Zebra crashes when fpm_read processes route with protocol RTPROT_KERNEL #13754
Labels
triage
Needs further investigation
Comments
|
@dgsudharsan I fixed this issue on my fork repo some time ago. I'll get the fix and open a PR later today. |
cscarpitta
added a commit
to cscarpitta/frr
that referenced
this issue
Jun 10, 2023
When `dplane_fpm_nl` receives a route, it allocates memory for a dplane context and calls `netlink_route_change_read_unicast_internal` without initializing the `intf_extra_list` contained in the dplane context. If `netlink_route_change_read_unicast_internal` is not able to process the route, we call `dplane_ctx_fini` to free the dplane context. This causes a crash because `dplane_ctx_fini` attempts to access the intf_extra_list which is not initialized. To solve this issue, we can call `dplane_ctx_route_init`to initialize the dplane route context properly, just after the dplane context allocation. (gdb) bt #0 0x0000555dd5ceae80 in dplane_intf_extra_list_pop (h=0x7fae1c007e68) at ../zebra/zebra_dplane.c:427 #1 dplane_ctx_free_internal (ctx=0x7fae1c0074b0) at ../zebra/zebra_dplane.c:724 FRRouting#2 0x0000555dd5cebc99 in dplane_ctx_free (pctx=0x7fae2aa88c98) at ../zebra/zebra_dplane.c:869 FRRouting#3 dplane_ctx_free (pctx=0x7fae2aa88c98, pctx@entry=0x7fae2aa78c28) at ../zebra/zebra_dplane.c:855 FRRouting#4 dplane_ctx_fini (pctx=pctx@entry=0x7fae2aa88c98) at ../zebra/zebra_dplane.c:890 FRRouting#5 0x00007fae31e93f29 in fpm_read (t=) at ../zebra/dplane_fpm_nl.c:605 FRRouting#6 0x00007fae325191dd in thread_call (thread=thread@entry=0x7fae2aa98da0) at ../lib/thread.c:2006 FRRouting#7 0x00007fae324c42b8 in fpt_run (arg=0x555dd74777c0) at ../lib/frr_pthread.c:309 FRRouting#8 0x00007fae32405ea7 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0 FRRouting#9 0x00007fae32325a2f in clone () from /lib/x86_64-linux-gnu/libc.so.6 Fixes: FRRouting#13754 Signed-off-by: Carmine Scarpitta <[email protected]>
cscarpitta
added a commit
to cscarpitta/frr
that referenced
this issue
Jun 10, 2023
When `dplane_fpm_nl` receives a route, it allocates memory for a dplane context and calls `netlink_route_change_read_unicast_internal` without initializing the `intf_extra_list` contained in the dplane context. If `netlink_route_change_read_unicast_internal` is not able to process the route, we call `dplane_ctx_fini` to free the dplane context. This causes a crash because `dplane_ctx_fini` attempts to access the intf_extra_list which is not initialized. To solve this issue, we can call `dplane_ctx_route_init`to initialize the dplane route context properly, just after the dplane context allocation. (gdb) bt Fixes: FRRouting#13754 Signed-off-by: Carmine Scarpitta <[email protected]>
cscarpitta
added a commit
to cscarpitta/frr
that referenced
this issue
Jun 10, 2023
When `dplane_fpm_nl` receives a route, it allocates memory for a dplane context and calls `netlink_route_change_read_unicast_internal` without initializing the `intf_extra_list` contained in the dplane context. If `netlink_route_change_read_unicast_internal` is not able to process the route, we call `dplane_ctx_fini` to free the dplane context. This causes a crash because `dplane_ctx_fini` attempts to access the intf_extra_list which is not initialized. To solve this issue, we can call `dplane_ctx_route_init`to initialize the dplane route context