Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Conditional jump or move depends on uninitialised value(s) #23

Closed
qlyoung opened this issue Dec 19, 2016 · 0 comments
Closed

Conditional jump or move depends on uninitialised value(s) #23

qlyoung opened this issue Dec 19, 2016 · 0 comments

Comments

@qlyoung
Copy link
Member

qlyoung commented Dec 19, 2016

Just a small valgrind nit here.

==18558== Conditional jump or move depends on uninitialised value(s)
==18558==    at 0x4E5C1AB: command_match_r (command_match.c:214)
==18558==    by 0x4E5BFB8: command_match (command_match.c:115)
==18558==    by 0x4E5F49A: cmd_execute_command_real (command.c:794)
==18558==    by 0x4E5F7E4: cmd_execute_command_strict (command.c:922)
==18558==    by 0x4E5F835: command_config_read_one_line (command.c:951)
==18558==    by 0x40570B: vtysh_config_from_file (vtysh.c:661)
==18558==    by 0x40A6EA: vtysh_read_file (vtysh_config.c:373)
==18558==    by 0x40A783: vtysh_read_config (vtysh_config.c:398)
==18558==    by 0x403EED: main (vtysh_main.c:371)
==18558==
==18558== Conditional jump or move depends on uninitialised value(s)
==18558==    at 0x4E5C1AB: command_match_r (command_match.c:214)
==18558==    by 0x4E5C357: command_match_r (command_match.c:293)
==18558==    by 0x4E5C357: command_match_r (command_match.c:293)
==18558==    by 0x4E5C357: command_match_r (command_match.c:293)
==18558==    by 0x4E5BFB8: command_match (command_match.c:115)
==18558==    by 0x4E5F49A: cmd_execute_command_real (command.c:794)
==18558==    by 0x4E5F7E4: cmd_execute_command_strict (command.c:922)
==18558==    by 0x4E5F835: command_config_read_one_line (command.c:951)
==18558==    by 0x40570B: vtysh_config_from_file (vtysh.c:661)
==18558==    by 0x40A6EA: vtysh_read_file (vtysh_config.c:373)
==18558==    by 0x40A783: vtysh_read_config (vtysh_config.c:398)
==18558==    by 0x403EED: main (vtysh_main.c:371)
==18558==
cfra referenced this issue in opensourcerouting/frr Nov 29, 2018
ldp-topo1: Use 'label implicit-null' for implicit labels
ranjanyash54 pushed a commit to ranjanyash54/frr that referenced this issue Aug 25, 2021
…etail

cmgd: fix show adapter details cmd help string.
Keelan10 added a commit to Keelan10/frr that referenced this issue Jun 26, 2023
This commit ensures proper cleanup by deleting the gm_join_list when a PIM interface is deleted. The gm_join_list was previously not being freed, causing a memory leak.

The ASan leak log for reference:
```
***********************************************************************************
Address Sanitizer Error detected in multicast_mld_join_topo1.test_multicast_mld_local_join/r1.asan.pim6d.28070

=================================================================
==28070==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 40 byte(s) in 1 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105
    FRRouting#2 0x56230372180f in list_new lib/linklist.c:49
    FRRouting#3 0x56230361b589 in pim_if_gm_join_add pimd/pim_iface.c:1313
    FRRouting#4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    FRRouting#5 0x562303767280 in nb_callback_create lib/northbound.c:1235
    FRRouting#6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    FRRouting#7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    FRRouting#8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    FRRouting#9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    FRRouting#10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    FRRouting#11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    FRRouting#12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    FRRouting#13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053
    FRRouting#14 0x5623036c6392 in cmd_execute lib/command.c:1221
    FRRouting#15 0x5623037e75da in vty_command lib/vty.c:591
    FRRouting#16 0x5623037e7a74 in vty_execute lib/vty.c:1354
    FRRouting#17 0x5623037f0253 in vtysh_read lib/vty.c:2362
    FRRouting#18 0x5623037db4e8 in event_call lib/event.c:1995
    FRRouting#19 0x562303720f97 in frr_run lib/libfrr.c:1213
    FRRouting#20 0x56230368615d in main pimd/pim6_main.c:184
    FRRouting#21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 192 byte(s) in 4 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105
    FRRouting#2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288
    FRRouting#3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326
    FRRouting#4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    FRRouting#5 0x562303767280 in nb_callback_create lib/northbound.c:1235
    FRRouting#6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    FRRouting#7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    FRRouting#8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    FRRouting#9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    FRRouting#10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    FRRouting#11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    FRRouting#12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    FRRouting#13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053
    FRRouting#14 0x5623036c6392 in cmd_execute lib/command.c:1221
    FRRouting#15 0x5623037e75da in vty_command lib/vty.c:591
    FRRouting#16 0x5623037e7a74 in vty_execute lib/vty.c:1354
    FRRouting#17 0x5623037f0253 in vtysh_read lib/vty.c:2362
    FRRouting#18 0x5623037db4e8 in event_call lib/event.c:1995
    FRRouting#19 0x562303720f97 in frr_run lib/libfrr.c:1213
    FRRouting#20 0x56230368615d in main pimd/pim6_main.c:184
    FRRouting#21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 96 byte(s) in 4 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105
    FRRouting#2 0x562303721651 in listnode_new lib/linklist.c:71
    FRRouting#3 0x56230372182b in listnode_add lib/linklist.c:92
    FRRouting#4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295
    FRRouting#5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326
    FRRouting#6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    FRRouting#7 0x562303767280 in nb_callback_create lib/northbound.c:1235
    FRRouting#8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    FRRouting#9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    FRRouting#10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    FRRouting#11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    FRRouting#12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    FRRouting#13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    FRRouting#14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    FRRouting#15 0x5623036c5f1b in cmd_execute_command lib/command.c:1053
    FRRouting#16 0x5623036c6392 in cmd_execute lib/command.c:1221
    FRRouting#17 0x5623037e75da in vty_command lib/vty.c:591
    FRRouting#18 0x5623037e7a74 in vty_execute lib/vty.c:1354
    FRRouting#19 0x5623037f0253 in vtysh_read lib/vty.c:2362
    FRRouting#20 0x5623037db4e8 in event_call lib/event.c:1995
    FRRouting#21 0x562303720f97 in frr_run lib/libfrr.c:1213
    FRRouting#22 0x56230368615d in main pimd/pim6_main.c:184
    FRRouting#23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105
    FRRouting#2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288
    FRRouting#3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326
    FRRouting#4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    FRRouting#5 0x562303767280 in nb_callback_create lib/northbound.c:1235
    FRRouting#6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    FRRouting#7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    FRRouting#8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    FRRouting#9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    FRRouting#10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    FRRouting#11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    FRRouting#12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    FRRouting#13 0x5623036c5f6f in cmd_execute_command lib/command.c:1072
    FRRouting#14 0x5623036c6392 in cmd_execute lib/command.c:1221
    FRRouting#15 0x5623037e75da in vty_command lib/vty.c:591
    FRRouting#16 0x5623037e7a74 in vty_execute lib/vty.c:1354
    FRRouting#17 0x5623037f0253 in vtysh_read lib/vty.c:2362
    FRRouting#18 0x5623037db4e8 in event_call lib/event.c:1995
    FRRouting#19 0x562303720f97 in frr_run lib/libfrr.c:1213
    FRRouting#20 0x56230368615d in main pimd/pim6_main.c:184
    FRRouting#21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105
    FRRouting#2 0x562303721651 in listnode_new lib/linklist.c:71
    FRRouting#3 0x56230372182b in listnode_add lib/linklist.c:92
    FRRouting#4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295
    FRRouting#5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326
    FRRouting#6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    FRRouting#7 0x562303767280 in nb_callback_create lib/northbound.c:1235
    FRRouting#8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    FRRouting#9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    FRRouting#10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    FRRouting#11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    FRRouting#12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    FRRouting#13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    FRRouting#14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    FRRouting#15 0x5623036c5f6f in cmd_execute_command lib/command.c:1072
    FRRouting#16 0x5623036c6392 in cmd_execute lib/command.c:1221
    FRRouting#17 0x5623037e75da in vty_command lib/vty.c:591
    FRRouting#18 0x5623037e7a74 in vty_execute lib/vty.c:1354
    FRRouting#19 0x5623037f0253 in vtysh_read lib/vty.c:2362
    FRRouting#20 0x5623037db4e8 in event_call lib/event.c:1995
    FRRouting#21 0x562303720f97 in frr_run lib/libfrr.c:1213
    FRRouting#22 0x56230368615d in main pimd/pim6_main.c:184
    FRRouting#23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 400 byte(s) leaked in 11 allocation(s).
***********************************************************************************
```

Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
Keelan10 added a commit to Keelan10/frr that referenced this issue Jun 27, 2023
This commit ensures proper cleanup by deleting the gm_join_list when a PIM interface is deleted. The gm_join_list was previously not being freed, causing a memory leak.

The ASan leak log for reference:
```
***********************************************************************************
Address Sanitizer Error detected in multicast_mld_join_topo1.test_multicast_mld_local_join/r1.asan.pim6d.28070

=================================================================
==28070==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 40 byte(s) in 1 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105
    FRRouting#2 0x56230372180f in list_new lib/linklist.c:49
    FRRouting#3 0x56230361b589 in pim_if_gm_join_add pimd/pim_iface.c:1313
    FRRouting#4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    FRRouting#5 0x562303767280 in nb_callback_create lib/northbound.c:1235
    FRRouting#6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    FRRouting#7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    FRRouting#8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    FRRouting#9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    FRRouting#10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    FRRouting#11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    FRRouting#12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    FRRouting#13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053
    FRRouting#14 0x5623036c6392 in cmd_execute lib/command.c:1221
    FRRouting#15 0x5623037e75da in vty_command lib/vty.c:591
    FRRouting#16 0x5623037e7a74 in vty_execute lib/vty.c:1354
    FRRouting#17 0x5623037f0253 in vtysh_read lib/vty.c:2362
    FRRouting#18 0x5623037db4e8 in event_call lib/event.c:1995
    FRRouting#19 0x562303720f97 in frr_run lib/libfrr.c:1213
    FRRouting#20 0x56230368615d in main pimd/pim6_main.c:184
    FRRouting#21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 192 byte(s) in 4 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105
    FRRouting#2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288
    FRRouting#3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326
    FRRouting#4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    FRRouting#5 0x562303767280 in nb_callback_create lib/northbound.c:1235
    FRRouting#6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    FRRouting#7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    FRRouting#8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    FRRouting#9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    FRRouting#10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    FRRouting#11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    FRRouting#12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    FRRouting#13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053
    FRRouting#14 0x5623036c6392 in cmd_execute lib/command.c:1221
    FRRouting#15 0x5623037e75da in vty_command lib/vty.c:591
    FRRouting#16 0x5623037e7a74 in vty_execute lib/vty.c:1354
    FRRouting#17 0x5623037f0253 in vtysh_read lib/vty.c:2362
    FRRouting#18 0x5623037db4e8 in event_call lib/event.c:1995
    FRRouting#19 0x562303720f97 in frr_run lib/libfrr.c:1213
    FRRouting#20 0x56230368615d in main pimd/pim6_main.c:184
    FRRouting#21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 96 byte(s) in 4 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105
    FRRouting#2 0x562303721651 in listnode_new lib/linklist.c:71
    FRRouting#3 0x56230372182b in listnode_add lib/linklist.c:92
    FRRouting#4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295
    FRRouting#5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326
    FRRouting#6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    FRRouting#7 0x562303767280 in nb_callback_create lib/northbound.c:1235
    FRRouting#8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    FRRouting#9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    FRRouting#10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    FRRouting#11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    FRRouting#12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    FRRouting#13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    FRRouting#14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    FRRouting#15 0x5623036c5f1b in cmd_execute_command lib/command.c:1053
    FRRouting#16 0x5623036c6392 in cmd_execute lib/command.c:1221
    FRRouting#17 0x5623037e75da in vty_command lib/vty.c:591
    FRRouting#18 0x5623037e7a74 in vty_execute lib/vty.c:1354
    FRRouting#19 0x5623037f0253 in vtysh_read lib/vty.c:2362
    FRRouting#20 0x5623037db4e8 in event_call lib/event.c:1995
    FRRouting#21 0x562303720f97 in frr_run lib/libfrr.c:1213
    FRRouting#22 0x56230368615d in main pimd/pim6_main.c:184
    FRRouting#23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105
    FRRouting#2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288
    FRRouting#3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326
    FRRouting#4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    FRRouting#5 0x562303767280 in nb_callback_create lib/northbound.c:1235
    FRRouting#6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    FRRouting#7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    FRRouting#8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    FRRouting#9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    FRRouting#10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    FRRouting#11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    FRRouting#12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    FRRouting#13 0x5623036c5f6f in cmd_execute_command lib/command.c:1072
    FRRouting#14 0x5623036c6392 in cmd_execute lib/command.c:1221
    FRRouting#15 0x5623037e75da in vty_command lib/vty.c:591
    FRRouting#16 0x5623037e7a74 in vty_execute lib/vty.c:1354
    FRRouting#17 0x5623037f0253 in vtysh_read lib/vty.c:2362
    FRRouting#18 0x5623037db4e8 in event_call lib/event.c:1995
    FRRouting#19 0x562303720f97 in frr_run lib/libfrr.c:1213
    FRRouting#20 0x56230368615d in main pimd/pim6_main.c:184
    FRRouting#21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105
    FRRouting#2 0x562303721651 in listnode_new lib/linklist.c:71
    FRRouting#3 0x56230372182b in listnode_add lib/linklist.c:92
    FRRouting#4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295
    FRRouting#5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326
    FRRouting#6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    FRRouting#7 0x562303767280 in nb_callback_create lib/northbound.c:1235
    FRRouting#8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    FRRouting#9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    FRRouting#10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    FRRouting#11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    FRRouting#12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    FRRouting#13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    FRRouting#14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    FRRouting#15 0x5623036c5f6f in cmd_execute_command lib/command.c:1072
    FRRouting#16 0x5623036c6392 in cmd_execute lib/command.c:1221
    FRRouting#17 0x5623037e75da in vty_command lib/vty.c:591
    FRRouting#18 0x5623037e7a74 in vty_execute lib/vty.c:1354
    FRRouting#19 0x5623037f0253 in vtysh_read lib/vty.c:2362
    FRRouting#20 0x5623037db4e8 in event_call lib/event.c:1995
    FRRouting#21 0x562303720f97 in frr_run lib/libfrr.c:1213
    FRRouting#22 0x56230368615d in main pimd/pim6_main.c:184
    FRRouting#23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 400 byte(s) leaked in 11 allocation(s).
***********************************************************************************
```

Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
mergify bot pushed a commit that referenced this issue Jun 28, 2023
This commit ensures proper cleanup by deleting the gm_join_list when a PIM interface is deleted. The gm_join_list was previously not being freed, causing a memory leak.

The ASan leak log for reference:
```
***********************************************************************************
Address Sanitizer Error detected in multicast_mld_join_topo1.test_multicast_mld_local_join/r1.asan.pim6d.28070

=================================================================
==28070==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 40 byte(s) in 1 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x56230373dd6b in qcalloc lib/memory.c:105
    #2 0x56230372180f in list_new lib/linklist.c:49
    #3 0x56230361b589 in pim_if_gm_join_add pimd/pim_iface.c:1313
    #4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    #5 0x562303767280 in nb_callback_create lib/northbound.c:1235
    #6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    #7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    #8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    #9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    #10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    #11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    #12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    #13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053
    #14 0x5623036c6392 in cmd_execute lib/command.c:1221
    #15 0x5623037e75da in vty_command lib/vty.c:591
    #16 0x5623037e7a74 in vty_execute lib/vty.c:1354
    #17 0x5623037f0253 in vtysh_read lib/vty.c:2362
    #18 0x5623037db4e8 in event_call lib/event.c:1995
    #19 0x562303720f97 in frr_run lib/libfrr.c:1213
    #20 0x56230368615d in main pimd/pim6_main.c:184
    #21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 192 byte(s) in 4 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x56230373dd6b in qcalloc lib/memory.c:105
    #2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288
    #3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326
    #4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    #5 0x562303767280 in nb_callback_create lib/northbound.c:1235
    #6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    #7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    #8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    #9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    #10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    #11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    #12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    #13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053
    #14 0x5623036c6392 in cmd_execute lib/command.c:1221
    #15 0x5623037e75da in vty_command lib/vty.c:591
    #16 0x5623037e7a74 in vty_execute lib/vty.c:1354
    #17 0x5623037f0253 in vtysh_read lib/vty.c:2362
    #18 0x5623037db4e8 in event_call lib/event.c:1995
    #19 0x562303720f97 in frr_run lib/libfrr.c:1213
    #20 0x56230368615d in main pimd/pim6_main.c:184
    #21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 96 byte(s) in 4 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x56230373dd6b in qcalloc lib/memory.c:105
    #2 0x562303721651 in listnode_new lib/linklist.c:71
    #3 0x56230372182b in listnode_add lib/linklist.c:92
    #4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295
    #5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326
    #6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    #7 0x562303767280 in nb_callback_create lib/northbound.c:1235
    #8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    #9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    #10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    #11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    #12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    #13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    #14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    #15 0x5623036c5f1b in cmd_execute_command lib/command.c:1053
    #16 0x5623036c6392 in cmd_execute lib/command.c:1221
    #17 0x5623037e75da in vty_command lib/vty.c:591
    #18 0x5623037e7a74 in vty_execute lib/vty.c:1354
    #19 0x5623037f0253 in vtysh_read lib/vty.c:2362
    #20 0x5623037db4e8 in event_call lib/event.c:1995
    #21 0x562303720f97 in frr_run lib/libfrr.c:1213
    #22 0x56230368615d in main pimd/pim6_main.c:184
    #23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x56230373dd6b in qcalloc lib/memory.c:105
    #2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288
    #3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326
    #4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    #5 0x562303767280 in nb_callback_create lib/northbound.c:1235
    #6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    #7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    #8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    #9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    #10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    #11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    #12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    #13 0x5623036c5f6f in cmd_execute_command lib/command.c:1072
    #14 0x5623036c6392 in cmd_execute lib/command.c:1221
    #15 0x5623037e75da in vty_command lib/vty.c:591
    #16 0x5623037e7a74 in vty_execute lib/vty.c:1354
    #17 0x5623037f0253 in vtysh_read lib/vty.c:2362
    #18 0x5623037db4e8 in event_call lib/event.c:1995
    #19 0x562303720f97 in frr_run lib/libfrr.c:1213
    #20 0x56230368615d in main pimd/pim6_main.c:184
    #21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x56230373dd6b in qcalloc lib/memory.c:105
    #2 0x562303721651 in listnode_new lib/linklist.c:71
    #3 0x56230372182b in listnode_add lib/linklist.c:92
    #4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295
    #5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326
    #6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    #7 0x562303767280 in nb_callback_create lib/northbound.c:1235
    #8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    #9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    #10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    #11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    #12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    #13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    #14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    #15 0x5623036c5f6f in cmd_execute_command lib/command.c:1072
    #16 0x5623036c6392 in cmd_execute lib/command.c:1221
    #17 0x5623037e75da in vty_command lib/vty.c:591
    #18 0x5623037e7a74 in vty_execute lib/vty.c:1354
    #19 0x5623037f0253 in vtysh_read lib/vty.c:2362
    #20 0x5623037db4e8 in event_call lib/event.c:1995
    #21 0x562303720f97 in frr_run lib/libfrr.c:1213
    #22 0x56230368615d in main pimd/pim6_main.c:184
    #23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 400 byte(s) leaked in 11 allocation(s).
***********************************************************************************
```

Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
(cherry picked from commit 24379f0)
mergify bot pushed a commit that referenced this issue Jun 28, 2023
This commit ensures proper cleanup by deleting the gm_join_list when a PIM interface is deleted. The gm_join_list was previously not being freed, causing a memory leak.

