isisd. Add json to show summary command. #2

rampxxxx · 2022-02-23T11:44:53Z

A place to review locally ...

Signed-off-by: Javier Garcia [email protected]

Karen-Schoener

Looks good to me.

lynnemorrison

The code looks really good. Very minor nits that would probably be found with clang.

lynnemorrison · 2022-02-24T14:58:09Z

isisd/isisd.c

+							     1));
+			}
+		}
+		//


reason for the //? though out this file

lynnemorrison · 2022-02-24T15:00:31Z

isisd/isisd.c

      SHOW_STR PROTO_HELP VRF_CMD_HELP_STR
      "All VRFs\n"
+       "json output\n"


extra space here ?

lynnemorrison · 2022-02-24T15:55:55Z

isisd/isisd.c

 	}

-	vty_out(vty, "\n");


can you explain the vty_json command here. I was looking at other json code and it looks like they adds a "}\n" to end of the output.

by removing this from the vty_out will it cause any issues for existing shows?

I've copy this way of doing json/vty cmds from other examples (like in isis_te.c) and vty cmds works as expected.

Signed-off-by: Javier Garcia <[email protected]>

Fixing the crash: > #0 0x0000560aa80f8e30 in lspdb_const_find (h=<error reading variable: Cannot access memory at address 0x7fff5e95efe8>, item=<error reading variable: Cannot access memory at address 0x7fff5e95efe0>) at ./isisd/isis_lsp.h:64 > #1 0x0000560aa80f8e9d in lspdb_find (h=0x560aaa1ed3b8, item=0x7fff5e95f050) at ./isisd/isis_lsp.h:64 > #2 0x0000560aa80f92f9 in lsp_search (head=0x560aaa1ed3b8, id=0x7fff5e95f200 "") at isisd/isis_lsp.c:100 > FRRouting#3 0x0000560aa8113d69 in spf_adj_list_parse_tlv (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, id=0x560aad331a78 "", desig_is_id=0x0, pseudo_metric=0, metric=3, oldmetric=false, subtlvs=0x0) at isisd/isis_spf.c:1330 > FRRouting#4 0x0000560aa811419d in spf_adj_list_parse_lsp (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, lsp=0x560aaa1f4e50, pseudo_nodeid=0x0, pseudo_metric=0) at isisd/isis_spf.c:1429 > FRRouting#5 0x0000560aa81141fe in spf_adj_list_parse_lsp (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, lsp=0x560aaa1ff8e0, pseudo_nodeid=0x0, pseudo_metric=0) at isisd/isis_spf.c:1442 > FRRouting#6 0x0000560aa81141fe in spf_adj_list_parse_lsp (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, lsp=0x560aaa1f4e50, pseudo_nodeid=0x0, pseudo_metric=0) at isisd/isis_spf.c:1442 > (...) > #65507 0x0000560aa81141fe in spf_adj_list_parse_lsp (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, lsp=0x560aaa1ff8e0, pseudo_nodeid=0x0, pseudo_metric=0) at isisd/isis_spf.c:1442 > #65508 0x0000560aa81141fe in spf_adj_list_parse_lsp (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, lsp=0x560aaa1f4e50, pseudo_nodeid=0x0, pseudo_metric=0) at isisd/isis_spf.c:1442 > #65509 0x0000560aa81141fe in spf_adj_list_parse_lsp (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, lsp=0x560aaa1ff8e0, pseudo_nodeid=0x0, pseudo_metric=0) at isisd/isis_spf.c:1442 > #65510 0x0000560aa81141fe in spf_adj_list_parse_lsp (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, lsp=0x560aaa1f4e50, pseudo_nodeid=0x0, pseudo_metric=0) at isisd/isis_spf.c:1442 > #65511 0x0000560aa8114313 in isis_spf_build_adj_list (spftree=0x560aaa1f09d0, lsp=0x560aaa1f4e50) at isisd/isis_spf.c:1455 > #65512 0x0000560aa8114f09 in isis_run_spf (spftree=0x560aaa1f09d0) at isisd/isis_spf.c:1775 > #65513 0x0000560aa8115057 in isis_run_spf_with_protection (area=0x560aaa1ed3b0, spftree=0x560aaa1f09d0) at isisd/isis_spf.c:1801 > #65514 0x0000560aa8115311 in isis_run_spf_cb (thread=0x7fff5f15e5a0) at isisd/isis_spf.c:1859 > #65515 0x00007f90bac66dcc in thread_call (thread=0x7fff5f15e5a0) at lib/thread.c:2002 > #65516 0x00007f90bac013ee in frr_run (master=0x560aa9f5cb40) at lib/libfrr.c:1196 > #65517 0x0000560aa80e7da2 in main (argc=2, argv=0x7fff5f15e7b8, envp=0x7fff5f15e7d0) at isisd/isis_main.c:273 Fixes: 7b36d36 ("isisd: make the SPF code more modular") Signed-off-by: Louis Scalbert <[email protected]>

Fixing the crash: > #0 0x0000560aa80f8e30 in lspdb_const_find (h=<error reading variable: Cannot access memory at address 0x7fff5e95efe8>, item=<error reading variable: Cannot access memory at address 0x7fff5e95efe0>) at ./isisd/isis_lsp.h:64 > #1 0x0000560aa80f8e9d in lspdb_find (h=0x560aaa1ed3b8, item=0x7fff5e95f050) at ./isisd/isis_lsp.h:64 > #2 0x0000560aa80f92f9 in lsp_search (head=0x560aaa1ed3b8, id=0x7fff5e95f200 "") at isisd/isis_lsp.c:100 > FRRouting#3 0x0000560aa8113d69 in spf_adj_list_parse_tlv (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, id=0x560aad331a78 "", desig_is_id=0x0, pseudo_metric=0, metric=3, oldmetric=false, subtlvs=0x0) at isisd/isis_spf.c:1330 > FRRouting#4 0x0000560aa811419d in spf_adj_list_parse_lsp (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, lsp=0x560aaa1f4e50, pseudo_nodeid=0x0, pseudo_metric=0) at isisd/isis_spf.c:1429 > FRRouting#5 0x0000560aa81141fe in spf_adj_list_parse_lsp (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, lsp=0x560aaa1ff8e0, pseudo_nodeid=0x0, pseudo_metric=0) at isisd/isis_spf.c:1442 > FRRouting#6 0x0000560aa81141fe in spf_adj_list_parse_lsp (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, lsp=0x560aaa1f4e50, pseudo_nodeid=0x0, pseudo_metric=0) at isisd/isis_spf.c:1442 > (...) > #65507 0x0000560aa81141fe in spf_adj_list_parse_lsp (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, lsp=0x560aaa1ff8e0, pseudo_nodeid=0x0, pseudo_metric=0) at isisd/isis_spf.c:1442 > #65508 0x0000560aa81141fe in spf_adj_list_parse_lsp (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, lsp=0x560aaa1f4e50, pseudo_nodeid=0x0, pseudo_metric=0) at isisd/isis_spf.c:1442 > #65509 0x0000560aa81141fe in spf_adj_list_parse_lsp (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, lsp=0x560aaa1ff8e0, pseudo_nodeid=0x0, pseudo_metric=0) at isisd/isis_spf.c:1442 > #65510 0x0000560aa81141fe in spf_adj_list_parse_lsp (spftree=0x560aaa1f09d0, adj_list=0x560aaa214480, lsp=0x560aaa1f4e50, pseudo_nodeid=0x0, pseudo_metric=0) at isisd/isis_spf.c:1442 > #65511 0x0000560aa8114313 in isis_spf_build_adj_list (spftree=0x560aaa1f09d0, lsp=0x560aaa1f4e50) at isisd/isis_spf.c:1455 > #65512 0x0000560aa8114f09 in isis_run_spf (spftree=0x560aaa1f09d0) at isisd/isis_spf.c:1775 > #65513 0x0000560aa8115057 in isis_run_spf_with_protection (area=0x560aaa1ed3b0, spftree=0x560aaa1f09d0) at isisd/isis_spf.c:1801 > #65514 0x0000560aa8115311 in isis_run_spf_cb (thread=0x7fff5f15e5a0) at isisd/isis_spf.c:1859 > #65515 0x00007f90bac66dcc in thread_call (thread=0x7fff5f15e5a0) at lib/thread.c:2002 > #65516 0x00007f90bac013ee in frr_run (master=0x560aa9f5cb40) at lib/libfrr.c:1196 > #65517 0x0000560aa80e7da2 in main (argc=2, argv=0x7fff5f15e7b8, envp=0x7fff5f15e7d0) at isisd/isis_main.c:273 The fix is similar to the crash fix included in d9884a7 ("isisd: Prepare IS-IS for Link State support"). The fix was: > diff --git a/isisd/isis_lsp.c b/isisd/isis_lsp.c > index 94353a5bc8..92d329f035 100644 > --- a/isisd/isis_lsp.c > +++ b/isisd/isis_lsp.c > @@ -2166,7 +2178,7 @@ int isis_lsp_iterate_ip_reach(struct isis_lsp *lsp, int family, uint16_t mtid, > if (lsp->hdr.seqno == 0 || lsp->hdr.rem_lifetime == 0) > return LSP_ITER_CONTINUE; > > - /* Parse main LSP. */ > + /* Parse LSP */ > if (lsp->tlvs) { > if (!fabricd && !pseudo_lsp && family == AF_INET > && mtid == ISIS_MT_IPV4_UNICAST) { > @@ -2236,13 +2248,17 @@ int isis_lsp_iterate_ip_reach(struct isis_lsp *lsp, int family, uint16_t mtid, > } > } > > - /* Parse LSP fragments. */ > - for (ALL_LIST_ELEMENTS_RO(lsp->lspu.frags, node, frag)) { > - if (!frag->tlvs) > - continue; > + /* Parse LSP fragments if it is not a fragment itself */ > + if (!LSP_FRAGMENT(lsp->hdr.lsp_id)) > + for (ALL_LIST_ELEMENTS_RO(lsp->lspu.frags, node, frag)) { > + if (!frag->tlvs) > + continue; > > - isis_lsp_iterate_ip_reach(frag, family, mtid, cb, arg); > - } > + if (isis_lsp_iterate_ip_reach(frag, family, mtid, cb, > + arg) > + == LSP_ITER_STOP) > + return LSP_ITER_STOP; > + } > > return LSP_ITER_CONTINUE; > } Fixes: 7b36d36 ("isisd: make the SPF code more modular") Fixes: 5e56a50 ("isisd: fix infinite loop when parsing LSPs") Signed-off-by: Louis Scalbert <[email protected]>

Config data was being freed just prior to it being used for cleanup in shutdown. Prevent this from happening. ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142-================================================================= ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142:==2274142==ERROR: AddressSanitizer: heap-use-after-free on address 0x61d00000c880 at pc 0x0000004d94d1 bp 0x7ffd46637810 sp 0 x7ffd46637808 ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142-READ of size 4 at 0x61d00000c880 thread T0 ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142- #0 0x4d94d0 in ldp_rtr_id_get /home/sharpd/frr8/ldpd/ldpd.c:983:20 ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142- #1 0x56ff92 in gen_ldp_hdr /home/sharpd/frr8/ldpd/packet.c:47:19 ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142- #2 0x56a4b0 in send_notification_full /home/sharpd/frr8/ldpd/notification.c:49:9 ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142- FRRouting#3 0x56c4b3 in send_notification /home/sharpd/frr8/ldpd/notification.c:117:2 ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142- FRRouting#4 0x573fb7 in session_shutdown /home/sharpd/frr8/ldpd/packet.c:666:3 ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142- FRRouting#5 0x4e2ef1 in adj_del /home/sharpd/frr8/ldpd/adjacency.c:145:3 ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142- FRRouting#6 0x55d425 in ldpe_shutdown /home/sharpd/frr8/ldpd/ldpe.c:231:3 ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142- FRRouting#7 0x55a9a0 in ldpe_dispatch_main /home/sharpd/frr8/ldpd/ldpe.c:631:3 ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142- FRRouting#8 0x7f0c00c035e6 in thread_call /home/sharpd/frr8/lib/thread.c:2006:2 ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142- FRRouting#9 0x5586f2 in ldpe /home/sharpd/frr8/ldpd/ldpe.c:138:3 ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142- FRRouting#10 0x4d46d2 in main /home/sharpd/frr8/ldpd/ldpd.c:339:3 ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142- FRRouting#11 0x7f0c00476d09 in __libc_start_main csu/../csu/libc-start.c:308:16 ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142- FRRouting#12 0x429cb9 in _start (/usr/lib/frr/ldpd+0x429cb9) ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142- ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142-0x61d00000c880 is located 0 bytes inside of 2008-byte region [0x61d00000c880,0x61d00000d058) ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142-freed by thread T0 here: ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142- #0 0x4a3aad in free (/usr/lib/frr/ldpd+0x4a3aad) ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142- #1 0x4de6c8 in config_clear /home/sharpd/frr8/ldpd/ldpd.c:2001:2 ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142- #2 0x55d12d in ldpe_shutdown /home/sharpd/frr8/ldpd/ldpe.c:211:2 ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142- FRRouting#3 0x55a9a0 in ldpe_dispatch_main /home/sharpd/frr8/ldpd/ldpe.c:631:3 ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142- FRRouting#4 0x7f0c00c035e6 in thread_call /home/sharpd/frr8/lib/thread.c:2006:2 ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142- FRRouting#5 0x5586f2 in ldpe /home/sharpd/frr8/ldpd/ldpe.c:138:3 ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142- FRRouting#6 0x4d46d2 in main /home/sharpd/frr8/ldpd/ldpd.c:339:3 ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142- FRRouting#7 0x7f0c00476d09 in __libc_start_main csu/../csu/libc-start.c:308:16 ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142- ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142-previously allocated by thread T0 here: ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142- #0 0x4a3ea2 in calloc (/usr/lib/frr/ldpd+0x4a3ea2) ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142- #1 0x4d6146 in config_new_empty /home/sharpd/frr8/ldpd/ldpd.c:1967:10 ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142- #2 0x558678 in ldpe /home/sharpd/frr8/ldpd/ldpe.c:134:11 -- ./isis_rlfa_topo1.test_isis_rlfa_topo1/rt8.ldpd.asan.2274142- FRRouting#4 0x7f0c00476d09 in __libc_start_main csu/../csu/libc-start.c:308:16 Signed-off-by: Donald Sharp <[email protected]>

On shutdown a use after free was being seen of a route table. Basically the pointer was kept around and resent for cleanup. Probably something needs to be unwound to make this better in the future. Just cleaning up the use after free. ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929-================================================================= ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929:==911929==ERROR: AddressSanitizer: heap-use-after-free on address 0x606000127a00 at pc 0x7fb9ad546f5b bp 0x7ffc3cff0330 sp 0x7ffc3 cff0328 ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929-READ of size 8 at 0x606000127a00 thread T0 ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- #0 0x7fb9ad546f5a in route_table_free /home/sharpd/frr8/lib/table.c:103:13 ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- #1 0x7fb9ad546f04 in route_table_finish /home/sharpd/frr8/lib/table.c:61:2 ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- #2 0x6b94ba in zebra_ns_disable_internal /home/sharpd/frr8/zebra/zebra_ns.c:141:2 ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- FRRouting#3 0x6b9158 in zebra_ns_disabled /home/sharpd/frr8/zebra/zebra_ns.c:116:9 ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- FRRouting#4 0x7fb9ad43f0f5 in ns_disable_internal /home/sharpd/frr8/lib/netns_linux.c:273:4 ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- FRRouting#5 0x7fb9ad43e634 in ns_disable /home/sharpd/frr8/lib/netns_linux.c:368:2 ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- FRRouting#6 0x7fb9ad43e251 in ns_delete /home/sharpd/frr8/lib/netns_linux.c:330:2 ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- FRRouting#7 0x7fb9ad43fbb3 in ns_terminate /home/sharpd/frr8/lib/netns_linux.c:524:3 ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- FRRouting#8 0x54f8de in zebra_finalize /home/sharpd/frr8/zebra/main.c:232:2 ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- FRRouting#9 0x7fb9ad5655e6 in thread_call /home/sharpd/frr8/lib/thread.c:2006:2 ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- FRRouting#10 0x7fb9ad3d3343 in frr_run /home/sharpd/frr8/lib/libfrr.c:1198:3 ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- FRRouting#11 0x550b48 in main /home/sharpd/frr8/zebra/main.c:476:2 ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- FRRouting#12 0x7fb9acd30d09 in __libc_start_main csu/../csu/libc-start.c:308:16 ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- FRRouting#13 0x443549 in _start (/usr/lib/frr/zebra+0x443549) ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929-0x606000127a00 is located 0 bytes inside of 56-byte region [0x606000127a00,0x606000127a38) ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929-freed by thread T0 here: ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- #0 0x4bd33d in free (/usr/lib/frr/zebra+0x4bd33d) ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- #1 0x7fb9ad42cc80 in qfree /home/sharpd/frr8/lib/memory.c:141:2 ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- #2 0x7fb9ad547305 in route_table_free /home/sharpd/frr8/lib/table.c:141:2 ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- FRRouting#3 0x7fb9ad546f04 in route_table_finish /home/sharpd/frr8/lib/table.c:61:2 ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- FRRouting#4 0x6b94ba in zebra_ns_disable_internal /home/sharpd/frr8/zebra/zebra_ns.c:141:2 ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- FRRouting#5 0x6b9692 in zebra_ns_early_shutdown /home/sharpd/frr8/zebra/zebra_ns.c:164:2 ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- FRRouting#6 0x7fb9ad43f228 in ns_walk_func /home/sharpd/frr8/lib/netns_linux.c:386:9 ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- FRRouting#7 0x55014f in sigint /home/sharpd/frr8/zebra/main.c:194:2 ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- FRRouting#8 0x7fb9ad50db99 in frr_sigevent_process /home/sharpd/frr8/lib/sigevent.c:130:6 ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- FRRouting#9 0x7fb9ad560d07 in thread_fetch /home/sharpd/frr8/lib/thread.c:1775:4 ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- FRRouting#10 0x7fb9ad3d332d in frr_run /home/sharpd/frr8/lib/libfrr.c:1197:9 ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- FRRouting#11 0x550b48 in main /home/sharpd/frr8/zebra/main.c:476:2 -- ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- FRRouting#7 0x7fb9acd30d09 in __libc_start_main csu/../csu/libc-start.c:308:16 ./bfd_vrf_topo1.test_bfd_vrf_topo1/r2.zebra.asan.911929- Signed-off-by: Donald Sharp <[email protected]>