properly, just after the dplane context allocation. (gdb) bt #0 0x0000555dd5ceae80 in dplane_intf_extra_list_pop (h=0x7fae1c007e68) at ../zebra/zebra_dplane.c:427 #1 dplane_ctx_free_internal (ctx=0x7fae1c0074b0) at ../zebra/zebra_dplane.c:724 FRRouting#2 0x0000555dd5cebc99 in dplane_ctx_free (pctx=0x7fae2aa88c98) at ../zebra/zebra_dplane.c:869 FRRouting#3 dplane_ctx_free (pctx=0x7fae2aa88c98, pctx@entry=0x7fae2aa78c28) at ../zebra/zebra_dplane.c:855 FRRouting#4 dplane_ctx_fini (pctx=pctx@entry=0x7fae2aa88c98) at ../zebra/zebra_dplane.c:890 FRRouting#5 0x00007fae31e93f29 in fpm_read (t=) at ../zebra/dplane_fpm_nl.c:605 FRRouting#6 0x00007fae325191dd in thread_call (thread=thread@entry=0x7fae2aa98da0) at ../lib/thread.c:2006 FRRouting#7 0x00007fae324c42b8 in fpt_run (arg=0x555dd74777c0) at ../lib/frr_pthread.c:309 FRRouting#8 0x00007fae32405ea7 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0 FRRouting#9 0x00007fae32325a2f in clone () from /lib/x86_64-linux-gnu/libc.so.6 Fixes: FRRouting#13754 Signed-off-by: Carmine Scarpitta <[email protected]>
cscarpitta
added a commit
to cscarpitta/frr
that referenced
this issue
Jul 7, 2023
When `dplane_fpm_nl` receives a route, it allocates memory for a dplane context and calls `netlink_route_change_read_unicast_internal` without initializing the `intf_extra_list` contained in the dplane context. If `netlink_route_change_read_unicast_internal` is not able to process the route, we call `dplane_ctx_fini` to free the dplane context. This causes a crash because `dplane_ctx_fini` attempts to access the intf_extra_list which is not initialized. To solve this issue, we can call `dplane_ctx_route_init`to initialize the dplane route context properly, just after the dplane context allocation. (gdb) bt #0 0x0000555dd5ceae80 in dplane_intf_extra_list_pop (h=0x7fae1c007e68) at ../zebra/zebra_dplane.c:427 #1 dplane_ctx_free_internal (ctx=0x7fae1c0074b0) at ../zebra/zebra_dplane.c:724 FRRouting#2 0x0000555dd5cebc99 in dplane_ctx_free (pctx=0x7fae2aa88c98) at ../zebra/zebra_dplane.c:869 FRRouting#3 dplane_ctx_free (pctx=0x7fae2aa88c98, pctx@entry=0x7fae2aa78c28) at ../zebra/zebra_dplane.c:855 FRRouting#4 dplane_ctx_fini (pctx=pctx@entry=0x7fae2aa88c98) at ../zebra/zebra_dplane.c:890 FRRouting#5 0x00007fae31e93f29 in fpm_read (t=) at ../zebra/dplane_fpm_nl.c:605 FRRouting#6 0x00007fae325191dd in thread_call (thread=thread@entry=0x7fae2aa98da0) at ../lib/thread.c:2006 FRRouting#7 0x00007fae324c42b8 in fpt_run (arg=0x555dd74777c0) at ../lib/frr_pthread.c:309 FRRouting#8 0x00007fae32405ea7 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0 FRRouting#9 0x00007fae32325a2f in clone () from /lib/x86_64-linux-gnu/libc.so.6 Fixes: FRRouting#13754 Signed-off-by: Carmine Scarpitta <[email protected]>
cscarpitta
added a commit
to cscarpitta/frr
that referenced
this issue
Jul 7, 2023
When `dplane_fpm_nl` receives a route, it allocates memory for a dplane context and calls `netlink_route_change_read_unicast_internal` without initializing the `intf_extra_list` contained in the dplane context. If `netlink_route_change_read_unicast_internal` is not able to process the route, we call `dplane_ctx_fini` to free the dplane context. This causes a crash because `dplane_ctx_fini` attempts to access the intf_extra_list which is not initialized. To solve this issue, we can call `dplane_ctx_route_init`to