The ASan leak log for reference:
```
***********************************************************************************
Address Sanitizer Error detected in multicast_mld_join_topo1.test_multicast_mld_local_join/r1.asan.pim6d.28070

=================================================================
==28070==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 40 byte(s) in 1 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x56230373dd6b in qcalloc lib/memory.c:105
    #2 0x56230372180f in list_new lib/linklist.c:49
    #3 0x56230361b589 in pim_if_gm_join_add pimd/pim_iface.c:1313
    #4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    #5 0x562303767280 in nb_callback_create lib/northbound.c:1235
    #6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    #7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    #8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    #9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    #10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    #11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    #12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    #13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053
    #14 0x5623036c6392 in cmd_execute lib/command.c:1221
    #15 0x5623037e75da in vty_command lib/vty.c:591
    #16 0x5623037e7a74 in vty_execute lib/vty.c:1354
    #17 0x5623037f0253 in vtysh_read lib/vty.c:2362
    #18 0x5623037db4e8 in event_call lib/event.c:1995
    #19 0x562303720f97 in frr_run lib/libfrr.c:1213
    #20 0x56230368615d in main pimd/pim6_main.c:184
    #21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 192 byte(s) in 4 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x56230373dd6b in qcalloc lib/memory.c:105
    #2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288
    #3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326
    #4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    #5 0x562303767280 in nb_callback_create lib/northbound.c:1235
    #6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    #7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    #8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    #9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    #10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    #11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    #12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    #13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053
    #14 0x5623036c6392 in cmd_execute lib/command.c:1221
    #15 0x5623037e75da in vty_command lib/vty.c:591
    #16 0x5623037e7a74 in vty_execute lib/vty.c:1354
    #17 0x5623037f0253 in vtysh_read lib/vty.c:2362
    #18 0x5623037db4e8 in event_call lib/event.c:1995
    #19 0x562303720f97 in frr_run lib/libfrr.c:1213
    #20 0x56230368615d in main pimd/pim6_main.c:184
    #21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 96 byte(s) in 4 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x56230373dd6b in qcalloc lib/memory.c:105
    #2 0x562303721651 in listnode_new lib/linklist.c:71
    #3 0x56230372182b in listnode_add lib/linklist.c:92
    #4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295
    #5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326
    #6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    #7 0x562303767280 in nb_callback_create lib/northbound.c:1235
    #8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    #9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    #10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    #11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    #12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    #13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    #14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    #15 0x5623036c5f1b in cmd_execute_command lib/command.c:1053
    #16 0x5623036c6392 in cmd_execute lib/command.c:1221
    #17 0x5623037e75da in vty_command lib/vty.c:591
    #18 0x5623037e7a74 in vty_execute lib/vty.c:1354
    #19 0x5623037f0253 in vtysh_read lib/vty.c:2362
    #20 0x5623037db4e8 in event_call lib/event.c:1995
    #21 0x562303720f97 in frr_run lib/libfrr.c:1213
    #22 0x56230368615d in main pimd/pim6_main.c:184
    #23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x56230373dd6b in qcalloc lib/memory.c:105
    #2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288
    #3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326
    #4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    #5 0x562303767280 in nb_callback_create lib/northbound.c:1235
    #6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    #7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    #8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    #9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    #10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    #11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    #12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    #13 0x5623036c5f6f in cmd_execute_command lib/command.c:1072
    #14 0x5623036c6392 in cmd_execute lib/command.c:1221
    #15 0x5623037e75da in vty_command lib/vty.c:591
    #16 0x5623037e7a74 in vty_execute lib/vty.c:1354
    #17 0x5623037f0253 in vtysh_read lib/vty.c:2362
    #18 0x5623037db4e8 in event_call lib/event.c:1995
    #19 0x562303720f97 in frr_run lib/libfrr.c:1213
    #20 0x56230368615d in main pimd/pim6_main.c:184
    #21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x56230373dd6b in qcalloc lib/memory.c:105
    #2 0x562303721651 in listnode_new lib/linklist.c:71
    #3 0x56230372182b in listnode_add lib/linklist.c:92
    #4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295
    #5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326
    #6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    #7 0x562303767280 in nb_callback_create lib/northbound.c:1235
    #8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    #9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    #10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    #11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    #12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    #13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    #14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    #15 0x5623036c5f6f in cmd_execute_command lib/command.c:1072
    #16 0x5623036c6392 in cmd_execute lib/command.c:1221
    #17 0x5623037e75da in vty_command lib/vty.c:591
    #18 0x5623037e7a74 in vty_execute lib/vty.c:1354
    #19 0x5623037f0253 in vtysh_read lib/vty.c:2362
    #20 0x5623037db4e8 in event_call lib/event.c:1995
    #21 0x562303720f97 in frr_run lib/libfrr.c:1213
    #22 0x56230368615d in main pimd/pim6_main.c:184
    #23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 400 byte(s) leaked in 11 allocation(s).
***********************************************************************************
```

Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
(cherry picked from commit 24379f0)

# Conflicts:
#	pimd/pim_iface.c
ryndia added a commit to ryndia/frr that referenced this issue Nov 8, 2023
The function aspath_remove_private_asns was using an aspath to perform some operation and didnt free it after usage leading to the leak below.

***********************************************************************************
Address Sanitizer Error detected in bgp_remove_private_as_route_map.test_bgp_remove_private_as_route_map/r2.asan.bgpd.27074

=================================================================
==27074==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 80 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689
    FRRouting#3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283
    FRRouting#4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#9 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#10 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#11 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#12 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#13 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Direct leak of 80 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689
    FRRouting#3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283
    FRRouting#4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#9 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#10 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#11 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#12 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#13 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#14 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#15 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#16 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#17 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#18 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#19 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#20 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#21 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#22 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 64 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551
    FRRouting#3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659
    FRRouting#4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484
    FRRouting#5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#11 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#12 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#13 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#14 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#15 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 64 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551
    FRRouting#3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659
    FRRouting#4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484
    FRRouting#5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#11 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#12 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#13 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#14 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#15 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#16 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#17 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#18 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#19 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#20 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#21 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#22 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#23 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#24 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 48 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105
    FRRouting#3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#12 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#13 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#14 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#15 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#16 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#17 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#18 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#19 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#20 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#21 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#22 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#23 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#24 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#25 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 48 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105
    FRRouting#3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#12 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#13 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#14 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#15 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#16 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 16 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83
    FRRouting#3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108
    FRRouting#4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#13 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#14 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#15 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#16 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#17 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 16 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83
    FRRouting#3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108
    FRRouting#4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#13 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#14 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#15 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#16 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#17 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#18 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#19 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#20 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#21 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#22 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#23 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#24 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#25 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#26 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 416 byte(s) leaked in 16 allocation(s).
***********************************************************************************

Signed-off-by: ryndia <dindyalsarvesh@gmail.com>
ryndia added a commit to ryndia/frr that referenced this issue Nov 10, 2023
The function aspath_remove_private_asns was using an aspath to perform some operation and didnt free it after usage leading to the leak below.

***********************************************************************************
Address Sanitizer Error detected in bgp_remove_private_as_route_map.test_bgp_remove_private_as_route_map/r2.asan.bgpd.27074

=================================================================
==27074==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 80 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689
    FRRouting#3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283
    FRRouting#4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#9 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#10 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#11 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#12 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#13 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Direct leak of 80 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689
    FRRouting#3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283
    FRRouting#4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#9 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#10 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#11 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#12 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#13 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#14 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#15 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#16 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#17 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#18 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#19 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#20 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#21 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#22 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 64 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551
    FRRouting#3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659
    FRRouting#4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484
    FRRouting#5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#11 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#12 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#13 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#14 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#15 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 64 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551
    FRRouting#3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659
    FRRouting#4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484
    FRRouting#5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#11 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#12 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#13 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#14 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#15 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#16 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#17 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#18 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#19 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#20 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#21 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#22 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#23 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#24 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 48 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105
    FRRouting#3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#12 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#13 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#14 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#15 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#16 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#17 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#18 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#19 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#20 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#21 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#22 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#23 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#24 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#25 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 48 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105
    FRRouting#3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#12 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#13 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#14 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#15 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#16 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 16 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83
    FRRouting#3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108
    FRRouting#4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#13 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#14 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#15 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#16 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#17 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 16 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83
    FRRouting#3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108
    FRRouting#4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#13 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#14 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#15 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#16 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#17 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#18 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#19 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#20 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#21 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#22 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#23 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#24 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#25 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#26 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 416 byte(s) leaked in 16 allocation(s).
***********************************************************************************

Signed-off-by: ryndia <dindyalsarvesh@gmail.com>
ryndia added a commit to ryndia/frr that referenced this issue Nov 10, 2023
The function aspath_remove_private_asns was using an aspath to perform some operation and didnt free it after usage leading to the leak below.

***********************************************************************************
Address Sanitizer Error detected in bgp_remove_private_as_route_map.test_bgp_remove_private_as_route_map/r2.asan.bgpd.27074

=================================================================
==27074==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 80 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689
    FRRouting#3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283
    FRRouting#4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#9 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#10 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#11 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#12 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#13 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Direct leak of 80 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689
    FRRouting#3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283
    FRRouting#4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#9 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#10 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#11 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#12 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#13 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#14 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#15 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#16 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#17 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#18 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#19 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#20 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#21 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#22 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 64 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551
    FRRouting#3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659
    FRRouting#4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484
    FRRouting#5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#11 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#12 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#13 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#14 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#15 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 64 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551
    FRRouting#3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659
    FRRouting#4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484
    FRRouting#5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#11 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#12 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#13 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#14 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#15 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#16 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#17 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#18 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#19 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#20 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#21 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#22 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#23 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#24 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 48 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105
    FRRouting#3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#12 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#13 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#14 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#15 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#16 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#17 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#18 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#19 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#20 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#21 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#22 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#23 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#24 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#25 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 48 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105
    FRRouting#3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#12 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#13 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#14 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#15 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#16 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 16 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83
    FRRouting#3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108
    FRRouting#4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#13 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#14 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#15 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#16 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#17 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 16 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83
    FRRouting#3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108
    FRRouting#4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#13 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#14 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#15 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#16 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#17 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#18 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#19 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#20 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#21 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#22 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#23 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#24 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#25 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#26 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 416 byte(s) leaked in 16 allocation(s).
***********************************************************************************

Signed-off-by: ryndia <dindyalsarvesh@gmail.com>
ryndia added a commit to ryndia/frr that referenced this issue Nov 11, 2023
The function aspath_remove_private_asns was using an aspath to perform some operation and didnt free it after usage leading to the leak below.

***********************************************************************************
Address Sanitizer Error detected in bgp_remove_private_as_route_map.test_bgp_remove_private_as_route_map/r2.asan.bgpd.27074

=================================================================
==27074==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 80 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689
    FRRouting#3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283
    FRRouting#4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#9 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#10 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#11 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#12 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#13 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Direct leak of 80 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689
    FRRouting#3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283
    FRRouting#4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#9 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#10 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#11 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#12 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#13 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#14 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#15 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#16 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#17 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#18 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#19 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#20 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#21 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#22 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 64 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551
    FRRouting#3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659
    FRRouting#4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484
    FRRouting#5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#11 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#12 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#13 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#14 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#15 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 64 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551
    FRRouting#3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659
    FRRouting#4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484
    FRRouting#5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#11 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#12 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#13 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#14 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#15 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#16 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#17 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#18 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#19 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#20 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#21 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#22 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#23 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#24 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 48 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105
    FRRouting#3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#12 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#13 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#14 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#15 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#16 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#17 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#18 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#19 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#20 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#21 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#22 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#23 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#24 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#25 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 48 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105
    FRRouting#3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#12 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#13 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#14 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#15 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#16 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 16 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83
    FRRouting#3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108
    FRRouting#4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#13 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#14 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#15 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#16 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#17 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 16 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83
    FRRouting#3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108
    FRRouting#4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#13 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#14 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#15 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#16 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#17 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#18 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#19 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#20 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#21 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#22 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#23 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#24 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#25 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#26 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 416 byte(s) leaked in 16 allocation(s).
***********************************************************************************

Signed-off-by: ryndia <dindyalsarvesh@gmail.com>
ryndia added a commit to ryndia/frr that referenced this issue Nov 13, 2023
The function aspath_remove_private_asns was using an aspath to perform some operation and didnt free it after usage leading to the leak below.

***********************************************************************************
Address Sanitizer Error detected in bgp_remove_private_as_route_map.test_bgp_remove_private_as_route_map/r2.asan.bgpd.27074

=================================================================
==27074==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 80 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689
    FRRouting#3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283
    FRRouting#4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#9 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#10 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#11 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#12 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#13 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Direct leak of 80 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689
    FRRouting#3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283
    FRRouting#4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#9 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#10 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#11 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#12 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#13 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#14 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#15 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#16 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#17 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#18 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#19 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#20 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#21 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#22 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 64 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551
    FRRouting#3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659
    FRRouting#4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484
    FRRouting#5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#11 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#12 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#13 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#14 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#15 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 64 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551
    FRRouting#3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659
    FRRouting#4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484
    FRRouting#5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#11 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#12 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#13 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#14 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#15 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#16 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#17 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#18 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#19 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#20 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#21 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#22 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#23 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#24 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 48 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105
    FRRouting#3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#12 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#13 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#14 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#15 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#16 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#17 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#18 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#19 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#20 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#21 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#22 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#23 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#24 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#25 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 48 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105
    FRRouting#3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#12 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#13 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#14 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#15 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#16 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 16 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83
    FRRouting#3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108
    FRRouting#4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#13 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#14 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#15 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#16 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#17 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 16 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83
    FRRouting#3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108
    FRRouting#4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#13 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#14 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#15 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#16 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#17 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#18 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#19 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#20 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#21 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#22 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#23 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#24 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#25 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#26 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 416 byte(s) leaked in 16 allocation(s).
***********************************************************************************

Signed-off-by: ryndia <dindyalsarvesh@gmail.com>
ryndia added a commit to ryndia/frr that referenced this issue Nov 13, 2023
The function aspath_remove_private_asns was using an aspath to perform some operation and didnt free it after usage leading to the leak below.

***********************************************************************************
Address Sanitizer Error detected in bgp_remove_private_as_route_map.test_bgp_remove_private_as_route_map/r2.asan.bgpd.27074

=================================================================
==27074==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 80 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689
    FRRouting#3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283
    FRRouting#4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#9 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#10 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#11 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#12 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#13 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Direct leak of 80 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689
    FRRouting#3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283
    FRRouting#4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#9 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#10 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#11 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#12 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#13 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#14 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#15 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#16 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#17 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#18 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#19 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#20 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#21 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#22 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 64 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551
    FRRouting#3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659
    FRRouting#4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484
    FRRouting#5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#11 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#12 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#13 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#14 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#15 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 64 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551
    FRRouting#3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659
    FRRouting#4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484
    FRRouting#5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#11 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#12 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#13 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#14 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#15 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#16 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#17 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#18 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#19 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#20 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#21 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#22 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#23 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#24 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 48 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105
    FRRouting#3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#12 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#13 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#14 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#15 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#16 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#17 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#18 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#19 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#20 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#21 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#22 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#23 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#24 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#25 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 48 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105
    FRRouting#3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#12 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#13 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#14 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#15 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#16 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 16 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83
    FRRouting#3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108
    FRRouting#4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#13 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#14 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#15 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#16 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#17 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 16 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83
    FRRouting#3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108
    FRRouting#4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#13 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#14 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#15 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#16 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#17 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#18 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#19 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#20 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#21 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#22 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#23 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#24 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#25 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#26 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 416 byte(s) leaked in 16 allocation(s).
***********************************************************************************

Signed-off-by: ryndia <dindyalsarvesh@gmail.com>
ryndia added a commit to ryndia/frr that referenced this issue Nov 14, 2023
The function aspath_remove_private_asns was using an aspath to perform some operation and didnt free it after usage leading to the leak below.

***********************************************************************************
Address Sanitizer Error detected in bgp_remove_private_as_route_map.test_bgp_remove_private_as_route_map/r2.asan.bgpd.27074

=================================================================
==27074==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 80 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689
    FRRouting#3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283
    FRRouting#4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#9 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#10 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#11 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#12 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#13 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Direct leak of 80 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689
    FRRouting#3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283
    FRRouting#4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#9 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#10 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#11 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#12 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#13 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#14 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#15 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#16 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#17 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#18 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#19 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#20 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#21 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#22 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 64 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551
    FRRouting#3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659
    FRRouting#4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484
    FRRouting#5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#11 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#12 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#13 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#14 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#15 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 64 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551
    FRRouting#3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659
    FRRouting#4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484
    FRRouting#5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#11 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#12 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#13 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#14 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#15 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#16 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#17 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#18 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#19 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#20 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#21 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#22 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#23 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#24 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 48 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105
    FRRouting#3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#12 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#13 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#14 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#15 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#16 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#17 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#18 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#19 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#20 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#21 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#22 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#23 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#24 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#25 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 48 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105
    FRRouting#3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#12 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#13 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#14 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#15 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#16 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 16 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83
    FRRouting#3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108
    FRRouting#4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#13 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#14 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#15 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#16 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#17 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 16 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    FRRouting#1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83
    FRRouting#3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108
    FRRouting#4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#13 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#14 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#15 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#16 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#17 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#18 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#19 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#20 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#21 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#22 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#23 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#24 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#25 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#26 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 416 byte(s) leaked in 16 allocation(s).
***********************************************************************************

Signed-off-by: ryndia <dindyalsarvesh@gmail.com>
cscarpitta pushed a commit to cscarpitta/frr that referenced this issue Feb 9, 2024
The function aspath_remove_private_asns was using an aspath to perform some operation and didnt free it after usage leading to the leak below.

***********************************************************************************
Address Sanitizer Error detected in bgp_remove_private_as_route_map.test_bgp_remove_private_as_route_map/r2.asan.bgpd.27074

=================================================================
==27074==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 80 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689
    FRRouting#3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283
    FRRouting#4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#9 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#10 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#11 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#12 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#13 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Direct leak of 80 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689
    FRRouting#3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283
    FRRouting#4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#9 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#10 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#11 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#12 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#13 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#14 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#15 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#16 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#17 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#18 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#19 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#20 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#21 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#22 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 64 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    #1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551
    FRRouting#3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659
    FRRouting#4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484
    FRRouting#5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#11 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#12 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#13 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#14 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#15 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 64 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    #1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551
    FRRouting#3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659
    FRRouting#4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484
    FRRouting#5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#11 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#12 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#13 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#14 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#15 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#16 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#17 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#18 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#19 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#20 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#21 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#22 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#23 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#24 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 48 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105
    FRRouting#3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#12 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#13 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#14 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#15 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#16 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#17 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#18 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#19 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#20 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#21 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#22 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#23 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#24 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#25 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 48 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x7fd0a45932ff in qcalloc lib/memory.c:105
    FRRouting#2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105
    FRRouting#3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#12 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#13 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#14 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#15 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#16 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 16 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    #1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83
    FRRouting#3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108
    FRRouting#4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#13 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368
    FRRouting#14 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#15 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#16 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#17 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 16 byte(s) in 2 object(s) allocated from:
    #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    #1 0x7fd0a459301f in qmalloc lib/memory.c:100
    FRRouting#2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83
    FRRouting#3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108
    FRRouting#4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145
    FRRouting#5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162
    FRRouting#6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483
    FRRouting#7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289
    FRRouting#8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690
    FRRouting#9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434
    FRRouting#10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990
    FRRouting#11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765
    FRRouting#12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818
    FRRouting#13 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685
    FRRouting#14 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721
    FRRouting#15 0x7fd0a455a7aa in hash_walk lib/hash.c:270
    FRRouting#16 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062
    FRRouting#17 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071
    FRRouting#18 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769
    FRRouting#19 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501
    FRRouting#20 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683
    FRRouting#21 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870
    FRRouting#22 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695
    FRRouting#23 0x7fd0a463322a in event_call lib/event.c:1970
    FRRouting#24 0x7fd0a4576566 in frr_run lib/libfrr.c:1214
    FRRouting#25 0x562b62dbd8f1 in main bgpd/bgp_main.c:510
    FRRouting#26 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 416 byte(s) leaked in 16 allocation(s).
***********************************************************************************

Signed-off-by: ryndia <dindyalsarvesh@gmail.com>
Keelan10 added a commit to Keelan10/frr that referenced this issue Mar 2, 2024
This commit ensures proper cleanup by deleting the gm_join_list when a PIM interface is deleted. The gm_join_list was previously not being freed, causing a memory leak.

