Fix Pfc/Qos counter integer range #2
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Qi Luo <qiluo-msft@users.noreply.github.com>
lguohan
approved these changes
Jan 23, 2018
qiluo-msft
force-pushed
the
internal
branch
2 times, most recently
from
e4a9968 to
e84d1d8
Compare
qiluo-msft
force-pushed
the
internal
branch
2 times, most recently
from
6c58080 to
3a8ab6b
Compare
qiluo-msft
force-pushed
the
internal
branch
3 times, most recently
from
79629eb to
cb4d72e
Compare
pavel-shirshov
pushed a commit
that referenced
this pull request
May 1, 2019
If path->net is NULL in the bgp_path_info_free() function, then bgpd would crash in bgp_addpath_free_info_data() with the following backtrace: (gdb) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 #1 0x00007ff7b267a42a in __GI_abort () at abort.c:89 #2 0x00007ff7b39c1ca0 in core_handler (signo=11, siginfo=0x7ffff66414f0, context=<optimized out>) at lib/sigevent.c:249 #3 <signal handler called> #4 idalloc_free_to_pool (pool_ptr=pool_ptr@entry=0x0, id=3) at lib/id_alloc.c:368 #5 0x0000560096246688 in bgp_addpath_free_info_data (d=d@entry=0x560098665468, nd=0x0) at bgpd/bgp_addpath.c:100 #6 0x00005600961bb522 in bgp_path_info_free (path=0x560098665400) at bgpd/bgp_route.c:252 #7 bgp_path_info_unlock (path=0x560098665400) at bgpd/bgp_route.c:276 #8 0x00005600961bb719 in bgp_path_info_reap (rn=rn@entry=0x5600986b2110, pi=pi@entry=0x560098665400) at bgpd/bgp_route.c:320 #9 0x00005600961bf4db in bgp_process_main_one (safi=SAFI_MPLS_VPN, afi=AFI_IP, rn=0x5600986b2110, bgp=0x560098587320) at bgpd/bgp_route.c:2476 #10 bgp_process_wq (wq=<optimized out>, data=0x56009869b8f0) at bgpd/bgp_route.c:2503 #11 0x00007ff7b39d5fcc in work_queue_run (thread=0x7ffff6641e10) at lib/workqueue.c:294 #12 0x00007ff7b39ce3b1 in thread_call (thread=thread@entry=0x7ffff6641e10) at lib/thread.c:1606 #13 0x00007ff7b39a3538 in frr_run (master=0x5600980795b0) at lib/libfrr.c:1011 #14 0x000056009618a5a3 in main (argc=3, argv=0x7ffff6642078) at bgpd/bgp_main.c:481 Add a null-check protection to fix this problem. Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
pavel-shirshov
pushed a commit
that referenced
this pull request
Oct 29, 2019
Our Address Sanitizer CI is finding this issue: error 09-Oct-2019 19:28:33 r4: bgpd triggered an exception by AddressSanitizer error 09-Oct-2019 19:28:33 ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffdd425b060 at pc 0x00000068575f bp 0x7ffdd4258550 sp 0x7ffdd4258540 error 09-Oct-2019 19:28:33 READ of size 1 at 0x7ffdd425b060 thread T0 error 09-Oct-2019 19:28:33 #0 0x68575e in prefix_cmp lib/prefix.c:776 error 09-Oct-2019 19:28:33 #1 0x5889f5 in rfapiItBiIndexSearch bgpd/rfapi/rfapi_import.c:2230 error 09-Oct-2019 19:28:33 #2 0x5889f5 in rfapiBgpInfoFilteredImportVPN bgpd/rfapi/rfapi_import.c:3520 error 09-Oct-2019 19:28:33 #3 0x58b909 in rfapiProcessWithdraw bgpd/rfapi/rfapi_import.c:4071 error 09-Oct-2019 19:28:33 #4 0x4c459b in bgp_withdraw bgpd/bgp_route.c:3736 error 09-Oct-2019 19:28:33 #5 0x484122 in bgp_nlri_parse_vpn bgpd/bgp_mplsvpn.c:237 error 09-Oct-2019 19:28:33 #6 0x497f52 in bgp_nlri_parse bgpd/bgp_packet.c:315 error 09-Oct-2019 19:28:33 #7 0x49d06d in bgp_update_receive bgpd/bgp_packet.c:1598 error 09-Oct-2019 19:28:33 #8 0x49d06d in bgp_process_packet bgpd/bgp_packet.c:2274 error 09-Oct-2019 19:28:33 #9 0x6b9f54 in thread_call lib/thread.c:1531 error 09-Oct-2019 19:28:33 #10 0x657037 in frr_run lib/libfrr.c:1052 error 09-Oct-2019 19:28:33 #11 0x42d268 in main bgpd/bgp_main.c:486 error 09-Oct-2019 19:28:33 #12 0x7f806032482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) error 09-Oct-2019 19:28:33 #13 0x42bcc8 in _start (/usr/lib/frr/bgpd+0x42bcc8) error 09-Oct-2019 19:28:33 error 09-Oct-2019 19:28:33 Address 0x7ffdd425b060 is located in stack of thread T0 at offset 240 in frame error 09-Oct-2019 19:28:33 #0 0x483945 in bgp_nlri_parse_vpn bgpd/bgp_mplsvpn.c:103 error 09-Oct-2019 19:28:33 error 09-Oct-2019 19:28:33 This frame has 5 object(s): error 09-Oct-2019 19:28:33 [32, 36) 'label' error 09-Oct-2019 19:28:33 [96, 108) 'rd_as' error 09-Oct-2019 19:28:33 [160, 172) 'rd_ip' error 09-Oct-2019 19:28:33 [224, 240) 'prd' <== Memory access at offset 240 overflows this variable error 09-Oct-2019 19:28:33 [288, 336) 'p' error 09-Oct-2019 19:28:33 HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext error 09-Oct-2019 19:28:33 (longjmp and C++ exceptions *are* supported) error 09-Oct-2019 19:28:33 SUMMARY: AddressSanitizer: stack-buffer-overflow lib/prefix.c:776 prefix_cmp error 09-Oct-2019 19:28:33 Shadow bytes around the buggy address: error 09-Oct-2019 19:28:33 0x10003a8435b0: 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 error 09-Oct-2019 19:28:33 0x10003a8435c0: 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 error 09-Oct-2019 19:28:33 0x10003a8435d0: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 error 09-Oct-2019 19:28:33 0x10003a8435e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 error 09-Oct-2019 19:28:33 0x10003a8435f0: f1 f1 04 f4 f4 f4 f2 f2 f2 f2 00 04 f4 f4 f2 f2 error 09-Oct-2019 19:28:33 =>0x10003a843600: f2 f2 00 04 f4 f4 f2 f2 f2 f2 00 00[f4]f4 f2 f2 error 09-Oct-2019 19:28:33 0x10003a843610: f2 f2 00 00 00 00 00 00 f4 f4 f3 f3 f3 f3 00 00 error 09-Oct-2019 19:28:33 0x10003a843620: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 error 09-Oct-2019 19:28:33 0x10003a843630: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 02 f4 error 09-Oct-2019 19:28:33 0x10003a843640: f4 f4 f2 f2 f2 f2 04 f4 f4 f4 f2 f2 f2 f2 00 00 error 09-Oct-2019 19:28:33 0x10003a843650: f4 f4 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 00 error 09-Oct-2019 19:28:33 Shadow byte legend (one shadow byte represents 8 application bytes): error 09-Oct-2019 19:28:33 Addressable: 00 error 09-Oct-2019 19:28:33 Partially addressable: 01 02 03 04 05 06 07 error 09-Oct-2019 19:28:33 Heap left redzone: fa error 09-Oct-2019 19:28:33 Heap right redzone: fb error 09-Oct-2019 19:28:33 Freed heap region: fd error 09-Oct-2019 19:28:33 Stack left redzone: f1 error 09-Oct-2019 19:28:33 Stack mid redzone: f2 error 09-Oct-2019 19:28:33 Stack right redzone: f3 error 09-Oct-2019 19:28:33 Stack partial redzone: f4 error 09-Oct-2019 19:28:33 Stack after return: f5 error 09-Oct-2019 19:28:33 Stack use after scope: f8 error 09-Oct-2019 19:28:33 Global redzone: f9 error 09-Oct-2019 19:28:33 Global init order: f6 error 09-Oct-2019 19:28:33 Poisoned by user: f7 error 09-Oct-2019 19:28:33 Container overflow: fc error 09-Oct-2019 19:28:33 Array cookie: ac error 09-Oct-2019 19:28:33 Intra object redzone: bb error 09-Oct-2019 19:28:33 ASan internal: fe error 09-Oct-2019 19:28:36 r3: Daemon bgpd not running This is the result of this code pattern in rfapi/rfapi_import.c: prefix_cmp((struct prefix *)&bpi_result->extra->vnc.import.rd, (struct prefix *)prd)) Effectively prd or vnc.import.rd are `struct prefix_rd` which are being typecast to a `struct prefix`. Not a big deal except commit 1315d74 modified the prefix_cmp function to allow for a sorted prefix_cmp. In prefix_cmp we were looking at the offset and shift. In the case of vnc we were passing a prefix length of 64 which is the exact length of the remaining data structure for struct prefix_rd. So we calculated a offset of 8 and a shift of 0. The data structures for the prefix portion happened to be equal to 64 bits of data. So we checked that with the memcmp got a 0 and promptly read off the end of the data structure for the numcmp. The fix is if shift is 0 that means thei the memcmp has checked everything and there is nothing to do. Please note: We will still crash if we set the prefixlen > then ~312 bits currently( ie if the prefixlen specifies a bit length longer than the prefix length ). I do not think there is anything to do here( nor am I sure how to correct this either ) as that we are going to have some severe problems when we muck up the prefixlen. Fixes: #5025 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
pavel-shirshov
pushed a commit
that referenced
this pull request
Nov 17, 2020
This problem was reported by the sanitizer -
=================================================================
==24764==ERROR: AddressSanitizer: heap-use-after-free on address 0x60d0000115c8 at pc 0x55cb9cfad312 bp 0x7fffa0552140 sp 0x7fffa0552138
READ of size 8 at 0x60d0000115c8 thread T0
#0 0x55cb9cfad311 in zebra_evpn_remote_es_flush zebra/zebra_evpn_mh.c:2041
#1 0x55cb9cfad311 in zebra_evpn_es_cleanup zebra/zebra_evpn_mh.c:2234
#2 0x55cb9cf6ae78 in zebra_vrf_disable zebra/zebra_vrf.c:205
#3 0x7fc8d478f114 in vrf_delete lib/vrf.c:229
#4 0x7fc8d478f99a in vrf_terminate lib/vrf.c:541
#5 0x55cb9ceba0af in sigint zebra/main.c:176
#6 0x55cb9ceba0af in sigint zebra/main.c:130
#7 0x7fc8d4765d20 in quagga_sigevent_process lib/sigevent.c:103
#8 0x7fc8d4787e8c in thread_fetch lib/thread.c:1396
#9 0x7fc8d4708782 in frr_run lib/libfrr.c:1092
#10 0x55cb9ce931d8 in main zebra/main.c:488
#11 0x7fc8d43ee09a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
#12 0x55cb9ce94c09 in _start (/usr/lib/frr/zebra+0x8ac09)
=================================================================
Signed-off-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
pavel-shirshov
pushed a commit
that referenced
this pull request
Nov 17, 2020
When zebra is running with debugs turned on there
is a use after free reported by the address sanitizer:
2020/10/16 12:58:02 ZEBRA: rib_delnode: (0:254):4.5.6.16/32: rn 0x60b000026f20, re 0x6080000131a0, removing
2020/10/16 12:58:02 ZEBRA: rib_meta_queue_add: (0:254):4.5.6.16/32: queued rn 0x60b000026f20 into sub-queue 3
=================================================================
==3101430==ERROR: AddressSanitizer: heap-use-after-free on address 0x608000011d28 at pc 0x555555705ab6 bp 0x7fffffffdab0 sp 0x7fffffffdaa8
READ of size 8 at 0x608000011d28 thread T0
#0 0x555555705ab5 in re_list_const_first zebra/rib.h:222
#1 0x555555705b54 in re_list_first zebra/rib.h:222
#2 0x555555711a4f in process_subq_route zebra/zebra_rib.c:2248
#3 0x555555711d2e in process_subq zebra/zebra_rib.c:2286
#4 0x555555711ec7 in meta_queue_process zebra/zebra_rib.c:2320
#5 0x7ffff74701f7 in work_queue_run lib/workqueue.c:291
#6 0x7ffff7450e9c in thread_call lib/thread.c:1581
#7 0x7ffff738eaf7 in frr_run lib/libfrr.c:1099
#8 0x55555561a578 in main zebra/main.c:455
#9 0x7ffff7079cc9 in __libc_start_main ../csu/libc-start.c:308
#10 0x5555555e3429 in _start (/usr/lib/frr/zebra+0x8f429)
0x608000011d28 is located 8 bytes inside of 88-byte region [0x608000011d20,0x608000011d78)
freed by thread T0 here:
#0 0x7ffff768bb6f in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.6+0xa9b6f)
#1 0x7ffff739ccad in qfree lib/memory.c:129
#2 0x555555709ee4 in rib_gc_dest zebra/zebra_rib.c:746
#3 0x55555570ca76 in rib_process zebra/zebra_rib.c:1240
#4 0x555555711a05 in process_subq_route zebra/zebra_rib.c:2245
#5 0x555555711d2e in process_subq zebra/zebra_rib.c:2286
#6 0x555555711ec7 in meta_queue_process zebra/zebra_rib.c:2320
#7 0x7ffff74701f7 in work_queue_run lib/workqueue.c:291
#8 0x7ffff7450e9c in thread_call lib/thread.c:1581
#9 0x7ffff738eaf7 in frr_run lib/libfrr.c:1099
#10 0x55555561a578 in main zebra/main.c:455
#11 0x7ffff7079cc9 in __libc_start_main ../csu/libc-start.c:308
previously allocated by thread T0 here:
#0 0x7ffff768c037 in calloc (/lib/x86_64-linux-gnu/libasan.so.6+0xaa037)
#1 0x7ffff739cb98 in qcalloc lib/memory.c:110
#2 0x555555712ace in zebra_rib_create_dest zebra/zebra_rib.c:2515
#3 0x555555712c6c in rib_link zebra/zebra_rib.c:2576
#4 0x555555712faa in rib_addnode zebra/zebra_rib.c:2607
#5 0x555555715bf0 in rib_add_multipath_nhe zebra/zebra_rib.c:3012
#6 0x555555715f56 in rib_add_multipath zebra/zebra_rib.c:3049
#7 0x55555571788b in rib_add zebra/zebra_rib.c:3327
#8 0x5555555e584a in connected_up zebra/connected.c:254
#9 0x5555555e42ff in connected_announce zebra/connected.c:94
#10 0x5555555e4fd3 in connected_update zebra/connected.c:195
#11 0x5555555e61ad in connected_add_ipv4 zebra/connected.c:340
#12 0x5555555f26f5 in netlink_interface_addr zebra/if_netlink.c:1213
#13 0x55555560f756 in netlink_information_fetch zebra/kernel_netlink.c:350
#14 0x555555612e49 in netlink_parse_info zebra/kernel_netlink.c:941
#15 0x55555560f9f1 in kernel_read zebra/kernel_netlink.c:402
#16 0x7ffff7450e9c in thread_call lib/thread.c:1581
#17 0x7ffff738eaf7 in frr_run lib/libfrr.c:1099
#18 0x55555561a578 in main zebra/main.c:455
#19 0x7ffff7079cc9 in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: heap-use-after-free zebra/rib.h:222 in re_list_const_first
This is happening because we are using the dest pointer after a call into
rib_gc_dest. In process_subq_route, we call rib_process() and if the
dest is deleted dest pointer is now garbage. We must reload the
dest pointer in this case.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
pavel-shirshov
pushed a commit
that referenced
this pull request
Nov 17, 2020
Fixes the valgrind error we were seeing on startup due to initializing the msg header struct: ``` ==2534283== Thread 3 zebra_dplane: ==2534283== Syscall param recvmsg(msg) points to uninitialised byte(s) ==2534283== at 0x4D616DD: recvmsg (in /usr/lib64/libpthread-2.31.so) ==2534283== by 0x43107C: netlink_recv_msg (kernel_netlink.c:744) ==2534283== by 0x4330E4: nl_batch_read_resp (kernel_netlink.c:1070) ==2534283== by 0x431D12: nl_batch_send (kernel_netlink.c:1201) ==2534283== by 0x431E8B: kernel_update_multi (kernel_netlink.c:1369) ==2534283== by 0x46019B: kernel_dplane_process_func (zebra_dplane.c:3979) ==2534283== by 0x45EB7F: dplane_thread_loop (zebra_dplane.c:4368) ==2534283== by 0x493F5CC: thread_call (thread.c:1585) ==2534283== by 0x48D3450: fpt_run (frr_pthread.c:303) ==2534283== by 0x48D3D41: frr_pthread_inner (frr_pthread.c:156) ==2534283== by 0x4D56431: start_thread (in /usr/lib64/libpthread-2.31.so) ==2534283== by 0x4E709D2: clone (in /usr/lib64/libc-2.31.so) ==2534283== Address 0x85cd850 is on thread 3's stack ==2534283== in frame #2, created by nl_batch_read_resp (kernel_netlink.c:1051) ==2534283== ==2534283== Syscall param recvmsg(msg.msg_control) points to unaddressable byte(s) ==2534283== at 0x4D616DD: recvmsg (in /usr/lib64/libpthread-2.31.so) ==2534283== by 0x43107C: netlink_recv_msg (kernel_netlink.c:744) ==2534283== by 0x4330E4: nl_batch_read_resp (kernel_netlink.c:1070) ==2534283== by 0x431D12: nl_batch_send (kernel_netlink.c:1201) ==2534283== by 0x431E8B: kernel_update_multi (kernel_netlink.c:1369) ==2534283== by 0x46019B: kernel_dplane_process_func (zebra_dplane.c:3979) ==2534283== by 0x45EB7F: dplane_thread_loop (zebra_dplane.c:4368) ==2534283== by 0x493F5CC: thread_call (thread.c:1585) ==2534283== by 0x48D3450: fpt_run (frr_pthread.c:303) ==2534283== by 0x48D3D41: frr_pthread_inner (frr_pthread.c:156) ==2534283== by 0x4D56431: start_thread (in /usr/lib64/libpthread-2.31.so) ==2534283== by 0x4E709D2: clone (in /usr/lib64/libc-2.31.so) ==2534283== Address 0xa0 is not stack'd, malloc'd or (recently) free'd ==2534283== ``` Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
lguohan