initialize the dplane route context properly, just after the dplane context allocation. (gdb) bt #0 0x0000555dd5ceae80 in dplane_intf_extra_list_pop (h=0x7fae1c007e68) at ../zebra/zebra_dplane.c:427 #1 dplane_ctx_free_internal (ctx=0x7fae1c0074b0) at ../zebra/zebra_dplane.c:724 FRRouting#2 0x0000555dd5cebc99 in dplane_ctx_free (pctx=0x7fae2aa88c98) at ../zebra/zebra_dplane.c:869 FRRouting#3 dplane_ctx_free (pctx=0x7fae2aa88c98, pctx@entry=0x7fae2aa78c28) at ../zebra/zebra_dplane.c:855 FRRouting#4 dplane_ctx_fini (pctx=pctx@entry=0x7fae2aa88c98) at ../zebra/zebra_dplane.c:890 FRRouting#5 0x00007fae31e93f29 in fpm_read (t=) at ../zebra/dplane_fpm_nl.c:605 FRRouting#6 0x00007fae325191dd in thread_call (thread=thread@entry=0x7fae2aa98da0) at ../lib/thread.c:2006 FRRouting#7 0x00007fae324c42b8 in fpt_run (arg=0x555dd74777c0) at ../lib/frr_pthread.c:309 FRRouting#8 0x00007fae32405ea7 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0 FRRouting#9 0x00007fae32325a2f in clone () from /lib/x86_64-linux-gnu/libc.so.6 Fixes: FRRouting#13754 Signed-off-by: Carmine Scarpitta <[email protected]>
cscarpitta
added a commit
to cscarpitta/frr
that referenced
this issue
Jul 7, 2023
When `dplane_fpm_nl` receives a route, it allocates memory for a dplane context and calls `netlink_route_change_read_unicast_internal` without initializing the `intf_extra_list` contained in the dplane context. If `netlink_route_change_read_unicast_internal` is not able to process the route, we call `dplane_ctx_fini` to free the dplane context. This causes a crash because `dplane_ctx_fini` attempts to access the intf_extra_list which is not initialized. To solve this issue, we can call `dplane_ctx_route_init`to initialize the dplane route context properly, just after the dplane context allocation. (gdb) bt #0 0x0000555dd5ceae80 in dplane_intf_extra_list_pop (h=0x7fae1c007e68) at ../zebra/zebra_dplane.c:427 #1 dplane_ctx_free_internal (ctx=0x7fae1c0074b0) at ../zebra/zebra_dplane.c:724 FRRouting#2 0x0000555dd5cebc99 in dplane_ctx_free (pctx=0x7fae2aa88c98) at ../zebra/zebra_dplane.c:869 FRRouting#3 dplane_ctx_free (pctx=0x7fae2aa88c98, pctx@entry=0x7fae2aa78c28) at ../zebra/zebra_dplane.c:855 FRRouting#4 dplane_ctx_fini (pctx=pctx@entry=0x7fae2aa88c98) at ../zebra/zebra_dplane.c:890 FRRouting#5 0x00007fae31e93f29 in fpm_read (t=) at ../zebra/dplane_fpm_nl.c:605 FRRouting#6 0x00007fae325191dd in thread_call (thread=thread@entry=0x7fae2aa98da0) at ../lib/thread.c:2006 FRRouting#7 0x00007fae324c42b8 in fpt_run (arg=0x555dd74777c0) at ../lib/frr_pthread.c:309 FRRouting#8 0x00007fae32405ea7 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0 FRRouting#9 0x00007fae32325a2f in clone () from /lib/x86_64-linux-gnu/libc.so.6 Fixes: FRRouting#13754 Signed-off-by: Carmine Scarpitta <[email protected]>
mergify bot
pushed a commit
that referenced
this issue
Jul 7, 2023