The ASan leak log for reference:
```
***********************************************************************************
Address Sanitizer Error detected in multicast_mld_join_topo1.test_multicast_mld_local_join/r1.asan.pim6d.28070

=================================================================
==28070==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 40 byte(s) in 1 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105
    FRRouting#2 0x56230372180f in list_new lib/linklist.c:49
    FRRouting#3 0x56230361b589 in pim_if_gm_join_add pimd/pim_iface.c:1313
    FRRouting#4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    FRRouting#5 0x562303767280 in nb_callback_create lib/northbound.c:1235
    FRRouting#6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    FRRouting#7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    FRRouting#8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    FRRouting#9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    FRRouting#10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    FRRouting#11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    FRRouting#12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    FRRouting#13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053
    FRRouting#14 0x5623036c6392 in cmd_execute lib/command.c:1221
    FRRouting#15 0x5623037e75da in vty_command lib/vty.c:591
    FRRouting#16 0x5623037e7a74 in vty_execute lib/vty.c:1354
    FRRouting#17 0x5623037f0253 in vtysh_read lib/vty.c:2362
    FRRouting#18 0x5623037db4e8 in event_call lib/event.c:1995
    FRRouting#19 0x562303720f97 in frr_run lib/libfrr.c:1213
    FRRouting#20 0x56230368615d in main pimd/pim6_main.c:184
    FRRouting#21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 192 byte(s) in 4 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105
    FRRouting#2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288
    FRRouting#3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326
    FRRouting#4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    FRRouting#5 0x562303767280 in nb_callback_create lib/northbound.c:1235
    FRRouting#6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    FRRouting#7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    FRRouting#8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    FRRouting#9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    FRRouting#10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    FRRouting#11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    FRRouting#12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    FRRouting#13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053
    FRRouting#14 0x5623036c6392 in cmd_execute lib/command.c:1221
    FRRouting#15 0x5623037e75da in vty_command lib/vty.c:591
    FRRouting#16 0x5623037e7a74 in vty_execute lib/vty.c:1354
    FRRouting#17 0x5623037f0253 in vtysh_read lib/vty.c:2362
    FRRouting#18 0x5623037db4e8 in event_call lib/event.c:1995
    FRRouting#19 0x562303720f97 in frr_run lib/libfrr.c:1213
    FRRouting#20 0x56230368615d in main pimd/pim6_main.c:184
    FRRouting#21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 96 byte(s) in 4 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105
    FRRouting#2 0x562303721651 in listnode_new lib/linklist.c:71
    FRRouting#3 0x56230372182b in listnode_add lib/linklist.c:92
    FRRouting#4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295
    FRRouting#5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326
    FRRouting#6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    FRRouting#7 0x562303767280 in nb_callback_create lib/northbound.c:1235
    FRRouting#8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    FRRouting#9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    FRRouting#10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    FRRouting#11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    FRRouting#12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    FRRouting#13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    FRRouting#14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    FRRouting#15 0x5623036c5f1b in cmd_execute_command lib/command.c:1053
    FRRouting#16 0x5623036c6392 in cmd_execute lib/command.c:1221
    FRRouting#17 0x5623037e75da in vty_command lib/vty.c:591
    FRRouting#18 0x5623037e7a74 in vty_execute lib/vty.c:1354
    FRRouting#19 0x5623037f0253 in vtysh_read lib/vty.c:2362
    FRRouting#20 0x5623037db4e8 in event_call lib/event.c:1995
    FRRouting#21 0x562303720f97 in frr_run lib/libfrr.c:1213
    FRRouting#22 0x56230368615d in main pimd/pim6_main.c:184
    FRRouting#23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105
    FRRouting#2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288
    FRRouting#3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326
    FRRouting#4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    FRRouting#5 0x562303767280 in nb_callback_create lib/northbound.c:1235
    FRRouting#6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    FRRouting#7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    FRRouting#8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    FRRouting#9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    FRRouting#10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    FRRouting#11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    FRRouting#12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    FRRouting#13 0x5623036c5f6f in cmd_execute_command lib/command.c:1072
    FRRouting#14 0x5623036c6392 in cmd_execute lib/command.c:1221
    FRRouting#15 0x5623037e75da in vty_command lib/vty.c:591
    FRRouting#16 0x5623037e7a74 in vty_execute lib/vty.c:1354
    FRRouting#17 0x5623037f0253 in vtysh_read lib/vty.c:2362
    FRRouting#18 0x5623037db4e8 in event_call lib/event.c:1995
    FRRouting#19 0x562303720f97 in frr_run lib/libfrr.c:1213
    FRRouting#20 0x56230368615d in main pimd/pim6_main.c:184
    FRRouting#21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105
    FRRouting#2 0x562303721651 in listnode_new lib/linklist.c:71
    FRRouting#3 0x56230372182b in listnode_add lib/linklist.c:92
    FRRouting#4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295
    FRRouting#5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326
    FRRouting#6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    FRRouting#7 0x562303767280 in nb_callback_create lib/northbound.c:1235
    FRRouting#8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    FRRouting#9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    FRRouting#10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    FRRouting#11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    FRRouting#12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    FRRouting#13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    FRRouting#14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    FRRouting#15 0x5623036c5f6f in cmd_execute_command lib/command.c:1072
    FRRouting#16 0x5623036c6392 in cmd_execute lib/command.c:1221
    FRRouting#17 0x5623037e75da in vty_command lib/vty.c:591
    FRRouting#18 0x5623037e7a74 in vty_execute lib/vty.c:1354
    FRRouting#19 0x5623037f0253 in vtysh_read lib/vty.c:2362
    FRRouting#20 0x5623037db4e8 in event_call lib/event.c:1995
    FRRouting#21 0x562303720f97 in frr_run lib/libfrr.c:1213
    FRRouting#22 0x56230368615d in main pimd/pim6_main.c:184
    FRRouting#23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 400 byte(s) leaked in 11 allocation(s).
***********************************************************************************
```

Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
(cherry picked from commit 24379f0)
Keelan10 added a commit to Keelan10/frr that referenced this issue Mar 2, 2024
This commit ensures proper cleanup by deleting the gm_join_list when a PIM interface is deleted. The gm_join_list was previously not being freed, causing a memory leak.

The ASan leak log for reference:
```
***********************************************************************************
Address Sanitizer Error detected in multicast_mld_join_topo1.test_multicast_mld_local_join/r1.asan.pim6d.28070

=================================================================
==28070==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 40 byte(s) in 1 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105
    FRRouting#2 0x56230372180f in list_new lib/linklist.c:49
    FRRouting#3 0x56230361b589 in pim_if_gm_join_add pimd/pim_iface.c:1313
    FRRouting#4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    FRRouting#5 0x562303767280 in nb_callback_create lib/northbound.c:1235
    FRRouting#6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    FRRouting#7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    FRRouting#8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    FRRouting#9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    FRRouting#10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    FRRouting#11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    FRRouting#12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    FRRouting#13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053
    FRRouting#14 0x5623036c6392 in cmd_execute lib/command.c:1221
    FRRouting#15 0x5623037e75da in vty_command lib/vty.c:591
    FRRouting#16 0x5623037e7a74 in vty_execute lib/vty.c:1354
    FRRouting#17 0x5623037f0253 in vtysh_read lib/vty.c:2362
    FRRouting#18 0x5623037db4e8 in event_call lib/event.c:1995
    FRRouting#19 0x562303720f97 in frr_run lib/libfrr.c:1213
    FRRouting#20 0x56230368615d in main pimd/pim6_main.c:184
    FRRouting#21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 192 byte(s) in 4 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105
    FRRouting#2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288
    FRRouting#3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326
    FRRouting#4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    FRRouting#5 0x562303767280 in nb_callback_create lib/northbound.c:1235
    FRRouting#6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    FRRouting#7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    FRRouting#8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    FRRouting#9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    FRRouting#10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    FRRouting#11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    FRRouting#12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    FRRouting#13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053
    FRRouting#14 0x5623036c6392 in cmd_execute lib/command.c:1221
    FRRouting#15 0x5623037e75da in vty_command lib/vty.c:591
    FRRouting#16 0x5623037e7a74 in vty_execute lib/vty.c:1354
    FRRouting#17 0x5623037f0253 in vtysh_read lib/vty.c:2362
    FRRouting#18 0x5623037db4e8 in event_call lib/event.c:1995
    FRRouting#19 0x562303720f97 in frr_run lib/libfrr.c:1213
    FRRouting#20 0x56230368615d in main pimd/pim6_main.c:184
    FRRouting#21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 96 byte(s) in 4 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105
    FRRouting#2 0x562303721651 in listnode_new lib/linklist.c:71
    FRRouting#3 0x56230372182b in listnode_add lib/linklist.c:92
    FRRouting#4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295
    FRRouting#5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326
    FRRouting#6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    FRRouting#7 0x562303767280 in nb_callback_create lib/northbound.c:1235
    FRRouting#8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    FRRouting#9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    FRRouting#10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    FRRouting#11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    FRRouting#12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    FRRouting#13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    FRRouting#14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    FRRouting#15 0x5623036c5f1b in cmd_execute_command lib/command.c:1053
    FRRouting#16 0x5623036c6392 in cmd_execute lib/command.c:1221
    FRRouting#17 0x5623037e75da in vty_command lib/vty.c:591
    FRRouting#18 0x5623037e7a74 in vty_execute lib/vty.c:1354
    FRRouting#19 0x5623037f0253 in vtysh_read lib/vty.c:2362
    FRRouting#20 0x5623037db4e8 in event_call lib/event.c:1995
    FRRouting#21 0x562303720f97 in frr_run lib/libfrr.c:1213
    FRRouting#22 0x56230368615d in main pimd/pim6_main.c:184
    FRRouting#23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105
    FRRouting#2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288
    FRRouting#3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326
    FRRouting#4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    FRRouting#5 0x562303767280 in nb_callback_create lib/northbound.c:1235
    FRRouting#6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    FRRouting#7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    FRRouting#8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    FRRouting#9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    FRRouting#10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    FRRouting#11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    FRRouting#12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    FRRouting#13 0x5623036c5f6f in cmd_execute_command lib/command.c:1072
    FRRouting#14 0x5623036c6392 in cmd_execute lib/command.c:1221
    FRRouting#15 0x5623037e75da in vty_command lib/vty.c:591
    FRRouting#16 0x5623037e7a74 in vty_execute lib/vty.c:1354
    FRRouting#17 0x5623037f0253 in vtysh_read lib/vty.c:2362
    FRRouting#18 0x5623037db4e8 in event_call lib/event.c:1995
    FRRouting#19 0x562303720f97 in frr_run lib/libfrr.c:1213
    FRRouting#20 0x56230368615d in main pimd/pim6_main.c:184
    FRRouting#21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    FRRouting#1 0x56230373dd6b in qcalloc lib/memory.c:105
    FRRouting#2 0x562303721651 in listnode_new lib/linklist.c:71
    FRRouting#3 0x56230372182b in listnode_add lib/linklist.c:92
    FRRouting#4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295
    FRRouting#5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326
    FRRouting#6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    FRRouting#7 0x562303767280 in nb_callback_create lib/northbound.c:1235
    FRRouting#8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    FRRouting#9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    FRRouting#10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    FRRouting#11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    FRRouting#12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    FRRouting#13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    FRRouting#14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    FRRouting#15 0x5623036c5f6f in cmd_execute_command lib/command.c:1072
    FRRouting#16 0x5623036c6392 in cmd_execute lib/command.c:1221
    FRRouting#17 0x5623037e75da in vty_command lib/vty.c:591
    FRRouting#18 0x5623037e7a74 in vty_execute lib/vty.c:1354
    FRRouting#19 0x5623037f0253 in vtysh_read lib/vty.c:2362
    FRRouting#20 0x5623037db4e8 in event_call lib/event.c:1995
    FRRouting#21 0x562303720f97 in frr_run lib/libfrr.c:1213
    FRRouting#22 0x56230368615d in main pimd/pim6_main.c:184
    FRRouting#23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 400 byte(s) leaked in 11 allocation(s).
***********************************************************************************
```

Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
(cherry picked from commit 24379f0)
louis-6wind added a commit to louis-6wind/frr that referenced this issue Jun 21, 2024
Fix a crash when doing "show isis database detail json" in
isis_srv6_topo1 topotest.

> #0  raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50
> #1  0x00007fad89524e2c in core_handler (signo=6, siginfo=0x7ffe86a4b8b0, context=0x7ffe86a4b780) at lib/sigevent.c:258
> #2  <signal handler called>
> #3  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
> FRRouting#4  0x00007fad8904e537 in __GI_abort () at abort.c:79
> FRRouting#5  0x00007fad8904e40f in __assert_fail_base (fmt=0x7fad891c5688 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x7fad8a3e70e8 "json_object_get_type(jso) == json_type_object",
>     file=0x7fad8a3e7064 "./json_object.c", line=590, function=<optimized out>) at assert.c:92
> FRRouting#6  0x00007fad8905d662 in __GI___assert_fail (assertion=0x7fad8a3e70e8 "json_object_get_type(jso) == json_type_object", file=0x7fad8a3e7064 "./json_object.c", line=590,
>     function=0x7fad8a3e7440 "json_object_object_add_ex") at assert.c:101
> FRRouting#7  0x00007fad8a3dfe93 in json_object_object_add_ex () from /lib/x86_64-linux-gnu/libjson-c.so.5
> FRRouting#8  0x000055708e3f8f7f in format_subsubtlv_srv6_sid_structure (sid_struct=0x602000172b70, buf=0x0, json=0x6040000a21d0, indent=6) at isisd/isis_tlvs.c:2880
> FRRouting#9  0x000055708e3f9acb in isis_format_subsubtlvs (subsubtlvs=0x602000172b50, buf=0x0, json=0x6040000a21d0, indent=6) at isisd/isis_tlvs.c:3022
> FRRouting#10 0x000055708e3eefb0 in format_item_ext_subtlvs (exts=0x614000047440, buf=0x0, json=0x6040000a2190, indent=2, mtid=2) at isisd/isis_tlvs.c:1313
> FRRouting#11 0x000055708e3fd599 in format_item_extended_reach (mtid=2, i=0x60300015aed0, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:3763
> FRRouting#12 0x000055708e40d46a in format_item (mtid=2, context=ISIS_CONTEXT_LSP, type=ISIS_TLV_MT_REACH, i=0x60300015aed0, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:6789
> FRRouting#13 0x000055708e40d4fc in format_items_ (mtid=2, context=ISIS_CONTEXT_LSP, type=ISIS_TLV_MT_REACH, items=0x60600021d160, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:6804
> FRRouting#14 0x000055708e40edbc in format_mt_items (context=ISIS_CONTEXT_LSP, type=ISIS_TLV_MT_REACH, m=0x6180000845d8, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:7147
> FRRouting#15 0x000055708e4111e9 in format_tlvs (tlvs=0x618000084480, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:7572
> FRRouting#16 0x000055708e4114ce in isis_format_tlvs (tlvs=0x618000084480, json=0x6040000a1bd0) at isisd/isis_tlvs.c:7613
> FRRouting#17 0x000055708e36f167 in lsp_print_detail (lsp=0x612000058b40, vty=0x0, json=0x6040000a1bd0, dynhost=1 '\001', isis=0x60d00001f800) at isisd/isis_lsp.c:785
> FRRouting#18 0x000055708e36f31f in lsp_print_all (vty=0x0, json=0x6040000a0490, head=0x61f000005488, detail=1 '\001', dynhost=1 '\001', isis=0x60d00001f800) at isisd/isis_lsp.c:820
> FRRouting#19 0x000055708e4379fc in show_isis_database_lspdb_json (json=0x6040000a0450, area=0x61f000005480, level=0, lspdb=0x61f000005488, sysid_str=0x0, ui_level=1) at isisd/isisd.c:2683
> FRRouting#20 0x000055708e437ef9 in show_isis_database_json (json=0x6040000a0310, sysid_str=0x0, ui_level=1, isis=0x60d00001f800) at isisd/isisd.c:2754
> FRRouting#21 0x000055708e438357 in show_isis_database_common (vty=0x62e000060400, json=0x6040000a0310, sysid_str=0x0, ui_level=1, isis=0x60d00001f800) at isisd/isisd.c:2788
> FRRouting#22 0x000055708e438591 in show_isis_database (vty=0x62e000060400, json=0x6040000a0310, sysid_str=0x0, ui_level=1, vrf_name=0x7fad89806300 <vrf_default_name> "default", all_vrf=false)
>     at isisd/isisd.c:2825
> FRRouting#23 0x000055708e43891d in show_database (self=0x55708e5519c0 <show_database_cmd>, vty=0x62e000060400, argc=5, argv=0x6040000a02d0) at isisd/isisd.c:2855
> FRRouting#24 0x00007fad893a9767 in cmd_execute_command_real (vline=0x60300015f220, vty=0x62e000060400, cmd=0x0, up_level=0) at lib/command.c:1002
> FRRouting#25 0x00007fad893a9adc in cmd_execute_command (vline=0x60300015f220, vty=0x62e000060400, cmd=0x0, vtysh=0) at lib/command.c:1061
> FRRouting#26 0x00007fad893aa728 in cmd_execute (vty=0x62e000060400, cmd=0x621000025900 "show isis database detail json ", matched=0x0, vtysh=0) at lib/command.c:1227

Note that prior to 2e670cd, there was also a crash when several SRv6
End SIDs were present.

Fixes: 2e670cd ("isisd: fix display of srv6 subsubtlvs")
Fixes: 648a158 ("isisd: Add SRv6 End.X SID to Sub-TLV format func")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
louis-6wind added a commit to louis-6wind/frr that referenced this issue Jun 21, 2024
Fix a crash when doing "show isis database detail json" in
isis_srv6_topo1 topotest.

> #0  raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50
> #1  0x00007fad89524e2c in core_handler (signo=6, siginfo=0x7ffe86a4b8b0, context=0x7ffe86a4b780) at lib/sigevent.c:258
> #2  <signal handler called>
> #3  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
> FRRouting#4  0x00007fad8904e537 in __GI_abort () at abort.c:79
> FRRouting#5  0x00007fad8904e40f in __assert_fail_base (fmt=0x7fad891c5688 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x7fad8a3e70e8 "json_object_get_type(jso) == json_type_object",
>     file=0x7fad8a3e7064 "./json_object.c", line=590, function=<optimized out>) at assert.c:92
> FRRouting#6  0x00007fad8905d662 in __GI___assert_fail (assertion=0x7fad8a3e70e8 "json_object_get_type(jso) == json_type_object", file=0x7fad8a3e7064 "./json_object.c", line=590,
>     function=0x7fad8a3e7440 "json_object_object_add_ex") at assert.c:101
> FRRouting#7  0x00007fad8a3dfe93 in json_object_object_add_ex () from /lib/x86_64-linux-gnu/libjson-c.so.5
> FRRouting#8  0x000055708e3f8f7f in format_subsubtlv_srv6_sid_structure (sid_struct=0x602000172b70, buf=0x0, json=0x6040000a21d0, indent=6) at isisd/isis_tlvs.c:2880
> FRRouting#9  0x000055708e3f9acb in isis_format_subsubtlvs (subsubtlvs=0x602000172b50, buf=0x0, json=0x6040000a21d0, indent=6) at isisd/isis_tlvs.c:3022
> FRRouting#10 0x000055708e3eefb0 in format_item_ext_subtlvs (exts=0x614000047440, buf=0x0, json=0x6040000a2190, indent=2, mtid=2) at isisd/isis_tlvs.c:1313
> FRRouting#11 0x000055708e3fd599 in format_item_extended_reach (mtid=2, i=0x60300015aed0, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:3763
> FRRouting#12 0x000055708e40d46a in format_item (mtid=2, context=ISIS_CONTEXT_LSP, type=ISIS_TLV_MT_REACH, i=0x60300015aed0, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:6789
> FRRouting#13 0x000055708e40d4fc in format_items_ (mtid=2, context=ISIS_CONTEXT_LSP, type=ISIS_TLV_MT_REACH, items=0x60600021d160, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:6804
> FRRouting#14 0x000055708e40edbc in format_mt_items (context=ISIS_CONTEXT_LSP, type=ISIS_TLV_MT_REACH, m=0x6180000845d8, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:7147
> FRRouting#15 0x000055708e4111e9 in format_tlvs (tlvs=0x618000084480, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:7572
> FRRouting#16 0x000055708e4114ce in isis_format_tlvs (tlvs=0x618000084480, json=0x6040000a1bd0) at isisd/isis_tlvs.c:7613
> FRRouting#17 0x000055708e36f167 in lsp_print_detail (lsp=0x612000058b40, vty=0x0, json=0x6040000a1bd0, dynhost=1 '\001', isis=0x60d00001f800) at isisd/isis_lsp.c:785
> FRRouting#18 0x000055708e36f31f in lsp_print_all (vty=0x0, json=0x6040000a0490, head=0x61f000005488, detail=1 '\001', dynhost=1 '\001', isis=0x60d00001f800) at isisd/isis_lsp.c:820
> FRRouting#19 0x000055708e4379fc in show_isis_database_lspdb_json (json=0x6040000a0450, area=0x61f000005480, level=0, lspdb=0x61f000005488, sysid_str=0x0, ui_level=1) at isisd/isisd.c:2683
> FRRouting#20 0x000055708e437ef9 in show_isis_database_json (json=0x6040000a0310, sysid_str=0x0, ui_level=1, isis=0x60d00001f800) at isisd/isisd.c:2754
> FRRouting#21 0x000055708e438357 in show_isis_database_common (vty=0x62e000060400, json=0x6040000a0310, sysid_str=0x0, ui_level=1, isis=0x60d00001f800) at isisd/isisd.c:2788
> FRRouting#22 0x000055708e438591 in show_isis_database (vty=0x62e000060400, json=0x6040000a0310, sysid_str=0x0, ui_level=1, vrf_name=0x7fad89806300 <vrf_default_name> "default", all_vrf=false)
>     at isisd/isisd.c:2825
> FRRouting#23 0x000055708e43891d in show_database (self=0x55708e5519c0 <show_database_cmd>, vty=0x62e000060400, argc=5, argv=0x6040000a02d0) at isisd/isisd.c:2855
> FRRouting#24 0x00007fad893a9767 in cmd_execute_command_real (vline=0x60300015f220, vty=0x62e000060400, cmd=0x0, up_level=0) at lib/command.c:1002
> FRRouting#25 0x00007fad893a9adc in cmd_execute_command (vline=0x60300015f220, vty=0x62e000060400, cmd=0x0, vtysh=0) at lib/command.c:1061
> FRRouting#26 0x00007fad893aa728 in cmd_execute (vty=0x62e000060400, cmd=0x621000025900 "show isis database detail json ", matched=0x0, vtysh=0) at lib/command.c:1227

Note that prior to 2e670cd, there was no crash but only the last
"srv6-sid-structure" was displayed. A "srv6-sid-structure" should be
displayed for each "sid". This commit also fix this.

