Skip to content

Save FRR configuration #19

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
mipxman opened this issue Sep 2, 2020 · 2 comments
Closed

Save FRR configuration #19

mipxman opened this issue Sep 2, 2020 · 2 comments

Comments

@mipxman
Copy link

mipxman commented Sep 2, 2020
edited
Loading

Hi Guys!

I configure vtysh in FRR and save configurtion with write command in SONiC-NOS(https://sonic-jenkins.westus2.cloudapp.azure.com/job/broadcom/job/buildimage-brcm-all/). After I reloading system (sudo config reload -y) the bgp container is reloading and my frr configuration was lost! how I can save my configuration like as (/etc/sonic/config_db.json) .

device : as 7712-32x

> sonic# wr
Note: this version of vtysh never writes vtysh.conf
Building Configuration...
Integrated configuration saved to /etc/frr/frr.conf
[OK]

sudo config config save -y

Regards
@prsunny
Copy link

prsunny commented Sep 2, 2020

FRR configs are generated via templates in Sonic. AFAIK, there is no support to save vtysh config to config_db and restore later. (The saved files via vtysh are ignored). @pavel-shirshov

@pavel-shirshov
Copy link
Contributor

There is not such support for now. Sorry.

pavel-shirshov pushed a commit that referenced this issue Nov 17, 2020
@donaldsharp
zebra: Fix use after free in debug path
947097e 
When zebra is running with debugs turned on there
is a use after free reported by the address sanitizer:

2020/10/16 12:58:02 ZEBRA: rib_delnode: (0:254):4.5.6.16/32: rn 0x60b000026f20, re 0x6080000131a0, removing
2020/10/16 12:58:02 ZEBRA: rib_meta_queue_add: (0:254):4.5.6.16/32: queued rn 0x60b000026f20 into sub-queue 3
=================================================================
==3101430==ERROR: AddressSanitizer: heap-use-after-free on address 0x608000011d28 at pc 0x555555705ab6 bp 0x7fffffffdab0 sp 0x7fffffffdaa8
READ of size 8 at 0x608000011d28 thread T0
    #0 0x555555705ab5 in re_list_const_first zebra/rib.h:222
    #1 0x555555705b54 in re_list_first zebra/rib.h:222
    #2 0x555555711a4f in process_subq_route zebra/zebra_rib.c:2248
    #3 0x555555711d2e in process_subq zebra/zebra_rib.c:2286
    #4 0x555555711ec7 in meta_queue_process zebra/zebra_rib.c:2320
    #5 0x7ffff74701f7 in work_queue_run lib/workqueue.c:291
    #6 0x7ffff7450e9c in thread_call lib/thread.c:1581
    #7 0x7ffff738eaf7 in frr_run lib/libfrr.c:1099
    #8 0x55555561a578 in main zebra/main.c:455
    #9 0x7ffff7079cc9 in __libc_start_main ../csu/libc-start.c:308
    #10 0x5555555e3429 in _start (/usr/lib/frr/zebra+0x8f429)
0x608000011d28 is located 8 bytes inside of 88-byte region [0x608000011d20,0x608000011d78)
freed by thread T0 here:
    #0 0x7ffff768bb6f in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.6+0xa9b6f)
    #1 0x7ffff739ccad in qfree lib/memory.c:129
    #2 0x555555709ee4 in rib_gc_dest zebra/zebra_rib.c:746
    #3 0x55555570ca76 in rib_process zebra/zebra_rib.c:1240
    #4 0x555555711a05 in process_subq_route zebra/zebra_rib.c:2245
    #5 0x555555711d2e in process_subq zebra/zebra_rib.c:2286
    #6 0x555555711ec7 in meta_queue_process zebra/zebra_rib.c:2320
    #7 0x7ffff74701f7 in work_queue_run lib/workqueue.c:291
    #8 0x7ffff7450e9c in thread_call lib/thread.c:1581
    #9 0x7ffff738eaf7 in frr_run lib/libfrr.c:1099
    #10 0x55555561a578 in main zebra/main.c:455
    #11 0x7ffff7079cc9 in __libc_start_main ../csu/libc-start.c:308
previously allocated by thread T0 here:
    #0 0x7ffff768c037 in calloc (/lib/x86_64-linux-gnu/libasan.so.6+0xaa037)
    #1 0x7ffff739cb98 in qcalloc lib/memory.c:110
    #2 0x555555712ace in zebra_rib_create_dest zebra/zebra_rib.c:2515
    #3 0x555555712c6c in rib_link zebra/zebra_rib.c:2576
    #4 0x555555712faa in rib_addnode zebra/zebra_rib.c:2607
    #5 0x555555715bf0 in rib_add_multipath_nhe zebra/zebra_rib.c:3012
    #6 0x555555715f56 in rib_add_multipath zebra/zebra_rib.c:3049
    #7 0x55555571788b in rib_add zebra/zebra_rib.c:3327
    #8 0x5555555e584a in connected_up zebra/connected.c:254
    #9 0x5555555e42ff in connected_announce zebra/connected.c:94
    #10 0x5555555e4fd3 in connected_update zebra/connected.c:195
    #11 0x5555555e61ad in connected_add_ipv4 zebra/connected.c:340
    #12 0x5555555f26f5 in netlink_interface_addr zebra/if_netlink.c:1213
    #13 0x55555560f756 in netlink_information_fetch zebra/kernel_netlink.c:350
    #14 0x555555612e49 in netlink_parse_info zebra/kernel_netlink.c:941
    #15 0x55555560f9f1 in kernel_read zebra/kernel_netlink.c:402
    #16 0x7ffff7450e9c in thread_call lib/thread.c:1581
    #17 0x7ffff738eaf7 in frr_run lib/libfrr.c:1099
    #18 0x55555561a578 in main zebra/main.c:455
    #19 0x7ffff7079cc9 in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: heap-use-after-free zebra/rib.h:222 in re_list_const_first