When changing the peers sockunion structure the bgp->peer list was not being updated properly. Since the peer's su is being used for a sorted insert then the change of it requires that the value be pulled out of the bgp->peer list and then put back into as well. Additionally ensure that the hash is always released on peer deletion. Lead to this from this decode in a address sanitizer run. ================================================================= ==30778==ERROR: AddressSanitizer: heap-use-after-free on address 0x62a0000d8440 at pc 0x7f48c9c5c547 bp 0x7ffcba272cb0 sp 0x7ffcba272ca8 READ of size 2 at 0x62a0000d8440 thread T0 #0 0x7f48c9c5c546 in sockunion_same lib/sockunion.c:425 #1 0x55cfefe3000f in peer_hash_same bgpd/bgpd.c:890 #2 0x7f48c9bde039 in hash_release lib/hash.c:209 FRRouting#3 0x55cfefe3373f in bgp_peer_conf_if_to_su_update bgpd/bgpd.c:1541 FRRouting#4 0x55cfefd0be7a in bgp_stop bgpd/bgp_fsm.c:1631 FRRouting#5 0x55cfefe4028f in peer_delete bgpd/bgpd.c:2362 FRRouting#6 0x55cfefdd5e97 in no_neighbor_interface_config bgpd/bgp_vty.c:4267 FRRouting#7 0x7f48c9b9d160 in cmd_execute_command_real lib/command.c:949 FRRouting#8 0x7f48c9ba1112 in cmd_execute_command lib/command.c:1009 FRRouting#9 0x7f48c9ba1573 in cmd_execute lib/command.c:1162 FRRouting#10 0x7f48c9c87402 in vty_command lib/vty.c:526 FRRouting#11 0x7f48c9c87832 in vty_execute lib/vty.c:1291 FRRouting#12 0x7f48c9c8e741 in vtysh_read lib/vty.c:2130 FRRouting#13 0x7f48c9c7a66d in thread_call lib/thread.c:1585 FRRouting#14 0x7f48c9bf64e7 in frr_run lib/libfrr.c:1123 FRRouting#15 0x55cfefc75a15 in main bgpd/bgp_main.c:540 FRRouting#16 0x7f48c96b009a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a) FRRouting#17 0x55cfefc787f9 in _start (/usr/lib/frr/bgpd+0xe27f9) 0x62a0000d8440 is located 576 bytes inside of 23376-byte region [0x62a0000d8200,0x62a0000ddd50) freed by thread T0 here: #0 0x7f48c9eb9fb0 in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.5+0xe8fb0) #1 0x55cfefe3fe42 in peer_free bgpd/bgpd.c:1113 #2 0x55cfefe3fe42 in peer_unlock_with_caller bgpd/bgpd.c:1144 FRRouting#3 0x55cfefe4092e in peer_delete bgpd/bgpd.c:2457 FRRouting#4 0x55cfefdd5e97 in no_neighbor_interface_config bgpd/bgp_vty.c:4267 FRRouting#5 0x7f48c9b9d160 in cmd_execute_command_real lib/command.c:949 FRRouting#6 0x7f48c9ba1112 in cmd_execute_command lib/command.c:1009 FRRouting#7 0x7f48c9ba1573 in cmd_execute lib/command.c:1162 FRRouting#8 0x7f48c9c87402 in vty_command lib/vty.c:526 FRRouting#9 0x7f48c9c87832 in vty_execute lib/vty.c:1291 FRRouting#10 0x7f48c9c8e741 in vtysh_read lib/vty.c:2130 FRRouting#11 0x7f48c9c7a66d in thread_call lib/thread.c:1585 FRRouting#12 0x7f48c9bf64e7 in frr_run lib/libfrr.c:1123 FRRouting#13 0x55cfefc75a15 in main bgpd/bgp_main.c:540 FRRouting#14 0x7f48c96b009a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a) Signed-off-by: Donald Sharp <[email protected]>

Address Sanitizer found this: ================================================================= ==418623==ERROR: LeakSanitizer: detected memory leaks Direct leak of 128 byte(s) in 4 object(s) allocated from: #0 0x4bd732 in calloc (/usr/lib/frr/zebra+0x4bd732) #1 0x7feaeab8f798 in qcalloc /home/sharpd/frr8/lib/memory.c:116:27 #2 0x7feaeaba40f4 in nexthop_group_new /home/sharpd/frr8/lib/nexthop_group.c:270:9 FRRouting#3 0x56859b in netlink_route_change_read_unicast /home/sharpd/frr8/zebra/rt_netlink.c:950:9 FRRouting#4 0x5651c2 in netlink_route_change /home/sharpd/frr8/zebra/rt_netlink.c:1204:2 FRRouting#5 0x54af15 in netlink_information_fetch /home/sharpd/frr8/zebra/kernel_netlink.c:407:10 FRRouting#6 0x53e7a3 in netlink_parse_info /home/sharpd/frr8/zebra/kernel_netlink.c:1184:12 FRRouting#7 0x548d46 in kernel_read /home/sharpd/frr8/zebra/kernel_netlink.c:501:2 FRRouting#8 0x7feaeacc87f6 in thread_call /home/sharpd/frr8/lib/thread.c:2006:2 FRRouting#9 0x7feaeab36503 in frr_run /home/sharpd/frr8/lib/libfrr.c:1198:3 FRRouting#10 0x550d38 in main /home/sharpd/frr8/zebra/main.c:476:2 FRRouting#11 0x7feaea492d09 in __libc_start_main csu/../csu/libc-start.c:308:16 Indirect leak of 576 byte(s) in 4 object(s) allocated from: #0 0x4bd732 in calloc (/usr/lib/frr/zebra+0x4bd732) #1 0x7feaeab8f798 in qcalloc /home/sharpd/frr8/lib/memory.c:116:27 #2 0x7feaeab9b3f8 in nexthop_new /home/sharpd/frr8/lib/nexthop.c:373:7 FRRouting#3 0x56875e in netlink_route_change_read_unicast /home/sharpd/frr8/zebra/rt_netlink.c:960:15 FRRouting#4 0x5651c2 in netlink_route_change /home/sharpd/frr8/zebra/rt_netlink.c:1204:2 FRRouting#5 0x54af15 in netlink_information_fetch /home/sharpd/frr8/zebra/kernel_netlink.c:407:10 FRRouting#6 0x53e7a3 in netlink_parse_info /home/sharpd/frr8/zebra/kernel_netlink.c:1184:12 FRRouting#7 0x548d46 in kernel_read /home/sharpd/frr8/zebra/kernel_netlink.c:501:2 FRRouting#8 0x7feaeacc87f6 in thread_call /home/sharpd/frr8/lib/thread.c:2006:2 FRRouting#9 0x7feaeab36503 in frr_run /home/sharpd/frr8/lib/libfrr.c:1198:3 FRRouting#10 0x550d38 in main /home/sharpd/frr8/zebra/main.c:476:2 FRRouting#11 0x7feaea492d09 in __libc_start_main csu/../csu/libc-start.c:308:16 SUMMARY: AddressSanitizer: 704 byte(s) leaked in 8 allocation(s). Fix this! Signed-off-by: Donald Sharp <[email protected]>

ASAN reported the following memleak: ``` Direct leak of 40 byte(s) in 1 object(s) allocated from: #0 0x4d4342 in calloc (/usr/lib/frr/bgpd+0x4d4342) #1 0xbc3d68 in qcalloc /home/sharpd/frr8/lib/memory.c:116:27 #2 0xb869f7 in list_new /home/sharpd/frr8/lib/linklist.c:64:9 FRRouting#3 0x5a38bc in bgp_evpn_remote_ip_hash_alloc /home/sharpd/frr8/bgpd/bgp_evpn.c:6789:24 FRRouting#4 0xb358d3 in hash_get /home/sharpd/frr8/lib/hash.c:162:13 FRRouting#5 0x593d39 in bgp_evpn_remote_ip_hash_add /home/sharpd/frr8/bgpd/bgp_evpn.c:6881:7 FRRouting#6 0x59dbbd in install_evpn_route_entry_in_vni_common /home/sharpd/frr8/bgpd/bgp_evpn.c:3049:2 FRRouting#7 0x59cfe0 in install_evpn_route_entry_in_vni_ip /home/sharpd/frr8/bgpd/bgp_evpn.c:3126:8 FRRouting#8 0x59c6f0 in install_evpn_route_entry /home/sharpd/frr8/bgpd/bgp_evpn.c:3318:8 FRRouting#9 0x59bb52 in install_uninstall_route_in_vnis /home/sharpd/frr8/bgpd/bgp_evpn.c:3888:10 FRRouting#10 0x59b6d2 in bgp_evpn_install_uninstall_table /home/sharpd/frr8/bgpd/bgp_evpn.c:4019:5 FRRouting#11 0x578857 in install_uninstall_evpn_route /home/sharpd/frr8/bgpd/bgp_evpn.c:4051:9 FRRouting#12 0x58ada6 in bgp_evpn_import_route /home/sharpd/frr8/bgpd/bgp_evpn.c:6049:9 FRRouting#13 0x713794 in bgp_update /home/sharpd/frr8/bgpd/bgp_route.c:4842:3 FRRouting#14 0x583fa0 in process_type2_route /home/sharpd/frr8/bgpd/bgp_evpn.c:4518:9 FRRouting#15 0x5824ba in bgp_nlri_parse_evpn /home/sharpd/frr8/bgpd/bgp_evpn.c:5732:8 FRRouting#16 0x6ae6a2 in bgp_nlri_parse /home/sharpd/frr8/bgpd/bgp_packet.c:363:10 FRRouting#17 0x6be6fa in bgp_update_receive /home/sharpd/frr8/bgpd/bgp_packet.c:2020:15 FRRouting#18 0x6b7433 in bgp_process_packet /home/sharpd/frr8/bgpd/bgp_packet.c:2929:11 FRRouting#19 0xd00146 in thread_call /home/sharpd/frr8/lib/thread.c:2006:2 ``` The list itself was not being cleaned up when the final list entry was removed, so make sure we do that instead of leaking memory. Signed-off-by: Trey Aspelund <[email protected]>

@NNN

Absolutely not possible to read the output and even distinguish the prefix we are looking for. Before: ``` donatas-pc# show ip bgp detail BGP table version is 12, local router ID is 192.168.10.17, vrf id 0 Default local pref 100, local AS 65002 Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path 65001 2a02:4780:abc::2 from 2a02:4780:abc::2 (200.200.200.202) (fe80::a00:27ff:fe5e:d19e) (used) Origin incomplete, metric 0, valid, external, multipath Last update: Tue Dec 13 22:53:16 2022 65001 192.168.10.124 from 192.168.10.124 (200.200.200.202) Origin incomplete, metric 0, valid, external, otc 65001, multipath, best (Neighbor IP) Last update: Tue Dec 13 22:53:16 2022 65001 2a02:4780:abc::2 from 2a02:4780:abc::2 (200.200.200.202) (fe80::a00:27ff:fe5e:d19e) (used) Origin IGP, metric 0, valid, external, multipath Last update: Tue Dec 13 22:53:16 2022 65001 192.168.10.124 from 192.168.10.124 (200.200.200.202) Origin IGP, metric 0, valid, external, otc 65001, multipath, best (Neighbor IP) Last update: Tue Dec 13 22:53:16 2022 ``` After: ``` donatas-pc# show ip bgp detail BGP table version is 12, local router ID is 192.168.10.17, vrf id 0 Default local pref 100, local AS 65002 BGP routing table entry for 10.0.2.0/24, version 1 Paths: (2 available, best #2, table default) Advertised to non peer-group peers: 2a02:4780:abc::2 65001 2a02:4780:abc::2 from 2a02:4780:abc::2 (200.200.200.202) (fe80::a00:27ff:fe5e:d19e) (used) Origin incomplete, metric 0, valid, external, multipath Last update: Tue Dec 13 22:47:16 2022 BGP routing table entry for 10.0.2.0/24, version 1 Paths: (2 available, best #2, table default) Advertised to non peer-group peers: 2a02:4780:abc::2 65001 192.168.10.124 from 192.168.10.124 (200.200.200.202) Origin incomplete, metric 0, valid, external, otc 65001, multipath, best (Neighbor IP) Last update: Tue Dec 13 22:47:16 2022 BGP routing table entry for 10.10.100.0/24, version 2 Paths: (2 available, best #2, table default) Advertised to non peer-group peers: 2a02:4780:abc::2 65001 2a02:4780:abc::2 from 2a02:4780:abc::2 (200.200.200.202) (fe80::a00:27ff:fe5e:d19e) (used) Origin IGP, metric 0, valid, external, multipath Last update: Tue Dec 13 22:47:16 2022 ``` Signed-off-by: Donatas Abraitis <[email protected]>

Fix crash on "show bgp all" when BGP EVPN is set. > #0 raise (sig=11) at ../sysdeps/unix/sysv/linux/raise.c:50 > #1 0x00007fdfe03cf53c in core_handler (signo=11, siginfo=0x7ffdebbffe30, context=0x7ffdebbffd00) at lib/sigevent.c:261 > #2 <signal handler called> > FRRouting#3 0x00000000004d4fec in bgp_attr_get_community (attr=0x41) at bgpd/bgp_attr.h:553 > FRRouting#4 0x00000000004eee84 in bgp_show_table (vty=0x1a790d0, bgp=0x19d0a00, safi=SAFI_EVPN, table=0x19f6010, type=bgp_show_type_normal, output_arg=0x0, rd=0x0, is_last=1, output_cum=0x0, > total_cum=0x0, json_header_depth=0x7ffdebc00bf8, show_flags=4, rpki_target_state=RPKI_NOT_BEING_USED) at bgpd/bgp_route.c:11329 > FRRouting#5 0x00000000004f7765 in bgp_show (vty=0x1a790d0, bgp=0x19d0a00, afi=AFI_L2VPN, safi=SAFI_EVPN, type=bgp_show_type_normal, output_arg=0x0, show_flags=4, > rpki_target_state=RPKI_NOT_BEING_USED) at bgpd/bgp_route.c:11814 > FRRouting#6 0x00000000004fb53b in show_ip_bgp_magic (self=0x6752b0 <show_ip_bgp_cmd>, vty=0x1a790d0, argc=3, argv=0x19cb050, viewvrfname=0x0, all=0x1395390 "all", aa_nn=0x0, community_list=0, > community_list_str=0x0, community_list_name=0x0, as_path_filter_name=0x0, prefix_list=0x0, accesslist_name=0x0, rmap_name=0x0, version=0, version_str=0x0, alias_name=0x0, > orr_group_name=0x0, detail_routes=0x0, uj=0x0, detail_json=0x0, wide=0x0) at bgpd/bgp_route.c:13040 > FRRouting#7 0x00000000004fa322 in show_ip_bgp (self=0x6752b0 <show_ip_bgp_cmd>, vty=0x1a790d0, argc=3, argv=0x19cb050) at ./bgpd/bgp_route_clippy.c:519 > FRRouting#8 0x00007fdfe033ccc8 in cmd_execute_command_real (vline=0x19c9300, filter=FILTER_RELAXED, vty=0x1a790d0, cmd=0x0, up_level=0) at lib/command.c:996 > FRRouting#9 0x00007fdfe033c739 in cmd_execute_command (vline=0x19c9300, vty=0x1a790d0, cmd=0x0, vtysh=0) at lib/command.c:1056 > FRRouting#10 0x00007fdfe033cdf5 in cmd_execute (vty=0x1a790d0, cmd=0x19c9eb0 "show bgp all", matched=0x0, vtysh=0) at lib/command.c:1223 > FRRouting#11 0x00007fdfe03f65c6 in vty_command (vty=0x1a790d0, buf=0x19c9eb0 "show bgp all") at lib/vty.c:486 > FRRouting#12 0x00007fdfe03f603b in vty_execute (vty=0x1a790d0) at lib/vty.c:1249 > FRRouting#13 0x00007fdfe03f533b in vtysh_read (thread=0x7ffdebc03838) at lib/vty.c:2148 > FRRouting#14 0x00007fdfe03e815d in thread_call (thread=0x7ffdebc03838) at lib/thread.c:2006 > FRRouting#15 0x00007fdfe0379b54 in frr_run (master=0x1246880) at lib/libfrr.c:1198 > FRRouting#16 0x000000000042b2a8 in main (argc=7, argv=0x7ffdebc03af8) at bgpd/bgp_main.c:520 Link: FRRouting#12576 Signed-off-by: Louis Scalbert <[email protected]>

The `bgp_vrf->vrf_prd_pretty` string was not properly freed, leading to a memory leak. This commit resolves the memory leak by freeing the memory allocated for `bgp_vrf->vrf_prd_pretty` before returning from the function. The ASan leak log for reference: ``` *********************************************************************************** Address Sanitizer Error detected in evpn_type5_test_topo1.test_evpn_type5_topo1/e1.asan.bgpd.17689 ================================================================= ==17689==ERROR: LeakSanitizer: detected memory leaks Direct leak of 15 byte(s) in 1 object(s) allocated from: #0 0x7fdd94fc0538 in strdup (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x77538) #1 0x55e28d9c4c6c in qstrdup lib/memory.c:117 #2 0x55e28d6c0d27 in evpn_configure_vrf_rd bgpd/bgp_evpn_vty.c:2297 FRRouting#3 0x55e28d6c0d27 in bgp_evpn_vrf_rd bgpd/bgp_evpn_vty.c:6271 FRRouting#4 0x55e28d94c155 in cmd_execute_command_real lib/command.c:994 FRRouting#5 0x55e28d94c622 in cmd_execute_command lib/command.c:1053 FRRouting#6 0x55e28d94ca99 in cmd_execute lib/command.c:1221 FRRouting#7 0x55e28da6d7d4 in vty_command lib/vty.c:591 FRRouting#8 0x55e28da6dc6e in vty_execute lib/vty.c:1354 FRRouting#9 0x55e28da7644d in vtysh_read lib/vty.c:2362 FRRouting#10 0x55e28da616e2 in event_call lib/event.c:1995 FRRouting#11 0x55e28d9a7a65 in frr_run lib/libfrr.c:1213 FRRouting#12 0x55e28d63ef00 in main bgpd/bgp_main.c:505 FRRouting#13 0x7fdd93883c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) SUMMARY: AddressSanitizer: 15 byte(s) leaked in 1 allocation(s). *********************************************************************************** ``` Signed-off-by: Keelan Cannoo <[email protected]>

`bmnc->nh` was not properly freed, leading to a memory leak. The commit adds a check to ensure that the `bmnc->nh` member variable is freed if it exists. The ASan leak log for reference: ``` *********************************************************************************** Address Sanitizer Error detected in bgp_vpnv4_asbr.test_bgp_vpnv4_asbr/r2.asan.bgpd.6382 ================================================================= ==6382==ERROR: LeakSanitizer: detected memory leaks Direct leak of 720 byte(s) in 5 object(s) allocated from: #0 0x7f6a80d02d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x55c9afd7c81c in qcalloc lib/memory.c:105 #2 0x55c9afd9166b in nexthop_new lib/nexthop.c:358 FRRouting#3 0x55c9afd93aaa in nexthop_dup lib/nexthop.c:843 FRRouting#4 0x55c9afad39bb in bgp_mplsvpn_nh_label_bind_register_local_label bgpd/bgp_mplsvpn.c:4259 FRRouting#5 0x55c9afb1c5e9 in bgp_mplsvpn_handle_label_allocation bgpd/bgp_route.c:3239 FRRouting#6 0x55c9afb1c5e9 in bgp_process_main_one bgpd/bgp_route.c:3339 FRRouting#7 0x55c9afb1d2c1 in bgp_process_wq bgpd/bgp_route.c:3591 FRRouting#8 0x55c9afe33df9 in work_queue_run lib/workqueue.c:266 FRRouting#9 0x55c9afe198e2 in event_call lib/event.c:1995 FRRouting#10 0x55c9afd5fc6f in frr_run lib/libfrr.c:1213 FRRouting#11 0x55c9af9f6f00 in main bgpd/bgp_main.c:505 FRRouting#12 0x7f6a7f55ec86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 16 byte(s) in 2 object(s) allocated from: #0 0x7f6a80d02d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x55c9afd7c81c in qcalloc lib/memory.c:105 #2 0x55c9afd91ce8 in nexthop_add_labels lib/nexthop.c:536 FRRouting#3 0x55c9afd93754 in nexthop_copy_no_recurse lib/nexthop.c:802 FRRouting#4 0x55c9afd939fb in nexthop_copy lib/nexthop.c:821 FRRouting#5 0x55c9afd93abb in nexthop_dup lib/nexthop.c:845 FRRouting#6 0x55c9afad39bb in bgp_mplsvpn_nh_label_bind_register_local_label bgpd/bgp_mplsvpn.c:4259 FRRouting#7 0x55c9afb1c5e9 in bgp_mplsvpn_handle_label_allocation bgpd/bgp_route.c:3239 FRRouting#8 0x55c9afb1c5e9 in bgp_process_main_one bgpd/bgp_route.c:3339 FRRouting#9 0x55c9afb1d2c1 in bgp_process_wq bgpd/bgp_route.c:3591 FRRouting#10 0x55c9afe33df9 in work_queue_run lib/workqueue.c:266 FRRouting#11 0x55c9afe198e2 in event_call lib/event.c:1995 FRRouting#12 0x55c9afd5fc6f in frr_run lib/libfrr.c:1213 FRRouting#13 0x55c9af9f6f00 in main bgpd/bgp_main.c:505 FRRouting#14 0x7f6a7f55ec86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) SUMMARY: AddressSanitizer: 736 byte(s) leaked in 7 allocation(s). *********************************************************************************** ``` Signed-off-by: Keelan Cannoo <[email protected]>

In the function ospf_lsa_translated_nssa_new the newly created lsa is lock however, the return lsa from ospf_lsa_new already has a lock. Therefore removing the addition lock resolve the leak below. ospf_basic_functionality.test_ospf_nssa#r3.asan.ospfd.5456 ================================================================= ==5456==ERROR: LeakSanitizer: detected memory leaks Direct leak of 640 byte(s) in 5 object(s) allocated from: #0 0x7f294f354a37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154 #1 0x7f294eeed562 in qcalloc ../lib/memory.c:105 #2 0x561a16004f60 in ospf_lsa_new ../ospfd/ospf_lsa.c:186 FRRouting#3 0x561a160051a1 in ospf_lsa_new_and_data ../ospfd/ospf_lsa.c:205 FRRouting#4 0x561a1600f21d in ospf_exnl_lsa_prepare_and_flood ../ospfd/ospf_lsa.c:1762 FRRouting#5 0x561a1600fd71 in ospf_external_lsa_new ../ospfd/ospf_lsa.c:1863 FRRouting#6 0x561a160107d7 in ospf_lsa_translated_nssa_new ../ospfd/ospf_lsa.c:1985 FRRouting#7 0x561a16011cfb in ospf_translated_nssa_refresh ../ospfd/ospf_lsa.c:2152 FRRouting#8 0x561a16014bb2 in ospf_external_lsa_install ../ospfd/ospf_lsa.c:2871 FRRouting#9 0x561a1601596b in ospf_lsa_install ../ospfd/ospf_lsa.c:3076 FRRouting#10 0x561a16168b3c in ospf_flood ../ospfd/ospf_flood.c:482 FRRouting#11 0x561a160462f8 in ospf_ls_upd ../ospfd/ospf_packet.c:2115 FRRouting#12 0x561a1604c66c in ospf_read_helper ../ospfd/ospf_packet.c:3198 FRRouting#13 0x561a1604c88e in ospf_read ../ospfd/ospf_packet.c:3229 FRRouting#14 0x7f294efd6c33 in event_call ../lib/event.c:1995 FRRouting#15 0x7f294eec134a in frr_run ../lib/libfrr.c:1213 FRRouting#16 0x561a15fd3b6d in main ../ospfd/ospf_main.c:249 FRRouting#17 0x7f294e998d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 Objects leaked above: 0x60c000062800 (128 bytes) 0x60c000062c80 (128 bytes) 0x60c0000631c0 (128 bytes) 0x60c000063700 (128 bytes) 0x60c000063d00 (128 bytes) Direct leak of 640 byte(s) in 5 object(s) allocated from: #0 0x7f294f354a37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154 #1 0x7f294eeed562 in qcalloc ../lib/memory.c:105 #2 0x561a16004f60 in ospf_lsa_new ../ospfd/ospf_lsa.c:186 FRRouting#3 0x561a160051a1 in ospf_lsa_new_and_data ../ospfd/ospf_lsa.c:205 FRRouting#4 0x561a1600f21d in ospf_exnl_lsa_prepare_and_flood ../ospfd/ospf_lsa.c:1762 FRRouting#5 0x561a1600fd71 in ospf_external_lsa_new ../ospfd/ospf_lsa.c:1863 FRRouting#6 0x561a160107d7 in ospf_lsa_translated_nssa_new ../ospfd/ospf_lsa.c:1985 FRRouting#7 0x561a16010e10 in ospf_translated_nssa_originate ../ospfd/ospf_lsa.c:2034 FRRouting#8 0x561a16136559 in ospf_abr_translate_nssa ../ospfd/ospf_abr.c:668 FRRouting#9 0x561a161383da in ospf_abr_process_nssa_translates ../ospfd/ospf_abr.c:968 FRRouting#10 0x561a1613f9b8 in ospf_abr_nssa_task ../ospfd/ospf_abr.c:2054 FRRouting#11 0x561a161402e5 in ospf_abr_task_timer ../ospfd/ospf_abr.c:2168 FRRouting#12 0x7f294efd6c33 in event_call ../lib/event.c:1995 FRRouting#13 0x7f294eec134a in frr_run ../lib/libfrr.c:1213 FRRouting#14 0x561a15fd3b6d in main ../ospfd/ospf_main.c:249 FRRouting#15 0x7f294e998d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 Objects leaked above: 0x60c00003e380 (128 bytes) 0x60c00003e740 (128 bytes) 0x60c00003eb00 (128 bytes) 0x60c00005fd40 (128 bytes) 0x60c00005ff80 (128 bytes) Indirect leak of 180 byte(s) in 5 object(s) allocated from: #0 0x7f294f354a37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154 #1 0x7f294eeed562 in qcalloc ../lib/memory.c:105 #2 0x561a16005a43 in ospf_lsa_data_new ../ospfd/ospf_lsa.c:296 FRRouting#3 0x561a160051b1 in ospf_lsa_new_and_data ../ospfd/ospf_lsa.c:206 FRRouting#4 0x561a1600f21d in ospf_exnl_lsa_prepare_and_flood ../ospfd/ospf_lsa.c:1762 FRRouting#5 0x561a1600fd71 in ospf_external_lsa_new ../ospfd/ospf_lsa.c:1863 FRRouting#6 0x561a160107d7 in ospf_lsa_translated_nssa_new ../ospfd/ospf_lsa.c:1985 FRRouting#7 0x561a16011cfb in ospf_translated_nssa_refresh ../ospfd/ospf_lsa.c:2152 FRRouting#8 0x561a16014bb2 in ospf_external_lsa_install ../ospfd/ospf_lsa.c:2871 FRRouting#9 0x561a1601596b in ospf_lsa_install ../ospfd/ospf_lsa.c:3076 FRRouting#10 0x561a16168b3c in ospf_flood ../ospfd/ospf_flood.c:482 FRRouting#11 0x561a160462f8 in ospf_ls_upd ../ospfd/ospf_packet.c:2115 FRRouting#12 0x561a1604c66c in ospf_read_helper ../ospfd/ospf_packet.c:3198 FRRouting#13 0x561a1604c88e in ospf_read ../ospfd/ospf_packet.c:3229 FRRouting#14 0x7f294efd6c33 in event_call ../lib/event.c:1995 FRRouting#15 0x7f294eec134a in frr_run ../lib/libfrr.c:1213 FRRouting#16 0x561a15fd3b6d in main ../ospfd/ospf_main.c:249 FRRouting#17 0x7f294e998d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 Objects leaked above: 0x60400003f890 (36 bytes) 0x60400003f990 (36 bytes) 0x60400003fa50 (36 bytes) 0x60400003fb10 (36 bytes) 0x60400003fbd0 (36 bytes) Indirect leak of 180 byte(s) in 5 object(s) allocated from: #0 0x7f294f354a37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154 #1 0x7f294eeed562 in qcalloc ../lib/memory.c:105 #2 0x561a16005a43 in ospf_lsa_data_new ../ospfd/ospf_lsa.c:296 FRRouting#3 0x561a160051b1 in ospf_lsa_new_and_data ../ospfd/ospf_lsa.c:206 FRRouting#4 0x561a1600f21d in ospf_exnl_lsa_prepare_and_flood ../ospfd/ospf_lsa.c:1762 FRRouting#5 0x561a1600fd71 in ospf_external_lsa_new ../ospfd/ospf_lsa.c:1863 FRRouting#6 0x561a160107d7 in ospf_lsa_translated_nssa_new ../ospfd/ospf_lsa.c:1985 FRRouting#7 0x561a16010e10 in ospf_translated_nssa_originate ../ospfd/ospf_lsa.c:2034 FRRouting#8 0x561a16136559 in ospf_abr_translate_nssa ../ospfd/ospf_abr.c:668 FRRouting#9 0x561a161383da in ospf_abr_process_nssa_translates ../ospfd/ospf_abr.c:968 FRRouting#10 0x561a1613f9b8 in ospf_abr_nssa_task ../ospfd/ospf_abr.c:2054 FRRouting#11 0x561a161402e5 in ospf_abr_task_timer ../ospfd/ospf_abr.c:2168 FRRouting#12 0x7f294efd6c33 in event_call ../lib/event.c:1995 FRRouting#13 0x7f294eec134a in frr_run ../lib/libfrr.c:1213 FRRouting#14 0x561a15fd3b6d in main ../ospfd/ospf_main.c:249 FRRouting#15 0x7f294e998d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 Objects leaked above: 0x60400003c6d0 (36 bytes) 0x60400003c790 (36 bytes) 0x60400003c810 (36 bytes) 0x60400003c890 (36 bytes) 0x60400003c910 (36 bytes) SUMMARY: AddressSanitizer: 1640 byte(s) leaked in 20 allocation(s). Signed-off-by: ryndia <[email protected]>

When `dplane_fpm_nl` receives a route, it allocates memory for a dplane context and calls `netlink_route_change_read_unicast_internal` without initializing the `intf_extra_list` contained in the dplane context. If `netlink_route_change_read_unicast_internal` is not able to process the route, we call `dplane_ctx_fini` to free the dplane context. This causes a crash because `dplane_ctx_fini` attempts to access the intf_extra_list which is not initialized. To solve this issue, we can call `dplane_ctx_route_init`to initialize the dplane route context properly, just after the dplane context allocation. (gdb) bt #0 0x0000555dd5ceae80 in dplane_intf_extra_list_pop (h=0x7fae1c007e68) at ../zebra/zebra_dplane.c:427 #1 dplane_ctx_free_internal (ctx=0x7fae1c0074b0) at ../zebra/zebra_dplane.c:724 #2 0x0000555dd5cebc99 in dplane_ctx_free (pctx=0x7fae2aa88c98) at ../zebra/zebra_dplane.c:869 FRRouting#3 dplane_ctx_free (pctx=0x7fae2aa88c98, pctx@entry=0x7fae2aa78c28) at ../zebra/zebra_dplane.c:855 FRRouting#4 dplane_ctx_fini (pctx=pctx@entry=0x7fae2aa88c98) at ../zebra/zebra_dplane.c:890 FRRouting#5 0x00007fae31e93f29 in fpm_read (t=) at ../zebra/dplane_fpm_nl.c:605 FRRouting#6 0x00007fae325191dd in thread_call (thread=thread@entry=0x7fae2aa98da0) at ../lib/thread.c:2006 FRRouting#7 0x00007fae324c42b8 in fpt_run (arg=0x555dd74777c0) at ../lib/frr_pthread.c:309 FRRouting#8 0x00007fae32405ea7 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0 FRRouting#9 0x00007fae32325a2f in clone () from /lib/x86_64-linux-gnu/libc.so.6 Fixes: FRRouting#13754 Signed-off-by: Carmine Scarpitta <[email protected]>

Addressed a memory leak in OSPF by fixing the improper deallocation of area range nodes when removed from the table. Introducing a new function, `ospf_range_table_node_destroy` for proper node cleanup, resolved the issue. The ASan leak log for reference: ``` Direct leak of 56 byte(s) in 2 object(s) allocated from: #0 0x7faf661d1d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7faf65bce1e9 in qcalloc lib/memory.c:105 #2 0x55a66e0b61cd in ospf_area_range_new ospfd/ospf_abr.c:43 FRRouting#3 0x55a66e0b61cd in ospf_area_range_set ospfd/ospf_abr.c:195 FRRouting#4 0x55a66e07f2eb in ospf_area_range ospfd/ospf_vty.c:631 FRRouting#5 0x7faf65b51548 in cmd_execute_command_real lib/command.c:993 FRRouting#6 0x7faf65b51f79 in cmd_execute_command_strict lib/command.c:1102 FRRouting#7 0x7faf65b51fd8 in command_config_read_one_line lib/command.c:1262 FRRouting#8 0x7faf65b522bf in config_from_file lib/command.c:1315 FRRouting#9 0x7faf65c832df in vty_read_file lib/vty.c:2605 FRRouting#10 0x7faf65c83409 in vty_read_config lib/vty.c:2851 FRRouting#11 0x7faf65bb0341 in frr_config_read_in lib/libfrr.c:977 FRRouting#12 0x7faf65c6cceb in event_call lib/event.c:1979 FRRouting#13 0x7faf65bb1488 in frr_run lib/libfrr.c:1213 FRRouting#14 0x55a66dfb28c4 in main ospfd/ospf_main.c:249 FRRouting#15 0x7faf651c9c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) SUMMARY: AddressSanitizer: 56 byte(s) leaked in 2 allocation(s). ``` Signed-off-by: Keelan Cannoo <[email protected]>

This commit frees dynamically allocated memory associated with `pbrms->nhgrp_name` and `pbrms->dst` which were causing memory leaks. The ASan leak log for reference: ``` ================================================================= ==107458==ERROR: LeakSanitizer: detected memory leaks Direct leak of 56 byte(s) in 1 object(s) allocated from: #0 0x7f87d644ca37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154 #1 0x7f87d5feaa37 in qcalloc ../lib/memory.c:105 #2 0x7f87d6054ffd in prefix_new ../lib/prefix.c:1180 FRRouting#3 0x55722f3c2885 in pbr_map_match_dst_magic ../pbrd/pbr_vty.c:302 FRRouting#4 0x55722f3b5c24 in pbr_map_match_dst pbrd/pbr_vty_clippy.c:228 FRRouting#5 0x7f87d5f32d61 in cmd_execute_command_real ../lib/command.c:993 FRRouting#6 0x7f87d5f330ee in cmd_execute_command ../lib/command.c:1052 FRRouting#7 0x7f87d5f33dc0 in cmd_execute ../lib/command.c:1218 FRRouting#8 0x7f87d60e4177 in vty_command ../lib/vty.c:591 FRRouting#9 0x7f87d60e905c in vty_execute ../lib/vty.c:1354 FRRouting#10 0x7f87d60ef45a in vtysh_read ../lib/vty.c:2362 FRRouting#11 0x7f87d60d42d4 in event_call ../lib/event.c:1979 FRRouting#12 0x7f87d5fbe828 in frr_run ../lib/libfrr.c:1213 FRRouting#13 0x55722f3ac795 in main ../pbrd/pbr_main.c:168 FRRouting#14 0x7f87d5b82d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 Direct leak of 2 byte(s) in 1 object(s) allocated from: #0 0x7f87d63f39a7 in __interceptor_strdup ../../../../src/libsanitizer/asan/asan_interceptors.cpp:454 #1 0x7f87d5feaafc in qstrdup ../lib/memory.c:117 #2 0x55722f3da139 in pbr_nht_set_seq_nhg ../pbrd/pbr_nht.c:551 FRRouting#3 0x55722f3c693f in pbr_map_nexthop_group_magic ../pbrd/pbr_vty.c:1140 FRRouting#4 0x55722f3bdaae in pbr_map_nexthop_group pbrd/pbr_vty_clippy.c:1284 FRRouting#5 0x7f87d5f32d61 in cmd_execute_command_real ../lib/command.c:993 FRRouting#6 0x7f87d5f330ee in cmd_execute_command ../lib/command.c:1052 FRRouting#7 0x7f87d5f33dc0 in cmd_execute ../lib/command.c:1218 FRRouting#8 0x7f87d60e4177 in vty_command ../lib/vty.c:591 FRRouting#9 0x7f87d60e905c in vty_execute ../lib/vty.c:1354 FRRouting#10 0x7f87d60ef45a in vtysh_read ../lib/vty.c:2362 FRRouting#11 0x7f87d60d42d4 in event_call ../lib/event.c:1979 FRRouting#12 0x7f87d5fbe828 in frr_run ../lib/libfrr.c:1213 FRRouting#13 0x55722f3ac795 in main ../pbrd/pbr_main.c:168 FRRouting#14 0x7f87d5b82d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 SUMMARY: AddressSanitizer: 58 byte(s) leaked in 2 allocation(s). ``` Signed-off-by: Keelan Cannoo <[email protected]>

Fixes a memory leak in ospfd where the external aggregator was not released after its associated route node is deleted. The ASan leak log for reference: ``` *********************************************************************************** Address Sanitizer Error detected in ospf_basic_functionality.test_ospf_asbr_summary_topo1/r0.asan.ospfd.31502 ================================================================= ==31502==ERROR: LeakSanitizer: detected memory leaks Direct leak of 200 byte(s) in 5 object(s) allocated from: #0 0x7fdb30665d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7fdb300620da in qcalloc lib/memory.c:105 #2 0x55e53c2da5fa in ospf_external_aggregator_new ospfd/ospf_asbr.c:396 FRRouting#3 0x55e53c2dead3 in ospf_asbr_external_aggregator_set ospfd/ospf_asbr.c:1123 FRRouting#4 0x55e53c27c921 in ospf_external_route_aggregation ospfd/ospf_vty.c:10264 FRRouting#5 0x7fdb2ffe5428 in cmd_execute_command_real lib/command.c:993 FRRouting#6 0x7fdb2ffe58ec in cmd_execute_command lib/command.c:1051 FRRouting#7 0x7fdb2ffe5d6b in cmd_execute lib/command.c:1218 FRRouting#8 0x7fdb3010ce2a in vty_command lib/vty.c:591 FRRouting#9 0x7fdb3010d2d5 in vty_execute lib/vty.c:1354 FRRouting#10 0x7fdb30115b9b in vtysh_read lib/vty.c:2362 FRRouting#11 0x7fdb30100b99 in event_call lib/event.c:1979 FRRouting#12 0x7fdb30045379 in frr_run lib/libfrr.c:1213 FRRouting#13 0x55e53c1ccab4 in main ospfd/ospf_main.c:249 FRRouting#14 0x7fdb2f65dc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 40 byte(s) in 1 object(s) allocated from: #0 0x7fdb30665d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7fdb300620da in qcalloc lib/memory.c:105 #2 0x55e53c2da5fa in ospf_external_aggregator_new ospfd/ospf_asbr.c:396 FRRouting#3 0x55e53c2dedd3 in ospf_asbr_external_rt_no_advertise ospfd/ospf_asbr.c:1182 FRRouting#4 0x55e53c27cf10 in ospf_external_route_aggregation_no_adrvertise ospfd/ospf_vty.c:10626 FRRouting#5 0x7fdb2ffe5428 in cmd_execute_command_real lib/command.c:993 FRRouting#6 0x7fdb2ffe58ec in cmd_execute_command lib/command.c:1051 FRRouting#7 0x7fdb2ffe5d6b in cmd_execute lib/command.c:1218 FRRouting#8 0x7fdb3010ce2a in vty_command lib/vty.c:591 FRRouting#9 0x7fdb3010d2d5 in vty_execute lib/vty.c:1354 FRRouting#10 0x7fdb30115b9b in vtysh_read lib/vty.c:2362 FRRouting#11 0x7fdb30100b99 in event_call lib/event.c:1979 FRRouting#12 0x7fdb30045379 in frr_run lib/libfrr.c:1213 FRRouting#13 0x55e53c1ccab4 in main ospfd/ospf_main.c:249 FRRouting#14 0x7fdb2f65dc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) SUMMARY: AddressSanitizer: 240 byte(s) leaked in 6 allocation(s). *********************************************************************************** ``` Signed-off-by: Keelan Cannoo <[email protected]>

Extend Router Capabilities TLV format function to return information about SRv6 Capabilities Sub-TLVs (RFC 9352 section #2). Signed-off-by: Carmine Scarpitta <[email protected]>

`ng` was not properly freed, leading to a memory leak. The commit calls `nexthop_group_delete` to free memory associated with `ng`. The ASan leak log for reference: ``` *********************************************************************************** Address Sanitizer Error detected in isis_topo1.test_isis_topo1/r5.asan.zebra.24308 ================================================================= ==24308==ERROR: LeakSanitizer: detected memory leaks Direct leak of 32 byte(s) in 1 object(s) allocated from: #0 0x7f4f47b43d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f4f4753c0a8 in qcalloc lib/memory.c:105 #2 0x7f4f47559526 in nexthop_group_new lib/nexthop_group.c:270 FRRouting#3 0x562ded6a39d4 in zebra_add_import_table_entry zebra/redistribute.c:681 FRRouting#4 0x562ded787c35 in rib_link zebra/zebra_rib.c:3972 FRRouting#5 0x562ded787c35 in rib_addnode zebra/zebra_rib.c:3993 FRRouting#6 0x562ded787c35 in process_subq_early_route_add zebra/zebra_rib.c:2860 FRRouting#7 0x562ded787c35 in process_subq_early_route zebra/zebra_rib.c:3138 FRRouting#8 0x562ded787c35 in process_subq zebra/zebra_rib.c:3178 FRRouting#9 0x562ded787c35 in meta_queue_process zebra/zebra_rib.c:3228 FRRouting#10 0x7f4f475f7118 in work_queue_run lib/workqueue.c:266 FRRouting#11 0x7f4f475dc7f2 in event_call lib/event.c:1969 FRRouting#12 0x7f4f4751f347 in frr_run lib/libfrr.c:1213 FRRouting#13 0x562ded69e818 in main zebra/main.c:486 FRRouting#14 0x7f4f468ffc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 152 byte(s) in 1 object(s) allocated from: #0 0x7f4f47b43d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f4f4753c0a8 in qcalloc lib/memory.c:105 #2 0x7f4f475510ad in nexthop_new lib/nexthop.c:376 FRRouting#3 0x7f4f475539c5 in nexthop_dup lib/nexthop.c:914 FRRouting#4 0x7f4f4755b27a in copy_nexthops lib/nexthop_group.c:444 FRRouting#5 0x562ded6a3a1c in zebra_add_import_table_entry zebra/redistribute.c:682 FRRouting#6 0x562ded787c35 in rib_link zebra/zebra_rib.c:3972 FRRouting#7 0x562ded787c35 in rib_addnode zebra/zebra_rib.c:3993 FRRouting#8 0x562ded787c35 in process_subq_early_route_add zebra/zebra_rib.c:2860 FRRouting#9 0x562ded787c35 in process_subq_early_route zebra/zebra_rib.c:3138 FRRouting#10 0x562ded787c35 in process_subq zebra/zebra_rib.c:3178 FRRouting#11 0x562ded787c35 in meta_queue_process zebra/zebra_rib.c:3228 FRRouting#12 0x7f4f475f7118 in work_queue_run lib/workqueue.c:266 FRRouting#13 0x7f4f475dc7f2 in event_call lib/event.c:1969 FRRouting#14 0x7f4f4751f347 in frr_run lib/libfrr.c:1213 FRRouting#15 0x562ded69e818 in main zebra/main.c:486 FRRouting#16 0x7f4f468ffc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) SUMMARY: AddressSanitizer: 184 byte(s) leaked in 2 allocation(s). *********************************************************************************** ``` Signed-off-by: Keelan Cannoo <[email protected]>

- Addressed memory leak by removing `&c->peer_notifier` from the notifier list on termination. Retaining it caused the notifier list to stay active, preventing the deletion of `c->cur.peer` thereby causing a memory leak. - Reordered termination steps to call `vrf_terminate` before `nhrp_vc_terminate`, preventing a heap-use-after-free issue when `nhrp_vc_notify_del` is invoked in `nhrp_peer_check_delete`. - Added an if statement to avoid passing NULL as hash to `hash_release`, which leads to a SIGSEGV. The ASan leak log for reference: ``` *********************************************************************************** Address Sanitizer Error detected in nhrp_topo.test_nhrp_topo/r1.asan.nhrpd.20265 ================================================================= ==20265==ERROR: LeakSanitizer: detected memory leaks Direct leak of 112 byte(s) in 1 object(s) allocated from: #0 0x7f80270c9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f8026ac1eb8 in qmalloc lib/memory.c:100 #2 0x560fd648f0a6 in nhrp_peer_create nhrpd/nhrp_peer.c:175 FRRouting#3 0x7f8026a88d3f in hash_get lib/hash.c:147 FRRouting#4 0x560fd6490a5d in nhrp_peer_get nhrpd/nhrp_peer.c:228 FRRouting#5 0x560fd648a51a in nhrp_nhs_resolve_cb nhrpd/nhrp_nhs.c:297 FRRouting#6 0x7f80266b000f in resolver_cb_literal lib/resolver.c:234 FRRouting#7 0x7f8026b62e0e in event_call lib/event.c:1969 FRRouting#8 0x7f8026aa5437 in frr_run lib/libfrr.c:1213 FRRouting#9 0x560fd6488b4f in main nhrpd/nhrp_main.c:166 FRRouting#10 0x7f8025eb2c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) SUMMARY: AddressSanitizer: 112 byte(s) leaked in 1 allocation(s). *********************************************************************************** *********************************************************************************** Address Sanitizer Error detected in nhrp_topo.test_nhrp_topo/r2.asan.nhrpd.20400 ================================================================= ==20400==ERROR: LeakSanitizer: detected memory leaks Direct leak of 112 byte(s) in 1 object(s) allocated from: #0 0x7fb6e3ca5b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7fb6e369deb8 in qmalloc lib/memory.c:100 #2 0x562652de40a6 in nhrp_peer_create nhrpd/nhrp_peer.c:175 FRRouting#3 0x7fb6e3664d3f in hash_get lib/hash.c:147 FRRouting#4 0x562652de5a5d in nhrp_peer_get nhrpd/nhrp_peer.c:228 FRRouting#5 0x562652de1e8e in nhrp_packet_recvraw nhrpd/nhrp_packet.c:325 FRRouting#6 0x7fb6e373ee0e in event_call lib/event.c:1969 FRRouting#7 0x7fb6e3681437 in frr_run lib/libfrr.c:1213 FRRouting#8 0x562652dddb4f in main nhrpd/nhrp_main.c:166 FRRouting#9 0x7fb6e2a8ec86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) SUMMARY: AddressSanitizer: 112 byte(s) leaked in 1 allocation(s). *********************************************************************************** ``` Signed-off-by: Keelan Cannoo <[email protected]>