Was:

> "srv6-lan-endx-sid": [
>   {
>     "sid": "fc00:0:1:1::",
>     "weight": 0,
>     "algorithm": "SPF",
>     "neighbor-id": "0000.0000.0002"
>   },
>   {
>     "sid": "fc00:0:1:2::",
>     "weight": 0,
>     "algorithm": "SPF",
>     "neighbor-id": "0000.0000.0003"
>   }
> ],
> "srv6-sid-structure": {
>   "loc-block-len": 32,
>   "loc-node-len": 16,
>   "func-len": 16,
>   "arg-len": 0
> },

Now (srv6-sid-structure are identical but they are not always):

> "srv6-lan-endx-sid": [
>   {
>     "sid": "fc00:0:1:1::",
>     "algorithm": "SPF",
>     "neighbor-id": "0000.0000.0002",
>     "srv6-sid-structure": {
>       "loc-block-len": 32,
>       "loc-node-len": 16,
>       "func-len": 8,
>       "arg-len": 0
>     },
>   },
>   {
>     "sid": "fc00:0:1:2::",
>     "algorithm": "SPF",
>     "neighbor-id": "0000.0000.0003",
>     "srv6-sid-structure": {
>       "loc-block-len": 32,
>       "loc-node-len": 16,
>       "func-len": 16,
>       "arg-len": 0
>     },
>   }
> ],

Fixes: 2e670cd ("isisd: fix display of srv6 subsubtlvs")
Fixes: 648a158 ("isisd: Add SRv6 End.X SID to Sub-TLV format func")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
louis-6wind added a commit to louis-6wind/frr that referenced this issue Aug 27, 2024
Fix crash when flex-algo is configured and mpls-te is disabled.

> interface eth0
>  ip router isis 1
> !
> router isis 1
>  flex-algo 129
>   dataplane sr-mpls
>   advertise-definition

> #0  __pthread_kill_implementation (no_tid=0, signo=11, threadid=140486233631168) at ./nptl/pthread_kill.c:44
> #1  __pthread_kill_internal (signo=11, threadid=140486233631168) at ./nptl/pthread_kill.c:78
> #2  __GI___pthread_kill (threadid=140486233631168, signo=signo@entry=11) at ./nptl/pthread_kill.c:89
> #3  0x00007fc5802e9476 in __GI_raise (sig=11) at ../sysdeps/posix/raise.c:26
> FRRouting#4  0x00007fc58076021f in core_handler (signo=11, siginfo=0x7ffd38d42470, context=0x7ffd38d42340) at lib/sigevent.c:248
> FRRouting#5  <signal handler called>
> FRRouting#6  0x000055c527f798c9 in isis_link_params_update_asla (circuit=0x55c52aaed3c0, ifp=0x55c52a1044e0) at isisd/isis_te.c:176
> FRRouting#7  0x000055c527fb29da in isis_instance_flex_algo_create (args=0x7ffd38d43120) at isisd/isis_nb_config.c:2875
> FRRouting#8  0x00007fc58072655b in nb_callback_create (context=0x55c52ab1d2f0, nb_node=0x55c529f72950, event=NB_EV_APPLY, dnode=0x55c52ab06230, resource=0x55c52ab189f8, errmsg=0x7ffd38d43750 "",
>     errmsg_len=8192) at lib/northbound.c:1262
> FRRouting#9  0x00007fc580727625 in nb_callback_configuration (context=0x55c52ab1d2f0, event=NB_EV_APPLY, change=0x55c52ab189c0, errmsg=0x7ffd38d43750 "", errmsg_len=8192) at lib/northbound.c:1662
> FRRouting#10 0x00007fc580727c39 in nb_transaction_process (event=NB_EV_APPLY, transaction=0x55c52ab1d2f0, errmsg=0x7ffd38d43750 "", errmsg_len=8192) at lib/northbound.c:1794
> FRRouting#11 0x00007fc580725f77 in nb_candidate_commit_apply (transaction=0x55c52ab1d2f0, save_transaction=true, transaction_id=0x0, errmsg=0x7ffd38d43750 "", errmsg_len=8192)
>     at lib/northbound.c:1131
> FRRouting#12 0x00007fc5807260d1 in nb_candidate_commit (context=..., candidate=0x55c529f0a730, save_transaction=true, comment=0x0, transaction_id=0x0, errmsg=0x7ffd38d43750 "", errmsg_len=8192)
>     at lib/northbound.c:1164
> FRRouting#13 0x00007fc58072d220 in nb_cli_classic_commit (vty=0x55c52a0fc6b0) at lib/northbound_cli.c:51
> FRRouting#14 0x00007fc58072d839 in nb_cli_apply_changes_internal (vty=0x55c52a0fc6b0,
>     xpath_base=0x7ffd38d477f0 "/frr-isisd:isis/instance[area-tag='1'][vrf='default']/flex-algos/flex-algo[flex-algo='129']", clear_pending=false) at lib/northbound_cli.c:178
> FRRouting#15 0x00007fc58072dbcf in nb_cli_apply_changes (vty=0x55c52a0fc6b0, xpath_base_fmt=0x55c528014de0 "./flex-algos/flex-algo[flex-algo='%ld']") at lib/northbound_cli.c:234
> FRRouting#16 0x000055c527fd3403 in flex_algo_magic (self=0x55c52804f1a0 <flex_algo_cmd>, vty=0x55c52a0fc6b0, argc=2, argv=0x55c52ab00ec0, algorithm=129, algorithm_str=0x55c52ab120d0 "129")
>     at isisd/isis_cli.c:3752
> FRRouting#17 0x000055c527fc97cb in flex_algo (self=0x55c52804f1a0 <flex_algo_cmd>, vty=0x55c52a0fc6b0, argc=2, argv=0x55c52ab00ec0) at ./isisd/isis_cli_clippy.c:6445
> FRRouting#18 0x00007fc5806b9abc in cmd_execute_command_real (vline=0x55c52aaf78f0, vty=0x55c52a0fc6b0, cmd=0x0, up_level=0) at lib/command.c:984
> FRRouting#19 0x00007fc5806b9c35 in cmd_execute_command (vline=0x55c52aaf78f0, vty=0x55c52a0fc6b0, cmd=0x0, vtysh=0) at lib/command.c:1043
> FRRouting#20 0x00007fc5806ba1e5 in cmd_execute (vty=0x55c52a0fc6b0, cmd=0x55c52aae6bd0 "flex-algo 129\n", matched=0x0, vtysh=0) at lib/command.c:1209
> FRRouting#21 0x00007fc580782ae1 in vty_command (vty=0x55c52a0fc6b0, buf=0x55c52aae6bd0 "flex-algo 129\n") at lib/vty.c:615
> FRRouting#22 0x00007fc580784a05 in vty_execute (vty=0x55c52a0fc6b0) at lib/vty.c:1378
> FRRouting#23 0x00007fc580787131 in vtysh_read (thread=0x7ffd38d4ab10) at lib/vty.c:2373
> FRRouting#24 0x00007fc58077b605 in event_call (thread=0x7ffd38d4ab10) at lib/event.c:2011
> FRRouting#25 0x00007fc5806f8976 in frr_run (master=0x55c529df9b30) at lib/libfrr.c:1212
> FRRouting#26 0x000055c527f301bc in main (argc=5, argv=0x7ffd38d4ad58, envp=0x7ffd38d4ad88) at isisd/isis_main.c:350
> (gdb) f 6
> FRRouting#6  0x000055c527f798c9 in isis_link_params_update_asla (circuit=0x55c52aaed3c0, ifp=0x55c52a1044e0) at isisd/isis_te.c:176
> 176                     list_delete_all_node(ext->aslas);
> (gdb) p ext
> $1 = (struct isis_ext_subtlvs *) 0x0

Fixes: ae27101 ("isisd: fix building asla at first flex-algo config")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
mergify bot pushed a commit that referenced this issue Aug 27, 2024
Fix crash when flex-algo is configured and mpls-te is disabled.

> interface eth0
>  ip router isis 1
> !
> router isis 1
>  flex-algo 129
>   dataplane sr-mpls
>   advertise-definition

> #0  __pthread_kill_implementation (no_tid=0, signo=11, threadid=140486233631168) at ./nptl/pthread_kill.c:44
> #1  __pthread_kill_internal (signo=11, threadid=140486233631168) at ./nptl/pthread_kill.c:78
> #2  __GI___pthread_kill (threadid=140486233631168, signo=signo@entry=11) at ./nptl/pthread_kill.c:89
> #3  0x00007fc5802e9476 in __GI_raise (sig=11) at ../sysdeps/posix/raise.c:26
> #4  0x00007fc58076021f in core_handler (signo=11, siginfo=0x7ffd38d42470, context=0x7ffd38d42340) at lib/sigevent.c:248
> #5  <signal handler called>
> #6  0x000055c527f798c9 in isis_link_params_update_asla (circuit=0x55c52aaed3c0, ifp=0x55c52a1044e0) at isisd/isis_te.c:176
> #7  0x000055c527fb29da in isis_instance_flex_algo_create (args=0x7ffd38d43120) at isisd/isis_nb_config.c:2875
> #8  0x00007fc58072655b in nb_callback_create (context=0x55c52ab1d2f0, nb_node=0x55c529f72950, event=NB_EV_APPLY, dnode=0x55c52ab06230, resource=0x55c52ab189f8, errmsg=0x7ffd38d43750 "",
>     errmsg_len=8192) at lib/northbound.c:1262
> #9  0x00007fc580727625 in nb_callback_configuration (context=0x55c52ab1d2f0, event=NB_EV_APPLY, change=0x55c52ab189c0, errmsg=0x7ffd38d43750 "", errmsg_len=8192) at lib/northbound.c:1662
> #10 0x00007fc580727c39 in nb_transaction_process (event=NB_EV_APPLY, transaction=0x55c52ab1d2f0, errmsg=0x7ffd38d43750 "", errmsg_len=8192) at lib/northbound.c:1794
> #11 0x00007fc580725f77 in nb_candidate_commit_apply (transaction=0x55c52ab1d2f0, save_transaction=true, transaction_id=0x0, errmsg=0x7ffd38d43750 "", errmsg_len=8192)
>     at lib/northbound.c:1131
> #12 0x00007fc5807260d1 in nb_candidate_commit (context=..., candidate=0x55c529f0a730, save_transaction=true, comment=0x0, transaction_id=0x0, errmsg=0x7ffd38d43750 "", errmsg_len=8192)
>     at lib/northbound.c:1164
> #13 0x00007fc58072d220 in nb_cli_classic_commit (vty=0x55c52a0fc6b0) at lib/northbound_cli.c:51
> #14 0x00007fc58072d839 in nb_cli_apply_changes_internal (vty=0x55c52a0fc6b0,
>     xpath_base=0x7ffd38d477f0 "/frr-isisd:isis/instance[area-tag='1'][vrf='default']/flex-algos/flex-algo[flex-algo='129']", clear_pending=false) at lib/northbound_cli.c:178
> #15 0x00007fc58072dbcf in nb_cli_apply_changes (vty=0x55c52a0fc6b0, xpath_base_fmt=0x55c528014de0 "./flex-algos/flex-algo[flex-algo='%ld']") at lib/northbound_cli.c:234
> #16 0x000055c527fd3403 in flex_algo_magic (self=0x55c52804f1a0 <flex_algo_cmd>, vty=0x55c52a0fc6b0, argc=2, argv=0x55c52ab00ec0, algorithm=129, algorithm_str=0x55c52ab120d0 "129")
>     at isisd/isis_cli.c:3752
> #17 0x000055c527fc97cb in flex_algo (self=0x55c52804f1a0 <flex_algo_cmd>, vty=0x55c52a0fc6b0, argc=2, argv=0x55c52ab00ec0) at ./isisd/isis_cli_clippy.c:6445
> #18 0x00007fc5806b9abc in cmd_execute_command_real (vline=0x55c52aaf78f0, vty=0x55c52a0fc6b0, cmd=0x0, up_level=0) at lib/command.c:984
> #19 0x00007fc5806b9c35 in cmd_execute_command (vline=0x55c52aaf78f0, vty=0x55c52a0fc6b0, cmd=0x0, vtysh=0) at lib/command.c:1043
> #20 0x00007fc5806ba1e5 in cmd_execute (vty=0x55c52a0fc6b0, cmd=0x55c52aae6bd0 "flex-algo 129\n", matched=0x0, vtysh=0) at lib/command.c:1209
> #21 0x00007fc580782ae1 in vty_command (vty=0x55c52a0fc6b0, buf=0x55c52aae6bd0 "flex-algo 129\n") at lib/vty.c:615
> #22 0x00007fc580784a05 in vty_execute (vty=0x55c52a0fc6b0) at lib/vty.c:1378
> #23 0x00007fc580787131 in vtysh_read (thread=0x7ffd38d4ab10) at lib/vty.c:2373
> #24 0x00007fc58077b605 in event_call (thread=0x7ffd38d4ab10) at lib/event.c:2011
> #25 0x00007fc5806f8976 in frr_run (master=0x55c529df9b30) at lib/libfrr.c:1212
> #26 0x000055c527f301bc in main (argc=5, argv=0x7ffd38d4ad58, envp=0x7ffd38d4ad88) at isisd/isis_main.c:350
> (gdb) f 6
> #6  0x000055c527f798c9 in isis_link_params_update_asla (circuit=0x55c52aaed3c0, ifp=0x55c52a1044e0) at isisd/isis_te.c:176
> 176                     list_delete_all_node(ext->aslas);
> (gdb) p ext
> $1 = (struct isis_ext_subtlvs *) 0x0

Fixes: ae27101 ("isisd: fix building asla at first flex-algo config")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit cd81d28)
mergify bot pushed a commit that referenced this issue Aug 27, 2024
Fix crash when flex-algo is configured and mpls-te is disabled.

> interface eth0
>  ip router isis 1
> !
> router isis 1
>  flex-algo 129
>   dataplane sr-mpls
>   advertise-definition

> #0  __pthread_kill_implementation (no_tid=0, signo=11, threadid=140486233631168) at ./nptl/pthread_kill.c:44
> #1  __pthread_kill_internal (signo=11, threadid=140486233631168) at ./nptl/pthread_kill.c:78
> #2  __GI___pthread_kill (threadid=140486233631168, signo=signo@entry=11) at ./nptl/pthread_kill.c:89
> #3  0x00007fc5802e9476 in __GI_raise (sig=11) at ../sysdeps/posix/raise.c:26
> #4  0x00007fc58076021f in core_handler (signo=11, siginfo=0x7ffd38d42470, context=0x7ffd38d42340) at lib/sigevent.c:248
> #5  <signal handler called>
> #6  0x000055c527f798c9 in isis_link_params_update_asla (circuit=0x55c52aaed3c0, ifp=0x55c52a1044e0) at isisd/isis_te.c:176
> #7  0x000055c527fb29da in isis_instance_flex_algo_create (args=0x7ffd38d43120) at isisd/isis_nb_config.c:2875
> #8  0x00007fc58072655b in nb_callback_create (context=0x55c52ab1d2f0, nb_node=0x55c529f72950, event=NB_EV_APPLY, dnode=0x55c52ab06230, resource=0x55c52ab189f8, errmsg=0x7ffd38d43750 "",
>     errmsg_len=8192) at lib/northbound.c:1262
> #9  0x00007fc580727625 in nb_callback_configuration (context=0x55c52ab1d2f0, event=NB_EV_APPLY, change=0x55c52ab189c0, errmsg=0x7ffd38d43750 "", errmsg_len=8192) at lib/northbound.c:1662
> #10 0x00007fc580727c39 in nb_transaction_process (event=NB_EV_APPLY, transaction=0x55c52ab1d2f0, errmsg=0x7ffd38d43750 "", errmsg_len=8192) at lib/northbound.c:1794
> #11 0x00007fc580725f77 in nb_candidate_commit_apply (transaction=0x55c52ab1d2f0, save_transaction=true, transaction_id=0x0, errmsg=0x7ffd38d43750 "", errmsg_len=8192)
>     at lib/northbound.c:1131
> #12 0x00007fc5807260d1 in nb_candidate_commit (context=..., candidate=0x55c529f0a730, save_transaction=true, comment=0x0, transaction_id=0x0, errmsg=0x7ffd38d43750 "", errmsg_len=8192)
>     at lib/northbound.c:1164
> #13 0x00007fc58072d220 in nb_cli_classic_commit (vty=0x55c52a0fc6b0) at lib/northbound_cli.c:51
> #14 0x00007fc58072d839 in nb_cli_apply_changes_internal (vty=0x55c52a0fc6b0,
>     xpath_base=0x7ffd38d477f0 "/frr-isisd:isis/instance[area-tag='1'][vrf='default']/flex-algos/flex-algo[flex-algo='129']", clear_pending=false) at lib/northbound_cli.c:178
> #15 0x00007fc58072dbcf in nb_cli_apply_changes (vty=0x55c52a0fc6b0, xpath_base_fmt=0x55c528014de0 "./flex-algos/flex-algo[flex-algo='%ld']") at lib/northbound_cli.c:234
> #16 0x000055c527fd3403 in flex_algo_magic (self=0x55c52804f1a0 <flex_algo_cmd>, vty=0x55c52a0fc6b0, argc=2, argv=0x55c52ab00ec0, algorithm=129, algorithm_str=0x55c52ab120d0 "129")
>     at isisd/isis_cli.c:3752
> #17 0x000055c527fc97cb in flex_algo (self=0x55c52804f1a0 <flex_algo_cmd>, vty=0x55c52a0fc6b0, argc=2, argv=0x55c52ab00ec0) at ./isisd/isis_cli_clippy.c:6445
> #18 0x00007fc5806b9abc in cmd_execute_command_real (vline=0x55c52aaf78f0, vty=0x55c52a0fc6b0, cmd=0x0, up_level=0) at lib/command.c:984
> #19 0x00007fc5806b9c35 in cmd_execute_command (vline=0x55c52aaf78f0, vty=0x55c52a0fc6b0, cmd=0x0, vtysh=0) at lib/command.c:1043
> #20 0x00007fc5806ba1e5 in cmd_execute (vty=0x55c52a0fc6b0, cmd=0x55c52aae6bd0 "flex-algo 129\n", matched=0x0, vtysh=0) at lib/command.c:1209
> #21 0x00007fc580782ae1 in vty_command (vty=0x55c52a0fc6b0, buf=0x55c52aae6bd0 "flex-algo 129\n") at lib/vty.c:615
> #22 0x00007fc580784a05 in vty_execute (vty=0x55c52a0fc6b0) at lib/vty.c:1378
> #23 0x00007fc580787131 in vtysh_read (thread=0x7ffd38d4ab10) at lib/vty.c:2373
> #24 0x00007fc58077b605 in event_call (thread=0x7ffd38d4ab10) at lib/event.c:2011
> #25 0x00007fc5806f8976 in frr_run (master=0x55c529df9b30) at lib/libfrr.c:1212
> #26 0x000055c527f301bc in main (argc=5, argv=0x7ffd38d4ad58, envp=0x7ffd38d4ad88) at isisd/isis_main.c:350
> (gdb) f 6
> #6  0x000055c527f798c9 in isis_link_params_update_asla (circuit=0x55c52aaed3c0, ifp=0x55c52a1044e0) at isisd/isis_te.c:176
> 176                     list_delete_all_node(ext->aslas);
> (gdb) p ext
> $1 = (struct isis_ext_subtlvs *) 0x0

Fixes: ae27101 ("isisd: fix building asla at first flex-algo config")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit cd81d28)
louis-6wind added a commit to louis-6wind/frr that referenced this issue Sep 9, 2024
The following causes a isisd crash.