pushed a commit
that referenced
this pull request
Dec 24, 2020
The fields in the broadcast/p2p union struct in an isis circuit are initialized when the circuit goes up, but currently this step is skipped if the interface is passive. This can create problems if the circuit type (referred to as network type in the config) changes from broadcast to point-to-point. We can end up with the p2p neighbor pointer pointing at some garbage left by the broadcast struct in the union, which would then cause a segfault the first time we would dereference it - for example when building the lsp, or computing the SPF tree. compressed backtrace of a possible crash: #0 0x0000555555579a9c in lsp_build at frr/isisd/isis_lsp.c:1114 #1 0x000055555557a516 in lsp_regenerate at frr/isisd/isis_lsp.c:1301 #2 0x000055555557aa25 in lsp_refresh at frr/isisd/isis_lsp.c:1381 #3 0x00007ffff7b2622c in thread_call at frr/lib/thread.c:1549 #4 0x00007ffff7ad6df4 in frr_run at frr/lib/libfrr.c:1098 #5 0x000055555556b67f in main at frr/isisd/isis_main.c:272 isis_lsp.c: 1112 case CIRCUIT_T_P2P: { 1113 struct isis_adjacency *nei = circuit->u.p2p.neighbor; 1114 if (nei && nei->adj_state == ISIS_ADJ_UP Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
lguohan
pushed a commit
that referenced
this pull request
Dec 24, 2020
We are using data after it has been freed and handed back to the OS. Address Sanitizer output: error 23-Nov-2020 18:53:57 ERROR: AddressSanitizer: heap-use-after-free on address 0x631000024838 at pc 0x55f825998f58 bp 0x7fffa5b0f5b0 sp 0x7fffa5b0f5a0 error 23-Nov-2020 18:53:57 READ of size 4 at 0x631000024838 thread T0 error 23-Nov-2020 18:53:57 #0 0x55f825998f57 in lde_imsg_compose_parent_sync ldpd/lde.c:226 error 23-Nov-2020 18:53:57 #1 0x55f8259ca9ed in vlog ldpd/log.c:48 error 23-Nov-2020 18:53:57 #2 0x55f8259cb1c8 in log_info ldpd/log.c:102 error 23-Nov-2020 18:53:57 #3 0x55f82599e841 in lde_shutdown ldpd/lde.c:208 error 23-Nov-2020 18:53:57 #4 0x55f8259a2703 in lde_dispatch_parent ldpd/lde.c:666 error 23-Nov-2020 18:53:57 #5 0x55f825ac3815 in thread_call lib/thread.c:1681 error 23-Nov-2020 18:53:57 #6 0x55f825998d5e in lde ldpd/lde.c:160 error 23-Nov-2020 18:53:57 #7 0x55f82598a289 in main ldpd/ldpd.c:320 error 23-Nov-2020 18:53:57 #8 0x7fe3f749db96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) error 23-Nov-2020 18:53:57 #9 0x55f825982579 in _start (/usr/lib/frr/ldpd+0xb3579) error 23-Nov-2020 18:53:57 error 23-Nov-2020 18:53:57 0x631000024838 is located 65592 bytes inside of 65632-byte region [0x631000014800,0x631000024860) error 23-Nov-2020 18:53:57 freed by thread T0 here: error 23-Nov-2020 18:53:57 #0 0x7fe3f8a4d7a8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7a8) error 23-Nov-2020 18:53:57 #1 0x55f82599e830 in lde_shutdown ldpd/lde.c:206 error 23-Nov-2020 18:53:57 #2 0x55f8259a2703 in lde_dispatch_parent ldpd/lde.c:666 error 23-Nov-2020 18:53:57 #3 0x55f825ac3815 in thread_call lib/thread.c:1681 error 23-Nov-2020 18:53:57 #4 0x55f825998d5e in lde ldpd/lde.c:160 error 23-Nov-2020 18:53:57 #5 0x55f82598a289 in main ldpd/ldpd.c:320 error 23-Nov-2020 18:53:57 #6 0x7fe3f749db96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) error 23-Nov-2020 18:53:57 error 23-Nov-2020 18:53:57 previously allocated by thread T0 here: error 23-Nov-2020 18:53:57 #0 0x7fe3f8a4dd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) error 23-Nov-2020 18:53:57 #1 0x55f825998cb7 in lde ldpd/lde.c:151 error 23-Nov-2020 18:53:57 #2 0x55f82598a289 in main ldpd/ldpd.c:320 error 23-Nov-2020 18:53:57 #3 0x7fe3f749db96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) error 23-Nov-2020 18:53:57 The fix is to put this in global space. Signed-off-by: Donald Sharp <sharpd@nvidia.com>
lguohan
pushed a commit
that referenced
this pull request
Dec 24, 2020
error 26-Nov-2020 14:35:02 ERROR: AddressSanitizer: heap-use-after-free on address 0x631000024838 at pc 0x55cefae977e9 bp 0x7ffdd3546860 sp 0x7ffdd3546850 error 26-Nov-2020 14:35:02 READ of size 4 at 0x631000024838 thread T0 error 26-Nov-2020 14:35:02 #0 0x55cefae977e8 in ldpe_imsg_compose_parent_sync ldpd/ldpe.c:256 error 26-Nov-2020 14:35:02 #1 0x55cefae9ab13 in vlog ldpd/log.c:53 error 26-Nov-2020 14:35:02 #2 0x55cefae9b21f in log_info ldpd/log.c:102 error 26-Nov-2020 14:35:02 #3 0x55cefae96eae in ldpe_shutdown ldpd/ldpe.c:237 error 26-Nov-2020 14:35:02 #4 0x55cefae99254 in ldpe_dispatch_main ldpd/ldpe.c:585 error 26-Nov-2020 14:35:02 #5 0x55cefaf93875 in thread_call lib/thread.c:1681 error 26-Nov-2020 14:35:02 #6 0x55cefae97304 in ldpe ldpd/ldpe.c:136 error 26-Nov-2020 14:35:02 #7 0x55cefae5a2e2 in main ldpd/ldpd.c:322 error 26-Nov-2020 14:35:02 #8 0x7f4ef0c33b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) error 26-Nov-2020 14:35:02 #9 0x55cefae525e9 in _start (/usr/lib/frr/ldpd+0xb35e9) error 26-Nov-2020 14:35:02 error 26-Nov-2020 14:35:02 0x631000024838 is located 65592 bytes inside of 65632-byte region [0x631000014800,0x631000024860) error 26-Nov-2020 14:35:02 freed by thread T0 here: error 26-Nov-2020 14:35:02 #0 0x7f4ef21e37a8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7a8) error 26-Nov-2020 14:35:02 #1 0x55cefae96e91 in ldpe_shutdown ldpd/ldpe.c:234 error 26-Nov-2020 14:35:02 #2 0x55cefae99254 in ldpe_dispatch_main ldpd/ldpe.c:585 error 26-Nov-2020 14:35:02 #3 0x55cefaf93875 in thread_call lib/thread.c:1681 error 26-Nov-2020 14:35:02 #4 0x55cefae97304 in ldpe ldpd/ldpe.c:136 error 26-Nov-2020 14:35:02 #5 0x55cefae5a2e2 in main ldpd/ldpd.c:322 error 26-Nov-2020 14:35:02 #6 0x7f4ef0c33b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) error 26-Nov-2020 14:35:02 error 26-Nov-2020 14:35:02 previously allocated by thread T0 here: error 26-Nov-2020 14:35:02 #0 0x7f4ef21e3d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) error 26-Nov-2020 14:35:02 #1 0x55cefae9725d in ldpe ldpd/ldpe.c:127 error 26-Nov-2020 14:35:02 #2 0x55cefae5a2e2 in main ldpd/ldpd.c:322 error 26-Nov-2020 14:35:02 #3 0x7f4ef0c33b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) Clean this problem up in the same way as the previous commit Signed-off-by: Donald Sharp <sharpd@nvidia.com>
yxieca
pushed a commit
that referenced
this pull request
Apr 14, 2022
``` exit1-debian-11# sh ip bgp 100.100.100.100/32 BGP routing table entry for 100.100.100.100/32, version 7 Paths: (2 available, best #2, table default) Advertised to non peer-group peers: home-spine1.donatas.net(192.168.0.2) 65002, (stale) 192.168.10.17 from donatas-pc(192.168.10.17) (0.0.0.0) Origin incomplete, valid, external Community: llgr-stale Last update: Thu Jan 13 08:58:08 2022 Time until Long-lived stale route deleted: 18 65001 192.168.0.2 from home-spine1.donatas.net(192.168.0.2) (2.2.2.2) Origin incomplete, metric 0, valid, external, best (First path received) Last update: Thu Jan 13 08:57:56 2022 ``` ``` ~# vtysh -c 'show ip bgp 100.100.100.100/32 json' | jq '."paths"[] | ."llgrSecondsRemaining"' 17 ``` Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
yxieca
pushed a commit
that referenced
this pull request
Apr 14, 2022
``` ~# vtysh -c 'show bgp ipv4 unicast summary' | grep 192.168.10.17 *donatas-pc(192.168.10.17) 4 65002 8 12 0 0 0 00:01:35 2 14 N/A ``` Before shutting down 192.168.10.17: ``` ~# vtysh -c 'show bgp ipv4 unicast 100.100.100.100/32' BGP routing table entry for 100.100.100.100/32, version 7 Paths: (2 available, best #2, table default) Advertised to non peer-group peers: home-spine1.donatas.net(192.168.0.2) 65002, (stale) 192.168.10.17 from donatas-pc(192.168.10.17) (0.0.0.0) Origin incomplete, valid, external Last update: Sat Jan 15 21:45:47 2022 65001 192.168.0.2 from home-spine1.donatas.net(192.168.0.2) (2.2.2.2) Origin incomplete, metric 0, valid, external, best (Older Path) Last update: Sat Jan 15 21:25:19 2022 ``` After 192.168.10.17 is down: ``` ~# vtysh -c 'show bgp ipv4 unicast summary' | grep 192.168.10.17 donatas-pc(192.168.10.17) 4 65002 5 9 0 0 0 00:00:12 Active 0 N/A ~# vtysh -c 'show bgp ipv4 unicast 100.100.100.100/32' BGP routing table entry for 100.100.100.100/32, version 7 Paths: (2 available, best #2, table default) Advertised to non peer-group peers: home-spine1.donatas.net(192.168.0.2) 65002, (stale) 192.168.10.17 from donatas-pc(192.168.10.17) (0.0.0.0) Origin incomplete, valid, external Community: llgr-stale Last update: Sat Jan 15 21:49:01 2022 Time until Long-lived stale route deleted: 16 65001 192.168.0.2 from home-spine1.donatas.net(192.168.0.2) (2.2.2.2) Origin incomplete, metric 0, valid, external, best (First path received) Last update: Sat Jan 15 21:25:19 2022 ``` Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
marcosfsch
pushed a commit
to marcosfsch/sonic-frr
that referenced
this pull request
Jan 30, 2024
Extend Router Capabilities TLV pack function to pack Router Capabilies Sub-TLV (RFC 9352 section sonic-net#2). Signed-off-by: Carmine Scarpitta <carmine.scarpitta@uniroma2.it>
marcosfsch
pushed a commit
to marcosfsch/sonic-frr
that referenced
this pull request
Jan 30, 2024
Extend Router Capabilities TLV unpack function to unpack SRv6 Capabilities Sub-TLV (RFC 9352 section sonic-net#2). Signed-off-by: Carmine Scarpitta <carmine.scarpitta@uniroma2.it>
marcosfsch
pushed a commit
to marcosfsch/sonic-frr
that referenced
this pull request
Jan 30, 2024
Bug is reporoduced in case of switching interfaces betwean VRFs.
ospf6d is enabled and configured in each VRF.
'dest' can be removed from the route node in the time when the same
route node waiting processing in another sub-queue.
A route node must only be in one sub-queue at a time.
Details:
1. Config:
interface if0
ipv6 address 2001:db8:cafe:2::2/64
ipv6 nat inside
ipv6 ospf6 area 0.0.0.51
ipv6 ospf6 cost 10
vrf test2
exit
!
interface if1
ipv6 address 2001:db8:cafe:4::1/64
ipv6 nat outside
ipv6 ospf6 area 0.0.0.0
ipv6 ospf6 cost 10
vrf test2
exit
!
router ospf6
ospf6 router-id 2.2.2.2
exit
!
router ospf6 vrf test1
ospf6 router-id 2.2.2.2
exit
!
router ospf6 vrf test2
ospf6 router-id 2.2.2.2
exit
I just quickly switched interfaces between different VRFs (default/test1/test2).
2. Log messages:
Aug 02 16:51:56 ubuntu zebra[386985]: [MFYWV-KH3MC] process_subq_early_route_add: (0:?):2001:db8:cafe:2::/64: Inserting route rn 0x56267593de90, re 0x56267595ae40 (connected) existing 0x0, same_count 0
Aug 02 16:51:56 ubuntu zebra[386985]: [Q4T2G-E2SQF] process_subq_early_route_add: dumping RE entry 0x56267595ae40 for 2001:db8:cafe:2::/64 vrf default(0)
Aug 02 16:51:56 ubuntu zebra[386985]: [GCGMT-SQR82] rib_link: (0:?):2001:db8:cafe:2::/64: rn 0x56267593de90 adding dest
Aug 02 16:51:56 ubuntu zebra[386985]: [JF0K0-DVHWH] rib_meta_queue_add: (0:254):2001:db8:cafe:2::/64: queued rn 0x56267593de90 into sub-queue Connected Routes
Aug 02 16:51:56 ubuntu zebra[386985]: [QE6V0-J8BG5] rib_delnode: (0:254):2001:db8:cafe:2::/64: rn 0x56267593de90, re 0x56267595ae40, removing
Aug 02 16:51:56 ubuntu zebra[386985]: [KMPGN-JBRKW] rib_meta_queue_add: (0:254):2001:db8:cafe:2::/64: rn 0x56267593de90 is already queued in sub-queue Connected Routes
Aug 02 16:51:56 ubuntu zebra[386985]: [MFYWV-KH3MC] process_subq_early_route_add: (0:254):2001:db8:cafe:2::/64: Inserting route rn 0x56267593de90, re 0x56267595abf0 (ospf6) existing 0x0, same_count 1
Aug 02 16:51:56 ubuntu zebra[386985]: [Q4T2G-E2SQF] process_subq_early_route_add: dumping RE entry 0x56267595abf0 for 2001:db8:cafe:2::/64 vrf default(0)
Aug 02 16:51:56 ubuntu zebra[386985]: [KMPGN-JBRKW] rib_meta_queue_add: (0:254):2001:db8:cafe:2::/64: rn 0x56267593de90 is already queued in sub-queue Connected Routes
Aug 02 16:51:56 ubuntu zebra[386985]: [YEYFX-TDSC2] process_subq_early_route_add: (0:254):2001:db8:cafe:2::/64: rn 0x56267593de90, removing unneeded re 0x56267595ae40
Aug 02 16:51:56 ubuntu zebra[386985]: [Y53JX-CBC5H] rib_unlink: (0:254):2001:db8:cafe:2::/64: rn 0x56267593de90, re 0x56267595ae40
Aug 02 16:51:56 ubuntu zebra[386985]: [QE6V0-J8BG5] rib_delnode: (0:254):2001:db8:cafe:2::/64: rn 0x56267593de90, re 0x56267595abf0, removing
Aug 02 16:51:56 ubuntu zebra[386985]: [JF0K0-DVHWH] rib_meta_queue_add: (0:254):2001:db8:cafe:2::/64: queued rn 0x56267593de90 into sub-queue RIP/OSPF/ISIS/EIGRP/NHRP Routes
Aug 02 16:51:56 ubuntu zebra[386985]: [NZNZ4-7P54Y] default(0:254):2001:db8:cafe:2::/64: Processing rn 0x56267593de90
Aug 02 16:51:56 ubuntu zebra[386985]: [ZJVZ4-XEGPF] default(0:254):2001:db8:cafe:2::/64: Examine re 0x56267595abf0 (ospf6) status: Removed Changed flags: None dist 110 metric 10
Aug 02 16:51:56 ubuntu zebra[386985]: [NM15X-X83N9] rib_process: (0:254):2001:db8:cafe:2::/64: rn 0x56267593de90, removing re 0x56267595abf0
Aug 02 16:51:56 ubuntu zebra[386985]: [Y53JX-CBC5H] rib_unlink: (0:254):2001:db8:cafe:2::/64: rn 0x56267593de90, re 0x56267595abf0
Aug 02 16:51:56 ubuntu zebra[386985]: [KT8QQ-45WQ0] rib_gc_dest: (0:?):2001:db8:cafe:2::/64: removing dest from table
Aug 02 16:51:56 ubuntu zebra[386985]: [HH6N2-PDCJS] default(0:0):2001:db8:cafe:2::/64 rn 0x56267593de90 dequeued from sub-queue Connected Routes
3. ...and then assert:
(gdb) bt
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=140662163115136) at ./nptl/pthread_kill.c:44
sonic-net#1 __pthread_kill_internal (signo=6, threadid=140662163115136) at ./nptl/pthread_kill.c:78
sonic-net#2 __GI___pthread_kill (threadid=140662163115136, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
sonic-net#3 0x00007fee76753476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
sonic-net#4 0x00007fee767397f3 in __GI_abort () at ./stdlib/abort.c:79
sonic-net#5 0x00007fee76a420fd in _zlog_assert_failed () from target:/usr/lib/x86_64-linux-gnu/frr/libfrr.so.0
sonic-net#6 0x0000562674efe0f0 in process_subq_route (qindex=7 '\a', lnode=0x562675940c60) at zebra/zebra_rib.c:2540
sonic-net#7 process_subq (qindex=META_QUEUE_NOTBGP, subq=0x562675574580) at zebra/zebra_rib.c:3055
sonic-net#8 meta_queue_process (dummy=<optimized out>, data=0x56267556d430) at zebra/zebra_rib.c:3091
sonic-net#9 0x00007fee76a386e8 in work_queue_run () from target:/usr/lib/x86_64-linux-gnu/frr/libfrr.so.0
sonic-net#10 0x00007fee76a31c91 in thread_call () from target:/usr/lib/x86_64-linux-gnu/frr/libfrr.so.0
sonic-net#11 0x00007fee769ee528 in frr_run () from target:/usr/lib/x86_64-linux-gnu/frr/libfrr.so.0
sonic-net#12 0x0000562674e97ec5 in main (argc=5, argv=0x7ffd1e275958) at zebra/main.c:478
(gdb) print lnode->data
$10 = (void *) 0x56267593de90
(gdb) p/x *(struct route_node *)0x56267593de90
$11 = {
p = {
family = 0xa,
prefixlen = 0x40,
u = {
prefix = 0x20,
prefix4 = {
s_addr = 0xb80d0120
},
prefix6 = {
__in6_u = {
__u6_addr8 = {0x20, 0x1, 0xd, 0xb8, 0xca, 0xfe, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
__u6_addr16 = {0x120, 0xb80d, 0xfeca, 0x200, 0x0, 0x0, 0x0, 0x0},
__u6_addr32 = {0xb80d0120, 0x200feca, 0x0, 0x0}
}
},
...
table = 0x5626755ae010,
parent = 0x5626755ae070,
link = {0x0, 0x0},
lock = 0x4,
nodehash = {
hi = {
next = 0x5626755ae0d0,
hashval = 0xebe8bdbf
}
},
info = 0x0
3. What's happen:
We removed unneeded re 0x56267595ae40 while adding re 0x56267595abf0. It was the last connected re,
but rn 0x56267593de90 is still in the connected sub-queue.