When `dplane_fpm_nl` receives a route, it allocates memory for a dplane context and calls `netlink_route_change_read_unicast_internal` without initializing the `intf_extra_list` contained in the dplane context. If `netlink_route_change_read_unicast_internal` is not able to process the route, we call `dplane_ctx_fini` to free the dplane context. This causes a crash because `dplane_ctx_fini` attempts to access the intf_extra_list which is not initialized. To solve this issue, we can call `dplane_ctx_route_init`to initialize the dplane route context properly, just after the dplane context allocation. (gdb) bt #0 0x0000555dd5ceae80 in dplane_intf_extra_list_pop (h=0x7fae1c007e68) at ../zebra/zebra_dplane.c:427 #1 dplane_ctx_free_internal (ctx=0x7fae1c0074b0) at ../zebra/zebra_dplane.c:724 #2 0x0000555dd5cebc99 in dplane_ctx_free (pctx=0x7fae2aa88c98) at ../zebra/zebra_dplane.c:869 #3 dplane_ctx_free (pctx=0x7fae2aa88c98, pctx@entry=0x7fae2aa78c28) at ../zebra/zebra_dplane.c:855 #4 dplane_ctx_fini (pctx=pctx@entry=0x7fae2aa88c98) at ../zebra/zebra_dplane.c:890 #5 0x00007fae31e93f29 in fpm_read (t=) at ../zebra/dplane_fpm_nl.c:605 #6 0x00007fae325191dd in thread_call (thread=thread@entry=0x7fae2aa98da0) at ../lib/thread.c:2006 #7 0x00007fae324c42b8 in fpt_run (arg=0x555dd74777c0) at ../lib/frr_pthread.c:309 #8 0x00007fae32405ea7 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0 #9 0x00007fae32325a2f in clone () from /lib/x86_64-linux-gnu/libc.so.6 Fixes: #13754 Signed-off-by: Carmine Scarpitta <[email protected]> (cherry picked from commit 7f2dec4)
mergify bot
pushed a commit
that referenced
this issue
Jul 7, 2023
When `dplane_fpm_nl` receives a route, it allocates memory for a dplane context and calls `netlink_route_change_read_unicast_internal` without initializing the `intf_extra_list` contained in the dplane context. If `netlink_route_change_read_unicast_internal` is not able to process the route, we call `dplane_ctx_fini` to free the dplane context. This causes a crash because `dplane_ctx_fini` attempts to access the intf_extra_list which is not initialized. To solve this issue, we can call `dplane_ctx_route_init`to initialize the dplane route context properly, just after the dplane context allocation. (gdb) bt #0 0x0000555dd5ceae80 in dplane_intf_extra_list_pop (h=0x7fae1c007e68) at ../zebra/zebra_dplane.c:427 #1 dplane_ctx_free_internal (ctx=0x7fae1c0074b0) at ../zebra/zebra_dplane.c:724 #2 0x0000555dd5cebc99 in dplane_ctx_free (pctx=0x7fae2aa88c98) at ../zebra/zebra_dplane.c:869 #3 dplane_ctx_free (pctx=0x7fae2aa88c98, pctx@entry=0x7fae2aa78c28) at ../zebra/zebra_dplane.c:855 #4 dplane_ctx_fini (pctx=pctx@entry=0x7fae2aa88c98) at ../zebra/zebra_dplane.c:890 #5 0x00007fae31e93f29 in fpm_read (t=) at ../zebra/dplane_fpm_nl.c:605 #6 0x00007fae325191dd in thread_call (thread=thread@entry=0x7fae2aa98da0) at ../lib/thread.c:2006 #7 0x00007fae324c42b8 in fpt_run (arg=0x555dd74777c0) at ../lib/frr_pthread.c:309 #8 0x00007fae32405ea7 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0 #9 0x00007fae32325a2f in clone () from /lib/x86_64-linux-gnu/libc.so.6 Fixes: #13754 Signed-off-by: Carmine Scarpitta <[email protected]> (cherry picked from commit 7f2dec4)
11 tasks
lguohan
pushed a commit
to sonic-net/sonic-buildimage
that referenced
this issue
Aug 7, 2023
Why I did it Upgrading FRR 8.5.1 to include latest fixes. New patches that were added: Patch FRR Pull request Issue fixed 0012-zebra-Rename-vrf_lookup_by_tableid-to-zebra_vrf_look.patch FRRouting/frr#13396 #14866 0013-zebra-Move-protodown_r_bit-to-a-better-spot.patch FRRouting/frr#13396 #14866 0014-zebra-Remove-unused-dplane_intf_delete.patch FRRouting/frr#13396 #14866 0015-zebra-Remove-unused-add-variable.patch FRRouting/frr#13396 #14866 0016-zebra-Remove-duplicate-function-for-netlink-interfac.patch