> # cat config
> affinity-map green bit-position 0
> router isis 1
>  flex-algo 129
>   affinity exclude-any green
> # vtysh -f config

> #0  raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50
> #1  0x00007f650cd32756 in core_handler (signo=6, siginfo=0x7ffc56f93070, context=0x7ffc56f92f40) at lib/sigevent.c:258
> #2  <signal handler called>
> #3  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
> FRRouting#4  0x00007f650c91c537 in __GI_abort () at abort.c:79
> FRRouting#5  0x00007f650cd007c9 in nb_running_get_entry_worker (dnode=0x0, xpath=0x0, abort_if_not_found=true, rec_search=true) at lib/northbound.c:2531
> FRRouting#6  0x00007f650cd007f9 in nb_running_get_entry (dnode=0x55d9ad406e00, xpath=0x0, abort_if_not_found=true) at lib/northbound.c:2537
> FRRouting#7  0x000055d9ab302248 in isis_instance_flex_algo_affinity_set (args=0x7ffc56f947a0, type=2) at isisd/isis_nb_config.c:2998
> FRRouting#8  0x000055d9ab3027c0 in isis_instance_flex_algo_affinity_exclude_any_create (args=0x7ffc56f947a0) at isisd/isis_nb_config.c:3155
> FRRouting#9  0x00007f650ccfe284 in nb_callback_create (context=0x7ffc56f94d20, nb_node=0x55d9ad28b540, event=NB_EV_VALIDATE, dnode=0x55d9ad406e00, resource=0x0, errmsg=0x7ffc56f94de0 "",
>     errmsg_len=8192) at lib/northbound.c:1487
> FRRouting#10 0x00007f650ccff067 in nb_callback_configuration (context=0x7ffc56f94d20, event=NB_EV_VALIDATE, change=0x55d9ad406d40, errmsg=0x7ffc56f94de0 "", errmsg_len=8192) at lib/northbound.c:1884
> FRRouting#11 0x00007f650ccfda31 in nb_candidate_validate_code (context=0x7ffc56f94d20, candidate=0x55d9ad20d710, changes=0x7ffc56f94d38, errmsg=0x7ffc56f94de0 "", errmsg_len=8192)
>     at lib/northbound.c:1246
> FRRouting#12 0x00007f650ccfdc67 in nb_candidate_commit_prepare (context=..., candidate=0x55d9ad20d710, comment=0x0, transaction=0x7ffc56f94da0, skip_validate=false, ignore_zero_change=false,
>     errmsg=0x7ffc56f94de0 "", errmsg_len=8192) at lib/northbound.c:1317
> FRRouting#13 0x00007f650ccfdec4 in nb_candidate_commit (context=..., candidate=0x55d9ad20d710, save_transaction=true, comment=0x0, transaction_id=0x0, errmsg=0x7ffc56f94de0 "", errmsg_len=8192)
>     at lib/northbound.c:1381
> FRRouting#14 0x00007f650cd045ba in nb_cli_classic_commit (vty=0x55d9ad3f7490) at lib/northbound_cli.c:57
> FRRouting#15 0x00007f650cd04749 in nb_cli_pending_commit_check (vty=0x55d9ad3f7490) at lib/northbound_cli.c:96
> FRRouting#16 0x00007f650cc94340 in cmd_execute_command_real (vline=0x55d9ad3eea10, vty=0x55d9ad3f7490, cmd=0x0, up_level=0) at lib/command.c:1000
> FRRouting#17 0x00007f650cc94599 in cmd_execute_command (vline=0x55d9ad3eea10, vty=0x55d9ad3f7490, cmd=0x0, vtysh=0) at lib/command.c:1080
> FRRouting#18 0x00007f650cc94a0c in cmd_execute (vty=0x55d9ad3f7490, cmd=0x55d9ad401d30 "XFRR_end_configuration", matched=0x0, vtysh=0) at lib/command.c:1228
> FRRouting#19 0x00007f650cd523a4 in vty_command (vty=0x55d9ad3f7490, buf=0x55d9ad401d30 "XFRR_end_configuration") at lib/vty.c:625
> FRRouting#20 0x00007f650cd5413d in vty_execute (vty=0x55d9ad3f7490) at lib/vty.c:1388
> FRRouting#21 0x00007f650cd56353 in vtysh_read (thread=0x7ffc56f99370) at lib/vty.c:2400
> FRRouting#22 0x00007f650cd4b6fd in event_call (thread=0x7ffc56f99370) at lib/event.c:1996
> FRRouting#23 0x00007f650ccd1365 in frr_run (master=0x55d9ad103cf0) at lib/libfrr.c:1231
> FRRouting#24 0x000055d9ab29036e in main (argc=2, argv=0x7ffc56f99598, envp=0x7ffc56f995b0) at isisd/isis_main.c:354

Configuring the same in vtysh configure interactive mode works properly.
When using "vtysh -f", the northbound compatible configuration is
committed together whereas, in interactive mode, it committed line by
line. In the first situation, in validation state nb_running_get_entry()
fails because the area not yet in running.

Do not use nb_running_get_entry() northbound validation state.

Fixes: 893882e ("isisd: add isis flex-algo configuration backend")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
louis-6wind added a commit to louis-6wind/frr that referenced this issue Sep 10, 2024
Fix a crash when modifying a route-map with set as-path exclude without
as-path-access-list:

> router(config)# route-map routemaptest deny 1
> router(config-route-map)# set as-path exclude 33 34 35
> router(config-route-map)# set as-path exclude as-path-access-list test

> #0  raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50
> #1  0x00007fb3959327de in core_handler (signo=11, siginfo=0x7ffd122da530, context=0x7ffd122da400) at lib/sigevent.c:258
> #2  <signal handler called>
> #3  0x000055ab2762a1bd in as_list_list_del (h=0x55ab27897680 <as_exclude_list_orphan>, item=0x55ab28204e20) at ./bgpd/bgp_aspath.h:77
> FRRouting#4  0x000055ab2762d1a8 in as_exclude_remove_orphan (ase=0x55ab28204e20) at bgpd/bgp_aspath.c:1574
> FRRouting#5  0x000055ab27550538 in route_aspath_exclude_free (rule=0x55ab28204e20) at bgpd/bgp_routemap.c:2366
> FRRouting#6  0x00007fb39591f00c in route_map_rule_delete (list=0x55ab28203498, rule=0x55ab28204170) at lib/routemap.c:1357
> FRRouting#7  0x00007fb39591f87c in route_map_add_set (index=0x55ab28203460, set_name=0x55ab276ad2aa "as-path exclude", set_arg=0x55ab281e4f70 "as-path-access-list test") at lib/routemap.c:1674
> FRRouting#8  0x00007fb39591d3f3 in generic_set_add (index=0x55ab28203460, command=0x55ab276ad2aa "as-path exclude", arg=0x55ab281e4f70 "as-path-access-list test", errmsg=0x7ffd122db870 "",
>     errmsg_len=8192) at lib/routemap.c:533
> FRRouting#9  0x000055ab2755e78e in lib_route_map_entry_set_action_rmap_set_action_exclude_as_path_modify (args=0x7ffd122db290) at bgpd/bgp_routemap_nb_config.c:2427
> FRRouting#10 0x00007fb3958fe417 in nb_callback_modify (context=0x55ab28205aa0, nb_node=0x55ab27cb31e0, event=NB_EV_APPLY, dnode=0x55ab28202690, resource=0x55ab27c32148, errmsg=0x7ffd122db870 "",
>     errmsg_len=8192) at lib/northbound.c:1538
> FRRouting#11 0x00007fb3958ff0ab in nb_callback_configuration (context=0x55ab28205aa0, event=NB_EV_APPLY, change=0x55ab27c32110, errmsg=0x7ffd122db870 "", errmsg_len=8192) at lib/northbound.c:1888
> FRRouting#12 0x00007fb3958ff5e4 in nb_transaction_process (event=NB_EV_APPLY, transaction=0x55ab28205aa0, errmsg=0x7ffd122db870 "", errmsg_len=8192) at lib/northbound.c:2016
> FRRouting#13 0x00007fb3958fddba in nb_candidate_commit_apply (transaction=0x55ab28205aa0, save_transaction=true, transaction_id=0x0, errmsg=0x7ffd122db870 "", errmsg_len=8192)
>     at lib/northbound.c:1356
> FRRouting#14 0x00007fb3958fdef0 in nb_candidate_commit (context=..., candidate=0x55ab27c2c9a0, save_transaction=true, comment=0x0, transaction_id=0x0, errmsg=0x7ffd122db870 "", errmsg_len=8192)
>     at lib/northbound.c:1389
> FRRouting#15 0x00007fb3959045ba in nb_cli_classic_commit (vty=0x55ab281f6680) at lib/northbound_cli.c:57
> FRRouting#16 0x00007fb395904b5a in nb_cli_apply_changes_internal (vty=0x55ab281f6680, xpath_base=0x7ffd122dfd10 "/frr-route-map:lib/route-map[name='routemaptest']/entry[sequence='1']",
>     clear_pending=false) at lib/northbound_cli.c:184
> FRRouting#17 0x00007fb395904ebf in nb_cli_apply_changes (vty=0x55ab281f6680, xpath_base_fmt=0x0) at lib/northbound_cli.c:240
> --Type <RET> for more, q to quit, c to continue without paging--
> FRRouting#18 0x000055ab27557d2e in set_aspath_exclude_access_list_magic (self=0x55ab2775c300 <set_aspath_exclude_access_list_cmd>, vty=0x55ab281f6680, argc=5, argv=0x55ab28204c80,
>     as_path_filter_name=0x55ab28202040 "test") at bgpd/bgp_routemap.c:6397
> FRRouting#19 0x000055ab2754bdea in set_aspath_exclude_access_list (self=0x55ab2775c300 <set_aspath_exclude_access_list_cmd>, vty=0x55ab281f6680, argc=5, argv=0x55ab28204c80)
>     at ./bgpd/bgp_routemap_clippy.c:856
> FRRouting#20 0x00007fb39589435d in cmd_execute_command_real (vline=0x55ab281e61f0, vty=0x55ab281f6680, cmd=0x0, up_level=0) at lib/command.c:1003
> FRRouting#21 0x00007fb3958944be in cmd_execute_command (vline=0x55ab281e61f0, vty=0x55ab281f6680, cmd=0x0, vtysh=0) at lib/command.c:1062
> FRRouting#22 0x00007fb395894a0c in cmd_execute (vty=0x55ab281f6680, cmd=0x55ab28200f20 "set as-path exclude as-path-access-list test", matched=0x0, vtysh=0) at lib/command.c:1228
> FRRouting#23 0x00007fb39595242c in vty_command (vty=0x55ab281f6680, buf=0x55ab28200f20 "set as-path exclude as-path-access-list test") at lib/vty.c:625
> FRRouting#24 0x00007fb3959541c5 in vty_execute (vty=0x55ab281f6680) at lib/vty.c:1388
> FRRouting#25 0x00007fb3959563db in vtysh_read (thread=0x7ffd122e2bb0) at lib/vty.c:2400
> FRRouting#26 0x00007fb39594b785 in event_call (thread=0x7ffd122e2bb0) at lib/event.c:1996
> FRRouting#27 0x00007fb3958d1365 in frr_run (master=0x55ab27b56d70) at lib/libfrr.c:1231
> FRRouting#28 0x000055ab2747f1cc in main (argc=3, argv=0x7ffd122e2e08) at bgpd/bgp_main.c:555

Fixes: 094dcc3 ("bgpd: fix "bgp as-pah access-list" with "set aspath exclude" set/unset issues")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
donaldsharp pushed a commit that referenced this issue Sep 11, 2024
Fix a crash when modifying a route-map with set as-path exclude without
as-path-access-list:

> router(config)# route-map routemaptest deny 1
> router(config-route-map)# set as-path exclude 33 34 35
> router(config-route-map)# set as-path exclude as-path-access-list test

> #0  raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50
> #1  0x00007fb3959327de in core_handler (signo=11, siginfo=0x7ffd122da530, context=0x7ffd122da400) at lib/sigevent.c:258
> #2  <signal handler called>
> #3  0x000055ab2762a1bd in as_list_list_del (h=0x55ab27897680 <as_exclude_list_orphan>, item=0x55ab28204e20) at ./bgpd/bgp_aspath.h:77
> #4  0x000055ab2762d1a8 in as_exclude_remove_orphan (ase=0x55ab28204e20) at bgpd/bgp_aspath.c:1574
> #5  0x000055ab27550538 in route_aspath_exclude_free (rule=0x55ab28204e20) at bgpd/bgp_routemap.c:2366
> #6  0x00007fb39591f00c in route_map_rule_delete (list=0x55ab28203498, rule=0x55ab28204170) at lib/routemap.c:1357
> #7  0x00007fb39591f87c in route_map_add_set (index=0x55ab28203460, set_name=0x55ab276ad2aa "as-path exclude", set_arg=0x55ab281e4f70 "as-path-access-list test") at lib/routemap.c:1674
> #8  0x00007fb39591d3f3 in generic_set_add (index=0x55ab28203460, command=0x55ab276ad2aa "as-path exclude", arg=0x55ab281e4f70 "as-path-access-list test", errmsg=0x7ffd122db870 "",
>     errmsg_len=8192) at lib/routemap.c:533
> #9  0x000055ab2755e78e in lib_route_map_entry_set_action_rmap_set_action_exclude_as_path_modify (args=0x7ffd122db290) at bgpd/bgp_routemap_nb_config.c:2427
> #10 0x00007fb3958fe417 in nb_callback_modify (context=0x55ab28205aa0, nb_node=0x55ab27cb31e0, event=NB_EV_APPLY, dnode=0x55ab28202690, resource=0x55ab27c32148, errmsg=0x7ffd122db870 "",
>     errmsg_len=8192) at lib/northbound.c:1538
> #11 0x00007fb3958ff0ab in nb_callback_configuration (context=0x55ab28205aa0, event=NB_EV_APPLY, change=0x55ab27c32110, errmsg=0x7ffd122db870 "", errmsg_len=8192) at lib/northbound.c:1888
> #12 0x00007fb3958ff5e4 in nb_transaction_process (event=NB_EV_APPLY, transaction=0x55ab28205aa0, errmsg=0x7ffd122db870 "", errmsg_len=8192) at lib/northbound.c:2016
> #13 0x00007fb3958fddba in nb_candidate_commit_apply (transaction=0x55ab28205aa0, save_transaction=true, transaction_id=0x0, errmsg=0x7ffd122db870 "", errmsg_len=8192)
>     at lib/northbound.c:1356
> #14 0x00007fb3958fdef0 in nb_candidate_commit (context=..., candidate=0x55ab27c2c9a0, save_transaction=true, comment=0x0, transaction_id=0x0, errmsg=0x7ffd122db870 "", errmsg_len=8192)
>     at lib/northbound.c:1389
> #15 0x00007fb3959045ba in nb_cli_classic_commit (vty=0x55ab281f6680) at lib/northbound_cli.c:57
> #16 0x00007fb395904b5a in nb_cli_apply_changes_internal (vty=0x55ab281f6680, xpath_base=0x7ffd122dfd10 "/frr-route-map:lib/route-map[name='routemaptest']/entry[sequence='1']",
>     clear_pending=false) at lib/northbound_cli.c:184
> #17 0x00007fb395904ebf in nb_cli_apply_changes (vty=0x55ab281f6680, xpath_base_fmt=0x0) at lib/northbound_cli.c:240
> --Type <RET> for more, q to quit, c to continue without paging--
> #18 0x000055ab27557d2e in set_aspath_exclude_access_list_magic (self=0x55ab2775c300 <set_aspath_exclude_access_list_cmd>, vty=0x55ab281f6680, argc=5, argv=0x55ab28204c80,
>     as_path_filter_name=0x55ab28202040 "test") at bgpd/bgp_routemap.c:6397
> #19 0x000055ab2754bdea in set_aspath_exclude_access_list (self=0x55ab2775c300 <set_aspath_exclude_access_list_cmd>, vty=0x55ab281f6680, argc=5, argv=0x55ab28204c80)
>     at ./bgpd/bgp_routemap_clippy.c:856
> #20 0x00007fb39589435d in cmd_execute_command_real (vline=0x55ab281e61f0, vty=0x55ab281f6680, cmd=0x0, up_level=0) at lib/command.c:1003
> #21 0x00007fb3958944be in cmd_execute_command (vline=0x55ab281e61f0, vty=0x55ab281f6680, cmd=0x0, vtysh=0) at lib/command.c:1062
> #22 0x00007fb395894a0c in cmd_execute (vty=0x55ab281f6680, cmd=0x55ab28200f20 "set as-path exclude as-path-access-list test", matched=0x0, vtysh=0) at lib/command.c:1228
> #23 0x00007fb39595242c in vty_command (vty=0x55ab281f6680, buf=0x55ab28200f20 "set as-path exclude as-path-access-list test") at lib/vty.c:625
> #24 0x00007fb3959541c5 in vty_execute (vty=0x55ab281f6680) at lib/vty.c:1388
> #25 0x00007fb3959563db in vtysh_read (thread=0x7ffd122e2bb0) at lib/vty.c:2400
> #26 0x00007fb39594b785 in event_call (thread=0x7ffd122e2bb0) at lib/event.c:1996
> #27 0x00007fb3958d1365 in frr_run (master=0x55ab27b56d70) at lib/libfrr.c:1231
> #28 0x000055ab2747f1cc in main (argc=3, argv=0x7ffd122e2e08) at bgpd/bgp_main.c:555

Fixes: 094dcc3 ("bgpd: fix "bgp as-pah access-list" with "set aspath exclude" set/unset issues")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
donaldsharp pushed a commit that referenced this issue Sep 11, 2024
Fix a crash when modifying a route-map with set as-path exclude without
as-path-access-list:

> router(config)# route-map routemaptest deny 1
> router(config-route-map)# set as-path exclude 33 34 35
> router(config-route-map)# set as-path exclude as-path-access-list test