Then rib_delnode was called for 0x56267595abf0. (rn 0x56267593de90 is still in the connected sub-queue).
rib_delnode have called rib_meta_queue_add which have checked, that rn is absent in sub-queue RIP/OSPF/ISIS/EIGRP/NHRP
and have added rn in the second sub-queue.
Fixes: d7ac4c4 ("zebra: Introduce early route processing on the MetaQ")
Signed-off-by: Pavel Ivashchenko <pivashchenko@nfware.com>
marcosfsch
pushed a commit
to marcosfsch/sonic-frr
that referenced
this pull request
Jan 30, 2024
Properly free the dynamically allocated memory held by `str` after its use.
The change also maintains the return value of `nb_cli_apply_changes` by using 'ret' variable.
The ASan leak log for reference:
```
***********************************************************************************
Address Sanitizer Error detected in bgp_set_aspath_replace.test_bgp_set_aspath_replace/r1.asan.bgpd.11586
=================================================================
==11586==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 92 byte(s) in 3 object(s) allocated from:
#0 0x7f4e2951db40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
sonic-net#1 0x7f4e28f19ea2 in qmalloc lib/memory.c:100
sonic-net#2 0x7f4e28edbb08 in frrstr_join lib/frrstr.c:89
sonic-net#3 0x7f4e28e9a601 in argv_concat lib/command.c:183
sonic-net#4 0x56519adf8413 in set_aspath_replace_access_list_magic bgpd/bgp_routemap.c:6174
sonic-net#5 0x56519adf8942 in set_aspath_replace_access_list bgpd/bgp_routemap_clippy.c:683
sonic-net#6 0x7f4e28e9d548 in cmd_execute_command_real lib/command.c:993
sonic-net#7 0x7f4e28e9da0c in cmd_execute_command lib/command.c:1051
sonic-net#8 0x7f4e28e9de8b in cmd_execute lib/command.c:1218
sonic-net#9 0x7f4e28fc4f1c in vty_command lib/vty.c:591
sonic-net#10 0x7f4e28fc53c7 in vty_execute lib/vty.c:1354
sonic-net#11 0x7f4e28fcdc8d in vtysh_read lib/vty.c:2362
sonic-net#12 0x7f4e28fb8c8b in event_call lib/event.c:1979
sonic-net#13 0x7f4e28efd445 in frr_run lib/libfrr.c:1213
sonic-net#14 0x56519ac85d81 in main bgpd/bgp_main.c:510
sonic-net#15 0x7f4e27f40c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
SUMMARY: AddressSanitizer: 92 byte(s) leaked in 3 allocation(s).
***********************************************************************************
***********************************************************************************
Address Sanitizer Error detected in bgp_set_aspath_exclude.test_bgp_set_aspath_exclude/r1.asan.bgpd.10385
=================================================================
==10385==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 55 byte(s) in 2 object(s) allocated from:
#0 0x7f6814fdab40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
sonic-net#1 0x7f68149d6ea2 in qmalloc lib/memory.c:100
sonic-net#2 0x7f6814998b08 in frrstr_join lib/frrstr.c:89
sonic-net#3 0x7f6814957601 in argv_concat lib/command.c:183
sonic-net#4 0x5570e05117a1 in set_aspath_exclude_access_list_magic bgpd/bgp_routemap.c:6327
sonic-net#5 0x5570e05119da in set_aspath_exclude_access_list bgpd/bgp_routemap_clippy.c:836
sonic-net#6 0x7f681495a548 in cmd_execute_command_real lib/command.c:993
sonic-net#7 0x7f681495aa0c in cmd_execute_command lib/command.c:1051
sonic-net#8 0x7f681495ae8b in cmd_execute lib/command.c:1218
sonic-net#9 0x7f6814a81f1c in vty_command lib/vty.c:591
sonic-net#10 0x7f6814a823c7 in vty_execute lib/vty.c:1354
sonic-net#11 0x7f6814a8ac8d in vtysh_read lib/vty.c:2362
sonic-net#12 0x7f6814a75c8b in event_call lib/event.c:1979
sonic-net#13 0x7f68149ba445 in frr_run lib/libfrr.c:1213
sonic-net#14 0x5570e03a0d81 in main bgpd/bgp_main.c:510
sonic-net#15 0x7f68139fdc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
SUMMARY: AddressSanitizer: 55 byte(s) leaked in 2 allocation(s).
***********************************************************************************
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
marcosfsch
pushed a commit
to marcosfsch/sonic-frr
that referenced
this pull request
Jan 30, 2024
Properly free the dynamically allocated memory held by `str` after its use.
The change also maintains the return value of `nb_cli_apply_changes` by using `ret` variable.
The ASan leak log for reference:
```
Direct leak of 55 byte(s) in 2 object(s) allocated from:
#0 0x7f16f285f867 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
sonic-net#1 0x7f16f23fda11 in qmalloc ../lib/memory.c:100
sonic-net#2 0x7f16f23a01a0 in frrstr_join ../lib/frrstr.c:89
sonic-net#3 0x7f16f23418c7 in argv_concat ../lib/command.c:183
sonic-net#4 0x55aba24731f2 in set_aspath_exclude_access_list_magic ../bgpd/bgp_routemap.c:6327
sonic-net#5 0x55aba2455cf4 in set_aspath_exclude_access_list bgpd/bgp_routemap_clippy.c:836
sonic-net#6 0x7f16f2345d61 in cmd_execute_command_real ../lib/command.c:993
sonic-net#7 0x7f16f23460ee in cmd_execute_command ../lib/command.c:1052
sonic-net#8 0x7f16f2346dc0 in cmd_execute ../lib/command.c:1218
sonic-net#9 0x7f16f24f7197 in vty_command ../lib/vty.c:591
sonic-net#10 0x7f16f24fc07c in vty_execute ../lib/vty.c:1354
sonic-net#11 0x7f16f250247a in vtysh_read ../lib/vty.c:2362
sonic-net#12 0x7f16f24e72f4 in event_call ../lib/event.c:1979
sonic-net#13 0x7f16f23d1828 in frr_run ../lib/libfrr.c:1213
sonic-net#14 0x55aba2269e52 in main ../bgpd/bgp_main.c:510
sonic-net#15 0x7f16f1dbfd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
marcosfsch
pushed a commit
to marcosfsch/sonic-frr
that referenced
this pull request
Jan 30, 2024
In scenarios where no backup paths are available, ensure proper
memory management by deleting `q_space->vertex_list`. This prevents
memory leaks.
The ASan leak log for reference:
```
Direct leak of 80 byte(s) in 2 object(s) allocated from:
#0 0x7fcf8c70aa37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
sonic-net#1 0x7fcf8c2a8a45 in qcalloc ../lib/memory.c:105
sonic-net#2 0x7fcf8c27d0cc in list_new ../lib/linklist.c:49
sonic-net#3 0x55d6e8385e35 in ospf_spf_init ../ospfd/ospf_spf.c:540
sonic-net#4 0x55d6e838c30d in ospf_spf_calculate ../ospfd/ospf_spf.c:1736
sonic-net#5 0x55d6e83933cf in ospf_ti_lfa_generate_q_spaces ../ospfd/ospf_ti_lfa.c:673
sonic-net#6 0x55d6e8394214 in ospf_ti_lfa_generate_p_space ../ospfd/ospf_ti_lfa.c:812
sonic-net#7 0x55d6e8394c63 in ospf_ti_lfa_generate_p_spaces ../ospfd/ospf_ti_lfa.c:923
sonic-net#8 0x55d6e8396390 in ospf_ti_lfa_compute ../ospfd/ospf_ti_lfa.c:1101
sonic-net#9 0x55d6e838ca48 in ospf_spf_calculate_area ../ospfd/ospf_spf.c:1811
sonic-net#10 0x55d6e838cd73 in ospf_spf_calculate_areas ../ospfd/ospf_spf.c:1840
sonic-net#11 0x55d6e838cfb0 in ospf_spf_calculate_schedule_worker ../ospfd/ospf_spf.c:1871
sonic-net#12 0x7fcf8c3922e4 in event_call ../lib/event.c:1979
sonic-net#13 0x7fcf8c27c828 in frr_run ../lib/libfrr.c:1213
sonic-net#14 0x55d6e82eeb6d in main ../ospfd/ospf_main.c:249
sonic-net#15 0x7fcf8bd59d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
marcosfsch
pushed a commit
to marcosfsch/sonic-frr
that referenced
this pull request
Jan 30, 2024
This commit ensures that sequence data
and associated structures are correctly deleted to prevent memory leaks
The ASan leak log for reference:
```
Direct leak of 432 byte(s) in 1 object(s) allocated from:
#0 0x7f911ebaba37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
sonic-net#1 0x7f911e749a4e in qcalloc ../lib/memory.c:105
sonic-net#2 0x564fd444b2d3 in pbrms_get ../pbrd/pbr_map.c:527
sonic-net#3 0x564fd443a82d in pbr_map ../pbrd/pbr_vty.c:90
sonic-net#4 0x7f911e691d61 in cmd_execute_command_real ../lib/command.c:993
sonic-net#5 0x7f911e6920ee in cmd_execute_command ../lib/command.c:1052
sonic-net#6 0x7f911e692dc0 in cmd_execute ../lib/command.c:1218
sonic-net#7 0x7f911e843197 in vty_command ../lib/vty.c:591
sonic-net#8 0x7f911e84807c in vty_execute ../lib/vty.c:1354
sonic-net#9 0x7f911e84e47a in vtysh_read ../lib/vty.c:2362
sonic-net#10 0x7f911e8332f4 in event_call ../lib/event.c:1979
sonic-net#11 0x7f911e71d828 in frr_run ../lib/libfrr.c:1213
sonic-net#12 0x564fd4425795 in main ../pbrd/pbr_main.c:168
sonic-net#13 0x7f911e2e1d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
marcosfsch
pushed a commit
to marcosfsch/sonic-frr
that referenced
this pull request
Jan 30, 2024
This commit ensures proper cleanup by clearing the `algo->pdst` pointer if it points to a path that is being deleted.
It addresses memory leaks by freeing memory held by `algo->pdst` that might not have been released during the cleanup of processed paths.
The ASan leak log for reference:
```
Direct leak of 96 byte(s) in 1 object(s) allocated from:
#0 0x7fbffcec9a37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
sonic-net#1 0x7fbffca67a81 in qcalloc ../lib/memory.c:105
sonic-net#2 0x7fbffc9d1a54 in cpath_new ../lib/cspf.c:44
sonic-net#3 0x7fbffc9d2829 in cspf_init ../lib/cspf.c:256
sonic-net#4 0x7fbffc9d295d in cspf_init_v4 ../lib/cspf.c:287
sonic-net#5 0x5601dcd34d3f in show_sharp_cspf_magic ../sharpd/sharp_vty.c:1262
sonic-net#6 0x5601dcd2c2be in show_sharp_cspf sharpd/sharp_vty_clippy.c:1869
sonic-net#7 0x7fbffc9afd61 in cmd_execute_command_real ../lib/command.c:993
sonic-net#8 0x7fbffc9b00ee in cmd_execute_command ../lib/command.c:1052
sonic-net#9 0x7fbffc9b0dc0 in cmd_execute ../lib/command.c:1218
sonic-net#10 0x7fbffcb611c7 in vty_command ../lib/vty.c:591
sonic-net#11 0x7fbffcb660ac in vty_execute ../lib/vty.c:1354
sonic-net#12 0x7fbffcb6c4aa in vtysh_read ../lib/vty.c:2362
sonic-net#13 0x7fbffcb51324 in event_call ../lib/event.c:1979
sonic-net#14 0x7fbffca3b872 in frr_run ../lib/libfrr.c:1213
sonic-net#15 0x5601dcd11c6f in main ../sharpd/sharp_main.c:177
sonic-net#16 0x7fbffc5ffd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Indirect leak of 40 byte(s) in 1 object(s) allocated from:
#0 0x7fbffcec9a37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
sonic-net#1 0x7fbffca67a81 in qcalloc ../lib/memory.c:105
sonic-net#2 0x7fbffca3c108 in list_new ../lib/linklist.c:49
sonic-net#3 0x7fbffc9d1acc in cpath_new ../lib/cspf.c:47
sonic-net#4 0x7fbffc9d2829 in cspf_init ../lib/cspf.c:256
sonic-net#5 0x7fbffc9d295d in cspf_init_v4 ../lib/cspf.c:287
sonic-net#6 0x5601dcd34d3f in show_sharp_cspf_magic ../sharpd/sharp_vty.c:1262
sonic-net#7 0x5601dcd2c2be in show_sharp_cspf sharpd/sharp_vty_clippy.c:1869
sonic-net#8 0x7fbffc9afd61 in cmd_execute_command_real ../lib/command.c:993
sonic-net#9 0x7fbffc9b00ee in cmd_execute_command ../lib/command.c:1052
sonic-net#10 0x7fbffc9b0dc0 in cmd_execute ../lib/command.c:1218
sonic-net#11 0x7fbffcb611c7 in vty_command ../lib/vty.c:591
sonic-net#12 0x7fbffcb660ac in vty_execute ../lib/vty.c:1354
sonic-net#13 0x7fbffcb6c4aa in vtysh_read ../lib/vty.c:2362
sonic-net#14 0x7fbffcb51324 in event_call ../lib/event.c:1979
sonic-net#15 0x7fbffca3b872 in frr_run ../lib/libfrr.c:1213
sonic-net#16 0x5601dcd11c6f in main ../sharpd/sharp_main.c:177
sonic-net#17 0x7fbffc5ffd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
marcosfsch
pushed a commit
to marcosfsch/sonic-frr
that referenced
this pull request
Jan 30, 2024
Previously when updating vertices, edges and subnets, when no update was required
due to existing value matching the new one, memory associated with the new object
was not being freed leading to memory leaks. This commit fixes memory leak by
freeing memory associated with new object when update is unnecessary.
The ASan leak log for reference:
```
Direct leak of 312 byte(s) in 3 object(s) allocated from:
#0 0x7faf3afbfa37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
sonic-net#1 0x7faf3ab5dbcf in qcalloc ../lib/memory.c:105
sonic-net#2 0x7faf3ab42e00 in ls_parse_prefix ../lib/link_state.c:1323
sonic-net#3 0x7faf3ab43c87 in ls_parse_msg ../lib/link_state.c:1373
sonic-net#4 0x7faf3ab476a5 in ls_stream2ted ../lib/link_state.c:1885
sonic-net#5 0x564e045046aa in sharp_opaque_handler ../sharpd/sharp_zebra.c:792
sonic-net#6 0x7faf3aca35a9 in zclient_read ../lib/zclient.c:4410
sonic-net#7 0x7faf3ac47474 in event_call ../lib/event.c:1979
sonic-net#8 0x7faf3ab318b4 in frr_run ../lib/libfrr.c:1213
sonic-net#9 0x564e044fdc6f in main ../sharpd/sharp_main.c:177
sonic-net#10 0x7faf3a6f4d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
SUMMARY: AddressSanitizer: 312 byte(s) leaked in 3 allocation(s).
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
marcosfsch
pushed a commit
to marcosfsch/sonic-frr
that referenced
this pull request
Jan 30, 2024
…Discarded
The newly created LSA `new` is now properly freed to prevent memory leaks when
a non-self-originated Grace LSA which is not in LSDB is received.