This is happening because we are using the dest pointer after a call into
rib_gc_dest.  In process_subq_route, we call rib_process() and if the
dest is deleted dest pointer is now garbage.  We must reload the
dest pointer in this case.

Signed-off-by: Donald Sharp <[email protected]>
dgsudharsan pushed a commit to dgsudharsan/sonic-frr that referenced this issue Jun 6, 2023
bgpd: cleanup macip_path_list for remote macip
889360d 
ASAN reported the following memleak:
```
Direct leak of 40 byte(s) in 1 object(s) allocated from:
    #0 0x4d4342 in calloc (/usr/lib/frr/bgpd+0x4d4342)
    sonic-net#1 0xbc3d68 in qcalloc /home/sharpd/frr8/lib/memory.c:116:27
    sonic-net#2 0xb869f7 in list_new /home/sharpd/frr8/lib/linklist.c:64:9
    sonic-net#3 0x5a38bc in bgp_evpn_remote_ip_hash_alloc /home/sharpd/frr8/bgpd/bgp_evpn.c:6789:24
    sonic-net#4 0xb358d3 in hash_get /home/sharpd/frr8/lib/hash.c:162:13
    sonic-net#5 0x593d39 in bgp_evpn_remote_ip_hash_add /home/sharpd/frr8/bgpd/bgp_evpn.c:6881:7
    sonic-net#6 0x59dbbd in install_evpn_route_entry_in_vni_common /home/sharpd/frr8/bgpd/bgp_evpn.c:3049:2
    sonic-net#7 0x59cfe0 in install_evpn_route_entry_in_vni_ip /home/sharpd/frr8/bgpd/bgp_evpn.c:3126:8
    sonic-net#8 0x59c6f0 in install_evpn_route_entry /home/sharpd/frr8/bgpd/bgp_evpn.c:3318:8
    sonic-net#9 0x59bb52 in install_uninstall_route_in_vnis /home/sharpd/frr8/bgpd/bgp_evpn.c:3888:10
    sonic-net#10 0x59b6d2 in bgp_evpn_install_uninstall_table /home/sharpd/frr8/bgpd/bgp_evpn.c:4019:5
    sonic-net#11 0x578857 in install_uninstall_evpn_route /home/sharpd/frr8/bgpd/bgp_evpn.c:4051:9
    sonic-net#12 0x58ada6 in bgp_evpn_import_route /home/sharpd/frr8/bgpd/bgp_evpn.c:6049:9
    sonic-net#13 0x713794 in bgp_update /home/sharpd/frr8/bgpd/bgp_route.c:4842:3
    sonic-net#14 0x583fa0 in process_type2_route /home/sharpd/frr8/bgpd/bgp_evpn.c:4518:9
    sonic-net#15 0x5824ba in bgp_nlri_parse_evpn /home/sharpd/frr8/bgpd/bgp_evpn.c:5732:8
    sonic-net#16 0x6ae6a2 in bgp_nlri_parse /home/sharpd/frr8/bgpd/bgp_packet.c:363:10
    sonic-net#17 0x6be6fa in bgp_update_receive /home/sharpd/frr8/bgpd/bgp_packet.c:2020:15
    sonic-net#18 0x6b7433 in bgp_process_packet /home/sharpd/frr8/bgpd/bgp_packet.c:2929:11
    sonic-net#19 0xd00146 in thread_call /home/sharpd/frr8/lib/thread.c:2006:2
```