> #0  raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50
> #1  0x00007fb3959327de in core_handler (signo=11, siginfo=0x7ffd122da530, context=0x7ffd122da400) at lib/sigevent.c:258
> #2  <signal handler called>
> #3  0x000055ab2762a1bd in as_list_list_del (h=0x55ab27897680 <as_exclude_list_orphan>, item=0x55ab28204e20) at ./bgpd/bgp_aspath.h:77
> #4  0x000055ab2762d1a8 in as_exclude_remove_orphan (ase=0x55ab28204e20) at bgpd/bgp_aspath.c:1574
> #5  0x000055ab27550538 in route_aspath_exclude_free (rule=0x55ab28204e20) at bgpd/bgp_routemap.c:2366
> #6  0x00007fb39591f00c in route_map_rule_delete (list=0x55ab28203498, rule=0x55ab28204170) at lib/routemap.c:1357
> #7  0x00007fb39591f87c in route_map_add_set (index=0x55ab28203460, set_name=0x55ab276ad2aa "as-path exclude", set_arg=0x55ab281e4f70 "as-path-access-list test") at lib/routemap.c:1674
> #8  0x00007fb39591d3f3 in generic_set_add (index=0x55ab28203460, command=0x55ab276ad2aa "as-path exclude", arg=0x55ab281e4f70 "as-path-access-list test", errmsg=0x7ffd122db870 "",
>     errmsg_len=8192) at lib/routemap.c:533
> #9  0x000055ab2755e78e in lib_route_map_entry_set_action_rmap_set_action_exclude_as_path_modify (args=0x7ffd122db290) at bgpd/bgp_routemap_nb_config.c:2427
> #10 0x00007fb3958fe417 in nb_callback_modify (context=0x55ab28205aa0, nb_node=0x55ab27cb31e0, event=NB_EV_APPLY, dnode=0x55ab28202690, resource=0x55ab27c32148, errmsg=0x7ffd122db870 "",
>     errmsg_len=8192) at lib/northbound.c:1538
> #11 0x00007fb3958ff0ab in nb_callback_configuration (context=0x55ab28205aa0, event=NB_EV_APPLY, change=0x55ab27c32110, errmsg=0x7ffd122db870 "", errmsg_len=8192) at lib/northbound.c:1888
> #12 0x00007fb3958ff5e4 in nb_transaction_process (event=NB_EV_APPLY, transaction=0x55ab28205aa0, errmsg=0x7ffd122db870 "", errmsg_len=8192) at lib/northbound.c:2016
> #13 0x00007fb3958fddba in nb_candidate_commit_apply (transaction=0x55ab28205aa0, save_transaction=true, transaction_id=0x0, errmsg=0x7ffd122db870 "", errmsg_len=8192)
>     at lib/northbound.c:1356
> #14 0x00007fb3958fdef0 in nb_candidate_commit (context=..., candidate=0x55ab27c2c9a0, save_transaction=true, comment=0x0, transaction_id=0x0, errmsg=0x7ffd122db870 "", errmsg_len=8192)
>     at lib/northbound.c:1389
> #15 0x00007fb3959045ba in nb_cli_classic_commit (vty=0x55ab281f6680) at lib/northbound_cli.c:57
> #16 0x00007fb395904b5a in nb_cli_apply_changes_internal (vty=0x55ab281f6680, xpath_base=0x7ffd122dfd10 "/frr-route-map:lib/route-map[name='routemaptest']/entry[sequence='1']",
>     clear_pending=false) at lib/northbound_cli.c:184
> #17 0x00007fb395904ebf in nb_cli_apply_changes (vty=0x55ab281f6680, xpath_base_fmt=0x0) at lib/northbound_cli.c:240
> --Type <RET> for more, q to quit, c to continue without paging--
> #18 0x000055ab27557d2e in set_aspath_exclude_access_list_magic (self=0x55ab2775c300 <set_aspath_exclude_access_list_cmd>, vty=0x55ab281f6680, argc=5, argv=0x55ab28204c80,
>     as_path_filter_name=0x55ab28202040 "test") at bgpd/bgp_routemap.c:6397
> #19 0x000055ab2754bdea in set_aspath_exclude_access_list (self=0x55ab2775c300 <set_aspath_exclude_access_list_cmd>, vty=0x55ab281f6680, argc=5, argv=0x55ab28204c80)
>     at ./bgpd/bgp_routemap_clippy.c:856
> #20 0x00007fb39589435d in cmd_execute_command_real (vline=0x55ab281e61f0, vty=0x55ab281f6680, cmd=0x0, up_level=0) at lib/command.c:1003
> #21 0x00007fb3958944be in cmd_execute_command (vline=0x55ab281e61f0, vty=0x55ab281f6680, cmd=0x0, vtysh=0) at lib/command.c:1062
> #22 0x00007fb395894a0c in cmd_execute (vty=0x55ab281f6680, cmd=0x55ab28200f20 "set as-path exclude as-path-access-list test", matched=0x0, vtysh=0) at lib/command.c:1228
> #23 0x00007fb39595242c in vty_command (vty=0x55ab281f6680, buf=0x55ab28200f20 "set as-path exclude as-path-access-list test") at lib/vty.c:625
> #24 0x00007fb3959541c5 in vty_execute (vty=0x55ab281f6680) at lib/vty.c:1388
> #25 0x00007fb3959563db in vtysh_read (thread=0x7ffd122e2bb0) at lib/vty.c:2400
> #26 0x00007fb39594b785 in event_call (thread=0x7ffd122e2bb0) at lib/event.c:1996
> #27 0x00007fb3958d1365 in frr_run (master=0x55ab27b56d70) at lib/libfrr.c:1231
> #28 0x000055ab2747f1cc in main (argc=3, argv=0x7ffd122e2e08) at bgpd/bgp_main.c:555

Fixes: 094dcc3 ("bgpd: fix "bgp as-pah access-list" with "set aspath exclude" set/unset issues")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
choppsv1 pushed a commit to LabNConsulting/frr that referenced this issue Sep 14, 2024
Fix a crash when modifying a route-map with set as-path exclude without
as-path-access-list:

> router(config)# route-map routemaptest deny 1
> router(config-route-map)# set as-path exclude 33 34 35
> router(config-route-map)# set as-path exclude as-path-access-list test

> #0  raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50
> #1  0x00007fb3959327de in core_handler (signo=11, siginfo=0x7ffd122da530, context=0x7ffd122da400) at lib/sigevent.c:258
> #2  <signal handler called>
> FRRouting#3  0x000055ab2762a1bd in as_list_list_del (h=0x55ab27897680 <as_exclude_list_orphan>, item=0x55ab28204e20) at ./bgpd/bgp_aspath.h:77
> FRRouting#4  0x000055ab2762d1a8 in as_exclude_remove_orphan (ase=0x55ab28204e20) at bgpd/bgp_aspath.c:1574
> FRRouting#5  0x000055ab27550538 in route_aspath_exclude_free (rule=0x55ab28204e20) at bgpd/bgp_routemap.c:2366
> FRRouting#6  0x00007fb39591f00c in route_map_rule_delete (list=0x55ab28203498, rule=0x55ab28204170) at lib/routemap.c:1357
> FRRouting#7  0x00007fb39591f87c in route_map_add_set (index=0x55ab28203460, set_name=0x55ab276ad2aa "as-path exclude", set_arg=0x55ab281e4f70 "as-path-access-list test") at lib/routemap.c:1674
> FRRouting#8  0x00007fb39591d3f3 in generic_set_add (index=0x55ab28203460, command=0x55ab276ad2aa "as-path exclude", arg=0x55ab281e4f70 "as-path-access-list test", errmsg=0x7ffd122db870 "",
>     errmsg_len=8192) at lib/routemap.c:533
> FRRouting#9  0x000055ab2755e78e in lib_route_map_entry_set_action_rmap_set_action_exclude_as_path_modify (args=0x7ffd122db290) at bgpd/bgp_routemap_nb_config.c:2427
> FRRouting#10 0x00007fb3958fe417 in nb_callback_modify (context=0x55ab28205aa0, nb_node=0x55ab27cb31e0, event=NB_EV_APPLY, dnode=0x55ab28202690, resource=0x55ab27c32148, errmsg=0x7ffd122db870 "",
>     errmsg_len=8192) at lib/northbound.c:1538
> FRRouting#11 0x00007fb3958ff0ab in nb_callback_configuration (context=0x55ab28205aa0, event=NB_EV_APPLY, change=0x55ab27c32110, errmsg=0x7ffd122db870 "", errmsg_len=8192) at lib/northbound.c:1888
> FRRouting#12 0x00007fb3958ff5e4 in nb_transaction_process (event=NB_EV_APPLY, transaction=0x55ab28205aa0, errmsg=0x7ffd122db870 "", errmsg_len=8192) at lib/northbound.c:2016
> FRRouting#13 0x00007fb3958fddba in nb_candidate_commit_apply (transaction=0x55ab28205aa0, save_transaction=true, transaction_id=0x0, errmsg=0x7ffd122db870 "", errmsg_len=8192)
>     at lib/northbound.c:1356
> FRRouting#14 0x00007fb3958fdef0 in nb_candidate_commit (context=..., candidate=0x55ab27c2c9a0, save_transaction=true, comment=0x0, transaction_id=0x0, errmsg=0x7ffd122db870 "", errmsg_len=8192)
>     at lib/northbound.c:1389
> FRRouting#15 0x00007fb3959045ba in nb_cli_classic_commit (vty=0x55ab281f6680) at lib/northbound_cli.c:57
> FRRouting#16 0x00007fb395904b5a in nb_cli_apply_changes_internal (vty=0x55ab281f6680, xpath_base=0x7ffd122dfd10 "/frr-route-map:lib/route-map[name='routemaptest']/entry[sequence='1']",
>     clear_pending=false) at lib/northbound_cli.c:184
> FRRouting#17 0x00007fb395904ebf in nb_cli_apply_changes (vty=0x55ab281f6680, xpath_base_fmt=0x0) at lib/northbound_cli.c:240
> --Type <RET> for more, q to quit, c to continue without paging--
> FRRouting#18 0x000055ab27557d2e in set_aspath_exclude_access_list_magic (self=0x55ab2775c300 <set_aspath_exclude_access_list_cmd>, vty=0x55ab281f6680, argc=5, argv=0x55ab28204c80,
>     as_path_filter_name=0x55ab28202040 "test") at bgpd/bgp_routemap.c:6397
> FRRouting#19 0x000055ab2754bdea in set_aspath_exclude_access_list (self=0x55ab2775c300 <set_aspath_exclude_access_list_cmd>, vty=0x55ab281f6680, argc=5, argv=0x55ab28204c80)
>     at ./bgpd/bgp_routemap_clippy.c:856
> FRRouting#20 0x00007fb39589435d in cmd_execute_command_real (vline=0x55ab281e61f0, vty=0x55ab281f6680, cmd=0x0, up_level=0) at lib/command.c:1003
> FRRouting#21 0x00007fb3958944be in cmd_execute_command (vline=0x55ab281e61f0, vty=0x55ab281f6680, cmd=0x0, vtysh=0) at lib/command.c:1062
> FRRouting#22 0x00007fb395894a0c in cmd_execute (vty=0x55ab281f6680, cmd=0x55ab28200f20 "set as-path exclude as-path-access-list test", matched=0x0, vtysh=0) at lib/command.c:1228
> FRRouting#23 0x00007fb39595242c in vty_command (vty=0x55ab281f6680, buf=0x55ab28200f20 "set as-path exclude as-path-access-list test") at lib/vty.c:625
> FRRouting#24 0x00007fb3959541c5 in vty_execute (vty=0x55ab281f6680) at lib/vty.c:1388
> FRRouting#25 0x00007fb3959563db in vtysh_read (thread=0x7ffd122e2bb0) at lib/vty.c:2400
> FRRouting#26 0x00007fb39594b785 in event_call (thread=0x7ffd122e2bb0) at lib/event.c:1996
> FRRouting#27 0x00007fb3958d1365 in frr_run (master=0x55ab27b56d70) at lib/libfrr.c:1231
> FRRouting#28 0x000055ab2747f1cc in main (argc=3, argv=0x7ffd122e2e08) at bgpd/bgp_main.c:555

Fixes: 094dcc3 ("bgpd: fix "bgp as-pah access-list" with "set aspath exclude" set/unset issues")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
enkechen-panw pushed a commit to enkechen-panw/frr that referenced this issue Sep 14, 2024
The following causes a isisd crash.

> # cat config
> affinity-map green bit-position 0
> router isis 1
>  flex-algo 129
>   affinity exclude-any green
> # vtysh -f config

> #0  raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50
> FRRouting#1  0x00007f650cd32756 in core_handler (signo=6, siginfo=0x7ffc56f93070, context=0x7ffc56f92f40) at lib/sigevent.c:258
> FRRouting#2  <signal handler called>
> FRRouting#3  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
> FRRouting#4  0x00007f650c91c537 in __GI_abort () at abort.c:79
> FRRouting#5  0x00007f650cd007c9 in nb_running_get_entry_worker (dnode=0x0, xpath=0x0, abort_if_not_found=true, rec_search=true) at lib/northbound.c:2531
> FRRouting#6  0x00007f650cd007f9 in nb_running_get_entry (dnode=0x55d9ad406e00, xpath=0x0, abort_if_not_found=true) at lib/northbound.c:2537
> FRRouting#7  0x000055d9ab302248 in isis_instance_flex_algo_affinity_set (args=0x7ffc56f947a0, type=2) at isisd/isis_nb_config.c:2998
> FRRouting#8  0x000055d9ab3027c0 in isis_instance_flex_algo_affinity_exclude_any_create (args=0x7ffc56f947a0) at isisd/isis_nb_config.c:3155
> FRRouting#9  0x00007f650ccfe284 in nb_callback_create (context=0x7ffc56f94d20, nb_node=0x55d9ad28b540, event=NB_EV_VALIDATE, dnode=0x55d9ad406e00, resource=0x0, errmsg=0x7ffc56f94de0 "",
>     errmsg_len=8192) at lib/northbound.c:1487
> FRRouting#10 0x00007f650ccff067 in nb_callback_configuration (context=0x7ffc56f94d20, event=NB_EV_VALIDATE, change=0x55d9ad406d40, errmsg=0x7ffc56f94de0 "", errmsg_len=8192) at lib/northbound.c:1884
> FRRouting#11 0x00007f650ccfda31 in nb_candidate_validate_code (context=0x7ffc56f94d20, candidate=0x55d9ad20d710, changes=0x7ffc56f94d38, errmsg=0x7ffc56f94de0 "", errmsg_len=8192)
>     at lib/northbound.c:1246
> FRRouting#12 0x00007f650ccfdc67 in nb_candidate_commit_prepare (context=..., candidate=0x55d9ad20d710, comment=0x0, transaction=0x7ffc56f94da0, skip_validate=false, ignore_zero_change=false,
>     errmsg=0x7ffc56f94de0 "", errmsg_len=8192) at lib/northbound.c:1317
> FRRouting#13 0x00007f650ccfdec4 in nb_candidate_commit (context=..., candidate=0x55d9ad20d710, save_transaction=true, comment=0x0, transaction_id=0x0, errmsg=0x7ffc56f94de0 "", errmsg_len=8192)
>     at lib/northbound.c:1381
> FRRouting#14 0x00007f650cd045ba in nb_cli_classic_commit (vty=0x55d9ad3f7490) at lib/northbound_cli.c:57
> FRRouting#15 0x00007f650cd04749 in nb_cli_pending_commit_check (vty=0x55d9ad3f7490) at lib/northbound_cli.c:96
> FRRouting#16 0x00007f650cc94340 in cmd_execute_command_real (vline=0x55d9ad3eea10, vty=0x55d9ad3f7490, cmd=0x0, up_level=0) at lib/command.c:1000
> FRRouting#17 0x00007f650cc94599 in cmd_execute_command (vline=0x55d9ad3eea10, vty=0x55d9ad3f7490, cmd=0x0, vtysh=0) at lib/command.c:1080
> FRRouting#18 0x00007f650cc94a0c in cmd_execute (vty=0x55d9ad3f7490, cmd=0x55d9ad401d30 "XFRR_end_configuration", matched=0x0, vtysh=0) at lib/command.c:1228
> FRRouting#19 0x00007f650cd523a4 in vty_command (vty=0x55d9ad3f7490, buf=0x55d9ad401d30 "XFRR_end_configuration") at lib/vty.c:625
> FRRouting#20 0x00007f650cd5413d in vty_execute (vty=0x55d9ad3f7490) at lib/vty.c:1388
> FRRouting#21 0x00007f650cd56353 in vtysh_read (thread=0x7ffc56f99370) at lib/vty.c:2400
> FRRouting#22 0x00007f650cd4b6fd in event_call (thread=0x7ffc56f99370) at lib/event.c:1996
> FRRouting#23 0x00007f650ccd1365 in frr_run (master=0x55d9ad103cf0) at lib/libfrr.c:1231
> FRRouting#24 0x000055d9ab29036e in main (argc=2, argv=0x7ffc56f99598, envp=0x7ffc56f995b0) at isisd/isis_main.c:354

Configuring the same in vtysh configure interactive mode works properly.
When using "vtysh -f", the northbound compatible configuration is
committed together whereas, in interactive mode, it committed line by
line. In the first situation, in validation state nb_running_get_entry()
fails because the area not yet in running.

Do not use nb_running_get_entry() northbound validation state.

Fixes: 893882e ("isisd: add isis flex-algo configuration backend")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
zhou-run added a commit to zhou-run/frr that referenced this issue Nov 9, 2024
… the neighbor status remains UP

Test Scenario:
RouterA and RouterB are in the same routing domain and have configured a P2P link. RouterA is configured with "is-type level-1" while RouterB is configured with "is-type level-1-2". They establish a level-1 UP neighborship. In this scenario, we expect that when RouterB's configuration is switched to "is-type level-2-only", the neighborship status on both RouterA and RouterB would be non-UP. However, RouterB still shows the neighbor as UP.

Upon receiving a P2P Hello packet, the function "process_p2p_hello" is invoked. According to the ISO/IEC 10589 protocol specification, section 8.2.5.2 a) and tables 5 and 7, if the "iih->circ_type" of the neighbor's hello packet does not match one's own "circuit->is_type," we may choose to take no action.
When establishing a neighborship for the first time, the neighbor's status can remain in the "Initializing" state. However, if the neighborship has already been established and one's own "circuit->is_type" changes, the neighbor's UP status cannot be reset. Therefore, when processing P2P Hello packets, we should be cognizant of changes in our own link adjacency type.

Topotest has identified a core issue during testing.
(gdb) bt
"#0  0xb7efe579 in __kernel_vsyscall ()
\#1  0xb79f62f7 in ?? ()
\#2  0xbf981dd0 in ?? ()
\#3  <signal handler called>
\#4  0xb79f7722 in ?? ()
\#5  0xb7ed8634 in _DYNAMIC () from /home/z15467/isis_core/usr/lib/i386-linux-gnu/frr/libfrr.so.0.0.0
\#6  0x0001003c in ?? ()
\#7  0x00010000 in ?? ()
\#8  0xb7df3322 in _frr_mtx_lock (mutex=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/frr_pthread.h:255
\#9  event_timer_remain_msec (thread=0x10000) at ../lib/event.c:734
\#10 event_timer_remain_msec (thread=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/event.c:727
\#11 0x004fb4aa in _send_hello_sched (circuit=<optimized out>, threadp=0x2189de0, level=1, delay=<optimized out>) at ../isisd/isis_pdu.c:2116
\#12 0x004e8dbc in isis_circuit_up (circuit=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../isisd/isis_circuit.c:734
\#13 0x004ea8f7 in isis_csm_state_change (event=<optimized out>, circuit=<optimized out>, arg=<optimized out>) at ../isisd/isis_csm.c:98
\#14 0x004ea23f in isis_circuit_circ_type_set (circuit=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    circ_type=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../isisd/isis_circuit.c:1578
\FRRouting#15 0x0053aefa in lib_interface_isis_network_type_modify (args=<optimized out>) at ../isisd/isis_nb_config.c:4190
\FRRouting#16 0xb7dbcc8d in nb_callback_modify (errmsg_len=8192, errmsg=0xbf982afc "", resource=0x2186220, dnode=<optimized out>, event=NB_EV_APPLY, nb_node=0x1fafe70, context=<optimized out>)
    at ../lib/northbound.c:1550
\FRRouting#17 nb_callback_configuration (context=<optimized out>, event=NB_EV_APPLY, change=<optimized out>, errmsg=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    errmsg_len=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/northbound.c:1900
\FRRouting#18 0xb7dbd646 in nb_transaction_process (errmsg_len=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    errmsg=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, transaction=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    event=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/northbound.c:2028
\FRRouting#19 nb_candidate_commit_apply (transaction=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    save_transaction=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    transaction_id=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, errmsg=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    errmsg_len=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/northbound.c:1368
\FRRouting#20 0xb7dbdd68 in nb_candidate_commit (context=..., candidate=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    save_transaction=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    comment=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, transaction_id=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    errmsg=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, errmsg_len=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>)
    at ../lib/northbound.c:1401
\FRRouting#21 0xb7dc0cff in nb_cli_classic_commit (vty=vty@entry=0x21d6940) at ../lib/northbound_cli.c:57
\FRRouting#22 0xb7dc0f46 in nb_cli_apply_changes_internal (vty=vty@entry=0x21d6940, xpath_base=xpath_base@entry=0xbf986b7c "/frr-interface:lib/interface[name='r5-eth0']", clear_pending=clear_pending@entry=false)
    at ../lib/northbound_cli.c:184
\FRRouting#23 0xb7dc130b in nb_cli_apply_changes (vty=<optimized out>, xpath_base_fmt=<optimized out>) at ../lib/northbound_cli.c:240
\FRRouting#24 0x00542c1d in isis_network_magic (self=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, argc=<optimized out>,
    argv=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, no=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    vty=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../isisd/isis_cli.c:3101
\FRRouting#25 isis_network (self=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, vty=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    argc=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, argv=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>)
    at ./isisd/isis_cli_clippy.c:5499
\FRRouting#26 0xb7d6d8f1 in cmd_execute_command_real (vline=vline@entry=0x219afa0, vty=vty@entry=0x21d6940, cmd=cmd@entry=0x0,
    up_level=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/command.c:1003
\FRRouting#27 0xb7d6d9e0 in cmd_execute_command (vline=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    vty=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, cmd=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    vtysh=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/command.c:1061
\FRRouting#28 0xb7d6dc60 in cmd_execute (vty=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    cmd=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, matched=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    vtysh=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/command.c:1228
\FRRouting#29 0xb7dfb58a in vty_command (vty=vty@entry=0x21d6940, buf=0x21e0ff0 ' ' <repeats 12 times>, "isis network point-to-point") at ../lib/vty.c:625
\FRRouting#30 0xb7dfc560 in vty_execute (vty=vty@entry=0x21d6940) at ../lib/vty.c:1388
\FRRouting#31 0xb7dfdc8d in vtysh_read (thread=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/vty.c:2400
\FRRouting#32 0xb7df4d47 in event_call (thread=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/event.c:2019
\FRRouting#33 0xb7d9a831 in frr_run (master=<optimized out>) at ../lib/libfrr.c:1232
\FRRouting#34 0x004e4758 in main (argc=7, argv=0xbf989a24, envp=0xbf989a44) at ../isisd/isis_main.c:354
(gdb) f 9
\#9  event_timer_remain_msec (thread=0x10000) at ../lib/event.c:734
734     ../lib/event.c: No such file or directory.
(gdb) p pthread
No symbol "pthread" in current context.
(gdb) p thread
$1 = (struct event *) 0x10000

When LAN links and P2P links share the` circuit->u` of a neighbor, if one link is no longer in use and the union is not cleared, the other link is unable to pass the non-empty check, resulting in accessing an invalid pointer. Unfortunately, for non-DIS devices in LAN links, `circuit->u.bc.run_dr_elect[x]` is essentially always 1, but in `isis_circuit_down()`,` circuit->u.bc.run_dr_elect[x] `will not be cleared because `circuit->u.bc.is_dr[x]` is always 0. Consequently, when switching to a P2P link, `isis_circuit_circ_type_set()` does not reset the link in a non-C_STATE_UP state, leading to subsequent accesses of `circuit->u.p2p.t_send_p2p_hello` resulting in a non-empty yet invalid address.