FRRouting/frr#13396 #14866 0017-zebra-Add-code-to-get-set-interface-to-pass-up-from-.patch FRRouting/frr#13396 #14866 0018-zebra-Use-zebra-dplane-for-RTM-link-and-addr.patch FRRouting/frr#13396 #14866 0019-zebra-Abstract-dplane_ctx_route_init-to-init-route-w.patch FRRouting/frr#13757 FRRouting/frr#13754 00020-zebra-Fix-crash-when-dplane_fpm_nl-fails-to-process-.patch FRRouting/frr#13757 FRRouting/frr#13754 Removed patches: Patch Upstream FRR commit that is present in 8.5.1 0001-Add-support-of-bgp-tcp-DSCP-value.patch FRRouting/frr@425bd64 0010-zebra-Note-when-the-netlink-DUMP-command-is-interrup.patch FRRouting/frr@2f71996 0011-bgpd-enhanced-capability-is-always-turned-on-for-int.patch FRRouting/frr@8e89adc 0012-Ensure-ospf_apiclient_lsa_originate-cannot-accidently-write-into-stack.patch FRRouting/frr@d2aeac3 , FRRouting/frr@49efc80, FRRouting/frr@ff6db10 0013-zebra-fix-dplane-fpm-nl-to-allow-for-fast-configuration.patch FRRouting/frr@551fa8c 0014-bgpd-Allow-network-XXX-to-work-with-bgp-suppress-fib.patch FRRouting/frr@4801fc4 0015-zebra-Return-statements-do-not-use-paranthesis.patch FRRouting/frr@871a16c 0016-zebra-Add-zrouter.asic_notification_nexthop_control.patch FRRouting/frr@06525c4 0017-zebra-Re-arrange-fpm_read-to-reduce-code-duplication.patch FRRouting/frr@7d83e13 0018-zebra-Add-dplane_ctx_get-set_flags.patch FRRouting/frr@10388e9 0019-zebra-Rearrange-dplane_ctx_route_init.patch FRRouting/frr@f935122 0020-zebra-Add-ctx-to-netlink-message-parsing.patch FRRouting/frr@45f0a10 0021-zebra-Read-from-the-dplane_fpm_nl-a-route-update.patch FRRouting/frr@a0e1173 0022-zebra-Fix-code-because-missing-backport.patch FRRouting/frr@07fd1f7 0024-zebra-continue-fpm-read-when-we-decide-a-netlink-message-is-not-needed.patch FRRouting/frr@c0275ab 0025-zebra-Send-nht-resolved-entry-up-to-concerned-protoc.patch FRRouting/frr@8ce0e51 0027-bgpd-Ensure-FRR-has-enough-data-to-read-in-peek_for_as4_capability-and-bgp_open_option_parse.patch FRRouting/frr@3e46b43 0028-bgpd-Ensure-that-bgp-open-message-stream-has-enough-data-to-read.patch FRRouting/frr@766eec1 Realigned patches: Old Patch New patch 0002-Reduce-severity-of-Vty-connected-from-message.patch 0001-Reduce-severity-of-Vty-connected-from-message.patch 0004-Allow-BGP-attr-NEXT_HOP-to-be-0.0.0.0-due-to-allevia.patch 0002-Allow-BGP-attr-NEXT_HOP-to-be-0.0.0.0-due-to-allevia.patch 0005-nexthops-compare-vrf-only-if-ip-type.patch 0003-nexthops-compare-vrf-only-if-ip-type.patch 0006-frr-remove-frr-log-outchannel-to-var-log-frr.log.patch 0004-frr-remove-frr-log-outchannel-to-var-log-frr.log.patch 0007-Add-support-of-bgp-l3vni-evpn.patch 0005-Add-support-of-bgp-l3vni-evpn.patch 0008-Link-local-scope-was-not-set-while-binding-socket-for-bgp-ipv6-link-local-neighbors.patch 0006-Link-local-scope-was-not-set-while-binding-socket-for-bgp-ipv6-link-local-neighbors.patch 0009-ignore-route-from-default-table.patch 0007-ignore-route-from-default-table.patch 0009-ignore-route-from-default-table.patch 0007-ignore-route-from-default-table.patch 0023-Use-vrf_id-for-vrf-not-tabled_id.patch 0008-Use-vrf_id-for-vrf-not-tabled_id.patch 0026-bgpd-Ensure-suppress-fib-pending-works-with-network-.patch 0009-bgpd-Ensure-suppress-fib-pending-works-with-network-.patch 0029-bgpd-Change-log-level-for-graceful-restart-events.patch 0010-bgpd-Change-log-level-for-graceful-restart-events.patch 0030-zebra-Static-routes-async-notification-do-not-need-t.patch 0011-zebra-Static-routes-async-notification-do-not-need-t.patch How I did it Upgrade FRR submodule. Align the patches. Integrate new patches to fix issues. How to verify it Run sonic-mgmt regression to verify