The list itself was not being cleaned up when the final list entry was
removed, so make sure we do that instead of leaking memory.

Signed-off-by: Trey Aspelund <[email protected]>
marcosfsch pushed a commit to marcosfsch/sonic-frr that referenced this issue Jan 30, 2024
@Keelan10
pimd: Fix memory leak in PIM interface deletion
24379f0 
This commit ensures proper cleanup by deleting the gm_join_list when a PIM interface is deleted. The gm_join_list was previously not being freed, causing a memory leak.

The ASan leak log for reference:
```
***********************************************************************************
Address Sanitizer Error detected in multicast_mld_join_topo1.test_multicast_mld_local_join/r1.asan.pim6d.28070

=================================================================
==28070==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 40 byte(s) in 1 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    sonic-net#1 0x56230373dd6b in qcalloc lib/memory.c:105
    sonic-net#2 0x56230372180f in list_new lib/linklist.c:49
    sonic-net#3 0x56230361b589 in pim_if_gm_join_add pimd/pim_iface.c:1313
    sonic-net#4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    sonic-net#5 0x562303767280 in nb_callback_create lib/northbound.c:1235
    sonic-net#6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    sonic-net#7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    sonic-net#8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    sonic-net#9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    sonic-net#10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    sonic-net#11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    sonic-net#12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    sonic-net#13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053
    sonic-net#14 0x5623036c6392 in cmd_execute lib/command.c:1221
    sonic-net#15 0x5623037e75da in vty_command lib/vty.c:591
    sonic-net#16 0x5623037e7a74 in vty_execute lib/vty.c:1354
    sonic-net#17 0x5623037f0253 in vtysh_read lib/vty.c:2362
    sonic-net#18 0x5623037db4e8 in event_call lib/event.c:1995
    sonic-net#19 0x562303720f97 in frr_run lib/libfrr.c:1213
    sonic-net#20 0x56230368615d in main pimd/pim6_main.c:184
    sonic-net#21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 192 byte(s) in 4 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    sonic-net#1 0x56230373dd6b in qcalloc lib/memory.c:105
    sonic-net#2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288
    sonic-net#3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326
    sonic-net#4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    sonic-net#5 0x562303767280 in nb_callback_create lib/northbound.c:1235
    sonic-net#6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    sonic-net#7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    sonic-net#8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    sonic-net#9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    sonic-net#10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    sonic-net#11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    sonic-net#12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    sonic-net#13 0x5623036c5f1b in cmd_execute_command lib/command.c:1053
    sonic-net#14 0x5623036c6392 in cmd_execute lib/command.c:1221
    sonic-net#15 0x5623037e75da in vty_command lib/vty.c:591
    sonic-net#16 0x5623037e7a74 in vty_execute lib/vty.c:1354
    sonic-net#17 0x5623037f0253 in vtysh_read lib/vty.c:2362
    sonic-net#18 0x5623037db4e8 in event_call lib/event.c:1995
    sonic-net#19 0x562303720f97 in frr_run lib/libfrr.c:1213
    sonic-net#20 0x56230368615d in main pimd/pim6_main.c:184
    sonic-net#21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 96 byte(s) in 4 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    sonic-net#1 0x56230373dd6b in qcalloc lib/memory.c:105
    sonic-net#2 0x562303721651 in listnode_new lib/linklist.c:71
    sonic-net#3 0x56230372182b in listnode_add lib/linklist.c:92
    sonic-net#4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295
    sonic-net#5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326
    sonic-net#6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    sonic-net#7 0x562303767280 in nb_callback_create lib/northbound.c:1235