I believe that in `isis_circuit_down()`, the LAN link should unconditionally clear `circuit->u.bc.run_dr_elect[x]`.

Signed-off-by: zhou-run <zhou.run@h3c.com>
zice312963205 pushed a commit to wenwang00/frr that referenced this issue Nov 28, 2024
The following causes a isisd crash.

> # cat config
> affinity-map green bit-position 0
> router isis 1
>  flex-algo 129
>   affinity exclude-any green
> # vtysh -f config

> #0  raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50
> FRRouting#1  0x00007f650cd32756 in core_handler (signo=6, siginfo=0x7ffc56f93070, context=0x7ffc56f92f40) at lib/sigevent.c:258
> FRRouting#2  <signal handler called>
> FRRouting#3  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
> FRRouting#4  0x00007f650c91c537 in __GI_abort () at abort.c:79
> FRRouting#5  0x00007f650cd007c9 in nb_running_get_entry_worker (dnode=0x0, xpath=0x0, abort_if_not_found=true, rec_search=true) at lib/northbound.c:2531
> FRRouting#6  0x00007f650cd007f9 in nb_running_get_entry (dnode=0x55d9ad406e00, xpath=0x0, abort_if_not_found=true) at lib/northbound.c:2537
> FRRouting#7  0x000055d9ab302248 in isis_instance_flex_algo_affinity_set (args=0x7ffc56f947a0, type=2) at isisd/isis_nb_config.c:2998
> FRRouting#8  0x000055d9ab3027c0 in isis_instance_flex_algo_affinity_exclude_any_create (args=0x7ffc56f947a0) at isisd/isis_nb_config.c:3155
> FRRouting#9  0x00007f650ccfe284 in nb_callback_create (context=0x7ffc56f94d20, nb_node=0x55d9ad28b540, event=NB_EV_VALIDATE, dnode=0x55d9ad406e00, resource=0x0, errmsg=0x7ffc56f94de0 "",
>     errmsg_len=8192) at lib/northbound.c:1487
> FRRouting#10 0x00007f650ccff067 in nb_callback_configuration (context=0x7ffc56f94d20, event=NB_EV_VALIDATE, change=0x55d9ad406d40, errmsg=0x7ffc56f94de0 "", errmsg_len=8192) at lib/northbound.c:1884
> FRRouting#11 0x00007f650ccfda31 in nb_candidate_validate_code (context=0x7ffc56f94d20, candidate=0x55d9ad20d710, changes=0x7ffc56f94d38, errmsg=0x7ffc56f94de0 "", errmsg_len=8192)
>     at lib/northbound.c:1246
> FRRouting#12 0x00007f650ccfdc67 in nb_candidate_commit_prepare (context=..., candidate=0x55d9ad20d710, comment=0x0, transaction=0x7ffc56f94da0, skip_validate=false, ignore_zero_change=false,
>     errmsg=0x7ffc56f94de0 "", errmsg_len=8192) at lib/northbound.c:1317
> FRRouting#13 0x00007f650ccfdec4 in nb_candidate_commit (context=..., candidate=0x55d9ad20d710, save_transaction=true, comment=0x0, transaction_id=0x0, errmsg=0x7ffc56f94de0 "", errmsg_len=8192)
>     at lib/northbound.c:1381
> FRRouting#14 0x00007f650cd045ba in nb_cli_classic_commit (vty=0x55d9ad3f7490) at lib/northbound_cli.c:57
> FRRouting#15 0x00007f650cd04749 in nb_cli_pending_commit_check (vty=0x55d9ad3f7490) at lib/northbound_cli.c:96
> FRRouting#16 0x00007f650cc94340 in cmd_execute_command_real (vline=0x55d9ad3eea10, vty=0x55d9ad3f7490, cmd=0x0, up_level=0) at lib/command.c:1000
> FRRouting#17 0x00007f650cc94599 in cmd_execute_command (vline=0x55d9ad3eea10, vty=0x55d9ad3f7490, cmd=0x0, vtysh=0) at lib/command.c:1080
> FRRouting#18 0x00007f650cc94a0c in cmd_execute (vty=0x55d9ad3f7490, cmd=0x55d9ad401d30 "XFRR_end_configuration", matched=0x0, vtysh=0) at lib/command.c:1228
> FRRouting#19 0x00007f650cd523a4 in vty_command (vty=0x55d9ad3f7490, buf=0x55d9ad401d30 "XFRR_end_configuration") at lib/vty.c:625
> FRRouting#20 0x00007f650cd5413d in vty_execute (vty=0x55d9ad3f7490) at lib/vty.c:1388
> FRRouting#21 0x00007f650cd56353 in vtysh_read (thread=0x7ffc56f99370) at lib/vty.c:2400
> FRRouting#22 0x00007f650cd4b6fd in event_call (thread=0x7ffc56f99370) at lib/event.c:1996
> FRRouting#23 0x00007f650ccd1365 in frr_run (master=0x55d9ad103cf0) at lib/libfrr.c:1231
> FRRouting#24 0x000055d9ab29036e in main (argc=2, argv=0x7ffc56f99598, envp=0x7ffc56f995b0) at isisd/isis_main.c:354

Configuring the same in vtysh configure interactive mode works properly.
When using "vtysh -f", the northbound compatible configuration is
committed together whereas, in interactive mode, it committed line by
line. In the first situation, in validation state nb_running_get_entry()
fails because the area not yet in running.

Do not use nb_running_get_entry() northbound validation state.

Fixes: 893882e ("isisd: add isis flex-algo configuration backend")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
zice312963205 pushed a commit to wenwang00/frr that referenced this issue Nov 28, 2024
Fix a crash when modifying a route-map with set as-path exclude without
as-path-access-list:

> router(config)# route-map routemaptest deny 1
> router(config-route-map)# set as-path exclude 33 34 35
> router(config-route-map)# set as-path exclude as-path-access-list test

> #0  raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50
> FRRouting#1  0x00007fb3959327de in core_handler (signo=11, siginfo=0x7ffd122da530, context=0x7ffd122da400) at lib/sigevent.c:258
> FRRouting#2  <signal handler called>
> FRRouting#3  0x000055ab2762a1bd in as_list_list_del (h=0x55ab27897680 <as_exclude_list_orphan>, item=0x55ab28204e20) at ./bgpd/bgp_aspath.h:77
> FRRouting#4  0x000055ab2762d1a8 in as_exclude_remove_orphan (ase=0x55ab28204e20) at bgpd/bgp_aspath.c:1574
> FRRouting#5  0x000055ab27550538 in route_aspath_exclude_free (rule=0x55ab28204e20) at bgpd/bgp_routemap.c:2366
> FRRouting#6  0x00007fb39591f00c in route_map_rule_delete (list=0x55ab28203498, rule=0x55ab28204170) at lib/routemap.c:1357
> FRRouting#7  0x00007fb39591f87c in route_map_add_set (index=0x55ab28203460, set_name=0x55ab276ad2aa "as-path exclude", set_arg=0x55ab281e4f70 "as-path-access-list test") at lib/routemap.c:1674
> FRRouting#8  0x00007fb39591d3f3 in generic_set_add (index=0x55ab28203460, command=0x55ab276ad2aa "as-path exclude", arg=0x55ab281e4f70 "as-path-access-list test", errmsg=0x7ffd122db870 "",
>     errmsg_len=8192) at lib/routemap.c:533
> FRRouting#9  0x000055ab2755e78e in lib_route_map_entry_set_action_rmap_set_action_exclude_as_path_modify (args=0x7ffd122db290) at bgpd/bgp_routemap_nb_config.c:2427
> FRRouting#10 0x00007fb3958fe417 in nb_callback_modify (context=0x55ab28205aa0, nb_node=0x55ab27cb31e0, event=NB_EV_APPLY, dnode=0x55ab28202690, resource=0x55ab27c32148, errmsg=0x7ffd122db870 "",
>     errmsg_len=8192) at lib/northbound.c:1538
> FRRouting#11 0x00007fb3958ff0ab in nb_callback_configuration (context=0x55ab28205aa0, event=NB_EV_APPLY, change=0x55ab27c32110, errmsg=0x7ffd122db870 "", errmsg_len=8192) at lib/northbound.c:1888
> FRRouting#12 0x00007fb3958ff5e4 in nb_transaction_process (event=NB_EV_APPLY, transaction=0x55ab28205aa0, errmsg=0x7ffd122db870 "", errmsg_len=8192) at lib/northbound.c:2016
> FRRouting#13 0x00007fb3958fddba in nb_candidate_commit_apply (transaction=0x55ab28205aa0, save_transaction=true, transaction_id=0x0, errmsg=0x7ffd122db870 "", errmsg_len=8192)
>     at lib/northbound.c:1356
> FRRouting#14 0x00007fb3958fdef0 in nb_candidate_commit (context=..., candidate=0x55ab27c2c9a0, save_transaction=true, comment=0x0, transaction_id=0x0, errmsg=0x7ffd122db870 "", errmsg_len=8192)
>     at lib/northbound.c:1389
> FRRouting#15 0x00007fb3959045ba in nb_cli_classic_commit (vty=0x55ab281f6680) at lib/northbound_cli.c:57
> FRRouting#16 0x00007fb395904b5a in nb_cli_apply_changes_internal (vty=0x55ab281f6680, xpath_base=0x7ffd122dfd10 "/frr-route-map:lib/route-map[name='routemaptest']/entry[sequence='1']",
>     clear_pending=false) at lib/northbound_cli.c:184
> FRRouting#17 0x00007fb395904ebf in nb_cli_apply_changes (vty=0x55ab281f6680, xpath_base_fmt=0x0) at lib/northbound_cli.c:240
> --Type <RET> for more, q to quit, c to continue without paging--
> FRRouting#18 0x000055ab27557d2e in set_aspath_exclude_access_list_magic (self=0x55ab2775c300 <set_aspath_exclude_access_list_cmd>, vty=0x55ab281f6680, argc=5, argv=0x55ab28204c80,
>     as_path_filter_name=0x55ab28202040 "test") at bgpd/bgp_routemap.c:6397
> FRRouting#19 0x000055ab2754bdea in set_aspath_exclude_access_list (self=0x55ab2775c300 <set_aspath_exclude_access_list_cmd>, vty=0x55ab281f6680, argc=5, argv=0x55ab28204c80)
>     at ./bgpd/bgp_routemap_clippy.c:856
> FRRouting#20 0x00007fb39589435d in cmd_execute_command_real (vline=0x55ab281e61f0, vty=0x55ab281f6680, cmd=0x0, up_level=0) at lib/command.c:1003
> FRRouting#21 0x00007fb3958944be in cmd_execute_command (vline=0x55ab281e61f0, vty=0x55ab281f6680, cmd=0x0, vtysh=0) at lib/command.c:1062
> FRRouting#22 0x00007fb395894a0c in cmd_execute (vty=0x55ab281f6680, cmd=0x55ab28200f20 "set as-path exclude as-path-access-list test", matched=0x0, vtysh=0) at lib/command.c:1228
> FRRouting#23 0x00007fb39595242c in vty_command (vty=0x55ab281f6680, buf=0x55ab28200f20 "set as-path exclude as-path-access-list test") at lib/vty.c:625
> FRRouting#24 0x00007fb3959541c5 in vty_execute (vty=0x55ab281f6680) at lib/vty.c:1388
> FRRouting#25 0x00007fb3959563db in vtysh_read (thread=0x7ffd122e2bb0) at lib/vty.c:2400
> FRRouting#26 0x00007fb39594b785 in event_call (thread=0x7ffd122e2bb0) at lib/event.c:1996
> FRRouting#27 0x00007fb3958d1365 in frr_run (master=0x55ab27b56d70) at lib/libfrr.c:1231
> FRRouting#28 0x000055ab2747f1cc in main (argc=3, argv=0x7ffd122e2e08) at bgpd/bgp_main.c:555

Fixes: 094dcc3 ("bgpd: fix "bgp as-pah access-list" with "set aspath exclude" set/unset issues")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
zice312963205 pushed a commit to wenwang00/frr that referenced this issue Nov 28, 2024
… the neighbor status remains UP

Test Scenario:
RouterA and RouterB are in the same routing domain and have configured a P2P link. RouterA is configured with "is-type level-1" while RouterB is configured with "is-type level-1-2". They establish a level-1 UP neighborship. In this scenario, we expect that when RouterB's configuration is switched to "is-type level-2-only", the neighborship status on both RouterA and RouterB would be non-UP. However, RouterB still shows the neighbor as UP.

Upon receiving a P2P Hello packet, the function "process_p2p_hello" is invoked. According to the ISO/IEC 10589 protocol specification, section 8.2.5.2 a) and tables 5 and 7, if the "iih->circ_type" of the neighbor's hello packet does not match one's own "circuit->is_type," we may choose to take no action.
When establishing a neighborship for the first time, the neighbor's status can remain in the "Initializing" state. However, if the neighborship has already been established and one's own "circuit->is_type" changes, the neighbor's UP status cannot be reset. Therefore, when processing P2P Hello packets, we should be cognizant of changes in our own link adjacency type.

Topotest has identified a core issue during testing.
(gdb) bt
"#0  0xb7efe579 in __kernel_vsyscall ()
\FRRouting#1  0xb79f62f7 in ?? ()
\FRRouting#2  0xbf981dd0 in ?? ()
\FRRouting#3  <signal handler called>
\FRRouting#4  0xb79f7722 in ?? ()
\FRRouting#5  0xb7ed8634 in _DYNAMIC () from /home/z15467/isis_core/usr/lib/i386-linux-gnu/frr/libfrr.so.0.0.0
\FRRouting#6  0x0001003c in ?? ()
\FRRouting#7  0x00010000 in ?? ()
\FRRouting#8  0xb7df3322 in _frr_mtx_lock (mutex=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/frr_pthread.h:255
\FRRouting#9  event_timer_remain_msec (thread=0x10000) at ../lib/event.c:734
\FRRouting#10 event_timer_remain_msec (thread=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/event.c:727
\FRRouting#11 0x004fb4aa in _send_hello_sched (circuit=<optimized out>, threadp=0x2189de0, level=1, delay=<optimized out>) at ../isisd/isis_pdu.c:2116
\FRRouting#12 0x004e8dbc in isis_circuit_up (circuit=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../isisd/isis_circuit.c:734
\FRRouting#13 0x004ea8f7 in isis_csm_state_change (event=<optimized out>, circuit=<optimized out>, arg=<optimized out>) at ../isisd/isis_csm.c:98
\FRRouting#14 0x004ea23f in isis_circuit_circ_type_set (circuit=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    circ_type=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../isisd/isis_circuit.c:1578
\FRRouting#15 0x0053aefa in lib_interface_isis_network_type_modify (args=<optimized out>) at ../isisd/isis_nb_config.c:4190
\FRRouting#16 0xb7dbcc8d in nb_callback_modify (errmsg_len=8192, errmsg=0xbf982afc "", resource=0x2186220, dnode=<optimized out>, event=NB_EV_APPLY, nb_node=0x1fafe70, context=<optimized out>)
    at ../lib/northbound.c:1550
\FRRouting#17 nb_callback_configuration (context=<optimized out>, event=NB_EV_APPLY, change=<optimized out>, errmsg=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    errmsg_len=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/northbound.c:1900
\FRRouting#18 0xb7dbd646 in nb_transaction_process (errmsg_len=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    errmsg=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, transaction=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    event=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/northbound.c:2028
\FRRouting#19 nb_candidate_commit_apply (transaction=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    save_transaction=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    transaction_id=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, errmsg=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    errmsg_len=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/northbound.c:1368
\FRRouting#20 0xb7dbdd68 in nb_candidate_commit (context=..., candidate=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    save_transaction=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    comment=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, transaction_id=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    errmsg=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, errmsg_len=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>)
    at ../lib/northbound.c:1401
\FRRouting#21 0xb7dc0cff in nb_cli_classic_commit (vty=vty@entry=0x21d6940) at ../lib/northbound_cli.c:57
\FRRouting#22 0xb7dc0f46 in nb_cli_apply_changes_internal (vty=vty@entry=0x21d6940, xpath_base=xpath_base@entry=0xbf986b7c "/frr-interface:lib/interface[name='r5-eth0']", clear_pending=clear_pending@entry=false)
    at ../lib/northbound_cli.c:184
\FRRouting#23 0xb7dc130b in nb_cli_apply_changes (vty=<optimized out>, xpath_base_fmt=<optimized out>) at ../lib/northbound_cli.c:240
\FRRouting#24 0x00542c1d in isis_network_magic (self=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, argc=<optimized out>,
    argv=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, no=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    vty=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../isisd/isis_cli.c:3101
\FRRouting#25 isis_network (self=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, vty=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    argc=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, argv=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>)
    at ./isisd/isis_cli_clippy.c:5499
\FRRouting#26 0xb7d6d8f1 in cmd_execute_command_real (vline=vline@entry=0x219afa0, vty=vty@entry=0x21d6940, cmd=cmd@entry=0x0,
    up_level=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/command.c:1003
\FRRouting#27 0xb7d6d9e0 in cmd_execute_command (vline=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    vty=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, cmd=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    vtysh=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/command.c:1061
\FRRouting#28 0xb7d6dc60 in cmd_execute (vty=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    cmd=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, matched=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    vtysh=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/command.c:1228
\FRRouting#29 0xb7dfb58a in vty_command (vty=vty@entry=0x21d6940, buf=0x21e0ff0 ' ' <repeats 12 times>, "isis network point-to-point") at ../lib/vty.c:625
\FRRouting#30 0xb7dfc560 in vty_execute (vty=vty@entry=0x21d6940) at ../lib/vty.c:1388
\FRRouting#31 0xb7dfdc8d in vtysh_read (thread=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/vty.c:2400
\FRRouting#32 0xb7df4d47 in event_call (thread=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/event.c:2019
\FRRouting#33 0xb7d9a831 in frr_run (master=<optimized out>) at ../lib/libfrr.c:1232
\FRRouting#34 0x004e4758 in main (argc=7, argv=0xbf989a24, envp=0xbf989a44) at ../isisd/isis_main.c:354
(gdb) f 9
\FRRouting#9  event_timer_remain_msec (thread=0x10000) at ../lib/event.c:734
734     ../lib/event.c: No such file or directory.
(gdb) p pthread
No symbol "pthread" in current context.
(gdb) p thread
$1 = (struct event *) 0x10000

When LAN links and P2P links share the` circuit->u` of a neighbor, if one link is no longer in use and the union is not cleared, the other link is unable to pass the non-empty check, resulting in accessing an invalid pointer. Unfortunately, for non-DIS devices in LAN links, `circuit->u.bc.run_dr_elect[x]` is essentially always 1, but in `isis_circuit_down()`,` circuit->u.bc.run_dr_elect[x] `will not be cleared because `circuit->u.bc.is_dr[x]` is always 0. Consequently, when switching to a P2P link, `isis_circuit_circ_type_set()` does not reset the link in a non-C_STATE_UP state, leading to subsequent accesses of `circuit->u.p2p.t_send_p2p_hello` resulting in a non-empty yet invalid address.

