pbrd: add nexthop-vrf to config output #17

dslicenc · 2018-02-22T19:37:52Z

Signed-off-by: Don Slice dslice@cumulusnetworks.com

Signed-off-by: Don Slice <dslice@cumulusnetworks.com>

When zebra is running with debugs turned on there is a use after free reported by the address sanitizer: 2020/10/16 12:58:02 ZEBRA: rib_delnode: (0:254):4.5.6.16/32: rn 0x60b000026f20, re 0x6080000131a0, removing 2020/10/16 12:58:02 ZEBRA: rib_meta_queue_add: (0:254):4.5.6.16/32: queued rn 0x60b000026f20 into sub-queue 3 ================================================================= ==3101430==ERROR: AddressSanitizer: heap-use-after-free on address 0x608000011d28 at pc 0x555555705ab6 bp 0x7fffffffdab0 sp 0x7fffffffdaa8 READ of size 8 at 0x608000011d28 thread T0 #0 0x555555705ab5 in re_list_const_first zebra/rib.h:222 #1 0x555555705b54 in re_list_first zebra/rib.h:222 #2 0x555555711a4f in process_subq_route zebra/zebra_rib.c:2248 #3 0x555555711d2e in process_subq zebra/zebra_rib.c:2286 #4 0x555555711ec7 in meta_queue_process zebra/zebra_rib.c:2320 #5 0x7ffff74701f7 in work_queue_run lib/workqueue.c:291 #6 0x7ffff7450e9c in thread_call lib/thread.c:1581 #7 0x7ffff738eaf7 in frr_run lib/libfrr.c:1099 #8 0x55555561a578 in main zebra/main.c:455 #9 0x7ffff7079cc9 in __libc_start_main ../csu/libc-start.c:308 #10 0x5555555e3429 in _start (/usr/lib/frr/zebra+0x8f429) 0x608000011d28 is located 8 bytes inside of 88-byte region [0x608000011d20,0x608000011d78) freed by thread T0 here: #0 0x7ffff768bb6f in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.6+0xa9b6f) #1 0x7ffff739ccad in qfree lib/memory.c:129 #2 0x555555709ee4 in rib_gc_dest zebra/zebra_rib.c:746 #3 0x55555570ca76 in rib_process zebra/zebra_rib.c:1240 #4 0x555555711a05 in process_subq_route zebra/zebra_rib.c:2245 #5 0x555555711d2e in process_subq zebra/zebra_rib.c:2286 #6 0x555555711ec7 in meta_queue_process zebra/zebra_rib.c:2320 #7 0x7ffff74701f7 in work_queue_run lib/workqueue.c:291 #8 0x7ffff7450e9c in thread_call lib/thread.c:1581 #9 0x7ffff738eaf7 in frr_run lib/libfrr.c:1099 #10 0x55555561a578 in main zebra/main.c:455 #11 0x7ffff7079cc9 in __libc_start_main ../csu/libc-start.c:308 previously allocated by thread T0 here: #0 0x7ffff768c037 in calloc (/lib/x86_64-linux-gnu/libasan.so.6+0xaa037) #1 0x7ffff739cb98 in qcalloc lib/memory.c:110 #2 0x555555712ace in zebra_rib_create_dest zebra/zebra_rib.c:2515 #3 0x555555712c6c in rib_link zebra/zebra_rib.c:2576 #4 0x555555712faa in rib_addnode zebra/zebra_rib.c:2607 #5 0x555555715bf0 in rib_add_multipath_nhe zebra/zebra_rib.c:3012 #6 0x555555715f56 in rib_add_multipath zebra/zebra_rib.c:3049 #7 0x55555571788b in rib_add zebra/zebra_rib.c:3327 #8 0x5555555e584a in connected_up zebra/connected.c:254 #9 0x5555555e42ff in connected_announce zebra/connected.c:94 #10 0x5555555e4fd3 in connected_update zebra/connected.c:195 #11 0x5555555e61ad in connected_add_ipv4 zebra/connected.c:340 #12 0x5555555f26f5 in netlink_interface_addr zebra/if_netlink.c:1213 #13 0x55555560f756 in netlink_information_fetch zebra/kernel_netlink.c:350 #14 0x555555612e49 in netlink_parse_info zebra/kernel_netlink.c:941 #15 0x55555560f9f1 in kernel_read zebra/kernel_netlink.c:402 #16 0x7ffff7450e9c in thread_call lib/thread.c:1581 #17 0x7ffff738eaf7 in frr_run lib/libfrr.c:1099 #18 0x55555561a578 in main zebra/main.c:455 #19 0x7ffff7079cc9 in __libc_start_main ../csu/libc-start.c:308 SUMMARY: AddressSanitizer: heap-use-after-free zebra/rib.h:222 in re_list_const_first This is happening because we are using the dest pointer after a call into rib_gc_dest. In process_subq_route, we call rib_process() and if the dest is deleted dest pointer is now garbage. We must reload the dest pointer in this case. Signed-off-by: Donald Sharp <sharpd@nvidia.com>

When changing the peers sockunion structure the bgp->peer list was not being updated properly. Since the peer's su is being used for a sorted insert then the change of it requires that the value be pulled out of the bgp->peer list and then put back into as well. Additionally ensure that the hash is always released on peer deletion. Lead to this from this decode in a address sanitizer run. ================================================================= ==30778==ERROR: AddressSanitizer: heap-use-after-free on address 0x62a0000d8440 at pc 0x7f48c9c5c547 bp 0x7ffcba272cb0 sp 0x7ffcba272ca8 READ of size 2 at 0x62a0000d8440 thread T0 #0 0x7f48c9c5c546 in sockunion_same lib/sockunion.c:425 #1 0x55cfefe3000f in peer_hash_same bgpd/bgpd.c:890 #2 0x7f48c9bde039 in hash_release lib/hash.c:209 #3 0x55cfefe3373f in bgp_peer_conf_if_to_su_update bgpd/bgpd.c:1541 #4 0x55cfefd0be7a in bgp_stop bgpd/bgp_fsm.c:1631 #5 0x55cfefe4028f in peer_delete bgpd/bgpd.c:2362 #6 0x55cfefdd5e97 in no_neighbor_interface_config bgpd/bgp_vty.c:4267 #7 0x7f48c9b9d160 in cmd_execute_command_real lib/command.c:949 #8 0x7f48c9ba1112 in cmd_execute_command lib/command.c:1009 #9 0x7f48c9ba1573 in cmd_execute lib/command.c:1162 #10 0x7f48c9c87402 in vty_command lib/vty.c:526 #11 0x7f48c9c87832 in vty_execute lib/vty.c:1291 #12 0x7f48c9c8e741 in vtysh_read lib/vty.c:2130 #13 0x7f48c9c7a66d in thread_call lib/thread.c:1585 #14 0x7f48c9bf64e7 in frr_run lib/libfrr.c:1123 #15 0x55cfefc75a15 in main bgpd/bgp_main.c:540 #16 0x7f48c96b009a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a) #17 0x55cfefc787f9 in _start (/usr/lib/frr/bgpd+0xe27f9) 0x62a0000d8440 is located 576 bytes inside of 23376-byte region [0x62a0000d8200,0x62a0000ddd50) freed by thread T0 here: #0 0x7f48c9eb9fb0 in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.5+0xe8fb0) #1 0x55cfefe3fe42 in peer_free bgpd/bgpd.c:1113 #2 0x55cfefe3fe42 in peer_unlock_with_caller bgpd/bgpd.c:1144 #3 0x55cfefe4092e in peer_delete bgpd/bgpd.c:2457 #4 0x55cfefdd5e97 in no_neighbor_interface_config bgpd/bgp_vty.c:4267 #5 0x7f48c9b9d160 in cmd_execute_command_real lib/command.c:949 #6 0x7f48c9ba1112 in cmd_execute_command lib/command.c:1009 #7 0x7f48c9ba1573 in cmd_execute lib/command.c:1162 #8 0x7f48c9c87402 in vty_command lib/vty.c:526 #9 0x7f48c9c87832 in vty_execute lib/vty.c:1291 #10 0x7f48c9c8e741 in vtysh_read lib/vty.c:2130 #11 0x7f48c9c7a66d in thread_call lib/thread.c:1585 #12 0x7f48c9bf64e7 in frr_run lib/libfrr.c:1123 #13 0x55cfefc75a15 in main bgpd/bgp_main.c:540 #14 0x7f48c96b009a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a) Signed-off-by: Donald Sharp <sharpd@nvidia.com>

ASAN reported the following memleak: ``` Direct leak of 40 byte(s) in 1 object(s) allocated from: #0 0x4d4342 in calloc (/usr/lib/frr/bgpd+0x4d4342) #1 0xbc3d68 in qcalloc /home/sharpd/frr8/lib/memory.c:116:27 #2 0xb869f7 in list_new /home/sharpd/frr8/lib/linklist.c:64:9 #3 0x5a38bc in bgp_evpn_remote_ip_hash_alloc /home/sharpd/frr8/bgpd/bgp_evpn.c:6789:24 #4 0xb358d3 in hash_get /home/sharpd/frr8/lib/hash.c:162:13 #5 0x593d39 in bgp_evpn_remote_ip_hash_add /home/sharpd/frr8/bgpd/bgp_evpn.c:6881:7 #6 0x59dbbd in install_evpn_route_entry_in_vni_common /home/sharpd/frr8/bgpd/bgp_evpn.c:3049:2 #7 0x59cfe0 in install_evpn_route_entry_in_vni_ip /home/sharpd/frr8/bgpd/bgp_evpn.c:3126:8 #8 0x59c6f0 in install_evpn_route_entry /home/sharpd/frr8/bgpd/bgp_evpn.c:3318:8 #9 0x59bb52 in install_uninstall_route_in_vnis /home/sharpd/frr8/bgpd/bgp_evpn.c:3888:10 #10 0x59b6d2 in bgp_evpn_install_uninstall_table /home/sharpd/frr8/bgpd/bgp_evpn.c:4019:5 #11 0x578857 in install_uninstall_evpn_route /home/sharpd/frr8/bgpd/bgp_evpn.c:4051:9 #12 0x58ada6 in bgp_evpn_import_route /home/sharpd/frr8/bgpd/bgp_evpn.c:6049:9 #13 0x713794 in bgp_update /home/sharpd/frr8/bgpd/bgp_route.c:4842:3 #14 0x583fa0 in process_type2_route /home/sharpd/frr8/bgpd/bgp_evpn.c:4518:9 #15 0x5824ba in bgp_nlri_parse_evpn /home/sharpd/frr8/bgpd/bgp_evpn.c:5732:8 #16 0x6ae6a2 in bgp_nlri_parse /home/sharpd/frr8/bgpd/bgp_packet.c:363:10 #17 0x6be6fa in bgp_update_receive /home/sharpd/frr8/bgpd/bgp_packet.c:2020:15 #18 0x6b7433 in bgp_process_packet /home/sharpd/frr8/bgpd/bgp_packet.c:2929:11 #19 0xd00146 in thread_call /home/sharpd/frr8/lib/thread.c:2006:2 ``` The list itself was not being cleaned up when the final list entry was removed, so make sure we do that instead of leaking memory. Signed-off-by: Trey Aspelund <taspelund@nvidia.com>

When changing the peers sockunion structure the bgp->peer list was not being updated properly. Since the peer's su is being used for a sorted insert then the change of it requires that the value be pulled out of the bgp->peer list and then put back into as well. Additionally ensure that the hash is always released on peer deletion. Lead to this from this decode in a address sanitizer run. ================================================================= ==30778==ERROR: AddressSanitizer: heap-use-after-free on address 0x62a0000d8440 at pc 0x7f48c9c5c547 bp 0x7ffcba272cb0 sp 0x7ffcba272ca8 READ of size 2 at 0x62a0000d8440 thread T0 #0 0x7f48c9c5c546 in sockunion_same lib/sockunion.c:425 #1 0x55cfefe3000f in peer_hash_same bgpd/bgpd.c:890 #2 0x7f48c9bde039 in hash_release lib/hash.c:209 #3 0x55cfefe3373f in bgp_peer_conf_if_to_su_update bgpd/bgpd.c:1541 #4 0x55cfefd0be7a in bgp_stop bgpd/bgp_fsm.c:1631 #5 0x55cfefe4028f in peer_delete bgpd/bgpd.c:2362 #6 0x55cfefdd5e97 in no_neighbor_interface_config bgpd/bgp_vty.c:4267 #7 0x7f48c9b9d160 in cmd_execute_command_real lib/command.c:949 #8 0x7f48c9ba1112 in cmd_execute_command lib/command.c:1009 #9 0x7f48c9ba1573 in cmd_execute lib/command.c:1162 #10 0x7f48c9c87402 in vty_command lib/vty.c:526 #11 0x7f48c9c87832 in vty_execute lib/vty.c:1291 #12 0x7f48c9c8e741 in vtysh_read lib/vty.c:2130 #13 0x7f48c9c7a66d in thread_call lib/thread.c:1585 #14 0x7f48c9bf64e7 in frr_run lib/libfrr.c:1123 #15 0x55cfefc75a15 in main bgpd/bgp_main.c:540 #16 0x7f48c96b009a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a) #17 0x55cfefc787f9 in _start (/usr/lib/frr/bgpd+0xe27f9) 0x62a0000d8440 is located 576 bytes inside of 23376-byte region [0x62a0000d8200,0x62a0000ddd50) freed by thread T0 here: #0 0x7f48c9eb9fb0 in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.5+0xe8fb0) #1 0x55cfefe3fe42 in peer_free bgpd/bgpd.c:1113 #2 0x55cfefe3fe42 in peer_unlock_with_caller bgpd/bgpd.c:1144 #3 0x55cfefe4092e in peer_delete bgpd/bgpd.c:2457 #4 0x55cfefdd5e97 in no_neighbor_interface_config bgpd/bgp_vty.c:4267 #5 0x7f48c9b9d160 in cmd_execute_command_real lib/command.c:949 #6 0x7f48c9ba1112 in cmd_execute_command lib/command.c:1009 #7 0x7f48c9ba1573 in cmd_execute lib/command.c:1162 #8 0x7f48c9c87402 in vty_command lib/vty.c:526 #9 0x7f48c9c87832 in vty_execute lib/vty.c:1291 #10 0x7f48c9c8e741 in vtysh_read lib/vty.c:2130 #11 0x7f48c9c7a66d in thread_call lib/thread.c:1585 #12 0x7f48c9bf64e7 in frr_run lib/libfrr.c:1123 #13 0x55cfefc75a15 in main bgpd/bgp_main.c:540 #14 0x7f48c96b009a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a) Signed-off-by: Donald Sharp <sharpd@nvidia.com>