The shallow copy of attr wasn't freed when there was no valid label for the momentand the function return therefore creating leaks. The leak below are solved by flushing the shallow copy of attr. Address Sanitizer Error detected in bgp_vpnv6_per_nexthop_label.test_bgp_vpnv6_per_nexthop_label/r1.asan.bgpd.13409 ================================================================= ==13409==ERROR: LeakSanitizer: detected memory leaks Direct leak of 280 byte(s) in 7 object(s) allocated from: #0 0x7f62cd0c9d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f62ccac21c3 in qcalloc lib/memory.c:105 #2 0x5623b8810dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252 FRRouting#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 FRRouting#4 0x5623b88c13b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005 FRRouting#5 0x5623b89beabc in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287 FRRouting#6 0x5623b89beabc in af_label_vpn_export_allocation_mode_magic bgpd/bgp_vty.c:9464 FRRouting#7 0x5623b89beabc in af_label_vpn_export_allocation_mode bgpd/bgp_vty_clippy.c:2809 FRRouting#8 0x7f62cca45511 in cmd_execute_command_real lib/command.c:978 FRRouting#9 0x7f62cca459d5 in cmd_execute_command lib/command.c:1036 FRRouting#10 0x7f62cca45e54 in cmd_execute lib/command.c:1203 FRRouting#11 0x7f62ccb6ee20 in vty_command lib/vty.c:591 FRRouting#12 0x7f62ccb6f2cb in vty_execute lib/vty.c:1354 FRRouting#13 0x7f62ccb77b95 in vtysh_read lib/vty.c:2362 FRRouting#14 0x7f62ccb62b8f in event_call lib/event.c:1969 FRRouting#15 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213 FRRouting#16 0x5623b87e054b in main bgpd/bgp_main.c:510 FRRouting#17 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 280 byte(s) in 7 object(s) allocated from: #0 0x7f62cd0c9d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f62ccac21c3 in qcalloc lib/memory.c:105 #2 0x5623b8810dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252 FRRouting#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 FRRouting#4 0x5623b892e86d in bgp_update bgpd/bgp_route.c:4969 FRRouting#5 0x5623b893134d in bgp_nlri_parse_ip bgpd/bgp_route.c:6213 FRRouting#6 0x5623b88e2a0e in bgp_nlri_parse bgpd/bgp_packet.c:341 FRRouting#7 0x5623b88e4f7c in bgp_update_receive bgpd/bgp_packet.c:2220 FRRouting#8 0x5623b88f0474 in bgp_process_packet bgpd/bgp_packet.c:3386 FRRouting#9 0x7f62ccb62b8f in event_call lib/event.c:1969 FRRouting#10 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213 FRRouting#11 0x5623b87e054b in main bgpd/bgp_main.c:510 FRRouting#12 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 280 byte(s) in 7 object(s) allocated from: #0 0x7f62cd0c9d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f62ccac21c3 in qcalloc lib/memory.c:105 #2 0x5623b8810dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252 FRRouting#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 FRRouting#4 0x5623b88c13b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005 FRRouting#5 0x5623b89bdebb in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287 FRRouting#6 0x5623b89bdebb in af_label_vpn_export_magic bgpd/bgp_vty.c:9547 FRRouting#7 0x5623b89bdebb in af_label_vpn_export bgpd/bgp_vty_clippy.c:2868 FRRouting#8 0x7f62cca45511 in cmd_execute_command_real lib/command.c:978 FRRouting#9 0x7f62cca459d5 in cmd_execute_command lib/command.c:1036 FRRouting#10 0x7f62cca45e54 in cmd_execute lib/command.c:1203 FRRouting#11 0x7f62ccb6ee20 in vty_command lib/vty.c:591 FRRouting#12 0x7f62ccb6f2cb in vty_execute lib/vty.c:1354 FRRouting#13 0x7f62ccb77b95 in vtysh_read lib/vty.c:2362 FRRouting#14 0x7f62ccb62b8f in event_call lib/event.c:1969 FRRouting#15 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213 FRRouting#16 0x5623b87e054b in main bgpd/bgp_main.c:510 FRRouting#17 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 240 byte(s) in 6 object(s) allocated from: #0 0x7f62cd0c9d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f62ccac21c3 in qcalloc lib/memory.c:105 #2 0x5623b8810dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252 FRRouting#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 FRRouting#4 0x5623b88dc289 in evaluate_paths bgpd/bgp_nht.c:1384 FRRouting#5 0x5623b88ddb0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733 FRRouting#6 0x5623b88de027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934 FRRouting#7 0x5623b8a03163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104 FRRouting#8 0x7f62ccb92d8a in zclient_read lib/zclient.c:4425 FRRouting#9 0x7f62ccb62b8f in event_call lib/event.c:1969 FRRouting#10 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213 FRRouting#11 0x5623b87e054b in main bgpd/bgp_main.c:510 FRRouting#12 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 120 byte(s) in 3 object(s) allocated from: #0 0x7f62cd0c9d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f62ccac21c3 in qcalloc lib/memory.c:105 #2 0x5623b8810dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252 FRRouting#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 FRRouting#4 0x5623b893a406 in bgp_redistribute_add bgpd/bgp_route.c:8692 FRRouting#5 0x5623b8a02b3b in zebra_read_route bgpd/bgp_zebra.c:595 FRRouting#6 0x7f62ccb92d8a in zclient_read lib/zclient.c:4425 FRRouting#7 0x7f62ccb62b8f in event_call lib/event.c:1969 FRRouting#8 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213 FRRouting#9 0x5623b87e054b in main bgpd/bgp_main.c:510 FRRouting#10 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 80 byte(s) in 2 object(s) allocated from: #0 0x7f62cd0c9d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f62ccac21c3 in qcalloc lib/memory.c:105 #2 0x5623b8810dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252 FRRouting#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 FRRouting#4 0x5623b88dc188 in evaluate_paths bgpd/bgp_nht.c:1348 FRRouting#5 0x5623b88ddb0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733 FRRouting#6 0x5623b88de027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934 FRRouting#7 0x5623b8a03163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104 FRRouting#8 0x7f62ccb92d8a in zclient_read lib/zclient.c:4425 FRRouting#9 0x7f62ccb62b8f in event_call lib/event.c:1969 FRRouting#10 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213 FRRouting#11 0x5623b87e054b in main bgpd/bgp_main.c:510 FRRouting#12 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 56 byte(s) in 7 object(s) allocated from: #0 0x7f62cd0c9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f62ccac1ee3 in qmalloc lib/memory.c:100 #2 0x5623b8810eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256 FRRouting#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 FRRouting#4 0x5623b88c13b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005 FRRouting#5 0x5623b89beabc in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287 FRRouting#6 0x5623b89beabc in af_label_vpn_export_allocation_mode_magic bgpd/bgp_vty.c:9464 FRRouting#7 0x5623b89beabc in af_label_vpn_export_allocation_mode bgpd/bgp_vty_clippy.c:2809 FRRouting#8 0x7f62cca45511 in cmd_execute_command_real lib/command.c:978 FRRouting#9 0x7f62cca459d5 in cmd_execute_command lib/command.c:1036 FRRouting#10 0x7f62cca45e54 in cmd_execute lib/command.c:1203 FRRouting#11 0x7f62ccb6ee20 in vty_command lib/vty.c:591 FRRouting#12 0x7f62ccb6f2cb in vty_execute lib/vty.c:1354 FRRouting#13 0x7f62ccb77b95 in vtysh_read lib/vty.c:2362 FRRouting#14 0x7f62ccb62b8f in event_call lib/event.c:1969 FRRouting#15 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213 FRRouting#16 0x5623b87e054b in main bgpd/bgp_main.c:510 FRRouting#17 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 56 byte(s) in 7 object(s) allocated from: #0 0x7f62cd0c9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f62ccac1ee3 in qmalloc lib/memory.c:100 #2 0x5623b8810eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256 FRRouting#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 FRRouting#4 0x5623b892e86d in bgp_update bgpd/bgp_route.c:4969 FRRouting#5 0x5623b893134d in bgp_nlri_parse_ip bgpd/bgp_route.c:6213 FRRouting#6 0x5623b88e2a0e in bgp_nlri_parse bgpd/bgp_packet.c:341 FRRouting#7 0x5623b88e4f7c in bgp_update_receive bgpd/bgp_packet.c:2220 FRRouting#8 0x5623b88f0474 in bgp_process_packet bgpd/bgp_packet.c:3386 FRRouting#9 0x7f62ccb62b8f in event_call lib/event.c:1969 FRRouting#10 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213 FRRouting#11 0x5623b87e054b in main bgpd/bgp_main.c:510 FRRouting#12 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 56 byte(s) in 7 object(s) allocated from: #0 0x7f62cd0c9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f62ccac1ee3 in qmalloc lib/memory.c:100 #2 0x5623b8810eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256 FRRouting#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 FRRouting#4 0x5623b88c13b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005 FRRouting#5 0x5623b89bdebb in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287 FRRouting#6 0x5623b89bdebb in af_label_vpn_export_magic bgpd/bgp_vty.c:9547 FRRouting#7 0x5623b89bdebb in af_label_vpn_export bgpd/bgp_vty_clippy.c:2868 FRRouting#8 0x7f62cca45511 in cmd_execute_command_real lib/command.c:978 FRRouting#9 0x7f62cca459d5 in cmd_execute_command lib/command.c:1036 FRRouting#10 0x7f62cca45e54 in cmd_execute lib/command.c:1203 FRRouting#11 0x7f62ccb6ee20 in vty_command lib/vty.c:591 FRRouting#12 0x7f62ccb6f2cb in vty_execute lib/vty.c:1354 FRRouting#13 0x7f62ccb77b95 in vtysh_read lib/vty.c:2362 FRRouting#14 0x7f62ccb62b8f in event_call lib/event.c:1969 FRRouting#15 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213 FRRouting#16 0x5623b87e054b in main bgpd/bgp_main.c:510 FRRouting#17 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 48 byte(s) in 6 object(s) allocated from: #0 0x7f62cd0c9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f62ccac1ee3 in qmalloc lib/memory.c:100 #2 0x5623b8810eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256 FRRouting#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 FRRouting#4 0x5623b88dc289 in evaluate_paths bgpd/bgp_nht.c:1384 FRRouting#5 0x5623b88ddb0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733 FRRouting#6 0x5623b88de027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934 FRRouting#7 0x5623b8a03163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104 FRRouting#8 0x7f62ccb92d8a in zclient_read lib/zclient.c:4425 FRRouting#9 0x7f62ccb62b8f in event_call lib/event.c:1969 FRRouting#10 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213 FRRouting#11 0x5623b87e054b in main bgpd/bgp_main.c:510 FRRouting#12 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 24 byte(s) in 3 object(s) allocated from: #0 0x7f62cd0c9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f62ccac1ee3 in qmalloc lib/memory.c:100 #2 0x5623b8810eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256 FRRouting#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 FRRouting#4 0x5623b893a406 in bgp_redistribute_add bgpd/bgp_route.c:8692 FRRouting#5 0x5623b8a02b3b in zebra_read_route bgpd/bgp_zebra.c:595 FRRouting#6 0x7f62ccb92d8a in zclient_read lib/zclient.c:4425 FRRouting#7 0x7f62ccb62b8f in event_call lib/event.c:1969 FRRouting#8 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213 FRRouting#9 0x5623b87e054b in main bgpd/bgp_main.c:510 FRRouting#10 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 16 byte(s) in 2 object(s) allocated from: #0 0x7f62cd0c9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f62ccac1ee3 in qmalloc lib/memory.c:100 #2 0x5623b8810eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256 FRRouting#3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 FRRouting#4 0x5623b88dc188 in evaluate_paths bgpd/bgp_nht.c:1348 FRRouting#5 0x5623b88ddb0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733 FRRouting#6 0x5623b88de027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934 FRRouting#7 0x5623b8a03163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104 FRRouting#8 0x7f62ccb92d8a in zclient_read lib/zclient.c:4425 FRRouting#9 0x7f62ccb62b8f in event_call lib/event.c:1969 FRRouting#10 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213 FRRouting#11 0x5623b87e054b in main bgpd/bgp_main.c:510 FRRouting#12 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) SUMMARY: AddressSanitizer: 1536 byte(s) leaked in 64 allocation(s). *********************************************************************************** Address Sanitizer Error detected in bgp_vpnv4_per_nexthop_label.test_bgp_vpnv4_per_nexthop_label/r1.asan.bgpd.10610 ================================================================= ==10610==ERROR: LeakSanitizer: detected memory leaks Direct leak of 280 byte(s) in 7 object(s) allocated from: #0 0x7f81fc562d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f81fbf5b1c3 in qcalloc lib/memory.c:105 #2 0x55cdc9b28dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252 FRRouting#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 FRRouting#4 0x55cdc9c4686d in bgp_update bgpd/bgp_route.c:4969 FRRouting#5 0x55cdc9c4934d in bgp_nlri_parse_ip bgpd/bgp_route.c:6213 FRRouting#6 0x55cdc9bfaa0e in bgp_nlri_parse bgpd/bgp_packet.c:341 FRRouting#7 0x55cdc9bfcf7c in bgp_update_receive bgpd/bgp_packet.c:2220 FRRouting#8 0x55cdc9c08474 in bgp_process_packet bgpd/bgp_packet.c:3386 FRRouting#9 0x7f81fbffbb8f in event_call lib/event.c:1969 FRRouting#10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213 FRRouting#11 0x55cdc9af854b in main bgpd/bgp_main.c:510 FRRouting#12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 280 byte(s) in 7 object(s) allocated from: #0 0x7f81fc562d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f81fbf5b1c3 in qcalloc lib/memory.c:105 #2 0x55cdc9b28dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252 FRRouting#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 FRRouting#4 0x55cdc9bd93b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005 FRRouting#5 0x55cdc9cd6abc in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287 FRRouting#6 0x55cdc9cd6abc in af_label_vpn_export_allocation_mode_magic bgpd/bgp_vty.c:9464 FRRouting#7 0x55cdc9cd6abc in af_label_vpn_export_allocation_mode bgpd/bgp_vty_clippy.c:2809 FRRouting#8 0x7f81fbede511 in cmd_execute_command_real lib/command.c:978 FRRouting#9 0x7f81fbede9d5 in cmd_execute_command lib/command.c:1036 FRRouting#10 0x7f81fbedee54 in cmd_execute lib/command.c:1203 FRRouting#11 0x7f81fc007e20 in vty_command lib/vty.c:591 FRRouting#12 0x7f81fc0082cb in vty_execute lib/vty.c:1354 FRRouting#13 0x7f81fc010b95 in vtysh_read lib/vty.c:2362 FRRouting#14 0x7f81fbffbb8f in event_call lib/event.c:1969 FRRouting#15 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213 FRRouting#16 0x55cdc9af854b in main bgpd/bgp_main.c:510 FRRouting#17 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 280 byte(s) in 7 object(s) allocated from: #0 0x7f81fc562d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f81fbf5b1c3 in qcalloc lib/memory.c:105 #2 0x55cdc9b28dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252 FRRouting#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 FRRouting#4 0x55cdc9bd93b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005 FRRouting#5 0x55cdc9cd5ebb in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287 FRRouting#6 0x55cdc9cd5ebb in af_label_vpn_export_magic bgpd/bgp_vty.c:9547 FRRouting#7 0x55cdc9cd5ebb in af_label_vpn_export bgpd/bgp_vty_clippy.c:2868 FRRouting#8 0x7f81fbede511 in cmd_execute_command_real lib/command.c:978 FRRouting#9 0x7f81fbede9d5 in cmd_execute_command lib/command.c:1036 FRRouting#10 0x7f81fbedee54 in cmd_execute lib/command.c:1203 FRRouting#11 0x7f81fc007e20 in vty_command lib/vty.c:591 FRRouting#12 0x7f81fc0082cb in vty_execute lib/vty.c:1354 FRRouting#13 0x7f81fc010b95 in vtysh_read lib/vty.c:2362 FRRouting#14 0x7f81fbffbb8f in event_call lib/event.c:1969 FRRouting#15 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213 FRRouting#16 0x55cdc9af854b in main bgpd/bgp_main.c:510 FRRouting#17 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 240 byte(s) in 6 object(s) allocated from: #0 0x7f81fc562d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f81fbf5b1c3 in qcalloc lib/memory.c:105 #2 0x55cdc9b28dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252 FRRouting#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 FRRouting#4 0x55cdc9bf4289 in evaluate_paths bgpd/bgp_nht.c:1384 FRRouting#5 0x55cdc9bf5b0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733 FRRouting#6 0x55cdc9bf6027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934 FRRouting#7 0x55cdc9d1b163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104 FRRouting#8 0x7f81fc02bd8a in zclient_read lib/zclient.c:4425 FRRouting#9 0x7f81fbffbb8f in event_call lib/event.c:1969 FRRouting#10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213 FRRouting#11 0x55cdc9af854b in main bgpd/bgp_main.c:510 FRRouting#12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 80 byte(s) in 2 object(s) allocated from: #0 0x7f81fc562d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f81fbf5b1c3 in qcalloc lib/memory.c:105 #2 0x55cdc9b28dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252 FRRouting#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 FRRouting#4 0x55cdc9bf4188 in evaluate_paths bgpd/bgp_nht.c:1348 FRRouting#5 0x55cdc9bf5b0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733 FRRouting#6 0x55cdc9bf6027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934 FRRouting#7 0x55cdc9d1b163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104 FRRouting#8 0x7f81fc02bd8a in zclient_read lib/zclient.c:4425 FRRouting#9 0x7f81fbffbb8f in event_call lib/event.c:1969 FRRouting#10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213 FRRouting#11 0x55cdc9af854b in main bgpd/bgp_main.c:510 FRRouting#12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 80 byte(s) in 2 object(s) allocated from: #0 0x7f81fc562d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f81fbf5b1c3 in qcalloc lib/memory.c:105 #2 0x55cdc9b28dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252 FRRouting#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 FRRouting#4 0x55cdc9bd93b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005 FRRouting#5 0x55cdc9bdafd5 in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287 FRRouting#6 0x55cdc9bdafd5 in vpn_leak_label_callback bgpd/bgp_mplsvpn.c:581 FRRouting#7 0x55cdc9bb2606 in lp_cbq_docallback bgpd/bgp_labelpool.c:118 FRRouting#8 0x7f81fc0164b5 in work_queue_run lib/workqueue.c:266 FRRouting#9 0x7f81fbffbb8f in event_call lib/event.c:1969 FRRouting#10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213 FRRouting#11 0x55cdc9af854b in main bgpd/bgp_main.c:510 FRRouting#12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 40 byte(s) in 1 object(s) allocated from: #0 0x7f81fc562d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f81fbf5b1c3 in qcalloc lib/memory.c:105 #2 0x55cdc9b28dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252 FRRouting#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 FRRouting#4 0x55cdc9c52406 in bgp_redistribute_add bgpd/bgp_route.c:8692 FRRouting#5 0x55cdc9d1ab3b in zebra_read_route bgpd/bgp_zebra.c:595 FRRouting#6 0x7f81fc02bd8a in zclient_read lib/zclient.c:4425 FRRouting#7 0x7f81fbffbb8f in event_call lib/event.c:1969 FRRouting#8 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213 FRRouting#9 0x55cdc9af854b in main bgpd/bgp_main.c:510 FRRouting#10 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 56 byte(s) in 7 object(s) allocated from: #0 0x7f81fc562b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f81fbf5aee3 in qmalloc lib/memory.c:100 #2 0x55cdc9b28eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256 FRRouting#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 FRRouting#4 0x55cdc9bd93b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005 FRRouting#5 0x55cdc9cd6abc in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287 FRRouting#6 0x55cdc9cd6abc in af_label_vpn_export_allocation_mode_magic bgpd/bgp_vty.c:9464 FRRouting#7 0x55cdc9cd6abc in af_label_vpn_export_allocation_mode bgpd/bgp_vty_clippy.c:2809 FRRouting#8 0x7f81fbede511 in cmd_execute_command_real lib/command.c:978 FRRouting#9 0x7f81fbede9d5 in cmd_execute_command lib/command.c:1036 FRRouting#10 0x7f81fbedee54 in cmd_execute lib/command.c:1203 FRRouting#11 0x7f81fc007e20 in vty_command lib/vty.c:591 FRRouting#12 0x7f81fc0082cb in vty_execute lib/vty.c:1354 FRRouting#13 0x7f81fc010b95 in vtysh_read lib/vty.c:2362 FRRouting#14 0x7f81fbffbb8f in event_call lib/event.c:1969 FRRouting#15 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213 FRRouting#16 0x55cdc9af854b in main bgpd/bgp_main.c:510 FRRouting#17 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 56 byte(s) in 7 object(s) allocated from: #0 0x7f81fc562b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f81fbf5aee3 in qmalloc lib/memory.c:100 #2 0x55cdc9b28eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256 FRRouting#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 FRRouting#4 0x55cdc9bd93b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005 FRRouting#5 0x55cdc9cd5ebb in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287 FRRouting#6 0x55cdc9cd5ebb in af_label_vpn_export_magic bgpd/bgp_vty.c:9547 FRRouting#7 0x55cdc9cd5ebb in af_label_vpn_export bgpd/bgp_vty_clippy.c:2868 FRRouting#8 0x7f81fbede511 in cmd_execute_command_real lib/command.c:978 FRRouting#9 0x7f81fbede9d5 in cmd_execute_command lib/command.c:1036 FRRouting#10 0x7f81fbedee54 in cmd_execute lib/command.c:1203 FRRouting#11 0x7f81fc007e20 in vty_command lib/vty.c:591 FRRouting#12 0x7f81fc0082cb in vty_execute lib/vty.c:1354 FRRouting#13 0x7f81fc010b95 in vtysh_read lib/vty.c:2362 FRRouting#14 0x7f81fbffbb8f in event_call lib/event.c:1969 FRRouting#15 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213 FRRouting#16 0x55cdc9af854b in main bgpd/bgp_main.c:510 FRRouting#17 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 56 byte(s) in 7 object(s) allocated from: #0 0x7f81fc562b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f81fbf5aee3 in qmalloc lib/memory.c:100 #2 0x55cdc9b28eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256 FRRouting#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 FRRouting#4 0x55cdc9c4686d in bgp_update bgpd/bgp_route.c:4969 FRRouting#5 0x55cdc9c4934d in bgp_nlri_parse_ip bgpd/bgp_route.c:6213 FRRouting#6 0x55cdc9bfaa0e in bgp_nlri_parse bgpd/bgp_packet.c:341 FRRouting#7 0x55cdc9bfcf7c in bgp_update_receive bgpd/bgp_packet.c:2220 FRRouting#8 0x55cdc9c08474 in bgp_process_packet bgpd/bgp_packet.c:3386 FRRouting#9 0x7f81fbffbb8f in event_call lib/event.c:1969 FRRouting#10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213 FRRouting#11 0x55cdc9af854b in main bgpd/bgp_main.c:510 FRRouting#12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 48 byte(s) in 6 object(s) allocated from: #0 0x7f81fc562b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f81fbf5aee3 in qmalloc lib/memory.c:100 #2 0x55cdc9b28eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256 FRRouting#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 FRRouting#4 0x55cdc9bf4289 in evaluate_paths bgpd/bgp_nht.c:1384 FRRouting#5 0x55cdc9bf5b0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733 FRRouting#6 0x55cdc9bf6027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934 FRRouting#7 0x55cdc9d1b163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104 FRRouting#8 0x7f81fc02bd8a in zclient_read lib/zclient.c:4425 FRRouting#9 0x7f81fbffbb8f in event_call lib/event.c:1969 FRRouting#10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213 FRRouting#11 0x55cdc9af854b in main bgpd/bgp_main.c:510 FRRouting#12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 16 byte(s) in 2 object(s) allocated from: #0 0x7f81fc562b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f81fbf5aee3 in qmalloc lib/memory.c:100 #2 0x55cdc9b28eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256 FRRouting#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 FRRouting#4 0x55cdc9bf4188 in evaluate_paths bgpd/bgp_nht.c:1348 FRRouting#5 0x55cdc9bf5b0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733 FRRouting#6 0x55cdc9bf6027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934 FRRouting#7 0x55cdc9d1b163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104 FRRouting#8 0x7f81fc02bd8a in zclient_read lib/zclient.c:4425 FRRouting#9 0x7f81fbffbb8f in event_call lib/event.c:1969 FRRouting#10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213 FRRouting#11 0x55cdc9af854b in main bgpd/bgp_main.c:510 FRRouting#12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 16 byte(s) in 2 object(s) allocated from: #0 0x7f81fc562b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f81fbf5aee3 in qmalloc lib/memory.c:100 #2 0x55cdc9b28eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256 FRRouting#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 FRRouting#4 0x55cdc9bd93b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005 FRRouting#5 0x55cdc9bdafd5 in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287 FRRouting#6 0x55cdc9bdafd5 in vpn_leak_label_callback bgpd/bgp_mplsvpn.c:581 FRRouting#7 0x55cdc9bb2606 in lp_cbq_docallback bgpd/bgp_labelpool.c:118 FRRouting#8 0x7f81fc0164b5 in work_queue_run lib/workqueue.c:266 FRRouting#9 0x7f81fbffbb8f in event_call lib/event.c:1969 FRRouting#10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213 FRRouting#11 0x55cdc9af854b in main bgpd/bgp_main.c:510 FRRouting#12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 8 byte(s) in 1 object(s) allocated from: #0 0x7f81fc562b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f81fbf5aee3 in qmalloc lib/memory.c:100 #2 0x55cdc9b28eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256 FRRouting#3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 FRRouting#4 0x55cdc9c52406 in bgp_redistribute_add bgpd/bgp_route.c:8692 FRRouting#5 0x55cdc9d1ab3b in zebra_read_route bgpd/bgp_zebra.c:595 FRRouting#6 0x7f81fc02bd8a in zclient_read lib/zclient.c:4425 FRRouting#7 0x7f81fbffbb8f in event_call lib/event.c:1969 FRRouting#8 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213 FRRouting#9 0x55cdc9af854b in main bgpd/bgp_main.c:510 FRRouting#10 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) SUMMARY: AddressSanitizer: 1536 byte(s) leaked in 64 allocation(s). *********************************************************************************** Signed-off-by: ryndia <[email protected]>