I believe that in `isis_circuit_down()`, the LAN link should unconditionally clear `circuit->u.bc.run_dr_elect[x]`.

Signed-off-by: zhou-run <zhou.run@h3c.com>
zice312963205 pushed a commit to wenwang00/frr that referenced this issue Nov 28, 2024
The following causes a isisd crash.

> # cat config
> affinity-map green bit-position 0
> router isis 1
>  flex-algo 129
>   affinity exclude-any green
> # vtysh -f config

> #0  raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50
> FRRouting#1  0x00007f650cd32756 in core_handler (signo=6, siginfo=0x7ffc56f93070, context=0x7ffc56f92f40) at lib/sigevent.c:258
> FRRouting#2  <signal handler called>
> FRRouting#3  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
> FRRouting#4  0x00007f650c91c537 in __GI_abort () at abort.c:79
> FRRouting#5  0x00007f650cd007c9 in nb_running_get_entry_worker (dnode=0x0, xpath=0x0, abort_if_not_found=true, rec_search=true) at lib/northbound.c:2531
> FRRouting#6  0x00007f650cd007f9 in nb_running_get_entry (dnode=0x55d9ad406e00, xpath=0x0, abort_if_not_found=true) at lib/northbound.c:2537
> FRRouting#7  0x000055d9ab302248 in isis_instance_flex_algo_affinity_set (args=0x7ffc56f947a0, type=2) at isisd/isis_nb_config.c:2998
> FRRouting#8  0x000055d9ab3027c0 in isis_instance_flex_algo_affinity_exclude_any_create (args=0x7ffc56f947a0) at isisd/isis_nb_config.c:3155
> FRRouting#9  0x00007f650ccfe284 in nb_callback_create (context=0x7ffc56f94d20, nb_node=0x55d9ad28b540, event=NB_EV_VALIDATE, dnode=0x55d9ad406e00, resource=0x0, errmsg=0x7ffc56f94de0 "",
>     errmsg_len=8192) at lib/northbound.c:1487
> FRRouting#10 0x00007f650ccff067 in nb_callback_configuration (context=0x7ffc56f94d20, event=NB_EV_VALIDATE, change=0x55d9ad406d40, errmsg=0x7ffc56f94de0 "", errmsg_len=8192) at lib/northbound.c:1884
> FRRouting#11 0x00007f650ccfda31 in nb_candidate_validate_code (context=0x7ffc56f94d20, candidate=0x55d9ad20d710, changes=0x7ffc56f94d38, errmsg=0x7ffc56f94de0 "", errmsg_len=8192)
>     at lib/northbound.c:1246
> FRRouting#12 0x00007f650ccfdc67 in nb_candidate_commit_prepare (context=..., candidate=0x55d9ad20d710, comment=0x0, transaction=0x7ffc56f94da0, skip_validate=false, ignore_zero_change=false,
>     errmsg=0x7ffc56f94de0 "", errmsg_len=8192) at lib/northbound.c:1317
> FRRouting#13 0x00007f650ccfdec4 in nb_candidate_commit (context=..., candidate=0x55d9ad20d710, save_transaction=true, comment=0x0, transaction_id=0x0, errmsg=0x7ffc56f94de0 "", errmsg_len=8192)
>     at lib/northbound.c:1381
> FRRouting#14 0x00007f650cd045ba in nb_cli_classic_commit (vty=0x55d9ad3f7490) at lib/northbound_cli.c:57
> FRRouting#15 0x00007f650cd04749 in nb_cli_pending_commit_check (vty=0x55d9ad3f7490) at lib/northbound_cli.c:96
> FRRouting#16 0x00007f650cc94340 in cmd_execute_command_real (vline=0x55d9ad3eea10, vty=0x55d9ad3f7490, cmd=0x0, up_level=0) at lib/command.c:1000
> FRRouting#17 0x00007f650cc94599 in cmd_execute_command (vline=0x55d9ad3eea10, vty=0x55d9ad3f7490, cmd=0x0, vtysh=0) at lib/command.c:1080
> FRRouting#18 0x00007f650cc94a0c in cmd_execute (vty=0x55d9ad3f7490, cmd=0x55d9ad401d30 "XFRR_end_configuration", matched=0x0, vtysh=0) at lib/command.c:1228
> FRRouting#19 0x00007f650cd523a4 in vty_command (vty=0x55d9ad3f7490, buf=0x55d9ad401d30 "XFRR_end_configuration") at lib/vty.c:625
> FRRouting#20 0x00007f650cd5413d in vty_execute (vty=0x55d9ad3f7490) at lib/vty.c:1388
> FRRouting#21 0x00007f650cd56353 in vtysh_read (thread=0x7ffc56f99370) at lib/vty.c:2400
> FRRouting#22 0x00007f650cd4b6fd in event_call (thread=0x7ffc56f99370) at lib/event.c:1996
> FRRouting#23 0x00007f650ccd1365 in frr_run (master=0x55d9ad103cf0) at lib/libfrr.c:1231
> FRRouting#24 0x000055d9ab29036e in main (argc=2, argv=0x7ffc56f99598, envp=0x7ffc56f995b0) at isisd/isis_main.c:354

Configuring the same in vtysh configure interactive mode works properly.
When using "vtysh -f", the northbound compatible configuration is
committed together whereas, in interactive mode, it committed line by
line. In the first situation, in validation state nb_running_get_entry()
fails because the area not yet in running.

Do not use nb_running_get_entry() northbound validation state.

Fixes: 893882e ("isisd: add isis flex-algo configuration backend")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
zice312963205 pushed a commit to wenwang00/frr that referenced this issue Nov 28, 2024
Fix a crash when modifying a route-map with set as-path exclude without
as-path-access-list:

> router(config)# route-map routemaptest deny 1
> router(config-route-map)# set as-path exclude 33 34 35
> router(config-route-map)# set as-path exclude as-path-access-list test

> #0  raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50
> FRRouting#1  0x00007fb3959327de in core_handler (signo=11, siginfo=0x7ffd122da530, context=0x7ffd122da400) at lib/sigevent.c:258
> FRRouting#2  <signal handler called>
> FRRouting#3  0x000055ab2762a1bd in as_list_list_del (h=0x55ab27897680 <as_exclude_list_orphan>, item=0x55ab28204e20) at ./bgpd/bgp_aspath.h:77
> FRRouting#4  0x000055ab2762d1a8 in as_exclude_remove_orphan (ase=0x55ab28204e20) at bgpd/bgp_aspath.c:1574
> FRRouting#5  0x000055ab27550538 in route_aspath_exclude_free (rule=0x55ab28204e20) at bgpd/bgp_routemap.c:2366
> FRRouting#6  0x00007fb39591f00c in route_map_rule_delete (list=0x55ab28203498, rule=0x55ab28204170) at lib/routemap.c:1357
> FRRouting#7  0x00007fb39591f87c in route_map_add_set (index=0x55ab28203460, set_name=0x55ab276ad2aa "as-path exclude", set_arg=0x55ab281e4f70 "as-path-access-list test") at lib/routemap.c:1674
> FRRouting#8  0x00007fb39591d3f3 in generic_set_add (index=0x55ab28203460, command=0x55ab276ad2aa "as-path exclude", arg=0x55ab281e4f70 "as-path-access-list test", errmsg=0x7ffd122db870 "",
>     errmsg_len=8192) at lib/routemap.c:533
> FRRouting#9  0x000055ab2755e78e in lib_route_map_entry_set_action_rmap_set_action_exclude_as_path_modify (args=0x7ffd122db290) at bgpd/bgp_routemap_nb_config.c:2427
> FRRouting#10 0x00007fb3958fe417 in nb_callback_modify (context=0x55ab28205aa0, nb_node=0x55ab27cb31e0, event=NB_EV_APPLY, dnode=0x55ab28202690, resource=0x55ab27c32148, errmsg=0x7ffd122db870 "",
>     errmsg_len=8192) at lib/northbound.c:1538
> FRRouting#11 0x00007fb3958ff0ab in nb_callback_configuration (context=0x55ab28205aa0, event=NB_EV_APPLY, change=0x55ab27c32110, errmsg=0x7ffd122db870 "", errmsg_len=8192) at lib/northbound.c:1888
> FRRouting#12 0x00007fb3958ff5e4 in nb_transaction_process (event=NB_EV_APPLY, transaction=0x55ab28205aa0, errmsg=0x7ffd122db870 "", errmsg_len=8192) at lib/northbound.c:2016
> FRRouting#13 0x00007fb3958fddba in nb_candidate_commit_apply (transaction=0x55ab28205aa0, save_transaction=true, transaction_id=0x0, errmsg=0x7ffd122db870 "", errmsg_len=8192)
>     at lib/northbound.c:1356
> FRRouting#14 0x00007fb3958fdef0 in nb_candidate_commit (context=..., candidate=0x55ab27c2c9a0, save_transaction=true, comment=0x0, transaction_id=0x0, errmsg=0x7ffd122db870 "", errmsg_len=8192)
>     at lib/northbound.c:1389
> FRRouting#15 0x00007fb3959045ba in nb_cli_classic_commit (vty=0x55ab281f6680) at lib/northbound_cli.c:57
> FRRouting#16 0x00007fb395904b5a in nb_cli_apply_changes_internal (vty=0x55ab281f6680, xpath_base=0x7ffd122dfd10 "/frr-route-map:lib/route-map[name='routemaptest']/entry[sequence='1']",
>     clear_pending=false) at lib/northbound_cli.c:184
> FRRouting#17 0x00007fb395904ebf in nb_cli_apply_changes (vty=0x55ab281f6680, xpath_base_fmt=0x0) at lib/northbound_cli.c:240
> --Type <RET> for more, q to quit, c to continue without paging--
> FRRouting#18 0x000055ab27557d2e in set_aspath_exclude_access_list_magic (self=0x55ab2775c300 <set_aspath_exclude_access_list_cmd>, vty=0x55ab281f6680, argc=5, argv=0x55ab28204c80,
>     as_path_filter_name=0x55ab28202040 "test") at bgpd/bgp_routemap.c:6397
> FRRouting#19 0x000055ab2754bdea in set_aspath_exclude_access_list (self=0x55ab2775c300 <set_aspath_exclude_access_list_cmd>, vty=0x55ab281f6680, argc=5, argv=0x55ab28204c80)
>     at ./bgpd/bgp_routemap_clippy.c:856
> FRRouting#20 0x00007fb39589435d in cmd_execute_command_real (vline=0x55ab281e61f0, vty=0x55ab281f6680, cmd=0x0, up_level=0) at lib/command.c:1003
> FRRouting#21 0x00007fb3958944be in cmd_execute_command (vline=0x55ab281e61f0, vty=0x55ab281f6680, cmd=0x0, vtysh=0) at lib/command.c:1062
> FRRouting#22 0x00007fb395894a0c in cmd_execute (vty=0x55ab281f6680, cmd=0x55ab28200f20 "set as-path exclude as-path-access-list test", matched=0x0, vtysh=0) at lib/command.c:1228
> FRRouting#23 0x00007fb39595242c in vty_command (vty=0x55ab281f6680, buf=0x55ab28200f20 "set as-path exclude as-path-access-list test") at lib/vty.c:625
> FRRouting#24 0x00007fb3959541c5 in vty_execute (vty=0x55ab281f6680) at lib/vty.c:1388
> FRRouting#25 0x00007fb3959563db in vtysh_read (thread=0x7ffd122e2bb0) at lib/vty.c:2400
> FRRouting#26 0x00007fb39594b785 in event_call (thread=0x7ffd122e2bb0) at lib/event.c:1996
> FRRouting#27 0x00007fb3958d1365 in frr_run (master=0x55ab27b56d70) at lib/libfrr.c:1231
> FRRouting#28 0x000055ab2747f1cc in main (argc=3, argv=0x7ffd122e2e08) at bgpd/bgp_main.c:555

Fixes: 094dcc3 ("bgpd: fix "bgp as-pah access-list" with "set aspath exclude" set/unset issues")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
zice312963205 pushed a commit to wenwang00/frr that referenced this issue Nov 28, 2024
… the neighbor status remains UP

Test Scenario:
RouterA and RouterB are in the same routing domain and have configured a P2P link. RouterA is configured with "is-type level-1" while RouterB is configured with "is-type level-1-2". They establish a level-1 UP neighborship. In this scenario, we expect that when RouterB's configuration is switched to "is-type level-2-only", the neighborship status on both RouterA and RouterB would be non-UP. However, RouterB still shows the neighbor as UP.

Upon receiving a P2P Hello packet, the function "process_p2p_hello" is invoked. According to the ISO/IEC 10589 protocol specification, section 8.2.5.2 a) and tables 5 and 7, if the "iih->circ_type" of the neighbor's hello packet does not match one's own "circuit->is_type," we may choose to take no action.
When establishing a neighborship for the first time, the neighbor's status can remain in the "Initializing" state. However, if the neighborship has already been established and one's own "circuit->is_type" changes, the neighbor's UP status cannot be reset. Therefore, when processing P2P Hello packets, we should be cognizant of changes in our own link adjacency type.

Topotest has identified a core issue during testing.
(gdb) bt
"#0  0xb7efe579 in __kernel_vsyscall ()
\FRRouting#1  0xb79f62f7 in ?? ()
\FRRouting#2  0xbf981dd0 in ?? ()
\FRRouting#3  <signal handler called>
\FRRouting#4  0xb79f7722 in ?? ()
\FRRouting#5  0xb7ed8634 in _DYNAMIC () from /home/z15467/isis_core/usr/lib/i386-linux-gnu/frr/libfrr.so.0.0.0
\FRRouting#6  0x0001003c in ?? ()
\FRRouting#7  0x00010000 in ?? ()
\FRRouting#8  0xb7df3322 in _frr_mtx_lock (mutex=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/frr_pthread.h:255
\FRRouting#9  event_timer_remain_msec (thread=0x10000) at ../lib/event.c:734
\FRRouting#10 event_timer_remain_msec (thread=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/event.c:727
\FRRouting#11 0x004fb4aa in _send_hello_sched (circuit=<optimized out>, threadp=0x2189de0, level=1, delay=<optimized out>) at ../isisd/isis_pdu.c:2116
\FRRouting#12 0x004e8dbc in isis_circuit_up (circuit=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../isisd/isis_circuit.c:734
\FRRouting#13 0x004ea8f7 in isis_csm_state_change (event=<optimized out>, circuit=<optimized out>, arg=<optimized out>) at ../isisd/isis_csm.c:98
\FRRouting#14 0x004ea23f in isis_circuit_circ_type_set (circuit=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    circ_type=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../isisd/isis_circuit.c:1578
\FRRouting#15 0x0053aefa in lib_interface_isis_network_type_modify (args=<optimized out>) at ../isisd/isis_nb_config.c:4190
\FRRouting#16 0xb7dbcc8d in nb_callback_modify (errmsg_len=8192, errmsg=0xbf982afc "", resource=0x2186220, dnode=<optimized out>, event=NB_EV_APPLY, nb_node=0x1fafe70, context=<optimized out>)
    at ../lib/northbound.c:1550
\FRRouting#17 nb_callback_configuration (context=<optimized out>, event=NB_EV_APPLY, change=<optimized out>, errmsg=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    errmsg_len=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/northbound.c:1900
\FRRouting#18 0xb7dbd646 in nb_transaction_process (errmsg_len=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    errmsg=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, transaction=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    event=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/northbound.c:2028
\FRRouting#19 nb_candidate_commit_apply (transaction=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    save_transaction=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    transaction_id=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, errmsg=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    errmsg_len=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/northbound.c:1368
\FRRouting#20 0xb7dbdd68 in nb_candidate_commit (context=..., candidate=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    save_transaction=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    comment=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, transaction_id=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    errmsg=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, errmsg_len=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>)
    at ../lib/northbound.c:1401
\FRRouting#21 0xb7dc0cff in nb_cli_classic_commit (vty=vty@entry=0x21d6940) at ../lib/northbound_cli.c:57
\FRRouting#22 0xb7dc0f46 in nb_cli_apply_changes_internal (vty=vty@entry=0x21d6940, xpath_base=xpath_base@entry=0xbf986b7c "/frr-interface:lib/interface[name='r5-eth0']", clear_pending=clear_pending@entry=false)
    at ../lib/northbound_cli.c:184
\FRRouting#23 0xb7dc130b in nb_cli_apply_changes (vty=<optimized out>, xpath_base_fmt=<optimized out>) at ../lib/northbound_cli.c:240
\FRRouting#24 0x00542c1d in isis_network_magic (self=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, argc=<optimized out>,
    argv=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, no=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    vty=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../isisd/isis_cli.c:3101
\FRRouting#25 isis_network (self=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, vty=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    argc=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, argv=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>)
    at ./isisd/isis_cli_clippy.c:5499
\FRRouting#26 0xb7d6d8f1 in cmd_execute_command_real (vline=vline@entry=0x219afa0, vty=vty@entry=0x21d6940, cmd=cmd@entry=0x0,
    up_level=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/command.c:1003
\FRRouting#27 0xb7d6d9e0 in cmd_execute_command (vline=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    vty=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, cmd=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    vtysh=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/command.c:1061
\FRRouting#28 0xb7d6dc60 in cmd_execute (vty=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    cmd=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>, matched=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>,
    vtysh=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/command.c:1228
\FRRouting#29 0xb7dfb58a in vty_command (vty=vty@entry=0x21d6940, buf=0x21e0ff0 ' ' <repeats 12 times>, "isis network point-to-point") at ../lib/vty.c:625
\FRRouting#30 0xb7dfc560 in vty_execute (vty=vty@entry=0x21d6940) at ../lib/vty.c:1388
\FRRouting#31 0xb7dfdc8d in vtysh_read (thread=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/vty.c:2400
\FRRouting#32 0xb7df4d47 in event_call (thread=<error reading variable: dwarf2_find_location_expression: Corrupted DWARF expression.>) at ../lib/event.c:2019
\FRRouting#33 0xb7d9a831 in frr_run (master=<optimized out>) at ../lib/libfrr.c:1232
\FRRouting#34 0x004e4758 in main (argc=7, argv=0xbf989a24, envp=0xbf989a44) at ../isisd/isis_main.c:354
(gdb) f 9
\FRRouting#9  event_timer_remain_msec (thread=0x10000) at ../lib/event.c:734
734     ../lib/event.c: No such file or directory.
(gdb) p pthread
No symbol "pthread" in current context.
(gdb) p thread
$1 = (struct event *) 0x10000

When LAN links and P2P links share the` circuit->u` of a neighbor, if one link is no longer in use and the union is not cleared, the other link is unable to pass the non-empty check, resulting in accessing an invalid pointer. Unfortunately, for non-DIS devices in LAN links, `circuit->u.bc.run_dr_elect[x]` is essentially always 1, but in `isis_circuit_down()`,` circuit->u.bc.run_dr_elect[x] `will not be cleared because `circuit->u.bc.is_dr[x]` is always 0. Consequently, when switching to a P2P link, `isis_circuit_circ_type_set()` does not reset the link in a non-C_STATE_UP state, leading to subsequent accesses of `circuit->u.p2p.t_send_p2p_hello` resulting in a non-empty yet invalid address.

I believe that in `isis_circuit_down()`, the LAN link should unconditionally clear `circuit->u.bc.run_dr_elect[x]`.

Signed-off-by: zhou-run <zhou.run@h3c.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant