lib: fix crash when tab-completing `do ...` commands #22

qlyoung · 2016-12-19T10:34:29Z

Fixes #17

Signed-off-by: Quentin Young qlyoung@cumulusnetworks.com

Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>

rwestphal

Tested the patch here and the problem was fixed. Thanks Quentin.

…ase-new-cli New PCEP CLI changes for 20.3 release

Temporal fix Thread 2.1 "bgpd" received signal SIGSEGV, Segmentation fault. 0x00007ffff7b14180 in route_top (table=0x0) at lib/table.c:401 401 if (table->top == NULL) (gdb) bt \#0 0x00007ffff7b14180 in route_top (table=0x0) at lib/table.c:401 \#1 0x0000555555657286 in bgp_table_top (table=0x55555629c440) at ./bgpd/bgp_table.h:203 \#2 0x0000555555666dd0 in bgp_soft_reconfig_table_flag (srta=0x55555bc68fd0, flag=false) at bgpd/bgp_route.c:4669 \#3 0x0000555555666f5e in bgp_soft_reconfig_table_thread_cancel (nsrta=0x0, bgp=0x5555562767a0) at bgpd/bgp_route.c:4698 \FRRouting#4 0x00005555556e9463 in bgp_delete (bgp=0x5555562767a0) at bgpd/bgpd.c:3482 \FRRouting#5 0x00005555556f9ae5 in bgp_router_destroy (args=0x7fffffff6b90) at bgpd/bgp_nb_config.c:176 \FRRouting#6 0x00007ffff7ad985d in nb_callback_destroy (context=0x7fffffff7180, nb_node=0x555555c0c580, event=NB_EV_APPLY, dnode=0x5555563cdbf0, errmsg=0x7fffffff7190 "", errmsg_len=8192) at lib/northbound.c:970 \FRRouting#7 0x00007ffff7ada17a in nb_callback_configuration (context=0x7fffffff7180, event=NB_EV_APPLY, change=0x55555d5aa560, errmsg=0x7fffffff7190 "", errmsg_len=8192) at lib/northbound.c:1195 \FRRouting#8 0x00007ffff7ada564 in nb_transaction_process (event=NB_EV_APPLY, transaction=0x55556a6ed510, errmsg=0x7fffffff7190 "", errmsg_len=8192) at lib/northbound.c:1312 \FRRouting#9 0x00007ffff7ad900b in nb_candidate_commit_apply (transaction=0x55556a6ed510, save_transaction=true, transaction_id=0x0, errmsg=0x7fffffff7190 "", errmsg_len=8192) at lib/northbound.c:745 \FRRouting#10 0x00007ffff7ad912e in nb_candidate_commit (context=0x7fffffff7180, candidate=0x555555bddd00, save_transaction=true, comment=0x0, transaction_id=0x0, errmsg=0x7fffffff7190 "", errmsg_len=8192) at lib/northbound.c:777 \FRRouting#11 0x00007ffff7ae0249 in nb_cli_classic_commit (vty=0x555557b62790) at lib/northbound_cli.c:64 \FRRouting#12 0x00007ffff7ae0cce in nb_cli_apply_changes (vty=0x555557b62790, xpath_base_fmt=0x7fffffffb730 "/frr-routing:routing/control-plane-protocols/control-plane-protocol[type='frr-bgp:bgp'][name='bgp'][vrf='default']/frr-bgp:bgp") at lib/northbound_cli.c:281 \FRRouting#13 0x00005555556a01e6 in no_router_bgp (self=0x555555a28140 <no_router_bgp_cmd>, vty=0x555557b62790, argc=3, argv=0x555560be1bd0) at bgpd/bgp_vty.c:1466 \FRRouting#14 0x00007ffff7a90ebc in cmd_execute_command_real (vline=0x55556635c140, filter=FILTER_RELAXED, vty=0x555557b62790, cmd=0x0) at lib/command.c:938 \FRRouting#15 0x00007ffff7a91031 in cmd_execute_command (vline=0x55556635c140, vty=0x555557b62790, cmd=0x0, vtysh=0) at lib/command.c:997 \FRRouting#16 0x00007ffff7a91586 in cmd_execute (vty=0x555557b62790, cmd=0x555557b68f20 "no router bgp", matched=0x0, vtysh=0) at lib/command.c:1162 \FRRouting#17 0x00007ffff7b228f9 in vty_command (vty=0x555557b62790, buf=0x555557b68f20 "no router bgp") at lib/vty.c:517 \FRRouting#18 0x00007ffff7b2465b in vty_execute (vty=0x555557b62790) at lib/vty.c:1282 \FRRouting#19 0x00007ffff7b2656e in vtysh_read (thread=0x7fffffffe2e0) at lib/vty.c:2120 \FRRouting#20 0x00007ffff7b1bd23 in thread_call (thread=0x7fffffffe2e0) at lib/thread.c:1681 \FRRouting#21 0x00007ffff7ac7fc2 in frr_run (master=0x555555a6aab0) at lib/libfrr.c:1110 \FRRouting#22 0x00005555555d88b2 in main (argc=4, argv=0x7fffffffe518) at bgpd/bgp_main.c:523 Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

This commit ensures proper cleanup by deleting the gm_join_list when a PIM interface is deleted. The gm_join_list was previously not being freed, causing a memory leak. The ASan leak log for reference: ``` *********************************************************************************** Address Sanitizer Error detected in multicast_mld_join_topo1.test_multicast_mld_local_join/r1.asan.pim6d.28070 ================================================================= ==28070==ERROR: LeakSanitizer: detected memory leaks Direct leak of 40 byte(s) in 1 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105 FRRouting#2 0x56230372180f in list_new lib/linklist.c:49 FRRouting#3 0x56230361b589 in pim_if_gm_join_add pimd/pim_iface.c:1313 FRRouting#4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 FRRouting#5 0x562303767280 in nb_callback_create lib/northbound.c:1235 FRRouting#6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 FRRouting#7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 FRRouting#8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 FRRouting#9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 FRRouting#10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 FRRouting#11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 FRRouting#12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 FRRouting#13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053 FRRouting#14 0x5623036c6392 in cmd_execute lib/command.c:1221 FRRouting#15 0x5623037e75da in vty_command lib/vty.c:591 FRRouting#16 0x5623037e7a74 in vty_execute lib/vty.c:1354 FRRouting#17 0x5623037f0253 in vtysh_read lib/vty.c:2362 FRRouting#18 0x5623037db4e8 in event_call lib/event.c:1995 FRRouting#19 0x562303720f97 in frr_run lib/libfrr.c:1213 FRRouting#20 0x56230368615d in main pimd/pim6_main.c:184 FRRouting#21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 192 byte(s) in 4 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105 FRRouting#2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288 FRRouting#3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326 FRRouting#4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 FRRouting#5 0x562303767280 in nb_callback_create lib/northbound.c:1235 FRRouting#6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 FRRouting#7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 FRRouting#8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 FRRouting#9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 FRRouting#10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 FRRouting#11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 FRRouting#12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 FRRouting#13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053 FRRouting#14 0x5623036c6392 in cmd_execute lib/command.c:1221 FRRouting#15 0x5623037e75da in vty_command lib/vty.c:591 FRRouting#16 0x5623037e7a74 in vty_execute lib/vty.c:1354 FRRouting#17 0x5623037f0253 in vtysh_read lib/vty.c:2362 FRRouting#18 0x5623037db4e8 in event_call lib/event.c:1995 FRRouting#19 0x562303720f97 in frr_run lib/libfrr.c:1213 FRRouting#20 0x56230368615d in main pimd/pim6_main.c:184 FRRouting#21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 96 byte(s) in 4 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105 FRRouting#2 0x562303721651 in listnode_new lib/linklist.c:71 FRRouting#3 0x56230372182b in listnode_add lib/linklist.c:92 FRRouting#4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295 FRRouting#5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326 FRRouting#6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 FRRouting#7 0x562303767280 in nb_callback_create lib/northbound.c:1235 FRRouting#8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 FRRouting#9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 FRRouting#10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 FRRouting#11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 FRRouting#12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 FRRouting#13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 FRRouting#14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 FRRouting#15 0x5623036c5f1b in cmd_execute_command lib/command.c:1053 FRRouting#16 0x5623036c6392 in cmd_execute lib/command.c:1221 FRRouting#17 0x5623037e75da in vty_command lib/vty.c:591 FRRouting#18 0x5623037e7a74 in vty_execute lib/vty.c:1354 FRRouting#19 0x5623037f0253 in vtysh_read lib/vty.c:2362 FRRouting#20 0x5623037db4e8 in event_call lib/event.c:1995 FRRouting#21 0x562303720f97 in frr_run lib/libfrr.c:1213 FRRouting#22 0x56230368615d in main pimd/pim6_main.c:184 FRRouting#23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 48 byte(s) in 1 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105 FRRouting#2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288 FRRouting#3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326 FRRouting#4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 FRRouting#5 0x562303767280 in nb_callback_create lib/northbound.c:1235 FRRouting#6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 FRRouting#7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 FRRouting#8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 FRRouting#9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 FRRouting#10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 FRRouting#11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 FRRouting#12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 FRRouting#13 0x5623036c5f6f in cmd_execute_command lib/command.c:1072 FRRouting#14 0x5623036c6392 in cmd_execute lib/command.c:1221 FRRouting#15 0x5623037e75da in vty_command lib/vty.c:591 FRRouting#16 0x5623037e7a74 in vty_execute lib/vty.c:1354 FRRouting#17 0x5623037f0253 in vtysh_read lib/vty.c:2362 FRRouting#18 0x5623037db4e8 in event_call lib/event.c:1995 FRRouting#19 0x562303720f97 in frr_run lib/libfrr.c:1213 FRRouting#20 0x56230368615d in main pimd/pim6_main.c:184 FRRouting#21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105 FRRouting#2 0x562303721651 in listnode_new lib/linklist.c:71 FRRouting#3 0x56230372182b in listnode_add lib/linklist.c:92 FRRouting#4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295 FRRouting#5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326 FRRouting#6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 FRRouting#7 0x562303767280 in nb_callback_create lib/northbound.c:1235 FRRouting#8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 FRRouting#9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 FRRouting#10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 FRRouting#11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 FRRouting#12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 FRRouting#13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 FRRouting#14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 FRRouting#15 0x5623036c5f6f in cmd_execute_command lib/command.c:1072 FRRouting#16 0x5623036c6392 in cmd_execute lib/command.c:1221 FRRouting#17 0x5623037e75da in vty_command lib/vty.c:591 FRRouting#18 0x5623037e7a74 in vty_execute lib/vty.c:1354 FRRouting#19 0x5623037f0253 in vtysh_read lib/vty.c:2362 FRRouting#20 0x5623037db4e8 in event_call lib/event.c:1995 FRRouting#21 0x562303720f97 in frr_run lib/libfrr.c:1213 FRRouting#22 0x56230368615d in main pimd/pim6_main.c:184 FRRouting#23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) SUMMARY: AddressSanitizer: 400 byte(s) leaked in 11 allocation(s). *********************************************************************************** ``` Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>

This commit ensures proper cleanup by deleting the gm_join_list when a PIM interface is deleted. The gm_join_list was previously not being freed, causing a memory leak. The ASan leak log for reference: ``` *********************************************************************************** Address Sanitizer Error detected in multicast_mld_join_topo1.test_multicast_mld_local_join/r1.asan.pim6d.28070 ================================================================= ==28070==ERROR: LeakSanitizer: detected memory leaks Direct leak of 40 byte(s) in 1 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x56230373dd6b in qcalloc lib/memory.c:105 #2 0x56230372180f in list_new lib/linklist.c:49 #3 0x56230361b589 in pim_if_gm_join_add pimd/pim_iface.c:1313 #4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 #5 0x562303767280 in nb_callback_create lib/northbound.c:1235 #6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 #7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 #8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 #9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 #10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 #11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 #12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 #13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053 #14 0x5623036c6392 in cmd_execute lib/command.c:1221 #15 0x5623037e75da in vty_command lib/vty.c:591 #16 0x5623037e7a74 in vty_execute lib/vty.c:1354 #17 0x5623037f0253 in vtysh_read lib/vty.c:2362 #18 0x5623037db4e8 in event_call lib/event.c:1995 #19 0x562303720f97 in frr_run lib/libfrr.c:1213 #20 0x56230368615d in main pimd/pim6_main.c:184 #21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 192 byte(s) in 4 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x56230373dd6b in qcalloc lib/memory.c:105 #2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288 #3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326 #4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 #5 0x562303767280 in nb_callback_create lib/northbound.c:1235 #6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 #7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 #8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 #9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 #10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 #11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 #12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 #13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053 #14 0x5623036c6392 in cmd_execute lib/command.c:1221 #15 0x5623037e75da in vty_command lib/vty.c:591 #16 0x5623037e7a74 in vty_execute lib/vty.c:1354 #17 0x5623037f0253 in vtysh_read lib/vty.c:2362 #18 0x5623037db4e8 in event_call lib/event.c:1995 #19 0x562303720f97 in frr_run lib/libfrr.c:1213 #20 0x56230368615d in main pimd/pim6_main.c:184 #21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 96 byte(s) in 4 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x56230373dd6b in qcalloc lib/memory.c:105 #2 0x562303721651 in listnode_new lib/linklist.c:71 #3 0x56230372182b in listnode_add lib/linklist.c:92 #4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295 #5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326 #6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 #7 0x562303767280 in nb_callback_create lib/northbound.c:1235 #8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 #9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 #10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 #11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 #12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 #13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 #14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 #15 0x5623036c5f1b in cmd_execute_command lib/command.c:1053 #16 0x5623036c6392 in cmd_execute lib/command.c:1221 #17 0x5623037e75da in vty_command lib/vty.c:591 #18 0x5623037e7a74 in vty_execute lib/vty.c:1354 #19 0x5623037f0253 in vtysh_read lib/vty.c:2362 #20 0x5623037db4e8 in event_call lib/event.c:1995 #21 0x562303720f97 in frr_run lib/libfrr.c:1213 #22 0x56230368615d in main pimd/pim6_main.c:184 #23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 48 byte(s) in 1 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x56230373dd6b in qcalloc lib/memory.c:105 #2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288 #3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326 #4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 #5 0x562303767280 in nb_callback_create lib/northbound.c:1235 #6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 #7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 #8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 #9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 #10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 #11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 #12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 #13 0x5623036c5f6f in cmd_execute_command lib/command.c:1072 #14 0x5623036c6392 in cmd_execute lib/command.c:1221 #15 0x5623037e75da in vty_command lib/vty.c:591 #16 0x5623037e7a74 in vty_execute lib/vty.c:1354 #17 0x5623037f0253 in vtysh_read lib/vty.c:2362 #18 0x5623037db4e8 in event_call lib/event.c:1995 #19 0x562303720f97 in frr_run lib/libfrr.c:1213 #20 0x56230368615d in main pimd/pim6_main.c:184 #21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x56230373dd6b in qcalloc lib/memory.c:105 #2 0x562303721651 in listnode_new lib/linklist.c:71 #3 0x56230372182b in listnode_add lib/linklist.c:92 #4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295 #5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326 #6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 #7 0x562303767280 in nb_callback_create lib/northbound.c:1235 #8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 #9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 #10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 #11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 #12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 #13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 #14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 #15 0x5623036c5f6f in cmd_execute_command lib/command.c:1072 #16 0x5623036c6392 in cmd_execute lib/command.c:1221 #17 0x5623037e75da in vty_command lib/vty.c:591 #18 0x5623037e7a74 in vty_execute lib/vty.c:1354 #19 0x5623037f0253 in vtysh_read lib/vty.c:2362 #20 0x5623037db4e8 in event_call lib/event.c:1995 #21 0x562303720f97 in frr_run lib/libfrr.c:1213 #22 0x56230368615d in main pimd/pim6_main.c:184 #23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) SUMMARY: AddressSanitizer: 400 byte(s) leaked in 11 allocation(s). *********************************************************************************** ``` Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com> (cherry picked from commit 24379f0)

This commit ensures proper cleanup by deleting the gm_join_list when a PIM interface is deleted. The gm_join_list was previously not being freed, causing a memory leak. The ASan leak log for reference: ``` *********************************************************************************** Address Sanitizer Error detected in multicast_mld_join_topo1.test_multicast_mld_local_join/r1.asan.pim6d.28070 ================================================================= ==28070==ERROR: LeakSanitizer: detected memory leaks Direct leak of 40 byte(s) in 1 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x56230373dd6b in qcalloc lib/memory.c:105 #2 0x56230372180f in list_new lib/linklist.c:49 #3 0x56230361b589 in pim_if_gm_join_add pimd/pim_iface.c:1313 #4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 #5 0x562303767280 in nb_callback_create lib/northbound.c:1235 #6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 #7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 #8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 #9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 #10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 #11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 #12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 #13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053 #14 0x5623036c6392 in cmd_execute lib/command.c:1221 #15 0x5623037e75da in vty_command lib/vty.c:591 #16 0x5623037e7a74 in vty_execute lib/vty.c:1354 #17 0x5623037f0253 in vtysh_read lib/vty.c:2362 #18 0x5623037db4e8 in event_call lib/event.c:1995 #19 0x562303720f97 in frr_run lib/libfrr.c:1213 #20 0x56230368615d in main pimd/pim6_main.c:184 #21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 192 byte(s) in 4 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x56230373dd6b in qcalloc lib/memory.c:105 #2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288 #3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326 #4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 #5 0x562303767280 in nb_callback_create lib/northbound.c:1235 #6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 #7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 #8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 #9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 #10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 #11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 #12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 #13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053 #14 0x5623036c6392 in cmd_execute lib/command.c:1221 #15 0x5623037e75da in vty_command lib/vty.c:591 #16 0x5623037e7a74 in vty_execute lib/vty.c:1354 #17 0x5623037f0253 in vtysh_read lib/vty.c:2362 #18 0x5623037db4e8 in event_call lib/event.c:1995 #19 0x562303720f97 in frr_run lib/libfrr.c:1213 #20 0x56230368615d in main pimd/pim6_main.c:184 #21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 96 byte(s) in 4 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x56230373dd6b in qcalloc lib/memory.c:105 #2 0x562303721651 in listnode_new lib/linklist.c:71 #3 0x56230372182b in listnode_add lib/linklist.c:92 #4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295 #5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326 #6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 #7 0x562303767280 in nb_callback_create lib/northbound.c:1235 #8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 #9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 #10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 #11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 #12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 #13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 #14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 #15 0x5623036c5f1b in cmd_execute_command lib/command.c:1053 #16 0x5623036c6392 in cmd_execute lib/command.c:1221 #17 0x5623037e75da in vty_command lib/vty.c:591 #18 0x5623037e7a74 in vty_execute lib/vty.c:1354 #19 0x5623037f0253 in vtysh_read lib/vty.c:2362 #20 0x5623037db4e8 in event_call lib/event.c:1995 #21 0x562303720f97 in frr_run lib/libfrr.c:1213 #22 0x56230368615d in main pimd/pim6_main.c:184 #23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 48 byte(s) in 1 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x56230373dd6b in qcalloc lib/memory.c:105 #2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288 #3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326 #4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 #5 0x562303767280 in nb_callback_create lib/northbound.c:1235 #6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 #7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 #8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 #9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 #10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 #11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 #12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 #13 0x5623036c5f6f in cmd_execute_command lib/command.c:1072 #14 0x5623036c6392 in cmd_execute lib/command.c:1221 #15 0x5623037e75da in vty_command lib/vty.c:591 #16 0x5623037e7a74 in vty_execute lib/vty.c:1354 #17 0x5623037f0253 in vtysh_read lib/vty.c:2362 #18 0x5623037db4e8 in event_call lib/event.c:1995 #19 0x562303720f97 in frr_run lib/libfrr.c:1213 #20 0x56230368615d in main pimd/pim6_main.c:184 #21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x56230373dd6b in qcalloc lib/memory.c:105 #2 0x562303721651 in listnode_new lib/linklist.c:71 #3 0x56230372182b in listnode_add lib/linklist.c:92 #4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295 #5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326 #6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 #7 0x562303767280 in nb_callback_create lib/northbound.c:1235 #8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 #9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 #10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 #11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 #12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 #13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 #14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 #15 0x5623036c5f6f in cmd_execute_command lib/command.c:1072 #16 0x5623036c6392 in cmd_execute lib/command.c:1221 #17 0x5623037e75da in vty_command lib/vty.c:591 #18 0x5623037e7a74 in vty_execute lib/vty.c:1354 #19 0x5623037f0253 in vtysh_read lib/vty.c:2362 #20 0x5623037db4e8 in event_call lib/event.c:1995 #21 0x562303720f97 in frr_run lib/libfrr.c:1213 #22 0x56230368615d in main pimd/pim6_main.c:184 #23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) SUMMARY: AddressSanitizer: 400 byte(s) leaked in 11 allocation(s). *********************************************************************************** ``` Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com> (cherry picked from commit 24379f0) # Conflicts: # pimd/pim_iface.c

The function aspath_remove_private_asns was using an aspath to perform some operation and didnt free it after usage leading to the leak below. *********************************************************************************** Address Sanitizer Error detected in bgp_remove_private_as_route_map.test_bgp_remove_private_as_route_map/r2.asan.bgpd.27074 ================================================================= ==27074==ERROR: LeakSanitizer: detected memory leaks Direct leak of 80 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105 FRRouting#2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689 FRRouting#3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283 FRRouting#4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 FRRouting#5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 FRRouting#6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 FRRouting#7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 FRRouting#8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 FRRouting#9 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368 FRRouting#10 0x7fd0a463322a in event_call lib/event.c:1970 FRRouting#11 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 FRRouting#12 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 FRRouting#13 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 80 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105 FRRouting#2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689 FRRouting#3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283 FRRouting#4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 FRRouting#5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 FRRouting#6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 FRRouting#7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 FRRouting#8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 FRRouting#9 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685 FRRouting#10 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721 FRRouting#11 0x7fd0a455a7aa in hash_walk lib/hash.c:270 FRRouting#12 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062 FRRouting#13 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071 FRRouting#14 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769 FRRouting#15 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501 FRRouting#16 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683 FRRouting#17 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870 FRRouting#18 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695 FRRouting#19 0x7fd0a463322a in event_call lib/event.c:1970 FRRouting#20 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 FRRouting#21 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 FRRouting#22 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 64 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100 FRRouting#2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551 FRRouting#3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659 FRRouting#4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484 FRRouting#5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289 FRRouting#6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 FRRouting#7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 FRRouting#8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 FRRouting#9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 FRRouting#10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 FRRouting#11 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368 FRRouting#12 0x7fd0a463322a in event_call lib/event.c:1970 FRRouting#13 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 FRRouting#14 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 FRRouting#15 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 64 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100 FRRouting#2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551 FRRouting#3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659 FRRouting#4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484 FRRouting#5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289 FRRouting#6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 FRRouting#7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 FRRouting#8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 FRRouting#9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 FRRouting#10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 FRRouting#11 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685 FRRouting#12 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721 FRRouting#13 0x7fd0a455a7aa in hash_walk lib/hash.c:270 FRRouting#14 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062 FRRouting#15 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071 FRRouting#16 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769 FRRouting#17 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501 FRRouting#18 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683 FRRouting#19 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870 FRRouting#20 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695 FRRouting#21 0x7fd0a463322a in event_call lib/event.c:1970 FRRouting#22 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 FRRouting#23 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 FRRouting#24 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 48 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105 FRRouting#2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105 FRRouting#3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145 FRRouting#4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162 FRRouting#5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483 FRRouting#6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289 FRRouting#7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 FRRouting#8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 FRRouting#9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 FRRouting#10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 FRRouting#11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 FRRouting#12 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685 FRRouting#13 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721 FRRouting#14 0x7fd0a455a7aa in hash_walk lib/hash.c:270 FRRouting#15 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062 FRRouting#16 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071 FRRouting#17 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769 FRRouting#18 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501 FRRouting#19 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683 FRRouting#20 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870 FRRouting#21 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695 FRRouting#22 0x7fd0a463322a in event_call lib/event.c:1970 FRRouting#23 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 FRRouting#24 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 FRRouting#25 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 48 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105 FRRouting#2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105 FRRouting#3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145 FRRouting#4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162 FRRouting#5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483 FRRouting#6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289 FRRouting#7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 FRRouting#8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 FRRouting#9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 FRRouting#10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 FRRouting#11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 FRRouting#12 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368 FRRouting#13 0x7fd0a463322a in event_call lib/event.c:1970 FRRouting#14 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 FRRouting#15 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 FRRouting#16 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 16 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100 FRRouting#2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83 FRRouting#3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108 FRRouting#4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145 FRRouting#5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162 FRRouting#6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483 FRRouting#7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289 FRRouting#8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 FRRouting#9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 FRRouting#10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 FRRouting#11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 FRRouting#12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 FRRouting#13 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368 FRRouting#14 0x7fd0a463322a in event_call lib/event.c:1970 FRRouting#15 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 FRRouting#16 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 FRRouting#17 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 16 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100 FRRouting#2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83 FRRouting#3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108 FRRouting#4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145 FRRouting#5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162 FRRouting#6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483 FRRouting#7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289 FRRouting#8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 FRRouting#9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 FRRouting#10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 FRRouting#11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 FRRouting#12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 FRRouting#13 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685 FRRouting#14 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721 FRRouting#15 0x7fd0a455a7aa in hash_walk lib/hash.c:270 FRRouting#16 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062 FRRouting#17 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071 FRRouting#18 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769 FRRouting#19 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501 FRRouting#20 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683 FRRouting#21 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870 FRRouting#22 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695 FRRouting#23 0x7fd0a463322a in event_call lib/event.c:1970 FRRouting#24 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 FRRouting#25 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 FRRouting#26 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) SUMMARY: AddressSanitizer: 416 byte(s) leaked in 16 allocation(s). *********************************************************************************** Signed-off-by: ryndia <dindyalsarvesh@gmail.com>