    sonic-net#8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    sonic-net#9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    sonic-net#10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    sonic-net#11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    sonic-net#12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    sonic-net#13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    sonic-net#14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    sonic-net#15 0x5623036c5f1b in cmd_execute_command lib/command.c:1053
    sonic-net#16 0x5623036c6392 in cmd_execute lib/command.c:1221
    sonic-net#17 0x5623037e75da in vty_command lib/vty.c:591
    sonic-net#18 0x5623037e7a74 in vty_execute lib/vty.c:1354
    sonic-net#19 0x5623037f0253 in vtysh_read lib/vty.c:2362
    sonic-net#20 0x5623037db4e8 in event_call lib/event.c:1995
    sonic-net#21 0x562303720f97 in frr_run lib/libfrr.c:1213
    sonic-net#22 0x56230368615d in main pimd/pim6_main.c:184
    sonic-net#23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    sonic-net#1 0x56230373dd6b in qcalloc lib/memory.c:105
    sonic-net#2 0x56230361b91d in gm_join_new pimd/pim_iface.c:1288
    sonic-net#3 0x56230361b91d in pim_if_gm_join_add pimd/pim_iface.c:1326
    sonic-net#4 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    sonic-net#5 0x562303767280 in nb_callback_create lib/northbound.c:1235
    sonic-net#6 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    sonic-net#7 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    sonic-net#8 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    sonic-net#9 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    sonic-net#10 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    sonic-net#11 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    sonic-net#12 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    sonic-net#13 0x5623036c5f6f in cmd_execute_command lib/command.c:1072
    sonic-net#14 0x5623036c6392 in cmd_execute lib/command.c:1221
    sonic-net#15 0x5623037e75da in vty_command lib/vty.c:591
    sonic-net#16 0x5623037e7a74 in vty_execute lib/vty.c:1354
    sonic-net#17 0x5623037f0253 in vtysh_read lib/vty.c:2362
    sonic-net#18 0x5623037db4e8 in event_call lib/event.c:1995
    sonic-net#19 0x562303720f97 in frr_run lib/libfrr.c:1213
    sonic-net#20 0x56230368615d in main pimd/pim6_main.c:184
    sonic-net#21 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x7f3605dbfd28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    sonic-net#1 0x56230373dd6b in qcalloc lib/memory.c:105
    sonic-net#2 0x562303721651 in listnode_new lib/linklist.c:71
    sonic-net#3 0x56230372182b in listnode_add lib/linklist.c:92
    sonic-net#4 0x56230361ba9a in gm_join_new pimd/pim_iface.c:1295
    sonic-net#5 0x56230361ba9a in pim_if_gm_join_add pimd/pim_iface.c:1326
    sonic-net#6 0x562303642247 in lib_interface_gmp_address_family_static_group_create pimd/pim_nb_config.c:2868
    sonic-net#7 0x562303767280 in nb_callback_create lib/northbound.c:1235
    sonic-net#8 0x562303767280 in nb_callback_configuration lib/northbound.c:1579
    sonic-net#9 0x562303768a1d in nb_transaction_process lib/northbound.c:1710
    sonic-net#10 0x56230376904a in nb_candidate_commit_apply lib/northbound.c:1104
    sonic-net#11 0x5623037692ba in nb_candidate_commit lib/northbound.c:1137
    sonic-net#12 0x562303769dec in nb_cli_classic_commit lib/northbound_cli.c:49
    sonic-net#13 0x56230376fb79 in nb_cli_pending_commit_check lib/northbound_cli.c:88
    sonic-net#14 0x5623036c5bcb in cmd_execute_command_real lib/command.c:991
    sonic-net#15 0x5623036c5f6f in cmd_execute_command lib/command.c:1072
    sonic-net#16 0x5623036c6392 in cmd_execute lib/command.c:1221
    sonic-net#17 0x5623037e75da in vty_command lib/vty.c:591
    sonic-net#18 0x5623037e7a74 in vty_execute lib/vty.c:1354
    sonic-net#19 0x5623037f0253 in vtysh_read lib/vty.c:2362
    sonic-net#20 0x5623037db4e8 in event_call lib/event.c:1995
    sonic-net#21 0x562303720f97 in frr_run lib/libfrr.c:1213
    sonic-net#22 0x56230368615d in main pimd/pim6_main.c:184
    sonic-net#23 0x7f360461bc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 400 byte(s) leaked in 11 allocation(s).
***********************************************************************************
```

