib/command.c:993
FRRouting#5 0x7f911e6920ee in cmd_execute_command ../lib/command.c:1052
FRRouting#6 0x7f911e692dc0 in cmd_execute ../lib/command.c:1218
FRRouting#7 0x7f911e843197 in vty_command ../lib/vty.c:591
FRRouting#8 0x7f911e84807c in vty_execute ../lib/vty.c:1354
FRRouting#9 0x7f911e84e47a in vtysh_read ../lib/vty.c:2362
FRRouting#10 0x7f911e8332f4 in event_call ../lib/event.c:1979
FRRouting#11 0x7f911e71d828 in frr_run ../lib/libfrr.c:1213
FRRouting#12 0x564fd4425795 in main ../pbrd/pbr_main.c:168
FRRouting#13 0x7f911e2e1d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
louis-6wind
pushed a commit
that referenced
this pull request
Sep 12, 2023
This commit ensures proper cleanup by clearing the `algo->pdst` pointer if it points to a path that is being deleted.
It addresses memory leaks by freeing memory held by `algo->pdst` that might not have been released during the cleanup of processed paths.
The ASan leak log for reference:
```
Direct leak of 96 byte(s) in 1 object(s) allocated from:
#0 0x7fbffcec9a37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
#1 0x7fbffca67a81 in qcalloc ../lib/memory.c:105
#2 0x7fbffc9d1a54 in cpath_new ../lib/cspf.c:44
#3 0x7fbffc9d2829 in cspf_init ../lib/cspf.c:256
FRRouting#4 0x7fbffc9d295d in cspf_init_v4 ../lib/cspf.c:287
FRRouting#5 0x5601dcd34d3f in show_sharp_cspf_magic ../sharpd/sharp_vty.c:1262
FRRouting#6 0x5601dcd2c2be in show_sharp_cspf sharpd/sharp_vty_clippy.c:1869
FRRouting#7 0x7fbffc9afd61 in cmd_execute_command_real ../lib/command.c:993
FRRouting#8 0x7fbffc9b00ee in cmd_execute_command ../lib/command.c:1052
FRRouting#9 0x7fbffc9b0dc0 in cmd_execute ../lib/command.c:1218
FRRouting#10 0x7fbffcb611c7 in vty_command ../lib/vty.c:591
FRRouting#11 0x7fbffcb660ac in vty_execute ../lib/vty.c:1354
FRRouting#12 0x7fbffcb6c4aa in vtysh_read ../lib/vty.c:2362
FRRouting#13 0x7fbffcb51324 in event_call ../lib/event.c:1979
FRRouting#14 0x7fbffca3b872 in frr_run ../lib/libfrr.c:1213
FRRouting#15 0x5601dcd11c6f in main ../sharpd/sharp_main.c:177
FRRouting#16 0x7fbffc5ffd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Indirect leak of 40 byte(s) in 1 object(s) allocated from:
#0 0x7fbffcec9a37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
#1 0x7fbffca67a81 in qcalloc ../lib/memory.c:105
#2 0x7fbffca3c108 in list_new ../lib/linklist.c:49
#3 0x7fbffc9d1acc in cpath_new ../lib/cspf.c:47
FRRouting#4 0x7fbffc9d2829 in cspf_init ../lib/cspf.c:256
FRRouting#5 0x7fbffc9d295d in cspf_init_v4 ../lib/cspf.c:287
FRRouting#6 0x5601dcd34d3f in show_sharp_cspf_magic ../sharpd/sharp_vty.c:1262
FRRouting#7 0x5601dcd2c2be in show_sharp_cspf sharpd/sharp_vty_clippy.c:1869
FRRouting#8 0x7fbffc9afd61 in cmd_execute_command_real ../lib/command.c:993
FRRouting#9 0x7fbffc9b00ee in cmd_execute_command ../lib/command.c:1052
FRRouting#10 0x7fbffc9b0dc0 in cmd_execute ../lib/command.c:1218
FRRouting#11 0x7fbffcb611c7 in vty_command ../lib/vty.c:591
FRRouting#12 0x7fbffcb660ac in vty_execute ../lib/vty.c:1354
FRRouting#13 0x7fbffcb6c4aa in vtysh_read ../lib/vty.c:2362
FRRouting#14 0x7fbffcb51324 in event_call ../lib/event.c:1979
FRRouting#15 0x7fbffca3b872 in frr_run ../lib/libfrr.c:1213
FRRouting#16 0x5601dcd11c6f in main ../sharpd/sharp_main.c:177
FRRouting#17 0x7fbffc5ffd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
louis-6wind
pushed a commit
that referenced
this pull request
Sep 12, 2023
Previously when updating vertices, edges and subnets, when no update was required
due to existing value matching the new one, memory associated with the new object
was not being freed leading to memory leaks. This commit fixes memory leak by
freeing memory associated with new object when update is unnecessary.
The ASan leak log for reference:
```
Direct leak of 312 byte(s) in 3 object(s) allocated from:
#0 0x7faf3afbfa37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
#1 0x7faf3ab5dbcf in qcalloc ../lib/memory.c:105
#2 0x7faf3ab42e00 in ls_parse_prefix ../lib/link_state.c:1323
#3 0x7faf3ab43c87 in ls_parse_msg ../lib/link_state.c:1373
FRRouting#4 0x7faf3ab476a5 in ls_stream2ted ../lib/link_state.c:1885
FRRouting#5 0x564e045046aa in sharp_opaque_handler ../sharpd/sharp_zebra.c:792
FRRouting#6 0x7faf3aca35a9 in zclient_read ../lib/zclient.c:4410
FRRouting#7 0x7faf3ac47474 in event_call ../lib/event.c:1979
FRRouting#8 0x7faf3ab318b4 in frr_run ../lib/libfrr.c:1213
FRRouting#9 0x564e044fdc6f in main ../sharpd/sharp_main.c:177
FRRouting#10 0x7faf3a6f4d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
SUMMARY: AddressSanitizer: 312 byte(s) leaked in 3 allocation(s).
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
louis-6wind
pushed a commit
that referenced
this pull request
Sep 12, 2023
…Discarded
The newly created LSA `new` is now properly freed to prevent memory leaks when
a non-self-originated Grace LSA which is not in LSDB is received.
The ASan leak log for reference:
```
Direct leak of 400 byte(s) in 2 object(s) allocated from:
#0 0x7f70e984bd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f70e92481c5 in qcalloc lib/memory.c:105
#2 0x55b35068c975 in ospf6_lsa_alloc ospf6d/ospf6_lsa.c:710
#3 0x55b35068c9f9 in ospf6_lsa_create ospf6d/ospf6_lsa.c:725
FRRouting#4 0x55b35065ab2c in ospf6_receive_lsa ospf6d/ospf6_flood.c:912
FRRouting#5 0x55b3506a1413 in ospf6_lsupdate_recv ospf6d/ospf6_message.c:1621
FRRouting#6 0x55b3506a1413 in ospf6_read_helper ospf6d/ospf6_message.c:1896
FRRouting#7 0x55b3506a1413 in ospf6_receive ospf6d/ospf6_message.c:1925
FRRouting#8 0x7f70e92e6ccb in event_call lib/event.c:1979
FRRouting#9 0x7f70e922b488 in frr_run lib/libfrr.c:1213
FRRouting#10 0x55b35064345e in main ospf6d/ospf6_main.c:250
FRRouting#11 0x7f70e8843c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 72 byte(s) in 2 object(s) allocated from:
#0 0x7f70e984bb40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x7f70e9247ee5 in qmalloc lib/memory.c:100
#2 0x55b35068c987 in ospf6_lsa_alloc ospf6d/ospf6_lsa.c:711
#3 0x55b35068c9f9 in ospf6_lsa_create ospf6d/ospf6_lsa.c:725
FRRouting#4 0x55b35065ab2c in ospf6_receive_lsa ospf6d/ospf6_flood.c:912
FRRouting#5 0x55b3506a1413 in ospf6_lsupdate_recv ospf6d/ospf6_message.c:1621
FRRouting#6 0x55b3506a1413 in ospf6_read_helper ospf6d/ospf6_message.c:1896
FRRouting#7 0x55b3506a1413 in ospf6_receive ospf6d/ospf6_message.c:1925
FRRouting#8 0x7f70e92e6ccb in event_call lib/event.c:1979
FRRouting#9 0x7f70e922b488 in frr_run lib/libfrr.c:1213
FRRouting#10 0x55b35064345e in main ospf6d/ospf6_main.c:250
FRRouting#11 0x7f70e8843c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
SUMMARY: AddressSanitizer: 472 byte(s) leaked in 4 allocation(s).
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
louis-6wind
pushed a commit
that referenced
this pull request
Sep 12, 2023
Addressed a memory leak in OSPF by fixing the improper deallocation of
area range nodes when removed from the table. Introducing a new function,
`ospf_range_table_node_destroy` for proper node cleanup, resolved the issue.
The ASan leak log for reference:
```
Direct leak of 56 byte(s) in 2 object(s) allocated from:
#0 0x7faf661d1d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7faf65bce1e9 in qcalloc lib/memory.c:105
#2 0x55a66e0b61cd in ospf_area_range_new ospfd/ospf_abr.c:43
#3 0x55a66e0b61cd in ospf_area_range_set ospfd/ospf_abr.c:195
FRRouting#4 0x55a66e07f2eb in ospf_area_range ospfd/ospf_vty.c:631
FRRouting#5 0x7faf65b51548 in cmd_execute_command_real lib/command.c:993
FRRouting#6 0x7faf65b51f79 in cmd_execute_command_strict lib/command.c:1102
FRRouting#7 0x7faf65b51fd8 in command_config_read_one_line lib/command.c:1262
FRRouting#8 0x7faf65b522bf in config_from_file lib/command.c:1315
FRRouting#9 0x7faf65c832df in vty_read_file lib/vty.c:2605
FRRouting#10 0x7faf65c83409 in vty_read_config lib/vty.c:2851
FRRouting#11 0x7faf65bb0341 in frr_config_read_in lib/libfrr.c:977
FRRouting#12 0x7faf65c6cceb in event_call lib/event.c:1979
FRRouting#13 0x7faf65bb1488 in frr_run lib/libfrr.c:1213
FRRouting#14 0x55a66dfb28c4 in main ospfd/ospf_main.c:249
FRRouting#15 0x7faf651c9c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
SUMMARY: AddressSanitizer: 56 byte(s) leaked in 2 allocation(s).
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
louis-6wind
pushed a commit
that referenced
this pull request
Sep 18, 2023
Add SRv6 Capabilities Sub-TLV to the IS-IS Router Capabilities TLV data structure. SRv6 Capabilities Sub-TLV includes SRv6 Flags (RFC 9352 section #2) and Maximum SRv6 SID Depths (RFC 9352 section FRRouting#4). Signed-off-by: Carmine Scarpitta <carmine.scarpitta@uniroma2.it>
louis-6wind
pushed a commit
that referenced
this pull request
Sep 18, 2023
Extend Router Capabilities TLV pack function to pack Router Capabilies Sub-TLV (RFC 9352 section #2). Signed-off-by: Carmine Scarpitta <carmine.scarpitta@uniroma2.it>
louis-6wind
pushed a commit
that referenced
this pull request
Sep 18, 2023
Extend Router Capabilities TLV unpack function to unpack SRv6 Capabilities Sub-TLV (RFC 9352 section #2). Signed-off-by: Carmine Scarpitta <carmine.scarpitta@uniroma2.it>
louis-6wind
pushed a commit
that referenced
this pull request
Sep 18, 2023
This commit frees dynamically allocated memory associated
with `pbrms->nhgrp_name` and `pbrms->dst` which were causing memory leaks.