The function aspath_remove_private_asns was using an aspath to perform some operation and didnt free it after usage leading to the leak below. *********************************************************************************** Address Sanitizer Error detected in bgp_remove_private_as_route_map.test_bgp_remove_private_as_route_map/r2.asan.bgpd.27074 ================================================================= ==27074==ERROR: LeakSanitizer: detected memory leaks Direct leak of 80 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7fd0a45932ff in qcalloc lib/memory.c:105 FRRouting#2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689 FRRouting#3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283 FRRouting#4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 FRRouting#5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 FRRouting#6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 FRRouting#7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 FRRouting#8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 FRRouting#9 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368 FRRouting#10 0x7fd0a463322a in event_call lib/event.c:1970 FRRouting#11 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 FRRouting#12 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 FRRouting#13 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 80 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7fd0a45932ff in qcalloc lib/memory.c:105 FRRouting#2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689 FRRouting#3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283 FRRouting#4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 FRRouting#5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 FRRouting#6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 FRRouting#7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 FRRouting#8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 FRRouting#9 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685 FRRouting#10 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721 FRRouting#11 0x7fd0a455a7aa in hash_walk lib/hash.c:270 FRRouting#12 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062 FRRouting#13 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071 FRRouting#14 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769 FRRouting#15 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501 FRRouting#16 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683 FRRouting#17 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870 FRRouting#18 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695 FRRouting#19 0x7fd0a463322a in event_call lib/event.c:1970 FRRouting#20 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 FRRouting#21 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 FRRouting#22 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 64 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7fd0a459301f in qmalloc lib/memory.c:100 FRRouting#2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551 FRRouting#3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659 FRRouting#4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484 FRRouting#5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289 FRRouting#6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 FRRouting#7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 FRRouting#8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 FRRouting#9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 FRRouting#10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 FRRouting#11 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368 FRRouting#12 0x7fd0a463322a in event_call lib/event.c:1970 FRRouting#13 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 FRRouting#14 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 FRRouting#15 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 64 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7fd0a459301f in qmalloc lib/memory.c:100 FRRouting#2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551 FRRouting#3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659 FRRouting#4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484 FRRouting#5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289 FRRouting#6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 FRRouting#7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 FRRouting#8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 FRRouting#9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 FRRouting#10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 FRRouting#11 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685 FRRouting#12 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721 FRRouting#13 0x7fd0a455a7aa in hash_walk lib/hash.c:270 FRRouting#14 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062 FRRouting#15 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071 FRRouting#16 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769 FRRouting#17 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501 FRRouting#18 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683 FRRouting#19 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870 FRRouting#20 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695 FRRouting#21 0x7fd0a463322a in event_call lib/event.c:1970 FRRouting#22 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 FRRouting#23 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 FRRouting#24 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 48 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7fd0a45932ff in qcalloc lib/memory.c:105 FRRouting#2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105 FRRouting#3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145 FRRouting#4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162 FRRouting#5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483 FRRouting#6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289 FRRouting#7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 FRRouting#8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 FRRouting#9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 FRRouting#10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 FRRouting#11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 FRRouting#12 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685 FRRouting#13 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721 FRRouting#14 0x7fd0a455a7aa in hash_walk lib/hash.c:270 FRRouting#15 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062 FRRouting#16 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071 FRRouting#17 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769 FRRouting#18 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501 FRRouting#19 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683 FRRouting#20 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870 FRRouting#21 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695 FRRouting#22 0x7fd0a463322a in event_call lib/event.c:1970 FRRouting#23 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 FRRouting#24 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 FRRouting#25 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 48 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7fd0a45932ff in qcalloc lib/memory.c:105 FRRouting#2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105 FRRouting#3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145 FRRouting#4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162 FRRouting#5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483 FRRouting#6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289 FRRouting#7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 FRRouting#8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 FRRouting#9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 FRRouting#10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 FRRouting#11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 FRRouting#12 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368 FRRouting#13 0x7fd0a463322a in event_call lib/event.c:1970 FRRouting#14 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 FRRouting#15 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 FRRouting#16 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 16 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7fd0a459301f in qmalloc lib/memory.c:100 FRRouting#2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83 FRRouting#3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108 FRRouting#4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145 FRRouting#5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162 FRRouting#6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483 FRRouting#7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289 FRRouting#8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 FRRouting#9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 FRRouting#10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 FRRouting#11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 FRRouting#12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 FRRouting#13 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368 FRRouting#14 0x7fd0a463322a in event_call lib/event.c:1970 FRRouting#15 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 FRRouting#16 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 FRRouting#17 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 16 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7fd0a459301f in qmalloc lib/memory.c:100 FRRouting#2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83 FRRouting#3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108 FRRouting#4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145 FRRouting#5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162 FRRouting#6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483 FRRouting#7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289 FRRouting#8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 FRRouting#9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 FRRouting#10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 FRRouting#11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 FRRouting#12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 FRRouting#13 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685 FRRouting#14 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721 FRRouting#15 0x7fd0a455a7aa in hash_walk lib/hash.c:270 FRRouting#16 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062 FRRouting#17 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071 FRRouting#18 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769 FRRouting#19 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501 FRRouting#20 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683 FRRouting#21 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870 FRRouting#22 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695 FRRouting#23 0x7fd0a463322a in event_call lib/event.c:1970 FRRouting#24 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 FRRouting#25 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 FRRouting#26 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) SUMMARY: AddressSanitizer: 416 byte(s) leaked in 16 allocation(s). *********************************************************************************** Signed-off-by: ryndia <dindyalsarvesh@gmail.com>

This commit ensures proper cleanup by deleting the gm_join_list when a PIM interface is deleted. The gm_join_list was previously not being freed, causing a memory leak. The ASan leak log for reference: ``` *********************************************************************************** Address Sanitizer Error detected in multicast_mld_join_topo1.test_multicast_mld_local_join/r1.asan.pim6d.28070 ================================================================= ==28070==ERROR: LeakSanitizer: detected memory leaks Direct leak of 40 byte(s) in 1 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105 FRRouting#2 0x56230372180f in list_new lib/linklist.c:49 FRRouting#3 0x56230361b589 in pim_if_gm_join_add pimd/pim_iface.c:1313 FRRouting#4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 FRRouting#5 0x562303767280 in nb_callback_create lib/northbound.c:1235 FRRouting#6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 FRRouting#7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 FRRouting#8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 FRRouting#9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 FRRouting#10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 FRRouting#11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 FRRouting#12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 FRRouting#13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053 FRRouting#14 0x5623036c6392 in cmd_execute lib/command.c:1221 FRRouting#15 0x5623037e75da in vty_command lib/vty.c:591 FRRouting#16 0x5623037e7a74 in vty_execute lib/vty.c:1354 FRRouting#17 0x5623037f0253 in vtysh_read lib/vty.c:2362 FRRouting#18 0x5623037db4e8 in event_call lib/event.c:1995 FRRouting#19 0x562303720f97 in frr_run lib/libfrr.c:1213 FRRouting#20 0x56230368615d in main pimd/pim6_main.c:184 FRRouting#21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 192 byte(s) in 4 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105 FRRouting#2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288 FRRouting#3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326 FRRouting#4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 FRRouting#5 0x562303767280 in nb_callback_create lib/northbound.c:1235 FRRouting#6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 FRRouting#7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 FRRouting#8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 FRRouting#9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 FRRouting#10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 FRRouting#11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 FRRouting#12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 FRRouting#13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053 FRRouting#14 0x5623036c6392 in cmd_execute lib/command.c:1221 FRRouting#15 0x5623037e75da in vty_command lib/vty.c:591 FRRouting#16 0x5623037e7a74 in vty_execute lib/vty.c:1354 FRRouting#17 0x5623037f0253 in vtysh_read lib/vty.c:2362 FRRouting#18 0x5623037db4e8 in event_call lib/event.c:1995 FRRouting#19 0x562303720f97 in frr_run lib/libfrr.c:1213 FRRouting#20 0x56230368615d in main pimd/pim6_main.c:184 FRRouting#21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 96 byte(s) in 4 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105 FRRouting#2 0x562303721651 in listnode_new lib/linklist.c:71 FRRouting#3 0x56230372182b in listnode_add lib/linklist.c:92 FRRouting#4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295 FRRouting#5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326 FRRouting#6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 FRRouting#7 0x562303767280 in nb_callback_create lib/northbound.c:1235 FRRouting#8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 FRRouting#9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 FRRouting#10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 FRRouting#11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 FRRouting#12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 FRRouting#13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 FRRouting#14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 FRRouting#15 0x5623036c5f1b in cmd_execute_command lib/command.c:1053 FRRouting#16 0x5623036c6392 in cmd_execute lib/command.c:1221 FRRouting#17 0x5623037e75da in vty_command lib/vty.c:591 FRRouting#18 0x5623037e7a74 in vty_execute lib/vty.c:1354 FRRouting#19 0x5623037f0253 in vtysh_read lib/vty.c:2362 FRRouting#20 0x5623037db4e8 in event_call lib/event.c:1995 FRRouting#21 0x562303720f97 in frr_run lib/libfrr.c:1213 FRRouting#22 0x56230368615d in main pimd/pim6_main.c:184 FRRouting#23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 48 byte(s) in 1 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105 FRRouting#2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288 FRRouting#3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326 FRRouting#4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 FRRouting#5 0x562303767280 in nb_callback_create lib/northbound.c:1235 FRRouting#6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 FRRouting#7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 FRRouting#8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 FRRouting#9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 FRRouting#10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 FRRouting#11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 FRRouting#12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 FRRouting#13 0x5623036c5f6f in cmd_execute_command lib/command.c:1072 FRRouting#14 0x5623036c6392 in cmd_execute lib/command.c:1221 FRRouting#15 0x5623037e75da in vty_command lib/vty.c:591 FRRouting#16 0x5623037e7a74 in vty_execute lib/vty.c:1354 FRRouting#17 0x5623037f0253 in vtysh_read lib/vty.c:2362 FRRouting#18 0x5623037db4e8 in event_call lib/event.c:1995 FRRouting#19 0x562303720f97 in frr_run lib/libfrr.c:1213 FRRouting#20 0x56230368615d in main pimd/pim6_main.c:184 FRRouting#21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105 FRRouting#2 0x562303721651 in listnode_new lib/linklist.c:71 FRRouting#3 0x56230372182b in listnode_add lib/linklist.c:92 FRRouting#4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295 FRRouting#5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326 FRRouting#6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 FRRouting#7 0x562303767280 in nb_callback_create lib/northbound.c:1235 FRRouting#8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 FRRouting#9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 FRRouting#10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 FRRouting#11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 FRRouting#12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 FRRouting#13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 FRRouting#14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 FRRouting#15 0x5623036c5f6f in cmd_execute_command lib/command.c:1072 FRRouting#16 0x5623036c6392 in cmd_execute lib/command.c:1221 FRRouting#17 0x5623037e75da in vty_command lib/vty.c:591 FRRouting#18 0x5623037e7a74 in vty_execute lib/vty.c:1354 FRRouting#19 0x5623037f0253 in vtysh_read lib/vty.c:2362 FRRouting#20 0x5623037db4e8 in event_call lib/event.c:1995 FRRouting#21 0x562303720f97 in frr_run lib/libfrr.c:1213 FRRouting#22 0x56230368615d in main pimd/pim6_main.c:184 FRRouting#23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) SUMMARY: AddressSanitizer: 400 byte(s) leaked in 11 allocation(s). *********************************************************************************** ``` Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com> (cherry picked from commit 24379f0)