Problem Statement: =================== Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s) at 0x4975157: sendmsg (sendmsg.c:28) ==2263111== by 0x1413BE: pim_msg_send_frame (pim_pim.c:629) ==2263111== by 0x1413BE: pim_msg_send (pim_pim.c:743) ==2263111== by 0x1425DC: pim_register_send (pim_register.c:332) ==2263111== by 0x1427EE: pim_null_register_send (pim_register.c:443) ==2263111== by 0x14D228: pim_upstream_register_stop_timer (pim_upstream.c:1608) ==2263111== by 0x48CE6DF: thread_call (thread.c:1693) ==2263111== by 0x4899EFF: frr_run (libfrr.c:1068) ==2263111== by 0x11D035: main (pim6_main.c:190) ==2263111== Address 0x1ffeffdcb1 is on thread 1's stack ==2263111== in frame #2, created by pim_register_send (pim_register.c:273) ==2263111== Uninitialised value was created by a stack allocation ==2263111== at 0x142690: pim_null_register_send (pim_register.c:389) RCA: ==================== 1. All members of struct pim_msg_header were not initiliased while sending null register packet. Therefore when the pointers are assigned while sending the msg via sendmsg, it complains the pointer points to uninitialised byte. 2. struct ipv6_ph ph was also not initialised. Fix: ==================== Initialised all the members using memset. Signed-off-by: Mobashshera Rasool <[email protected]>

The function aspath_remove_private_asns was using an aspath to perform some operation and didnt free it after usage leading to the leak below. *********************************************************************************** Address Sanitizer Error detected in bgp_remove_private_as_route_map.test_bgp_remove_private_as_route_map/r2.asan.bgpd.27074 ================================================================= ==27074==ERROR: LeakSanitizer: detected memory leaks Direct leak of 80 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7fd0a45932ff in qcalloc lib/memory.c:105 #2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689 FRRouting#3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283 FRRouting#4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 FRRouting#5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 FRRouting#6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 FRRouting#7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 FRRouting#8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 FRRouting#9 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368 FRRouting#10 0x7fd0a463322a in event_call lib/event.c:1970 FRRouting#11 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 FRRouting#12 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 FRRouting#13 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 80 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7fd0a45932ff in qcalloc lib/memory.c:105 #2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689 FRRouting#3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283 FRRouting#4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 FRRouting#5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 FRRouting#6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 FRRouting#7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 FRRouting#8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 FRRouting#9 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685 FRRouting#10 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721 FRRouting#11 0x7fd0a455a7aa in hash_walk lib/hash.c:270 FRRouting#12 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062 FRRouting#13 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071 FRRouting#14 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769 FRRouting#15 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501 FRRouting#16 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683 FRRouting#17 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870 FRRouting#18 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695 FRRouting#19 0x7fd0a463322a in event_call lib/event.c:1970 FRRouting#20 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 FRRouting#21 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 FRRouting#22 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 64 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7fd0a459301f in qmalloc lib/memory.c:100 #2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551 FRRouting#3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659 FRRouting#4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484 FRRouting#5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289 FRRouting#6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 FRRouting#7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 FRRouting#8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 FRRouting#9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 FRRouting#10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 FRRouting#11 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368 FRRouting#12 0x7fd0a463322a in event_call lib/event.c:1970 FRRouting#13 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 FRRouting#14 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 FRRouting#15 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 64 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7fd0a459301f in qmalloc lib/memory.c:100 #2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551 FRRouting#3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659 FRRouting#4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484 FRRouting#5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289 FRRouting#6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 FRRouting#7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 FRRouting#8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 FRRouting#9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 FRRouting#10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 FRRouting#11 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685 FRRouting#12 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721 FRRouting#13 0x7fd0a455a7aa in hash_walk lib/hash.c:270 FRRouting#14 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062 FRRouting#15 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071 FRRouting#16 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769 FRRouting#17 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501 FRRouting#18 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683 FRRouting#19 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870 FRRouting#20 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695 FRRouting#21 0x7fd0a463322a in event_call lib/event.c:1970 FRRouting#22 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 FRRouting#23 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 FRRouting#24 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 48 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7fd0a45932ff in qcalloc lib/memory.c:105 #2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105 FRRouting#3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145 FRRouting#4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162 FRRouting#5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483 FRRouting#6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289 FRRouting#7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 FRRouting#8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 FRRouting#9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 FRRouting#10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 FRRouting#11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 FRRouting#12 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685 FRRouting#13 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721 FRRouting#14 0x7fd0a455a7aa in hash_walk lib/hash.c:270 FRRouting#15 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062 FRRouting#16 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071 FRRouting#17 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769 FRRouting#18 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501 FRRouting#19 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683 FRRouting#20 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870 FRRouting#21 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695 FRRouting#22 0x7fd0a463322a in event_call lib/event.c:1970 FRRouting#23 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 FRRouting#24 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 FRRouting#25 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 48 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7fd0a45932ff in qcalloc lib/memory.c:105 #2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105 FRRouting#3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145 FRRouting#4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162 FRRouting#5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483 FRRouting#6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289 FRRouting#7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 FRRouting#8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 FRRouting#9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 FRRouting#10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 FRRouting#11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 FRRouting#12 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368 FRRouting#13 0x7fd0a463322a in event_call lib/event.c:1970 FRRouting#14 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 FRRouting#15 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 FRRouting#16 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 16 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7fd0a459301f in qmalloc lib/memory.c:100 #2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83 FRRouting#3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108 FRRouting#4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145 FRRouting#5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162 FRRouting#6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483 FRRouting#7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289 FRRouting#8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 FRRouting#9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 FRRouting#10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 FRRouting#11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 FRRouting#12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 FRRouting#13 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368 FRRouting#14 0x7fd0a463322a in event_call lib/event.c:1970 FRRouting#15 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 FRRouting#16 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 FRRouting#17 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 16 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7fd0a459301f in qmalloc lib/memory.c:100 #2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83 FRRouting#3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108 FRRouting#4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145 FRRouting#5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162 FRRouting#6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483 FRRouting#7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289 FRRouting#8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 FRRouting#9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 FRRouting#10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 FRRouting#11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 FRRouting#12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 FRRouting#13 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685 FRRouting#14 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721 FRRouting#15 0x7fd0a455a7aa in hash_walk lib/hash.c:270 FRRouting#16 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062 FRRouting#17 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071 FRRouting#18 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769 FRRouting#19 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501 FRRouting#20 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683 FRRouting#21 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870 FRRouting#22 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695 FRRouting#23 0x7fd0a463322a in event_call lib/event.c:1970 FRRouting#24 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 FRRouting#25 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 FRRouting#26 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) SUMMARY: AddressSanitizer: 416 byte(s) leaked in 16 allocation(s). *********************************************************************************** Signed-off-by: ryndia <[email protected]>

Fix memory leaks by allocating `json_segs` conditionally on `nexthop->nh_srv6->seg6_segs`. The previous code allocated memory even when not in use or attached to the JSON tree. The ASan leak log for reference: ``` Direct leak of 3240 byte(s) in 45 object(s) allocated from: #0 0x7f6e84a35d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f6e83de9e6f in json_object_new_array (/lib/x86_64-linux-gnu/libjson-c.so.3+0x3e6f) #2 0x564dcab5c1a6 in vty_show_ip_route zebra/zebra_vty.c:705 FRRouting#3 0x564dcab5cc71 in do_show_route_helper zebra/zebra_vty.c:955 FRRouting#4 0x564dcab5d418 in do_show_ip_route zebra/zebra_vty.c:1039 FRRouting#5 0x564dcab63ee5 in show_route_magic zebra/zebra_vty.c:1878 FRRouting#6 0x564dcab63ee5 in show_route zebra/zebra_vty_clippy.c:659 FRRouting#7 0x7f6e843b6fb1 in cmd_execute_command_real lib/command.c:978 FRRouting#8 0x7f6e843b7475 in cmd_execute_command lib/command.c:1036 FRRouting#9 0x7f6e843b78f4 in cmd_execute lib/command.c:1203 FRRouting#10 0x7f6e844dfe3b in vty_command lib/vty.c:594 FRRouting#11 0x7f6e844e02e6 in vty_execute lib/vty.c:1357 FRRouting#12 0x7f6e844e8bb7 in vtysh_read lib/vty.c:2365 FRRouting#13 0x7f6e844d3b7a in event_call lib/event.c:1965 FRRouting#14 0x7f6e844172b0 in frr_run lib/libfrr.c:1214 FRRouting#15 0x564dcaa50e81 in main zebra/main.c:488 FRRouting#16 0x7f6e837f7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 11520 byte(s) in 45 object(s) allocated from: #0 0x7f6e84a35d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f6e83de88c0 in array_list_new (/lib/x86_64-linux-gnu/libjson-c.so.3+0x28c0) Indirect leak of 1080 byte(s) in 45 object(s) allocated from: #0 0x7f6e84a35d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f6e83de8897 in array_list_new (/lib/x86_64-linux-gnu/libjson-c.so.3+0x2897) ``` Signed-off-by: Keelan Cannoo <[email protected]> Signed-off-by: ryndia <[email protected]>

Implement a callback function for memory cleanup of sharp_nh_tracker. Specifically, set `sharp_nh_tracker_free` as the deletion function for the `sg.nhs` list. This ensures proper cleanup of resources when elements are removed. The ASan leak log for reference: ``` *********************************************************************************** Address Sanitizer Error detected in zebra_nht_resolution.test_verify_nh_resolution/r1.asan.sharpd.32320 ================================================================= ==32320==ERROR: LeakSanitizer: detected memory leaks Direct leak of 64 byte(s) in 1 object(s) allocated from: #0 0x7f4ee812ad28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f4ee7b291cc in qcalloc lib/memory.c:105 #2 0x5582be672011 in sharp_nh_tracker_get sharpd/sharp_nht.c:36 FRRouting#3 0x5582be680b42 in watch_nexthop_v4_magic sharpd/sharp_vty.c:139 FRRouting#4 0x5582be680b42 in watch_nexthop_v4 sharpd/sharp_vty_clippy.c:192 FRRouting#5 0x7f4ee7aac0b1 in cmd_execute_command_real lib/command.c:978 FRRouting#6 0x7f4ee7aac575 in cmd_execute_command lib/command.c:1036 FRRouting#7 0x7f4ee7aac9f4 in cmd_execute lib/command.c:1203 FRRouting#8 0x7f4ee7bd50bb in vty_command lib/vty.c:594 FRRouting#9 0x7f4ee7bd5566 in vty_execute lib/vty.c:1357 FRRouting#10 0x7f4ee7bdde37 in vtysh_read lib/vty.c:2365 FRRouting#11 0x7f4ee7bc8dfa in event_call lib/event.c:1965 FRRouting#12 0x7f4ee7b0c3bf in frr_run lib/libfrr.c:1214 FRRouting#13 0x5582be671252 in main sharpd/sharp_main.c:188 FRRouting#14 0x7f4ee6f1bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) SUMMARY: AddressSanitizer: 64 byte(s) leaked in 1 allocation(s). *********************************************************************************** ``` Signed-off-by: Keelan Cannoo <[email protected]>

Release memory allocated for the IPv4 address during the interface reset. The addition of `free(babel_ifp->ipv4)` ensures proper cleanup, preventing potential memory leaks. The ASan leak log for reference: ``` *********************************************************************************** Address Sanitizer Error detected in babel_topo1.test_babel_topo1/r2.asan.babeld.18864 ================================================================= ==18864==ERROR: LeakSanitizer: detected memory leaks Direct leak of 8 byte(s) in 2 object(s) allocated from: #0 0x7f3f4531bb40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x55c1806cb28d in babel_interface_address_add babeld/babel_interface.c:112 #2 0x7f3f44de9e29 in zclient_read lib/zclient.c:4425 FRRouting#3 0x7f3f44db9dfa in event_call lib/event.c:1965 FRRouting#4 0x7f3f44cfd3bf in frr_run lib/libfrr.c:1214 FRRouting#5 0x55c1806cc81b in main babeld/babel_main.c:202 FRRouting#6 0x7f3f4451fc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) SUMMARY: AddressSanitizer: 8 byte(s) leaked in 2 allocation(s). *********************************************************************************** ``` Signed-off-by: Keelan Cannoo <[email protected]>

Ensure proper memory cleanup by freeing the `babel_ifp->ipv4` when babel interface is deleted. This prevents memory leaks. The ASan leak log for reference: ``` *********************************************************************************** Address Sanitizer Error detected in all_protocol_startup.test_all_protocol_startup/r1.asan.babeld.4141 ================================================================= ==4141==ERROR: LeakSanitizer: detected memory leaks Direct leak of 40 byte(s) in 10 object(s) allocated from: #0 0x7f1cde6a9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x562b8eff328d in babel_interface_address_add babeld/babel_interface.c:112 #2 0x7f1cde1772cb in zclient_read lib/zclient.c:4425 FRRouting#3 0x7f1cde14729c in event_call lib/event.c:1980 FRRouting#4 0x7f1cde08a3bf in frr_run lib/libfrr.c:1214 FRRouting#5 0x562b8eff481b in main babeld/babel_main.c:202 FRRouting#6 0x7f1cdd8acc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) SUMMARY: AddressSanitizer: 40 byte(s) leaked in 10 allocation(s). *********************************************************************************** ``` Signed-off-by: Keelan Cannoo <[email protected]>

Fix a crash because a use-after-free. > ================================================================= > ==1249835==ERROR: AddressSanitizer: heap-use-after-free on address 0x604000074210 at pc 0x7fa1b42a652c bp 0x7ffc477a2aa0 sp 0x7ffc477a2a98 > READ of size 8 at 0x604000074210 thread T0 > #0 0x7fa1b42a652b in list_delete_all_node git/frr/lib/linklist.c:299:20 > #1 0x7fa1b42a683f in list_delete git/frr/lib/linklist.c:312:2 > #2 0x5ee515 in dplane_ctx_free_internal git/frr/zebra/zebra_dplane.c:858:4 > FRRouting#3 0x5ee59c in dplane_ctx_free git/frr/zebra/zebra_dplane.c:884:2 > FRRouting#4 0x5ee544 in dplane_ctx_fini git/frr/zebra/zebra_dplane.c:905:2 > FRRouting#5 0x7045c0 in rib_process_dplane_results git/frr/zebra/zebra_rib.c:4928:4 > FRRouting#6 0x7fa1b4434fb2 in event_call git/frr/lib/event.c:1970:2 > FRRouting#7 0x7fa1b42a0ccf in frr_run git/frr/lib/libfrr.c:1213:3 > FRRouting#8 0x556808 in main git/frr/zebra/main.c:488:2 > FRRouting#9 0x7fa1b3d0bd09 in __libc_start_main csu/../csu/libc-start.c:308:16 > FRRouting#10 0x4453e9 in _start (/usr/lib/frr/zebra+0x4453e9) > > 0x604000074210 is located 0 bytes inside of 40-byte region [0x604000074210,0x604000074238) > freed by thread T0 here: > #0 0x4bf1dd in free (/usr/lib/frr/zebra+0x4bf1dd) > #1 0x7fa1b42df0c0 in qfree git/frr/lib/memory.c:130:2 > #2 0x7fa1b42a68ce in list_free_internal git/frr/lib/linklist.c:24:2 > FRRouting#3 0x7fa1b42a6870 in list_delete git/frr/lib/linklist.c:313:2 > FRRouting#4 0x5ee515 in dplane_ctx_free_internal git/frr/zebra/zebra_dplane.c:858:4 > FRRouting#5 0x5ee59c in dplane_ctx_free git/frr/zebra/zebra_dplane.c:884:2 > FRRouting#6 0x5ee544 in dplane_ctx_fini git/frr/zebra/zebra_dplane.c:905:2 > FRRouting#7 0x7045c0 in rib_process_dplane_results git/frr/zebra/zebra_rib.c:4928:4 > FRRouting#8 0x7fa1b4434fb2 in event_call git/frr/lib/event.c:1970:2 > FRRouting#9 0x7fa1b42a0ccf in frr_run git/frr/lib/libfrr.c:1213:3 > FRRouting#10 0x556808 in main git/frr/zebra/main.c:488:2 > FRRouting#11 0x7fa1b3d0bd09 in __libc_start_main csu/../csu/libc-start.c:308:16 > > previously allocated by thread T0 here: > #0 0x4bf5d2 in calloc (/usr/lib/frr/zebra+0x4bf5d2) > #1 0x7fa1b42dee18 in qcalloc git/frr/lib/memory.c:105:27 > #2 0x7fa1b42a3784 in list_new git/frr/lib/linklist.c:18:9 > FRRouting#3 0x6d165f in pbr_iptable_alloc_intern git/frr/zebra/zebra_pbr.c:1015:29 > FRRouting#4 0x7fa1b426ad1f in hash_get git/frr/lib/hash.c:147:13 > FRRouting#5 0x6d15f2 in zebra_pbr_add_iptable git/frr/zebra/zebra_pbr.c:1030:13 > FRRouting#6 0x5db2a3 in zread_iptable git/frr/zebra/zapi_msg.c:3759:3 > FRRouting#7 0x5e365d in zserv_handle_commands git/frr/zebra/zapi_msg.c:4039:3 > FRRouting#8 0x7e09fc in zserv_process_messages git/frr/zebra/zserv.c:520:3 > FRRouting#9 0x7fa1b4434fb2 in event_call git/frr/lib/event.c:1970:2 > FRRouting#10 0x7fa1b42a0ccf in frr_run git/frr/lib/libfrr.c:1213:3 > FRRouting#11 0x556808 in main git/frr/zebra/main.c:488:2 > FRRouting#12 0x7fa1b3d0bd09 in __libc_start_main csu/../csu/libc-start.c:308:16 Fixes: 1cc3806 ("zebra: Actually free all memory associated ctx->u.iptable.interface_name_list") Signed-off-by: Louis Scalbert <[email protected]>