The ASan leak log for reference:
```
=================================================================
==107458==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 56 byte(s) in 1 object(s) allocated from:
#0 0x7f87d644ca37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
#1 0x7f87d5feaa37 in qcalloc ../lib/memory.c:105
#2 0x7f87d6054ffd in prefix_new ../lib/prefix.c:1180
#3 0x55722f3c2885 in pbr_map_match_dst_magic ../pbrd/pbr_vty.c:302
FRRouting#4 0x55722f3b5c24 in pbr_map_match_dst pbrd/pbr_vty_clippy.c:228
FRRouting#5 0x7f87d5f32d61 in cmd_execute_command_real ../lib/command.c:993
FRRouting#6 0x7f87d5f330ee in cmd_execute_command ../lib/command.c:1052
FRRouting#7 0x7f87d5f33dc0 in cmd_execute ../lib/command.c:1218
FRRouting#8 0x7f87d60e4177 in vty_command ../lib/vty.c:591
FRRouting#9 0x7f87d60e905c in vty_execute ../lib/vty.c:1354
FRRouting#10 0x7f87d60ef45a in vtysh_read ../lib/vty.c:2362
FRRouting#11 0x7f87d60d42d4 in event_call ../lib/event.c:1979
FRRouting#12 0x7f87d5fbe828 in frr_run ../lib/libfrr.c:1213
FRRouting#13 0x55722f3ac795 in main ../pbrd/pbr_main.c:168
FRRouting#14 0x7f87d5b82d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Direct leak of 2 byte(s) in 1 object(s) allocated from:
#0 0x7f87d63f39a7 in __interceptor_strdup ../../../../src/libsanitizer/asan/asan_interceptors.cpp:454
#1 0x7f87d5feaafc in qstrdup ../lib/memory.c:117
#2 0x55722f3da139 in pbr_nht_set_seq_nhg ../pbrd/pbr_nht.c:551
#3 0x55722f3c693f in pbr_map_nexthop_group_magic ../pbrd/pbr_vty.c:1140
FRRouting#4 0x55722f3bdaae in pbr_map_nexthop_group pbrd/pbr_vty_clippy.c:1284
FRRouting#5 0x7f87d5f32d61 in cmd_execute_command_real ../lib/command.c:993
FRRouting#6 0x7f87d5f330ee in cmd_execute_command ../lib/command.c:1052
FRRouting#7 0x7f87d5f33dc0 in cmd_execute ../lib/command.c:1218
FRRouting#8 0x7f87d60e4177 in vty_command ../lib/vty.c:591
FRRouting#9 0x7f87d60e905c in vty_execute ../lib/vty.c:1354
FRRouting#10 0x7f87d60ef45a in vtysh_read ../lib/vty.c:2362
FRRouting#11 0x7f87d60d42d4 in event_call ../lib/event.c:1979
FRRouting#12 0x7f87d5fbe828 in frr_run ../lib/libfrr.c:1213
FRRouting#13 0x55722f3ac795 in main ../pbrd/pbr_main.c:168
FRRouting#14 0x7f87d5b82d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
SUMMARY: AddressSanitizer: 58 byte(s) leaked in 2 allocation(s).
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
louis-6wind
pushed a commit
that referenced
this pull request
Sep 18, 2023
Extend Router Capabilities TLV format function to return information about SRv6 Capabilities Sub-TLVs (RFC 9352 section #2). Signed-off-by: Carmine Scarpitta <carmine.scarpitta@uniroma2.it>
louis-6wind
added a commit
that referenced
this pull request
Sep 25, 2023
The following crash has been seen: > #0 raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:51 > #1 0x00007f48a576db78 in core_handler (signo=11, siginfo=0x7ffeee4f2b30, context=0x7ffeee4f2a00) at lib/sigevent.c:262 > #2 <signal handler called> > #3 0x000055aded0d793a in isis_spf_process_lsp (spftree=0x55adee945120, lsp=0x55adee971800, cost=3, depth=1, root_sysid=0x55adee9451ac "", parent=0x55adee9474c0) at isisd/isis_spf.c:887 > FRRouting#4 0x000055aded0d9bd1 in isis_spf_loop (spftree=0x55adee945120, root_sysid=0x55adee9451ac "") at isisd/isis_spf.c:1679 > FRRouting#5 0x000055aded0d9fd1 in isis_run_spf (spftree=0x55adee945120) at isisd/isis_spf.c:1798 > FRRouting#6 0x000055aded0bad65 in isis_spf_run_neighbors (spftree=0x55adee962220) at isisd/isis_lfa.c:1259 > FRRouting#7 0x000055aded0bd896 in isis_spf_run_lfa (area=0x55adee95e200, spftree=0x55adee962220) at isisd/isis_lfa.c:2291 > FRRouting#8 0x000055aded0da0f2 in isis_run_spf_with_protection (area=0x55adee95e200, spftree=0x55adee962220) at isisd/isis_spf.c:1817 > FRRouting#9 0x000055aded0da350 in isis_run_spf_cb (thread=0x7ffeee4f3330) at isisd/isis_spf.c:1870 > FRRouting#10 0x00007f48a5786dcc in thread_call (thread=0x7ffeee4f3330) at lib/thread.c:2002 > FRRouting#11 0x00007f48a57213ee in frr_run (master=0x55adee6cdb40) at lib/libfrr.c:1196 > FRRouting#12 0x000055aded0acda2 in main (argc=2, argv=0x7ffeee4f3548, envp=0x7ffeee4f3560) at isisd/isis_main.c:273 It is caused by an attempt to access lsp->tlvs in isis_spf_process_lsp() label lspfragloop when lsp is NULL. isis_spf_process_lsp() checks that the lsp pointer is not NULL at the function beginning but af8ac8f ("isisd: send/receive LSPs with new parser") has introduced some lsp->tlvs accesses after the lspfragloop label without checking that lsp is not NULL. The crash has been seen in the following situation: - ISIS is configured to import routes from BGP - ISIS classic LFA is enabled on all ISIS interfaces - BGP receives routes from an exabgp peers - exabgp is stopped in the middle while sending new prefixes The same situation without LFA does not trigger the bug. However, it seems that the crash can potentially happen without LFA. Fixes: af8ac8f ("isisd: send/receive LSPs with new parser") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
louis-6wind
added a commit
that referenced
this pull request
Sep 26, 2023
The following crash happen when trying to send BGP Update from a subgroup when the stream is out of spaces: > ==594613==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000030 (pc 0x56486652f11a bp 0x7ffefaef6140 sp 0x7ffefaef6110 T0) > ==594613==The signal is caused by a READ memory access. > ==594613==Hint: address points to the zero page. > #0 0x56486652f11a in bgp_advertise_clean_subgroup bgpd/bgp_updgrp_adv.c:449 > #1 0x564866537019 in subgroup_update_packet bgpd/bgp_updgrp_packet.c:778 > #2 0x56486646d24c in bgp_generate_updgrp_packets bgpd/bgp_packet.c:439 > #3 0x7fc00dcb14b0 in thread_call lib/thread.c:1825 > FRRouting#4 0x7fc00dbcbf92 in frr_run lib/libfrr.c:1155 > FRRouting#5 0x56486634108e in main bgpd/bgp_main.c:570 > FRRouting#6 0x7fc00d70bd09 in __libc_start_main ../csu/libc-start.c:308 > FRRouting#7 0x56486633d8a9 in _start (/usr/lib/frr/bgpd+0x2a58a9) Crash at the following line in frame 0 because the 'adv' pointer is NULL: > baa = adv->baa; subgroup_update_packet() calls bgp_advertise_clean_subgroup() in a loop and provides adj. In the latter function, adv is get from adj->adv then adj->adv is set to NULL. The next call re-use the same adj and the crash occurs. Update adj before each call. Fixes: 3f9c736 ("BGP: Add dynamic update group support") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
louis-6wind
pushed a commit
that referenced
this pull request
Sep 26, 2023
Fixes a memory leak in ospfd where the external aggregator
was not released after its associated route node is deleted.
The ASan leak log for reference:
```
***********************************************************************************
Address Sanitizer Error detected in ospf_basic_functionality.test_ospf_asbr_summary_topo1/r0.asan.ospfd.31502
=================================================================
==31502==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 200 byte(s) in 5 object(s) allocated from:
#0 0x7fdb30665d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7fdb300620da in qcalloc lib/memory.c:105
#2 0x55e53c2da5fa in ospf_external_aggregator_new ospfd/ospf_asbr.c:396
#3 0x55e53c2dead3 in ospf_asbr_external_aggregator_set ospfd/ospf_asbr.c:1123
FRRouting#4 0x55e53c27c921 in ospf_external_route_aggregation ospfd/ospf_vty.c:10264
FRRouting#5 0x7fdb2ffe5428 in cmd_execute_command_real lib/command.c:993
FRRouting#6 0x7fdb2ffe58ec in cmd_execute_command lib/command.c:1051
FRRouting#7 0x7fdb2ffe5d6b in cmd_execute lib/command.c:1218
FRRouting#8 0x7fdb3010ce2a in vty_command lib/vty.c:591
FRRouting#9 0x7fdb3010d2d5 in vty_execute lib/vty.c:1354
FRRouting#10 0x7fdb30115b9b in vtysh_read lib/vty.c:2362
FRRouting#11 0x7fdb30100b99 in event_call lib/event.c:1979
FRRouting#12 0x7fdb30045379 in frr_run lib/libfrr.c:1213
FRRouting#13 0x55e53c1ccab4 in main ospfd/ospf_main.c:249
FRRouting#14 0x7fdb2f65dc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 40 byte(s) in 1 object(s) allocated from:
#0 0x7fdb30665d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7fdb300620da in qcalloc lib/memory.c:105
#2 0x55e53c2da5fa in ospf_external_aggregator_new ospfd/ospf_asbr.c:396
#3 0x55e53c2dedd3 in ospf_asbr_external_rt_no_advertise ospfd/ospf_asbr.c:1182
FRRouting#4 0x55e53c27cf10 in ospf_external_route_aggregation_no_adrvertise ospfd/ospf_vty.c:10626
FRRouting#5 0x7fdb2ffe5428 in cmd_execute_command_real lib/command.c:993
FRRouting#6 0x7fdb2ffe58ec in cmd_execute_command lib/command.c:1051
FRRouting#7 0x7fdb2ffe5d6b in cmd_execute lib/command.c:1218
FRRouting#8 0x7fdb3010ce2a in vty_command lib/vty.c:591
FRRouting#9 0x7fdb3010d2d5 in vty_execute lib/vty.c:1354
FRRouting#10 0x7fdb30115b9b in vtysh_read lib/vty.c:2362
FRRouting#11 0x7fdb30100b99 in event_call lib/event.c:1979
FRRouting#12 0x7fdb30045379 in frr_run lib/libfrr.c:1213
FRRouting#13 0x55e53c1ccab4 in main ospfd/ospf_main.c:249
FRRouting#14 0x7fdb2f65dc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
SUMMARY: AddressSanitizer: 240 byte(s) leaked in 6 allocation(s).
***********************************************************************************
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
louis-6wind
pushed a commit
that referenced
this pull request
Nov 22, 2023
`ng` was not properly freed, leading to a memory leak.
The commit calls `nexthop_group_delete` to free memory associated with `ng`.