Fix a crash when doing "show isis database detail json" in isis_srv6_topo1 topotest. > #0 raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50 > #1 0x00007fad89524e2c in core_handler (signo=6, siginfo=0x7ffe86a4b8b0, context=0x7ffe86a4b780) at lib/sigevent.c:258 > #2 <signal handler called> > #3 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 > FRRouting#4 0x00007fad8904e537 in __GI_abort () at abort.c:79 > FRRouting#5 0x00007fad8904e40f in __assert_fail_base (fmt=0x7fad891c5688 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x7fad8a3e70e8 "json_object_get_type(jso) == json_type_object", > file=0x7fad8a3e7064 "./json_object.c", line=590, function=<optimized out>) at assert.c:92 > FRRouting#6 0x00007fad8905d662 in __GI___assert_fail (assertion=0x7fad8a3e70e8 "json_object_get_type(jso) == json_type_object", file=0x7fad8a3e7064 "./json_object.c", line=590, > function=0x7fad8a3e7440 "json_object_object_add_ex") at assert.c:101 > FRRouting#7 0x00007fad8a3dfe93 in json_object_object_add_ex () from /lib/x86_64-linux-gnu/libjson-c.so.5 > FRRouting#8 0x000055708e3f8f7f in format_subsubtlv_srv6_sid_structure (sid_struct=0x602000172b70, buf=0x0, json=0x6040000a21d0, indent=6) at isisd/isis_tlvs.c:2880 > FRRouting#9 0x000055708e3f9acb in isis_format_subsubtlvs (subsubtlvs=0x602000172b50, buf=0x0, json=0x6040000a21d0, indent=6) at isisd/isis_tlvs.c:3022 > FRRouting#10 0x000055708e3eefb0 in format_item_ext_subtlvs (exts=0x614000047440, buf=0x0, json=0x6040000a2190, indent=2, mtid=2) at isisd/isis_tlvs.c:1313 > FRRouting#11 0x000055708e3fd599 in format_item_extended_reach (mtid=2, i=0x60300015aed0, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:3763 > FRRouting#12 0x000055708e40d46a in format_item (mtid=2, context=ISIS_CONTEXT_LSP, type=ISIS_TLV_MT_REACH, i=0x60300015aed0, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:6789 > FRRouting#13 0x000055708e40d4fc in format_items_ (mtid=2, context=ISIS_CONTEXT_LSP, type=ISIS_TLV_MT_REACH, items=0x60600021d160, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:6804 > FRRouting#14 0x000055708e40edbc in format_mt_items (context=ISIS_CONTEXT_LSP, type=ISIS_TLV_MT_REACH, m=0x6180000845d8, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:7147 > FRRouting#15 0x000055708e4111e9 in format_tlvs (tlvs=0x618000084480, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:7572 > FRRouting#16 0x000055708e4114ce in isis_format_tlvs (tlvs=0x618000084480, json=0x6040000a1bd0) at isisd/isis_tlvs.c:7613 > FRRouting#17 0x000055708e36f167 in lsp_print_detail (lsp=0x612000058b40, vty=0x0, json=0x6040000a1bd0, dynhost=1 '\001', isis=0x60d00001f800) at isisd/isis_lsp.c:785 > FRRouting#18 0x000055708e36f31f in lsp_print_all (vty=0x0, json=0x6040000a0490, head=0x61f000005488, detail=1 '\001', dynhost=1 '\001', isis=0x60d00001f800) at isisd/isis_lsp.c:820 > FRRouting#19 0x000055708e4379fc in show_isis_database_lspdb_json (json=0x6040000a0450, area=0x61f000005480, level=0, lspdb=0x61f000005488, sysid_str=0x0, ui_level=1) at isisd/isisd.c:2683 > FRRouting#20 0x000055708e437ef9 in show_isis_database_json (json=0x6040000a0310, sysid_str=0x0, ui_level=1, isis=0x60d00001f800) at isisd/isisd.c:2754 > FRRouting#21 0x000055708e438357 in show_isis_database_common (vty=0x62e000060400, json=0x6040000a0310, sysid_str=0x0, ui_level=1, isis=0x60d00001f800) at isisd/isisd.c:2788 > FRRouting#22 0x000055708e438591 in show_isis_database (vty=0x62e000060400, json=0x6040000a0310, sysid_str=0x0, ui_level=1, vrf_name=0x7fad89806300 <vrf_default_name> "default", all_vrf=false) > at isisd/isisd.c:2825 > FRRouting#23 0x000055708e43891d in show_database (self=0x55708e5519c0 <show_database_cmd>, vty=0x62e000060400, argc=5, argv=0x6040000a02d0) at isisd/isisd.c:2855 > FRRouting#24 0x00007fad893a9767 in cmd_execute_command_real (vline=0x60300015f220, vty=0x62e000060400, cmd=0x0, up_level=0) at lib/command.c:1002 > FRRouting#25 0x00007fad893a9adc in cmd_execute_command (vline=0x60300015f220, vty=0x62e000060400, cmd=0x0, vtysh=0) at lib/command.c:1061 > FRRouting#26 0x00007fad893aa728 in cmd_execute (vty=0x62e000060400, cmd=0x621000025900 "show isis database detail json ", matched=0x0, vtysh=0) at lib/command.c:1227 Note that prior to 2e670cd, there was also a crash when several SRv6 End SIDs were present. Fixes: 2e670cd ("isisd: fix display of srv6 subsubtlvs") Fixes: 648a158 ("isisd: Add SRv6 End.X SID to Sub-TLV format func") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

Fix a crash when doing "show isis database detail json" in isis_srv6_topo1 topotest. > #0 raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50 > #1 0x00007fad89524e2c in core_handler (signo=6, siginfo=0x7ffe86a4b8b0, context=0x7ffe86a4b780) at lib/sigevent.c:258 > #2 <signal handler called> > #3 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 > FRRouting#4 0x00007fad8904e537 in __GI_abort () at abort.c:79 > FRRouting#5 0x00007fad8904e40f in __assert_fail_base (fmt=0x7fad891c5688 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x7fad8a3e70e8 "json_object_get_type(jso) == json_type_object", > file=0x7fad8a3e7064 "./json_object.c", line=590, function=<optimized out>) at assert.c:92 > FRRouting#6 0x00007fad8905d662 in __GI___assert_fail (assertion=0x7fad8a3e70e8 "json_object_get_type(jso) == json_type_object", file=0x7fad8a3e7064 "./json_object.c", line=590, > function=0x7fad8a3e7440 "json_object_object_add_ex") at assert.c:101 > FRRouting#7 0x00007fad8a3dfe93 in json_object_object_add_ex () from /lib/x86_64-linux-gnu/libjson-c.so.5 > FRRouting#8 0x000055708e3f8f7f in format_subsubtlv_srv6_sid_structure (sid_struct=0x602000172b70, buf=0x0, json=0x6040000a21d0, indent=6) at isisd/isis_tlvs.c:2880 > FRRouting#9 0x000055708e3f9acb in isis_format_subsubtlvs (subsubtlvs=0x602000172b50, buf=0x0, json=0x6040000a21d0, indent=6) at isisd/isis_tlvs.c:3022 > FRRouting#10 0x000055708e3eefb0 in format_item_ext_subtlvs (exts=0x614000047440, buf=0x0, json=0x6040000a2190, indent=2, mtid=2) at isisd/isis_tlvs.c:1313 > FRRouting#11 0x000055708e3fd599 in format_item_extended_reach (mtid=2, i=0x60300015aed0, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:3763 > FRRouting#12 0x000055708e40d46a in format_item (mtid=2, context=ISIS_CONTEXT_LSP, type=ISIS_TLV_MT_REACH, i=0x60300015aed0, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:6789 > FRRouting#13 0x000055708e40d4fc in format_items_ (mtid=2, context=ISIS_CONTEXT_LSP, type=ISIS_TLV_MT_REACH, items=0x60600021d160, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:6804 > FRRouting#14 0x000055708e40edbc in format_mt_items (context=ISIS_CONTEXT_LSP, type=ISIS_TLV_MT_REACH, m=0x6180000845d8, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:7147 > FRRouting#15 0x000055708e4111e9 in format_tlvs (tlvs=0x618000084480, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:7572 > FRRouting#16 0x000055708e4114ce in isis_format_tlvs (tlvs=0x618000084480, json=0x6040000a1bd0) at isisd/isis_tlvs.c:7613 > FRRouting#17 0x000055708e36f167 in lsp_print_detail (lsp=0x612000058b40, vty=0x0, json=0x6040000a1bd0, dynhost=1 '\001', isis=0x60d00001f800) at isisd/isis_lsp.c:785 > FRRouting#18 0x000055708e36f31f in lsp_print_all (vty=0x0, json=0x6040000a0490, head=0x61f000005488, detail=1 '\001', dynhost=1 '\001', isis=0x60d00001f800) at isisd/isis_lsp.c:820 > FRRouting#19 0x000055708e4379fc in show_isis_database_lspdb_json (json=0x6040000a0450, area=0x61f000005480, level=0, lspdb=0x61f000005488, sysid_str=0x0, ui_level=1) at isisd/isisd.c:2683 > FRRouting#20 0x000055708e437ef9 in show_isis_database_json (json=0x6040000a0310, sysid_str=0x0, ui_level=1, isis=0x60d00001f800) at isisd/isisd.c:2754 > FRRouting#21 0x000055708e438357 in show_isis_database_common (vty=0x62e000060400, json=0x6040000a0310, sysid_str=0x0, ui_level=1, isis=0x60d00001f800) at isisd/isisd.c:2788 > FRRouting#22 0x000055708e438591 in show_isis_database (vty=0x62e000060400, json=0x6040000a0310, sysid_str=0x0, ui_level=1, vrf_name=0x7fad89806300 <vrf_default_name> "default", all_vrf=false) > at isisd/isisd.c:2825 > FRRouting#23 0x000055708e43891d in show_database (self=0x55708e5519c0 <show_database_cmd>, vty=0x62e000060400, argc=5, argv=0x6040000a02d0) at isisd/isisd.c:2855 > FRRouting#24 0x00007fad893a9767 in cmd_execute_command_real (vline=0x60300015f220, vty=0x62e000060400, cmd=0x0, up_level=0) at lib/command.c:1002 > FRRouting#25 0x00007fad893a9adc in cmd_execute_command (vline=0x60300015f220, vty=0x62e000060400, cmd=0x0, vtysh=0) at lib/command.c:1061 > FRRouting#26 0x00007fad893aa728 in cmd_execute (vty=0x62e000060400, cmd=0x621000025900 "show isis database detail json ", matched=0x0, vtysh=0) at lib/command.c:1227 Note that prior to 2e670cd, there was no crash but only the last "srv6-sid-structure" was displayed. A "srv6-sid-structure" should be displayed for each "sid". This commit also fix this. Was: > "srv6-lan-endx-sid": [ > { > "sid": "fc00:0:1:1::", > "weight": 0, > "algorithm": "SPF", > "neighbor-id": "0000.0000.0002" > }, > { > "sid": "fc00:0:1:2::", > "weight": 0, > "algorithm": "SPF", > "neighbor-id": "0000.0000.0003" > } > ], > "srv6-sid-structure": { > "loc-block-len": 32, > "loc-node-len": 16, > "func-len": 16, > "arg-len": 0 > }, Now (srv6-sid-structure are identical but they are not always): > "srv6-lan-endx-sid": [ > { > "sid": "fc00:0:1:1::", > "algorithm": "SPF", > "neighbor-id": "0000.0000.0002", > "srv6-sid-structure": { > "loc-block-len": 32, > "loc-node-len": 16, > "func-len": 8, > "arg-len": 0 > }, > }, > { > "sid": "fc00:0:1:2::", > "algorithm": "SPF", > "neighbor-id": "0000.0000.0003", > "srv6-sid-structure": { > "loc-block-len": 32, > "loc-node-len": 16, > "func-len": 16, > "arg-len": 0 > }, > } > ], Fixes: 2e670cd ("isisd: fix display of srv6 subsubtlvs") Fixes: 648a158 ("isisd: Add SRv6 End.X SID to Sub-TLV format func") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

Fix the following crash when pim options are (un)configured on an non-existent interface. > r1(config)# int fgljdsf > r1(config-if)# no ip pim unicast-bsm > vtysh: error reading from pimd: Connection reset by peer (104)Warning: closing connection to pimd because of an I/O error! > #0 raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50 > #1 0x00007f70c8f32249 in core_handler (signo=11, siginfo=0x7fffff88e4f0, context=0x7fffff88e3c0) at lib/sigevent.c:258 > #2 <signal handler called> > #3 0x0000556cfdd9b16d in lib_interface_pim_address_family_unicast_bsm_modify (args=0x7fffff88f130) at pimd/pim_nb_config.c:1910 > FRRouting#4 0x00007f70c8efdcb5 in nb_callback_modify (context=0x556d00032b60, nb_node=0x556cffeeb9b0, event=NB_EV_APPLY, dnode=0x556d00031670, resource=0x556d00032b48, errmsg=0x7fffff88f710 "", errmsg_len=8192) > at lib/northbound.c:1538 > FRRouting#5 0x00007f70c8efe949 in nb_callback_configuration (context=0x556d00032b60, event=NB_EV_APPLY, change=0x556d00032b10, errmsg=0x7fffff88f710 "", errmsg_len=8192) at lib/northbound.c:1888 > FRRouting#6 0x00007f70c8efee82 in nb_transaction_process (event=NB_EV_APPLY, transaction=0x556d00032b60, errmsg=0x7fffff88f710 "", errmsg_len=8192) at lib/northbound.c:2016 > FRRouting#7 0x00007f70c8efd658 in nb_candidate_commit_apply (transaction=0x556d00032b60, save_transaction=true, transaction_id=0x0, errmsg=0x7fffff88f710 "", errmsg_len=8192) at lib/northbound.c:1356 > FRRouting#8 0x00007f70c8efd78e in nb_candidate_commit (context=..., candidate=0x556cffeb0e80, save_transaction=true, comment=0x0, transaction_id=0x0, errmsg=0x7fffff88f710 "", errmsg_len=8192) at lib/northbound.c:1389 > FRRouting#9 0x00007f70c8f03e58 in nb_cli_classic_commit (vty=0x556d00025a80) at lib/northbound_cli.c:51 > FRRouting#10 0x00007f70c8f043f8 in nb_cli_apply_changes_internal (vty=0x556d00025a80, > xpath_base=0x7fffff893bb0 "/frr-interface:lib/interface[name='fgljdsf']/frr-pim:pim/address-family[address-family='frr-routing:ipv4']", clear_pending=false) at lib/northbound_cli.c:178 > FRRouting#11 0x00007f70c8f0475d in nb_cli_apply_changes (vty=0x556d00025a80, xpath_base_fmt=0x556cfdde9fe0 "./frr-pim:pim/address-family[address-family='%s']") at lib/northbound_cli.c:234 > FRRouting#12 0x0000556cfdd8298f in pim_process_no_unicast_bsm_cmd (vty=0x556d00025a80) at pimd/pim_cmd_common.c:3493 > FRRouting#13 0x0000556cfddcf782 in no_ip_pim_ucast_bsm (self=0x556cfde40b20 <no_ip_pim_ucast_bsm_cmd>, vty=0x556d00025a80, argc=4, argv=0x556d00031500) at pimd/pim_cmd.c:4950 > FRRouting#14 0x00007f70c8e942f0 in cmd_execute_command_real (vline=0x556d00032070, vty=0x556d00025a80, cmd=0x0, up_level=0) at lib/command.c:1002 > FRRouting#15 0x00007f70c8e94451 in cmd_execute_command (vline=0x556d00032070, vty=0x556d00025a80, cmd=0x0, vtysh=0) at lib/command.c:1061 > FRRouting#16 0x00007f70c8e9499f in cmd_execute (vty=0x556d00025a80, cmd=0x556d00030320 "no ip pim unicast-bsm", matched=0x0, vtysh=0) at lib/command.c:1227 > FRRouting#17 0x00007f70c8f51e44 in vty_command (vty=0x556d00025a80, buf=0x556d00030320 "no ip pim unicast-bsm") at lib/vty.c:616 > FRRouting#18 0x00007f70c8f53bdd in vty_execute (vty=0x556d00025a80) at lib/vty.c:1379 > FRRouting#19 0x00007f70c8f55d59 in vtysh_read (thread=0x7fffff896600) at lib/vty.c:2374 > FRRouting#20 0x00007f70c8f4b209 in event_call (thread=0x7fffff896600) at lib/event.c:2011 > FRRouting#21 0x00007f70c8ed109e in frr_run (master=0x556cffdb4ea0) at lib/libfrr.c:1217 > FRRouting#22 0x0000556cfdddec12 in main (argc=2, argv=0x7fffff896828, envp=0x7fffff896840) at pimd/pim_main.c:165 > (gdb) f 3 > #3 0x0000556cfdd9b16d in lib_interface_pim_address_family_unicast_bsm_modify (args=0x7fffff88f130) at pimd/pim_nb_config.c:1910 > 1910 pim_ifp->ucast_bsm_accept = > (gdb) list > 1905 case NB_EV_ABORT: > 1906 break; > 1907 case NB_EV_APPLY: > 1908 ifp = nb_running_get_entry(args->dnode, NULL, true); > 1909 pim_ifp = ifp->info; > 1910 pim_ifp->ucast_bsm_accept = > 1911 yang_dnode_get_bool(args->dnode, NULL); > 1912 > 1913 break; > 1914 } > (gdb) p pim_ifp > $1 = (struct pim_interface *) 0x0 Fixes: 3bb513c ("lib: adapt to version 2 of libyang") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

The following ASAN error can be seen. > ERROR: AddressSanitizer: attempting to call malloc_usable_size() for pointer which is not owned: 0x608000036c20 > #0 0x7f3d7a4b5425 in __interceptor_malloc_usable_size ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:198 > FRRouting#1 0x7f3d7a426a16 in __sanitizer::BufferedStackTrace::Unwind(unsigned long, unsigned long, void*, bool, unsigned int) ../../../../src/libsanitizer/sanitizer_common > /sanitizer_stacktrace.h:122 > FRRouting#2 0x7f3d7a426a16 in __asan::asan_malloc_usable_size(void const*, unsigned long, unsigned long) ../../../../src/libsanitizer/asan/asan_allocator.cpp:1074 > FRRouting#3 0x7f3d7a03f330 in mt_count_free lib/memory.c:78 > FRRouting#4 0x7f3d7a03f330 in qfree lib/memory.c:130 > FRRouting#5 0x7f3d76ccf89b in bmp_peer_status_changed bgpd/bgp_bmp.c:982 > FRRouting#6 0x560ae2aa6a94 in hook_call_peer_status_changed bgpd/bgp_fsm.c:47 > FRRouting#7 0x560ae2aa6a94 in bgp_fsm_change_status bgpd/bgp_fsm.c:1287 > FRRouting#8 0x560ae2c4f2e5 in peer_delete bgpd/bgpd.c:2777 > FRRouting#9 0x560ae2c58d24 in bgp_delete bgpd/bgpd.c:4140 > FRRouting#10 0x560ae2bbb47e in no_router_bgp bgpd/bgp_vty.c:1764 > FRRouting#11 0x7f3d79fb74ed in cmd_execute_command_real lib/command.c:1003 > FRRouting#12 0x7f3d79fb78a3 in cmd_execute_command lib/command.c:1062 > FRRouting#13 0x7f3d79fb7e03 in cmd_execute lib/command.c:1228 > FRRouting#14 0x7f3d7a107b53 in vty_command lib/vty.c:625 > FRRouting#15 0x7f3d7a109902 in vty_execute lib/vty.c:1388 > FRRouting#16 0x7f3d7a10cc32 in vtysh_read lib/vty.c:2400 > FRRouting#17 0x7f3d7a0f848b in event_call lib/event.c:2019 > FRRouting#18 0x7f3d7a01e627 in frr_run lib/libfrr.c:1232 > FRRouting#19 0x560ae29e0037 in main bgpd/bgp_main.c:555 > FRRouting#20 0x7f3d79a29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > FRRouting#21 0x7f3d79a29e3f in __libc_start_main_impl ../csu/libc-start.c:392 > FRRouting#22 0x560ae29e4ef4 in _start (/usr/lib/frr/bgpd+0x2eeef4) > > 0x608000036c20 is located 0 bytes inside of 81-byte region [0x608000036c20,0x608000036c71) > freed by thread T0 here: > #0 0x7f3d7a4b4537 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 > FRRouting#1 0x7f3d76ccf85f in bmp_peer_status_changed bgpd/bgp_bmp.c:981 > FRRouting#2 0x560ae2aa6a94 in hook_call_peer_status_changed bgpd/bgp_fsm.c:47 > FRRouting#3 0x560ae2aa6a94 in bgp_fsm_change_status bgpd/bgp_fsm.c:1287 > FRRouting#4 0x560ae2c4f2e5 in peer_delete bgpd/bgpd.c:2777 > FRRouting#5 0x560ae2c58d24 in bgp_delete bgpd/bgpd.c:4140 > FRRouting#6 0x560ae2bbb47e in no_router_bgp bgpd/bgp_vty.c:1764 > FRRouting#7 0x7f3d79fb74ed in cmd_execute_command_real lib/command.c:1003 > FRRouting#8 0x7f3d79fb78a3 in cmd_execute_command lib/command.c:1062 > FRRouting#9 0x7f3d79fb7e03 in cmd_execute lib/command.c:1228 > FRRouting#10 0x7f3d7a107b53 in vty_command lib/vty.c:625 > FRRouting#11 0x7f3d7a109902 in vty_execute lib/vty.c:1388 > FRRouting#12 0x7f3d7a10cc32 in vtysh_read lib/vty.c:2400 > FRRouting#13 0x7f3d7a0f848b in event_call lib/event.c:2019 > FRRouting#14 0x7f3d7a01e627 in frr_run lib/libfrr.c:1232 > FRRouting#15 0x560ae29e0037 in main bgpd/bgp_main.c:555 > FRRouting#16 0x7f3d79a29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > > previously allocated by thread T0 here: > #0 0x7f3d7a4b4887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145 > FRRouting#1 0x7f3d7a03f0e9 in qmalloc lib/memory.c:101 > FRRouting#2 0x7f3d76cd0166 in bmp_bgp_peer_vrf bgpd/bgp_bmp.c:2194 > FRRouting#3 0x7f3d76cd0166 in bmp_bgp_update_vrf_status bgpd/bgp_bmp.c:2236 > FRRouting#4 0x7f3d76cd29b8 in bmp_vrf_state_changed bgpd/bgp_bmp.c:3479 > FRRouting#5 0x560ae2c45b34 in hook_call_bgp_instance_state bgpd/bgpd.c:88 > FRRouting#6 0x560ae2c4d158 in bgp_instance_up bgpd/bgpd.c:3936 > FRRouting#7 0x560ae29e5ed1 in bgp_vrf_enable bgpd/bgp_main.c:299 > FRRouting#8 0x7f3d7a0ff8b1 in vrf_enable lib/vrf.c:286 > FRRouting#9 0x7f3d7a0ff8b1 in vrf_enable lib/vrf.c:275 > FRRouting#10 0x7f3d7a12ab66 in zclient_vrf_add lib/zclient.c:2561 > FRRouting#11 0x7f3d7a12eb43 in zclient_read lib/zclient.c:4624 > FRRouting#12 0x7f3d7a0f848b in event_call lib/event.c:2019 > FRRouting#13 0x7f3d7a01e627 in frr_run lib/libfrr.c:1232 > FRRouting#14 0x560ae29e0037 in main bgpd/bgp_main.c:555 > FRRouting#15 0x7f3d79a29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>

With soft reconfiguration, the BGP attributes are interned, but the EVPN attributes contained by the standard attributes are also interned. However, during BGP route processing, we performed a copy of the attributes in a new_attr struct, performing a shallow-copy. This made two structs point to the same interned EVPN attributes, freeing the attributes at the end of the input processing. Fix the double-free by increasing the refcount when shallow-copying the attributes. The direct symptom can be seen with a topotest, where bgpd segfaults on exit when cleaning up peer data: FRRouting#12 0x00007fc57d6a8ff5 in malloc_printerr (str=str@entry=0x7fc57d7d18a0 "malloc_consolidate(): unaligned fastbin chunk detected") at ./malloc/malloc.c:5772 FRRouting#13 0x00007fc57d6a9d4c in malloc_consolidate (av=0x7fc57d803ac0 <main_arena>) at ./malloc/malloc.c:4846 FRRouting#14 0x00007fc57d6aada5 in _int_free_maybe_consolidate (av=0x7fc57d803ac0 <main_arena>, size=<optimized out>) at ./malloc/malloc.c:4779 FRRouting#15 0x00007fc57d6ab43a in _int_free (av=0x7fc57d803ac0 <main_arena>, p=<optimized out>, have_lock=<optimized out>) at ./malloc/malloc.c:4646 FRRouting#16 0x00007fc57d6addae in __GI___libc_free (mem=0x55704295e8a0) at ./malloc/malloc.c:3398 FRRouting#17 0x00007fc57dada55e in qfree (mt=mt@entry=0x7fc57dc34e60 <MTYPE_STREAM>, ptr=<optimized out>) at lib/memory.c:131 FRRouting#18 0x00007fc57db1b8f8 in stream_free (s=<optimized out>) at lib/stream.c:109 FRRouting#19 0x000055704186539e in sync_delete (subgrp=0x557042957f00) at bgpd/bgp_updgrp.c:108 FRRouting#20 update_subgroup_delete (subgrp=0x557042957f00) at bgpd/bgp_updgrp.c:1167 FRRouting#21 0x0000557041866c75 in update_subgroup_check_delete (subgrp=<optimized out>) at bgpd/bgp_updgrp.c:1202 FRRouting#22 0x00005570417fbf51 in update_group_remove_peer_afs (peer=<optimized out>) at ./bgpd/bgp_updgrp.h:523 FRRouting#23 bgp_stop (connection=<optimized out>) at bgpd/bgp_fsm.c:1478 FRRouting#24 0x0000557041800357 in bgp_event_update (connection=0x557042956b50, event=TCP_connection_closed) at bgpd/bgp_fsm.c:2655 FRRouting#25 0x00007fc57db28fae in event_call (thread=thread@entry=0x7ffe0c687760) at lib/event.c:2019 FRRouting#26 0x00007fc57daccb28 in frr_run (master=0x5570421106e0) at lib/libfrr.c:1247 FRRouting#27 0x00005570417b1fd3 in main (argc=<optimized out>, argv=0x7ffe0c687a28) at bgpd/bgp_main.c:557 Fixes: 4ace11d ("bgpd: Move evpn_overlay to a pointer")