Fix bgp_best_selection heap-use-after-free > ==2521540==ERROR: AddressSanitizer: heap-use-after-free on address 0x60d000032810 at pc 0x000000716f45 bp 0x7ffedc6229d0 sp 0x7ffedc6229c8 > READ of size 8 at 0x60d000032810 thread T0 > #0 0x716f44 in bgp_best_selection /home/lscalber/git/frr/bgpd/bgp_route.c:2834:5 > #1 0x71a05e in bgp_process_main_one /home/lscalber/git/frr/bgpd/bgp_route.c:3344:2 > #2 0x71c265 in bgp_process_wq /home/lscalber/git/frr/bgpd/bgp_route.c:3622:3 > FRRouting#3 0x7fe630a6669c in work_queue_run /home/lscalber/git/frr/lib/workqueue.c:282:10 > FRRouting#4 0x7fe630a294e2 in event_call /home/lscalber/git/frr/lib/event.c:1974:2 > FRRouting#5 0x7fe630898f3f in frr_run /home/lscalber/git/frr/lib/libfrr.c:1214:3 > FRRouting#6 0x4f4ace in main /home/lscalber/git/frr/bgpd/bgp_main.c:510:2 > FRRouting#7 0x7fe63018bd09 in __libc_start_main csu/../csu/libc-start.c:308:16 > FRRouting#8 0x449629 in _start (/usr/lib/frr/bgpd+0x449629) > > 0x60d000032810 is located 48 bytes inside of 144-byte region [0x60d0000327e0,0x60d000032870) > freed by thread T0 here: > #0 0x4c341d in free (/usr/lib/frr/bgpd+0x4c341d) > #1 0x7fe6308d7420 in qfree /home/lscalber/git/frr/lib/memory.c:130:2 > #2 0x702632 in bgp_path_info_free_with_caller /home/lscalber/git/frr/bgpd/bgp_route.c:300:2 > FRRouting#3 0x702023 in bgp_path_info_unlock /home/lscalber/git/frr/bgpd/bgp_route.c:315:3 > FRRouting#4 0x703bc6 in bgp_path_info_reap /home/lscalber/git/frr/bgpd/bgp_route.c:461:2 > FRRouting#5 0x716e5d in bgp_best_selection /home/lscalber/git/frr/bgpd/bgp_route.c:2829:12 > FRRouting#6 0x71a05e in bgp_process_main_one /home/lscalber/git/frr/bgpd/bgp_route.c:3344:2 > FRRouting#7 0x71c265 in bgp_process_wq /home/lscalber/git/frr/bgpd/bgp_route.c:3622:3 > FRRouting#8 0x7fe630a6669c in work_queue_run /home/lscalber/git/frr/lib/workqueue.c:282:10 > FRRouting#9 0x7fe630a294e2 in event_call /home/lscalber/git/frr/lib/event.c:1974:2 > FRRouting#10 0x7fe630898f3f in frr_run /home/lscalber/git/frr/lib/libfrr.c:1214:3 > FRRouting#11 0x4f4ace in main /home/lscalber/git/frr/bgpd/bgp_main.c:510:2 > FRRouting#12 0x7fe63018bd09 in __libc_start_main csu/../csu/libc-start.c:308:16 > > previously allocated by thread T0 here: > #0 0x4c3812 in calloc (/usr/lib/frr/bgpd+0x4c3812) > #1 0x7fe6308d7178 in qcalloc /home/lscalber/git/frr/lib/memory.c:105:27 > #2 0x71f5b4 in info_make /home/lscalber/git/frr/bgpd/bgp_route.c:3985:8 > FRRouting#3 0x725293 in bgp_update /home/lscalber/git/frr/bgpd/bgp_route.c:4881:8 > FRRouting#4 0x73083d in bgp_nlri_parse_ip /home/lscalber/git/frr/bgpd/bgp_route.c:6230:4 > FRRouting#5 0x6ba980 in bgp_nlri_parse /home/lscalber/git/frr/bgpd/bgp_packet.c:341:10 > FRRouting#6 0x6cca2a in bgp_update_receive /home/lscalber/git/frr/bgpd/bgp_packet.c:2412:15 > FRRouting#7 0x6c6788 in bgp_process_packet /home/lscalber/git/frr/bgpd/bgp_packet.c:3887:11 > FRRouting#8 0x7fe630a294e2 in event_call /home/lscalber/git/frr/lib/event.c:1974:2 > FRRouting#9 0x7fe630898f3f in frr_run /home/lscalber/git/frr/lib/libfrr.c:1214:3 > FRRouting#10 0x4f4ace in main /home/lscalber/git/frr/bgpd/bgp_main.c:510:2 > FRRouting#11 0x7fe63018bd09 in __libc_start_main csu/../csu/libc-start.c:308:16 Fixes: ddb5b48 ("bgpd: vpn-vrf route leaking") Signed-off-by: Louis Scalbert <[email protected]>

Release memory associated with `bgp->confed_peers` in the `bgp_free` function to ensure proper cleanup. This fix prevents memory leaks related to `confed_peers`. The ASan leak log for reference: ``` *********************************************************************************** Address Sanitizer Error detected in bgp_confederation_astype.test_bgp_confederation_astype/r2.asan.bgpd.15045 ================================================================= ==15045==ERROR: LeakSanitizer: detected memory leaks Direct leak of 16 byte(s) in 1 object(s) allocated from: #0 0x7f5666787b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f56661867c7 in qrealloc lib/memory.c:112 #2 0x55a3b4736a40 in bgp_confederation_peers_add bgpd/bgpd.c:681 FRRouting#3 0x55a3b46b3363 in bgp_confederation_peers bgpd/bgp_vty.c:2068 FRRouting#4 0x7f5666109021 in cmd_execute_command_real lib/command.c:978 FRRouting#5 0x7f5666109a52 in cmd_execute_command_strict lib/command.c:1087 FRRouting#6 0x7f5666109ab1 in command_config_read_one_line lib/command.c:1247 FRRouting#7 0x7f5666109d98 in config_from_file lib/command.c:1300 FRRouting#8 0x7f566623c6d0 in vty_read_file lib/vty.c:2614 FRRouting#9 0x7f566623c7fa in vty_read_config lib/vty.c:2860 FRRouting#10 0x7f56661682e4 in frr_config_read_in lib/libfrr.c:978 FRRouting#11 0x7f5666226034 in event_call lib/event.c:1974 FRRouting#12 0x7f566616942b in frr_run lib/libfrr.c:1214 FRRouting#13 0x55a3b44f319d in main bgpd/bgp_main.c:510 FRRouting#14 0x7f56651acc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 6 byte(s) in 1 object(s) allocated from: #0 0x7f5666720538 in strdup (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x77538) #1 0x7f5666186898 in qstrdup lib/memory.c:117 #2 0x55a3b4736adb in bgp_confederation_peers_add bgpd/bgpd.c:687 FRRouting#3 0x55a3b46b3363 in bgp_confederation_peers bgpd/bgp_vty.c:2068 FRRouting#4 0x7f5666109021 in cmd_execute_command_real lib/command.c:978 FRRouting#5 0x7f5666109a52 in cmd_execute_command_strict lib/command.c:1087 FRRouting#6 0x7f5666109ab1 in command_config_read_one_line lib/command.c:1247 FRRouting#7 0x7f5666109d98 in config_from_file lib/command.c:1300 FRRouting#8 0x7f566623c6d0 in vty_read_file lib/vty.c:2614 FRRouting#9 0x7f566623c7fa in vty_read_config lib/vty.c:2860 FRRouting#10 0x7f56661682e4 in frr_config_read_in lib/libfrr.c:978 FRRouting#11 0x7f5666226034 in event_call lib/event.c:1974 FRRouting#12 0x7f566616942b in frr_run lib/libfrr.c:1214 FRRouting#13 0x55a3b44f319d in main bgpd/bgp_main.c:510 FRRouting#14 0x7f56651acc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) *********************************************************************************** ``` Signed-off-by: Keelan Cannoo <[email protected]>

Configure hash table cleanup with specific free functions for `zrouter.filter_hash`, `zrouter.qdisc_hash`, and `zrouter.class_hash`. This ensures proper memory cleanup, addressing memory leaks. The ASan leak log for reference: ``` *********************************************************************************** Address Sanitizer Error detected in tc_basic.test_tc_basic/r1.asan.zebra.15495 ================================================================= ==15495==ERROR: LeakSanitizer: detected memory leaks Direct leak of 176 byte(s) in 1 object(s) allocated from: #0 0x7fd5660ffd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7fd565afe238 in qcalloc lib/memory.c:105 #2 0x5564521c6c9e in tc_filter_alloc_intern zebra/zebra_tc.c:389 FRRouting#3 0x7fd565ac49e8 in hash_get lib/hash.c:147 FRRouting#4 0x5564521c7c74 in zebra_tc_filter_add zebra/zebra_tc.c:409 FRRouting#5 0x55645210755a in zread_tc_filter zebra/zapi_msg.c:3428 FRRouting#6 0x5564521127c1 in zserv_handle_commands zebra/zapi_msg.c:4004 FRRouting#7 0x5564522208b2 in zserv_process_messages zebra/zserv.c:520 FRRouting#8 0x7fd565b9e034 in event_call lib/event.c:1974 FRRouting#9 0x7fd565ae142b in frr_run lib/libfrr.c:1214 FRRouting#10 0x5564520c14b1 in main zebra/main.c:492 FRRouting#11 0x7fd564ec2c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 40 byte(s) in 1 object(s) allocated from: #0 0x7fd5660ffd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7fd565afe238 in qcalloc lib/memory.c:105 #2 0x5564521c6c6e in tc_class_alloc_intern zebra/zebra_tc.c:239 FRRouting#3 0x7fd565ac49e8 in hash_get lib/hash.c:147 FRRouting#4 0x5564521c784f in zebra_tc_class_add zebra/zebra_tc.c:293 FRRouting#5 0x556452107ce5 in zread_tc_class zebra/zapi_msg.c:3315 FRRouting#6 0x5564521127c1 in zserv_handle_commands zebra/zapi_msg.c:4004 FRRouting#7 0x5564522208b2 in zserv_process_messages zebra/zserv.c:520 FRRouting#8 0x7fd565b9e034 in event_call lib/event.c:1974 FRRouting#9 0x7fd565ae142b in frr_run lib/libfrr.c:1214 FRRouting#10 0x5564520c14b1 in main zebra/main.c:492 FRRouting#11 0x7fd564ec2c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 12 byte(s) in 1 object(s) allocated from: #0 0x7fd5660ffd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7fd565afe238 in qcalloc lib/memory.c:105 #2 0x5564521c6c3e in tc_qdisc_alloc_intern zebra/zebra_tc.c:128 FRRouting#3 0x7fd565ac49e8 in hash_get lib/hash.c:147 FRRouting#4 0x5564521c753b in zebra_tc_qdisc_install zebra/zebra_tc.c:184 FRRouting#5 0x556452108203 in zread_tc_qdisc zebra/zapi_msg.c:3286 FRRouting#6 0x5564521127c1 in zserv_handle_commands zebra/zapi_msg.c:4004 FRRouting#7 0x5564522208b2 in zserv_process_messages zebra/zserv.c:520 FRRouting#8 0x7fd565b9e034 in event_call lib/event.c:1974 FRRouting#9 0x7fd565ae142b in frr_run lib/libfrr.c:1214 FRRouting#10 0x5564520c14b1 in main zebra/main.c:492 FRRouting#11 0x7fd564ec2c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) SUMMARY: AddressSanitizer: 228 byte(s) leaked in 3 allocation(s). *********************************************************************************** ``` Signed-off-by: Keelan Cannoo <[email protected]>

Implement proper memory cleanup for SRv6 functions and locator chunks to prevent potential memory leaks. The list callback deletion functions have been set. The ASan leak log for reference: ``` *********************************************************************************** Address Sanitizer Error detected in bgp_srv6l3vpn_to_bgp_vrf.test_bgp_srv6l3vpn_to_bgp_vrf/r2.asan.bgpd.4180 ================================================================= ==4180==ERROR: LeakSanitizer: detected memory leaks Direct leak of 544 byte(s) in 2 object(s) allocated from: #0 0x7f8d176a0d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f8d1709f238 in qcalloc lib/memory.c:105 #2 0x55d5dba6ee75 in sid_register bgpd/bgp_mplsvpn.c:591 FRRouting#3 0x55d5dba6ee75 in alloc_new_sid bgpd/bgp_mplsvpn.c:712 FRRouting#4 0x55d5dba6f3ce in ensure_vrf_tovpn_sid_per_af bgpd/bgp_mplsvpn.c:758 FRRouting#5 0x55d5dba6fb94 in ensure_vrf_tovpn_sid bgpd/bgp_mplsvpn.c:849 FRRouting#6 0x55d5dba7f975 in vpn_leak_postchange bgpd/bgp_mplsvpn.h:299 FRRouting#7 0x55d5dba7f975 in vpn_leak_postchange_all bgpd/bgp_mplsvpn.c:3704 FRRouting#8 0x55d5dbbb6c66 in bgp_zebra_process_srv6_locator_chunk bgpd/bgp_zebra.c:3164 FRRouting#9 0x7f8d1716f08a in zclient_read lib/zclient.c:4459 FRRouting#10 0x7f8d1713f034 in event_call lib/event.c:1974 FRRouting#11 0x7f8d1708242b in frr_run lib/libfrr.c:1214 FRRouting#12 0x55d5db99d19d in main bgpd/bgp_main.c:510 FRRouting#13 0x7f8d160c5c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 296 byte(s) in 1 object(s) allocated from: #0 0x7f8d176a0d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f8d1709f238 in qcalloc lib/memory.c:105 #2 0x7f8d170b1d5f in srv6_locator_chunk_alloc lib/srv6.c:135 FRRouting#3 0x55d5dbbb6a19 in bgp_zebra_process_srv6_locator_chunk bgpd/bgp_zebra.c:3144 FRRouting#4 0x7f8d1716f08a in zclient_read lib/zclient.c:4459 FRRouting#5 0x7f8d1713f034 in event_call lib/event.c:1974 FRRouting#6 0x7f8d1708242b in frr_run lib/libfrr.c:1214 FRRouting#7 0x55d5db99d19d in main bgpd/bgp_main.c:510 FRRouting#8 0x7f8d160c5c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) *********************************************************************************** ``` Signed-off-by: Keelan Cannoo <[email protected]>

1. Fix ospf opaque LSA function table memory leak. 2. Remove incorrect one-to-one association of OSPF info-per-type to function table (since there many be many). 3. Fix a problem with opaque AS external cleanup that was exposed by #2. 4. Fix LSA memory leak in ospf_opaque_type9_lsa_if_cleanup(). Signed-off-by: Acee <[email protected]>

Fix the following heap-use-after-free > ==82961==ERROR: AddressSanitizer: heap-use-after-free on address 0x6020001e4750 at pc 0x55a8cc7f63ac bp 0x7ffd6948e340 sp 0x7ffd6948e330 > READ of size 8 at 0x6020001e4750 thread T0 > #0 0x55a8cc7f63ab in isis_route_node_cleanup isisd/isis_route.c:335 > #1 0x7ff25ec617c1 in route_node_free lib/table.c:75 > #2 0x7ff25ec619fc in route_table_free lib/table.c:111 > FRRouting#3 0x7ff25ec61661 in route_table_finish lib/table.c:46 > FRRouting#4 0x55a8cc800d83 in _isis_spftree_del isisd/isis_spf.c:397 > FRRouting#5 0x55a8cc800e45 in isis_spftree_clear isisd/isis_spf.c:414 > FRRouting#6 0x55a8cc80bd9a in isis_run_spf isisd/isis_spf.c:2020 > FRRouting#7 0x55a8cc80c370 in isis_run_spf_with_protection isisd/isis_spf.c:2076 > FRRouting#8 0x55a8cc80cf52 in isis_run_spf_cb isisd/isis_spf.c:2165 > FRRouting#9 0x7ff25ec7c4dc in event_call lib/event.c:1970 > FRRouting#10 0x7ff25eb64423 in frr_run lib/libfrr.c:1213 > FRRouting#11 0x55a8cc7799da in main isisd/isis_main.c:318 > FRRouting#12 0x7ff25e623d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > FRRouting#13 0x7ff25e623e3f in __libc_start_main_impl ../csu/libc-start.c:392 > FRRouting#14 0x55a8cc778e44 in _start (/usr/lib/frr/isisd+0x109e44) > > 0x6020001e4750 is located 0 bytes inside of 16-byte region [0x6020001e4750,0x6020001e4760) > freed by thread T0 here: > #0 0x7ff25f000537 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 > #1 0x7ff25eb9012e in qfree lib/memory.c:130 > #2 0x55a8cc7f6485 in isis_route_table_info_free isisd/isis_route.c:351 > FRRouting#3 0x55a8cc800cf4 in _isis_spftree_del isisd/isis_spf.c:395 > FRRouting#4 0x55a8cc800e45 in isis_spftree_clear isisd/isis_spf.c:414 > FRRouting#5 0x55a8cc80bd9a in isis_run_spf isisd/isis_spf.c:2020 > FRRouting#6 0x55a8cc80c370 in isis_run_spf_with_protection isisd/isis_spf.c:2076 > FRRouting#7 0x55a8cc80cf52 in isis_run_spf_cb isisd/isis_spf.c:2165 > FRRouting#8 0x7ff25ec7c4dc in event_call lib/event.c:1970 > FRRouting#9 0x7ff25eb64423 in frr_run lib/libfrr.c:1213 > FRRouting#10 0x55a8cc7799da in main isisd/isis_main.c:318 > FRRouting#11 0x7ff25e623d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > > previously allocated by thread T0 here: > #0 0x7ff25f000a57 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154 > #1 0x7ff25eb8ffdc in qcalloc lib/memory.c:105 > #2 0x55a8cc7f63eb in isis_route_table_info_alloc isisd/isis_route.c:343 > FRRouting#3 0x55a8cc80052a in _isis_spftree_init isisd/isis_spf.c:334 > FRRouting#4 0x55a8cc800e51 in isis_spftree_clear isisd/isis_spf.c:415 > FRRouting#5 0x55a8cc80bd9a in isis_run_spf isisd/isis_spf.c:2020 > FRRouting#6 0x55a8cc80c370 in isis_run_spf_with_protection isisd/isis_spf.c:2076 > FRRouting#7 0x55a8cc80cf52 in isis_run_spf_cb isisd/isis_spf.c:2165 > FRRouting#8 0x7ff25ec7c4dc in event_call lib/event.c:1970 > FRRouting#9 0x7ff25eb64423 in frr_run lib/libfrr.c:1213 > FRRouting#10 0x55a8cc7799da in main isisd/isis_main.c:318 > FRRouting#11 0x7ff25e623d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 Fixes: 7153c3c ("isisd: update struct isis_route_info has multiple sr info by algorithm") Signed-off-by: Louis Scalbert <[email protected]>