The ASan leak log for reference:
```
Direct leak of 400 byte(s) in 2 object(s) allocated from:
#0 0x7f70e984bd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
sonic-net#1 0x7f70e92481c5 in qcalloc lib/memory.c:105
sonic-net#2 0x55b35068c975 in ospf6_lsa_alloc ospf6d/ospf6_lsa.c:710
sonic-net#3 0x55b35068c9f9 in ospf6_lsa_create ospf6d/ospf6_lsa.c:725
sonic-net#4 0x55b35065ab2c in ospf6_receive_lsa ospf6d/ospf6_flood.c:912
sonic-net#5 0x55b3506a1413 in ospf6_lsupdate_recv ospf6d/ospf6_message.c:1621
sonic-net#6 0x55b3506a1413 in ospf6_read_helper ospf6d/ospf6_message.c:1896
sonic-net#7 0x55b3506a1413 in ospf6_receive ospf6d/ospf6_message.c:1925
sonic-net#8 0x7f70e92e6ccb in event_call lib/event.c:1979
sonic-net#9 0x7f70e922b488 in frr_run lib/libfrr.c:1213
sonic-net#10 0x55b35064345e in main ospf6d/ospf6_main.c:250
sonic-net#11 0x7f70e8843c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 72 byte(s) in 2 object(s) allocated from:
#0 0x7f70e984bb40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
sonic-net#1 0x7f70e9247ee5 in qmalloc lib/memory.c:100
sonic-net#2 0x55b35068c987 in ospf6_lsa_alloc ospf6d/ospf6_lsa.c:711
sonic-net#3 0x55b35068c9f9 in ospf6_lsa_create ospf6d/ospf6_lsa.c:725
sonic-net#4 0x55b35065ab2c in ospf6_receive_lsa ospf6d/ospf6_flood.c:912
sonic-net#5 0x55b3506a1413 in ospf6_lsupdate_recv ospf6d/ospf6_message.c:1621
sonic-net#6 0x55b3506a1413 in ospf6_read_helper ospf6d/ospf6_message.c:1896
sonic-net#7 0x55b3506a1413 in ospf6_receive ospf6d/ospf6_message.c:1925
sonic-net#8 0x7f70e92e6ccb in event_call lib/event.c:1979
sonic-net#9 0x7f70e922b488 in frr_run lib/libfrr.c:1213
sonic-net#10 0x55b35064345e in main ospf6d/ospf6_main.c:250
sonic-net#11 0x7f70e8843c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
SUMMARY: AddressSanitizer: 472 byte(s) leaked in 4 allocation(s).
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
marcosfsch
pushed a commit
to marcosfsch/sonic-frr
that referenced
this pull request
Jan 30, 2024
Addressed a memory leak in OSPF by fixing the improper deallocation of
area range nodes when removed from the table. Introducing a new function,
`ospf_range_table_node_destroy` for proper node cleanup, resolved the issue.
The ASan leak log for reference:
```
Direct leak of 56 byte(s) in 2 object(s) allocated from:
#0 0x7faf661d1d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
sonic-net#1 0x7faf65bce1e9 in qcalloc lib/memory.c:105
sonic-net#2 0x55a66e0b61cd in ospf_area_range_new ospfd/ospf_abr.c:43
sonic-net#3 0x55a66e0b61cd in ospf_area_range_set ospfd/ospf_abr.c:195
sonic-net#4 0x55a66e07f2eb in ospf_area_range ospfd/ospf_vty.c:631
sonic-net#5 0x7faf65b51548 in cmd_execute_command_real lib/command.c:993
sonic-net#6 0x7faf65b51f79 in cmd_execute_command_strict lib/command.c:1102
sonic-net#7 0x7faf65b51fd8 in command_config_read_one_line lib/command.c:1262
sonic-net#8 0x7faf65b522bf in config_from_file lib/command.c:1315
sonic-net#9 0x7faf65c832df in vty_read_file lib/vty.c:2605
sonic-net#10 0x7faf65c83409 in vty_read_config lib/vty.c:2851
sonic-net#11 0x7faf65bb0341 in frr_config_read_in lib/libfrr.c:977
sonic-net#12 0x7faf65c6cceb in event_call lib/event.c:1979
sonic-net#13 0x7faf65bb1488 in frr_run lib/libfrr.c:1213
sonic-net#14 0x55a66dfb28c4 in main ospfd/ospf_main.c:249
sonic-net#15 0x7faf651c9c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
SUMMARY: AddressSanitizer: 56 byte(s) leaked in 2 allocation(s).
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
marcosfsch
pushed a commit
to marcosfsch/sonic-frr
that referenced
this pull request
Jan 30, 2024
This commit frees dynamically allocated memory associated
with `pbrms->nhgrp_name` and `pbrms->dst` which were causing memory leaks.
The ASan leak log for reference:
```
=================================================================
==107458==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 56 byte(s) in 1 object(s) allocated from:
#0 0x7f87d644ca37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
sonic-net#1 0x7f87d5feaa37 in qcalloc ../lib/memory.c:105
sonic-net#2 0x7f87d6054ffd in prefix_new ../lib/prefix.c:1180
sonic-net#3 0x55722f3c2885 in pbr_map_match_dst_magic ../pbrd/pbr_vty.c:302
sonic-net#4 0x55722f3b5c24 in pbr_map_match_dst pbrd/pbr_vty_clippy.c:228
sonic-net#5 0x7f87d5f32d61 in cmd_execute_command_real ../lib/command.c:993
sonic-net#6 0x7f87d5f330ee in cmd_execute_command ../lib/command.c:1052
sonic-net#7 0x7f87d5f33dc0 in cmd_execute ../lib/command.c:1218
sonic-net#8 0x7f87d60e4177 in vty_command ../lib/vty.c:591
sonic-net#9 0x7f87d60e905c in vty_execute ../lib/vty.c:1354
sonic-net#10 0x7f87d60ef45a in vtysh_read ../lib/vty.c:2362
sonic-net#11 0x7f87d60d42d4 in event_call ../lib/event.c:1979
sonic-net#12 0x7f87d5fbe828 in frr_run ../lib/libfrr.c:1213
sonic-net#13 0x55722f3ac795 in main ../pbrd/pbr_main.c:168
sonic-net#14 0x7f87d5b82d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Direct leak of 2 byte(s) in 1 object(s) allocated from:
#0 0x7f87d63f39a7 in __interceptor_strdup ../../../../src/libsanitizer/asan/asan_interceptors.cpp:454
sonic-net#1 0x7f87d5feaafc in qstrdup ../lib/memory.c:117
sonic-net#2 0x55722f3da139 in pbr_nht_set_seq_nhg ../pbrd/pbr_nht.c:551
sonic-net#3 0x55722f3c693f in pbr_map_nexthop_group_magic ../pbrd/pbr_vty.c:1140
sonic-net#4 0x55722f3bdaae in pbr_map_nexthop_group pbrd/pbr_vty_clippy.c:1284
sonic-net#5 0x7f87d5f32d61 in cmd_execute_command_real ../lib/command.c:993
sonic-net#6 0x7f87d5f330ee in cmd_execute_command ../lib/command.c:1052
sonic-net#7 0x7f87d5f33dc0 in cmd_execute ../lib/command.c:1218
sonic-net#8 0x7f87d60e4177 in vty_command ../lib/vty.c:591
sonic-net#9 0x7f87d60e905c in vty_execute ../lib/vty.c:1354
sonic-net#10 0x7f87d60ef45a in vtysh_read ../lib/vty.c:2362
sonic-net#11 0x7f87d60d42d4 in event_call ../lib/event.c:1979
sonic-net#12 0x7f87d5fbe828 in frr_run ../lib/libfrr.c:1213
sonic-net#13 0x55722f3ac795 in main ../pbrd/pbr_main.c:168
sonic-net#14 0x7f87d5b82d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
SUMMARY: AddressSanitizer: 58 byte(s) leaked in 2 allocation(s).
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
marcosfsch
pushed a commit
to marcosfsch/sonic-frr
that referenced
this pull request
Jan 30, 2024
Fixes a memory leak in ospfd where the external aggregator
was not released after its associated route node is deleted.
The ASan leak log for reference:
```
***********************************************************************************
Address Sanitizer Error detected in ospf_basic_functionality.test_ospf_asbr_summary_topo1/r0.asan.ospfd.31502
=================================================================
==31502==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 200 byte(s) in 5 object(s) allocated from:
#0 0x7fdb30665d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
sonic-net#1 0x7fdb300620da in qcalloc lib/memory.c:105
sonic-net#2 0x55e53c2da5fa in ospf_external_aggregator_new ospfd/ospf_asbr.c:396
sonic-net#3 0x55e53c2dead3 in ospf_asbr_external_aggregator_set ospfd/ospf_asbr.c:1123
sonic-net#4 0x55e53c27c921 in ospf_external_route_aggregation ospfd/ospf_vty.c:10264
sonic-net#5 0x7fdb2ffe5428 in cmd_execute_command_real lib/command.c:993
sonic-net#6 0x7fdb2ffe58ec in cmd_execute_command lib/command.c:1051
sonic-net#7 0x7fdb2ffe5d6b in cmd_execute lib/command.c:1218
sonic-net#8 0x7fdb3010ce2a in vty_command lib/vty.c:591
sonic-net#9 0x7fdb3010d2d5 in vty_execute lib/vty.c:1354
sonic-net#10 0x7fdb30115b9b in vtysh_read lib/vty.c:2362
sonic-net#11 0x7fdb30100b99 in event_call lib/event.c:1979
sonic-net#12 0x7fdb30045379 in frr_run lib/libfrr.c:1213
sonic-net#13 0x55e53c1ccab4 in main ospfd/ospf_main.c:249
sonic-net#14 0x7fdb2f65dc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 40 byte(s) in 1 object(s) allocated from:
#0 0x7fdb30665d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
sonic-net#1 0x7fdb300620da in qcalloc lib/memory.c:105
sonic-net#2 0x55e53c2da5fa in ospf_external_aggregator_new ospfd/ospf_asbr.c:396
sonic-net#3 0x55e53c2dedd3 in ospf_asbr_external_rt_no_advertise ospfd/ospf_asbr.c:1182
sonic-net#4 0x55e53c27cf10 in ospf_external_route_aggregation_no_adrvertise ospfd/ospf_vty.c:10626
sonic-net#5 0x7fdb2ffe5428 in cmd_execute_command_real lib/command.c:993
sonic-net#6 0x7fdb2ffe58ec in cmd_execute_command lib/command.c:1051
sonic-net#7 0x7fdb2ffe5d6b in cmd_execute lib/command.c:1218
sonic-net#8 0x7fdb3010ce2a in vty_command lib/vty.c:591
sonic-net#9 0x7fdb3010d2d5 in vty_execute lib/vty.c:1354
sonic-net#10 0x7fdb30115b9b in vtysh_read lib/vty.c:2362
sonic-net#11 0x7fdb30100b99 in event_call lib/event.c:1979
sonic-net#12 0x7fdb30045379 in frr_run lib/libfrr.c:1213
sonic-net#13 0x55e53c1ccab4 in main ospfd/ospf_main.c:249
sonic-net#14 0x7fdb2f65dc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
SUMMARY: AddressSanitizer: 240 byte(s) leaked in 6 allocation(s).
***********************************************************************************
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
marcosfsch
pushed a commit
to marcosfsch/sonic-frr
that referenced
this pull request
Jan 30, 2024
Extend Router Capabilities TLV format function to return information about SRv6 Capabilities Sub-TLVs (RFC 9352 section sonic-net#2). Signed-off-by: Carmine Scarpitta <carmine.scarpitta@uniroma2.it>
marcosfsch
pushed a commit
to marcosfsch/sonic-frr
that referenced
this pull request
Jan 30, 2024
`ng` was not properly freed, leading to a memory leak.
The commit calls `nexthop_group_delete` to free memory associated with `ng`.
The ASan leak log for reference:
```
***********************************************************************************
Address Sanitizer Error detected in isis_topo1.test_isis_topo1/r5.asan.zebra.24308
=================================================================
==24308==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x7f4f47b43d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
sonic-net#1 0x7f4f4753c0a8 in qcalloc lib/memory.c:105
sonic-net#2 0x7f4f47559526 in nexthop_group_new lib/nexthop_group.c:270
sonic-net#3 0x562ded6a39d4 in zebra_add_import_table_entry zebra/redistribute.c:681
sonic-net#4 0x562ded787c35 in rib_link zebra/zebra_rib.c:3972
sonic-net#5 0x562ded787c35 in rib_addnode zebra/zebra_rib.c:3993
sonic-net#6 0x562ded787c35 in process_subq_early_route_add zebra/zebra_rib.c:2860
sonic-net#7 0x562ded787c35 in process_subq_early_route zebra/zebra_rib.c:3138
sonic-net#8 0x562ded787c35 in process_subq zebra/zebra_rib.c:3178
sonic-net#9 0x562ded787c35 in meta_queue_process zebra/zebra_rib.c:3228
sonic-net#10 0x7f4f475f7118 in work_queue_run lib/workqueue.c:266
sonic-net#11 0x7f4f475dc7f2 in event_call lib/event.c:1969
sonic-net#12 0x7f4f4751f347 in frr_run lib/libfrr.c:1213
sonic-net#13 0x562ded69e818 in main zebra/main.c:486
sonic-net#14 0x7f4f468ffc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 152 byte(s) in 1 object(s) allocated from:
#0 0x7f4f47b43d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
sonic-net#1 0x7f4f4753c0a8 in qcalloc lib/memory.c:105
sonic-net#2 0x7f4f475510ad in nexthop_new lib/nexthop.c:376
sonic-net#3 0x7f4f475539c5 in nexthop_dup lib/nexthop.c:914
sonic-net#4 0x7f4f4755b27a in copy_nexthops lib/nexthop_group.c:444
sonic-net#5 0x562ded6a3a1c in zebra_add_import_table_entry zebra/redistribute.c:682
sonic-net#6 0x562ded787c35 in rib_link zebra/zebra_rib.c:3972
sonic-net#7 0x562ded787c35 in rib_addnode zebra/zebra_rib.c:3993
sonic-net#8 0x562ded787c35 in process_subq_early_route_add zebra/zebra_rib.c:2860
sonic-net#9 0x562ded787c35 in process_subq_early_route zebra/zebra_rib.c:3138
sonic-net#10 0x562ded787c35 in process_subq zebra/zebra_rib.c:3178
sonic-net#11 0x562ded787c35 in meta_queue_process zebra/zebra_rib.c:3228
sonic-net#12 0x7f4f475f7118 in work_queue_run lib/workqueue.c:266
sonic-net#13 0x7f4f475dc7f2 in event_call lib/event.c:1969
sonic-net#14 0x7f4f4751f347 in frr_run lib/libfrr.c:1213
sonic-net#15 0x562ded69e818 in main zebra/main.c:486
sonic-net#16 0x7f4f468ffc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
SUMMARY: AddressSanitizer: 184 byte(s) leaked in 2 allocation(s).
***********************************************************************************
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
marcosfsch
pushed a commit
to marcosfsch/sonic-frr
that referenced
this pull request
Jan 30, 2024
The shallow copy of attr wasn't freed when there was no valid label for the momentand the function return therefore creating leaks. The leak below are solved by flushing the shallow copy of attr.
Address Sanitizer Error detected in bgp_vpnv6_per_nexthop_label.test_bgp_vpnv6_per_nexthop_label/r1.asan.bgpd.13409
=================================================================
==13409==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 280 byte(s) in 7 object(s) allocated from:
#0 0x7f62cd0c9d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
sonic-net#1 0x7f62ccac21c3 in qcalloc lib/memory.c:105
sonic-net#2 0x5623b8810dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252
sonic-net#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
sonic-net#4 0x5623b88c13b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005
sonic-net#5 0x5623b89beabc in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287
sonic-net#6 0x5623b89beabc in af_label_vpn_export_allocation_mode_magic bgpd/bgp_vty.c:9464
sonic-net#7 0x5623b89beabc in af_label_vpn_export_allocation_mode bgpd/bgp_vty_clippy.c:2809
sonic-net#8 0x7f62cca45511 in cmd_execute_command_real lib/command.c:978
sonic-net#9 0x7f62cca459d5 in cmd_execute_command lib/command.c:1036
sonic-net#10 0x7f62cca45e54 in cmd_execute lib/command.c:1203
sonic-net#11 0x7f62ccb6ee20 in vty_command lib/vty.c:591
sonic-net#12 0x7f62ccb6f2cb in vty_execute lib/vty.c:1354
sonic-net#13 0x7f62ccb77b95 in vtysh_read lib/vty.c:2362
sonic-net#14 0x7f62ccb62b8f in event_call lib/event.c:1969
sonic-net#15 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213
sonic-net#16 0x5623b87e054b in main bgpd/bgp_main.c:510
sonic-net#17 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 280 byte(s) in 7 object(s) allocated from:
#0 0x7f62cd0c9d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
sonic-net#1 0x7f62ccac21c3 in qcalloc lib/memory.c:105
sonic-net#2 0x5623b8810dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252
sonic-net#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
sonic-net#4 0x5623b892e86d in bgp_update bgpd/bgp_route.c:4969
sonic-net#5 0x5623b893134d in bgp_nlri_parse_ip bgpd/bgp_route.c:6213
sonic-net#6 0x5623b88e2a0e in bgp_nlri_parse bgpd/bgp_packet.c:341
sonic-net#7 0x5623b88e4f7c in bgp_update_receive bgpd/bgp_packet.c:2220
sonic-net#8 0x5623b88f0474 in bgp_process_packet bgpd/bgp_packet.c:3386
sonic-net#9 0x7f62ccb62b8f in event_call lib/event.c:1969
sonic-net#10 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213
sonic-net#11 0x5623b87e054b in main bgpd/bgp_main.c:510
sonic-net#12 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 280 byte(s) in 7 object(s) allocated from:
#0 0x7f62cd0c9d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
sonic-net#1 0x7f62ccac21c3 in qcalloc lib/memory.c:105
sonic-net#2 0x5623b8810dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252
sonic-net#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
sonic-net#4 0x5623b88c13b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005
sonic-net#5 0x5623b89bdebb in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287
sonic-net#6 0x5623b89bdebb in af_label_vpn_export_magic bgpd/bgp_vty.c:9547
sonic-net#7 0x5623b89bdebb in af_label_vpn_export bgpd/bgp_vty_clippy.c:2868
sonic-net#8 0x7f62cca45511 in cmd_execute_command_real lib/command.c:978
sonic-net#9 0x7f62cca459d5 in cmd_execute_command lib/command.c:1036
sonic-net#10 0x7f62cca45e54 in cmd_execute lib/command.c:1203
sonic-net#11 0x7f62ccb6ee20 in vty_command lib/vty.c:591
sonic-net#12 0x7f62ccb6f2cb in vty_execute lib/vty.c:1354
sonic-net#13 0x7f62ccb77b95 in vtysh_read lib/vty.c:2362
sonic-net#14 0x7f62ccb62b8f in event_call lib/event.c:1969
sonic-net#15 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213
sonic-net#16 0x5623b87e054b in main bgpd/bgp_main.c:510
sonic-net#17 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 240 byte(s) in 6 object(s) allocated from:
#0 0x7f62cd0c9d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
sonic-net#1 0x7f62ccac21c3 in qcalloc lib/memory.c:105
sonic-net#2 0x5623b8810dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252
sonic-net#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
sonic-net#4 0x5623b88dc289 in evaluate_paths bgpd/bgp_nht.c:1384
sonic-net#5 0x5623b88ddb0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733
sonic-net#6 0x5623b88de027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934
sonic-net#7 0x5623b8a03163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104
sonic-net#8 0x7f62ccb92d8a in zclient_read lib/zclient.c:4425
sonic-net#9 0x7f62ccb62b8f in event_call lib/event.c:1969
sonic-net#10 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213
sonic-net#11 0x5623b87e054b in main bgpd/bgp_main.c:510
sonic-net#12 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 120 byte(s) in 3 object(s) allocated from:
#0 0x7f62cd0c9d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
sonic-net#1 0x7f62ccac21c3 in qcalloc lib/memory.c:105
sonic-net#2 0x5623b8810dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252
sonic-net#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
sonic-net#4 0x5623b893a406 in bgp_redistribute_add bgpd/bgp_route.c:8692
sonic-net#5 0x5623b8a02b3b in zebra_read_route bgpd/bgp_zebra.c:595
sonic-net#6 0x7f62ccb92d8a in zclient_read lib/zclient.c:4425
sonic-net#7 0x7f62ccb62b8f in event_call lib/event.c:1969
sonic-net#8 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213
sonic-net#9 0x5623b87e054b in main bgpd/bgp_main.c:510
sonic-net#10 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 80 byte(s) in 2 object(s) allocated from:
#0 0x7f62cd0c9d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
sonic-net#1 0x7f62ccac21c3 in qcalloc lib/memory.c:105
sonic-net#2 0x5623b8810dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252
sonic-net#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
sonic-net#4 0x5623b88dc188 in evaluate_paths bgpd/bgp_nht.c:1348
sonic-net#5 0x5623b88ddb0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733
sonic-net#6 0x5623b88de027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934
sonic-net#7 0x5623b8a03163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104
sonic-net#8 0x7f62ccb92d8a in zclient_read lib/zclient.c:4425
sonic-net#9 0x7f62ccb62b8f in event_call lib/event.c:1969
sonic-net#10 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213
sonic-net#11 0x5623b87e054b in main bgpd/bgp_main.c:510
sonic-net#12 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 56 byte(s) in 7 object(s) allocated from:
#0 0x7f62cd0c9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
sonic-net#1 0x7f62ccac1ee3 in qmalloc lib/memory.c:100
sonic-net#2 0x5623b8810eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256
sonic-net#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
sonic-net#4 0x5623b88c13b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005
sonic-net#5 0x5623b89beabc in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287
sonic-net#6 0x5623b89beabc in af_label_vpn_export_allocation_mode_magic bgpd/bgp_vty.c:9464
sonic-net#7 0x5623b89beabc in af_label_vpn_export_allocation_mode bgpd/bgp_vty_clippy.c:2809
sonic-net#8 0x7f62cca45511 in cmd_execute_command_real lib/command.c:978
sonic-net#9 0x7f62cca459d5 in cmd_execute_command lib/command.c:1036
sonic-net#10 0x7f62cca45e54 in cmd_execute lib/command.c:1203
sonic-net#11 0x7f62ccb6ee20 in vty_command lib/vty.c:591
sonic-net#12 0x7f62ccb6f2cb in vty_execute lib/vty.c:1354
sonic-net#13 0x7f62ccb77b95 in vtysh_read lib/vty.c:2362
sonic-net#14 0x7f62ccb62b8f in event_call lib/event.c:1969
sonic-net#15 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213
sonic-net#16 0x5623b87e054b in main bgpd/bgp_main.c:510
sonic-net#17 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 56 byte(s) in 7 object(s) allocated from:
#0 0x7f62cd0c9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
sonic-net#1 0x7f62ccac1ee3 in qmalloc lib/memory.c:100
sonic-net#2 0x5623b8810eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256
sonic-net#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
sonic-net#4 0x5623b892e86d in bgp_update bgpd/bgp_route.c:4969
sonic-net#5 0x5623b893134d in bgp_nlri_parse_ip bgpd/bgp_route.c:6213
sonic-net#6 0x5623b88e2a0e in bgp_nlri_parse bgpd/bgp_packet.c:341
sonic-net#7 0x5623b88e4f7c in bgp_update_receive bgpd/bgp_packet.c:2220
sonic-net#8 0x5623b88f0474 in bgp_process_packet bgpd/bgp_packet.c:3386
sonic-net#9 0x7f62ccb62b8f in event_call lib/event.c:1969
sonic-net#10 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213
sonic-net#11 0x5623b87e054b in main bgpd/bgp_main.c:510
sonic-net#12 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 56 byte(s) in 7 object(s) allocated from:
#0 0x7f62cd0c9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
sonic-net#1 0x7f62ccac1ee3 in qmalloc lib/memory.c:100
sonic-net#2 0x5623b8810eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256
sonic-net#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
sonic-net#4 0x5623b88c13b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005
sonic-net#5 0x5623b89bdebb in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287
sonic-net#6 0x5623b89bdebb in af_label_vpn_export_magic bgpd/bgp_vty.c:9547
sonic-net#7 0x5623b89bdebb in af_label_vpn_export bgpd/bgp_vty_clippy.c:2868
sonic-net#8 0x7f62cca45511 in cmd_execute_command_real lib/command.c:978
sonic-net#9 0x7f62cca459d5 in cmd_execute_command lib/command.c:1036
sonic-net#10 0x7f62cca45e54 in cmd_execute lib/command.c:1203
sonic-net#11 0x7f62ccb6ee20 in vty_command lib/vty.c:591
sonic-net#12 0x7f62ccb6f2cb in vty_execute lib/vty.c:1354
sonic-net#13 0x7f62ccb77b95 in vtysh_read lib/vty.c:2362
sonic-net#14 0x7f62ccb62b8f in event_call lib/event.c:1969
sonic-net#15 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213
sonic-net#16 0x5623b87e054b in main bgpd/bgp_main.c:510
sonic-net#17 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 48 byte(s) in 6 object(s) allocated from:
#0 0x7f62cd0c9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
sonic-net#1 0x7f62ccac1ee3 in qmalloc lib/memory.c:100
sonic-net#2 0x5623b8810eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256
sonic-net#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
sonic-net#4 0x5623b88dc289 in evaluate_paths bgpd/bgp_nht.c:1384
sonic-net#5 0x5623b88ddb0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733
sonic-net#6 0x5623b88de027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934
sonic-net#7 0x5623b8a03163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104
sonic-net#8 0x7f62ccb92d8a in zclient_read lib/zclient.c:4425
sonic-net#9 0x7f62ccb62b8f in event_call lib/event.c:1969
sonic-net#10 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213
sonic-net#11 0x5623b87e054b in main bgpd/bgp_main.c:510
sonic-net#12 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 24 byte(s) in 3 object(s) allocated from:
#0 0x7f62cd0c9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
sonic-net#1 0x7f62ccac1ee3 in qmalloc lib/memory.c:100
sonic-net#2 0x5623b8810eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256
sonic-net#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
sonic-net#4 0x5623b893a406 in bgp_redistribute_add bgpd/bgp_route.c:8692
sonic-net#5 0x5623b8a02b3b in zebra_read_route bgpd/bgp_zebra.c:595
sonic-net#6 0x7f62ccb92d8a in zclient_read lib/zclient.c:4425
sonic-net#7 0x7f62ccb62b8f in event_call lib/event.c:1969
sonic-net#8 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213
sonic-net#9 0x5623b87e054b in main bgpd/bgp_main.c:510
sonic-net#10 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 16 byte(s) in 2 object(s) allocated from:
#0 0x7f62cd0c9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
sonic-net#1 0x7f62ccac1ee3 in qmalloc lib/memory.c:100
sonic-net#2 0x5623b8810eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256
sonic-net#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
sonic-net#4 0x5623b88dc188 in evaluate_paths bgpd/bgp_nht.c:1348
sonic-net#5 0x5623b88ddb0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733
sonic-net#6 0x5623b88de027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934
sonic-net#7 0x5623b8a03163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104
sonic-net#8 0x7f62ccb92d8a in zclient_read lib/zclient.c:4425
sonic-net#9 0x7f62ccb62b8f in event_call lib/event.c:1969
sonic-net#10 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213
sonic-net#11 0x5623b87e054b in main bgpd/bgp_main.c:510
sonic-net#12 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
SUMMARY: AddressSanitizer: 1536 byte(s) leaked in 64 allocation(s).
***********************************************************************************
Address Sanitizer Error detected in bgp_vpnv4_per_nexthop_label.test_bgp_vpnv4_per_nexthop_label/r1.asan.bgpd.10610
=================================================================
==10610==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 280 byte(s) in 7 object(s) allocated from:
#0 0x7f81fc562d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
sonic-net#1 0x7f81fbf5b1c3 in qcalloc lib/memory.c:105
sonic-net#2 0x55cdc9b28dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252
sonic-net#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
sonic-net#4 0x55cdc9c4686d in bgp_update bgpd/bgp_route.c:4969
sonic-net#5 0x55cdc9c4934d in bgp_nlri_parse_ip bgpd/bgp_route.c:6213
sonic-net#6 0x55cdc9bfaa0e in bgp_nlri_parse bgpd/bgp_packet.c:341
sonic-net#7 0x55cdc9bfcf7c in bgp_update_receive bgpd/bgp_packet.c:2220
sonic-net#8 0x55cdc9c08474 in bgp_process_packet bgpd/bgp_packet.c:3386
sonic-net#9 0x7f81fbffbb8f in event_call lib/event.c:1969
sonic-net#10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213
sonic-net#11 0x55cdc9af854b in main bgpd/bgp_main.c:510
sonic-net#12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 280 byte(s) in 7 object(s) allocated from:
#0 0x7f81fc562d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
sonic-net#1 0x7f81fbf5b1c3 in qcalloc lib/memory.c:105
sonic-net#2 0x55cdc9b28dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252
sonic-net#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
sonic-net#4 0x55cdc9bd93b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005
sonic-net#5 0x55cdc9cd6abc in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287
sonic-net#6 0x55cdc9cd6abc in af_label_vpn_export_allocation_mode_magic bgpd/bgp_vty.c:9464
sonic-net#7 0x55cdc9cd6abc in af_label_vpn_export_allocation_mode bgpd/bgp_vty_clippy.c:2809
sonic-net#8 0x7f81fbede511 in cmd_execute_command_real lib/command.c:978
sonic-net#9 0x7f81fbede9d5 in cmd_execute_command lib/command.c:1036
sonic-net#10 0x7f81fbedee54 in cmd_execute lib/command.c:1203
sonic-net#11 0x7f81fc007e20 in vty_command lib/vty.c:591
sonic-net#12 0x7f81fc0082cb in vty_execute lib/vty.c:1354
sonic-net#13 0x7f81fc010b95 in vtysh_read lib/vty.c:2362
sonic-net#14 0x7f81fbffbb8f in event_call lib/event.c:1969
sonic-net#15 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213
sonic-net#16 0x55cdc9af854b in main bgpd/bgp_main.c:510
sonic-net#17 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 280 byte(s) in 7 object(s) allocated from:
#0 0x7f81fc562d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
sonic-net#1 0x7f81fbf5b1c3 in qcalloc lib/memory.c:105
sonic-net#2 0x55cdc9b28dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252
sonic-net#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
sonic-net#4 0x55cdc9bd93b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005
sonic-net#5 0x55cdc9cd5ebb in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287
sonic-net#6 0x55cdc9cd5ebb in af_label_vpn_export_magic bgpd/bgp_vty.c:9547
sonic-net#7 0x55cdc9cd5ebb in af_label_vpn_export bgpd/bgp_vty_clippy.c:2868
sonic-net#8 0x7f81fbede511 in cmd_execute_command_real lib/command.c:978
sonic-net#9 0x7f81fbede9d5 in cmd_execute_command lib/command.c:1036
sonic-net#10 0x7f81fbedee54 in cmd_execute lib/command.c:1203
sonic-net#11 0x7f81fc007e20 in vty_command lib/vty.c:591
sonic-net#12 0x7f81fc0082cb in vty_execute lib/vty.c:1354
sonic-net#13 0x7f81fc010b95 in vtysh_read lib/vty.c:2362
sonic-net#14 0x7f81fbffbb8f in event_call lib/event.c:1969
sonic-net#15 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213
sonic-net#16 0x55cdc9af854b in main bgpd/bgp_main.c:510
sonic-net#17 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 240 byte(s) in 6 object(s) allocated from:
#0 0x7f81fc562d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
sonic-net#1 0x7f81fbf5b1c3 in qcalloc lib/memory.c:105
sonic-net#2 0x55cdc9b28dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252
sonic-net#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
sonic-net#4 0x55cdc9bf4289 in evaluate_paths bgpd/bgp_nht.c:1384
sonic-net#5 0x55cdc9bf5b0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733
sonic-net#6 0x55cdc9bf6027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934
sonic-net#7 0x55cdc9d1b163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104
sonic-net#8 0x7f81fc02bd8a in zclient_read lib/zclient.c:4425
sonic-net#9 0x7f81fbffbb8f in event_call lib/event.c:1969
sonic-net#10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213
sonic-net#11 0x55cdc9af854b in main bgpd/bgp_main.c:510
sonic-net#12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 80 byte(s) in 2 object(s) allocated from:
#0 0x7f81fc562d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
sonic-net#1 0x7f81fbf5b1c3 in qcalloc lib/memory.c:105
sonic-net#2 0x55cdc9b28dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252
sonic-net#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
sonic-net#4 0x55cdc9bf4188 in evaluate_paths bgpd/bgp_nht.c:1348
sonic-net#5 0x55cdc9bf5b0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733
sonic-net#6 0x55cdc9bf6027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934
sonic-net#7 0x55cdc9d1b163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104
sonic-net#8 0x7f81fc02bd8a in zclient_read lib/zclient.c:4425
sonic-net#9 0x7f81fbffbb8f in event_call lib/event.c:1969
sonic-net#10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213
sonic-net#11 0x55cdc9af854b in main bgpd/bgp_main.c:510
sonic-net#12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 80 byte(s) in 2 object(s) allocated from:
#0 0x7f81fc562d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
sonic-net#1 0x7f81fbf5b1c3 in qcalloc lib/memory.c:105
sonic-net#2 0x55cdc9b28dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252
sonic-net#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
sonic-net#4 0x55cdc9bd93b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005
sonic-net#5 0x55cdc9bdafd5 in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287
sonic-net#6 0x55cdc9bdafd5 in vpn_leak_label_callback bgpd/bgp_mplsvpn.c:581
sonic-net#7 0x55cdc9bb2606 in lp_cbq_docallback bgpd/bgp_labelpool.c:118
sonic-net#8 0x7f81fc0164b5 in work_queue_run lib/workqueue.c:266
sonic-net#9 0x7f81fbffbb8f in event_call lib/event.c:1969
sonic-net#10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213
sonic-net#11 0x55cdc9af854b in main bgpd/bgp_main.c:510
sonic-net#12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 40 byte(s) in 1 object(s) allocated from:
#0 0x7f81fc562d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
sonic-net#1 0x7f81fbf5b1c3 in qcalloc lib/memory.c:105
sonic-net#2 0x55cdc9b28dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252
sonic-net#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
sonic-net#4 0x55cdc9c52406 in bgp_redistribute_add bgpd/bgp_route.c:8692
sonic-net#5 0x55cdc9d1ab3b in zebra_read_route bgpd/bgp_zebra.c:595
sonic-net#6 0x7f81fc02bd8a in zclient_read lib/zclient.c:4425
sonic-net#7 0x7f81fbffbb8f in event_call lib/event.c:1969
sonic-net#8 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213
sonic-net#9 0x55cdc9af854b in main bgpd/bgp_main.c:510
sonic-net#10 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 56 byte(s) in 7 object(s) allocated from:
#0 0x7f81fc562b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
sonic-net#1 0x7f81fbf5aee3 in qmalloc lib/memory.c:100
sonic-net#2 0x55cdc9b28eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256
sonic-net#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
sonic-net#4 0x55cdc9bd93b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005
sonic-net#5 0x55cdc9cd6abc in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287
sonic-net#6 0x55cdc9cd6abc in af_label_vpn_export_allocation_mode_magic bgpd/bgp_vty.c:9464
sonic-net#7 0x55cdc9cd6abc in af_label_vpn_export_allocation_mode bgpd/bgp_vty_clippy.c:2809
sonic-net#8 0x7f81fbede511 in cmd_execute_command_real lib/command.c:978
sonic-net#9 0x7f81fbede9d5 in cmd_execute_command lib/command.c:1036
sonic-net#10 0x7f81fbedee54 in cmd_execute lib/command.c:1203
sonic-net#11 0x7f81fc007e20 in vty_command lib/vty.c:591
sonic-net#12 0x7f81fc0082cb in vty_execute lib/vty.c:1354
sonic-net#13 0x7f81fc010b95 in vtysh_read lib/vty.c:2362
sonic-net#14 0x7f81fbffbb8f in event_call lib/event.c:1969
sonic-net#15 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213
sonic-net#16 0x55cdc9af854b in main bgpd/bgp_main.c:510
sonic-net#17 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 56 byte(s) in 7 object(s) allocated from:
#0 0x7f81fc562b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
sonic-net#1 0x7f81fbf5aee3 in qmalloc lib/memory.c:100
sonic-net#2 0x55cdc9b28eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256
sonic-net#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
sonic-net#4 0x55cdc9bd93b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005
sonic-net#5 0x55cdc9cd5ebb in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287
sonic-net#6 0x55cdc9cd5ebb in af_label_vpn_export_magic bgpd/bgp_vty.c:9547
sonic-net#7 0x55cdc9cd5ebb in af_label_vpn_export bgpd/bgp_vty_clippy.c:2868
sonic-net#8 0x7f81fbede511 in cmd_execute_command_real lib/command.c:978
sonic-net#9 0x7f81fbede9d5 in cmd_execute_command lib/command.c:1036
sonic-net#10 0x7f81fbedee54 in cmd_execute lib/command.c:1203
sonic-net#11 0x7f81fc007e20 in vty_command lib/vty.c:591
sonic-net#12 0x7f81fc0082cb in vty_execute lib/vty.c:1354
sonic-net#13 0x7f81fc010b95 in vtysh_read lib/vty.c:2362
sonic-net#14 0x7f81fbffbb8f in event_call lib/event.c:1969
sonic-net#15 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213
sonic-net#16 0x55cdc9af854b in main bgpd/bgp_main.c:510
sonic-net#17 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 56 byte(s) in 7 object(s) allocated from:
#0 0x7f81fc562b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
sonic-net#1 0x7f81fbf5aee3 in qmalloc lib/memory.c:100
sonic-net#2 0x55cdc9b28eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256
sonic-net#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
sonic-net#4 0x55cdc9c4686d in bgp_update bgpd/bgp_route.c:4969
sonic-net#5 0x55cdc9c4934d in bgp_nlri_parse_ip bgpd/bgp_route.c:6213
sonic-net#6 0x55cdc9bfaa0e in bgp_nlri_parse bgpd/bgp_packet.c:341
sonic-net#7 0x55cdc9bfcf7c in bgp_update_receive bgpd/bgp_packet.c:2220
sonic-net#8 0x55cdc9c08474 in bgp_process_packet bgpd/bgp_packet.c:3386
sonic-net#9 0x7f81fbffbb8f in event_call lib/event.c:1969
sonic-net#10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213
sonic-net#11 0x55cdc9af854b in main bgpd/bgp_main.c:510
sonic-net#12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 48 byte(s) in 6 object(s) allocated from:
#0 0x7f81fc562b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
sonic-net#1 0x7f81fbf5aee3 in qmalloc lib/memory.c:100
sonic-net#2 0x55cdc9b28eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256
sonic-net#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
sonic-net#4 0x55cdc9bf4289 in evaluate_paths bgpd/bgp_nht.c:1384
sonic-net#5 0x55cdc9bf5b0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733
sonic-net#6 0x55cdc9bf6027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934
sonic-net#7 0x55cdc9d1b163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104
sonic-net#8 0x7f81fc02bd8a in zclient_read lib/zclient.c:4425
sonic-net#9 0x7f81fbffbb8f in event_call lib/event.c:1969
sonic-net#10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213
sonic-net#11 0x55cdc9af854b in main bgpd/bgp_main.c:510
sonic-net#12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 16 byte(s) in 2 object(s) allocated from:
#0 0x7f81fc562b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
sonic-net#1 0x7f81fbf5aee3 in qmalloc lib/memory.c:100
sonic-net#2 0x55cdc9b28eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256
sonic-net#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
sonic-net#4 0x55cdc9bf4188 in evaluate_paths bgpd/bgp_nht.c:1348
sonic-net#5 0x55cdc9bf5b0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733
sonic-net#6 0x55cdc9bf6027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934
sonic-net#7 0x55cdc9d1b163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104
sonic-net#8 0x7f81fc02bd8a in zclient_read lib/zclient.c:4425
sonic-net#9 0x7f81fbffbb8f in event_call lib/event.c:1969
sonic-net#10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213
sonic-net#11 0x55cdc9af854b in main bgpd/bgp_main.c:510
sonic-net#12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 16 byte(s) in 2 object(s) allocated from:
#0 0x7f81fc562b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
sonic-net#1 0x7f81fbf5aee3 in qmalloc lib/memory.c:100
sonic-net#2 0x55cdc9b28eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256
sonic-net#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
sonic-net#4 0x55cdc9bd93b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005
sonic-net#5 0x55cdc9bdafd5 in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287
sonic-net#6 0x55cdc9bdafd5 in vpn_leak_label_callback bgpd/bgp_mplsvpn.c:581
sonic-net#7 0x55cdc9bb2606 in lp_cbq_docallback bgpd/bgp_labelpool.c:118
sonic-net#8 0x7f81fc0164b5 in work_queue_run lib/workqueue.c:266
sonic-net#9 0x7f81fbffbb8f in event_call lib/event.c:1969
sonic-net#10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213
sonic-net#11 0x55cdc9af854b in main bgpd/bgp_main.c:510
sonic-net#12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 8 byte(s) in 1 object(s) allocated from:
#0 0x7f81fc562b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
sonic-net#1 0x7f81fbf5aee3 in qmalloc lib/memory.c:100
sonic-net#2 0x55cdc9b28eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256
sonic-net#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628
sonic-net#4 0x55cdc9c52406 in bgp_redistribute_add bgpd/bgp_route.c:8692
sonic-net#5 0x55cdc9d1ab3b in zebra_read_route bgpd/bgp_zebra.c:595
sonic-net#6 0x7f81fc02bd8a in zclient_read lib/zclient.c:4425
sonic-net#7 0x7f81fbffbb8f in event_call lib/event.c:1969
sonic-net#8 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213
sonic-net#9 0x55cdc9af854b in main bgpd/bgp_main.c:510
sonic-net#10 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
SUMMARY: AddressSanitizer: 1536 byte(s) leaked in 64 allocation(s).