This commit ensures proper cleanup by deleting the gm_join_list when a PIM interface is deleted. The gm_join_list was previously not being freed, causing a memory leak. The ASan leak log for reference: ``` *********************************************************************************** Address Sanitizer Error detected in multicast_mld_join_topo1.test_multicast_mld_local_join/r1.asan.pim6d.28070 ================================================================= ==28070==ERROR: LeakSanitizer: detected memory leaks Direct leak of 40 byte(s) in 1 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x56230373dd6b in qcalloc lib/memory.c:105 #2 0x56230372180f in list_new lib/linklist.c:49 #3 0x56230361b589 in pim_if_gm_join_add pimd/pim_iface.c:1313 #4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 #5 0x562303767280 in nb_callback_create lib/northbound.c:1235 #6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 #7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 #8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 #9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 #10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 #11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 #12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 #13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053 #14 0x5623036c6392 in cmd_execute lib/command.c:1221 #15 0x5623037e75da in vty_command lib/vty.c:591 #16 0x5623037e7a74 in vty_execute lib/vty.c:1354 #17 0x5623037f0253 in vtysh_read lib/vty.c:2362 #18 0x5623037db4e8 in event_call lib/event.c:1995 #19 0x562303720f97 in frr_run lib/libfrr.c:1213 #20 0x56230368615d in main pimd/pim6_main.c:184 #21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 192 byte(s) in 4 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x56230373dd6b in qcalloc lib/memory.c:105 #2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288 #3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326 #4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 #5 0x562303767280 in nb_callback_create lib/northbound.c:1235 #6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 #7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 #8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 #9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 #10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 #11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 #12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 #13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053 #14 0x5623036c6392 in cmd_execute lib/command.c:1221 #15 0x5623037e75da in vty_command lib/vty.c:591 #16 0x5623037e7a74 in vty_execute lib/vty.c:1354 #17 0x5623037f0253 in vtysh_read lib/vty.c:2362 #18 0x5623037db4e8 in event_call lib/event.c:1995 #19 0x562303720f97 in frr_run lib/libfrr.c:1213 #20 0x56230368615d in main pimd/pim6_main.c:184 #21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 96 byte(s) in 4 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x56230373dd6b in qcalloc lib/memory.c:105 #2 0x562303721651 in listnode_new lib/linklist.c:71 #3 0x56230372182b in listnode_add lib/linklist.c:92 #4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295 #5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326 #6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 #7 0x562303767280 in nb_callback_create lib/northbound.c:1235 #8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 #9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 #10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 #11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 #12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 #13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 #14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 #15 0x5623036c5f1b in cmd_execute_command lib/command.c:1053 #16 0x5623036c6392 in cmd_execute lib/command.c:1221 #17 0x5623037e75da in vty_command lib/vty.c:591 #18 0x5623037e7a74 in vty_execute lib/vty.c:1354 #19 0x5623037f0253 in vtysh_read lib/vty.c:2362 #20 0x5623037db4e8 in event_call lib/event.c:1995 #21 0x562303720f97 in frr_run lib/libfrr.c:1213 #22 0x56230368615d in main pimd/pim6_main.c:184 #23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 48 byte(s) in 1 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x56230373dd6b in qcalloc lib/memory.c:105 #2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288 #3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326 #4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 #5 0x562303767280 in nb_callback_create lib/northbound.c:1235 #6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 #7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 #8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 #9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 #10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 #11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 #12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 #13 0x5623036c5f6f in cmd_execute_command lib/command.c:1072 #14 0x5623036c6392 in cmd_execute lib/command.c:1221 #15 0x5623037e75da in vty_command lib/vty.c:591 #16 0x5623037e7a74 in vty_execute lib/vty.c:1354 #17 0x5623037f0253 in vtysh_read lib/vty.c:2362 #18 0x5623037db4e8 in event_call lib/event.c:1995 #19 0x562303720f97 in frr_run lib/libfrr.c:1213 #20 0x56230368615d in main pimd/pim6_main.c:184 #21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x56230373dd6b in qcalloc lib/memory.c:105 #2 0x562303721651 in listnode_new lib/linklist.c:71 #3 0x56230372182b in listnode_add lib/linklist.c:92 #4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295 #5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326 #6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 #7 0x562303767280 in nb_callback_create lib/northbound.c:1235 #8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 #9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 #10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 #11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 #12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 #13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 #14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 #15 0x5623036c5f6f in cmd_execute_command lib/command.c:1072 #16 0x5623036c6392 in cmd_execute lib/command.c:1221 #17 0x5623037e75da in vty_command lib/vty.c:591 #18 0x5623037e7a74 in vty_execute lib/vty.c:1354 #19 0x5623037f0253 in vtysh_read lib/vty.c:2362 #20 0x5623037db4e8 in event_call lib/event.c:1995 #21 0x562303720f97 in frr_run lib/libfrr.c:1213 #22 0x56230368615d in main pimd/pim6_main.c:184 #23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) SUMMARY: AddressSanitizer: 400 byte(s) leaked in 11 allocation(s). *********************************************************************************** ``` Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>

The loading_done event needs a event pointer to prevent use after free's. Testing found this: ERROR: AddressSanitizer: heap-use-after-free on address 0x613000035130 at pc 0x55ad42d54e5f bp 0x7ffff1e942a0 sp 0x7ffff1e94290 READ of size 1 at 0x613000035130 thread T0 #0 0x55ad42d54e5e in loading_done ospf6d/ospf6_neighbor.c:447 #1 0x55ad42ed7be4 in event_call lib/event.c:1995 #2 0x55ad42e1df75 in frr_run lib/libfrr.c:1213 #3 0x55ad42cf332e in main ospf6d/ospf6_main.c:250 #4 0x7f5798133c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) #5 0x55ad42cf2b19 in _start (/usr/lib/frr/ospf6d+0x248b19) 0x613000035130 is located 48 bytes inside of 384-byte region [0x613000035100,0x613000035280) freed by thread T0 here: #0 0x7f57998d77a8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7a8) #1 0x55ad42e3b4b6 in qfree lib/memory.c:130 #2 0x55ad42d5d049 in ospf6_neighbor_delete ospf6d/ospf6_neighbor.c:180 #3 0x55ad42d1e1ea in interface_down ospf6d/ospf6_interface.c:930 #4 0x55ad42ed7be4 in event_call lib/event.c:1995 #5 0x55ad42ed84fe in _event_execute lib/event.c:2086 #6 0x55ad42d26d7b in ospf6_interface_clear ospf6d/ospf6_interface.c:2847 #7 0x55ad42d73f16 in ospf6_process_reset ospf6d/ospf6_top.c:755 #8 0x55ad42d7e98c in clear_router_ospf6_magic ospf6d/ospf6_top.c:778 #9 0x55ad42d7e98c in clear_router_ospf6 ospf6d/ospf6_top_clippy.c:42 #10 0x55ad42dc2665 in cmd_execute_command_real lib/command.c:994 #11 0x55ad42dc2b32 in cmd_execute_command lib/command.c:1053 #12 0x55ad42dc2fa9 in cmd_execute lib/command.c:1221 #13 0x55ad42ee3cd6 in vty_command lib/vty.c:591 #14 0x55ad42ee4170 in vty_execute lib/vty.c:1354 #15 0x55ad42eec94f in vtysh_read lib/vty.c:2362 #16 0x55ad42ed7be4 in event_call lib/event.c:1995 #17 0x55ad42e1df75 in frr_run lib/libfrr.c:1213 #18 0x55ad42cf332e in main ospf6d/ospf6_main.c:250 #19 0x7f5798133c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) previously allocated by thread T0 here: #0 0x7f57998d7d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x55ad42e3ab22 in qcalloc lib/memory.c:105 #2 0x55ad42d5c8ff in ospf6_neighbor_create ospf6d/ospf6_neighbor.c:119 #3 0x55ad42d4c86a in ospf6_hello_recv ospf6d/ospf6_message.c:464 #4 0x55ad42d4c86a in ospf6_read_helper ospf6d/ospf6_message.c:1884 #5 0x55ad42d4c86a in ospf6_receive ospf6d/ospf6_message.c:1925 #6 0x55ad42ed7be4 in event_call lib/event.c:1995 #7 0x55ad42e1df75 in frr_run lib/libfrr.c:1213 #8 0x55ad42cf332e in main ospf6d/ospf6_main.c:250 #9 0x7f5798133c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Add an actual event pointer and just track it appropriately. Signed-off-by: Donald Sharp <sharpd@nvidia.com>

In the function ospf_lsa_translated_nssa_new the newly created lsa is lock however, the return lsa from ospf_lsa_new already has a lock. Therefore removing the addition lock resolve the leak below. ospf_basic_functionality.test_ospf_nssa#r3.asan.ospfd.5456 ================================================================= ==5456==ERROR: LeakSanitizer: detected memory leaks Direct leak of 640 byte(s) in 5 object(s) allocated from: #0 0x7f294f354a37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154 #1 0x7f294eeed562 in qcalloc ../lib/memory.c:105 #2 0x561a16004f60 in ospf_lsa_new ../ospfd/ospf_lsa.c:186 #3 0x561a160051a1 in ospf_lsa_new_and_data ../ospfd/ospf_lsa.c:205 #4 0x561a1600f21d in ospf_exnl_lsa_prepare_and_flood ../ospfd/ospf_lsa.c:1762 #5 0x561a1600fd71 in ospf_external_lsa_new ../ospfd/ospf_lsa.c:1863 #6 0x561a160107d7 in ospf_lsa_translated_nssa_new ../ospfd/ospf_lsa.c:1985 #7 0x561a16011cfb in ospf_translated_nssa_refresh ../ospfd/ospf_lsa.c:2152 #8 0x561a16014bb2 in ospf_external_lsa_install ../ospfd/ospf_lsa.c:2871 #9 0x561a1601596b in ospf_lsa_install ../ospfd/ospf_lsa.c:3076 #10 0x561a16168b3c in ospf_flood ../ospfd/ospf_flood.c:482 #11 0x561a160462f8 in ospf_ls_upd ../ospfd/ospf_packet.c:2115 #12 0x561a1604c66c in ospf_read_helper ../ospfd/ospf_packet.c:3198 #13 0x561a1604c88e in ospf_read ../ospfd/ospf_packet.c:3229 #14 0x7f294efd6c33 in event_call ../lib/event.c:1995 #15 0x7f294eec134a in frr_run ../lib/libfrr.c:1213 #16 0x561a15fd3b6d in main ../ospfd/ospf_main.c:249 #17 0x7f294e998d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 Objects leaked above: 0x60c000062800 (128 bytes) 0x60c000062c80 (128 bytes) 0x60c0000631c0 (128 bytes) 0x60c000063700 (128 bytes) 0x60c000063d00 (128 bytes) Direct leak of 640 byte(s) in 5 object(s) allocated from: #0 0x7f294f354a37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154 #1 0x7f294eeed562 in qcalloc ../lib/memory.c:105 #2 0x561a16004f60 in ospf_lsa_new ../ospfd/ospf_lsa.c:186 #3 0x561a160051a1 in ospf_lsa_new_and_data ../ospfd/ospf_lsa.c:205 #4 0x561a1600f21d in ospf_exnl_lsa_prepare_and_flood ../ospfd/ospf_lsa.c:1762 #5 0x561a1600fd71 in ospf_external_lsa_new ../ospfd/ospf_lsa.c:1863 #6 0x561a160107d7 in ospf_lsa_translated_nssa_new ../ospfd/ospf_lsa.c:1985 #7 0x561a16010e10 in ospf_translated_nssa_originate ../ospfd/ospf_lsa.c:2034 #8 0x561a16136559 in ospf_abr_translate_nssa ../ospfd/ospf_abr.c:668 #9 0x561a161383da in ospf_abr_process_nssa_translates ../ospfd/ospf_abr.c:968 #10 0x561a1613f9b8 in ospf_abr_nssa_task ../ospfd/ospf_abr.c:2054 #11 0x561a161402e5 in ospf_abr_task_timer ../ospfd/ospf_abr.c:2168 #12 0x7f294efd6c33 in event_call ../lib/event.c:1995 #13 0x7f294eec134a in frr_run ../lib/libfrr.c:1213 #14 0x561a15fd3b6d in main ../ospfd/ospf_main.c:249 #15 0x7f294e998d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 Objects leaked above: 0x60c00003e380 (128 bytes) 0x60c00003e740 (128 bytes) 0x60c00003eb00 (128 bytes) 0x60c00005fd40 (128 bytes) 0x60c00005ff80 (128 bytes) Indirect leak of 180 byte(s) in 5 object(s) allocated from: #0 0x7f294f354a37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154 #1 0x7f294eeed562 in qcalloc ../lib/memory.c:105 #2 0x561a16005a43 in ospf_lsa_data_new ../ospfd/ospf_lsa.c:296 #3 0x561a160051b1 in ospf_lsa_new_and_data ../ospfd/ospf_lsa.c:206 #4 0x561a1600f21d in ospf_exnl_lsa_prepare_and_flood ../ospfd/ospf_lsa.c:1762 #5 0x561a1600fd71 in ospf_external_lsa_new ../ospfd/ospf_lsa.c:1863 #6 0x561a160107d7 in ospf_lsa_translated_nssa_new ../ospfd/ospf_lsa.c:1985 #7 0x561a16011cfb in ospf_translated_nssa_refresh ../ospfd/ospf_lsa.c:2152 #8 0x561a16014bb2 in ospf_external_lsa_install ../ospfd/ospf_lsa.c:2871 #9 0x561a1601596b in ospf_lsa_install ../ospfd/ospf_lsa.c:3076 #10 0x561a16168b3c in ospf_flood ../ospfd/ospf_flood.c:482 #11 0x561a160462f8 in ospf_ls_upd ../ospfd/ospf_packet.c:2115 #12 0x561a1604c66c in ospf_read_helper ../ospfd/ospf_packet.c:3198 #13 0x561a1604c88e in ospf_read ../ospfd/ospf_packet.c:3229 #14 0x7f294efd6c33 in event_call ../lib/event.c:1995 #15 0x7f294eec134a in frr_run ../lib/libfrr.c:1213 #16 0x561a15fd3b6d in main ../ospfd/ospf_main.c:249 #17 0x7f294e998d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 Objects leaked above: 0x60400003f890 (36 bytes) 0x60400003f990 (36 bytes) 0x60400003fa50 (36 bytes) 0x60400003fb10 (36 bytes) 0x60400003fbd0 (36 bytes) Indirect leak of 180 byte(s) in 5 object(s) allocated from: #0 0x7f294f354a37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154 #1 0x7f294eeed562 in qcalloc ../lib/memory.c:105 #2 0x561a16005a43 in ospf_lsa_data_new ../ospfd/ospf_lsa.c:296 #3 0x561a160051b1 in ospf_lsa_new_and_data ../ospfd/ospf_lsa.c:206 #4 0x561a1600f21d in ospf_exnl_lsa_prepare_and_flood ../ospfd/ospf_lsa.c:1762 #5 0x561a1600fd71 in ospf_external_lsa_new ../ospfd/ospf_lsa.c:1863 #6 0x561a160107d7 in ospf_lsa_translated_nssa_new ../ospfd/ospf_lsa.c:1985 #7 0x561a16010e10 in ospf_translated_nssa_originate ../ospfd/ospf_lsa.c:2034 #8 0x561a16136559 in ospf_abr_translate_nssa ../ospfd/ospf_abr.c:668 #9 0x561a161383da in ospf_abr_process_nssa_translates ../ospfd/ospf_abr.c:968 #10 0x561a1613f9b8 in ospf_abr_nssa_task ../ospfd/ospf_abr.c:2054 #11 0x561a161402e5 in ospf_abr_task_timer ../ospfd/ospf_abr.c:2168 #12 0x7f294efd6c33 in event_call ../lib/event.c:1995 #13 0x7f294eec134a in frr_run ../lib/libfrr.c:1213 #14 0x561a15fd3b6d in main ../ospfd/ospf_main.c:249 #15 0x7f294e998d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 Objects leaked above: 0x60400003c6d0 (36 bytes) 0x60400003c790 (36 bytes) 0x60400003c810 (36 bytes) 0x60400003c890 (36 bytes) 0x60400003c910 (36 bytes) SUMMARY: AddressSanitizer: 1640 byte(s) leaked in 20 allocation(s). Signed-off-by: ryndia <dindyalsarvesh@gmail.com>

This commit ensures proper cleanup by clearing the `algo->pdst` pointer if it points to a path that is being deleted. It addresses memory leaks by freeing memory held by `algo->pdst` that might not have been released during the cleanup of processed paths. The ASan leak log for reference: ``` Direct leak of 96 byte(s) in 1 object(s) allocated from: #0 0x7fbffcec9a37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154 #1 0x7fbffca67a81 in qcalloc ../lib/memory.c:105 #2 0x7fbffc9d1a54 in cpath_new ../lib/cspf.c:44 #3 0x7fbffc9d2829 in cspf_init ../lib/cspf.c:256 #4 0x7fbffc9d295d in cspf_init_v4 ../lib/cspf.c:287 #5 0x5601dcd34d3f in show_sharp_cspf_magic ../sharpd/sharp_vty.c:1262 #6 0x5601dcd2c2be in show_sharp_cspf sharpd/sharp_vty_clippy.c:1869 #7 0x7fbffc9afd61 in cmd_execute_command_real ../lib/command.c:993 #8 0x7fbffc9b00ee in cmd_execute_command ../lib/command.c:1052 #9 0x7fbffc9b0dc0 in cmd_execute ../lib/command.c:1218 #10 0x7fbffcb611c7 in vty_command ../lib/vty.c:591 #11 0x7fbffcb660ac in vty_execute ../lib/vty.c:1354 #12 0x7fbffcb6c4aa in vtysh_read ../lib/vty.c:2362 #13 0x7fbffcb51324 in event_call ../lib/event.c:1979 #14 0x7fbffca3b872 in frr_run ../lib/libfrr.c:1213 #15 0x5601dcd11c6f in main ../sharpd/sharp_main.c:177 #16 0x7fbffc5ffd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 Indirect leak of 40 byte(s) in 1 object(s) allocated from: #0 0x7fbffcec9a37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154 #1 0x7fbffca67a81 in qcalloc ../lib/memory.c:105 #2 0x7fbffca3c108 in list_new ../lib/linklist.c:49 #3 0x7fbffc9d1acc in cpath_new ../lib/cspf.c:47 #4 0x7fbffc9d2829 in cspf_init ../lib/cspf.c:256 #5 0x7fbffc9d295d in cspf_init_v4 ../lib/cspf.c:287 #6 0x5601dcd34d3f in show_sharp_cspf_magic ../sharpd/sharp_vty.c:1262 #7 0x5601dcd2c2be in show_sharp_cspf sharpd/sharp_vty_clippy.c:1869 #8 0x7fbffc9afd61 in cmd_execute_command_real ../lib/command.c:993 #9 0x7fbffc9b00ee in cmd_execute_command ../lib/command.c:1052 #10 0x7fbffc9b0dc0 in cmd_execute ../lib/command.c:1218 #11 0x7fbffcb611c7 in vty_command ../lib/vty.c:591 #12 0x7fbffcb660ac in vty_execute ../lib/vty.c:1354 #13 0x7fbffcb6c4aa in vtysh_read ../lib/vty.c:2362 #14 0x7fbffcb51324 in event_call ../lib/event.c:1979 #15 0x7fbffca3b872 in frr_run ../lib/libfrr.c:1213 #16 0x5601dcd11c6f in main ../sharpd/sharp_main.c:177 #17 0x7fbffc5ffd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 ``` Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>