With soft reconfiguration, the BGP attributes are interned, but the EVPN attributes contained by the standard attributes are also interned. However, during BGP route processing, we performed a copy of the attributes in a new_attr struct, performing a shallow-copy. This made two structs point to the same interned EVPN attributes, freeing the attributes at the end of the input processing. Fix the double-free by increasing the refcount when shallow-copying the attributes. The direct symptom can be seen with a topotest, where bgpd segfaults on exit when cleaning up peer data: (gdb) bt FRRouting#12 0x00007fc57d6a8ff5 in malloc_printerr (str=str@entry=0x7fc57d7d18a0 "malloc_consolidate(): unaligned fastbin chunk detected") at ./malloc/malloc.c:5772 FRRouting#13 0x00007fc57d6a9d4c in malloc_consolidate (av=0x7fc57d803ac0 <main_arena>) at ./malloc/malloc.c:4846 FRRouting#14 0x00007fc57d6aada5 in _int_free_maybe_consolidate (av=0x7fc57d803ac0 <main_arena>, size=<optimized out>) at ./malloc/malloc.c:4779 FRRouting#15 0x00007fc57d6ab43a in _int_free (av=0x7fc57d803ac0 <main_arena>, p=<optimized out>, have_lock=<optimized out>) at ./malloc/malloc.c:4646 FRRouting#16 0x00007fc57d6addae in __GI___libc_free (mem=0x55704295e8a0) at ./malloc/malloc.c:3398 FRRouting#17 0x00007fc57dada55e in qfree (mt=mt@entry=0x7fc57dc34e60 <MTYPE_STREAM>, ptr=<optimized out>) at lib/memory.c:131 FRRouting#18 0x00007fc57db1b8f8 in stream_free (s=<optimized out>) at lib/stream.c:109 FRRouting#19 0x000055704186539e in sync_delete (subgrp=0x557042957f00) at bgpd/bgp_updgrp.c:108 FRRouting#20 update_subgroup_delete (subgrp=0x557042957f00) at bgpd/bgp_updgrp.c:1167 FRRouting#21 0x0000557041866c75 in update_subgroup_check_delete (subgrp=<optimized out>) at bgpd/bgp_updgrp.c:1202 FRRouting#22 0x00005570417fbf51 in update_group_remove_peer_afs (peer=<optimized out>) at ./bgpd/bgp_updgrp.h:523 FRRouting#23 bgp_stop (connection=<optimized out>) at bgpd/bgp_fsm.c:1478 FRRouting#24 0x0000557041800357 in bgp_event_update (connection=0x557042956b50, event=TCP_connection_closed) at bgpd/bgp_fsm.c:2655 FRRouting#25 0x00007fc57db28fae in event_call (thread=thread@entry=0x7ffe0c687760) at lib/event.c:2019 FRRouting#26 0x00007fc57daccb28 in frr_run (master=0x5570421106e0) at lib/libfrr.c:1247 FRRouting#27 0x00005570417b1fd3 in main (argc=<optimized out>, argv=0x7ffe0c687a28) at bgpd/bgp_main.c:557 Situation is even worse in real-world case where the route actually leaves to other peers, as the free'd memory will quickly get reallocated, trampled over, and trigger an assert on IP type (same one as the previous route-map patch): (gdb) bt FRRouting#4 0x00007570922b1569 in _zlog_assert_failed (xref=xref@entry=0x5e9e11716280 <_xref.1>, extra=extra@entry=0x0) at ../lib/zlog.c:767 FRRouting#5 0x00005e9e114f005e in ipaddr_cmp (b=<optimized out>, a=<optimized out>) at ../lib/ipaddr.h:153 FRRouting#6 bgp_route_evpn_same (e1=<optimized out>, e2=<optimized out>) at ../bgpd/bgp_attr_evpn.c:36 FRRouting#7 0x00005e9e114e854b in overlay_index_same (a2=0x7ffc880779b0, a1=0x5e9e3cd16670) at ../bgpd/bgp_attr.h:632 FRRouting#8 attrhash_cmp (p1=0x5e9e3cd16670, p2=0x7ffc880779b0) at ../bgpd/bgp_attr.c:921 FRRouting#9 0x000075709222bd93 in hash_get (hash=0x5e9e3d1a3d70, data=data@entry=0x7ffc880779b0, alloc_func=alloc_func@entry=0x5e9e114e78a0 <bgp_attr_hash_alloc>) at ../lib/hash.c:142 FRRouting#10 0x00005e9e114e89f4 in bgp_attr_intern (attr=attr@entry=0x7ffc880779b0) at ../bgpd/bgp_attr.c:1134 FRRouting#11 0x00005e9e11621443 in bgp_advertise_attr_intern (hash=0x5e9e3d45bdc0, attr=attr@entry=0x7ffc880779b0) at ../bgpd/bgp_advertise.c:106 FRRouting#12 0x00005e9e1159317d in bgp_adj_out_set_subgroup (dest=dest@entry=0x5e9e3d45ca50, subgrp=subgrp@entry=0x5e9e3d45bcc0, attr=attr@entry=0x7ffc880779b0, path=path@entry=0x5e9e3d465010) at ../bgpd/bgp_updgrp_adv.c:618 FRRouting#13 0x00005e9e115666f1 in subgroup_process_announce_selected (subgrp=subgrp@entry=0x5e9e3d45bcc0, selected=<optimized out>, dest=0x5e9e3d45ca50, afi=afi@entry=AFI_L2VPN, safi=safi@entry=SAFI_EVPN, addpath_tx_id=0) at ../bgpd/bgp_route.c:3362 FRRouting#14 0x00005e9e11592a1f in group_announce_route_walkcb (updgrp=<optimized out>, arg=<optimized out>) at ../bgpd/bgp_updgrp_adv.c:260 FRRouting#15 0x000075709222c21a in hash_walk (hash=0x5e9e3d4390e0, func=func@entry=0x5e9e1158e3e0 <update_group_walkcb>, arg=arg@entry=0x7ffc88077be0) at ../lib/hash.c:270 FRRouting#16 0x00005e9e11591c77 in update_group_af_walk (bgp=bgp@entry=0x5e9e3d426eb0, afi=<optimized out>, safi=<optimized out>, cb=cb@entry=0x5e9e11592960 <group_announce_route_walkcb>, ctx=ctx@entry=0x7ffc88077c70) at ../bgpd/bgp_updgrp.c:2074 FRRouting#17 0x00005e9e115943e9 in group_announce_route (bgp=bgp@entry=0x5e9e3d426eb0, afi=afi@entry=AFI_L2VPN, safi=safi@entry=SAFI_EVPN, dest=dest@entry=0x5e9e3d45ca50, pi=pi@entry=0x5e9e3d465010) at ../bgpd/bgp_updgrp_adv.c:1119 FRRouting#18 0x00005e9e11562789 in bgp_process_main_one (bgp=bgp@entry=0x5e9e3d426eb0, dest=dest@entry=0x5e9e3d45ca50, afi=AFI_L2VPN, safi=SAFI_EVPN) at ../bgpd/bgp_route.c:3889 FRRouting#19 0x00005e9e11563088 in bgp_process_wq (wq=<optimized out>, data=0x5e9e3d467310) at ../bgpd/bgp_route.c:4015 FRRouting#20 0x000075709229eaa3 in work_queue_run (thread=0x7ffc88077ec0) at ../lib/workqueue.c:282 FRRouting#21 0x0000757092291d71 in event_call (thread=thread@entry=0x7ffc88077ec0) at ../lib/event.c:1996 FRRouting#22 0x000075709223a590 in frr_run (master=0x5e9e3cce2f10) at ../lib/libfrr.c:1232 FRRouting#23 0x00005e9e114e488e in main (argc=<optimized out>, argv=0x7ffc88078178) at ../bgpd/bgp_main.c:555 Indeed, the prefixes are complete garbage: (gdb) up FRRouting#7 0x00005e9e114e854b in overlay_index_same (a2=0x7ffc880779b0, a1=0x5e9e3cd16670) at ../bgpd/bgp_attr.h:632 (gdb) p/x a2->evpn_overlay->gw_ip $2 = {ipa_type = 0x20, ip = {addr = 0x0, addrbytes = {0x0, 0x0, 0x0, 0x0, 0x41, 0xd4, 0xe3, 0xe9, 0x5, 0x0, 0x0, 0x0, 0xed, 0x46, 0xb2, 0x24}, _v4_addr = {s_addr = 0x0}, _v6_addr = {__in6_u = {__u6_addr8 = {0x0, 0x0, 0x0, 0x0, 0x41, 0xd4, 0xe3, 0xe9, 0x5, 0x0, 0x0, 0x0, 0xed, 0x46, 0xb2, 0x24}, __u6_addr16 = {0x0, 0x0, 0xd441, 0xe9e3, 0x5, 0x0, 0x46ed, 0x24b2}, __u6_addr32 = {0x0, 0xe9e3d441, 0x5, 0x24b246ed}}}}} Fixes: 4ace11d ("bgpd: Move evpn_overlay to a pointer")

With soft reconfiguration, the BGP attributes are interned, but the EVPN attributes contained by the standard attributes are also interned. However, during BGP route processing, we performed a copy of the attributes in a new_attr struct, performing a shallow-copy. This made two structs point to the same interned EVPN attributes, freeing the attributes at the end of the input processing. Fix the double-free by increasing the refcount when shallow-copying the attributes. The direct symptom can be seen with a topotest, where bgpd segfaults on exit when cleaning up peer data: (gdb) bt FRRouting#12 0x00007fc57d6a8ff5 in malloc_printerr (str=str@entry=0x7fc57d7d18a0 "malloc_consolidate(): unaligned fastbin chunk detected") at ./malloc/malloc.c:5772 FRRouting#13 0x00007fc57d6a9d4c in malloc_consolidate (av=0x7fc57d803ac0 <main_arena>) at ./malloc/malloc.c:4846 FRRouting#14 0x00007fc57d6aada5 in _int_free_maybe_consolidate (av=0x7fc57d803ac0 <main_arena>, size=<optimized out>) at ./malloc/malloc.c:4779 FRRouting#15 0x00007fc57d6ab43a in _int_free (av=0x7fc57d803ac0 <main_arena>, p=<optimized out>, have_lock=<optimized out>) at ./malloc/malloc.c:4646 FRRouting#16 0x00007fc57d6addae in __GI___libc_free (mem=0x55704295e8a0) at ./malloc/malloc.c:3398 FRRouting#17 0x00007fc57dada55e in qfree (mt=mt@entry=0x7fc57dc34e60 <MTYPE_STREAM>, ptr=<optimized out>) at lib/memory.c:131 FRRouting#18 0x00007fc57db1b8f8 in stream_free (s=<optimized out>) at lib/stream.c:109 FRRouting#19 0x000055704186539e in sync_delete (subgrp=0x557042957f00) at bgpd/bgp_updgrp.c:108 FRRouting#20 update_subgroup_delete (subgrp=0x557042957f00) at bgpd/bgp_updgrp.c:1167 FRRouting#21 0x0000557041866c75 in update_subgroup_check_delete (subgrp=<optimized out>) at bgpd/bgp_updgrp.c:1202 FRRouting#22 0x00005570417fbf51 in update_group_remove_peer_afs (peer=<optimized out>) at ./bgpd/bgp_updgrp.h:523 FRRouting#23 bgp_stop (connection=<optimized out>) at bgpd/bgp_fsm.c:1478 FRRouting#24 0x0000557041800357 in bgp_event_update (connection=0x557042956b50, event=TCP_connection_closed) at bgpd/bgp_fsm.c:2655 FRRouting#25 0x00007fc57db28fae in event_call (thread=thread@entry=0x7ffe0c687760) at lib/event.c:2019 FRRouting#26 0x00007fc57daccb28 in frr_run (master=0x5570421106e0) at lib/libfrr.c:1247 FRRouting#27 0x00005570417b1fd3 in main (argc=<optimized out>, argv=0x7ffe0c687a28) at bgpd/bgp_main.c:557 Situation is even worse in real-world case where the route actually leaves to other peers, as the free'd memory will quickly get reallocated, trampled over, and trigger an assert on IP type (same one as the previous route-map patch): (gdb) bt FRRouting#4 0x00007570922b1569 in _zlog_assert_failed (xref=xref@entry=0x5e9e11716280 <_xref.1>, extra=extra@entry=0x0) at ../lib/zlog.c:767 FRRouting#5 0x00005e9e114f005e in ipaddr_cmp (b=<optimized out>, a=<optimized out>) at ../lib/ipaddr.h:153 FRRouting#6 bgp_route_evpn_same (e1=<optimized out>, e2=<optimized out>) at ../bgpd/bgp_attr_evpn.c:36 FRRouting#7 0x00005e9e114e854b in overlay_index_same (a2=0x7ffc880779b0, a1=0x5e9e3cd16670) at ../bgpd/bgp_attr.h:632 FRRouting#8 attrhash_cmp (p1=0x5e9e3cd16670, p2=0x7ffc880779b0) at ../bgpd/bgp_attr.c:921 FRRouting#9 0x000075709222bd93 in hash_get (hash=0x5e9e3d1a3d70, data=data@entry=0x7ffc880779b0, alloc_func=alloc_func@entry=0x5e9e114e78a0 <bgp_attr_hash_alloc>) at ../lib/hash.c:142 FRRouting#10 0x00005e9e114e89f4 in bgp_attr_intern (attr=attr@entry=0x7ffc880779b0) at ../bgpd/bgp_attr.c:1134 FRRouting#11 0x00005e9e11621443 in bgp_advertise_attr_intern (hash=0x5e9e3d45bdc0, attr=attr@entry=0x7ffc880779b0) at ../bgpd/bgp_advertise.c:106 FRRouting#12 0x00005e9e1159317d in bgp_adj_out_set_subgroup (dest=dest@entry=0x5e9e3d45ca50, subgrp=subgrp@entry=0x5e9e3d45bcc0, attr=attr@entry=0x7ffc880779b0, path=path@entry=0x5e9e3d465010) at ../bgpd/bgp_updgrp_adv.c:618 FRRouting#13 0x00005e9e115666f1 in subgroup_process_announce_selected (subgrp=subgrp@entry=0x5e9e3d45bcc0, selected=<optimized out>, dest=0x5e9e3d45ca50, afi=afi@entry=AFI_L2VPN, safi=safi@entry=SAFI_EVPN, addpath_tx_id=0) at ../bgpd/bgp_route.c:3362 FRRouting#14 0x00005e9e11592a1f in group_announce_route_walkcb (updgrp=<optimized out>, arg=<optimized out>) at ../bgpd/bgp_updgrp_adv.c:260 FRRouting#15 0x000075709222c21a in hash_walk (hash=0x5e9e3d4390e0, func=func@entry=0x5e9e1158e3e0 <update_group_walkcb>, arg=arg@entry=0x7ffc88077be0) at ../lib/hash.c:270 FRRouting#16 0x00005e9e11591c77 in update_group_af_walk (bgp=bgp@entry=0x5e9e3d426eb0, afi=<optimized out>, safi=<optimized out>, cb=cb@entry=0x5e9e11592960 <group_announce_route_walkcb>, ctx=ctx@entry=0x7ffc88077c70) at ../bgpd/bgp_updgrp.c:2074 FRRouting#17 0x00005e9e115943e9 in group_announce_route (bgp=bgp@entry=0x5e9e3d426eb0, afi=afi@entry=AFI_L2VPN, safi=safi@entry=SAFI_EVPN, dest=dest@entry=0x5e9e3d45ca50, pi=pi@entry=0x5e9e3d465010) at ../bgpd/bgp_updgrp_adv.c:1119 FRRouting#18 0x00005e9e11562789 in bgp_process_main_one (bgp=bgp@entry=0x5e9e3d426eb0, dest=dest@entry=0x5e9e3d45ca50, afi=AFI_L2VPN, safi=SAFI_EVPN) at ../bgpd/bgp_route.c:3889 FRRouting#19 0x00005e9e11563088 in bgp_process_wq (wq=<optimized out>, data=0x5e9e3d467310) at ../bgpd/bgp_route.c:4015 FRRouting#20 0x000075709229eaa3 in work_queue_run (thread=0x7ffc88077ec0) at ../lib/workqueue.c:282 FRRouting#21 0x0000757092291d71 in event_call (thread=thread@entry=0x7ffc88077ec0) at ../lib/event.c:1996 FRRouting#22 0x000075709223a590 in frr_run (master=0x5e9e3cce2f10) at ../lib/libfrr.c:1232 FRRouting#23 0x00005e9e114e488e in main (argc=<optimized out>, argv=0x7ffc88078178) at ../bgpd/bgp_main.c:555 Indeed, the prefixes are complete garbage: (gdb) up FRRouting#7 0x00005e9e114e854b in overlay_index_same (a2=0x7ffc880779b0, a1=0x5e9e3cd16670) at ../bgpd/bgp_attr.h:632 (gdb) p/x a2->evpn_overlay->gw_ip $2 = {ipa_type = 0x20, ip = {addr = 0x0, addrbytes = {0x0, 0x0, 0x0, 0x0, 0x41, 0xd4, 0xe3, 0xe9, 0x5, 0x0, 0x0, 0x0, 0xed, 0x46, 0xb2, 0x24}, _v4_addr = {s_addr = 0x0}, _v6_addr = {__in6_u = {__u6_addr8 = {0x0, 0x0, 0x0, 0x0, 0x41, 0xd4, 0xe3, 0xe9, 0x5, 0x0, 0x0, 0x0, 0xed, 0x46, 0xb2, 0x24}, __u6_addr16 = {0x0, 0x0, 0xd441, 0xe9e3, 0x5, 0x0, 0x46ed, 0x24b2}, __u6_addr32 = {0x0, 0xe9e3d441, 0x5, 0x24b246ed}}}}} Fixes: 4ace11d ("bgpd: Move evpn_overlay to a pointer") Signed-off-by: Tuetuopay <tuetuopay@me.com>