***********************************************************************************
Signed-off-by: ryndia <dindyalsarvesh@gmail.com>
(cherry picked from commit 78b6cad)
marcosfsch
pushed a commit
to marcosfsch/sonic-frr
that referenced
this pull request
Jan 30, 2024
Problem Statement: =================== Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s) at 0x4975157: sendmsg (sendmsg.c:28) ==2263111== by 0x1413BE: pim_msg_send_frame (pim_pim.c:629) ==2263111== by 0x1413BE: pim_msg_send (pim_pim.c:743) ==2263111== by 0x1425DC: pim_register_send (pim_register.c:332) ==2263111== by 0x1427EE: pim_null_register_send (pim_register.c:443) ==2263111== by 0x14D228: pim_upstream_register_stop_timer (pim_upstream.c:1608) ==2263111== by 0x48CE6DF: thread_call (thread.c:1693) ==2263111== by 0x4899EFF: frr_run (libfrr.c:1068) ==2263111== by 0x11D035: main (pim6_main.c:190) ==2263111== Address 0x1ffeffdcb1 is on thread 1's stack ==2263111== in frame sonic-net#2, created by pim_register_send (pim_register.c:273) ==2263111== Uninitialised value was created by a stack allocation ==2263111== at 0x142690: pim_null_register_send (pim_register.c:389) RCA: ==================== 1. All members of struct pim_msg_header were not initiliased while sending null register packet. Therefore when the pointers are assigned while sending the msg via sendmsg, it complains the pointer points to uninitialised byte. 2. struct ipv6_ph ph was also not initialised. Fix: ==================== Initialised all the members using memset. Signed-off-by: Mobashshera Rasool <mrasool@vmware.com> (cherry picked from commit 1064818)
marcosfsch
pushed a commit
to marcosfsch/sonic-frr
that referenced
this pull request
Jan 30, 2024
Fix memory leaks by allocating `json_segs` conditionally on `nexthop->nh_srv6->seg6_segs`.
The previous code allocated memory even when not in use or attached to the JSON tree.
The ASan leak log for reference:
```
Direct leak of 3240 byte(s) in 45 object(s) allocated from:
#0 0x7f6e84a35d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
sonic-net#1 0x7f6e83de9e6f in json_object_new_array (/lib/x86_64-linux-gnu/libjson-c.so.3+0x3e6f)
sonic-net#2 0x564dcab5c1a6 in vty_show_ip_route zebra/zebra_vty.c:705
sonic-net#3 0x564dcab5cc71 in do_show_route_helper zebra/zebra_vty.c:955
sonic-net#4 0x564dcab5d418 in do_show_ip_route zebra/zebra_vty.c:1039
sonic-net#5 0x564dcab63ee5 in show_route_magic zebra/zebra_vty.c:1878
sonic-net#6 0x564dcab63ee5 in show_route zebra/zebra_vty_clippy.c:659
sonic-net#7 0x7f6e843b6fb1 in cmd_execute_command_real lib/command.c:978
sonic-net#8 0x7f6e843b7475 in cmd_execute_command lib/command.c:1036
sonic-net#9 0x7f6e843b78f4 in cmd_execute lib/command.c:1203
sonic-net#10 0x7f6e844dfe3b in vty_command lib/vty.c:594
sonic-net#11 0x7f6e844e02e6 in vty_execute lib/vty.c:1357
sonic-net#12 0x7f6e844e8bb7 in vtysh_read lib/vty.c:2365
sonic-net#13 0x7f6e844d3b7a in event_call lib/event.c:1965
sonic-net#14 0x7f6e844172b0 in frr_run lib/libfrr.c:1214
sonic-net#15 0x564dcaa50e81 in main zebra/main.c:488
sonic-net#16 0x7f6e837f7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Indirect leak of 11520 byte(s) in 45 object(s) allocated from:
#0 0x7f6e84a35d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
sonic-net#1 0x7f6e83de88c0 in array_list_new (/lib/x86_64-linux-gnu/libjson-c.so.3+0x28c0)
Indirect leak of 1080 byte(s) in 45 object(s) allocated from:
#0 0x7f6e84a35d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
sonic-net#1 0x7f6e83de8897 in array_list_new (/lib/x86_64-linux-gnu/libjson-c.so.3+0x2897)
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
Signed-off-by: ryndia <dindyalsarvesh@gmail.com>
(cherry picked from commit 531866c)
marcosfsch
pushed a commit
to marcosfsch/sonic-frr
that referenced
this pull request
Jan 30, 2024
Fix a crash because a use-after-free. > ================================================================= > ==1249835==ERROR: AddressSanitizer: heap-use-after-free on address 0x604000074210 at pc 0x7fa1b42a652c bp 0x7ffc477a2aa0 sp 0x7ffc477a2a98 > READ of size 8 at 0x604000074210 thread T0 > #0 0x7fa1b42a652b in list_delete_all_node git/frr/lib/linklist.c:299:20 > sonic-net#1 0x7fa1b42a683f in list_delete git/frr/lib/linklist.c:312:2 > sonic-net#2 0x5ee515 in dplane_ctx_free_internal git/frr/zebra/zebra_dplane.c:858:4 > sonic-net#3 0x5ee59c in dplane_ctx_free git/frr/zebra/zebra_dplane.c:884:2 > sonic-net#4 0x5ee544 in dplane_ctx_fini git/frr/zebra/zebra_dplane.c:905:2 > sonic-net#5 0x7045c0 in rib_process_dplane_results git/frr/zebra/zebra_rib.c:4928:4 > sonic-net#6 0x7fa1b4434fb2 in event_call git/frr/lib/event.c:1970:2 > sonic-net#7 0x7fa1b42a0ccf in frr_run git/frr/lib/libfrr.c:1213:3 > sonic-net#8 0x556808 in main git/frr/zebra/main.c:488:2 > sonic-net#9 0x7fa1b3d0bd09 in __libc_start_main csu/../csu/libc-start.c:308:16 > sonic-net#10 0x4453e9 in _start (/usr/lib/frr/zebra+0x4453e9) > > 0x604000074210 is located 0 bytes inside of 40-byte region [0x604000074210,0x604000074238) > freed by thread T0 here: > #0 0x4bf1dd in free (/usr/lib/frr/zebra+0x4bf1dd) > sonic-net#1 0x7fa1b42df0c0 in qfree git/frr/lib/memory.c:130:2 > sonic-net#2 0x7fa1b42a68ce in list_free_internal git/frr/lib/linklist.c:24:2 > sonic-net#3 0x7fa1b42a6870 in list_delete git/frr/lib/linklist.c:313:2 > sonic-net#4 0x5ee515 in dplane_ctx_free_internal git/frr/zebra/zebra_dplane.c:858:4 > sonic-net#5 0x5ee59c in dplane_ctx_free git/frr/zebra/zebra_dplane.c:884:2 > sonic-net#6 0x5ee544 in dplane_ctx_fini git/frr/zebra/zebra_dplane.c:905:2 > sonic-net#7 0x7045c0 in rib_process_dplane_results git/frr/zebra/zebra_rib.c:4928:4 > sonic-net#8 0x7fa1b4434fb2 in event_call git/frr/lib/event.c:1970:2 > sonic-net#9 0x7fa1b42a0ccf in frr_run git/frr/lib/libfrr.c:1213:3 > sonic-net#10 0x556808 in main git/frr/zebra/main.c:488:2 > sonic-net#11 0x7fa1b3d0bd09 in __libc_start_main csu/../csu/libc-start.c:308:16 > > previously allocated by thread T0 here: > #0 0x4bf5d2 in calloc (/usr/lib/frr/zebra+0x4bf5d2) > sonic-net#1 0x7fa1b42dee18 in qcalloc git/frr/lib/memory.c:105:27 > sonic-net#2 0x7fa1b42a3784 in list_new git/frr/lib/linklist.c:18:9 > sonic-net#3 0x6d165f in pbr_iptable_alloc_intern git/frr/zebra/zebra_pbr.c:1015:29 > sonic-net#4 0x7fa1b426ad1f in hash_get git/frr/lib/hash.c:147:13 > sonic-net#5 0x6d15f2 in zebra_pbr_add_iptable git/frr/zebra/zebra_pbr.c:1030:13 > sonic-net#6 0x5db2a3 in zread_iptable git/frr/zebra/zapi_msg.c:3759:3 > sonic-net#7 0x5e365d in zserv_handle_commands git/frr/zebra/zapi_msg.c:4039:3 > sonic-net#8 0x7e09fc in zserv_process_messages git/frr/zebra/zserv.c:520:3 > sonic-net#9 0x7fa1b4434fb2 in event_call git/frr/lib/event.c:1970:2 > sonic-net#10 0x7fa1b42a0ccf in frr_run git/frr/lib/libfrr.c:1213:3 > sonic-net#11 0x556808 in main git/frr/zebra/main.c:488:2 > sonic-net#12 0x7fa1b3d0bd09 in __libc_start_main csu/../csu/libc-start.c:308:16 Fixes: 1cc3806 ("zebra: Actually free all memory associated ctx->u.iptable.interface_name_list") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com> (cherry picked from commit 45140bb)
marcosfsch
pushed a commit
to marcosfsch/sonic-frr
that referenced
this pull request
Jan 30, 2024
Fix bgp_best_selection heap-use-after-free > ==2521540==ERROR: AddressSanitizer: heap-use-after-free on address 0x60d000032810 at pc 0x000000716f45 bp 0x7ffedc6229d0 sp 0x7ffedc6229c8 > READ of size 8 at 0x60d000032810 thread T0 > #0 0x716f44 in bgp_best_selection /home/lscalber/git/frr/bgpd/bgp_route.c:2834:5 > sonic-net#1 0x71a05e in bgp_process_main_one /home/lscalber/git/frr/bgpd/bgp_route.c:3344:2 > sonic-net#2 0x71c265 in bgp_process_wq /home/lscalber/git/frr/bgpd/bgp_route.c:3622:3 > sonic-net#3 0x7fe630a6669c in work_queue_run /home/lscalber/git/frr/lib/workqueue.c:282:10 > sonic-net#4 0x7fe630a294e2 in event_call /home/lscalber/git/frr/lib/event.c:1974:2 > sonic-net#5 0x7fe630898f3f in frr_run /home/lscalber/git/frr/lib/libfrr.c:1214:3 > sonic-net#6 0x4f4ace in main /home/lscalber/git/frr/bgpd/bgp_main.c:510:2 > sonic-net#7 0x7fe63018bd09 in __libc_start_main csu/../csu/libc-start.c:308:16 > sonic-net#8 0x449629 in _start (/usr/lib/frr/bgpd+0x449629) > > 0x60d000032810 is located 48 bytes inside of 144-byte region [0x60d0000327e0,0x60d000032870) > freed by thread T0 here: > #0 0x4c341d in free (/usr/lib/frr/bgpd+0x4c341d) > sonic-net#1 0x7fe6308d7420 in qfree /home/lscalber/git/frr/lib/memory.c:130:2 > sonic-net#2 0x702632 in bgp_path_info_free_with_caller /home/lscalber/git/frr/bgpd/bgp_route.c:300:2 > sonic-net#3 0x702023 in bgp_path_info_unlock /home/lscalber/git/frr/bgpd/bgp_route.c:315:3 > sonic-net#4 0x703bc6 in bgp_path_info_reap /home/lscalber/git/frr/bgpd/bgp_route.c:461:2 > sonic-net#5 0x716e5d in bgp_best_selection /home/lscalber/git/frr/bgpd/bgp_route.c:2829:12 > sonic-net#6 0x71a05e in bgp_process_main_one /home/lscalber/git/frr/bgpd/bgp_route.c:3344:2 > sonic-net#7 0x71c265 in bgp_process_wq /home/lscalber/git/frr/bgpd/bgp_route.c:3622:3 > sonic-net#8 0x7fe630a6669c in work_queue_run /home/lscalber/git/frr/lib/workqueue.c:282:10 > sonic-net#9 0x7fe630a294e2 in event_call /home/lscalber/git/frr/lib/event.c:1974:2 > sonic-net#10 0x7fe630898f3f in frr_run /home/lscalber/git/frr/lib/libfrr.c:1214:3 > sonic-net#11 0x4f4ace in main /home/lscalber/git/frr/bgpd/bgp_main.c:510:2 > sonic-net#12 0x7fe63018bd09 in __libc_start_main csu/../csu/libc-start.c:308:16 > > previously allocated by thread T0 here: > #0 0x4c3812 in calloc (/usr/lib/frr/bgpd+0x4c3812) > sonic-net#1 0x7fe6308d7178 in qcalloc /home/lscalber/git/frr/lib/memory.c:105:27 > sonic-net#2 0x71f5b4 in info_make /home/lscalber/git/frr/bgpd/bgp_route.c:3985:8 > sonic-net#3 0x725293 in bgp_update /home/lscalber/git/frr/bgpd/bgp_route.c:4881:8 > sonic-net#4 0x73083d in bgp_nlri_parse_ip /home/lscalber/git/frr/bgpd/bgp_route.c:6230:4 > sonic-net#5 0x6ba980 in bgp_nlri_parse /home/lscalber/git/frr/bgpd/bgp_packet.c:341:10 > sonic-net#6 0x6cca2a in bgp_update_receive /home/lscalber/git/frr/bgpd/bgp_packet.c:2412:15 > sonic-net#7 0x6c6788 in bgp_process_packet /home/lscalber/git/frr/bgpd/bgp_packet.c:3887:11 > sonic-net#8 0x7fe630a294e2 in event_call /home/lscalber/git/frr/lib/event.c:1974:2 > sonic-net#9 0x7fe630898f3f in frr_run /home/lscalber/git/frr/lib/libfrr.c:1214:3 > sonic-net#10 0x4f4ace in main /home/lscalber/git/frr/bgpd/bgp_main.c:510:2 > sonic-net#11 0x7fe63018bd09 in __libc_start_main csu/../csu/libc-start.c:308:16 Fixes: ddb5b48 ("bgpd: vpn-vrf route leaking") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com> (cherry picked from commit 9561f96)
marcosfsch
pushed a commit
to marcosfsch/sonic-frr
that referenced
this pull request
Jan 30, 2024
Implement proper memory cleanup for SRv6 functions and locator chunks to prevent potential memory leaks.