This commit ensures proper cleanup by deleting the gm_join_list when a PIM interface is deleted. The gm_join_list was previously not being freed, causing a memory leak. The ASan leak log for reference: ``` *********************************************************************************** Address Sanitizer Error detected in multicast_mld_join_topo1.test_multicast_mld_local_join/r1.asan.pim6d.28070 ================================================================= ==28070==ERROR: LeakSanitizer: detected memory leaks Direct leak of 40 byte(s) in 1 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x56230373dd6b in qcalloc lib/memory.c:105 #2 0x56230372180f in list_new lib/linklist.c:49 #3 0x56230361b589 in pim_if_gm_join_add pimd/pim_iface.c:1313 #4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 #5 0x562303767280 in nb_callback_create lib/northbound.c:1235 #6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 #7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 #8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 #9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 #10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 #11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 #12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 #13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053 #14 0x5623036c6392 in cmd_execute lib/command.c:1221 #15 0x5623037e75da in vty_command lib/vty.c:591 #16 0x5623037e7a74 in vty_execute lib/vty.c:1354 #17 0x5623037f0253 in vtysh_read lib/vty.c:2362 #18 0x5623037db4e8 in event_call lib/event.c:1995 #19 0x562303720f97 in frr_run lib/libfrr.c:1213 #20 0x56230368615d in main pimd/pim6_main.c:184 #21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 192 byte(s) in 4 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x56230373dd6b in qcalloc lib/memory.c:105 #2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288 #3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326 #4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 #5 0x562303767280 in nb_callback_create lib/northbound.c:1235 #6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 #7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 #8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 #9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 #10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 #11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 #12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 #13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053 #14 0x5623036c6392 in cmd_execute lib/command.c:1221 #15 0x5623037e75da in vty_command lib/vty.c:591 #16 0x5623037e7a74 in vty_execute lib/vty.c:1354 #17 0x5623037f0253 in vtysh_read lib/vty.c:2362 #18 0x5623037db4e8 in event_call lib/event.c:1995 #19 0x562303720f97 in frr_run lib/libfrr.c:1213 #20 0x56230368615d in main pimd/pim6_main.c:184 #21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 96 byte(s) in 4 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x56230373dd6b in qcalloc lib/memory.c:105 #2 0x562303721651 in listnode_new lib/linklist.c:71 #3 0x56230372182b in listnode_add lib/linklist.c:92 #4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295 #5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326 #6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 #7 0x562303767280 in nb_callback_create lib/northbound.c:1235 #8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 #9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 #10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 #11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 #12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 #13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 #14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 #15 0x5623036c5f1b in cmd_execute_command lib/command.c:1053 #16 0x5623036c6392 in cmd_execute lib/command.c:1221 #17 0x5623037e75da in vty_command lib/vty.c:591 #18 0x5623037e7a74 in vty_execute lib/vty.c:1354 #19 0x5623037f0253 in vtysh_read lib/vty.c:2362 #20 0x5623037db4e8 in event_call lib/event.c:1995 #21 0x562303720f97 in frr_run lib/libfrr.c:1213 #22 0x56230368615d in main pimd/pim6_main.c:184 #23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 48 byte(s) in 1 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x56230373dd6b in qcalloc lib/memory.c:105 #2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288 #3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326 #4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 #5 0x562303767280 in nb_callback_create lib/northbound.c:1235 #6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 #7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 #8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 #9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 #10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 #11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 #12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 #13 0x5623036c5f6f in cmd_execute_command lib/command.c:1072 #14 0x5623036c6392 in cmd_execute lib/command.c:1221 #15 0x5623037e75da in vty_command lib/vty.c:591 #16 0x5623037e7a74 in vty_execute lib/vty.c:1354 #17 0x5623037f0253 in vtysh_read lib/vty.c:2362 #18 0x5623037db4e8 in event_call lib/event.c:1995 #19 0x562303720f97 in frr_run lib/libfrr.c:1213 #20 0x56230368615d in main pimd/pim6_main.c:184 #21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x56230373dd6b in qcalloc lib/memory.c:105 #2 0x562303721651 in listnode_new lib/linklist.c:71 #3 0x56230372182b in listnode_add lib/linklist.c:92 #4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295 #5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326 #6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868 #7 0x562303767280 in nb_callback_create lib/northbound.c:1235 #8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579 #9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710 #10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104 #11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137 #12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49 #13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88 #14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991 #15 0x5623036c5f6f in cmd_execute_command lib/command.c:1072 #16 0x5623036c6392 in cmd_execute lib/command.c:1221 #17 0x5623037e75da in vty_command lib/vty.c:591 #18 0x5623037e7a74 in vty_execute lib/vty.c:1354 #19 0x5623037f0253 in vtysh_read lib/vty.c:2362 #20 0x5623037db4e8 in event_call lib/event.c:1995 #21 0x562303720f97 in frr_run lib/libfrr.c:1213 #22 0x56230368615d in main pimd/pim6_main.c:184 #23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) SUMMARY: AddressSanitizer: 400 byte(s) leaked in 11 allocation(s). *********************************************************************************** ``` Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com> (cherry picked from commit 24379f0)

The loading_done event needs a event pointer to prevent use after free's. Testing found this: ERROR: AddressSanitizer: heap-use-after-free on address 0x613000035130 at pc 0x55ad42d54e5f bp 0x7ffff1e942a0 sp 0x7ffff1e94290 READ of size 1 at 0x613000035130 thread T0 #0 0x55ad42d54e5e in loading_done ospf6d/ospf6_neighbor.c:447 #1 0x55ad42ed7be4 in event_call lib/event.c:1995 #2 0x55ad42e1df75 in frr_run lib/libfrr.c:1213 #3 0x55ad42cf332e in main ospf6d/ospf6_main.c:250 #4 0x7f5798133c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) #5 0x55ad42cf2b19 in _start (/usr/lib/frr/ospf6d+0x248b19) 0x613000035130 is located 48 bytes inside of 384-byte region [0x613000035100,0x613000035280) freed by thread T0 here: #0 0x7f57998d77a8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7a8) #1 0x55ad42e3b4b6 in qfree lib/memory.c:130 #2 0x55ad42d5d049 in ospf6_neighbor_delete ospf6d/ospf6_neighbor.c:180 #3 0x55ad42d1e1ea in interface_down ospf6d/ospf6_interface.c:930 #4 0x55ad42ed7be4 in event_call lib/event.c:1995 #5 0x55ad42ed84fe in _event_execute lib/event.c:2086 #6 0x55ad42d26d7b in ospf6_interface_clear ospf6d/ospf6_interface.c:2847 #7 0x55ad42d73f16 in ospf6_process_reset ospf6d/ospf6_top.c:755 #8 0x55ad42d7e98c in clear_router_ospf6_magic ospf6d/ospf6_top.c:778 #9 0x55ad42d7e98c in clear_router_ospf6 ospf6d/ospf6_top_clippy.c:42 #10 0x55ad42dc2665 in cmd_execute_command_real lib/command.c:994 #11 0x55ad42dc2b32 in cmd_execute_command lib/command.c:1053 #12 0x55ad42dc2fa9 in cmd_execute lib/command.c:1221 #13 0x55ad42ee3cd6 in vty_command lib/vty.c:591 #14 0x55ad42ee4170 in vty_execute lib/vty.c:1354 #15 0x55ad42eec94f in vtysh_read lib/vty.c:2362 #16 0x55ad42ed7be4 in event_call lib/event.c:1995 #17 0x55ad42e1df75 in frr_run lib/libfrr.c:1213 #18 0x55ad42cf332e in main ospf6d/ospf6_main.c:250 #19 0x7f5798133c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) previously allocated by thread T0 here: #0 0x7f57998d7d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x55ad42e3ab22 in qcalloc lib/memory.c:105 #2 0x55ad42d5c8ff in ospf6_neighbor_create ospf6d/ospf6_neighbor.c:119 #3 0x55ad42d4c86a in ospf6_hello_recv ospf6d/ospf6_message.c:464 #4 0x55ad42d4c86a in ospf6_read_helper ospf6d/ospf6_message.c:1884 #5 0x55ad42d4c86a in ospf6_receive ospf6d/ospf6_message.c:1925 #6 0x55ad42ed7be4 in event_call lib/event.c:1995 #7 0x55ad42e1df75 in frr_run lib/libfrr.c:1213 #8 0x55ad42cf332e in main ospf6d/ospf6_main.c:250 #9 0x7f5798133c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Add an actual event pointer and just track it appropriately. Signed-off-by: Donald Sharp <sharpd@nvidia.com> (cherry picked from commit 77e838e)