The ASan leak log for reference:
```
***********************************************************************************
Address Sanitizer Error detected in isis_topo1.test_isis_topo1/r5.asan.zebra.24308
=================================================================
==24308==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x7f4f47b43d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f4f4753c0a8 in qcalloc lib/memory.c:105
#2 0x7f4f47559526 in nexthop_group_new lib/nexthop_group.c:270
#3 0x562ded6a39d4 in zebra_add_import_table_entry zebra/redistribute.c:681
FRRouting#4 0x562ded787c35 in rib_link zebra/zebra_rib.c:3972
FRRouting#5 0x562ded787c35 in rib_addnode zebra/zebra_rib.c:3993
FRRouting#6 0x562ded787c35 in process_subq_early_route_add zebra/zebra_rib.c:2860
FRRouting#7 0x562ded787c35 in process_subq_early_route zebra/zebra_rib.c:3138
FRRouting#8 0x562ded787c35 in process_subq zebra/zebra_rib.c:3178
FRRouting#9 0x562ded787c35 in meta_queue_process zebra/zebra_rib.c:3228
FRRouting#10 0x7f4f475f7118 in work_queue_run lib/workqueue.c:266
FRRouting#11 0x7f4f475dc7f2 in event_call lib/event.c:1969
FRRouting#12 0x7f4f4751f347 in frr_run lib/libfrr.c:1213
FRRouting#13 0x562ded69e818 in main zebra/main.c:486
FRRouting#14 0x7f4f468ffc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 152 byte(s) in 1 object(s) allocated from:
#0 0x7f4f47b43d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f4f4753c0a8 in qcalloc lib/memory.c:105
#2 0x7f4f475510ad in nexthop_new lib/nexthop.c:376
#3 0x7f4f475539c5 in nexthop_dup lib/nexthop.c:914
FRRouting#4 0x7f4f4755b27a in copy_nexthops lib/nexthop_group.c:444
FRRouting#5 0x562ded6a3a1c in zebra_add_import_table_entry zebra/redistribute.c:682
FRRouting#6 0x562ded787c35 in rib_link zebra/zebra_rib.c:3972
FRRouting#7 0x562ded787c35 in rib_addnode zebra/zebra_rib.c:3993
FRRouting#8 0x562ded787c35 in process_subq_early_route_add zebra/zebra_rib.c:2860
FRRouting#9 0x562ded787c35 in process_subq_early_route zebra/zebra_rib.c:3138
FRRouting#10 0x562ded787c35 in process_subq zebra/zebra_rib.c:3178
FRRouting#11 0x562ded787c35 in meta_queue_process zebra/zebra_rib.c:3228
FRRouting#12 0x7f4f475f7118 in work_queue_run lib/workqueue.c:266
FRRouting#13 0x7f4f475dc7f2 in event_call lib/event.c:1969
FRRouting#14 0x7f4f4751f347 in frr_run lib/libfrr.c:1213
FRRouting#15 0x562ded69e818 in main zebra/main.c:486
FRRouting#16 0x7f4f468ffc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
SUMMARY: AddressSanitizer: 184 byte(s) leaked in 2 allocation(s).
***********************************************************************************
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
louis-6wind
pushed a commit
that referenced
this pull request
Nov 22, 2023
- Addressed memory leak by removing `&c->peer_notifier` from the notifier list on termination. Retaining it caused the notifier list to stay active, preventing the deletion of `c->cur.peer`
thereby causing a memory leak.
- Reordered termination steps to call `vrf_terminate` before `nhrp_vc_terminate`, preventing a heap-use-after-free issue when `nhrp_vc_notify_del` is invoked in `nhrp_peer_check_delete`.
- Added an if statement to avoid passing NULL as hash to `hash_release`, which leads to a SIGSEGV.
The ASan leak log for reference:
```
***********************************************************************************
Address Sanitizer Error detected in nhrp_topo.test_nhrp_topo/r1.asan.nhrpd.20265
=================================================================
==20265==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 112 byte(s) in 1 object(s) allocated from:
#0 0x7f80270c9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x7f8026ac1eb8 in qmalloc lib/memory.c:100
#2 0x560fd648f0a6 in nhrp_peer_create nhrpd/nhrp_peer.c:175
#3 0x7f8026a88d3f in hash_get lib/hash.c:147
FRRouting#4 0x560fd6490a5d in nhrp_peer_get nhrpd/nhrp_peer.c:228
FRRouting#5 0x560fd648a51a in nhrp_nhs_resolve_cb nhrpd/nhrp_nhs.c:297
FRRouting#6 0x7f80266b000f in resolver_cb_literal lib/resolver.c:234
FRRouting#7 0x7f8026b62e0e in event_call lib/event.c:1969
FRRouting#8 0x7f8026aa5437 in frr_run lib/libfrr.c:1213
FRRouting#9 0x560fd6488b4f in main nhrpd/nhrp_main.c:166
FRRouting#10 0x7f8025eb2c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
SUMMARY: AddressSanitizer: 112 byte(s) leaked in 1 allocation(s).
***********************************************************************************
***********************************************************************************
Address Sanitizer Error detected in nhrp_topo.test_nhrp_topo/r2.asan.nhrpd.20400
=================================================================
==20400==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 112 byte(s) in 1 object(s) allocated from:
#0 0x7fb6e3ca5b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x7fb6e369deb8 in qmalloc lib/memory.c:100
#2 0x562652de40a6 in nhrp_peer_create nhrpd/nhrp_peer.c:175
#3 0x7fb6e3664d3f in hash_get lib/hash.c:147
FRRouting#4 0x562652de5a5d in nhrp_peer_get nhrpd/nhrp_peer.c:228
FRRouting#5 0x562652de1e8e in nhrp_packet_recvraw nhrpd/nhrp_packet.c:325
FRRouting#6 0x7fb6e373ee0e in event_call lib/event.c:1969
FRRouting#7 0x7fb6e3681437 in frr_run lib/libfrr.c:1213
FRRouting#8 0x562652dddb4f in main nhrpd/nhrp_main.c:166
FRRouting#9 0x7fb6e2a8ec86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
SUMMARY: AddressSanitizer: 112 byte(s) leaked in 1 allocation(s).
***********************************************************************************
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
louis-6wind
pushed a commit
that referenced
this pull request
Nov 22, 2023
The shallow copy of attr wasn't freed when there was no valid label for the momentand the function return therefore creating leaks. The leak below are solved by flushing the shallow copy of attr.
Address Sanitizer Error detected in bgp_vpnv6_per_nexthop_label.test_bgp_vpnv6_per_nexthop_label/r1.asan.bgpd.13409
=================================================================
==13409==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 280 byte(s) in 7 object(s) allocated from:
#0 0x7f62cd0c9d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f62ccac21c3 in qcalloc lib/memory.c:105
#2 0x5623b8810dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252
#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
FRRouting#4 0x5623b88c13b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005
FRRouting#5 0x5623b89beabc in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287
FRRouting#6 0x5623b89beabc in af_label_vpn_export_allocation_mode_magic bgpd/bgp_vty.c:9464
FRRouting#7 0x5623b89beabc in af_label_vpn_export_allocation_mode bgpd/bgp_vty_clippy.c:2809
FRRouting#8 0x7f62cca45511 in cmd_execute_command_real lib/command.c:978
FRRouting#9 0x7f62cca459d5 in cmd_execute_command lib/command.c:1036
FRRouting#10 0x7f62cca45e54 in cmd_execute lib/command.c:1203
FRRouting#11 0x7f62ccb6ee20 in vty_command lib/vty.c:591
FRRouting#12 0x7f62ccb6f2cb in vty_execute lib/vty.c:1354
FRRouting#13 0x7f62ccb77b95 in vtysh_read lib/vty.c:2362
FRRouting#14 0x7f62ccb62b8f in event_call lib/event.c:1969
FRRouting#15 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213
FRRouting#16 0x5623b87e054b in main bgpd/bgp_main.c:510
FRRouting#17 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 280 byte(s) in 7 object(s) allocated from:
#0 0x7f62cd0c9d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f62ccac21c3 in qcalloc lib/memory.c:105
#2 0x5623b8810dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252
#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
FRRouting#4 0x5623b892e86d in bgp_update bgpd/bgp_route.c:4969
FRRouting#5 0x5623b893134d in bgp_nlri_parse_ip bgpd/bgp_route.c:6213
FRRouting#6 0x5623b88e2a0e in bgp_nlri_parse bgpd/bgp_packet.c:341
FRRouting#7 0x5623b88e4f7c in bgp_update_receive bgpd/bgp_packet.c:2220
FRRouting#8 0x5623b88f0474 in bgp_process_packet bgpd/bgp_packet.c:3386
FRRouting#9 0x7f62ccb62b8f in event_call lib/event.c:1969
FRRouting#10 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213
FRRouting#11 0x5623b87e054b in main bgpd/bgp_main.c:510
FRRouting#12 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 280 byte(s) in 7 object(s) allocated from:
#0 0x7f62cd0c9d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f62ccac21c3 in qcalloc lib/memory.c:105
#2 0x5623b8810dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252
#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
FRRouting#4 0x5623b88c13b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005
FRRouting#5 0x5623b89bdebb in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287
FRRouting#6 0x5623b89bdebb in af_label_vpn_export_magic bgpd/bgp_vty.c:9547
FRRouting#7 0x5623b89bdebb in af_label_vpn_export bgpd/bgp_vty_clippy.c:2868
FRRouting#8 0x7f62cca45511 in cmd_execute_command_real lib/command.c:978
FRRouting#9 0x7f62cca459d5 in cmd_execute_command lib/command.c:1036
FRRouting#10 0x7f62cca45e54 in cmd_execute lib/command.c:1203
FRRouting#11 0x7f62ccb6ee20 in vty_command lib/vty.c:591
FRRouting#12 0x7f62ccb6f2cb in vty_execute lib/vty.c:1354
FRRouting#13 0x7f62ccb77b95 in vtysh_read lib/vty.c:2362
FRRouting#14 0x7f62ccb62b8f in event_call lib/event.c:1969
FRRouting#15 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213
FRRouting#16 0x5623b87e054b in main bgpd/bgp_main.c:510
FRRouting#17 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 240 byte(s) in 6 object(s) allocated from:
#0 0x7f62cd0c9d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f62ccac21c3 in qcalloc lib/memory.c:105
#2 0x5623b8810dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252
#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
FRRouting#4 0x5623b88dc289 in evaluate_paths bgpd/bgp_nht.c:1384
FRRouting#5 0x5623b88ddb0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733
FRRouting#6 0x5623b88de027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934
FRRouting#7 0x5623b8a03163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104
FRRouting#8 0x7f62ccb92d8a in zclient_read lib/zclient.c:4425
FRRouting#9 0x7f62ccb62b8f in event_call lib/event.c:1969
FRRouting#10 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213
FRRouting#11 0x5623b87e054b in main bgpd/bgp_main.c:510
FRRouting#12 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 120 byte(s) in 3 object(s) allocated from:
#0 0x7f62cd0c9d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f62ccac21c3 in qcalloc lib/memory.c:105
#2 0x5623b8810dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252
#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
FRRouting#4 0x5623b893a406 in bgp_redistribute_add bgpd/bgp_route.c:8692
FRRouting#5 0x5623b8a02b3b in zebra_read_route bgpd/bgp_zebra.c:595
FRRouting#6 0x7f62ccb92d8a in zclient_read lib/zclient.c:4425
FRRouting#7 0x7f62ccb62b8f in event_call lib/event.c:1969
FRRouting#8 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213
FRRouting#9 0x5623b87e054b in main bgpd/bgp_main.c:510
FRRouting#10 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 80 byte(s) in 2 object(s) allocated from:
#0 0x7f62cd0c9d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f62ccac21c3 in qcalloc lib/memory.c:105
#2 0x5623b8810dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252
#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
FRRouting#4 0x5623b88dc188 in evaluate_paths bgpd/bgp_nht.c:1348
FRRouting#5 0x5623b88ddb0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733
FRRouting#6 0x5623b88de027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934
FRRouting#7 0x5623b8a03163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104
FRRouting#8 0x7f62ccb92d8a in zclient_read lib/zclient.c:4425
FRRouting#9 0x7f62ccb62b8f in event_call lib/event.c:1969
FRRouting#10 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213
FRRouting#11 0x5623b87e054b in main bgpd/bgp_main.c:510
FRRouting#12 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 56 byte(s) in 7 object(s) allocated from:
#0 0x7f62cd0c9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x7f62ccac1ee3 in qmalloc lib/memory.c:100
#2 0x5623b8810eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256
#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
FRRouting#4 0x5623b88c13b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005
FRRouting#5 0x5623b89beabc in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287
FRRouting#6 0x5623b89beabc in af_label_vpn_export_allocation_mode_magic bgpd/bgp_vty.c:9464
FRRouting#7 0x5623b89beabc in af_label_vpn_export_allocation_mode bgpd/bgp_vty_clippy.c:2809
FRRouting#8 0x7f62cca45511 in cmd_execute_command_real lib/command.c:978
FRRouting#9 0x7f62cca459d5 in cmd_execute_command lib/command.c:1036
FRRouting#10 0x7f62cca45e54 in cmd_execute lib/command.c:1203
FRRouting#11 0x7f62ccb6ee20 in vty_command lib/vty.c:591
FRRouting#12 0x7f62ccb6f2cb in vty_execute lib/vty.c:1354
FRRouting#13 0x7f62ccb77b95 in vtysh_read lib/vty.c:2362
FRRouting#14 0x7f62ccb62b8f in event_call lib/event.c:1969
FRRouting#15 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213
FRRouting#16 0x5623b87e054b in main bgpd/bgp_main.c:510
FRRouting#17 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 56 byte(s) in 7 object(s) allocated from:
#0 0x7f62cd0c9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x7f62ccac1ee3 in qmalloc lib/memory.c:100
#2 0x5623b8810eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256
#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
FRRouting#4 0x5623b892e86d in bgp_update bgpd/bgp_route.c:4969
FRRouting#5 0x5623b893134d in bgp_nlri_parse_ip bgpd/bgp_route.c:6213
FRRouting#6 0x5623b88e2a0e in bgp_nlri_parse bgpd/bgp_packet.c:341
FRRouting#7 0x5623b88e4f7c in bgp_update_receive bgpd/bgp_packet.c:2220
FRRouting#8 0x5623b88f0474 in bgp_process_packet bgpd/bgp_packet.c:3386
FRRouting#9 0x7f62ccb62b8f in event_call lib/event.c:1969
FRRouting#10 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213
FRRouting#11 0x5623b87e054b in main bgpd/bgp_main.c:510
FRRouting#12 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 56 byte(s) in 7 object(s) allocated from:
#0 0x7f62cd0c9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x7f62ccac1ee3 in qmalloc lib/memory.c:100
#2 0x5623b8810eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256
#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
FRRouting#4 0x5623b88c13b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005
FRRouting#5 0x5623b89bdebb in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287
FRRouting#6 0x5623b89bdebb in af_label_vpn_export_magic bgpd/bgp_vty.c:9547
FRRouting#7 0x5623b89bdebb in af_label_vpn_export bgpd/bgp_vty_clippy.c:2868
FRRouting#8 0x7f62cca45511 in cmd_execute_command_real lib/command.c:978
FRRouting#9 0x7f62cca459d5 in cmd_execute_command lib/command.c:1036
FRRouting#10 0x7f62cca45e54 in cmd_execute lib/command.c:1203