The list callback deletion functions have been set.
The ASan leak log for reference:
```
***********************************************************************************
Address Sanitizer Error detected in bgp_srv6l3vpn_to_bgp_vrf.test_bgp_srv6l3vpn_to_bgp_vrf/r2.asan.bgpd.4180
=================================================================
==4180==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 544 byte(s) in 2 object(s) allocated from:
#0 0x7f8d176a0d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
sonic-net#1 0x7f8d1709f238 in qcalloc lib/memory.c:105
sonic-net#2 0x55d5dba6ee75 in sid_register bgpd/bgp_mplsvpn.c:591
sonic-net#3 0x55d5dba6ee75 in alloc_new_sid bgpd/bgp_mplsvpn.c:712
sonic-net#4 0x55d5dba6f3ce in ensure_vrf_tovpn_sid_per_af bgpd/bgp_mplsvpn.c:758
sonic-net#5 0x55d5dba6fb94 in ensure_vrf_tovpn_sid bgpd/bgp_mplsvpn.c:849
sonic-net#6 0x55d5dba7f975 in vpn_leak_postchange bgpd/bgp_mplsvpn.h:299
sonic-net#7 0x55d5dba7f975 in vpn_leak_postchange_all bgpd/bgp_mplsvpn.c:3704
sonic-net#8 0x55d5dbbb6c66 in bgp_zebra_process_srv6_locator_chunk bgpd/bgp_zebra.c:3164
sonic-net#9 0x7f8d1716f08a in zclient_read lib/zclient.c:4459
sonic-net#10 0x7f8d1713f034 in event_call lib/event.c:1974
sonic-net#11 0x7f8d1708242b in frr_run lib/libfrr.c:1214
sonic-net#12 0x55d5db99d19d in main bgpd/bgp_main.c:510
sonic-net#13 0x7f8d160c5c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 296 byte(s) in 1 object(s) allocated from:
#0 0x7f8d176a0d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
sonic-net#1 0x7f8d1709f238 in qcalloc lib/memory.c:105
sonic-net#2 0x7f8d170b1d5f in srv6_locator_chunk_alloc lib/srv6.c:135
sonic-net#3 0x55d5dbbb6a19 in bgp_zebra_process_srv6_locator_chunk bgpd/bgp_zebra.c:3144
sonic-net#4 0x7f8d1716f08a in zclient_read lib/zclient.c:4459
sonic-net#5 0x7f8d1713f034 in event_call lib/event.c:1974
sonic-net#6 0x7f8d1708242b in frr_run lib/libfrr.c:1214
sonic-net#7 0x55d5db99d19d in main bgpd/bgp_main.c:510
sonic-net#8 0x7f8d160c5c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
***********************************************************************************
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
(cherry picked from commit 8e7044b)
marcosfsch
pushed a commit
to marcosfsch/sonic-frr
that referenced
this pull request
Jan 30, 2024
Fix the following heap-use-after-free > ==82961==ERROR: AddressSanitizer: heap-use-after-free on address 0x6020001e4750 at pc 0x55a8cc7f63ac bp 0x7ffd6948e340 sp 0x7ffd6948e330 > READ of size 8 at 0x6020001e4750 thread T0 > #0 0x55a8cc7f63ab in isis_route_node_cleanup isisd/isis_route.c:335 > sonic-net#1 0x7ff25ec617c1 in route_node_free lib/table.c:75 > sonic-net#2 0x7ff25ec619fc in route_table_free lib/table.c:111 > sonic-net#3 0x7ff25ec61661 in route_table_finish lib/table.c:46 > sonic-net#4 0x55a8cc800d83 in _isis_spftree_del isisd/isis_spf.c:397 > sonic-net#5 0x55a8cc800e45 in isis_spftree_clear isisd/isis_spf.c:414 > sonic-net#6 0x55a8cc80bd9a in isis_run_spf isisd/isis_spf.c:2020 > sonic-net#7 0x55a8cc80c370 in isis_run_spf_with_protection isisd/isis_spf.c:2076 > sonic-net#8 0x55a8cc80cf52 in isis_run_spf_cb isisd/isis_spf.c:2165 > sonic-net#9 0x7ff25ec7c4dc in event_call lib/event.c:1970 > sonic-net#10 0x7ff25eb64423 in frr_run lib/libfrr.c:1213 > sonic-net#11 0x55a8cc7799da in main isisd/isis_main.c:318 > sonic-net#12 0x7ff25e623d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > sonic-net#13 0x7ff25e623e3f in __libc_start_main_impl ../csu/libc-start.c:392 > sonic-net#14 0x55a8cc778e44 in _start (/usr/lib/frr/isisd+0x109e44) > > 0x6020001e4750 is located 0 bytes inside of 16-byte region [0x6020001e4750,0x6020001e4760) > freed by thread T0 here: > #0 0x7ff25f000537 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 > sonic-net#1 0x7ff25eb9012e in qfree lib/memory.c:130 > sonic-net#2 0x55a8cc7f6485 in isis_route_table_info_free isisd/isis_route.c:351 > sonic-net#3 0x55a8cc800cf4 in _isis_spftree_del isisd/isis_spf.c:395 > sonic-net#4 0x55a8cc800e45 in isis_spftree_clear isisd/isis_spf.c:414 > sonic-net#5 0x55a8cc80bd9a in isis_run_spf isisd/isis_spf.c:2020 > sonic-net#6 0x55a8cc80c370 in isis_run_spf_with_protection isisd/isis_spf.c:2076 > sonic-net#7 0x55a8cc80cf52 in isis_run_spf_cb isisd/isis_spf.c:2165 > sonic-net#8 0x7ff25ec7c4dc in event_call lib/event.c:1970 > sonic-net#9 0x7ff25eb64423 in frr_run lib/libfrr.c:1213 > sonic-net#10 0x55a8cc7799da in main isisd/isis_main.c:318 > sonic-net#11 0x7ff25e623d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > > previously allocated by thread T0 here: > #0 0x7ff25f000a57 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154 > sonic-net#1 0x7ff25eb8ffdc in qcalloc lib/memory.c:105 > sonic-net#2 0x55a8cc7f63eb in isis_route_table_info_alloc isisd/isis_route.c:343 > sonic-net#3 0x55a8cc80052a in _isis_spftree_init isisd/isis_spf.c:334 > sonic-net#4 0x55a8cc800e51 in isis_spftree_clear isisd/isis_spf.c:415 > sonic-net#5 0x55a8cc80bd9a in isis_run_spf isisd/isis_spf.c:2020 > sonic-net#6 0x55a8cc80c370 in isis_run_spf_with_protection isisd/isis_spf.c:2076 > sonic-net#7 0x55a8cc80cf52 in isis_run_spf_cb isisd/isis_spf.c:2165 > sonic-net#8 0x7ff25ec7c4dc in event_call lib/event.c:1970 > sonic-net#9 0x7ff25eb64423 in frr_run lib/libfrr.c:1213 > sonic-net#10 0x55a8cc7799da in main isisd/isis_main.c:318 > sonic-net#11 0x7ff25e623d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 Fixes: 7153c3c ("isisd: update struct isis_route_info has multiple sr info by algorithm") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com> (cherry picked from commit 9fa9a9d)
marcosfsch
pushed a commit
to marcosfsch/sonic-frr
that referenced
this pull request
Jan 30, 2024
Fix the following heap-buffer-overflow: > ==3901635==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020003a5940 at pc 0x56260067bb48 bp 0x7ffe8a4f3840 sp 0x7ffe8a4f3838 > READ of size 4 at 0x6020003a5940 thread T0 > #0 0x56260067bb47 in ecommunity_fill_pbr_action bgpd/bgp_ecommunity.c:1587 > sonic-net#1 0x5626007a246e in bgp_pbr_build_and_validate_entry bgpd/bgp_pbr.c:939 > sonic-net#2 0x5626007b25e6 in bgp_pbr_update_entry bgpd/bgp_pbr.c:2933 > sonic-net#3 0x562600909d18 in bgp_zebra_announce bgpd/bgp_zebra.c:1351 > sonic-net#4 0x5626007d5efd in bgp_process_main_one bgpd/bgp_route.c:3528 > sonic-net#5 0x5626007d6b43 in bgp_process_wq bgpd/bgp_route.c:3641 > sonic-net#6 0x7f450f34c2cc in work_queue_run lib/workqueue.c:266 > sonic-net#7 0x7f450f327a27 in event_call lib/event.c:1970 > sonic-net#8 0x7f450f21a637 in frr_run lib/libfrr.c:1213 > sonic-net#9 0x56260062fc04 in main bgpd/bgp_main.c:540 > sonic-net#10 0x7f450ee2dd09 in __libc_start_main ../csu/libc-start.c:308 > sonic-net#11 0x56260062ca29 in _start (/usr/lib/frr/bgpd+0x2e3a29) > > 0x6020003a5940 is located 0 bytes to the right of 16-byte region [0x6020003a5930,0x6020003a5940) > allocated by thread T0 here: > #0 0x7f450f6aa1f8 in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:164 > sonic-net#1 0x7f450f244f8a in qrealloc lib/memory.c:112 > sonic-net#2 0x562600673313 in ecommunity_add_val_internal bgpd/bgp_ecommunity.c:143 > sonic-net#3 0x5626006735bc in ecommunity_uniq_sort_internal bgpd/bgp_ecommunity.c:193 > sonic-net#4 0x5626006737e3 in ecommunity_parse_internal bgpd/bgp_ecommunity.c:228 > sonic-net#5 0x562600673890 in ecommunity_parse bgpd/bgp_ecommunity.c:236 > sonic-net#6 0x562600640469 in bgp_attr_ext_communities bgpd/bgp_attr.c:2674 > sonic-net#7 0x562600646eb3 in bgp_attr_parse bgpd/bgp_attr.c:3893 > sonic-net#8 0x562600791b7e in bgp_update_receive bgpd/bgp_packet.c:2141 > sonic-net#9 0x56260079ba6b in bgp_process_packet bgpd/bgp_packet.c:3406 > sonic-net#10 0x7f450f327a27 in event_call lib/event.c:1970 > sonic-net#11 0x7f450f21a637 in frr_run lib/libfrr.c:1213 > sonic-net#12 0x56260062fc04 in main bgpd/bgp_main.c:540 > sonic-net#13 0x7f450ee2dd09 in __libc_start_main ../csu/libc-start.c:308 Fixes: dacf6ec ("bgpd: utility routine to convert flowspec actions into pbr actions") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com> (cherry picked from commit 6001c76)
eddieruan-alibaba
pushed a commit
to eddieruan-alibaba/sonic-frr
that referenced
this pull request
Mar 11, 2025
The following ASAN error can be seen. > ERROR: AddressSanitizer: attempting to call malloc_usable_size() for pointer which is not owned: 0x608000036c20 > #0 0x7f3d7a4b5425 in __interceptor_malloc_usable_size ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:198 > sonic-net#1 0x7f3d7a426a16 in __sanitizer::BufferedStackTrace::Unwind(unsigned long, unsigned long, void*, bool, unsigned int) ../../../../src/libsanitizer/sanitizer_common > /sanitizer_stacktrace.h:122 > sonic-net#2 0x7f3d7a426a16 in __asan::asan_malloc_usable_size(void const*, unsigned long, unsigned long) ../../../../src/libsanitizer/asan/asan_allocator.cpp:1074 > sonic-net#3 0x7f3d7a03f330 in mt_count_free lib/memory.c:78 > sonic-net#4 0x7f3d7a03f330 in qfree lib/memory.c:130 > sonic-net#5 0x7f3d76ccf89b in bmp_peer_status_changed bgpd/bgp_bmp.c:982 > sonic-net#6 0x560ae2aa6a94 in hook_call_peer_status_changed bgpd/bgp_fsm.c:47 > sonic-net#7 0x560ae2aa6a94 in bgp_fsm_change_status bgpd/bgp_fsm.c:1287 > sonic-net#8 0x560ae2c4f2e5 in peer_delete bgpd/bgpd.c:2777 > sonic-net#9 0x560ae2c58d24 in bgp_delete bgpd/bgpd.c:4140 > sonic-net#10 0x560ae2bbb47e in no_router_bgp bgpd/bgp_vty.c:1764 > sonic-net#11 0x7f3d79fb74ed in cmd_execute_command_real lib/command.c:1003 > sonic-net#12 0x7f3d79fb78a3 in cmd_execute_command lib/command.c:1062 > sonic-net#13 0x7f3d79fb7e03 in cmd_execute lib/command.c:1228 > sonic-net#14 0x7f3d7a107b53 in vty_command lib/vty.c:625 > sonic-net#15 0x7f3d7a109902 in vty_execute lib/vty.c:1388 > sonic-net#16 0x7f3d7a10cc32 in vtysh_read lib/vty.c:2400 > sonic-net#17 0x7f3d7a0f848b in event_call lib/event.c:2019 > sonic-net#18 0x7f3d7a01e627 in frr_run lib/libfrr.c:1232 > sonic-net#19 0x560ae29e0037 in main bgpd/bgp_main.c:555 > sonic-net#20 0x7f3d79a29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > sonic-net#21 0x7f3d79a29e3f in __libc_start_main_impl ../csu/libc-start.c:392 > sonic-net#22 0x560ae29e4ef4 in _start (/usr/lib/frr/bgpd+0x2eeef4) > > 0x608000036c20 is located 0 bytes inside of 81-byte region [0x608000036c20,0x608000036c71) > freed by thread T0 here: > #0 0x7f3d7a4b4537 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 > sonic-net#1 0x7f3d76ccf85f in bmp_peer_status_changed bgpd/bgp_bmp.c:981 > sonic-net#2 0x560ae2aa6a94 in hook_call_peer_status_changed bgpd/bgp_fsm.c:47 > sonic-net#3 0x560ae2aa6a94 in bgp_fsm_change_status bgpd/bgp_fsm.c:1287 > sonic-net#4 0x560ae2c4f2e5 in peer_delete bgpd/bgpd.c:2777 > sonic-net#5 0x560ae2c58d24 in bgp_delete bgpd/bgpd.c:4140 > sonic-net#6 0x560ae2bbb47e in no_router_bgp bgpd/bgp_vty.c:1764 > sonic-net#7 0x7f3d79fb74ed in cmd_execute_command_real lib/command.c:1003 > sonic-net#8 0x7f3d79fb78a3 in cmd_execute_command lib/command.c:1062 > sonic-net#9 0x7f3d79fb7e03 in cmd_execute lib/command.c:1228 > sonic-net#10 0x7f3d7a107b53 in vty_command lib/vty.c:625 > sonic-net#11 0x7f3d7a109902 in vty_execute lib/vty.c:1388 > sonic-net#12 0x7f3d7a10cc32 in vtysh_read lib/vty.c:2400 > sonic-net#13 0x7f3d7a0f848b in event_call lib/event.c:2019 > sonic-net#14 0x7f3d7a01e627 in frr_run lib/libfrr.c:1232 > sonic-net#15 0x560ae29e0037 in main bgpd/bgp_main.c:555 > sonic-net#16 0x7f3d79a29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > > previously allocated by thread T0 here: > #0 0x7f3d7a4b4887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145 > sonic-net#1 0x7f3d7a03f0e9 in qmalloc lib/memory.c:101 > sonic-net#2 0x7f3d76cd0166 in bmp_bgp_peer_vrf bgpd/bgp_bmp.c:2194 > sonic-net#3 0x7f3d76cd0166 in bmp_bgp_update_vrf_status bgpd/bgp_bmp.c:2236 > sonic-net#4 0x7f3d76cd29b8 in bmp_vrf_state_changed bgpd/bgp_bmp.c:3479 > sonic-net#5 0x560ae2c45b34 in hook_call_bgp_instance_state bgpd/bgpd.c:88 > sonic-net#6 0x560ae2c4d158 in bgp_instance_up bgpd/bgpd.c:3936 > sonic-net#7 0x560ae29e5ed1 in bgp_vrf_enable bgpd/bgp_main.c:299 > sonic-net#8 0x7f3d7a0ff8b1 in vrf_enable lib/vrf.c:286 > sonic-net#9 0x7f3d7a0ff8b1 in vrf_enable lib/vrf.c:275 > sonic-net#10 0x7f3d7a12ab66 in zclient_vrf_add lib/zclient.c:2561 > sonic-net#11 0x7f3d7a12eb43 in zclient_read lib/zclient.c:4624 > sonic-net#12 0x7f3d7a0f848b in event_call lib/event.c:2019 > sonic-net#13 0x7f3d7a01e627 in frr_run lib/libfrr.c:1232 > sonic-net#14 0x560ae29e0037 in main bgpd/bgp_main.c:555 > sonic-net#15 0x7f3d79a29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
eddieruan-alibaba
pushed a commit
to eddieruan-alibaba/sonic-frr
that referenced
this pull request
Mar 11, 2025