The shallow copy of attr wasn't freed when there was no valid label for the momentand the function return therefore creating leaks. The leak below are solved by flushing the shallow copy of attr. Address Sanitizer Error detected in bgp_vpnv6_per_nexthop_label.test_bgp_vpnv6_per_nexthop_label/r1.asan.bgpd.13409 ================================================================= ==13409==ERROR: LeakSanitizer: detected memory leaks Direct leak of 280 byte(s) in 7 object(s) allocated from: #0 0x7f62cd0c9d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f62ccac21c3 in qcalloc lib/memory.c:105 #2 0x5623b8810dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252 #3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 #4 0x5623b88c13b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005 #5 0x5623b89beabc in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287 #6 0x5623b89beabc in af_label_vpn_export_allocation_mode_magic bgpd/bgp_vty.c:9464 #7 0x5623b89beabc in af_label_vpn_export_allocation_mode bgpd/bgp_vty_clippy.c:2809 #8 0x7f62cca45511 in cmd_execute_command_real lib/command.c:978 #9 0x7f62cca459d5 in cmd_execute_command lib/command.c:1036 #10 0x7f62cca45e54 in cmd_execute lib/command.c:1203 #11 0x7f62ccb6ee20 in vty_command lib/vty.c:591 #12 0x7f62ccb6f2cb in vty_execute lib/vty.c:1354 #13 0x7f62ccb77b95 in vtysh_read lib/vty.c:2362 #14 0x7f62ccb62b8f in event_call lib/event.c:1969 #15 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213 #16 0x5623b87e054b in main bgpd/bgp_main.c:510 #17 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 280 byte(s) in 7 object(s) allocated from: #0 0x7f62cd0c9d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f62ccac21c3 in qcalloc lib/memory.c:105 #2 0x5623b8810dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252 #3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 #4 0x5623b892e86d in bgp_update bgpd/bgp_route.c:4969 #5 0x5623b893134d in bgp_nlri_parse_ip bgpd/bgp_route.c:6213 #6 0x5623b88e2a0e in bgp_nlri_parse bgpd/bgp_packet.c:341 #7 0x5623b88e4f7c in bgp_update_receive bgpd/bgp_packet.c:2220 #8 0x5623b88f0474 in bgp_process_packet bgpd/bgp_packet.c:3386 #9 0x7f62ccb62b8f in event_call lib/event.c:1969 #10 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213 #11 0x5623b87e054b in main bgpd/bgp_main.c:510 #12 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 280 byte(s) in 7 object(s) allocated from: #0 0x7f62cd0c9d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f62ccac21c3 in qcalloc lib/memory.c:105 #2 0x5623b8810dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252 #3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 #4 0x5623b88c13b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005 #5 0x5623b89bdebb in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287 #6 0x5623b89bdebb in af_label_vpn_export_magic bgpd/bgp_vty.c:9547 #7 0x5623b89bdebb in af_label_vpn_export bgpd/bgp_vty_clippy.c:2868 #8 0x7f62cca45511 in cmd_execute_command_real lib/command.c:978 #9 0x7f62cca459d5 in cmd_execute_command lib/command.c:1036 #10 0x7f62cca45e54 in cmd_execute lib/command.c:1203 #11 0x7f62ccb6ee20 in vty_command lib/vty.c:591 #12 0x7f62ccb6f2cb in vty_execute lib/vty.c:1354 #13 0x7f62ccb77b95 in vtysh_read lib/vty.c:2362 #14 0x7f62ccb62b8f in event_call lib/event.c:1969 #15 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213 #16 0x5623b87e054b in main bgpd/bgp_main.c:510 #17 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 240 byte(s) in 6 object(s) allocated from: #0 0x7f62cd0c9d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f62ccac21c3 in qcalloc lib/memory.c:105 #2 0x5623b8810dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252 #3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 #4 0x5623b88dc289 in evaluate_paths bgpd/bgp_nht.c:1384 #5 0x5623b88ddb0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733 #6 0x5623b88de027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934 #7 0x5623b8a03163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104 #8 0x7f62ccb92d8a in zclient_read lib/zclient.c:4425 #9 0x7f62ccb62b8f in event_call lib/event.c:1969 #10 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213 #11 0x5623b87e054b in main bgpd/bgp_main.c:510 #12 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 120 byte(s) in 3 object(s) allocated from: #0 0x7f62cd0c9d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f62ccac21c3 in qcalloc lib/memory.c:105 #2 0x5623b8810dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252 #3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 #4 0x5623b893a406 in bgp_redistribute_add bgpd/bgp_route.c:8692 #5 0x5623b8a02b3b in zebra_read_route bgpd/bgp_zebra.c:595 #6 0x7f62ccb92d8a in zclient_read lib/zclient.c:4425 #7 0x7f62ccb62b8f in event_call lib/event.c:1969 #8 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213 #9 0x5623b87e054b in main bgpd/bgp_main.c:510 #10 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 80 byte(s) in 2 object(s) allocated from: #0 0x7f62cd0c9d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f62ccac21c3 in qcalloc lib/memory.c:105 #2 0x5623b8810dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252 #3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 #4 0x5623b88dc188 in evaluate_paths bgpd/bgp_nht.c:1348 #5 0x5623b88ddb0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733 #6 0x5623b88de027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934 #7 0x5623b8a03163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104 #8 0x7f62ccb92d8a in zclient_read lib/zclient.c:4425 #9 0x7f62ccb62b8f in event_call lib/event.c:1969 #10 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213 #11 0x5623b87e054b in main bgpd/bgp_main.c:510 #12 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 56 byte(s) in 7 object(s) allocated from: #0 0x7f62cd0c9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f62ccac1ee3 in qmalloc lib/memory.c:100 #2 0x5623b8810eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256 #3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 #4 0x5623b88c13b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005 #5 0x5623b89beabc in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287 #6 0x5623b89beabc in af_label_vpn_export_allocation_mode_magic bgpd/bgp_vty.c:9464 #7 0x5623b89beabc in af_label_vpn_export_allocation_mode bgpd/bgp_vty_clippy.c:2809 #8 0x7f62cca45511 in cmd_execute_command_real lib/command.c:978 #9 0x7f62cca459d5 in cmd_execute_command lib/command.c:1036 #10 0x7f62cca45e54 in cmd_execute lib/command.c:1203 #11 0x7f62ccb6ee20 in vty_command lib/vty.c:591 #12 0x7f62ccb6f2cb in vty_execute lib/vty.c:1354 #13 0x7f62ccb77b95 in vtysh_read lib/vty.c:2362 #14 0x7f62ccb62b8f in event_call lib/event.c:1969 #15 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213 #16 0x5623b87e054b in main bgpd/bgp_main.c:510 #17 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 56 byte(s) in 7 object(s) allocated from: #0 0x7f62cd0c9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f62ccac1ee3 in qmalloc lib/memory.c:100 #2 0x5623b8810eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256 #3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 #4 0x5623b892e86d in bgp_update bgpd/bgp_route.c:4969 #5 0x5623b893134d in bgp_nlri_parse_ip bgpd/bgp_route.c:6213 #6 0x5623b88e2a0e in bgp_nlri_parse bgpd/bgp_packet.c:341 #7 0x5623b88e4f7c in bgp_update_receive bgpd/bgp_packet.c:2220 #8 0x5623b88f0474 in bgp_process_packet bgpd/bgp_packet.c:3386 #9 0x7f62ccb62b8f in event_call lib/event.c:1969 #10 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213 #11 0x5623b87e054b in main bgpd/bgp_main.c:510 #12 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 56 byte(s) in 7 object(s) allocated from: #0 0x7f62cd0c9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f62ccac1ee3 in qmalloc lib/memory.c:100 #2 0x5623b8810eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256 #3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 #4 0x5623b88c13b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005 #5 0x5623b89bdebb in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287 #6 0x5623b89bdebb in af_label_vpn_export_magic bgpd/bgp_vty.c:9547 #7 0x5623b89bdebb in af_label_vpn_export bgpd/bgp_vty_clippy.c:2868 #8 0x7f62cca45511 in cmd_execute_command_real lib/command.c:978 #9 0x7f62cca459d5 in cmd_execute_command lib/command.c:1036 #10 0x7f62cca45e54 in cmd_execute lib/command.c:1203 #11 0x7f62ccb6ee20 in vty_command lib/vty.c:591 #12 0x7f62ccb6f2cb in vty_execute lib/vty.c:1354 #13 0x7f62ccb77b95 in vtysh_read lib/vty.c:2362 #14 0x7f62ccb62b8f in event_call lib/event.c:1969 #15 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213 #16 0x5623b87e054b in main bgpd/bgp_main.c:510 #17 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 48 byte(s) in 6 object(s) allocated from: #0 0x7f62cd0c9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f62ccac1ee3 in qmalloc lib/memory.c:100 #2 0x5623b8810eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256 #3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 #4 0x5623b88dc289 in evaluate_paths bgpd/bgp_nht.c:1384 #5 0x5623b88ddb0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733 #6 0x5623b88de027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934 #7 0x5623b8a03163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104 #8 0x7f62ccb92d8a in zclient_read lib/zclient.c:4425 #9 0x7f62ccb62b8f in event_call lib/event.c:1969 #10 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213 #11 0x5623b87e054b in main bgpd/bgp_main.c:510 #12 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 24 byte(s) in 3 object(s) allocated from: #0 0x7f62cd0c9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f62ccac1ee3 in qmalloc lib/memory.c:100 #2 0x5623b8810eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256 #3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 #4 0x5623b893a406 in bgp_redistribute_add bgpd/bgp_route.c:8692 #5 0x5623b8a02b3b in zebra_read_route bgpd/bgp_zebra.c:595 #6 0x7f62ccb92d8a in zclient_read lib/zclient.c:4425 #7 0x7f62ccb62b8f in event_call lib/event.c:1969 #8 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213 #9 0x5623b87e054b in main bgpd/bgp_main.c:510 #10 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 16 byte(s) in 2 object(s) allocated from: #0 0x7f62cd0c9b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f62ccac1ee3 in qmalloc lib/memory.c:100 #2 0x5623b8810eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256 #3 0x5623b88be8eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 #4 0x5623b88dc188 in evaluate_paths bgpd/bgp_nht.c:1348 #5 0x5623b88ddb0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733 #6 0x5623b88de027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934 #7 0x5623b8a03163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104 #8 0x7f62ccb92d8a in zclient_read lib/zclient.c:4425 #9 0x7f62ccb62b8f in event_call lib/event.c:1969 #10 0x7f62ccaa5462 in frr_run lib/libfrr.c:1213 #11 0x5623b87e054b in main bgpd/bgp_main.c:510 #12 0x7f62cbae7c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) SUMMARY: AddressSanitizer: 1536 byte(s) leaked in 64 allocation(s). *********************************************************************************** Address Sanitizer Error detected in bgp_vpnv4_per_nexthop_label.test_bgp_vpnv4_per_nexthop_label/r1.asan.bgpd.10610 ================================================================= ==10610==ERROR: LeakSanitizer: detected memory leaks Direct leak of 280 byte(s) in 7 object(s) allocated from: #0 0x7f81fc562d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f81fbf5b1c3 in qcalloc lib/memory.c:105 #2 0x55cdc9b28dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252 #3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 #4 0x55cdc9c4686d in bgp_update bgpd/bgp_route.c:4969 #5 0x55cdc9c4934d in bgp_nlri_parse_ip bgpd/bgp_route.c:6213 #6 0x55cdc9bfaa0e in bgp_nlri_parse bgpd/bgp_packet.c:341 #7 0x55cdc9bfcf7c in bgp_update_receive bgpd/bgp_packet.c:2220 #8 0x55cdc9c08474 in bgp_process_packet bgpd/bgp_packet.c:3386 #9 0x7f81fbffbb8f in event_call lib/event.c:1969 #10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213 #11 0x55cdc9af854b in main bgpd/bgp_main.c:510 #12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 280 byte(s) in 7 object(s) allocated from: #0 0x7f81fc562d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f81fbf5b1c3 in qcalloc lib/memory.c:105 #2 0x55cdc9b28dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252 #3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 #4 0x55cdc9bd93b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005 #5 0x55cdc9cd6abc in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287 #6 0x55cdc9cd6abc in af_label_vpn_export_allocation_mode_magic bgpd/bgp_vty.c:9464 #7 0x55cdc9cd6abc in af_label_vpn_export_allocation_mode bgpd/bgp_vty_clippy.c:2809 #8 0x7f81fbede511 in cmd_execute_command_real lib/command.c:978 #9 0x7f81fbede9d5 in cmd_execute_command lib/command.c:1036 #10 0x7f81fbedee54 in cmd_execute lib/command.c:1203 #11 0x7f81fc007e20 in vty_command lib/vty.c:591 #12 0x7f81fc0082cb in vty_execute lib/vty.c:1354 #13 0x7f81fc010b95 in vtysh_read lib/vty.c:2362 #14 0x7f81fbffbb8f in event_call lib/event.c:1969 #15 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213 #16 0x55cdc9af854b in main bgpd/bgp_main.c:510 #17 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 280 byte(s) in 7 object(s) allocated from: #0 0x7f81fc562d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f81fbf5b1c3 in qcalloc lib/memory.c:105 #2 0x55cdc9b28dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252 #3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 #4 0x55cdc9bd93b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005 #5 0x55cdc9cd5ebb in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287 #6 0x55cdc9cd5ebb in af_label_vpn_export_magic bgpd/bgp_vty.c:9547 #7 0x55cdc9cd5ebb in af_label_vpn_export bgpd/bgp_vty_clippy.c:2868 #8 0x7f81fbede511 in cmd_execute_command_real lib/command.c:978 #9 0x7f81fbede9d5 in cmd_execute_command lib/command.c:1036 #10 0x7f81fbedee54 in cmd_execute lib/command.c:1203 #11 0x7f81fc007e20 in vty_command lib/vty.c:591 #12 0x7f81fc0082cb in vty_execute lib/vty.c:1354 #13 0x7f81fc010b95 in vtysh_read lib/vty.c:2362 #14 0x7f81fbffbb8f in event_call lib/event.c:1969 #15 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213 #16 0x55cdc9af854b in main bgpd/bgp_main.c:510 #17 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 240 byte(s) in 6 object(s) allocated from: #0 0x7f81fc562d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f81fbf5b1c3 in qcalloc lib/memory.c:105 #2 0x55cdc9b28dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252 #3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 #4 0x55cdc9bf4289 in evaluate_paths bgpd/bgp_nht.c:1384 #5 0x55cdc9bf5b0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733 #6 0x55cdc9bf6027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934 #7 0x55cdc9d1b163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104 #8 0x7f81fc02bd8a in zclient_read lib/zclient.c:4425 #9 0x7f81fbffbb8f in event_call lib/event.c:1969 #10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213 #11 0x55cdc9af854b in main bgpd/bgp_main.c:510 #12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 80 byte(s) in 2 object(s) allocated from: #0 0x7f81fc562d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f81fbf5b1c3 in qcalloc lib/memory.c:105 #2 0x55cdc9b28dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252 #3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 #4 0x55cdc9bf4188 in evaluate_paths bgpd/bgp_nht.c:1348 #5 0x55cdc9bf5b0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733 #6 0x55cdc9bf6027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934 #7 0x55cdc9d1b163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104 #8 0x7f81fc02bd8a in zclient_read lib/zclient.c:4425 #9 0x7f81fbffbb8f in event_call lib/event.c:1969 #10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213 #11 0x55cdc9af854b in main bgpd/bgp_main.c:510 #12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 80 byte(s) in 2 object(s) allocated from: #0 0x7f81fc562d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f81fbf5b1c3 in qcalloc lib/memory.c:105 #2 0x55cdc9b28dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252 #3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 #4 0x55cdc9bd93b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005 #5 0x55cdc9bdafd5 in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287 #6 0x55cdc9bdafd5 in vpn_leak_label_callback bgpd/bgp_mplsvpn.c:581 #7 0x55cdc9bb2606 in lp_cbq_docallback bgpd/bgp_labelpool.c:118 #8 0x7f81fc0164b5 in work_queue_run lib/workqueue.c:266 #9 0x7f81fbffbb8f in event_call lib/event.c:1969 #10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213 #11 0x55cdc9af854b in main bgpd/bgp_main.c:510 #12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 40 byte(s) in 1 object(s) allocated from: #0 0x7f81fc562d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7f81fbf5b1c3 in qcalloc lib/memory.c:105 #2 0x55cdc9b28dc8 in ecommunity_dup bgpd/bgp_ecommunity.c:252 #3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 #4 0x55cdc9c52406 in bgp_redistribute_add bgpd/bgp_route.c:8692 #5 0x55cdc9d1ab3b in zebra_read_route bgpd/bgp_zebra.c:595 #6 0x7f81fc02bd8a in zclient_read lib/zclient.c:4425 #7 0x7f81fbffbb8f in event_call lib/event.c:1969 #8 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213 #9 0x55cdc9af854b in main bgpd/bgp_main.c:510 #10 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 56 byte(s) in 7 object(s) allocated from: #0 0x7f81fc562b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f81fbf5aee3 in qmalloc lib/memory.c:100 #2 0x55cdc9b28eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256 #3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 #4 0x55cdc9bd93b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005 #5 0x55cdc9cd6abc in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287 #6 0x55cdc9cd6abc in af_label_vpn_export_allocation_mode_magic bgpd/bgp_vty.c:9464 #7 0x55cdc9cd6abc in af_label_vpn_export_allocation_mode bgpd/bgp_vty_clippy.c:2809 #8 0x7f81fbede511 in cmd_execute_command_real lib/command.c:978 #9 0x7f81fbede9d5 in cmd_execute_command lib/command.c:1036 #10 0x7f81fbedee54 in cmd_execute lib/command.c:1203 #11 0x7f81fc007e20 in vty_command lib/vty.c:591 #12 0x7f81fc0082cb in vty_execute lib/vty.c:1354 #13 0x7f81fc010b95 in vtysh_read lib/vty.c:2362 #14 0x7f81fbffbb8f in event_call lib/event.c:1969 #15 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213 #16 0x55cdc9af854b in main bgpd/bgp_main.c:510 #17 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 56 byte(s) in 7 object(s) allocated from: #0 0x7f81fc562b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f81fbf5aee3 in qmalloc lib/memory.c:100 #2 0x55cdc9b28eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256 #3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 #4 0x55cdc9bd93b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005 #5 0x55cdc9cd5ebb in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287 #6 0x55cdc9cd5ebb in af_label_vpn_export_magic bgpd/bgp_vty.c:9547 #7 0x55cdc9cd5ebb in af_label_vpn_export bgpd/bgp_vty_clippy.c:2868 #8 0x7f81fbede511 in cmd_execute_command_real lib/command.c:978 #9 0x7f81fbede9d5 in cmd_execute_command lib/command.c:1036 #10 0x7f81fbedee54 in cmd_execute lib/command.c:1203 #11 0x7f81fc007e20 in vty_command lib/vty.c:591 #12 0x7f81fc0082cb in vty_execute lib/vty.c:1354 #13 0x7f81fc010b95 in vtysh_read lib/vty.c:2362 #14 0x7f81fbffbb8f in event_call lib/event.c:1969 #15 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213 #16 0x55cdc9af854b in main bgpd/bgp_main.c:510 #17 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 56 byte(s) in 7 object(s) allocated from: #0 0x7f81fc562b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f81fbf5aee3 in qmalloc lib/memory.c:100 #2 0x55cdc9b28eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256 #3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 #4 0x55cdc9c4686d in bgp_update bgpd/bgp_route.c:4969 #5 0x55cdc9c4934d in bgp_nlri_parse_ip bgpd/bgp_route.c:6213 #6 0x55cdc9bfaa0e in bgp_nlri_parse bgpd/bgp_packet.c:341 #7 0x55cdc9bfcf7c in bgp_update_receive bgpd/bgp_packet.c:2220 #8 0x55cdc9c08474 in bgp_process_packet bgpd/bgp_packet.c:3386 #9 0x7f81fbffbb8f in event_call lib/event.c:1969 #10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213 #11 0x55cdc9af854b in main bgpd/bgp_main.c:510 #12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 48 byte(s) in 6 object(s) allocated from: #0 0x7f81fc562b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f81fbf5aee3 in qmalloc lib/memory.c:100 #2 0x55cdc9b28eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256 #3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 #4 0x55cdc9bf4289 in evaluate_paths bgpd/bgp_nht.c:1384 #5 0x55cdc9bf5b0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733 #6 0x55cdc9bf6027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934 #7 0x55cdc9d1b163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104 #8 0x7f81fc02bd8a in zclient_read lib/zclient.c:4425 #9 0x7f81fbffbb8f in event_call lib/event.c:1969 #10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213 #11 0x55cdc9af854b in main bgpd/bgp_main.c:510 #12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 16 byte(s) in 2 object(s) allocated from: #0 0x7f81fc562b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f81fbf5aee3 in qmalloc lib/memory.c:100 #2 0x55cdc9b28eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256 #3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 #4 0x55cdc9bf4188 in evaluate_paths bgpd/bgp_nht.c:1348 #5 0x55cdc9bf5b0b in bgp_process_nexthop_update bgpd/bgp_nht.c:733 #6 0x55cdc9bf6027 in bgp_parse_nexthop_update bgpd/bgp_nht.c:934 #7 0x55cdc9d1b163 in bgp_read_nexthop_update bgpd/bgp_zebra.c:104 #8 0x7f81fc02bd8a in zclient_read lib/zclient.c:4425 #9 0x7f81fbffbb8f in event_call lib/event.c:1969 #10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213 #11 0x55cdc9af854b in main bgpd/bgp_main.c:510 #12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 16 byte(s) in 2 object(s) allocated from: #0 0x7f81fc562b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f81fbf5aee3 in qmalloc lib/memory.c:100 #2 0x55cdc9b28eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256 #3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 #4 0x55cdc9bd93b3 in vpn_leak_from_vrf_update_all bgpd/bgp_mplsvpn.c:2005 #5 0x55cdc9bdafd5 in vpn_leak_postchange bgpd/bgp_mplsvpn.h:287 #6 0x55cdc9bdafd5 in vpn_leak_label_callback bgpd/bgp_mplsvpn.c:581 #7 0x55cdc9bb2606 in lp_cbq_docallback bgpd/bgp_labelpool.c:118 #8 0x7f81fc0164b5 in work_queue_run lib/workqueue.c:266 #9 0x7f81fbffbb8f in event_call lib/event.c:1969 #10 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213 #11 0x55cdc9af854b in main bgpd/bgp_main.c:510 #12 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 8 byte(s) in 1 object(s) allocated from: #0 0x7f81fc562b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7f81fbf5aee3 in qmalloc lib/memory.c:100 #2 0x55cdc9b28eb8 in ecommunity_dup bgpd/bgp_ecommunity.c:256 #3 0x55cdc9bd68eb in vpn_leak_from_vrf_update bgpd/bgp_mplsvpn.c:1628 #4 0x55cdc9c52406 in bgp_redistribute_add bgpd/bgp_route.c:8692 #5 0x55cdc9d1ab3b in zebra_read_route bgpd/bgp_zebra.c:595 #6 0x7f81fc02bd8a in zclient_read lib/zclient.c:4425 #7 0x7f81fbffbb8f in event_call lib/event.c:1969 #8 0x7f81fbf3e462 in frr_run lib/libfrr.c:1213 #9 0x55cdc9af854b in main bgpd/bgp_main.c:510 #10 0x7f81faf80c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) SUMMARY: AddressSanitizer: 1536 byte(s) leaked in 64 allocation(s). *********************************************************************************** Signed-off-by: ryndia <dindyalsarvesh@gmail.com>