FRRouting#11 0x7f62ccb6ee20 in vty_command lib/vty.c:591
FRRouting#12 0x7f62ccb6f2cb in vty_execute lib/vty.c:1354
FRRouting#13 0x7f62ccb77b95 in vtysh_read lib/vty.c:2362
FRRouting#14 0x7f62ccb62b8f in event_call lib/event.c:1969
FRRouting#15 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213
FRRouting#16 0x5623b87e054b in main bgpd/bgp_main.c:510
FRRouting#17 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 48 byte(s) in 6 object(s) allocated from:
#0 0x7f62cd0c9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x7f62ccac1ee3 in qmalloc lib/memory.c:100
#2 0x5623b8810eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256
#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
FRRouting#4 0x5623b88dc289 in evaluate_paths bgpd/bgp_nht.c:1384
FRRouting#5 0x5623b88ddb0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733
FRRouting#6 0x5623b88de027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934
FRRouting#7 0x5623b8a03163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104
FRRouting#8 0x7f62ccb92d8a in zclient_read lib/zclient.c:4425
FRRouting#9 0x7f62ccb62b8f in event_call lib/event.c:1969
FRRouting#10 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213
FRRouting#11 0x5623b87e054b in main bgpd/bgp_main.c:510
FRRouting#12 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 24 byte(s) in 3 object(s) allocated from:
#0 0x7f62cd0c9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x7f62ccac1ee3 in qmalloc lib/memory.c:100
#2 0x5623b8810eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256
#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
FRRouting#4 0x5623b893a406 in bgp_redistribute_add bgpd/bgp_route.c:8692
FRRouting#5 0x5623b8a02b3b in zebra_read_route bgpd/bgp_zebra.c:595
FRRouting#6 0x7f62ccb92d8a in zclient_read lib/zclient.c:4425
FRRouting#7 0x7f62ccb62b8f in event_call lib/event.c:1969
FRRouting#8 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213
FRRouting#9 0x5623b87e054b in main bgpd/bgp_main.c:510
FRRouting#10 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 16 byte(s) in 2 object(s) allocated from:
#0 0x7f62cd0c9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x7f62ccac1ee3 in qmalloc lib/memory.c:100
#2 0x5623b8810eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256
#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
FRRouting#4 0x5623b88dc188 in evaluate_paths bgpd/bgp_nht.c:1348
FRRouting#5 0x5623b88ddb0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733
FRRouting#6 0x5623b88de027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934
FRRouting#7 0x5623b8a03163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104
FRRouting#8 0x7f62ccb92d8a in zclient_read lib/zclient.c:4425
FRRouting#9 0x7f62ccb62b8f in event_call lib/event.c:1969
FRRouting#10 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213
FRRouting#11 0x5623b87e054b in main bgpd/bgp_main.c:510
FRRouting#12 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
SUMMARY: AddressSanitizer: 1536 byte(s) leaked in 64 allocation(s).
***********************************************************************************
Address Sanitizer Error detected in bgp_vpnv4_per_nexthop_label.test_bgp_vpnv4_per_nexthop_label/r1.asan.bgpd.10610
=================================================================
==10610==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 280 byte(s) in 7 object(s) allocated from:
#0 0x7f81fc562d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f81fbf5b1c3 in qcalloc lib/memory.c:105
#2 0x55cdc9b28dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252
#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
FRRouting#4 0x55cdc9c4686d in bgp_update bgpd/bgp_route.c:4969
FRRouting#5 0x55cdc9c4934d in bgp_nlri_parse_ip bgpd/bgp_route.c:6213
FRRouting#6 0x55cdc9bfaa0e in bgp_nlri_parse bgpd/bgp_packet.c:341
FRRouting#7 0x55cdc9bfcf7c in bgp_update_receive bgpd/bgp_packet.c:2220
FRRouting#8 0x55cdc9c08474 in bgp_process_packet bgpd/bgp_packet.c:3386
FRRouting#9 0x7f81fbffbb8f in event_call lib/event.c:1969
FRRouting#10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213
FRRouting#11 0x55cdc9af854b in main bgpd/bgp_main.c:510
FRRouting#12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 280 byte(s) in 7 object(s) allocated from:
#0 0x7f81fc562d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f81fbf5b1c3 in qcalloc lib/memory.c:105
#2 0x55cdc9b28dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252
#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
FRRouting#4 0x55cdc9bd93b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005
FRRouting#5 0x55cdc9cd6abc in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287
FRRouting#6 0x55cdc9cd6abc in af_label_vpn_export_allocation_mode_magic bgpd/bgp_vty.c:9464
FRRouting#7 0x55cdc9cd6abc in af_label_vpn_export_allocation_mode bgpd/bgp_vty_clippy.c:2809
FRRouting#8 0x7f81fbede511 in cmd_execute_command_real lib/command.c:978
FRRouting#9 0x7f81fbede9d5 in cmd_execute_command lib/command.c:1036
FRRouting#10 0x7f81fbedee54 in cmd_execute lib/command.c:1203
FRRouting#11 0x7f81fc007e20 in vty_command lib/vty.c:591
FRRouting#12 0x7f81fc0082cb in vty_execute lib/vty.c:1354
FRRouting#13 0x7f81fc010b95 in vtysh_read lib/vty.c:2362
FRRouting#14 0x7f81fbffbb8f in event_call lib/event.c:1969
FRRouting#15 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213
FRRouting#16 0x55cdc9af854b in main bgpd/bgp_main.c:510
FRRouting#17 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 280 byte(s) in 7 object(s) allocated from:
#0 0x7f81fc562d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f81fbf5b1c3 in qcalloc lib/memory.c:105
#2 0x55cdc9b28dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252
#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
FRRouting#4 0x55cdc9bd93b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005
FRRouting#5 0x55cdc9cd5ebb in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287
FRRouting#6 0x55cdc9cd5ebb in af_label_vpn_export_magic bgpd/bgp_vty.c:9547
FRRouting#7 0x55cdc9cd5ebb in af_label_vpn_export bgpd/bgp_vty_clippy.c:2868
FRRouting#8 0x7f81fbede511 in cmd_execute_command_real lib/command.c:978
FRRouting#9 0x7f81fbede9d5 in cmd_execute_command lib/command.c:1036
FRRouting#10 0x7f81fbedee54 in cmd_execute lib/command.c:1203
FRRouting#11 0x7f81fc007e20 in vty_command lib/vty.c:591
FRRouting#12 0x7f81fc0082cb in vty_execute lib/vty.c:1354
FRRouting#13 0x7f81fc010b95 in vtysh_read lib/vty.c:2362
FRRouting#14 0x7f81fbffbb8f in event_call lib/event.c:1969
FRRouting#15 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213
FRRouting#16 0x55cdc9af854b in main bgpd/bgp_main.c:510
FRRouting#17 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 240 byte(s) in 6 object(s) allocated from:
#0 0x7f81fc562d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f81fbf5b1c3 in qcalloc lib/memory.c:105
#2 0x55cdc9b28dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252
#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
FRRouting#4 0x55cdc9bf4289 in evaluate_paths bgpd/bgp_nht.c:1384
FRRouting#5 0x55cdc9bf5b0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733
FRRouting#6 0x55cdc9bf6027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934
FRRouting#7 0x55cdc9d1b163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104
FRRouting#8 0x7f81fc02bd8a in zclient_read lib/zclient.c:4425
FRRouting#9 0x7f81fbffbb8f in event_call lib/event.c:1969
FRRouting#10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213
FRRouting#11 0x55cdc9af854b in main bgpd/bgp_main.c:510
FRRouting#12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 80 byte(s) in 2 object(s) allocated from:
#0 0x7f81fc562d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f81fbf5b1c3 in qcalloc lib/memory.c:105
#2 0x55cdc9b28dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252
#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
FRRouting#4 0x55cdc9bf4188 in evaluate_paths bgpd/bgp_nht.c:1348
FRRouting#5 0x55cdc9bf5b0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733
FRRouting#6 0x55cdc9bf6027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934
FRRouting#7 0x55cdc9d1b163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104
FRRouting#8 0x7f81fc02bd8a in zclient_read lib/zclient.c:4425
FRRouting#9 0x7f81fbffbb8f in event_call lib/event.c:1969
FRRouting#10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213
FRRouting#11 0x55cdc9af854b in main bgpd/bgp_main.c:510
FRRouting#12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 80 byte(s) in 2 object(s) allocated from:
#0 0x7f81fc562d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f81fbf5b1c3 in qcalloc lib/memory.c:105
#2 0x55cdc9b28dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252
#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
FRRouting#4 0x55cdc9bd93b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005
FRRouting#5 0x55cdc9bdafd5 in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287
FRRouting#6 0x55cdc9bdafd5 in vpn_leak_label_callback bgpd/bgp_mplsvpn.c:581
FRRouting#7 0x55cdc9bb2606 in lp_cbq_docallback bgpd/bgp_labelpool.c:118
FRRouting#8 0x7f81fc0164b5 in work_queue_run lib/workqueue.c:266
FRRouting#9 0x7f81fbffbb8f in event_call lib/event.c:1969
FRRouting#10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213
FRRouting#11 0x55cdc9af854b in main bgpd/bgp_main.c:510
FRRouting#12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 40 byte(s) in 1 object(s) allocated from:
#0 0x7f81fc562d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f81fbf5b1c3 in qcalloc lib/memory.c:105
#2 0x55cdc9b28dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252
#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
FRRouting#4 0x55cdc9c52406 in bgp_redistribute_add bgpd/bgp_route.c:8692
FRRouting#5 0x55cdc9d1ab3b in zebra_read_route bgpd/bgp_zebra.c:595
FRRouting#6 0x7f81fc02bd8a in zclient_read lib/zclient.c:4425
FRRouting#7 0x7f81fbffbb8f in event_call lib/event.c:1969
FRRouting#8 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213
FRRouting#9 0x55cdc9af854b in main bgpd/bgp_main.c:510
FRRouting#10 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 56 byte(s) in 7 object(s) allocated from:
#0 0x7f81fc562b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x7f81fbf5aee3 in qmalloc lib/memory.c:100
#2 0x55cdc9b28eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256
#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
FRRouting#4 0x55cdc9bd93b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005
FRRouting#5 0x55cdc9cd6abc in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287
FRRouting#6 0x55cdc9cd6abc in af_label_vpn_export_allocation_mode_magic bgpd/bgp_vty.c:9464
FRRouting#7 0x55cdc9cd6abc in af_label_vpn_export_allocation_mode bgpd/bgp_vty_clippy.c:2809
FRRouting#8 0x7f81fbede511 in cmd_execute_command_real lib/command.c:978
FRRouting#9 0x7f81fbede9d5 in cmd_execute_command lib/command.c:1036
FRRouting#10 0x7f81fbedee54 in cmd_execute lib/command.c:1203
FRRouting#11 0x7f81fc007e20 in vty_command lib/vty.c:591
FRRouting#12 0x7f81fc0082cb in vty_execute lib/vty.c:1354
FRRouting#13 0x7f81fc010b95 in vtysh_read lib/vty.c:2362
FRRouting#14 0x7f81fbffbb8f in event_call lib/event.c:1969
FRRouting#15 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213
FRRouting#16 0x55cdc9af854b in main bgpd/bgp_main.c:510
FRRouting#17 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 56 byte(s) in 7 object(s) allocated from:
#0 0x7f81fc562b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x7f81fbf5aee3 in qmalloc lib/memory.c:100
#2 0x55cdc9b28eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256
#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
FRRouting#4 0x55cdc9bd93b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005
FRRouting#5 0x55cdc9cd5ebb in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287
FRRouting#6 0x55cdc9cd5ebb in af_label_vpn_export_magic bgpd/bgp_vty.c:9547
FRRouting#7 0x55cdc9cd5ebb in af_label_vpn_export bgpd/bgp_vty_clippy.c:2868
FRRouting#8 0x7f81fbede511 in cmd_execute_command_real lib/command.c:978
FRRouting#9 0x7f81fbede9d5 in cmd_execute_command lib/command.c:1036
FRRouting#10 0x7f81fbedee54 in cmd_execute lib/command.c:1203
FRRouting#11 0x7f81fc007e20 in vty_command lib/vty.c:591
FRRouting#12 0x7f81fc0082cb in vty_execute lib/vty.c:1354
FRRouting#13 0x7f81fc010b95 in vtysh_read lib/vty.c:2362
FRRouting#14 0x7f81fbffbb8f in event_call lib/event.c:1969
FRRouting#15 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213
FRRouting#16 0x55cdc9af854b in main bgpd/bgp_main.c:510
FRRouting#17 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 56 byte(s) in 7 object(s) allocated from:
#0 0x7f81fc562b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x7f81fbf5aee3 in qmalloc lib/memory.c:100
#2 0x55cdc9b28eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256
#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
FRRouting#4 0x55cdc9c4686d in bgp_update bgpd/bgp_route.c:4969
FRRouting#5 0x55cdc9c4934d in bgp_nlri_parse_ip bgpd/bgp_route.c:6213
FRRouting#6 0x55cdc9bfaa0e in bgp_nlri_parse bgpd/bgp_packet.c:341
FRRouting#7 0x55cdc9bfcf7c in bgp_update_receive bgpd/bgp_packet.c:2220
FRRouting#8 0x55cdc9c08474 in bgp_process_packet bgpd/bgp_packet.c:3386
FRRouting#9 0x7f81fbffbb8f in event_call lib/event.c:1969
FRRouting#10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213
FRRouting#11 0x55cdc9af854b in main bgpd/bgp_main.c:510
FRRouting#12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 48 byte(s) in 6 object(s) allocated from:
#0 0x7f81fc562b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x7f81fbf5aee3 in qmalloc lib/memory.c:100
#2 0x55cdc9b28eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256
#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
FRRouting#4 0x55cdc9bf4289 in evaluate_paths bgpd/bgp_nht.c:1384
FRRouting#5 0x55cdc9bf5b0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733
FRRouting#6 0x55cdc9bf6027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934
FRRouting#7 0x55cdc9d1b163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104
FRRouting#8 0x7f81fc02bd8a in zclient_read lib/zclient.c:4425
FRRouting#9 0x7f81fbffbb8f in event_call lib/event.c:1969
FRRouting#10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213
FRRouting#11 0x55cdc9af854b in main bgpd/bgp_main.c:510
FRRouting#12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 16 byte(s) in 2 object(s) allocated from:
#0 0x7f81fc562b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x7f81fbf5aee3 in qmalloc lib/memory.c:100
#2 0x55cdc9b28eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256
#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
FRRouting#4 0x55cdc9bf4188 in evaluate_paths bgpd/bgp_nht.c:1348
FRRouting#5 0x55cdc9bf5b0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733
FRRouting#6 0x55cdc9bf6027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934