11 tasks
mssonicbld
pushed a commit
to mssonicbld/sonic-buildimage
that referenced
this issue
Aug 19, 2023
Why I did it Upgrading FRR 8.5.1 to include latest fixes. New patches that were added: Patch FRR Pull request Issue fixed 0012-zebra-Rename-vrf_lookup_by_tableid-to-zebra_vrf_look.patch FRRouting/frr#13396 sonic-net#14866 0013-zebra-Move-protodown_r_bit-to-a-better-spot.patch FRRouting/frr#13396 sonic-net#14866 0014-zebra-Remove-unused-dplane_intf_delete.patch FRRouting/frr#13396 sonic-net#14866 0015-zebra-Remove-unused-add-variable.patch FRRouting/frr#13396 sonic-net#14866 0016-zebra-Remove-duplicate-function-for-netlink-interfac.patch FRRouting/frr#13396 sonic-net#14866 0017-zebra-Add-code-to-get-set-interface-to-pass-up-from-.patch FRRouting/frr#13396 sonic-net#14866 0018-zebra-Use-zebra-dplane-for-RTM-link-and-addr.patch FRRouting/frr#13396 sonic-net#14866 0019-zebra-Abstract-dplane_ctx_route_init-to-init-route-w.patch FRRouting/frr#13757 FRRouting/frr#13754 00020-zebra-Fix-crash-when-dplane_fpm_nl-fails-to-process-.patch FRRouting/frr#13757 FRRouting/frr#13754 Removed patches: Patch Upstream FRR commit that is present in 8.5.1 0001-Add-support-of-bgp-tcp-DSCP-value.patch FRRouting/frr@425bd64 0010-zebra-Note-when-the-netlink-DUMP-command-is-interrup.patch FRRouting/frr@2f71996 0011-bgpd-enhanced-capability-is-always-turned-on-for-int.patch FRRouting/frr@8e89adc 0012-Ensure-ospf_apiclient_lsa_originate-cannot-accidently-write-into-stack.patch FRRouting/frr@d2aeac3 , FRRouting/frr@49efc80, FRRouting/frr@ff6db10 0013-zebra-fix-dplane-fpm-nl-to-allow-for-fast-configuration.patch FRRouting/frr@551fa8c 0014-bgpd-Allow-network-XXX-to-work-with-bgp-suppress-fib.patch FRRouting/frr@4801fc4 0015-zebra-Return-statements-do-not-use-paranthesis.patch FRRouting/frr@871a16c 0016-zebra-Add-zrouter.asic_notification_nexthop_control.patch FRRouting/frr@06525c4 0017-zebra-Re-arrange-fpm_read-to-reduce-code-duplication.patch FRRouting/frr@7d83e13 0018-zebra-Add-dplane_ctx_get-set_flags.patch FRRouting/frr@10388e9 0019-zebra-Rearrange-dplane_ctx_route_init.patch FRRouting/frr@f935122 0020-zebra-Add-ctx-to-netlink-message-parsing.patch FRRouting/frr@45f0a10 0021-zebra-Read-from-the-dplane_fpm_nl-a-route-update.patch FRRouting/frr@a0e1173 0022-zebra-Fix-code-because-missing-backport.patch FRRouting/frr@07fd1f7 0024-zebra-continue-fpm-read-when-we-decide-a-netlink-message-is-not-needed.patch FRRouting/frr@c0275ab 0025-zebra-Send-nht-resolved-entry-up-to-concerned-protoc.patch FRRouting/frr@8ce0e51 0027-bgpd-Ensure-FRR-has-enough-data-to-read-in-peek_for_as4_capability-and-bgp_open_option_parse.patch FRRouting/frr@3e46b43 0028-bgpd-Ensure-that-bgp-open-message-stream-has-enough-data-to-read.patch FRRouting/frr@766eec1 Realigned patches: Old Patch New patch 0002-Reduce-severity-of-Vty-connected-from-message.patch 0001-Reduce-severity-of-Vty-connected-from-message.patch 0004-Allow-BGP-attr-NEXT_HOP-to-be-0.0.0.0-due-to-allevia.patch 0002-Allow-BGP-attr-NEXT_HOP-to-be-0.0.0.0-due-to-allevia.patch 0005-nexthops-compare-vrf-only-if-ip-type.patch 