The loading_done event needs a event pointer to prevent use after free's. Testing found this: ERROR: AddressSanitizer: heap-use-after-free on address 0x613000035130 at pc 0x55ad42d54e5f bp 0x7ffff1e942a0 sp 0x7ffff1e94290 READ of size 1 at 0x613000035130 thread T0 #0 0x55ad42d54e5e in loading_done ospf6d/ospf6_neighbor.c:447 #1 0x55ad42ed7be4 in event_call lib/event.c:1995 #2 0x55ad42e1df75 in frr_run lib/libfrr.c:1213 #3 0x55ad42cf332e in main ospf6d/ospf6_main.c:250 #4 0x7f5798133c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) #5 0x55ad42cf2b19 in _start (/usr/lib/frr/ospf6d+0x248b19) 0x613000035130 is located 48 bytes inside of 384-byte region [0x613000035100,0x613000035280) freed by thread T0 here: #0 0x7f57998d77a8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7a8) #1 0x55ad42e3b4b6 in qfree lib/memory.c:130 #2 0x55ad42d5d049 in ospf6_neighbor_delete ospf6d/ospf6_neighbor.c:180 #3 0x55ad42d1e1ea in interface_down ospf6d/ospf6_interface.c:930 #4 0x55ad42ed7be4 in event_call lib/event.c:1995 #5 0x55ad42ed84fe in _event_execute lib/event.c:2086 #6 0x55ad42d26d7b in ospf6_interface_clear ospf6d/ospf6_interface.c:2847 #7 0x55ad42d73f16 in ospf6_process_reset ospf6d/ospf6_top.c:755 #8 0x55ad42d7e98c in clear_router_ospf6_magic ospf6d/ospf6_top.c:778 #9 0x55ad42d7e98c in clear_router_ospf6 ospf6d/ospf6_top_clippy.c:42 #10 0x55ad42dc2665 in cmd_execute_command_real lib/command.c:994 #11 0x55ad42dc2b32 in cmd_execute_command lib/command.c:1053 #12 0x55ad42dc2fa9 in cmd_execute lib/command.c:1221 #13 0x55ad42ee3cd6 in vty_command lib/vty.c:591 #14 0x55ad42ee4170 in vty_execute lib/vty.c:1354 #15 0x55ad42eec94f in vtysh_read lib/vty.c:2362 #16 0x55ad42ed7be4 in event_call lib/event.c:1995 #17 0x55ad42e1df75 in frr_run lib/libfrr.c:1213 #18 0x55ad42cf332e in main ospf6d/ospf6_main.c:250 #19 0x7f5798133c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) previously allocated by thread T0 here: #0 0x7f57998d7d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x55ad42e3ab22 in qcalloc lib/memory.c:105 #2 0x55ad42d5c8ff in ospf6_neighbor_create ospf6d/ospf6_neighbor.c:119 #3 0x55ad42d4c86a in ospf6_hello_recv ospf6d/ospf6_message.c:464 #4 0x55ad42d4c86a in ospf6_read_helper ospf6d/ospf6_message.c:1884 #5 0x55ad42d4c86a in ospf6_receive ospf6d/ospf6_message.c:1925 #6 0x55ad42ed7be4 in event_call lib/event.c:1995 #7 0x55ad42e1df75 in frr_run lib/libfrr.c:1213 #8 0x55ad42cf332e in main ospf6d/ospf6_main.c:250 #9 0x7f5798133c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Add an actual event pointer and just track it appropriately. Signed-off-by: Donald Sharp <sharpd@nvidia.com> Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>

The function aspath_remove_private_asns was using an aspath to perform some operation and didnt free it after usage leading to the leak below. *********************************************************************************** Address Sanitizer Error detected in bgp_remove_private_as_route_map.test_bgp_remove_private_as_route_map/r2.asan.bgpd.27074 ================================================================= ==27074==ERROR: LeakSanitizer: detected memory leaks Direct leak of 80 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7fd0a45932ff in qcalloc lib/memory.c:105 #2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689 #3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283 #4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 #5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 #6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 #7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 #8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 #9 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368 #10 0x7fd0a463322a in event_call lib/event.c:1970 #11 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 #12 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 #13 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Direct leak of 80 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7fd0a45932ff in qcalloc lib/memory.c:105 #2 0x562b630b44cc in aspath_dup bgpd/bgp_aspath.c:689 #3 0x562b62f48498 in route_set_aspath_prepend bgpd/bgp_routemap.c:2283 #4 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 #5 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 #6 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 #7 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 #8 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 #9 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685 #10 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721 #11 0x7fd0a455a7aa in hash_walk lib/hash.c:270 #12 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062 #13 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071 #14 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769 #15 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501 #16 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683 #17 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870 #18 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695 #19 0x7fd0a463322a in event_call lib/event.c:1970 #20 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 #21 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 #22 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 64 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7fd0a459301f in qmalloc lib/memory.c:100 #2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551 #3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659 #4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484 #5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289 #6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 #7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 #8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 #9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 #10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 #11 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368 #12 0x7fd0a463322a in event_call lib/event.c:1970 #13 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 #14 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 #15 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 64 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7fd0a459301f in qmalloc lib/memory.c:100 #2 0x562b630b313f in aspath_make_str_count bgpd/bgp_aspath.c:551 #3 0x562b630b3ecf in aspath_str_update bgpd/bgp_aspath.c:659 #4 0x562b630b88b7 in aspath_prepend bgpd/bgp_aspath.c:1484 #5 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289 #6 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 #7 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 #8 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 #9 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 #10 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 #11 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685 #12 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721 #13 0x7fd0a455a7aa in hash_walk lib/hash.c:270 #14 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062 #15 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071 #16 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769 #17 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501 #18 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683 #19 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870 #20 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695 #21 0x7fd0a463322a in event_call lib/event.c:1970 #22 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 #23 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 #24 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 48 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7fd0a45932ff in qcalloc lib/memory.c:105 #2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105 #3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145 #4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162 #5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483 #6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289 #7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 #8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 #9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 #10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 #11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 #12 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685 #13 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721 #14 0x7fd0a455a7aa in hash_walk lib/hash.c:270 #15 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062 #16 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071 #17 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769 #18 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501 #19 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683 #20 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870 #21 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695 #22 0x7fd0a463322a in event_call lib/event.c:1970 #23 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 #24 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 #25 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 48 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x7fd0a45932ff in qcalloc lib/memory.c:105 #2 0x562b630b280d in assegment_new bgpd/bgp_aspath.c:105 #3 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145 #4 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162 #5 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483 #6 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289 #7 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 #8 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 #9 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 #10 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 #11 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 #12 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368 #13 0x7fd0a463322a in event_call lib/event.c:1970 #14 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 #15 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 #16 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 16 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7fd0a459301f in qmalloc lib/memory.c:100 #2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83 #3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108 #4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145 #5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162 #6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483 #7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289 #8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 #9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 #10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 #11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 #12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 #13 0x562b62f6ae90 in subgroup_coalesce_timer bgpd/bgp_updgrp_adv.c:368 #14 0x7fd0a463322a in event_call lib/event.c:1970 #15 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 #16 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 #17 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Indirect leak of 16 byte(s) in 2 object(s) allocated from: #0 0x7fd0a4b95b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40) #1 0x7fd0a459301f in qmalloc lib/memory.c:100 #2 0x562b630b2879 in assegment_data_new bgpd/bgp_aspath.c:83 #3 0x562b630b2879 in assegment_new bgpd/bgp_aspath.c:108 #4 0x562b630b28f7 in assegment_dup bgpd/bgp_aspath.c:145 #5 0x562b630b29e8 in assegment_dup_all bgpd/bgp_aspath.c:162 #6 0x562b630b8895 in aspath_prepend bgpd/bgp_aspath.c:1483 #7 0x562b62f484a8 in route_set_aspath_prepend bgpd/bgp_routemap.c:2289 #8 0x7fd0a45ec39a in route_map_apply_ext lib/routemap.c:2690 #9 0x562b62efbb1f in subgroup_announce_check bgpd/bgp_route.c:2434 #10 0x562b62efd4e2 in subgroup_process_announce_selected bgpd/bgp_route.c:2990 #11 0x562b62f6a829 in subgroup_announce_table bgpd/bgp_updgrp_adv.c:765 #12 0x562b62f6acbb in subgroup_announce_route bgpd/bgp_updgrp_adv.c:818 #13 0x562b62f5b844 in updgrp_policy_update_walkcb bgpd/bgp_updgrp.c:1685 #14 0x562b62f59442 in update_group_walkcb bgpd/bgp_updgrp.c:1721 #15 0x7fd0a455a7aa in hash_walk lib/hash.c:270 #16 0x562b62f64a48 in update_group_af_walk bgpd/bgp_updgrp.c:2062 #17 0x562b62f6508c in update_group_walk bgpd/bgp_updgrp.c:2071 #18 0x562b62f6520c in update_group_policy_update bgpd/bgp_updgrp.c:1769 #19 0x562b62f4c2be in bgp_route_map_process_update bgpd/bgp_routemap.c:4501 #20 0x562b62f4d81a in bgp_route_map_process_update_cb bgpd/bgp_routemap.c:4683 #21 0x7fd0a45ed7e8 in route_map_walk_update_list lib/routemap.c:870 #22 0x562b62f337a2 in bgp_route_map_update_timer bgpd/bgp_routemap.c:4695 #23 0x7fd0a463322a in event_call lib/event.c:1970 #24 0x7fd0a4576566 in frr_run lib/libfrr.c:1214 #25 0x562b62dbd8f1 in main bgpd/bgp_main.c:510 #26 0x7fd0a35b8c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) SUMMARY: AddressSanitizer: 416 byte(s) leaked in 16 allocation(s). *********************************************************************************** Signed-off-by: ryndia <dindyalsarvesh@gmail.com>

The loading_done event needs a event pointer to prevent use after free's. Testing found this: ERROR: AddressSanitizer: heap-use-after-free on address 0x613000035130 at pc 0x55ad42d54e5f bp 0x7ffff1e942a0 sp 0x7ffff1e94290 READ of size 1 at 0x613000035130 thread T0 #0 0x55ad42d54e5e in loading_done ospf6d/ospf6_neighbor.c:447 #1 0x55ad42ed7be4 in event_call lib/event.c:1995 #2 0x55ad42e1df75 in frr_run lib/libfrr.c:1213 #3 0x55ad42cf332e in main ospf6d/ospf6_main.c:250 #4 0x7f5798133c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) #5 0x55ad42cf2b19 in _start (/usr/lib/frr/ospf6d+0x248b19) 0x613000035130 is located 48 bytes inside of 384-byte region [0x613000035100,0x613000035280) freed by thread T0 here: #0 0x7f57998d77a8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7a8) #1 0x55ad42e3b4b6 in qfree lib/memory.c:130 #2 0x55ad42d5d049 in ospf6_neighbor_delete ospf6d/ospf6_neighbor.c:180 #3 0x55ad42d1e1ea in interface_down ospf6d/ospf6_interface.c:930 #4 0x55ad42ed7be4 in event_call lib/event.c:1995 #5 0x55ad42ed84fe in _event_execute lib/event.c:2086 #6 0x55ad42d26d7b in ospf6_interface_clear ospf6d/ospf6_interface.c:2847 #7 0x55ad42d73f16 in ospf6_process_reset ospf6d/ospf6_top.c:755 #8 0x55ad42d7e98c in clear_router_ospf6_magic ospf6d/ospf6_top.c:778 #9 0x55ad42d7e98c in clear_router_ospf6 ospf6d/ospf6_top_clippy.c:42 #10 0x55ad42dc2665 in cmd_execute_command_real lib/command.c:994 #11 0x55ad42dc2b32 in cmd_execute_command lib/command.c:1053 #12 0x55ad42dc2fa9 in cmd_execute lib/command.c:1221 #13 0x55ad42ee3cd6 in vty_command lib/vty.c:591 #14 0x55ad42ee4170 in vty_execute lib/vty.c:1354 #15 0x55ad42eec94f in vtysh_read lib/vty.c:2362 #16 0x55ad42ed7be4 in event_call lib/event.c:1995 #17 0x55ad42e1df75 in frr_run lib/libfrr.c:1213 #18 0x55ad42cf332e in main ospf6d/ospf6_main.c:250 #19 0x7f5798133c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) previously allocated by thread T0 here: #0 0x7f57998d7d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28) #1 0x55ad42e3ab22 in qcalloc lib/memory.c:105 #2 0x55ad42d5c8ff in ospf6_neighbor_create ospf6d/ospf6_neighbor.c:119 #3 0x55ad42d4c86a in ospf6_hello_recv ospf6d/ospf6_message.c:464 #4 0x55ad42d4c86a in ospf6_read_helper ospf6d/ospf6_message.c:1884 #5 0x55ad42d4c86a in ospf6_receive ospf6d/ospf6_message.c:1925 #6 0x55ad42ed7be4 in event_call lib/event.c:1995 #7 0x55ad42e1df75 in frr_run lib/libfrr.c:1213 #8 0x55ad42cf332e in main ospf6d/ospf6_main.c:250 #9 0x7f5798133c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) Add an actual event pointer and just track it appropriately. Signed-off-by: Donald Sharp <sharpd@nvidia.com>

Fix the following crash when logging from rpki_create_socket(): > #0 raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50 > #1 0x00007f6e21723798 in core_handler (signo=6, siginfo=0x7f6e1e502ef0, context=0x7f6e1e502dc0) at lib/sigevent.c:248 > #2 <signal handler called> > #3 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 > #4 0x00007f6e2144e537 in __GI_abort () at abort.c:79 > #5 0x00007f6e2176348e in _zlog_assert_failed (xref=0x7f6e2180c920 <_xref.16>, extra=0x0) at lib/zlog.c:670 > #6 0x00007f6e216b1eda in rcu_read_lock () at lib/frrcu.c:294 > #7 0x00007f6e21762da8 in vzlog_notls (xref=0x0, prio=2, fmt=0x7f6e217afe50 "%s:%d: %s(): assertion (%s) failed", ap=0x7f6e1e504248) at lib/zlog.c:425 > #8 0x00007f6e217632fb in vzlogx (xref=0x0, prio=2, fmt=0x7f6e217afe50 "%s:%d: %s(): assertion (%s) failed", ap=0x7f6e1e504248) at lib/zlog.c:627 > #9 0x00007f6e217621f5 in zlog (prio=2, fmt=0x7f6e217afe50 "%s:%d: %s(): assertion (%s) failed") at lib/zlog.h:73 > #10 0x00007f6e21763596 in _zlog_assert_failed (xref=0x7f6e2180c920 <_xref.16>, extra=0x0) at lib/zlog.c:687 > #11 0x00007f6e216b1eda in rcu_read_lock () at lib/frrcu.c:294 > #12 0x00007f6e21762da8 in vzlog_notls (xref=0x7f6e21a50040 <_xref.68>, prio=4, fmt=0x7f6e21a4999f "getaddrinfo: debug", ap=0x7f6e1e504878) at lib/zlog.c:425 > #13 0x00007f6e217632fb in vzlogx (xref=0x7f6e21a50040 <_xref.68>, prio=4, fmt=0x7f6e21a4999f "getaddrinfo: debug", ap=0x7f6e1e504878) at lib/zlog.c:627 > #14 0x00007f6e21a3f774 in zlog_ref (xref=0x7f6e21a50040 <_xref.68>, fmt=0x7f6e21a4999f "getaddrinfo: debug") at ./lib/zlog.h:84 > #15 0x00007f6e21a451b2 in rpki_create_socket (_cache=0x55729149cc30) at bgpd/bgp_rpki.c:1337 > #16 0x00007f6e2120e7b7 in tr_tcp_open (tr_socket=0x5572914d1520) at rtrlib/rtrlib/transport/tcp/tcp_transport.c:111 > #17 0x00007f6e2120e212 in tr_open (socket=0x5572914b5e00) at rtrlib/rtrlib/transport/transport.c:16 > #18 0x00007f6e2120faa2 in rtr_fsm_start (rtr_socket=0x557290e17180) at rtrlib/rtrlib/rtr/rtr.c:130 > #19 0x00007f6e218b7ea7 in start_thread (arg=<optimized out>) at pthread_create.c:477 > #20 0x00007f6e21527a2f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 rpki_create_socket() is a hook function called from the rtrlib library. The issue arises because rtrlib initiates its own separate pthread in which it runs the hook, which does not establish an FRR RCU context. Consequently, this leads to failures in the logging mechanism that relies on RCU. Initialize a new FRR pthread context from the rtrlib pthread with a valid RCU context to allow logging from the rpki_create_socket() and dependent functions. Link: FRRouting#15260 Fixes: a951752 ("bgpd: create cache server socket in vrf") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

router bgp 65001 no bgp ebgp-requires-policy neighbor 192.168.1.2 remote-as external neighbor 192.168.1.2 timers 3 10 address-family ipv4 unicast neighbor 192.168.1.2 route-map r2 in exit-address-family ! ip prefix-list p1 seq 5 permit 172.16.255.31/32 ! route-map r2 permit 10 match ip address prefix-list p1 set as-path exclude 65003 route-map r2 permit 20 set as-path exclude all ! we make the following commands bgp as-path access-list FIRST permit ^65 bgp as-path access-list SECOND permit 2 route-map r2 permit 6 set as-path exclude as-path-access-list SECOND and then no bgp as-path access-list SECOND permit 2 clear bgp * we have the following crash in bgp Stack trace of thread 536083: #0 0x00007f87f8aacfe1 raise (libpthread.so.0 + 0x12fe1) #1 0x00007f87f8cf6870 core_handler (libfrr.so.0 + 0xf6870) #2 0x00007f87f8aad140 __restore_rt (libpthread.so.0 + 0x13140) #3 0x00007f87f89a5122 __GI___regexec (libc.so.6 + 0xdf122) #4 0x000055d7f198b4a7 aspath_filter_exclude_acl (bgpd + 0x2054a7) #5 0x000055d7f1902187 route_set_aspath_exclude (bgpd + 0x17c187) #6 0x00007f87f8ce54b0 route_map_apply_ext (libfrr.so.0 + 0xe54b0) #7 0x000055d7f18da925 bgp_input_modifier (bgpd + 0x154925) #8 0x000055d7f18e0647 bgp_update (bgpd + 0x15a647) #9 0x000055d7f18e4772 bgp_nlri_parse_ip (bgpd + 0x15e772) #10 0x000055d7f18c38ae bgp_nlri_parse (bgpd + 0x13d8ae) #11 0x000055d7f18c6b7a bgp_update_receive (bgpd + 0x140b7a) #12 0x000055d7f18c8ff3 bgp_process_packet (bgpd + 0x142ff3) #13 0x00007f87f8d0dce0 thread_call (libfrr.so.0 + 0x10dce0) #14 0x00007f87f8cacb28 frr_run (libfrr.so.0 + 0xacb28) #15 0x000055d7f18435da main (bgpd + 0xbd5da) #16 0x00007f87f88e9d0a __libc_start_main (libc.so.6 + 0x23d0a) #17 0x000055d7f18415fa _start (bgpd + 0xbb5fa) analysis crash is due to the fact that there were always a pointer from as-path exclude to deleted as-path access list. fix we add a backpointer mechanism to manage the dependency beetween as-path access-list and aspath exclude. Signed-off-by: Francois Dumontet <francois.dumontet@6wind.com>

Fix a crash when doing "show isis database detail json" in isis_srv6_topo1 topotest. > #0 raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50 > #1 0x00007fad89524e2c in core_handler (signo=6, siginfo=0x7ffe86a4b8b0, context=0x7ffe86a4b780) at lib/sigevent.c:258 > #2 <signal handler called> > #3 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 > #4 0x00007fad8904e537 in __GI_abort () at abort.c:79 > #5 0x00007fad8904e40f in __assert_fail_base (fmt=0x7fad891c5688 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x7fad8a3e70e8 "json_object_get_type(jso) == json_type_object", > file=0x7fad8a3e7064 "./json_object.c", line=590, function=<optimized out>) at assert.c:92 > #6 0x00007fad8905d662 in __GI___assert_fail (assertion=0x7fad8a3e70e8 "json_object_get_type(jso) == json_type_object", file=0x7fad8a3e7064 "./json_object.c", line=590, > function=0x7fad8a3e7440 "json_object_object_add_ex") at assert.c:101 > #7 0x00007fad8a3dfe93 in json_object_object_add_ex () from /lib/x86_64-linux-gnu/libjson-c.so.5 > #8 0x000055708e3f8f7f in format_subsubtlv_srv6_sid_structure (sid_struct=0x602000172b70, buf=0x0, json=0x6040000a21d0, indent=6) at isisd/isis_tlvs.c:2880 > #9 0x000055708e3f9acb in isis_format_subsubtlvs (subsubtlvs=0x602000172b50, buf=0x0, json=0x6040000a21d0, indent=6) at isisd/isis_tlvs.c:3022 > #10 0x000055708e3eefb0 in format_item_ext_subtlvs (exts=0x614000047440, buf=0x0, json=0x6040000a2190, indent=2, mtid=2) at isisd/isis_tlvs.c:1313 > #11 0x000055708e3fd599 in format_item_extended_reach (mtid=2, i=0x60300015aed0, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:3763 > #12 0x000055708e40d46a in format_item (mtid=2, context=ISIS_CONTEXT_LSP, type=ISIS_TLV_MT_REACH, i=0x60300015aed0, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:6789 > #13 0x000055708e40d4fc in format_items_ (mtid=2, context=ISIS_CONTEXT_LSP, type=ISIS_TLV_MT_REACH, items=0x60600021d160, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:6804 > #14 0x000055708e40edbc in format_mt_items (context=ISIS_CONTEXT_LSP, type=ISIS_TLV_MT_REACH, m=0x6180000845d8, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:7147 > #15 0x000055708e4111e9 in format_tlvs (tlvs=0x618000084480, buf=0x0, json=0x6040000a1bd0, indent=0) at isisd/isis_tlvs.c:7572 > #16 0x000055708e4114ce in isis_format_tlvs (tlvs=0x618000084480, json=0x6040000a1bd0) at isisd/isis_tlvs.c:7613 > #17 0x000055708e36f167 in lsp_print_detail (lsp=0x612000058b40, vty=0x0, json=0x6040000a1bd0, dynhost=1 '\001', isis=0x60d00001f800) at isisd/isis_lsp.c:785 > #18 0x000055708e36f31f in lsp_print_all (vty=0x0, json=0x6040000a0490, head=0x61f000005488, detail=1 '\001', dynhost=1 '\001', isis=0x60d00001f800) at isisd/isis_lsp.c:820 > #19 0x000055708e4379fc in show_isis_database_lspdb_json (json=0x6040000a0450, area=0x61f000005480, level=0, lspdb=0x61f000005488, sysid_str=0x0, ui_level=1) at isisd/isisd.c:2683 > #20 0x000055708e437ef9 in show_isis_database_json (json=0x6040000a0310, sysid_str=0x0, ui_level=1, isis=0x60d00001f800) at isisd/isisd.c:2754 > #21 0x000055708e438357 in show_isis_database_common (vty=0x62e000060400, json=0x6040000a0310, sysid_str=0x0, ui_level=1, isis=0x60d00001f800) at isisd/isisd.c:2788 > #22 0x000055708e438591 in show_isis_database (vty=0x62e000060400, json=0x6040000a0310, sysid_str=0x0, ui_level=1, vrf_name=0x7fad89806300 <vrf_default_name> "default", all_vrf=false) > at isisd/isisd.c:2825 > #23 0x000055708e43891d in show_database (self=0x55708e5519c0 <show_database_cmd>, vty=0x62e000060400, argc=5, argv=0x6040000a02d0) at isisd/isisd.c:2855 > #24 0x00007fad893a9767 in cmd_execute_command_real (vline=0x60300015f220, vty=0x62e000060400, cmd=0x0, up_level=0) at lib/command.c:1002 > #25 0x00007fad893a9adc in cmd_execute_command (vline=0x60300015f220, vty=0x62e000060400, cmd=0x0, vtysh=0) at lib/command.c:1061 > #26 0x00007fad893aa728 in cmd_execute (vty=0x62e000060400, cmd=0x621000025900 "show isis database detail json ", matched=0x0, vtysh=0) at lib/command.c:1227 Note that prior to 2e670cd, there was no crash but only the last "srv6-sid-structure" was displayed. A "srv6-sid-structure" should be displayed for each "sid". This commit also fix this. Was: > "srv6-lan-endx-sid": [ > { > "sid": "fc00:0:1:1::", > "weight": 0, > "algorithm": "SPF", > "neighbor-id": "0000.0000.0002" > }, > { > "sid": "fc00:0:1:2::", > "weight": 0, > "algorithm": "SPF", > "neighbor-id": "0000.0000.0003" > } > ], > "srv6-sid-structure": { > "loc-block-len": 32, > "loc-node-len": 16, > "func-len": 16, > "arg-len": 0 > }, Now (srv6-sid-structure are identical but they are not always): > "srv6-lan-endx-sid": [ > { > "sid": "fc00:0:1:1::", > "algorithm": "SPF", > "neighbor-id": "0000.0000.0002", > "srv6-sid-structure": { > "loc-block-len": 32, > "loc-node-len": 16, > "func-len": 8, > "arg-len": 0 > }, > }, > { > "sid": "fc00:0:1:2::", > "algorithm": "SPF", > "neighbor-id": "0000.0000.0003", > "srv6-sid-structure": { > "loc-block-len": 32, > "loc-node-len": 16, > "func-len": 16, > "arg-len": 0 > }, > } > ], Fixes: 2e670cd ("isisd: fix display of srv6 subsubtlvs") Fixes: 648a158 ("isisd: Add SRv6 End.X SID to Sub-TLV format func") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

Fix the following crash when pim options are (un)configured on an non-existent interface. > r1(config)# int fgljdsf > r1(config-if)# no ip pim unicast-bsm > vtysh: error reading from pimd: Connection reset by peer (104)Warning: closing connection to pimd because of an I/O error! > #0 raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50 > #1 0x00007f70c8f32249 in core_handler (signo=11, siginfo=0x7fffff88e4f0, context=0x7fffff88e3c0) at lib/sigevent.c:258 > #2 <signal handler called> > #3 0x0000556cfdd9b16d in lib_interface_pim_address_family_unicast_bsm_modify (args=0x7fffff88f130) at pimd/pim_nb_config.c:1910 > #4 0x00007f70c8efdcb5 in nb_callback_modify (context=0x556d00032b60, nb_node=0x556cffeeb9b0, event=NB_EV_APPLY, dnode=0x556d00031670, resource=0x556d00032b48, errmsg=0x7fffff88f710 "", errmsg_len=8192) > at lib/northbound.c:1538 > #5 0x00007f70c8efe949 in nb_callback_configuration (context=0x556d00032b60, event=NB_EV_APPLY, change=0x556d00032b10, errmsg=0x7fffff88f710 "", errmsg_len=8192) at lib/northbound.c:1888 > #6 0x00007f70c8efee82 in nb_transaction_process (event=NB_EV_APPLY, transaction=0x556d00032b60, errmsg=0x7fffff88f710 "", errmsg_len=8192) at lib/northbound.c:2016 > #7 0x00007f70c8efd658 in nb_candidate_commit_apply (transaction=0x556d00032b60, save_transaction=true, transaction_id=0x0, errmsg=0x7fffff88f710 "", errmsg_len=8192) at lib/northbound.c:1356 > #8 0x00007f70c8efd78e in nb_candidate_commit (context=..., candidate=0x556cffeb0e80, save_transaction=true, comment=0x0, transaction_id=0x0, errmsg=0x7fffff88f710 "", errmsg_len=8192) at lib/northbound.c:1389 > #9 0x00007f70c8f03e58 in nb_cli_classic_commit (vty=0x556d00025a80) at lib/northbound_cli.c:51 > #10 0x00007f70c8f043f8 in nb_cli_apply_changes_internal (vty=0x556d00025a80, > xpath_base=0x7fffff893bb0 "/frr-interface:lib/interface[name='fgljdsf']/frr-pim:pim/address-family[address-family='frr-routing:ipv4']", clear_pending=false) at lib/northbound_cli.c:178 > #11 0x00007f70c8f0475d in nb_cli_apply_changes (vty=0x556d00025a80, xpath_base_fmt=0x556cfdde9fe0 "./frr-pim:pim/address-family[address-family='%s']") at lib/northbound_cli.c:234 > #12 0x0000556cfdd8298f in pim_process_no_unicast_bsm_cmd (vty=0x556d00025a80) at pimd/pim_cmd_common.c:3493 > #13 0x0000556cfddcf782 in no_ip_pim_ucast_bsm (self=0x556cfde40b20 <no_ip_pim_ucast_bsm_cmd>, vty=0x556d00025a80, argc=4, argv=0x556d00031500) at pimd/pim_cmd.c:4950 > #14 0x00007f70c8e942f0 in cmd_execute_command_real (vline=0x556d00032070, vty=0x556d00025a80, cmd=0x0, up_level=0) at lib/command.c:1002 > #15 0x00007f70c8e94451 in cmd_execute_command (vline=0x556d00032070, vty=0x556d00025a80, cmd=0x0, vtysh=0) at lib/command.c:1061 > #16 0x00007f70c8e9499f in cmd_execute (vty=0x556d00025a80, cmd=0x556d00030320 "no ip pim unicast-bsm", matched=0x0, vtysh=0) at lib/command.c:1227 > #17 0x00007f70c8f51e44 in vty_command (vty=0x556d00025a80, buf=0x556d00030320 "no ip pim unicast-bsm") at lib/vty.c:616 > #18 0x00007f70c8f53bdd in vty_execute (vty=0x556d00025a80) at lib/vty.c:1379 > #19 0x00007f70c8f55d59 in vtysh_read (thread=0x7fffff896600) at lib/vty.c:2374 > #20 0x00007f70c8f4b209 in event_call (thread=0x7fffff896600) at lib/event.c:2011 > #21 0x00007f70c8ed109e in frr_run (master=0x556cffdb4ea0) at lib/libfrr.c:1217 > #22 0x0000556cfdddec12 in main (argc=2, argv=0x7fffff896828, envp=0x7fffff896840) at pimd/pim_main.c:165 > (gdb) f 3 > #3 0x0000556cfdd9b16d in lib_interface_pim_address_family_unicast_bsm_modify (args=0x7fffff88f130) at pimd/pim_nb_config.c:1910 > 1910 pim_ifp->ucast_bsm_accept = > (gdb) list > 1905 case NB_EV_ABORT: > 1906 break; > 1907 case NB_EV_APPLY: > 1908 ifp = nb_running_get_entry(args->dnode, NULL, true); > 1909 pim_ifp = ifp->info; > 1910 pim_ifp->ucast_bsm_accept = > 1911 yang_dnode_get_bool(args->dnode, NULL); > 1912 > 1913 break; > 1914 } > (gdb) p pim_ifp > $1 = (struct pim_interface *) 0x0 Fixes: 3bb513c ("lib: adapt to version 2 of libyang") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