Fix the following heap-buffer-overflow: > ==3901635==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020003a5940 at pc 0x56260067bb48 bp 0x7ffe8a4f3840 sp 0x7ffe8a4f3838 > READ of size 4 at 0x6020003a5940 thread T0 > #0 0x56260067bb47 in ecommunity_fill_pbr_action bgpd/bgp_ecommunity.c:1587 > #1 0x5626007a246e in bgp_pbr_build_and_validate_entry bgpd/bgp_pbr.c:939 > #2 0x5626007b25e6 in bgp_pbr_update_entry bgpd/bgp_pbr.c:2933 > FRRouting#3 0x562600909d18 in bgp_zebra_announce bgpd/bgp_zebra.c:1351 > FRRouting#4 0x5626007d5efd in bgp_process_main_one bgpd/bgp_route.c:3528 > FRRouting#5 0x5626007d6b43 in bgp_process_wq bgpd/bgp_route.c:3641 > FRRouting#6 0x7f450f34c2cc in work_queue_run lib/workqueue.c:266 > FRRouting#7 0x7f450f327a27 in event_call lib/event.c:1970 > FRRouting#8 0x7f450f21a637 in frr_run lib/libfrr.c:1213 > FRRouting#9 0x56260062fc04 in main bgpd/bgp_main.c:540 > FRRouting#10 0x7f450ee2dd09 in __libc_start_main ../csu/libc-start.c:308 > FRRouting#11 0x56260062ca29 in _start (/usr/lib/frr/bgpd+0x2e3a29) > > 0x6020003a5940 is located 0 bytes to the right of 16-byte region [0x6020003a5930,0x6020003a5940) > allocated by thread T0 here: > #0 0x7f450f6aa1f8 in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:164 > #1 0x7f450f244f8a in qrealloc lib/memory.c:112 > #2 0x562600673313 in ecommunity_add_val_internal bgpd/bgp_ecommunity.c:143 > FRRouting#3 0x5626006735bc in ecommunity_uniq_sort_internal bgpd/bgp_ecommunity.c:193 > FRRouting#4 0x5626006737e3 in ecommunity_parse_internal bgpd/bgp_ecommunity.c:228 > FRRouting#5 0x562600673890 in ecommunity_parse bgpd/bgp_ecommunity.c:236 > FRRouting#6 0x562600640469 in bgp_attr_ext_communities bgpd/bgp_attr.c:2674 > FRRouting#7 0x562600646eb3 in bgp_attr_parse bgpd/bgp_attr.c:3893 > FRRouting#8 0x562600791b7e in bgp_update_receive bgpd/bgp_packet.c:2141 > FRRouting#9 0x56260079ba6b in bgp_process_packet bgpd/bgp_packet.c:3406 > FRRouting#10 0x7f450f327a27 in event_call lib/event.c:1970 > FRRouting#11 0x7f450f21a637 in frr_run lib/libfrr.c:1213 > FRRouting#12 0x56260062fc04 in main bgpd/bgp_main.c:540 > FRRouting#13 0x7f450ee2dd09 in __libc_start_main ../csu/libc-start.c:308 Fixes: dacf6ec ("bgpd: utility routine to convert flowspec actions into pbr actions") Signed-off-by: Louis Scalbert <[email protected]>

``` r1# sh ip bgp 10.10.10.10/32 BGP routing table entry for 10.10.10.10/32, version 1 Paths: (2 available, best #2, table default) Advertised to non peer-group peers: 192.168.1.2 192.168.1.4 65002 65003 192.168.1.2 from 192.168.1.2 (192.168.2.2) Origin incomplete, metric 123, localpref 123, valid, external (oad) Last update: Thu Jan 11 10:46:32 2024 65004 65005 192.168.1.4 from 192.168.1.4 (192.168.4.4) Origin incomplete, metric 123, localpref 123, valid, external, best (Peer Type) Last update: Thu Jan 11 10:46:30 2024 r1# ``` Signed-off-by: Donatas Abraitis <[email protected]>

Fix a crash when re-adding a rpki server: > r2# sh run bgpd > [...] > rpki > rpki retry_interval 5 > rpki cache 192.0.2.1 15432 preference 1 > exit > [...] > r2# conf t > r2(config)# rpki > r2(config-rpki)# no rpki cache 192.0.2.1 15432 preference 1 > r2(config-rpki)# do show rpki cache-connection > Cannot find a connected group. > r2(config-rpki)# rpki cache 192.0.2.1 15432 preference 1 > r2(config-rpki)# do show rpki cache-connection > vtysh: error reading from bgpd: Resource temporarily unavailable (11)Warning: closing connection to bgpd because of an I/O error! > #0 raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50 > #1 0x00007f3fd2d16e57 in core_handler (signo=11, siginfo=0x7ffffd5931b0, context=0x7ffffd593080) at lib/sigevent.c:246 > #2 <signal handler called> > FRRouting#3 0x00007f3fd26926b4 in tommy_list_head (list=0x2e322e302e323931) at /home/lscalber/git/rtrlib/./third-party/tommyds/tommylist.h:125 > FRRouting#4 0x00007f3fd2693812 in rtr_mgr_get_first_group (config=0x55fbf31d7f00) at /home/lscalber/git/rtrlib/rtrlib/rtr_mgr.c:409 > FRRouting#5 0x00007f3fd2ebef59 in get_connected_group () at bgpd/bgp_rpki.c:718 > FRRouting#6 0x00007f3fd2ec0b39 in show_rpki_cache_connection_magic (self=0x7f3fd2ec69c0 <show_rpki_cache_connection_cmd>, vty=0x55fbf31f9ef0, argc=3, argv=0x55fbf31f99d0, uj=0x0) > # at bgpd/bgp_rpki.c:1575 > FRRouting#7 0x00007f3fd2ebd4da in show_rpki_cache_connection (self=0x7f3fd2ec69c0 <show_rpki_cache_connection_cmd>, vty=0x55fbf31f9ef0, argc=3, argv=0x55fbf31f99d0) at ./bgpd/bgp_rpki_clippy.c:648 > FRRouting#8 0x00007f3fd2c8a142 in cmd_execute_command_real (vline=0x55fbf31f9990, vty=0x55fbf31f9ef0, cmd=0x0, up_level=0) at lib/command.c:978 > FRRouting#9 0x00007f3fd2c8a25c in cmd_execute_command (vline=0x55fbf31e5260, vty=0x55fbf31f9ef0, cmd=0x0, vtysh=0) at lib/command.c:1028 > FRRouting#10 0x00007f3fd2c8a7f1 in cmd_execute (vty=0x55fbf31f9ef0, cmd=0x55fbf3200680 "do show rpki cache-connection ", matched=0x0, vtysh=0) at lib/command.c:1203 > FRRouting#11 0x00007f3fd2d36548 in vty_command (vty=0x55fbf31f9ef0, buf=0x55fbf3200680 "do show rpki cache-connection ") at lib/vty.c:594 > FRRouting#12 0x00007f3fd2d382e1 in vty_execute (vty=0x55fbf31f9ef0) at lib/vty.c:1357 > FRRouting#13 0x00007f3fd2d3a519 in vtysh_read (thread=0x7ffffd5963c0) at lib/vty.c:2365 > FRRouting#14 0x00007f3fd2d2faf6 in event_call (thread=0x7ffffd5963c0) at lib/event.c:1974 > FRRouting#15 0x00007f3fd2cc238e in frr_run (master=0x55fbf2a0cd60) at lib/libfrr.c:1214 > FRRouting#16 0x000055fbf073de40 in main (argc=9, argv=0x7ffffd596618) at bgpd/bgp_main.c:510 Signed-off-by: Louis Scalbert <[email protected]>

Fix this: *********************************************************************************** Address Sanitizer Error detected in zebra_opaque.test_zebra_opaque/r3.asan.zebra.11099 ================================================================= ==11099==ERROR: LeakSanitizer: detected memory leaks Direct leak of 66 byte(s) in 1 object(s) allocated from: #0 0x7f527fc06b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f527f5e852b in qmalloc lib/memory.c:100 #2 0x56418d20832d in zread_route_add zebra/zapi_msg.c:2125 FRRouting#3 0x56418d215d08 in zserv_handle_commands zebra/zapi_msg.c:4011 FRRouting#4 0x56418d32ab5b in zserv_process_messages zebra/zserv.c:520 FRRouting#5 0x7f527f6938d3 in event_call lib/event.c:2003 FRRouting#6 0x7f527f5cb692 in frr_run lib/libfrr.c:1218 FRRouting#7 0x56418d1c3336 in main zebra/main.c:508 FRRouting#8 0x7f527e656c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) SUMMARY: AddressSanitizer: 66 byte(s) leaked in 1 allocation(s). *********************************************************************************** Code inspection leads to some code paths where the opaque data was not freed up. Signed-off-by: Donald Sharp <[email protected]>

Fix the following crash when logging from rpki_create_socket(): > #0 raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50 > #1 0x00007f6e21723798 in core_handler (signo=6, siginfo=0x7f6e1e502ef0, context=0x7f6e1e502dc0) at lib/sigevent.c:248 > #2 <signal handler called> > FRRouting#3 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 > FRRouting#4 0x00007f6e2144e537 in __GI_abort () at abort.c:79 > FRRouting#5 0x00007f6e2176348e in _zlog_assert_failed (xref=0x7f6e2180c920 <_xref.16>, extra=0x0) at lib/zlog.c:670 > FRRouting#6 0x00007f6e216b1eda in rcu_read_lock () at lib/frrcu.c:294 > FRRouting#7 0x00007f6e21762da8 in vzlog_notls (xref=0x0, prio=2, fmt=0x7f6e217afe50 "%s:%d: %s(): assertion (%s) failed", ap=0x7f6e1e504248) at lib/zlog.c:425 > FRRouting#8 0x00007f6e217632fb in vzlogx (xref=0x0, prio=2, fmt=0x7f6e217afe50 "%s:%d: %s(): assertion (%s) failed", ap=0x7f6e1e504248) at lib/zlog.c:627 > FRRouting#9 0x00007f6e217621f5 in zlog (prio=2, fmt=0x7f6e217afe50 "%s:%d: %s(): assertion (%s) failed") at lib/zlog.h:73 > FRRouting#10 0x00007f6e21763596 in _zlog_assert_failed (xref=0x7f6e2180c920 <_xref.16>, extra=0x0) at lib/zlog.c:687 > FRRouting#11 0x00007f6e216b1eda in rcu_read_lock () at lib/frrcu.c:294 > FRRouting#12 0x00007f6e21762da8 in vzlog_notls (xref=0x7f6e21a50040 <_xref.68>, prio=4, fmt=0x7f6e21a4999f "getaddrinfo: debug", ap=0x7f6e1e504878) at lib/zlog.c:425 > FRRouting#13 0x00007f6e217632fb in vzlogx (xref=0x7f6e21a50040 <_xref.68>, prio=4, fmt=0x7f6e21a4999f "getaddrinfo: debug", ap=0x7f6e1e504878) at lib/zlog.c:627 > FRRouting#14 0x00007f6e21a3f774 in zlog_ref (xref=0x7f6e21a50040 <_xref.68>, fmt=0x7f6e21a4999f "getaddrinfo: debug") at ./lib/zlog.h:84 > FRRouting#15 0x00007f6e21a451b2 in rpki_create_socket (_cache=0x55729149cc30) at bgpd/bgp_rpki.c:1337 > FRRouting#16 0x00007f6e2120e7b7 in tr_tcp_open (tr_socket=0x5572914d1520) at rtrlib/rtrlib/transport/tcp/tcp_transport.c:111 > FRRouting#17 0x00007f6e2120e212 in tr_open (socket=0x5572914b5e00) at rtrlib/rtrlib/transport/transport.c:16 > FRRouting#18 0x00007f6e2120faa2 in rtr_fsm_start (rtr_socket=0x557290e17180) at rtrlib/rtrlib/rtr/rtr.c:130 > FRRouting#19 0x00007f6e218b7ea7 in start_thread (arg=<optimized out>) at pthread_create.c:477 > FRRouting#20 0x00007f6e21527a2f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 rpki_create_socket() is a hook function called from the rtrlib library. The issue arises because rtrlib initiates its own separate pthread in which it runs the hook, which does not establish an FRR RCU context. Consequently, this leads to failures in the logging mechanism that relies on RCU. Initialize a new FRR pthread context from the rtrlib pthread with a valid RCU context to allow logging from the rpki_create_socket() and dependent functions. Link: FRRouting#15260 Fixes: a951752 ("bgpd: create cache server socket in vrf") Signed-off-by: Louis Scalbert <[email protected]>

Fix duplicate definition of frr_affinity_map_cli_info in libfrr.so.0 and libmgmt_be_nb.so.0 > ================================================================= > ==3860488==ERROR: AddressSanitizer: odr-violation (0x7f12c98c4d20): > [1] size=296 'frr_affinity_map_cli_info' lib/affinitymap_cli.c:77:35 > [2] size=296 'frr_affinity_map_cli_info' lib/affinitymap_cli.c:77:35 > These globals were registered at these points: > [1]: > #0 0x7f12c9a36f40 in __asan_register_globals ../../../../src/libsanitizer/asan/asan_globals.cpp:341 > #1 0x7f12c9585b7d in _sub_I_00099_1 (/lib/libfrr.so.0+0x185b7d) > #2 0x7f12ca437fe1 in call_init elf/dl-init.c:72 > > [2]: > #0 0x7f12c9a36f40 in __asan_register_globals ../../../../src/libsanitizer/asan/asan_globals.cpp:341 > #1 0x7f12c93824ed in _sub_I_00099_1 (/lib/libmgmt_be_nb.so.0+0x6f4ed) > #2 0x7f12ca437fe1 in call_init elf/dl-init.c:72 > > ==3860488==HINT: if you don't care about these errors you may set ASAN_OPTIONS=detect_odr_violation=0 > SUMMARY: AddressSanitizer: odr-violation: global 'frr_affinity_map_cli_info' at lib/affinitymap_cli.c:77:35 > ==3860488==ABORTING Fixes: dc6ff4c ("lib: convert affinity-map to mgmtd") Signed-off-by: Louis Scalbert <[email protected]>

rampxxxx force-pushed the feat_isis_json_show_cmds branch from ef7c2a3 to 6f76dff Compare February 23, 2022 14:36

Karen-Schoener self-assigned this Feb 23, 2022

Karen-Schoener approved these changes Feb 23, 2022

View reviewed changes

rampxxxx requested a review from Karen-Schoener February 24, 2022 07:19

rampxxxx assigned rampxxxx and unassigned Karen-Schoener Feb 24, 2022

rampxxxx force-pushed the feat_isis_json_show_cmds branch 4 times, most recently from 5f070f2 to eef1219 Compare February 24, 2022 10:48

lynnemorrison self-requested a review February 24, 2022 14:42

lynnemorrison approved these changes Feb 24, 2022

View reviewed changes

Javier Garcia added 2 commits February 25, 2022 12:36

isisd. Add json to show summary command.

471bb5d

Signed-off-by: Javier Garcia <[email protected]>

isisd: Add json to show isis interface command.

9fee4d4

Signed-off-by: Javier Garcia <[email protected]>

rampxxxx force-pushed the feat_isis_json_show_cmds branch 2 times, most recently from 67a3ad4 to a27a606 Compare February 25, 2022 14:42

isisd: Add json to show isis neighbor command.

a21177f

Signed-off-by: Javier Garcia <[email protected]>

rampxxxx force-pushed the feat_isis_json_show_cmds branch from a27a606 to 092191b Compare March 1, 2022 17:01

Javier Garcia added 2 commits March 2, 2022 16:20

isisd: Add json to show isis database command.

a2cac12

Signed-off-by: Javier Garcia <[email protected]>

topotest: Add test for isis json cmds.

432f143

Signed-off-by: Javier Garcia <[email protected]>

rampxxxx force-pushed the feat_isis_json_show_cmds branch from 092191b to 432f143 Compare March 2, 2022 16:01

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

isisd. Add json to show summary command. #2

isisd. Add json to show summary command. #2

rampxxxx commented Feb 23, 2022

Karen-Schoener left a comment

lynnemorrison left a comment

lynnemorrison Feb 24, 2022

rampxxxx Feb 25, 2022

lynnemorrison Feb 24, 2022

rampxxxx Feb 25, 2022

lynnemorrison Feb 24, 2022

rampxxxx Feb 25, 2022

isisd. Add json to show summary command. #2

Are you sure you want to change the base?

isisd. Add json to show summary command. #2

Conversation

rampxxxx commented Feb 23, 2022

Karen-Schoener left a comment

Choose a reason for hiding this comment

lynnemorrison left a comment

Choose a reason for hiding this comment

lynnemorrison Feb 24, 2022

Choose a reason for hiding this comment

rampxxxx Feb 25, 2022

Choose a reason for hiding this comment

lynnemorrison Feb 24, 2022

Choose a reason for hiding this comment

rampxxxx Feb 25, 2022

Choose a reason for hiding this comment

lynnemorrison Feb 24, 2022

Choose a reason for hiding this comment

rampxxxx Feb 25, 2022

Choose a reason for hiding this comment