FRRouting#7 0x55cdc9d1b163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104
FRRouting#8 0x7f81fc02bd8a in zclient_read lib/zclient.c:4425
FRRouting#9 0x7f81fbffbb8f in event_call lib/event.c:1969
FRRouting#10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213
FRRouting#11 0x55cdc9af854b in main bgpd/bgp_main.c:510
FRRouting#12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 16 byte(s) in 2 object(s) allocated from:
#0 0x7f81fc562b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x7f81fbf5aee3 in qmalloc lib/memory.c:100
#2 0x55cdc9b28eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256
#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
FRRouting#4 0x55cdc9bd93b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005
FRRouting#5 0x55cdc9bdafd5 in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287
FRRouting#6 0x55cdc9bdafd5 in vpn_leak_label_callback bgpd/bgp_mplsvpn.c:581
FRRouting#7 0x55cdc9bb2606 in lp_cbq_docallback bgpd/bgp_labelpool.c:118
FRRouting#8 0x7f81fc0164b5 in work_queue_run lib/workqueue.c:266
FRRouting#9 0x7f81fbffbb8f in event_call lib/event.c:1969
FRRouting#10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213
FRRouting#11 0x55cdc9af854b in main bgpd/bgp_main.c:510
FRRouting#12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 8 byte(s) in 1 object(s) allocated from:
#0 0x7f81fc562b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x7f81fbf5aee3 in qmalloc lib/memory.c:100
#2 0x55cdc9b28eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256
#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
FRRouting#4 0x55cdc9c52406 in bgp_redistribute_add bgpd/bgp_route.c:8692
FRRouting#5 0x55cdc9d1ab3b in zebra_read_route bgpd/bgp_zebra.c:595
FRRouting#6 0x7f81fc02bd8a in zclient_read lib/zclient.c:4425
FRRouting#7 0x7f81fbffbb8f in event_call lib/event.c:1969
FRRouting#8 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213
FRRouting#9 0x55cdc9af854b in main bgpd/bgp_main.c:510
FRRouting#10 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
SUMMARY: AddressSanitizer: 1536 byte(s) leaked in 64 allocation(s).
***********************************************************************************
Signed-off-by: ryndia <dindyalsarvesh@gmail.com>
louis-6wind
pushed a commit
that referenced
this pull request
Nov 22, 2023
Problem Statement: =================== Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s) at 0x4975157: sendmsg (sendmsg.c:28) ==2263111== by 0x1413BE: pim_msg_send_frame (pim_pim.c:629) ==2263111== by 0x1413BE: pim_msg_send (pim_pim.c:743) ==2263111== by 0x1425DC: pim_register_send (pim_register.c:332) ==2263111== by 0x1427EE: pim_null_register_send (pim_register.c:443) ==2263111== by 0x14D228: pim_upstream_register_stop_timer (pim_upstream.c:1608) ==2263111== by 0x48CE6DF: thread_call (thread.c:1693) ==2263111== by 0x4899EFF: frr_run (libfrr.c:1068) ==2263111== by 0x11D035: main (pim6_main.c:190) ==2263111== Address 0x1ffeffdcb1 is on thread 1's stack ==2263111== in frame #2, created by pim_register_send (pim_register.c:273) ==2263111== Uninitialised value was created by a stack allocation ==2263111== at 0x142690: pim_null_register_send (pim_register.c:389) RCA: ==================== 1. All members of struct pim_msg_header were not initiliased while sending null register packet. Therefore when the pointers are assigned while sending the msg via sendmsg, it complains the pointer points to uninitialised byte. 2. struct ipv6_ph ph was also not initialised. Fix: ==================== Initialised all the members using memset. Signed-off-by: Mobashshera Rasool <mrasool@vmware.com>
louis-6wind
pushed a commit
that referenced
this pull request
Nov 22, 2023
The function aspath_remove_private_asns was using an aspath to perform some operation and didnt free it after usage leading to the leak below.
***********************************************************************************
Address Sanitizer Error detected in bgp_remove_private_as_route_map.test_bgp_remove_private_as_route_map/r2.asan.bgpd.27074
=================================================================
==27074==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 80 byte(s) in 2 object(s) allocated from:
#0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
#2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689
#3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283
FRRouting#4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
FRRouting#5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
FRRouting#6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
FRRouting#7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
FRRouting#8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
FRRouting#9 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
FRRouting#10 0x7fd0a463322a in event_call lib/event.c:1970
FRRouting#11 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
FRRouting#12 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
FRRouting#13 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 80 byte(s) in 2 object(s) allocated from:
#0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
#2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689
#3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283
FRRouting#4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
FRRouting#5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
FRRouting#6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
FRRouting#7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
FRRouting#8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
FRRouting#9 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
FRRouting#10 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
FRRouting#11 0x7fd0a455a7aa in hash_walk lib/hash.c:270
FRRouting#12 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
FRRouting#13 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
FRRouting#14 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
FRRouting#15 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
FRRouting#16 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
FRRouting#17 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
FRRouting#18 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
FRRouting#19 0x7fd0a463322a in event_call lib/event.c:1970
FRRouting#20 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
FRRouting#21 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
FRRouting#22 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 64 byte(s) in 2 object(s) allocated from:
#0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x7fd0a459301f in qmalloc lib/memory.c:100
#2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551
#3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659
FRRouting#4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484
FRRouting#5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
FRRouting#6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
FRRouting#7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
FRRouting#8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
FRRouting#9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
FRRouting#10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
FRRouting#11 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
FRRouting#12 0x7fd0a463322a in event_call lib/event.c:1970
FRRouting#13 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
FRRouting#14 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
FRRouting#15 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 64 byte(s) in 2 object(s) allocated from:
#0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x7fd0a459301f in qmalloc lib/memory.c:100
#2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551
#3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659
FRRouting#4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484
FRRouting#5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
FRRouting#6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
FRRouting#7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
FRRouting#8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
FRRouting#9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
FRRouting#10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
FRRouting#11 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
FRRouting#12 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
FRRouting#13 0x7fd0a455a7aa in hash_walk lib/hash.c:270
FRRouting#14 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
FRRouting#15 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
FRRouting#16 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
FRRouting#17 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
FRRouting#18 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
FRRouting#19 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
FRRouting#20 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
FRRouting#21 0x7fd0a463322a in event_call lib/event.c:1970
FRRouting#22 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
FRRouting#23 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
FRRouting#24 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 48 byte(s) in 2 object(s) allocated from:
#0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
#2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105
#3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
FRRouting#4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
FRRouting#5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
FRRouting#6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
FRRouting#7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
FRRouting#8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
FRRouting#9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
FRRouting#10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
FRRouting#11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
FRRouting#12 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
FRRouting#13 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
FRRouting#14 0x7fd0a455a7aa in hash_walk lib/hash.c:270
FRRouting#15 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
FRRouting#16 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
FRRouting#17 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
FRRouting#18 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
FRRouting#19 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
FRRouting#20 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
FRRouting#21 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
FRRouting#22 0x7fd0a463322a in event_call lib/event.c:1970
FRRouting#23 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
FRRouting#24 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
FRRouting#25 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 48 byte(s) in 2 object(s) allocated from:
#0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
#2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105
#3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
FRRouting#4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
FRRouting#5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
FRRouting#6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
FRRouting#7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
FRRouting#8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
FRRouting#9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
FRRouting#10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
FRRouting#11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
FRRouting#12 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
FRRouting#13 0x7fd0a463322a in event_call lib/event.c:1970
FRRouting#14 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
FRRouting#15 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
FRRouting#16 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 16 byte(s) in 2 object(s) allocated from:
#0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x7fd0a459301f in qmalloc lib/memory.c:100
#2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83
#3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108
FRRouting#4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
FRRouting#5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
FRRouting#6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
FRRouting#7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
FRRouting#8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
FRRouting#9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
FRRouting#10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
FRRouting#11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
FRRouting#12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
FRRouting#13 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
FRRouting#14 0x7fd0a463322a in event_call lib/event.c:1970
FRRouting#15 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
FRRouting#16 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
FRRouting#17 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 16 byte(s) in 2 object(s) allocated from:
#0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x7fd0a459301f in qmalloc lib/memory.c:100
#2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83
#3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108
FRRouting#4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
FRRouting#5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
FRRouting#6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
FRRouting#7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
FRRouting#8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
FRRouting#9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
FRRouting#10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
FRRouting#11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
FRRouting#12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
FRRouting#13 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
FRRouting#14 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
FRRouting#15 0x7fd0a455a7aa in hash_walk lib/hash.c:270
FRRouting#16 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
FRRouting#17 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
FRRouting#18 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
FRRouting#19 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
FRRouting#20 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
FRRouting#21 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
FRRouting#22 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
FRRouting#23 0x7fd0a463322a in event_call lib/event.c:1970
FRRouting#24 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
FRRouting#25 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
FRRouting#26 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
SUMMARY: AddressSanitizer: 416 byte(s) leaked in 16 allocation(s).
***********************************************************************************
Signed-off-by: ryndia <dindyalsarvesh@gmail.com>
louis-6wind
pushed a commit
that referenced
this pull request
Nov 22, 2023
Fix memory leaks by allocating `json_segs` conditionally on `nexthop->nh_srv6->seg6_segs`.
The previous code allocated memory even when not in use or attached to the JSON tree.
The ASan leak log for reference:
```
Direct leak of 3240 byte(s) in 45 object(s) allocated from:
#0 0x7f6e84a35d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f6e83de9e6f in json_object_new_array (/lib/x86_64-linux-gnu/libjson-c.so.3+0x3e6f)
#2 0x564dcab5c1a6 in vty_show_ip_route zebra/zebra_vty.c:705
#3 0x564dcab5cc71 in do_show_route_helper zebra/zebra_vty.c:955
FRRouting#4 0x564dcab5d418 in do_show_ip_route zebra/zebra_vty.c:1039
FRRouting#5 0x564dcab63ee5 in show_route_magic zebra/zebra_vty.c:1878
FRRouting#6 0x564dcab63ee5 in show_route zebra/zebra_vty_clippy.c:659
FRRouting#7 0x7f6e843b6fb1 in cmd_execute_command_real lib/command.c:978
FRRouting#8 0x7f6e843b7475 in cmd_execute_command lib/command.c:1036
FRRouting#9 0x7f6e843b78f4 in cmd_execute lib/command.c:1203
FRRouting#10 0x7f6e844dfe3b in vty_command lib/vty.c:594
FRRouting#11 0x7f6e844e02e6 in vty_execute lib/vty.c:1357
FRRouting#12 0x7f6e844e8bb7 in vtysh_read lib/vty.c:2365
FRRouting#13 0x7f6e844d3b7a in event_call lib/event.c:1965
FRRouting#14 0x7f6e844172b0 in frr_run lib/libfrr.c:1214
FRRouting#15 0x564dcaa50e81 in main zebra/main.c:488
FRRouting#16 0x7f6e837f7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 11520 byte(s) in 45 object(s) allocated from:
#0 0x7f6e84a35d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f6e83de88c0 in array_list_new (/lib/x86_64-linux-gnu/libjson-c.so.3+0x28c0)
Indirect leak of 1080 byte(s) in 45 object(s) allocated from:
#0 0x7f6e84a35d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f6e83de8897 in array_list_new (/lib/x86_64-linux-gnu/libjson-c.so.3+0x2897)
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
Signed-off-by: ryndia <dindyalsarvesh@gmail.com>
louis-6wind
pushed a commit
that referenced
this pull request
Nov 22, 2023
Implement a callback function for memory cleanup of sharp_nh_tracker.
Specifically, set `sharp_nh_tracker_free` as the deletion function for the `sg.nhs` list.
This ensures proper cleanup of resources when elements are removed.
The ASan leak log for reference:
```
***********************************************************************************
Address Sanitizer Error detected in zebra_nht_resolution.test_verify_nh_resolution/r1.asan.sharpd.32320
=================================================================
==32320==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x7f4ee812ad28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f4ee7b291cc in qcalloc lib/memory.c:105
#2 0x5582be672011 in sharp_nh_tracker_get sharpd/sharp_nht.c:36
#3 0x5582be680b42 in watch_nexthop_v4_magic sharpd/sharp_vty.c:139
FRRouting#4 0x5582be680b42 in watch_nexthop_v4 sharpd/sharp_vty_clippy.c:192
FRRouting#5 0x7f4ee7aac0b1 in cmd_execute_command_real lib/command.c:978
FRRouting#6 0x7f4ee7aac575 in cmd_execute_command lib/command.c:1036
FRRouting#7 0x7f4ee7aac9f4 in cmd_execute lib/command.c:1203
FRRouting#8 0x7f4ee7bd50bb in vty_command lib/vty.c:594
FRRouting#9 0x7f4ee7bd5566 in vty_execute lib/vty.c:1357
FRRouting#10 0x7f4ee7bdde37 in vtysh_read lib/vty.c:2365
FRRouting#11 0x7f4ee7bc8dfa in event_call lib/event.c:1965
FRRouting#12 0x7f4ee7b0c3bf in frr_run lib/libfrr.c:1214
FRRouting#13 0x5582be671252 in main sharpd/sharp_main.c:188
FRRouting#14 0x7f4ee6f1bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
SUMMARY: AddressSanitizer: 64 byte(s) leaked in 1 allocation(s).
***********************************************************************************
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
louis-6wind
pushed a commit
that referenced
this pull request
Nov 22, 2023
Release memory allocated for the IPv4 address during the interface reset.
The addition of `free(babel_ifp->ipv4)` ensures proper cleanup, preventing
potential memory leaks.
The ASan leak log for reference:
```
***********************************************************************************
Address Sanitizer Error detected in babel_topo1.test_babel_topo1/r2.asan.babeld.18864
=================================================================
==18864==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 8 byte(s) in 2 object(s) allocated from:
#0 0x7f3f4531bb40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x55c1806cb28d in babel_interface_address_add babeld/babel_interface.c:112
#2 0x7f3f44de9e29 in zclient_read lib/zclient.c:4425
#3 0x7f3f44db9dfa in event_call lib/event.c:1965
FRRouting#4 0x7f3f44cfd3bf in frr_run lib/libfrr.c:1214
FRRouting#5 0x55c1806cc81b in main babeld/babel_main.c:202
FRRouting#6 0x7f3f4451fc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
SUMMARY: AddressSanitizer: 8 byte(s) leaked in 2 allocation(s).
***********************************************************************************
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
louis-6wind
pushed a commit
that referenced
this pull request
Nov 22, 2023
Ensure proper memory cleanup by freeing the `babel_ifp->ipv4` when
babel interface is deleted. This prevents memory leaks.
The ASan leak log for reference:
```
***********************************************************************************
Address Sanitizer Error detected in all_protocol_startup.test_all_protocol_startup/r1.asan.babeld.4141
=================================================================
==4141==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 40 byte(s) in 10 object(s) allocated from:
#0 0x7f1cde6a9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x562b8eff328d in babel_interface_address_add babeld/babel_interface.c:112
#2 0x7f1cde1772cb in zclient_read lib/zclient.c:4425
#3 0x7f1cde14729c in event_call lib/event.c:1980
FRRouting#4 0x7f1cde08a3bf in frr_run lib/libfrr.c:1214
FRRouting#5 0x562b8eff481b in main babeld/babel_main.c:202
FRRouting#6 0x7f1cdd8acc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
SUMMARY: AddressSanitizer: 40 byte(s) leaked in 10 allocation(s).
***********************************************************************************
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
louis-6wind
added a commit
that referenced
this pull request
Nov 22, 2023
Fix a crash because a use-after-free. > ================================================================= > ==1249835==ERROR: AddressSanitizer: heap-use-after-free on address 0x604000074210 at pc 0x7fa1b42a652c bp 0x7ffc477a2aa0 sp 0x7ffc477a2a98 > READ of size 8 at 0x604000074210 thread T0 > #0 0x7fa1b42a652b in list_delete_all_node git/frr/lib/linklist.c:299:20 > #1 0x7fa1b42a683f in list_delete git/frr/lib/linklist.c:312:2 > #2 0x5ee515 in dplane_ctx_free_internal git/frr/zebra/zebra_dplane.c:858:4 > #3 0x5ee59c in dplane_ctx_free git/frr/zebra/zebra_dplane.c:884:2 > FRRouting#4 0x5ee544 in dplane_ctx_fini git/frr/zebra/zebra_dplane.c:905:2 > FRRouting#5 0x7045c0 in rib_process_dplane_results git/frr/zebra/zebra_rib.c:4928:4 > FRRouting#6 0x7fa1b4434fb2 in event_call git/frr/lib/event.c:1970:2 > FRRouting#7 0x7fa1b42a0ccf in frr_run git/frr/lib/libfrr.c:1213:3 > FRRouting#8 0x556808 in main git/frr/zebra/main.c:488:2 > FRRouting#9 0x7fa1b3d0bd09 in __libc_start_main csu/../csu/libc-start.c:308:16 > FRRouting#10 0x4453e9 in _start (/usr/lib/frr/zebra+0x4453e9) > > 0x604000074210 is located 0 bytes inside of 40-byte region [0x604000074210,0x604000074238) > freed by thread T0 here: > #0 0x4bf1dd in free (/usr/lib/frr/zebra+0x4bf1dd) > #1 0x7fa1b42df0c0 in qfree git/frr/lib/memory.c:130:2 > #2 0x7fa1b42a68ce in list_free_internal git/frr/lib/linklist.c:24:2 > #3 0x7fa1b42a6870 in list_delete git/frr/lib/linklist.c:313:2 > FRRouting#4 0x5ee515 in dplane_ctx_free_internal git/frr/zebra/zebra_dplane.c:858:4 > FRRouting#5 0x5ee59c in dplane_ctx_free git/frr/zebra/zebra_dplane.c:884:2 > FRRouting#6 0x5ee544 in dplane_ctx_fini git/frr/zebra/zebra_dplane.c:905:2 > FRRouting#7 0x7045c0 in rib_process_dplane_results git/frr/zebra/zebra_rib.c:4928:4 > FRRouting#8 0x7fa1b4434fb2 in event_call git/frr/lib/event.c:1970:2 > FRRouting#9 0x7fa1b42a0ccf in frr_run git/frr/lib/libfrr.c:1213:3 > FRRouting#10 0x556808 in main git/frr/zebra/main.c:488:2 > FRRouting#11 0x7fa1b3d0bd09 in __libc_start_main csu/../csu/libc-start.c:308:16 > > previously allocated by thread T0 here: > #0 0x4bf5d2 in calloc (/usr/lib/frr/zebra+0x4bf5d2) > #1 0x7fa1b42dee18 in qcalloc git/frr/lib/memory.c:105:27 > #2 0x7fa1b42a3784 in list_new git/frr/lib/linklist.c:18:9 > #3 0x6d165f in pbr_iptable_alloc_intern git/frr/zebra/zebra_pbr.c:1015:29 > FRRouting#4 0x7fa1b426ad1f in hash_get git/frr/lib/hash.c:147:13 > FRRouting#5 0x6d15f2 in zebra_pbr_add_iptable git/frr/zebra/zebra_pbr.c:1030:13 > FRRouting#6 0x5db2a3 in zread_iptable git/frr/zebra/zapi_msg.c:3759:3 > FRRouting#7 0x5e365d in zserv_handle_commands git/frr/zebra/zapi_msg.c:4039:3 > FRRouting#8 0x7e09fc in zserv_process_messages git/frr/zebra/zserv.c:520:3 > FRRouting#9 0x7fa1b4434fb2 in event_call git/frr/lib/event.c:1970:2 > FRRouting#10 0x7fa1b42a0ccf in frr_run git/frr/lib/libfrr.c:1213:3 > FRRouting#11 0x556808 in main git/frr/zebra/main.c:488:2 > FRRouting#12 0x7fa1b3d0bd09 in __libc_start_main csu/../csu/libc-start.c:308:16 Fixes: 1cc3806 ("zebra: Actually free all memory associated ctx->u.iptable.interface_name_list") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
louis-6wind
added a commit
that referenced
this pull request
Nov 28, 2023
Fix bgp_best_selection heap-use-after-free > ==2521540==ERROR: AddressSanitizer: heap-use-after-free on address 0x60d000032810 at pc 0x000000716f45 bp 0x7ffedc6229d0 sp 0x7ffedc6229c8 > READ of size 8 at 0x60d000032810 thread T0 > #0 0x716f44 in bgp_best_selection /home/lscalber/git/frr/bgpd/bgp_route.c:2834:5 > #1 0x71a05e in bgp_process_main_one /home/lscalber/git/frr/bgpd/bgp_route.c:3344:2 > #2 0x71c265 in bgp_process_wq /home/lscalber/git/frr/bgpd/bgp_route.c:3622:3 > #3 0x7fe630a6669c in work_queue_run /home/lscalber/git/frr/lib/workqueue.c:282:10 > FRRouting#4 0x7fe630a294e2 in event_call /home/lscalber/git/frr/lib/event.c:1974:2 > FRRouting#5 0x7fe630898f3f in frr_run /home/lscalber/git/frr/lib/libfrr.c:1214:3 > FRRouting#6 0x4f4ace in main /home/lscalber/git/frr/bgpd/bgp_main.c:510:2 > FRRouting#7 0x7fe63018bd09 in __libc_start_main csu/../csu/libc-start.c:308:16 > FRRouting#8 0x449629 in _start (/usr/lib/frr/bgpd+0x449629) > > 0x60d000032810 is located 48 bytes inside of 144-byte region [0x60d0000327e0,0x60d000032870) > freed by thread T0 here: > #0 0x4c341d in free (/usr/lib/frr/bgpd+0x4c341d) > #1 0x7fe6308d7420 in qfree /home/lscalber/git/frr/lib/memory.c:130:2 > #2 0x702632 in bgp_path_info_free_with_caller /home/lscalber/git/frr/bgpd/bgp_route.c:300:2 > #3 0x702023 in bgp_path_info_unlock /home/lscalber/git/frr/bgpd/bgp_route.c:315:3 > FRRouting#4 0x703bc6 in bgp_path_info_reap /home/lscalber/git/frr/bgpd/bgp_route.c:461:2 > FRRouting#5 0x716e5d in bgp_best_selection /home/lscalber/git/frr/bgpd/bgp_route.c:2829:12 > FRRouting#6 0x71a05e in bgp_process_main_one /home/lscalber/git/frr/bgpd/bgp_route.c:3344:2 > FRRouting#7 0x71c265 in bgp_process_wq /home/lscalber/git/frr/bgpd/bgp_route.c:3622:3 > FRRouting#8 0x7fe630a6669c in work_queue_run /home/lscalber/git/frr/lib/workqueue.c:282:10 > FRRouting#9 0x7fe630a294e2 in event_call /home/lscalber/git/frr/lib/event.c:1974:2 > FRRouting#10 0x7fe630898f3f in frr_run /home/lscalber/git/frr/lib/libfrr.c:1214:3 > FRRouting#11 0x4f4ace in main /home/lscalber/git/frr/bgpd/bgp_main.c:510:2 > FRRouting#12 0x7fe63018bd09 in __libc_start_main csu/../csu/libc-start.c:308:16 > > previously allocated by thread T0 here: > #0 0x4c3812 in calloc (/usr/lib/frr/bgpd+0x4c3812) > #1 0x7fe6308d7178 in qcalloc /home/lscalber/git/frr/lib/memory.c:105:27 > #2 0x71f5b4 in info_make /home/lscalber/git/frr/bgpd/bgp_route.c:3985:8 > #3 0x725293 in bgp_update /home/lscalber/git/frr/bgpd/bgp_route.c:4881:8 > FRRouting#4 0x73083d in bgp_nlri_parse_ip /home/lscalber/git/frr/bgpd/bgp_route.c:6230:4 > FRRouting#5 0x6ba980 in bgp_nlri_parse /home/lscalber/git/frr/bgpd/bgp_packet.c:341:10 > FRRouting#6 0x6cca2a in bgp_update_receive /home/lscalber/git/frr/bgpd/bgp_packet.c:2412:15 > FRRouting#7 0x6c6788 in bgp_process_packet /home/lscalber/git/frr/bgpd/bgp_packet.c:3887:11 > FRRouting#8 0x7fe630a294e2 in event_call /home/lscalber/git/frr/lib/event.c:1974:2 > FRRouting#9 0x7fe630898f3f in frr_run /home/lscalber/git/frr/lib/libfrr.c:1214:3 > FRRouting#10 0x4f4ace in main /home/lscalber/git/frr/bgpd/bgp_main.c:510:2 > FRRouting#11 0x7fe63018bd09 in __libc_start_main csu/../csu/libc-start.c:308:16 Fixes: ddb5b48 ("bgpd: vpn-vrf route leaking") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
louis-6wind
pushed a commit
that referenced
this pull request
Dec 4, 2023
Release memory associated with `bgp->confed_peers` in the `bgp_free`
function to ensure proper cleanup. This fix prevents memory leaks related
to `confed_peers`.
The ASan leak log for reference:
```
***********************************************************************************
Address Sanitizer Error detected in bgp_confederation_astype.test_bgp_confederation_astype/r2.asan.bgpd.15045
=================================================================
==15045==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 16 byte(s) in 1 object(s) allocated from:
#0 0x7f5666787b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x7f56661867c7 in qrealloc lib/memory.c:112
#2 0x55a3b4736a40 in bgp_confederation_peers_add bgpd/bgpd.c:681
#3 0x55a3b46b3363 in bgp_confederation_peers bgpd/bgp_vty.c:2068
FRRouting#4 0x7f5666109021 in cmd_execute_command_real lib/command.c:978
FRRouting#5 0x7f5666109a52 in cmd_execute_command_strict lib/command.c:1087
FRRouting#6 0x7f5666109ab1 in command_config_read_one_line lib/command.c:1247
FRRouting#7 0x7f5666109d98 in config_from_file lib/command.c:1300
FRRouting#8 0x7f566623c6d0 in vty_read_file lib/vty.c:2614
FRRouting#9 0x7f566623c7fa in vty_read_config lib/vty.c:2860
FRRouting#10 0x7f56661682e4 in frr_config_read_in lib/libfrr.c:978
FRRouting#11 0x7f5666226034 in event_call lib/event.c:1974
FRRouting#12 0x7f566616942b in frr_run lib/libfrr.c:1214
FRRouting#13 0x55a3b44f319d in main bgpd/bgp_main.c:510
FRRouting#14 0x7f56651acc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 6 byte(s) in 1 object(s) allocated from:
#0 0x7f5666720538 in strdup (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x77538)
#1 0x7f5666186898 in qstrdup lib/memory.c:117
#2 0x55a3b4736adb in bgp_confederation_peers_add bgpd/bgpd.c:687
#3 0x55a3b46b3363 in bgp_confederation_peers bgpd/bgp_vty.c:2068
FRRouting#4 0x7f5666109021 in cmd_execute_command_real lib/command.c:978
FRRouting#5 0x7f5666109a52 in cmd_execute_command_strict lib/command.c:1087
FRRouting#6 0x7f5666109ab1 in command_config_read_one_line lib/command.c:1247
FRRouting#7 0x7f5666109d98 in config_from_file lib/command.c:1300
FRRouting#8 0x7f566623c6d0 in vty_read_file lib/vty.c:2614
FRRouting#9 0x7f566623c7fa in vty_read_config lib/vty.c:2860
FRRouting#10 0x7f56661682e4 in frr_config_read_in lib/libfrr.c:978
FRRouting#11 0x7f5666226034 in event_call lib/event.c:1974
FRRouting#12 0x7f566616942b in frr_run lib/libfrr.c:1214
FRRouting#13 0x55a3b44f319d in main bgpd/bgp_main.c:510
FRRouting#14 0x7f56651acc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
***********************************************************************************
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
louis-6wind
pushed a commit
that referenced
this pull request
Dec 4, 2023
Configure hash table cleanup with specific free functions for `zrouter.filter_hash`, `zrouter.qdisc_hash`, and `zrouter.class_hash`.
This ensures proper memory cleanup, addressing memory leaks.
The ASan leak log for reference:
```
***********************************************************************************
Address Sanitizer Error detected in tc_basic.test_tc_basic/r1.asan.zebra.15495
=================================================================
==15495==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 176 byte(s) in 1 object(s) allocated from:
#0 0x7fd5660ffd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7fd565afe238 in qcalloc lib/memory.c:105
#2 0x5564521c6c9e in tc_filter_alloc_intern zebra/zebra_tc.c:389
#3 0x7fd565ac49e8 in hash_get lib/hash.c:147
FRRouting#4 0x5564521c7c74 in zebra_tc_filter_add zebra/zebra_tc.c:409
FRRouting#5 0x55645210755a in zread_tc_filter zebra/zapi_msg.c:3428
FRRouting#6 0x5564521127c1 in zserv_handle_commands zebra/zapi_msg.c:4004
FRRouting#7 0x5564522208b2 in zserv_process_messages zebra/zserv.c:520
FRRouting#8 0x7fd565b9e034 in event_call lib/event.c:1974
FRRouting#9 0x7fd565ae142b in frr_run lib/libfrr.c:1214
FRRouting#10 0x5564520c14b1 in main zebra/main.c:492
FRRouting#11 0x7fd564ec2c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 40 byte(s) in 1 object(s) allocated from:
#0 0x7fd5660ffd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7fd565afe238 in qcalloc lib/memory.c:105
#2 0x5564521c6c6e in tc_class_alloc_intern zebra/zebra_tc.c:239
#3 0x7fd565ac49e8 in hash_get lib/hash.c:147
FRRouting#4 0x5564521c784f in zebra_tc_class_add zebra/zebra_tc.c:293
FRRouting#5 0x556452107ce5 in zread_tc_class zebra/zapi_msg.c:3315
FRRouting#6 0x5564521127c1 in zserv_handle_commands zebra/zapi_msg.c:4004
FRRouting#7 0x5564522208b2 in zserv_process_messages zebra/zserv.c:520
FRRouting#8 0x7fd565b9e034 in event_call lib/event.c:1974
FRRouting#9 0x7fd565ae142b in frr_run lib/libfrr.c:1214
FRRouting#10 0x5564520c14b1 in main zebra/main.c:492
FRRouting#11 0x7fd564ec2c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 12 byte(s) in 1 object(s) allocated from:
#0 0x7fd5660ffd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7fd565afe238 in qcalloc lib/memory.c:105
#2 0x5564521c6c3e in tc_qdisc_alloc_intern zebra/zebra_tc.c:128
#3 0x7fd565ac49e8 in hash_get lib/hash.c:147
FRRouting#4 0x5564521c753b in zebra_tc_qdisc_install zebra/zebra_tc.c:184
FRRouting#5 0x556452108203 in zread_tc_qdisc zebra/zapi_msg.c:3286
FRRouting#6 0x5564521127c1 in zserv_handle_commands zebra/zapi_msg.c:4004
FRRouting#7 0x5564522208b2 in zserv_process_messages zebra/zserv.c:520
FRRouting#8 0x7fd565b9e034 in event_call lib/event.c:1974
FRRouting#9 0x7fd565ae142b in frr_run lib/libfrr.c:1214
FRRouting#10 0x5564520c14b1 in main zebra/main.c:492
FRRouting#11 0x7fd564ec2c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
SUMMARY: AddressSanitizer: 228 byte(s) leaked in 3 allocation(s).
***********************************************************************************
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
louis-6wind
pushed a commit
that referenced
this pull request
Dec 4, 2023
Implement proper memory cleanup for SRv6 functions and locator chunks to prevent potential memory leaks.
The list callback deletion functions have been set.
The ASan leak log for reference:
```
***********************************************************************************
Address Sanitizer Error detected in bgp_srv6l3vpn_to_bgp_vrf.test_bgp_srv6l3vpn_to_bgp_vrf/r2.asan.bgpd.4180
=================================================================
==4180==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 544 byte(s) in 2 object(s) allocated from:
#0 0x7f8d176a0d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f8d1709f238 in qcalloc lib/memory.c:105
#2 0x55d5dba6ee75 in sid_register bgpd/bgp_mplsvpn.c:591
#3 0x55d5dba6ee75 in alloc_new_sid bgpd/bgp_mplsvpn.c:712
FRRouting#4 0x55d5dba6f3ce in ensure_vrf_tovpn_sid_per_af bgpd/bgp_mplsvpn.c:758
FRRouting#5 0x55d5dba6fb94 in ensure_vrf_tovpn_sid bgpd/bgp_mplsvpn.c:849
FRRouting#6 0x55d5dba7f975 in vpn_leak_postchange bgpd/bgp_mplsvpn.h:299
FRRouting#7 0x55d5dba7f975 in vpn_leak_postchange_all bgpd/bgp_mplsvpn.c:3704
FRRouting#8 0x55d5dbbb6c66 in bgp_zebra_process_srv6_locator_chunk bgpd/bgp_zebra.c:3164
FRRouting#9 0x7f8d1716f08a in zclient_read lib/zclient.c:4459
FRRouting#10 0x7f8d1713f034 in event_call lib/event.c:1974
FRRouting#11 0x7f8d1708242b in frr_run lib/libfrr.c:1214
FRRouting#12 0x55d5db99d19d in main bgpd/bgp_main.c:510
FRRouting#13 0x7f8d160c5c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 296 byte(s) in 1 object(s) allocated from:
#0 0x7f8d176a0d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f8d1709f238 in qcalloc lib/memory.c:105
#2 0x7f8d170b1d5f in srv6_locator_chunk_alloc lib/srv6.c:135
#3 0x55d5dbbb6a19 in bgp_zebra_process_srv6_locator_chunk bgpd/bgp_zebra.c:3144
FRRouting#4 0x7f8d1716f08a in zclient_read lib/zclient.c:4459
FRRouting#5 0x7f8d1713f034 in event_call lib/event.c:1974
FRRouting#6 0x7f8d1708242b in frr_run lib/libfrr.c:1214
FRRouting#7 0x55d5db99d19d in main bgpd/bgp_main.c:510
FRRouting#8 0x7f8d160c5c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
***********************************************************************************
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
louis-6wind
pushed a commit
that referenced
this pull request
Dec 21, 2023
1. Fix ospf opaque LSA function table memory leak.
2. Remove incorrect one-to-one association of OSPF info-per-type
to function table (since there many be many).
3. Fix a problem with opaque AS external cleanup that was exposed
by #2.
4. Fix LSA memory leak in ospf_opaque_type9_lsa_if_cleanup().
Signed-off-by: Acee <aceelindem@gmail.com>
louis-6wind
added a commit
that referenced
this pull request
Dec 21, 2023
Fix a crash when re-adding a rpki server: > r2# sh run bgpd > [...] > rpki > rpki retry_interval 5 > rpki cache 192.0.2.1 15432 preference 1 > exit > [...] > r2# conf t > r2(config)# rpki > r2(config-rpki)# no rpki cache 192.0.2.1 15432 preference 1 > r2(config-rpki)# do show rpki cache-connection > Cannot find a connected group. > r2(config-rpki)# rpki cache 192.0.2.1 15432 preference 1 > r2(config-rpki)# do show rpki cache-connection > vtysh: error reading from bgpd: Resource temporarily unavailable (11)Warning: closing connection to bgpd because of an I/O error! > #0 raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50 > #1 0x00007f3fd2d16e57 in core_handler (signo=11, siginfo=0x7ffffd5931b0, context=0x7ffffd593080) at lib/sigevent.c:246 > #2 <signal handler called> > #3 0x00007f3fd26926b4 in tommy_list_head (list=0x2e322e302e323931) at /home/lscalber/git/rtrlib/./third-party/tommyds/tommylist.h:125 > FRRouting#4 0x00007f3fd2693812 in rtr_mgr_get_first_group (config=0x55fbf31d7f00) at /home/lscalber/git/rtrlib/rtrlib/rtr_mgr.c:409 > FRRouting#5 0x00007f3fd2ebef59 in get_connected_group () at bgpd/bgp_rpki.c:718 > FRRouting#6 0x00007f3fd2ec0b39 in show_rpki_cache_connection_magic (self=0x7f3fd2ec69c0 <show_rpki_cache_connection_cmd>, vty=0x55fbf31f9ef0, argc=3, argv=0x55fbf31f99d0, uj=0x0) > # at bgpd/bgp_rpki.c:1575 > FRRouting#7 0x00007f3fd2ebd4da in show_rpki_cache_connection (self=0x7f3fd2ec69c0 <show_rpki_cache_connection_cmd>, vty=0x55fbf31f9ef0, argc=3, argv=0x55fbf31f99d0) at ./bgpd/bgp_rpki_clippy.c:648 > FRRouting#8 0x00007f3fd2c8a142 in cmd_execute_command_real (vline=0x55fbf31f9990, vty=0x55fbf31f9ef0, cmd=0x0, up_level=0) at lib/command.c:978 > FRRouting#9 0x00007f3fd2c8a25c in cmd_execute_command (vline=0x55fbf31e5260, vty=0x55fbf31f9ef0, cmd=0x0, vtysh=0) at lib/command.c:1028 > FRRouting#10 0x00007f3fd2c8a7f1 in cmd_execute (vty=0x55fbf31f9ef0, cmd=0x55fbf3200680 "do show rpki cache-connection ", matched=0x0, vtysh=0) at lib/command.c:1203 > FRRouting#11 0x00007f3fd2d36548 in vty_command (vty=0x55fbf31f9ef0, buf=0x55fbf3200680 "do show rpki cache-connection ") at lib/vty.c:594 > FRRouting#12 0x00007f3fd2d382e1 in vty_execute (vty=0x55fbf31f9ef0) at lib/vty.c:1357 > FRRouting#13 0x00007f3fd2d3a519 in vtysh_read (thread=0x7ffffd5963c0) at lib/vty.c:2365 > FRRouting#14 0x00007f3fd2d2faf6 in event_call (thread=0x7ffffd5963c0) at lib/event.c:1974 > FRRouting#15 0x00007f3fd2cc238e in frr_run (master=0x55fbf2a0cd60) at lib/libfrr.c:1214 > FRRouting#16 0x000055fbf073de40 in main (argc=9, argv=0x7ffffd596618) at bgpd/bgp_main.c:510 Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
louis-6wind
added a commit
that referenced
this pull request
Dec 21, 2023
Fix a crash when re-adding a rpki server: > r2# sh run bgpd > [...] > rpki > rpki retry_interval 5 > rpki cache 192.0.2.1 15432 preference 1 > exit > [...] > r2# conf t > r2(config)# rpki > r2(config-rpki)# no rpki cache 192.0.2.1 15432 preference 1 > r2(config-rpki)# do show rpki cache-connection > Cannot find a connected group. > r2(config-rpki)# rpki cache 192.0.2.1 15432 preference 1 > r2(config-rpki)# do show rpki cache-connection > vtysh: error reading from bgpd: Resource temporarily unavailable (11)Warning: closing connection to bgpd because of an I/O error! > #0 raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50 > #1 0x00007f3fd2d16e57 in core_handler (signo=11, siginfo=0x7ffffd5931b0, context=0x7ffffd593080) at lib/sigevent.c:246 > #2 <signal handler called> > #3 0x00007f3fd26926b4 in tommy_list_head (list=0x2e322e302e323931) at /home/lscalber/git/rtrlib/./third-party/tommyds/tommylist.h:125 > FRRouting#4 0x00007f3fd2693812 in rtr_mgr_get_first_group (config=0x55fbf31d7f00) at /home/lscalber/git/rtrlib/rtrlib/rtr_mgr.c:409 > FRRouting#5 0x00007f3fd2ebef59 in get_connected_group () at bgpd/bgp_rpki.c:718 > FRRouting#6 0x00007f3fd2ec0b39 in show_rpki_cache_connection_magic (self=0x7f3fd2ec69c0 <show_rpki_cache_connection_cmd>, vty=0x55fbf31f9ef0, argc=3, argv=0x55fbf31f99d0, uj=0x0) > # at bgpd/bgp_rpki.c:1575 > FRRouting#7 0x00007f3fd2ebd4da in show_rpki_cache_connection (self=0x7f3fd2ec69c0 <show_rpki_cache_connection_cmd>, vty=0x55fbf31f9ef0, argc=3, argv=0x55fbf31f99d0) at ./bgpd/bgp_rpki_clippy.c:648 > FRRouting#8 0x00007f3fd2c8a142 in cmd_execute_command_real (vline=0x55fbf31f9990, vty=0x55fbf31f9ef0, cmd=0x0, up_level=0) at lib/command.c:978 > FRRouting#9 0x00007f3fd2c8a25c in cmd_execute_command (vline=0x55fbf31e5260, vty=0x55fbf31f9ef0, cmd=0x0, vtysh=0) at lib/command.c:1028 > FRRouting#10 0x00007f3fd2c8a7f1 in cmd_execute (vty=0x55fbf31f9ef0, cmd=0x55fbf3200680 "do show rpki cache-connection ", matched=0x0, vtysh=0) at lib/command.c:1203 > FRRouting#11 0x00007f3fd2d36548 in vty_command (vty=0x55fbf31f9ef0, buf=0x55fbf3200680 "do show rpki cache-connection ") at lib/vty.c:594 > FRRouting#12 0x00007f3fd2d382e1 in vty_execute (vty=0x55fbf31f9ef0) at lib/vty.c:1357 > FRRouting#13 0x00007f3fd2d3a519 in vtysh_read (thread=0x7ffffd5963c0) at lib/vty.c:2365 > FRRouting#14 0x00007f3fd2d2faf6 in event_call (thread=0x7ffffd5963c0) at lib/event.c:1974 > FRRouting#15 0x00007f3fd2cc238e in frr_run (master=0x55fbf2a0cd60) at lib/libfrr.c:1214 > FRRouting#16 0x000055fbf073de40 in main (argc=9, argv=0x7ffffd596618) at bgpd/bgp_main.c:510 Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.