It might cause this use-after-free: ``` ==6523==ERROR: AddressSanitizer: heap-use-after-free on address 0x60300058d720 at pc 0x55f3ab62ab1f bp 0x7ffe5b95a0d0 sp 0x7ffe5b95a0c8 READ of size 8 at 0x60300058d720 thread T0 #0 0x55f3ab62ab1e in bgp_gr_update_mode_of_all_peers bgpd/bgp_fsm.c:2729 #1 0x55f3ab62ab1e in bgp_gr_update_all bgpd/bgp_fsm.c:2779 #2 0x55f3ab73557e in bgp_inst_gr_config_vty bgpd/bgp_vty.c:3037 #3 0x55f3ab74db69 in bgp_graceful_restart bgpd/bgp_vty.c:3130 #4 0x7fc5539a9584 in cmd_execute_command_real lib/command.c:1002 #5 0x7fc5539a98a3 in cmd_execute_command lib/command.c:1061 #6 0x7fc5539a9dcf in cmd_execute lib/command.c:1227 #7 0x7fc553ae493f in vty_command lib/vty.c:616 #8 0x7fc553ae4e92 in vty_execute lib/vty.c:1379 #9 0x7fc553aedd34 in vtysh_read lib/vty.c:2374 #10 0x7fc553ad8a64 in event_call lib/event.c:1995 #11 0x7fc553a0c429 in frr_run lib/libfrr.c:1232 #12 0x55f3ab57b78d in main bgpd/bgp_main.c:555 #13 0x7fc55342d249 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 #14 0x7fc55342d304 in __libc_start_main_impl ../csu/libc-start.c:360 #15 0x55f3ab5799a0 in _start (/usr/lib/frr/bgpd+0x2e19a0) 0x60300058d720 is located 16 bytes inside of 24-byte region [0x60300058d710,0x60300058d728) freed by thread T0 here: #0 0x7fc553eb76a8 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:52 #1 0x7fc553a2b713 in qfree lib/memory.c:130 #2 0x7fc553a0e50d in listnode_free lib/linklist.c:81 #3 0x7fc553a0e50d in list_delete_node lib/linklist.c:379 #4 0x55f3ab7ae353 in peer_delete bgpd/bgpd.c:2796 #5 0x55f3ab7ae91f in bgp_session_reset bgpd/bgpd.c:141 #6 0x55f3ab62ab17 in bgp_gr_update_mode_of_all_peers bgpd/bgp_fsm.c:2752 #7 0x55f3ab62ab17 in bgp_gr_update_all bgpd/bgp_fsm.c:2779 #8 0x55f3ab73557e in bgp_inst_gr_config_vty bgpd/bgp_vty.c:3037 #9 0x55f3ab74db69 in bgp_graceful_restart bgpd/bgp_vty.c:3130 #10 0x7fc5539a9584 in cmd_execute_command_real lib/command.c:1002 #11 0x7fc5539a98a3 in cmd_execute_command lib/command.c:1061 #12 0x7fc5539a9dcf in cmd_execute lib/command.c:1227 #13 0x7fc553ae493f in vty_command lib/vty.c:616 #14 0x7fc553ae4e92 in vty_execute lib/vty.c:1379 #15 0x7fc553aedd34 in vtysh_read lib/vty.c:2374 #16 0x7fc553ad8a64 in event_call lib/event.c:1995 #17 0x7fc553a0c429 in frr_run lib/libfrr.c:1232 #18 0x55f3ab57b78d in main bgpd/bgp_main.c:555 #19 0x7fc55342d249 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 previously allocated by thread T0 here: #0 0x7fc553eb83b7 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:77 #1 0x7fc553a2ae20 in qcalloc lib/memory.c:105 #2 0x7fc553a0d056 in listnode_new lib/linklist.c:71 #3 0x7fc553a0d85b in listnode_add_sort lib/linklist.c:197 #4 0x55f3ab7baec4 in peer_create bgpd/bgpd.c:1996 #5 0x55f3ab65be8b in bgp_accept bgpd/bgp_network.c:604 #6 0x7fc553ad8a64 in event_call lib/event.c:1995 #7 0x7fc553a0c429 in frr_run lib/libfrr.c:1232 #8 0x55f3ab57b78d in main bgpd/bgp_main.c:555 #9 0x7fc55342d249 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 ``` Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>

When 'no rpki' is requested and the rtrlib RPKI object was freed, bgpd is crashing. RPKI is configured in VRF red. > ip l set red down > ip l del red > printf 'conf\n vrf red\n no rpki' | vtysh > Core was generated by `/usr/bin/bgpd -A 127.0.0.1 -M snmp -M rpki -M bmp'. > Program terminated with signal SIGSEGV, Segmentation fault. > #0 __pthread_kill_implementation (no_tid=0, signo=11, threadid=140411103615424) at ./nptl/pthread_kill.c:44 > 44 ./nptl/pthread_kill.c: No such file or directory. > [Current thread is 1 (Thread 0x7fb401f419c0 (LWP 190226))] > (gdb) bt > #0 __pthread_kill_implementation (no_tid=0, signo=11, threadid=140411103615424) at ./nptl/pthread_kill.c:44 > #1 __pthread_kill_internal (signo=11, threadid=140411103615424) at ./nptl/pthread_kill.c:78 > #2 __GI___pthread_kill (threadid=140411103615424, signo=signo@entry=11) at ./nptl/pthread_kill.c:89 > #3 0x00007fb4021ad476 in __GI_raise (sig=11) at ../sysdeps/posix/raise.c:26 > #4 0x00007fb4025ce22b in core_handler (signo=11, siginfo=0x7fff831b2d70, context=0x7fff831b2c40) at lib/sigevent.c:248 > #5 <signal handler called> > #6 rtr_mgr_remove_group (config=0x55fe8789f750, preference=11) at /build/make-pkg/output/source/DIST_RTRLIB/rtrlib/rtrlib/rtr_mgr.c:607 > #7 0x00007fb40145f518 in rpki_delete_all_cache_nodes (rpki_vrf=0x55fe8789f4f0) at bgpd/bgp_rpki.c:442 > #8 0x00007fb401463098 in no_rpki_magic (self=0x7fb40146bba0 <no_rpki_cmd>, vty=0x55fe877f5130, argc=2, argv=0x55fe877fccd0) at bgpd/bgp_rpki.c:1732 > #9 0x00007fb40145c09a in no_rpki (self=0x7fb40146bba0 <no_rpki_cmd>, vty=0x55fe877f5130, argc=2, argv=0x55fe877fccd0) at ./bgpd/bgp_rpki_clippy.c:37 > #10 0x00007fb402527abc in cmd_execute_command_real (vline=0x55fe877fd150, vty=0x55fe877f5130, cmd=0x0, up_level=0) at lib/command.c:984 > #11 0x00007fb402527c35 in cmd_execute_command (vline=0x55fe877fd150, vty=0x55fe877f5130, cmd=0x0, vtysh=0) at lib/command.c:1043 > #12 0x00007fb4025281e5 in cmd_execute (vty=0x55fe877f5130, cmd=0x55fe877fb8c0 "no rpki\n", matched=0x0, vtysh=0) at lib/command.c:1209 > #13 0x00007fb4025f0aed in vty_command (vty=0x55fe877f5130, buf=0x55fe877fb8c0 "no rpki\n") at lib/vty.c:615 > #14 0x00007fb4025f2a11 in vty_execute (vty=0x55fe877f5130) at lib/vty.c:1378 > #15 0x00007fb4025f513d in vtysh_read (thread=0x7fff831b5fa0) at lib/vty.c:2373 > #16 0x00007fb4025e9611 in event_call (thread=0x7fff831b5fa0) at lib/event.c:2011 > #17 0x00007fb402566976 in frr_run (master=0x55fe871a14a0) at lib/libfrr.c:1212 > #18 0x000055fe857829fa in main (argc=9, argv=0x7fff831b6218) at bgpd/bgp_main.c:549 Fixes: 8156765 ("bgpd: Add `no rpki` command") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

Fix crash when flex-algo is configured and mpls-te is disabled. > interface eth0 > ip router isis 1 > ! > router isis 1 > flex-algo 129 > dataplane sr-mpls > advertise-definition > #0 __pthread_kill_implementation (no_tid=0, signo=11, threadid=140486233631168) at ./nptl/pthread_kill.c:44 > #1 __pthread_kill_internal (signo=11, threadid=140486233631168) at ./nptl/pthread_kill.c:78 > #2 __GI___pthread_kill (threadid=140486233631168, signo=signo@entry=11) at ./nptl/pthread_kill.c:89 > #3 0x00007fc5802e9476 in __GI_raise (sig=11) at ../sysdeps/posix/raise.c:26 > #4 0x00007fc58076021f in core_handler (signo=11, siginfo=0x7ffd38d42470, context=0x7ffd38d42340) at lib/sigevent.c:248 > #5 <signal handler called> > #6 0x000055c527f798c9 in isis_link_params_update_asla (circuit=0x55c52aaed3c0, ifp=0x55c52a1044e0) at isisd/isis_te.c:176 > #7 0x000055c527fb29da in isis_instance_flex_algo_create (args=0x7ffd38d43120) at isisd/isis_nb_config.c:2875 > #8 0x00007fc58072655b in nb_callback_create (context=0x55c52ab1d2f0, nb_node=0x55c529f72950, event=NB_EV_APPLY, dnode=0x55c52ab06230, resource=0x55c52ab189f8, errmsg=0x7ffd38d43750 "", > errmsg_len=8192) at lib/northbound.c:1262 > #9 0x00007fc580727625 in nb_callback_configuration (context=0x55c52ab1d2f0, event=NB_EV_APPLY, change=0x55c52ab189c0, errmsg=0x7ffd38d43750 "", errmsg_len=8192) at lib/northbound.c:1662 > #10 0x00007fc580727c39 in nb_transaction_process (event=NB_EV_APPLY, transaction=0x55c52ab1d2f0, errmsg=0x7ffd38d43750 "", errmsg_len=8192) at lib/northbound.c:1794 > #11 0x00007fc580725f77 in nb_candidate_commit_apply (transaction=0x55c52ab1d2f0, save_transaction=true, transaction_id=0x0, errmsg=0x7ffd38d43750 "", errmsg_len=8192) > at lib/northbound.c:1131 > #12 0x00007fc5807260d1 in nb_candidate_commit (context=..., candidate=0x55c529f0a730, save_transaction=true, comment=0x0, transaction_id=0x0, errmsg=0x7ffd38d43750 "", errmsg_len=8192) > at lib/northbound.c:1164 > #13 0x00007fc58072d220 in nb_cli_classic_commit (vty=0x55c52a0fc6b0) at lib/northbound_cli.c:51 > #14 0x00007fc58072d839 in nb_cli_apply_changes_internal (vty=0x55c52a0fc6b0, > xpath_base=0x7ffd38d477f0 "/frr-isisd:isis/instance[area-tag='1'][vrf='default']/flex-algos/flex-algo[flex-algo='129']", clear_pending=false) at lib/northbound_cli.c:178 > #15 0x00007fc58072dbcf in nb_cli_apply_changes (vty=0x55c52a0fc6b0, xpath_base_fmt=0x55c528014de0 "./flex-algos/flex-algo[flex-algo='%ld']") at lib/northbound_cli.c:234 > #16 0x000055c527fd3403 in flex_algo_magic (self=0x55c52804f1a0 <flex_algo_cmd>, vty=0x55c52a0fc6b0, argc=2, argv=0x55c52ab00ec0, algorithm=129, algorithm_str=0x55c52ab120d0 "129") > at isisd/isis_cli.c:3752 > #17 0x000055c527fc97cb in flex_algo (self=0x55c52804f1a0 <flex_algo_cmd>, vty=0x55c52a0fc6b0, argc=2, argv=0x55c52ab00ec0) at ./isisd/isis_cli_clippy.c:6445 > #18 0x00007fc5806b9abc in cmd_execute_command_real (vline=0x55c52aaf78f0, vty=0x55c52a0fc6b0, cmd=0x0, up_level=0) at lib/command.c:984 > #19 0x00007fc5806b9c35 in cmd_execute_command (vline=0x55c52aaf78f0, vty=0x55c52a0fc6b0, cmd=0x0, vtysh=0) at lib/command.c:1043 > #20 0x00007fc5806ba1e5 in cmd_execute (vty=0x55c52a0fc6b0, cmd=0x55c52aae6bd0 "flex-algo 129\n", matched=0x0, vtysh=0) at lib/command.c:1209 > #21 0x00007fc580782ae1 in vty_command (vty=0x55c52a0fc6b0, buf=0x55c52aae6bd0 "flex-algo 129\n") at lib/vty.c:615 > #22 0x00007fc580784a05 in vty_execute (vty=0x55c52a0fc6b0) at lib/vty.c:1378 > #23 0x00007fc580787131 in vtysh_read (thread=0x7ffd38d4ab10) at lib/vty.c:2373 > #24 0x00007fc58077b605 in event_call (thread=0x7ffd38d4ab10) at lib/event.c:2011 > #25 0x00007fc5806f8976 in frr_run (master=0x55c529df9b30) at lib/libfrr.c:1212 > #26 0x000055c527f301bc in main (argc=5, argv=0x7ffd38d4ad58, envp=0x7ffd38d4ad88) at isisd/isis_main.c:350 > (gdb) f 6 > #6 0x000055c527f798c9 in isis_link_params_update_asla (circuit=0x55c52aaed3c0, ifp=0x55c52a1044e0) at isisd/isis_te.c:176 > 176 list_delete_all_node(ext->aslas); > (gdb) p ext > $1 = (struct isis_ext_subtlvs *) 0x0 Fixes: ae27101 ("isisd: fix building asla at first flex-algo config") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

The following causes a isisd crash. > # cat config > affinity-map green bit-position 0 > router isis 1 > flex-algo 129 > affinity exclude-any green > # vtysh -f config > #0 raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50 > #1 0x00007f650cd32756 in core_handler (signo=6, siginfo=0x7ffc56f93070, context=0x7ffc56f92f40) at lib/sigevent.c:258 > #2 <signal handler called> > #3 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 > #4 0x00007f650c91c537 in __GI_abort () at abort.c:79 > #5 0x00007f650cd007c9 in nb_running_get_entry_worker (dnode=0x0, xpath=0x0, abort_if_not_found=true, rec_search=true) at lib/northbound.c:2531 > #6 0x00007f650cd007f9 in nb_running_get_entry (dnode=0x55d9ad406e00, xpath=0x0, abort_if_not_found=true) at lib/northbound.c:2537 > #7 0x000055d9ab302248 in isis_instance_flex_algo_affinity_set (args=0x7ffc56f947a0, type=2) at isisd/isis_nb_config.c:2998 > #8 0x000055d9ab3027c0 in isis_instance_flex_algo_affinity_exclude_any_create (args=0x7ffc56f947a0) at isisd/isis_nb_config.c:3155 > #9 0x00007f650ccfe284 in nb_callback_create (context=0x7ffc56f94d20, nb_node=0x55d9ad28b540, event=NB_EV_VALIDATE, dnode=0x55d9ad406e00, resource=0x0, errmsg=0x7ffc56f94de0 "", > errmsg_len=8192) at lib/northbound.c:1487 > #10 0x00007f650ccff067 in nb_callback_configuration (context=0x7ffc56f94d20, event=NB_EV_VALIDATE, change=0x55d9ad406d40, errmsg=0x7ffc56f94de0 "", errmsg_len=8192) at lib/northbound.c:1884 > #11 0x00007f650ccfda31 in nb_candidate_validate_code (context=0x7ffc56f94d20, candidate=0x55d9ad20d710, changes=0x7ffc56f94d38, errmsg=0x7ffc56f94de0 "", errmsg_len=8192) > at lib/northbound.c:1246 > #12 0x00007f650ccfdc67 in nb_candidate_commit_prepare (context=..., candidate=0x55d9ad20d710, comment=0x0, transaction=0x7ffc56f94da0, skip_validate=false, ignore_zero_change=false, > errmsg=0x7ffc56f94de0 "", errmsg_len=8192) at lib/northbound.c:1317 > #13 0x00007f650ccfdec4 in nb_candidate_commit (context=..., candidate=0x55d9ad20d710, save_transaction=true, comment=0x0, transaction_id=0x0, errmsg=0x7ffc56f94de0 "", errmsg_len=8192) > at lib/northbound.c:1381 > #14 0x00007f650cd045ba in nb_cli_classic_commit (vty=0x55d9ad3f7490) at lib/northbound_cli.c:57 > #15 0x00007f650cd04749 in nb_cli_pending_commit_check (vty=0x55d9ad3f7490) at lib/northbound_cli.c:96 > #16 0x00007f650cc94340 in cmd_execute_command_real (vline=0x55d9ad3eea10, vty=0x55d9ad3f7490, cmd=0x0, up_level=0) at lib/command.c:1000 > #17 0x00007f650cc94599 in cmd_execute_command (vline=0x55d9ad3eea10, vty=0x55d9ad3f7490, cmd=0x0, vtysh=0) at lib/command.c:1080 > #18 0x00007f650cc94a0c in cmd_execute (vty=0x55d9ad3f7490, cmd=0x55d9ad401d30 "XFRR_end_configuration", matched=0x0, vtysh=0) at lib/command.c:1228 > #19 0x00007f650cd523a4 in vty_command (vty=0x55d9ad3f7490, buf=0x55d9ad401d30 "XFRR_end_configuration") at lib/vty.c:625 > #20 0x00007f650cd5413d in vty_execute (vty=0x55d9ad3f7490) at lib/vty.c:1388 > #21 0x00007f650cd56353 in vtysh_read (thread=0x7ffc56f99370) at lib/vty.c:2400 > #22 0x00007f650cd4b6fd in event_call (thread=0x7ffc56f99370) at lib/event.c:1996 > #23 0x00007f650ccd1365 in frr_run (master=0x55d9ad103cf0) at lib/libfrr.c:1231 > #24 0x000055d9ab29036e in main (argc=2, argv=0x7ffc56f99598, envp=0x7ffc56f995b0) at isisd/isis_main.c:354 Configuring the same in vtysh configure interactive mode works properly. When using "vtysh -f", the northbound compatible configuration is committed together whereas, in interactive mode, it committed line by line. In the first situation, in validation state nb_running_get_entry() fails because the area not yet in running. Do not use nb_running_get_entry() northbound validation state. Fixes: 893882e ("isisd: add isis flex-algo configuration backend") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