Signed-off-by: Keelan Cannoo <[email protected]>
marcosfsch pushed a commit to marcosfsch/sonic-frr that referenced this issue Jan 30, 2024
@donaldsharp
ospf6d: Fix crash because neighbor structure was freed
77e838e 
The loading_done event needs a event pointer to prevent
use after free's.  Testing found this:

    ERROR: AddressSanitizer: heap-use-after-free on address 0x613000035130 at pc 0x55ad42d54e5f bp 0x7ffff1e942a0 sp 0x7ffff1e94290
    READ of size 1 at 0x613000035130 thread T0
        #0 0x55ad42d54e5e in loading_done ospf6d/ospf6_neighbor.c:447
        sonic-net#1 0x55ad42ed7be4 in event_call lib/event.c:1995
        sonic-net#2 0x55ad42e1df75 in frr_run lib/libfrr.c:1213
        sonic-net#3 0x55ad42cf332e in main ospf6d/ospf6_main.c:250
        sonic-net#4 0x7f5798133c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
        sonic-net#5 0x55ad42cf2b19 in _start (/usr/lib/frr/ospf6d+0x248b19)

    0x613000035130 is located 48 bytes inside of 384-byte region [0x613000035100,0x613000035280)
    freed by thread T0 here:
        #0 0x7f57998d77a8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7a8)
        sonic-net#1 0x55ad42e3b4b6 in qfree lib/memory.c:130
        sonic-net#2 0x55ad42d5d049 in ospf6_neighbor_delete ospf6d/ospf6_neighbor.c:180
        sonic-net#3 0x55ad42d1e1ea in interface_down ospf6d/ospf6_interface.c:930
        sonic-net#4 0x55ad42ed7be4 in event_call lib/event.c:1995
        sonic-net#5 0x55ad42ed84fe in _event_execute lib/event.c:2086
        sonic-net#6 0x55ad42d26d7b in ospf6_interface_clear ospf6d/ospf6_interface.c:2847
        sonic-net#7 0x55ad42d73f16 in ospf6_process_reset ospf6d/ospf6_top.c:755
        sonic-net#8 0x55ad42d7e98c in clear_router_ospf6_magic ospf6d/ospf6_top.c:778
        sonic-net#9 0x55ad42d7e98c in clear_router_ospf6 ospf6d/ospf6_top_clippy.c:42
        sonic-net#10 0x55ad42dc2665 in cmd_execute_command_real lib/command.c:994
        sonic-net#11 0x55ad42dc2b32 in cmd_execute_command lib/command.c:1053
        sonic-net#12 0x55ad42dc2fa9 in cmd_execute lib/command.c:1221
        sonic-net#13 0x55ad42ee3cd6 in vty_command lib/vty.c:591
        sonic-net#14 0x55ad42ee4170 in vty_execute lib/vty.c:1354
        sonic-net#15 0x55ad42eec94f in vtysh_read lib/vty.c:2362
        sonic-net#16 0x55ad42ed7be4 in event_call lib/event.c:1995
        sonic-net#17 0x55ad42e1df75 in frr_run lib/libfrr.c:1213
        sonic-net#18 0x55ad42cf332e in main ospf6d/ospf6_main.c:250
        sonic-net#19 0x7f5798133c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