0003-nexthops-compare-vrf-only-if-ip-type.patch 0006-frr-remove-frr-log-outchannel-to-var-log-frr.log.patch 0004-frr-remove-frr-log-outchannel-to-var-log-frr.log.patch 0007-Add-support-of-bgp-l3vni-evpn.patch 0005-Add-support-of-bgp-l3vni-evpn.patch 0008-Link-local-scope-was-not-set-while-binding-socket-for-bgp-ipv6-link-local-neighbors.patch 0006-Link-local-scope-was-not-set-while-binding-socket-for-bgp-ipv6-link-local-neighbors.patch 0009-ignore-route-from-default-table.patch 0007-ignore-route-from-default-table.patch 0009-ignore-route-from-default-table.patch 0007-ignore-route-from-default-table.patch 0023-Use-vrf_id-for-vrf-not-tabled_id.patch 0008-Use-vrf_id-for-vrf-not-tabled_id.patch 0026-bgpd-Ensure-suppress-fib-pending-works-with-network-.patch 0009-bgpd-Ensure-suppress-fib-pending-works-with-network-.patch 0029-bgpd-Change-log-level-for-graceful-restart-events.patch 0010-bgpd-Change-log-level-for-graceful-restart-events.patch 0030-zebra-Static-routes-async-notification-do-not-need-t.patch 0011-zebra-Static-routes-async-notification-do-not-need-t.patch How I did it Upgrade FRR submodule. Align the patches. Integrate new patches to fix issues. How to verify it Run sonic-mgmt regression to verify
sonic-otn
pushed a commit
to sonic-otn/sonic-buildimage
that referenced
this issue
Sep 20, 2023
Why I did it Upgrading FRR 8.5.1 to include latest fixes. New patches that were added: Patch FRR Pull request Issue fixed 0012-zebra-Rename-vrf_lookup_by_tableid-to-zebra_vrf_look.patch FRRouting/frr#13396 sonic-net#14866 0013-zebra-Move-protodown_r_bit-to-a-better-spot.patch FRRouting/frr#13396 sonic-net#14866 0014-zebra-Remove-unused-dplane_intf_delete.patch FRRouting/frr#13396 sonic-net#14866 0015-zebra-Remove-unused-add-variable.patch FRRouting/frr#13396 sonic-net#14866 0016-zebra-Remove-duplicate-function-for-netlink-interfac.patch FRRouting/frr#13396 sonic-net#14866 0017-zebra-Add-code-to-get-set-interface-to-pass-up-from-.patch FRRouting/frr#13396 sonic-net#14866 0018-zebra-Use-zebra-dplane-for-RTM-link-and-addr.patch FRRouting/frr#13396 sonic-net#14866 0019-zebra-Abstract-dplane_ctx_route_init-to-init-route-w.patch FRRouting/frr#13757 FRRouting/frr#13754 00020-zebra-Fix-crash-when-dplane_fpm_nl-fails-to-process-.patch FRRouting/frr#13757 FRRouting/frr#13754 Removed patches: Patch Upstream FRR commit that is present in 8.5.1 0001-Add-support-of-bgp-tcp-DSCP-value.patch FRRouting/frr@425bd64 0010-zebra-Note-when-the-netlink-DUMP-command-is-interrup.patch FRRouting/frr@2f71996 0011-bgpd-enhanced-capability-is-always-turned-on-for-int.patch FRRouting/frr@8e89adc 0012-Ensure-ospf_apiclient_lsa_originate-cannot-accidently-write-into-stack.patch FRRouting/frr@d2aeac3 , FRRouting/frr@49efc80, FRRouting/frr@ff6db10 0013-zebra-fix-dplane-fpm-nl-to-allow-for-fast-configuration.patch FRRouting/frr@551fa8c 0014-bgpd-Allow-network-XXX-to-work-with-bgp-suppress-fib.patch FRRouting/frr@4801fc4 0015-zebra-Return-statements-do-not-use-paranthesis.patch FRRouting/frr@871a16c 0016-zebra-Add-zrouter.asic_notification_nexthop_control.patch FRRouting/frr@06525c4 0017-zebra-Re-arrange-fpm_read-to-reduce-code-duplication.patch FRRouting/frr@7d83e13 0018-zebra-Add-dplane_ctx_get-set_flags.patch FRRouting/frr@10388e9 0019-zebra-Rearrange-dplane_ctx_route_init.patch FRRouting/frr@f935122 0020-zebra-Add-ctx-to-netlink-message-parsing.patch