Fix a crash when modifying a route-map with set as-path exclude without as-path-access-list: > router(config)# route-map routemaptest deny 1 > router(config-route-map)# set as-path exclude 33 34 35 > router(config-route-map)# set as-path exclude as-path-access-list test > #0 raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50 > #1 0x00007fb3959327de in core_handler (signo=11, siginfo=0x7ffd122da530, context=0x7ffd122da400) at lib/sigevent.c:258 > #2 <signal handler called> > #3 0x000055ab2762a1bd in as_list_list_del (h=0x55ab27897680 <as_exclude_list_orphan>, item=0x55ab28204e20) at ./bgpd/bgp_aspath.h:77 > #4 0x000055ab2762d1a8 in as_exclude_remove_orphan (ase=0x55ab28204e20) at bgpd/bgp_aspath.c:1574 > #5 0x000055ab27550538 in route_aspath_exclude_free (rule=0x55ab28204e20) at bgpd/bgp_routemap.c:2366 > #6 0x00007fb39591f00c in route_map_rule_delete (list=0x55ab28203498, rule=0x55ab28204170) at lib/routemap.c:1357 > #7 0x00007fb39591f87c in route_map_add_set (index=0x55ab28203460, set_name=0x55ab276ad2aa "as-path exclude", set_arg=0x55ab281e4f70 "as-path-access-list test") at lib/routemap.c:1674 > #8 0x00007fb39591d3f3 in generic_set_add (index=0x55ab28203460, command=0x55ab276ad2aa "as-path exclude", arg=0x55ab281e4f70 "as-path-access-list test", errmsg=0x7ffd122db870 "", > errmsg_len=8192) at lib/routemap.c:533 > #9 0x000055ab2755e78e in lib_route_map_entry_set_action_rmap_set_action_exclude_as_path_modify (args=0x7ffd122db290) at bgpd/bgp_routemap_nb_config.c:2427 > #10 0x00007fb3958fe417 in nb_callback_modify (context=0x55ab28205aa0, nb_node=0x55ab27cb31e0, event=NB_EV_APPLY, dnode=0x55ab28202690, resource=0x55ab27c32148, errmsg=0x7ffd122db870 "", > errmsg_len=8192) at lib/northbound.c:1538 > #11 0x00007fb3958ff0ab in nb_callback_configuration (context=0x55ab28205aa0, event=NB_EV_APPLY, change=0x55ab27c32110, errmsg=0x7ffd122db870 "", errmsg_len=8192) at lib/northbound.c:1888 > #12 0x00007fb3958ff5e4 in nb_transaction_process (event=NB_EV_APPLY, transaction=0x55ab28205aa0, errmsg=0x7ffd122db870 "", errmsg_len=8192) at lib/northbound.c:2016 > #13 0x00007fb3958fddba in nb_candidate_commit_apply (transaction=0x55ab28205aa0, save_transaction=true, transaction_id=0x0, errmsg=0x7ffd122db870 "", errmsg_len=8192) > at lib/northbound.c:1356 > #14 0x00007fb3958fdef0 in nb_candidate_commit (context=..., candidate=0x55ab27c2c9a0, save_transaction=true, comment=0x0, transaction_id=0x0, errmsg=0x7ffd122db870 "", errmsg_len=8192) > at lib/northbound.c:1389 > #15 0x00007fb3959045ba in nb_cli_classic_commit (vty=0x55ab281f6680) at lib/northbound_cli.c:57 > #16 0x00007fb395904b5a in nb_cli_apply_changes_internal (vty=0x55ab281f6680, xpath_base=0x7ffd122dfd10 "/frr-route-map:lib/route-map[name='routemaptest']/entry[sequence='1']", > clear_pending=false) at lib/northbound_cli.c:184 > #17 0x00007fb395904ebf in nb_cli_apply_changes (vty=0x55ab281f6680, xpath_base_fmt=0x0) at lib/northbound_cli.c:240 > --Type <RET> for more, q to quit, c to continue without paging-- > #18 0x000055ab27557d2e in set_aspath_exclude_access_list_magic (self=0x55ab2775c300 <set_aspath_exclude_access_list_cmd>, vty=0x55ab281f6680, argc=5, argv=0x55ab28204c80, > as_path_filter_name=0x55ab28202040 "test") at bgpd/bgp_routemap.c:6397 > #19 0x000055ab2754bdea in set_aspath_exclude_access_list (self=0x55ab2775c300 <set_aspath_exclude_access_list_cmd>, vty=0x55ab281f6680, argc=5, argv=0x55ab28204c80) > at ./bgpd/bgp_routemap_clippy.c:856 > #20 0x00007fb39589435d in cmd_execute_command_real (vline=0x55ab281e61f0, vty=0x55ab281f6680, cmd=0x0, up_level=0) at lib/command.c:1003 > #21 0x00007fb3958944be in cmd_execute_command (vline=0x55ab281e61f0, vty=0x55ab281f6680, cmd=0x0, vtysh=0) at lib/command.c:1062 > #22 0x00007fb395894a0c in cmd_execute (vty=0x55ab281f6680, cmd=0x55ab28200f20 "set as-path exclude as-path-access-list test", matched=0x0, vtysh=0) at lib/command.c:1228 > #23 0x00007fb39595242c in vty_command (vty=0x55ab281f6680, buf=0x55ab28200f20 "set as-path exclude as-path-access-list test") at lib/vty.c:625 > #24 0x00007fb3959541c5 in vty_execute (vty=0x55ab281f6680) at lib/vty.c:1388 > #25 0x00007fb3959563db in vtysh_read (thread=0x7ffd122e2bb0) at lib/vty.c:2400 > #26 0x00007fb39594b785 in event_call (thread=0x7ffd122e2bb0) at lib/event.c:1996 > #27 0x00007fb3958d1365 in frr_run (master=0x55ab27b56d70) at lib/libfrr.c:1231 > #28 0x000055ab2747f1cc in main (argc=3, argv=0x7ffd122e2e08) at bgpd/bgp_main.c:555 Fixes: 094dcc3 ("bgpd: fix "bgp as-pah access-list" with "set aspath exclude" set/unset issues") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

Level 2 adjacency list is not supposed to be always set. > #0 raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50 > #1 0x00007f9f0353274f in core_handler (signo=6, siginfo=0x7ffe95260770, context=0x7ffe95260640) at lib/sigevent.c:258 > #2 <signal handler called> > #3 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 > #4 0x00007f9f0324e537 in __GI_abort () at abort.c:79 > #5 0x00007f9f035744ea in _zlog_assert_failed (xref=0x7f9f0362c6c0 <_xref.15>, extra=0x0) at lib/zlog.c:789 > #6 0x00007f9f034d25ee in listnode_head (list=0x0) at lib/linklist.c:316 > #7 0x000055cd65aaa481 in lib_interface_state_isis_adjacencies_adjacency_get_next (args=0x7ffe95261730) at isisd/isis_nb_state.c:101 > #8 0x00007f9f034feadd in nb_callback_get_next (nb_node=0x55cd673c0190, parent_list_entry=0x55cd67570d30, list_entry=0x55cd6758f8a0) at lib/northbound.c:1748 > #9 0x00007f9f0350bf07 in __walk (ys=0x55cd675782b0, is_resume=false) at lib/northbound_oper.c:1264 > #10 0x00007f9f0350deaa in nb_op_walk_start (ys=0x55cd675782b0) at lib/northbound_oper.c:1741 > #11 0x00007f9f0350e079 in nb_oper_iterate_legacy (xpath=0x55cd67595c60 "/frr-interface:lib", translator=0x0, flags=0, cb=0x0, cb_arg=0x0, tree=0x7ffe952621b0) at lib/northbound_oper.c:1803 > #12 0x00007f9f03507661 in show_yang_operational_data_magic (self=0x7f9f03634a80 <show_yang_operational_data_cmd>, vty=0x55cd675a61f0, argc=4, argv=0x55cd6758eab0, > xpath=0x55cd67595c60 "/frr-interface:lib", json=0x0, xml=0x0, translator_family=0x0, with_config=0x0) at lib/northbound_cli.c:1576 > #13 0x00007f9f035037f0 in show_yang_operational_data (self=0x7f9f03634a80 <show_yang_operational_data_cmd>, vty=0x55cd675a61f0, argc=4, argv=0x55cd6758eab0) > at ./lib/northbound_cli_clippy.c:906 > #14 0x00007f9f0349435d in cmd_execute_command_real (vline=0x55cd6758e490, vty=0x55cd675a61f0, cmd=0x0, up_level=0) at lib/command.c:1003 > #15 0x00007f9f03494477 in cmd_execute_command (vline=0x55cd67585340, vty=0x55cd675a61f0, cmd=0x0, vtysh=0) at lib/command.c:1053 > #16 0x00007f9f03494a0c in cmd_execute (vty=0x55cd675a61f0, cmd=0x55cd67579040 "do show yang operational-data /frr-interface:lib", matched=0x0, vtysh=0) at lib/command.c:1228 > #17 0x00007f9f0355239d in vty_command (vty=0x55cd675a61f0, buf=0x55cd67579040 "do show yang operational-data /frr-interface:lib") at lib/vty.c:625 > #18 0x00007f9f03554136 in vty_execute (vty=0x55cd675a61f0) at lib/vty.c:1388 > #19 0x00007f9f0355634c in vtysh_read (thread=0x7ffe952647a0) at lib/vty.c:2400 > #20 0x00007f9f0354b6f6 in event_call (thread=0x7ffe952647a0) at lib/event.c:1996 > #21 0x00007f9f034d1365 in frr_run (master=0x55cd67204da0) at lib/libfrr.c:1231 > #22 0x000055cd65a3236e in main (argc=7, argv=0x7ffe952649c8, envp=0x7ffe95264a08) at isisd/isis_main.c:354 Fixes: 2a1c520 ("isisd: split northbound callbacks into multiple files") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>

``` ERROR: AddressSanitizer: heap-use-after-free on address 0x6160000aecf0 at pc 0x5555557ecdb9 bp 0x7fffffffe350 sp 0x7fffffffe340 READ of size 4 at 0x6160000aecf0 thread T0 #0 0x5555557ecdb8 in igmp_source_delete pimd/pim_igmpv3.c:340 #1 0x5555557ed475 in igmp_source_delete_expired pimd/pim_igmpv3.c:405 #2 0x5555557de574 in igmp_group_timer pimd/pim_igmp.c:1346 #3 0x7ffff7275421 in event_call lib/event.c:1996 #4 0x7ffff7140797 in frr_run lib/libfrr.c:1237 #5 0x5555557f5840 in main pimd/pim_main.c:166 #6 0x7ffff6a54082 in __libc_start_main ../csu/libc-start.c:308 #7 0x555555686eed in _start (/usr/lib/frr/pimd+0x132eed) 0x6160000aecf0 is located 112 bytes inside of 600-byte region [0x6160000aec80,0x6160000aeed8) freed by thread T0 here: #0 0x7ffff767b40f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122 #1 0x7ffff716ed34 in qfree lib/memory.c:131 #2 0x5555557169ae in pim_channel_oil_free pimd/pim_oil.c:84 #3 0x555555717981 in pim_channel_oil_del pimd/pim_oil.c:199 #4 0x55555573c42c in tib_sg_gm_prune pimd/pim_tib.c:196 #5 0x5555557d6d04 in igmp_source_forward_stop pimd/pim_igmp.c:229 #6 0x5555557d5855 in igmp_anysource_forward_stop pimd/pim_igmp.c:61 #7 0x5555557de539 in igmp_group_timer pimd/pim_igmp.c:1344 #8 0x7ffff7275421 in event_call lib/event.c:1996 #9 0x7ffff7140797 in frr_run lib/libfrr.c:1237 #10 0x5555557f5840 in main pimd/pim_main.c:166 #11 0x7ffff6a54082 in __libc_start_main ../csu/libc-start.c:308 previously allocated by thread T0 here: #0 0x7ffff767ba06 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:153 #1 0x7ffff716ebe1 in qcalloc lib/memory.c:106 #2 0x555555716eb7 in pim_channel_oil_add pimd/pim_oil.c:133 #3 0x55555573b2b9 in tib_sg_oil_setup pimd/pim_tib.c:30 #4 0x55555573bdd3 in tib_sg_gm_join pimd/pim_tib.c:119 #5 0x5555557d6788 in igmp_source_forward_start pimd/pim_igmp.c:193 #6 0x5555557d5771 in igmp_anysource_forward_start pimd/pim_igmp.c:51 #7 0x5555557ecaa0 in group_exclude_fwd_anysrc_ifempty pimd/pim_igmpv3.c:310 #8 0x5555557ef937 in toex_incl pimd/pim_igmpv3.c:839 #9 0x5555557f00a2 in igmpv3_report_toex pimd/pim_igmpv3.c:938 #10 0x5555557f543d in igmp_v3_recv_report pimd/pim_igmpv3.c:2000 #11 0x5555557da2b4 in pim_igmp_packet pimd/pim_igmp.c:787 #12 0x5555556ee46a in process_igmp_packet pimd/pim_mroute.c:763 #13 0x5555556ee5f3 in pim_mroute_msg pimd/pim_mroute.c:787 #14 0x5555556eef58 in mroute_read pimd/pim_mroute.c:877 #15 0x7ffff7275421 in event_call lib/event.c:1996 #16 0x7ffff7140797 in frr_run lib/libfrr.c:1237 #17 0x5555557f5840 in main pimd/pim_main.c:166 #18 0x7ffff6a54082 in __libc_start_main ../csu/libc-start.c:308 SUMMARY: AddressSanitizer: heap-use-after-free pimd/pim_igmpv3.c:340 in igmp_source_delete Shadow bytes around the buggy address: 0x0c2c8000dd40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2c8000dd50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2c8000dd60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2c8000dd70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2c8000dd80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0c2c8000dd90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd 0x0c2c8000dda0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2c8000ddb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2c8000ddc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2c8000ddd0: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa 0x0c2c8000dde0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ``` Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>

pbrd: add nexthop-vrf to config output

05e12fc

Signed-off-by: Don Slice <dslice@cumulusnetworks.com>

donaldsharp merged commit c2a41c6 into donaldsharp:PBRD Feb 22, 2018

dslicenc deleted the PBRD branch February 22, 2018 20:30

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

pbrd: add nexthop-vrf to config output #17

pbrd: add nexthop-vrf to config output #17

dslicenc commented Feb 22, 2018

pbrd: add nexthop-vrf to config output #17

pbrd: add nexthop-vrf to config output #17

Conversation

dslicenc commented Feb 22, 2018