The following memory leak can be observed when turning off and on the BGP vrf interface. > ==706056==ERROR: LeakSanitizer: detected memory leaks > > Direct leak of 78 byte(s) in 1 object(s) allocated from: > #0 0x7fbf5f6b4887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145 > sonic-net#1 0x7fbf5f0771f8 in qmalloc lib/memory.c:101 > sonic-net#2 0x7fbf5bdde610 in bmp_bgp_peer_vrf bgpd/bgp_bmp.c:2042 > sonic-net#3 0x7fbf5bdde8aa in bmp_bgp_update_vrf_status bgpd/bgp_bmp.c:2079 > sonic-net#4 0x7fbf5bdeaa1c in bmp_vrf_itf_state_changed bgpd/bgp_bmp.c:3204 > sonic-net#5 0x562740f0d83f in hook_call_bgp_vrf_status_changed bgpd/bgp_zebra.c:64 > sonic-net#6 0x562740f0ee28 in bgp_ifp_up bgpd/bgp_zebra.c:234 > sonic-net#7 0x7fbf5f01c193 in hook_call_if_up lib/if.c:57 > sonic-net#8 0x7fbf5f01d09a in if_up_via_zapi lib/if.c:203 > sonic-net#9 0x7fbf5f1d6f54 in zclient_interface_up lib/zclient.c:2671 > sonic-net#10 0x7fbf5f1e3e5a in zclient_read lib/zclient.c:4624 > sonic-net#11 0x7fbf5f18078d in event_call lib/event.c:1996 > sonic-net#12 0x7fbf5f048933 in frr_run lib/libfrr.c:1232 > sonic-net#13 0x562740c0cae1 in main bgpd/bgp_main.c:557 > sonic-net#14 0x7fbf5ea29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > > Direct leak of 78 byte(s) in 1 object(s) allocated from: > #0 0x7fbf5f6b4887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145 > sonic-net#1 0x7fbf5f0771f8 in qmalloc lib/memory.c:101 > sonic-net#2 0x7fbf5bdde610 in bmp_bgp_peer_vrf bgpd/bgp_bmp.c:2042 > sonic-net#3 0x7fbf5bdde8aa in bmp_bgp_update_vrf_status bgpd/bgp_bmp.c:2079 > sonic-net#4 0x7fbf5bdd4839 in bmp_send_peerup_vrf bgpd/bgp_bmp.c:627 > sonic-net#5 0x7fbf5bddb0d3 in bmp_wrfill bgpd/bgp_bmp.c:1590 > sonic-net#6 0x7fbf5f10841f in pullwr_run lib/pullwr.c:197 > sonic-net#7 0x7fbf5f18078d in event_call lib/event.c:1996 > sonic-net#8 0x7fbf5f048933 in frr_run lib/libfrr.c:1232 > sonic-net#9 0x562740c0cae1 in main bgpd/bgp_main.c:557 > sonic-net#10 0x7fbf5ea29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 Fix this by freeing the previous open_tx and open_rx contexts before setting up the new one. Also at deletion of peer, free the open_rx context. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
eddieruan-alibaba
pushed a commit
to eddieruan-alibaba/sonic-frr
that referenced
this pull request
Mar 11, 2025
The following memory leak is observed when running bgp_bmp test. > ==614841==ERROR: LeakSanitizer: detected memory leaks > > Direct leak of 81 byte(s) in 1 object(s) allocated from: > #0 0x7f0e9f2b4887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145 > sonic-net#1 0x7f0e9ec771f8 in qmalloc lib/memory.c:101 > sonic-net#2 0x7f0e9e5a2f89 in bmp_bgp_peer_vrf bgpd/bgp_bmp.c:2211 > sonic-net#3 0x7f0e9e5a31a8 in bmp_bgp_update_vrf_status bgpd/bgp_bmp.c:2247 > sonic-net#4 0x7f0e9e5b0325 in bmp_bgp_attribute_updated_instance bgpd/bgp_bmp.c:3476 > sonic-net#5 0x7f0e9e5b0661 in bmp_bgp_attribute_updated bgpd/bgp_bmp.c:3526 > sonic-net#6 0x7f0e9e5b08ae in bmp_routerid_update bgpd/bgp_bmp.c:3547 > sonic-net#7 0x55cdc4bcbd88 in hook_call_bgp_routerid_update bgpd/bgpd.c:89 > sonic-net#8 0x55cdc4bccf0b in bgp_router_id_set bgpd/bgpd.c:305 > sonic-net#9 0x55cdc4bcd87d in bgp_router_id_zebra_bump bgpd/bgpd.c:393 > sonic-net#10 0x55cdc4ba87d5 in bgp_router_id_update bgpd/bgp_zebra.c:99 > sonic-net#11 0x7f0e9ede3f0b in zclient_read lib/zclient.c:4626 > sonic-net#12 0x7f0e9ed8074d in event_call lib/event.c:1996 > sonic-net#13 0x7f0e9ec48933 in frr_run lib/libfrr.c:1232 > sonic-net#14 0x55cdc48a9a27 in main bgpd/bgp_main.c:555 > sonic-net#15 0x7f0e9e629d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > > Direct leak of 81 byte(s) in 1 object(s) allocated from: > #0 0x7f0e9f2b4887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145 > sonic-net#1 0x7f0e9ec771f8 in qmalloc lib/memory.c:101 > sonic-net#2 0x7f0e9e5a2ed8 in bmp_bgp_peer_vrf bgpd/bgp_bmp.c:2207 > sonic-net#3 0x7f0e9e5a31a8 in bmp_bgp_update_vrf_status bgpd/bgp_bmp.c:2247 > sonic-net#4 0x7f0e9e5b0325 in bmp_bgp_attribute_updated_instance bgpd/bgp_bmp.c:3476 > sonic-net#5 0x7f0e9e5b0661 in bmp_bgp_attribute_updated bgpd/bgp_bmp.c:3526 > sonic-net#6 0x7f0e9e5b08ae in bmp_routerid_update bgpd/bgp_bmp.c:3547 > sonic-net#7 0x55cdc4bcbd88 in hook_call_bgp_routerid_update bgpd/bgpd.c:89 > sonic-net#8 0x55cdc4bccf0b in bgp_router_id_set bgpd/bgpd.c:305 > sonic-net#9 0x55cdc4bcd87d in bgp_router_id_zebra_bump bgpd/bgpd.c:393 > sonic-net#10 0x55cdc4ba87d5 in bgp_router_id_update bgpd/bgp_zebra.c:99 > sonic-net#11 0x7f0e9ede3f0b in zclient_read lib/zclient.c:4626 > sonic-net#12 0x7f0e9ed8074d in event_call lib/event.c:1996 > sonic-net#13 0x7f0e9ec48933 in frr_run lib/libfrr.c:1232 > sonic-net#14 0x55cdc48a9a27 in main bgpd/bgp_main.c:555 > sonic-net#15 0x7f0e9e629d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > > Direct leak of 64 byte(s) in 1 object(s) allocated from: > #0 0x7f0e9f2b4a57 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154 > sonic-net#1 0x7f0e9ec77235 in qcalloc lib/memory.c:106 > sonic-net#2 0x7f0e9e5a498d in bmp_imported_bgp_get bgpd/bgp_bmp.c:2441 > sonic-net#3 0x7f0e9e5acbed in bmp_import_vrf_magic bgpd/bgp_bmp.c:2855 > sonic-net#4 0x7f0e9e5a7f97 in bmp_import_vrf bgpd/bgp_bmp_clippy.c:147 > sonic-net#5 0x7f0e9ebb1178 in cmd_execute_command_real lib/command.c:1003 > sonic-net#6 0x7f0e9ebb1505 in cmd_execute_command lib/command.c:1062 > sonic-net#7 0x7f0e9ebb21d7 in cmd_execute lib/command.c:1228 > sonic-net#8 0x7f0e9ed90bf0 in vty_command lib/vty.c:626 > sonic-net#9 0x7f0e9ed95ad5 in vty_execute lib/vty.c:1389 > sonic-net#10 0x7f0e9ed9c01e in vtysh_read lib/vty.c:2408 > sonic-net#11 0x7f0e9ed8074d in event_call lib/event.c:1996 > sonic-net#12 0x7f0e9ec48933 in frr_run lib/libfrr.c:1232 > sonic-net#13 0x55cdc48a9a27 in main bgpd/bgp_main.c:555 > sonic-net#14 0x7f0e9e629d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > > Direct leak of 6 byte(s) in 1 object(s) allocated from: > #0 0x7f0e9f25b9a7 in __interceptor_strdup ../../../../src/libsanitizer/asan/asan_interceptors.cpp:454 > sonic-net#1 0x7f0e9ec772fa in qstrdup lib/memory.c:118 > sonic-net#2 0x55cdc4b57d54 in af_rd_vpn_export_magic bgpd/bgp_vty.c:9814 > sonic-net#3 0x55cdc4b288d7 in af_rd_vpn_export bgpd/bgp_vty_clippy.c:3493 > sonic-net#4 0x7f0e9ebb1178 in cmd_execute_command_real lib/command.c:1003 > sonic-net#5 0x7f0e9ebb1505 in cmd_execute_command lib/command.c:1062 > sonic-net#6 0x7f0e9ebb21d7 in cmd_execute lib/command.c:1228 > sonic-net#7 0x7f0e9ed90bf0 in vty_command lib/vty.c:626 > sonic-net#8 0x7f0e9ed95ad5 in vty_execute lib/vty.c:1389 > sonic-net#9 0x7f0e9ed9c01e in vtysh_read lib/vty.c:2408 > sonic-net#10 0x7f0e9ed8074d in event_call lib/event.c:1996 > sonic-net#11 0x7f0e9ec48933 in frr_run lib/libfrr.c:1232 > sonic-net#12 0x55cdc48a9a27 in main bgpd/bgp_main.c:555 > sonic-net#13 0x7f0e9e629d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > > Indirect leak of 5 byte(s) in 1 object(s) allocated from: > #0 0x7f0e9f25b9a7 in __interceptor_strdup ../../../../src/libsanitizer/asan/asan_interceptors.cpp:454 > sonic-net#1 0x7f0e9ec772fa in qstrdup lib/memory.c:118 > sonic-net#2 0x7f0e9e5a49ae in bmp_imported_bgp_get bgpd/bgp_bmp.c:2443 > sonic-net#3 0x7f0e9e5acbed in bmp_import_vrf_magic bgpd/bgp_bmp.c:2855 > sonic-net#4 0x7f0e9e5a7f97 in bmp_import_vrf bgpd/bgp_bmp_clippy.c:147 > sonic-net#5 0x7f0e9ebb1178 in cmd_execute_command_real lib/command.c:1003 > sonic-net#6 0x7f0e9ebb1505 in cmd_execute_command lib/command.c:1062 > sonic-net#7 0x7f0e9ebb21d7 in cmd_execute lib/command.c:1228 > sonic-net#8 0x7f0e9ed90bf0 in vty_command lib/vty.c:626 > sonic-net#9 0x7f0e9ed95ad5 in vty_execute lib/vty.c:1389 > sonic-net#10 0x7f0e9ed9c01e in vtysh_read lib/vty.c:2408 > sonic-net#11 0x7f0e9ed8074d in event_call lib/event.c:1996 > sonic-net#12 0x7f0e9ec48933 in frr_run lib/libfrr.c:1232 > sonic-net#13 0x55cdc48a9a27 in main bgpd/bgp_main.c:555 > sonic-net#14 0x7f0e9e629d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > > SUMMARY: AddressSanitizer: 237 byte(s) leaked in 5 allocation(s). Fix this by freeing the missing memory block that helps building the open message to send to remote bmp collector. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
eddieruan-alibaba
pushed a commit
to eddieruan-alibaba/sonic-frr
that referenced
this pull request
Mar 11, 2025
> ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f73891cb146 bp 0x7ffca86584c0 sp 0x7ffca8658490 T0) > ==837617==The signal is caused by a READ memory access. > ==837617==Hint: address points to the zero page. > #0 0x7f73891cb146 in bmp_targets_const_next bgpd/bgp_bmp.c:149 > sonic-net#1 0x7f73891cb1a5 in bmp_targets_next bgpd/bgp_bmp.c:149 > sonic-net#2 0x7f73891e875a in _bmp_vrf_state_changed_internal bgpd/bgp_bmp.c:3520 > sonic-net#3 0x7f73891e8922 in bmp_vrf_itf_state_changed bgpd/bgp_bmp.c:3566 > sonic-net#4 0x55e511af8d1b in hook_call_bgp_vrf_status_changed bgpd/bgp_zebra.c:64 > sonic-net#5 0x55e511afa304 in bgp_ifp_up bgpd/bgp_zebra.c:234 > sonic-net#6 0x7f738981c193 in hook_call_if_up lib/if.c:57 > sonic-net#7 0x7f738981d09a in if_up_via_zapi lib/if.c:203 > sonic-net#8 0x7f73899d6f54 in zclient_interface_up lib/zclient.c:2671 > sonic-net#9 0x7f73899e3e5a in zclient_read lib/zclient.c:4624 > sonic-net#10 0x7f738998078d in event_call lib/event.c:1996 > sonic-net#11 0x7f7389848933 in frr_run lib/libfrr.c:1232 > sonic-net#12 0x55e5117f7ae1 in main bgpd/bgp_main.c:557 > sonic-net#13 0x7f7389229d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > sonic-net#14 0x7f7389229e3f in __libc_start_main_impl ../csu/libc-start.c:392 > sonic-net#15 0x55e5117f4234 in _start (/usr/lib/frr/bgpd+0x2ec234) Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
eddieruan-alibaba
pushed a commit
to eddieruan-alibaba/sonic-frr
that referenced
this pull request
Mar 11, 2025
Some bgp evpn memory contexts are not freed at the end of the bgp process. > ================================================================= > ==1208677==ERROR: LeakSanitizer: detected memory leaks > > Direct leak of 96 byte(s) in 2 object(s) allocated from: > #0 0x7f93ad4b4a57 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154 > sonic-net#1 0x7f93ace77233 in qcalloc lib/memory.c:106 > sonic-net#2 0x563bb68f4df1 in process_type5_route bgpd/bgp_evpn.c:5084 > sonic-net#3 0x563bb68fb663 in bgp_nlri_parse_evpn bgpd/bgp_evpn.c:6302 > sonic-net#4 0x563bb69ea2a9 in bgp_nlri_parse bgpd/bgp_packet.c:347 > sonic-net#5 0x563bb69f7716 in bgp_update_receive bgpd/bgp_packet.c:2482 > sonic-net#6 0x563bb6a04d3b in bgp_process_packet bgpd/bgp_packet.c:4091 > sonic-net#7 0x7f93acf8082d in event_call lib/event.c:1996 > sonic-net#8 0x7f93ace48931 in frr_run lib/libfrr.c:1232 > sonic-net#9 0x563bb6880ae1 in main bgpd/bgp_main.c:557 > sonic-net#10 0x7f93ac829d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 Actually, the bgp evpn context may noy be used if adj rib in is unused. This may lead to memory leaks. Fix this by freeing the context in those corner cases. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
eddieruan-alibaba
pushed a commit
to eddieruan-alibaba/sonic-frr
that referenced
this pull request
Mar 11, 2025
When running the bgp_evpn_rt5 setup with unified config, memory leak about a non deleted BGP instance happens. > root@ubuntu2204hwe:~/frr/tests/topotests/bgp_evpn_rt5# cat /tmp/topotests/bgp_evpn_rt5.test_bgp_evpn/r1.asan.bgpd.1164105 > > ================================================================= > ==1164105==ERROR: LeakSanitizer: detected memory leaks > > Indirect leak of 12496 byte(s) in 1 object(s) allocated from: > #0 0x7f358eeb4a57 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154 > sonic-net#1 0x7f358e877233 in qcalloc lib/memory.c:106 > sonic-net#2 0x55d06c95680a in bgp_create bgpd/bgpd.c:3405 > sonic-net#3 0x55d06c95a7b3 in bgp_get bgpd/bgpd.c:3805 > sonic-net#4 0x55d06c87a9b5 in bgp_get_vty bgpd/bgp_vty.c:603 > sonic-net#5 0x55d06c68dc71 in bgp_evpn_local_l3vni_add bgpd/bgp_evpn.c:7032 > sonic-net#6 0x55d06c92989b in bgp_zebra_process_local_l3vni bgpd/bgp_zebra.c:3204 > sonic-net#7 0x7f358e9e3feb in zclient_read lib/zclient.c:4626 > sonic-net#8 0x7f358e98082d in event_call lib/event.c:1996 > sonic-net#9 0x7f358e848931 in frr_run lib/libfrr.c:1232 > sonic-net#10 0x55d06c60eae1 in main bgpd/bgp_main.c:557 > sonic-net#11 0x7f358e229d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 Actually, a BGP VRF Instance is created in auto mode when creating the global BGP instance for the L3 VNI. And again, an other BGP VRF instance is created. Fix this by ensuring that a non existing BGP instance is not present. If it is present, and with auto mode or in hidden mode, then override the AS value. Fixes: f153b9a ("bgpd: Ignore auto created VRF BGP instances") Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
eddieruan-alibaba
pushed a commit
to eddieruan-alibaba/sonic-frr
that referenced
this pull request
Mar 11, 2025
When staticd receives a `ZAPI_SRV6_SID_RELEASED` notification from SRv6
SID Manager, it tries to unset the validity flag of `sid`. But since
the `sid` variable is NULL, we get a NULL pointer dereference.
```
=================================================================
==13815==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000060 (pc 0xc14b813d9eac bp 0xffffcb135a40 sp 0xffffcb135a40 T0)
==13815==The signal is caused by a READ memory access.
==13815==Hint: address points to the zero page.
#0 0xc14b813d9eac in static_zebra_srv6_sid_notify staticd/static_zebra.c:1172
sonic-net#1 0xe44e7aa2c194 in zclient_read lib/zclient.c:4746
sonic-net#2 0xe44e7a9b69d8 in event_call lib/event.c:1984
sonic-net#3 0xe44e7a85ac28 in frr_run lib/libfrr.c:1246
sonic-net#4 0xc14b813ccf98 in main staticd/static_main.c:193
sonic-net#5 0xe44e7a4773f8 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
sonic-net#6 0xe44e7a4774c8 in __libc_start_main_impl ../csu/libc-start.c:392
sonic-net#7 0xc14b813cc92c in _start (/usr/lib/frr/staticd+0x1c92c)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV staticd/static_zebra.c:1172 in static_zebra_srv6_sid_notify
==13815==ABORTING
```
This commit fixes the problem by doing a SID lookup first. If the SID
can't be found, we log an error and return. If the SID is found, we go
ahead and unset the validity flag.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.