Seen with bfd_vrf_topo1 on Ubuntu 22.04 hwe. > ==616172==ERROR: AddressSanitizer: heap-use-after-free on address 0x6160000ae3a4 at pc 0x556cdc178d8f bp 0x7ffe4f41ace0 sp 0x7ffe4f41acd0 > READ of size 4 at 0x6160000ae3a4 thread T0 > #0 0x556cdc178d8e in ctx_info_from_zns zebra/zebra_dplane.c:3394 > #1 0x556cdc178f55 in dplane_ctx_ns_init zebra/zebra_dplane.c:3410 > #2 0x556cdc17b829 in dplane_ctx_nexthop_init zebra/zebra_dplane.c:3759 > #3 0x556cdc18095f in dplane_nexthop_update_internal zebra/zebra_dplane.c:4566 > FRRouting#4 0x556cdc1813f1 in dplane_nexthop_delete zebra/zebra_dplane.c:4793 > FRRouting#5 0x556cdc229234 in zebra_nhg_uninstall_kernel zebra/zebra_nhg.c:3484 > FRRouting#6 0x556cdc21f8fe in zebra_nhg_decrement_ref zebra/zebra_nhg.c:1804 > FRRouting#7 0x556cdc24b05a in route_entry_update_nhe zebra/zebra_rib.c:456 > FRRouting#8 0x556cdc255083 in rib_re_nhg_free zebra/zebra_rib.c:2633 > FRRouting#9 0x556cdc25e3bb in rib_unlink zebra/zebra_rib.c:4049 > FRRouting#10 0x556cdc24c9b0 in zebra_rtable_node_cleanup zebra/zebra_rib.c:903 > FRRouting#11 0x7fb25c173144 in route_node_free lib/table.c:75 > FRRouting#12 0x7fb25c17337f in route_table_free lib/table.c:111 > FRRouting#13 0x7fb25c172fe4 in route_table_finish lib/table.c:46 > FRRouting#14 0x556cdc266f62 in zebra_router_free_table zebra/zebra_router.c:191 > FRRouting#15 0x556cdc2673ef in zebra_router_terminate zebra/zebra_router.c:243 > FRRouting#16 0x556cdc10638b in zebra_finalize zebra/main.c:240 > FRRouting#17 0x7fb25c18e012 in event_call lib/event.c:2019 > FRRouting#18 0x7fb25c04afc6 in frr_run lib/libfrr.c:1247 > FRRouting#19 0x556cdc106deb in main zebra/main.c:543 > FRRouting#20 0x7fb25ba29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > FRRouting#21 0x7fb25ba29e3f in __libc_start_main_impl ../csu/libc-start.c:392 > FRRouting#22 0x556cdc0c7ed4 in _start (/usr/lib/frr/zebra+0x192ed4) > > 0x6160000ae3a4 is located 36 bytes inside of 592-byte region [0x6160000ae380,0x6160000ae5d0) > freed by thread T0 here: > #0 0x7fb25c6b4537 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 > #1 0x7fb25c0790e3 in qfree lib/memory.c:131 > #2 0x556cdc22d9c9 in zebra_ns_delete zebra/zebra_ns.c:261 > #3 0x7fb25c0ac400 in ns_delete lib/netns_linux.c:319 > FRRouting#4 0x556cdc28026a in zebra_vrf_delete zebra/zebra_vrf.c:343 > FRRouting#5 0x7fb25c197443 in vrf_delete lib/vrf.c:282 > FRRouting#6 0x7fb25c1987e8 in vrf_terminate_single lib/vrf.c:601 > FRRouting#7 0x7fb25c197a7a in vrf_iterate lib/vrf.c:394 > FRRouting#8 0x7fb25c198834 in vrf_terminate lib/vrf.c:609 > FRRouting#9 0x556cdc106345 in zebra_finalize zebra/main.c:223 > FRRouting#10 0x7fb25c18e012 in event_call lib/event.c:2019 > FRRouting#11 0x7fb25c04afc6 in frr_run lib/libfrr.c:1247 > FRRouting#12 0x556cdc106deb in main zebra/main.c:543 > FRRouting#13 0x7fb25ba29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > > previously allocated by thread T0 here: > #0 0x7fb25c6b4a57 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154 > #1 0x7fb25c078f91 in qcalloc lib/memory.c:106 > #2 0x556cdc22d6a1 in zebra_ns_new zebra/zebra_ns.c:231 > #3 0x556cdc22e30b in zebra_ns_init zebra/zebra_ns.c:429 > FRRouting#4 0x556cdc106cec in main zebra/main.c:480 > FRRouting#5 0x7fb25ba29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > > SUMMARY: AddressSanitizer: heap-use-after-free zebra/zebra_dplane.c:3394 in ctx_info_from_zns Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

Seen with bfd_vrf_topo1 on Ubuntu 22.04 hwe. Do not call ns_delete() from zebra_vrf_delete(), which calls zebra_ns_delete(). - If a netns is removed from the system, vrf_delete()->zebra_vrf_delete() is called before calling ns_delete() (see zebra_ns_notify.c). - If zebra is terminating, zebra_ns_final_shutdown() will call zebra_vrf_delete(). > ==616172==ERROR: AddressSanitizer: heap-use-after-free on address 0x6160000ae3a4 at pc 0x556cdc178d8f bp 0x7ffe4f41ace0 sp 0x7ffe4f41acd0 > READ of size 4 at 0x6160000ae3a4 thread T0 > #0 0x556cdc178d8e in ctx_info_from_zns zebra/zebra_dplane.c:3394 > #1 0x556cdc178f55 in dplane_ctx_ns_init zebra/zebra_dplane.c:3410 > #2 0x556cdc17b829 in dplane_ctx_nexthop_init zebra/zebra_dplane.c:3759 > #3 0x556cdc18095f in dplane_nexthop_update_internal zebra/zebra_dplane.c:4566 > FRRouting#4 0x556cdc1813f1 in dplane_nexthop_delete zebra/zebra_dplane.c:4793 > FRRouting#5 0x556cdc229234 in zebra_nhg_uninstall_kernel zebra/zebra_nhg.c:3484 > FRRouting#6 0x556cdc21f8fe in zebra_nhg_decrement_ref zebra/zebra_nhg.c:1804 > FRRouting#7 0x556cdc24b05a in route_entry_update_nhe zebra/zebra_rib.c:456 > FRRouting#8 0x556cdc255083 in rib_re_nhg_free zebra/zebra_rib.c:2633 > FRRouting#9 0x556cdc25e3bb in rib_unlink zebra/zebra_rib.c:4049 > FRRouting#10 0x556cdc24c9b0 in zebra_rtable_node_cleanup zebra/zebra_rib.c:903 > FRRouting#11 0x7fb25c173144 in route_node_free lib/table.c:75 > FRRouting#12 0x7fb25c17337f in route_table_free lib/table.c:111 > FRRouting#13 0x7fb25c172fe4 in route_table_finish lib/table.c:46 > FRRouting#14 0x556cdc266f62 in zebra_router_free_table zebra/zebra_router.c:191 > FRRouting#15 0x556cdc2673ef in zebra_router_terminate zebra/zebra_router.c:243 > FRRouting#16 0x556cdc10638b in zebra_finalize zebra/main.c:240 > FRRouting#17 0x7fb25c18e012 in event_call lib/event.c:2019 > FRRouting#18 0x7fb25c04afc6 in frr_run lib/libfrr.c:1247 > FRRouting#19 0x556cdc106deb in main zebra/main.c:543 > FRRouting#20 0x7fb25ba29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > FRRouting#21 0x7fb25ba29e3f in __libc_start_main_impl ../csu/libc-start.c:392 > FRRouting#22 0x556cdc0c7ed4 in _start (/usr/lib/frr/zebra+0x192ed4) > > 0x6160000ae3a4 is located 36 bytes inside of 592-byte region [0x6160000ae380,0x6160000ae5d0) > freed by thread T0 here: > #0 0x7fb25c6b4537 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 > #1 0x7fb25c0790e3 in qfree lib/memory.c:131 > #2 0x556cdc22d9c9 in zebra_ns_delete zebra/zebra_ns.c:261 > #3 0x7fb25c0ac400 in ns_delete lib/netns_linux.c:319 > FRRouting#4 0x556cdc28026a in zebra_vrf_delete zebra/zebra_vrf.c:343 > FRRouting#5 0x7fb25c197443 in vrf_delete lib/vrf.c:282 > FRRouting#6 0x7fb25c1987e8 in vrf_terminate_single lib/vrf.c:601 > FRRouting#7 0x7fb25c197a7a in vrf_iterate lib/vrf.c:394 > FRRouting#8 0x7fb25c198834 in vrf_terminate lib/vrf.c:609 > FRRouting#9 0x556cdc106345 in zebra_finalize zebra/main.c:223 > FRRouting#10 0x7fb25c18e012 in event_call lib/event.c:2019 > FRRouting#11 0x7fb25c04afc6 in frr_run lib/libfrr.c:1247 > FRRouting#12 0x556cdc106deb in main zebra/main.c:543 > FRRouting#13 0x7fb25ba29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > > previously allocated by thread T0 here: > #0 0x7fb25c6b4a57 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154 > #1 0x7fb25c078f91 in qcalloc lib/memory.c:106 > #2 0x556cdc22d6a1 in zebra_ns_new zebra/zebra_ns.c:231 > #3 0x556cdc22e30b in zebra_ns_init zebra/zebra_ns.c:429 > FRRouting#4 0x556cdc106cec in main zebra/main.c:480 > FRRouting#5 0x7fb25ba29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > > SUMMARY: AddressSanitizer: heap-use-after-free zebra/zebra_dplane.c:3394 in ctx_info_from_zns Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

Seen with bfd_vrf_topo1, and bgp_evpn_rt5 on Ubuntu 22.04 hwe. Do not call ns_delete() from zebra_vrf_delete(), which calls zebra_ns_delete(). - If a netns is removed from the system, vrf_delete()->zebra_vrf_delete() is called before calling ns_delete() (see zebra_ns_notify.c). - If zebra is terminating, zebra_ns_final_shutdown() will call zebra_vrf_delete(). > ==616172==ERROR: AddressSanitizer: heap-use-after-free on address 0x6160000ae3a4 at pc 0x556cdc178d8f bp 0x7ffe4f41ace0 sp 0x7ffe4f41acd0 > READ of size 4 at 0x6160000ae3a4 thread T0 > #0 0x556cdc178d8e in ctx_info_from_zns zebra/zebra_dplane.c:3394 > FRRouting#1 0x556cdc178f55 in dplane_ctx_ns_init zebra/zebra_dplane.c:3410 > FRRouting#2 0x556cdc17b829 in dplane_ctx_nexthop_init zebra/zebra_dplane.c:3759 > FRRouting#3 0x556cdc18095f in dplane_nexthop_update_internal zebra/zebra_dplane.c:4566 > FRRouting#4 0x556cdc1813f1 in dplane_nexthop_delete zebra/zebra_dplane.c:4793 > FRRouting#5 0x556cdc229234 in zebra_nhg_uninstall_kernel zebra/zebra_nhg.c:3484 > FRRouting#6 0x556cdc21f8fe in zebra_nhg_decrement_ref zebra/zebra_nhg.c:1804 > FRRouting#7 0x556cdc24b05a in route_entry_update_nhe zebra/zebra_rib.c:456 > FRRouting#8 0x556cdc255083 in rib_re_nhg_free zebra/zebra_rib.c:2633 > FRRouting#9 0x556cdc25e3bb in rib_unlink zebra/zebra_rib.c:4049 > FRRouting#10 0x556cdc24c9b0 in zebra_rtable_node_cleanup zebra/zebra_rib.c:903 > FRRouting#11 0x7fb25c173144 in route_node_free lib/table.c:75 > FRRouting#12 0x7fb25c17337f in route_table_free lib/table.c:111 > FRRouting#13 0x7fb25c172fe4 in route_table_finish lib/table.c:46 > FRRouting#14 0x556cdc266f62 in zebra_router_free_table zebra/zebra_router.c:191 > FRRouting#15 0x556cdc2673ef in zebra_router_terminate zebra/zebra_router.c:243 > FRRouting#16 0x556cdc10638b in zebra_finalize zebra/main.c:240 > FRRouting#17 0x7fb25c18e012 in event_call lib/event.c:2019 > FRRouting#18 0x7fb25c04afc6 in frr_run lib/libfrr.c:1247 > FRRouting#19 0x556cdc106deb in main zebra/main.c:543 > FRRouting#20 0x7fb25ba29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > FRRouting#21 0x7fb25ba29e3f in __libc_start_main_impl ../csu/libc-start.c:392 > FRRouting#22 0x556cdc0c7ed4 in _start (/usr/lib/frr/zebra+0x192ed4) > > 0x6160000ae3a4 is located 36 bytes inside of 592-byte region [0x6160000ae380,0x6160000ae5d0) > freed by thread T0 here: > #0 0x7fb25c6b4537 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 > FRRouting#1 0x7fb25c0790e3 in qfree lib/memory.c:131 > FRRouting#2 0x556cdc22d9c9 in zebra_ns_delete zebra/zebra_ns.c:261 > FRRouting#3 0x7fb25c0ac400 in ns_delete lib/netns_linux.c:319 > FRRouting#4 0x556cdc28026a in zebra_vrf_delete zebra/zebra_vrf.c:343 > FRRouting#5 0x7fb25c197443 in vrf_delete lib/vrf.c:282 > FRRouting#6 0x7fb25c1987e8 in vrf_terminate_single lib/vrf.c:601 > FRRouting#7 0x7fb25c197a7a in vrf_iterate lib/vrf.c:394 > FRRouting#8 0x7fb25c198834 in vrf_terminate lib/vrf.c:609 > FRRouting#9 0x556cdc106345 in zebra_finalize zebra/main.c:223 > FRRouting#10 0x7fb25c18e012 in event_call lib/event.c:2019 > FRRouting#11 0x7fb25c04afc6 in frr_run lib/libfrr.c:1247 > FRRouting#12 0x556cdc106deb in main zebra/main.c:543 > FRRouting#13 0x7fb25ba29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > > previously allocated by thread T0 here: > #0 0x7fb25c6b4a57 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154 > FRRouting#1 0x7fb25c078f91 in qcalloc lib/memory.c:106 > FRRouting#2 0x556cdc22d6a1 in zebra_ns_new zebra/zebra_ns.c:231 > FRRouting#3 0x556cdc22e30b in zebra_ns_init zebra/zebra_ns.c:429 > FRRouting#4 0x556cdc106cec in main zebra/main.c:480 > FRRouting#5 0x7fb25ba29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > > SUMMARY: AddressSanitizer: heap-use-after-free zebra/zebra_dplane.c:3394 in ctx_info_from_zns Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com> Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>

…ospf-vrf-all support for ospf vrf all

Seen with bfd_vrf_topo1, and bgp_evpn_rt5 on Ubuntu 22.04 hwe. Do not call ns_delete() from zebra_vrf_delete(), which calls zebra_ns_delete(). - If a netns is removed from the system, vrf_delete()->zebra_vrf_delete() is called before calling ns_delete() (see zebra_ns_notify.c). - If zebra is terminating, zebra_ns_final_shutdown() will call zebra_vrf_delete(). > ==616172==ERROR: AddressSanitizer: heap-use-after-free on address 0x6160000ae3a4 at pc 0x556cdc178d8f bp 0x7ffe4f41ace0 sp 0x7ffe4f41acd0 > READ of size 4 at 0x6160000ae3a4 thread T0 > #0 0x556cdc178d8e in ctx_info_from_zns zebra/zebra_dplane.c:3394 > FRRouting#1 0x556cdc178f55 in dplane_ctx_ns_init zebra/zebra_dplane.c:3410 > FRRouting#2 0x556cdc17b829 in dplane_ctx_nexthop_init zebra/zebra_dplane.c:3759 > FRRouting#3 0x556cdc18095f in dplane_nexthop_update_internal zebra/zebra_dplane.c:4566 > FRRouting#4 0x556cdc1813f1 in dplane_nexthop_delete zebra/zebra_dplane.c:4793 > FRRouting#5 0x556cdc229234 in zebra_nhg_uninstall_kernel zebra/zebra_nhg.c:3484 > FRRouting#6 0x556cdc21f8fe in zebra_nhg_decrement_ref zebra/zebra_nhg.c:1804 > FRRouting#7 0x556cdc24b05a in route_entry_update_nhe zebra/zebra_rib.c:456 > FRRouting#8 0x556cdc255083 in rib_re_nhg_free zebra/zebra_rib.c:2633 > FRRouting#9 0x556cdc25e3bb in rib_unlink zebra/zebra_rib.c:4049 > FRRouting#10 0x556cdc24c9b0 in zebra_rtable_node_cleanup zebra/zebra_rib.c:903 > FRRouting#11 0x7fb25c173144 in route_node_free lib/table.c:75 > FRRouting#12 0x7fb25c17337f in route_table_free lib/table.c:111 > FRRouting#13 0x7fb25c172fe4 in route_table_finish lib/table.c:46 > FRRouting#14 0x556cdc266f62 in zebra_router_free_table zebra/zebra_router.c:191 > FRRouting#15 0x556cdc2673ef in zebra_router_terminate zebra/zebra_router.c:243 > FRRouting#16 0x556cdc10638b in zebra_finalize zebra/main.c:240 > FRRouting#17 0x7fb25c18e012 in event_call lib/event.c:2019 > FRRouting#18 0x7fb25c04afc6 in frr_run lib/libfrr.c:1247 > FRRouting#19 0x556cdc106deb in main zebra/main.c:543 > FRRouting#20 0x7fb25ba29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > FRRouting#21 0x7fb25ba29e3f in __libc_start_main_impl ../csu/libc-start.c:392 > FRRouting#22 0x556cdc0c7ed4 in _start (/usr/lib/frr/zebra+0x192ed4) > > 0x6160000ae3a4 is located 36 bytes inside of 592-byte region [0x6160000ae380,0x6160000ae5d0) > freed by thread T0 here: > #0 0x7fb25c6b4537 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 > FRRouting#1 0x7fb25c0790e3 in qfree lib/memory.c:131 > FRRouting#2 0x556cdc22d9c9 in zebra_ns_delete zebra/zebra_ns.c:261 > FRRouting#3 0x7fb25c0ac400 in ns_delete lib/netns_linux.c:319 > FRRouting#4 0x556cdc28026a in zebra_vrf_delete zebra/zebra_vrf.c:343 > FRRouting#5 0x7fb25c197443 in vrf_delete lib/vrf.c:282 > FRRouting#6 0x7fb25c1987e8 in vrf_terminate_single lib/vrf.c:601 > FRRouting#7 0x7fb25c197a7a in vrf_iterate lib/vrf.c:394 > FRRouting#8 0x7fb25c198834 in vrf_terminate lib/vrf.c:609 > FRRouting#9 0x556cdc106345 in zebra_finalize zebra/main.c:223 > FRRouting#10 0x7fb25c18e012 in event_call lib/event.c:2019 > FRRouting#11 0x7fb25c04afc6 in frr_run lib/libfrr.c:1247 > FRRouting#12 0x556cdc106deb in main zebra/main.c:543 > FRRouting#13 0x7fb25ba29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > > previously allocated by thread T0 here: > #0 0x7fb25c6b4a57 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154 > FRRouting#1 0x7fb25c078f91 in qcalloc lib/memory.c:106 > FRRouting#2 0x556cdc22d6a1 in zebra_ns_new zebra/zebra_ns.c:231 > FRRouting#3 0x556cdc22e30b in zebra_ns_init zebra/zebra_ns.c:429 > FRRouting#4 0x556cdc106cec in main zebra/main.c:480 > FRRouting#5 0x7fb25ba29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > > SUMMARY: AddressSanitizer: heap-use-after-free zebra/zebra_dplane.c:3394 in ctx_info_from_zns Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com> Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>

lib: fix crash when tab-completing do ... commands

55d403c

Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>

qlyoung requested a review from rwestphal December 19, 2016 11:16

rwestphal approved these changes Dec 19, 2016

View reviewed changes

qlyoung merged commit 9613309 into FRRouting:master Dec 19, 2016

qlyoung deleted the fix-do-tab branch December 19, 2016 22:35

mdash-vmware mentioned this pull request Oct 8, 2018

BGPd crashed on 2 routers while running Topotest "test_bgp_l3vpn_to_bgp_vrf.py" #3144

Closed

GalaxyGorilla added a commit to GalaxyGorilla/frr that referenced this pull request Jun 30, 2020

Merge pull request FRRouting#22 from opensourcerouting/pathd-pcep-reb…

f239f31

…ase-new-cli New PCEP CLI changes for 20.3 release

gpnaveen mentioned this pull request Jan 21, 2021

[FRR OSPFv2] OSPFd Coredump seen at ospf_ls_upd_send in ASBR summarisation topotest is executed (Pull Req : 7096) #7895

Closed

wangshengjun mentioned this pull request Nov 12, 2021

zebra: add the parameter check to avoid zebra crash issue which cause… #10041

Closed

gpnaveen pushed a commit to gpnaveen/frr that referenced this pull request May 31, 2022

Merge pull request FRRouting#22 from Jafaral/frr8.1

1e56eea

qing8717 mentioned this pull request Mar 18, 2023

yang: In some special configure，the command [show yang operational-data /frr-vrf:lib zebra] leads to segmentfault error #13029

Closed

louis-6wind mentioned this pull request Jun 28, 2024

pimd: fix crash on non-existent interface #16309

Merged

abdosi mentioned this pull request Jan 29, 2025

staticd generating core sometime #17960

Closed

2 tasks

StormLiangMS mentioned this pull request Mar 29, 2025

[10.0.1] multi sessions corruption with mgmtd during bootup stage. #18541

Closed

2 tasks

louis-6wind mentioned this pull request Apr 11, 2025

zebra: fix heap-after-free on shutdown in netns mode #18643

Open

jpetersonssr added a commit to jpetersonssr/frr that referenced this pull request Jul 24, 2025

Merge pull request FRRouting#22 from Juniper-SSN/jpeterson/I95-51732-…

0d24c89

…ospf-vrf-all support for ospf vrf all

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

lib: fix crash when tab-completing `do ...` commands #22

lib: fix crash when tab-completing `do ...` commands #22

Uh oh!

qlyoung commented Dec 19, 2016

Uh oh!

rwestphal left a comment

Uh oh!

Uh oh!

lib: fix crash when tab-completing do ... commands #22

lib: fix crash when tab-completing do ... commands #22

Uh oh!

Conversation

qlyoung commented Dec 19, 2016

Uh oh!

rwestphal left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

lib: fix crash when tab-completing `do ...` commands #22

lib: fix crash when tab-completing `do ...` commands #22