    previously allocated by thread T0 here:
        #0 0x7f57998d7d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
        sonic-net#1 0x55ad42e3ab22 in qcalloc lib/memory.c:105
        sonic-net#2 0x55ad42d5c8ff in ospf6_neighbor_create ospf6d/ospf6_neighbor.c:119
        sonic-net#3 0x55ad42d4c86a in ospf6_hello_recv ospf6d/ospf6_message.c:464
        sonic-net#4 0x55ad42d4c86a in ospf6_read_helper ospf6d/ospf6_message.c:1884
        sonic-net#5 0x55ad42d4c86a in ospf6_receive ospf6d/ospf6_message.c:1925
        sonic-net#6 0x55ad42ed7be4 in event_call lib/event.c:1995
        sonic-net#7 0x55ad42e1df75 in frr_run lib/libfrr.c:1213
        sonic-net#8 0x55ad42cf332e in main ospf6d/ospf6_main.c:250
        sonic-net#9 0x7f5798133c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Add an actual event pointer and just track it appropriately.

Signed-off-by: Donald Sharp <[email protected]>
eddieruan-alibaba pushed a commit to eddieruan-alibaba/sonic-frr that referenced this issue Mar 11, 2025
@pguibert6WIND
bgpd: bmp, fix address sanitizer issue
9e940d4 
The following ASAN error can be seen.

> ERROR: AddressSanitizer: attempting to call malloc_usable_size() for pointer which is not owned: 0x608000036c20
>     #0 0x7f3d7a4b5425 in __interceptor_malloc_usable_size ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:198
>     sonic-net#1 0x7f3d7a426a16 in __sanitizer::BufferedStackTrace::Unwind(unsigned long, unsigned long, void*, bool, unsigned int) ../../../../src/libsanitizer/sanitizer_common
> /sanitizer_stacktrace.h:122
>     sonic-net#2 0x7f3d7a426a16 in __asan::asan_malloc_usable_size(void const*, unsigned long, unsigned long) ../../../../src/libsanitizer/asan/asan_allocator.cpp:1074
>     sonic-net#3 0x7f3d7a03f330 in mt_count_free lib/memory.c:78
>     sonic-net#4 0x7f3d7a03f330 in qfree lib/memory.c:130
>     sonic-net#5 0x7f3d76ccf89b in bmp_peer_status_changed bgpd/bgp_bmp.c:982
>     sonic-net#6 0x560ae2aa6a94 in hook_call_peer_status_changed bgpd/bgp_fsm.c:47
>     sonic-net#7 0x560ae2aa6a94 in bgp_fsm_change_status bgpd/bgp_fsm.c:1287
>     sonic-net#8 0x560ae2c4f2e5 in peer_delete bgpd/bgpd.c:2777
>     sonic-net#9 0x560ae2c58d24 in bgp_delete bgpd/bgpd.c:4140
>     sonic-net#10 0x560ae2bbb47e in no_router_bgp bgpd/bgp_vty.c:1764
>     sonic-net#11 0x7f3d79fb74ed in cmd_execute_command_real lib/command.c:1003
>     sonic-net#12 0x7f3d79fb78a3 in cmd_execute_command lib/command.c:1062
>     sonic-net#13 0x7f3d79fb7e03 in cmd_execute lib/command.c:1228
>     sonic-net#14 0x7f3d7a107b53 in vty_command lib/vty.c:625
>     sonic-net#15 0x7f3d7a109902 in vty_execute lib/vty.c:1388
>     sonic-net#16 0x7f3d7a10cc32 in vtysh_read lib/vty.c:2400
>     sonic-net#17 0x7f3d7a0f848b in event_call lib/event.c:2019
>     sonic-net#18 0x7f3d7a01e627 in frr_run lib/libfrr.c:1232
>     sonic-net#19 0x560ae29e0037 in main bgpd/bgp_main.c:555
>     sonic-net#20 0x7f3d79a29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
>     sonic-net#21 0x7f3d79a29e3f in __libc_start_main_impl ../csu/libc-start.c:392
>     sonic-net#22 0x560ae29e4ef4 in _start (/usr/lib/frr/bgpd+0x2eeef4)
>
> 0x608000036c20 is located 0 bytes inside of 81-byte region [0x608000036c20,0x608000036c71)
> freed by thread T0 here:
>     #0 0x7f3d7a4b4537 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127
>     sonic-net#1 0x7f3d76ccf85f in bmp_peer_status_changed bgpd/bgp_bmp.c:981
>     sonic-net#2 0x560ae2aa6a94 in hook_call_peer_status_changed bgpd/bgp_fsm.c:47
>     sonic-net#3 0x560ae2aa6a94 in bgp_fsm_change_status bgpd/bgp_fsm.c:1287
>     sonic-net#4 0x560ae2c4f2e5 in peer_delete bgpd/bgpd.c:2777
>     sonic-net#5 0x560ae2c58d24 in bgp_delete bgpd/bgpd.c:4140
>     sonic-net#6 0x560ae2bbb47e in no_router_bgp bgpd/bgp_vty.c:1764
>     sonic-net#7 0x7f3d79fb74ed in cmd_execute_command_real lib/command.c:1003
>     sonic-net#8 0x7f3d79fb78a3 in cmd_execute_command lib/command.c:1062
>     sonic-net#9 0x7f3d79fb7e03 in cmd_execute lib/command.c:1228
>     sonic-net#10 0x7f3d7a107b53 in vty_command lib/vty.c:625
>     sonic-net#11 0x7f3d7a109902 in vty_execute lib/vty.c:1388
>     sonic-net#12 0x7f3d7a10cc32 in vtysh_read lib/vty.c:2400
>     sonic-net#13 0x7f3d7a0f848b in event_call lib/event.c:2019
>     sonic-net#14 0x7f3d7a01e627 in frr_run lib/libfrr.c:1232
>     sonic-net#15 0x560ae29e0037 in main bgpd/bgp_main.c:555
>     sonic-net#16 0x7f3d79a29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
>
> previously allocated by thread T0 here:
>     #0 0x7f3d7a4b4887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
>     sonic-net#1 0x7f3d7a03f0e9 in qmalloc lib/memory.c:101
>     sonic-net#2 0x7f3d76cd0166 in bmp_bgp_peer_vrf bgpd/bgp_bmp.c:2194
>     sonic-net#3 0x7f3d76cd0166 in bmp_bgp_update_vrf_status bgpd/bgp_bmp.c:2236
>     sonic-net#4 0x7f3d76cd29b8 in bmp_vrf_state_changed bgpd/bgp_bmp.c:3479
>     sonic-net#5 0x560ae2c45b34 in hook_call_bgp_instance_state bgpd/bgpd.c:88
>     sonic-net#6 0x560ae2c4d158 in bgp_instance_up bgpd/bgpd.c:3936
>     sonic-net#7 0x560ae29e5ed1 in bgp_vrf_enable bgpd/bgp_main.c:299
>     sonic-net#8 0x7f3d7a0ff8b1 in vrf_enable lib/vrf.c:286
>     sonic-net#9 0x7f3d7a0ff8b1 in vrf_enable lib/vrf.c:275
>     sonic-net#10 0x7f3d7a12ab66 in zclient_vrf_add lib/zclient.c:2561
>     sonic-net#11 0x7f3d7a12eb43 in zclient_read lib/zclient.c:4624
>     sonic-net#12 0x7f3d7a0f848b in event_call lib/event.c:2019
>     sonic-net#13 0x7f3d7a01e627 in frr_run lib/libfrr.c:1232
>     sonic-net#14 0x560ae29e0037 in main bgpd/bgp_main.c:555
>     sonic-net#15 0x7f3d79a29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

Signed-off-by: Philippe Guibert <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pavel-shirshov @prsunny @mipxman