FRRouting/frr@45f0a10 0021-zebra-Read-from-the-dplane_fpm_nl-a-route-update.patch FRRouting/frr@a0e1173 0022-zebra-Fix-code-because-missing-backport.patch FRRouting/frr@07fd1f7 0024-zebra-continue-fpm-read-when-we-decide-a-netlink-message-is-not-needed.patch FRRouting/frr@c0275ab 0025-zebra-Send-nht-resolved-entry-up-to-concerned-protoc.patch FRRouting/frr@8ce0e51 0027-bgpd-Ensure-FRR-has-enough-data-to-read-in-peek_for_as4_capability-and-bgp_open_option_parse.patch FRRouting/frr@3e46b43 0028-bgpd-Ensure-that-bgp-open-message-stream-has-enough-data-to-read.patch FRRouting/frr@766eec1 Realigned patches: Old Patch New patch 0002-Reduce-severity-of-Vty-connected-from-message.patch 0001-Reduce-severity-of-Vty-connected-from-message.patch 0004-Allow-BGP-attr-NEXT_HOP-to-be-0.0.0.0-due-to-allevia.patch 0002-Allow-BGP-attr-NEXT_HOP-to-be-0.0.0.0-due-to-allevia.patch 0005-nexthops-compare-vrf-only-if-ip-type.patch 0003-nexthops-compare-vrf-only-if-ip-type.patch 0006-frr-remove-frr-log-outchannel-to-var-log-frr.log.patch 0004-frr-remove-frr-log-outchannel-to-var-log-frr.log.patch 0007-Add-support-of-bgp-l3vni-evpn.patch 0005-Add-support-of-bgp-l3vni-evpn.patch 0008-Link-local-scope-was-not-set-while-binding-socket-for-bgp-ipv6-link-local-neighbors.patch 0006-Link-local-scope-was-not-set-while-binding-socket-for-bgp-ipv6-link-local-neighbors.patch 0009-ignore-route-from-default-table.patch 0007-ignore-route-from-default-table.patch 0009-ignore-route-from-default-table.patch 0007-ignore-route-from-default-table.patch 0023-Use-vrf_id-for-vrf-not-tabled_id.patch 0008-Use-vrf_id-for-vrf-not-tabled_id.patch 0026-bgpd-Ensure-suppress-fib-pending-works-with-network-.patch 0009-bgpd-Ensure-suppress-fib-pending-works-with-network-.patch 0029-bgpd-Change-log-level-for-graceful-restart-events.patch 0010-bgpd-Change-log-level-for-graceful-restart-events.patch 0030-zebra-Static-routes-async-notification-do-not-need-t.patch 0011-zebra-Static-routes-async-notification-do-not-need-t.patch How I did it Upgrade FRR submodule. Align the patches. Integrate new patches to fix issues. How to verify it Run sonic-mgmt regression to verify
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
FRR version is 8.5.1
When fpm_read processes a route with protocol RTPROT_KERNEL zebra crashes. This happens with the following backtrace
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/lib/frr/zebra -A 127.0.0.1 -s 90000000 -M dplane_fpm_nl -M snmp --asic-off'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x0000555dd5ceae80 in dplane_intf_extra_list_pop (h=0x7fae1c007e68) at ../zebra/zebra_dplane.c:427
427 ../zebra/zebra_dplane.c: No such file or directory.
[Current thread is 1 (Thread 0x7fae2aa99700 (LWP 43))]
(gdb) bt
#0 0x0000555dd5ceae80 in dplane_intf_extra_list_pop (h=0x7fae1c007e68) at ../zebra/zebra_dplane.c:427
#1 dplane_ctx_free_internal (ctx=0x7fae1c0074b0) at ../zebra/zebra_dplane.c:724
#2 0x0000555dd5cebc99 in dplane_ctx_free (pctx=0x7fae2aa88c98) at ../zebra/zebra_dplane.c:869
#3 dplane_ctx_free (pctx=0x7fae2aa88c98, pctx@entry=0x7fae2aa78c28) at ../zebra/zebra_dplane.c:855
#4 dplane_ctx_fini (pctx=pctx@entry=0x7fae2aa88c98) at ../zebra/zebra_dplane.c:890
#5 0x00007fae31e93f29 in fpm_read (t=) at ../zebra/dplane_fpm_nl.c:605
#6 0x00007fae325191dd in thread_call (thread=thread@entry=0x7fae2aa98da0) at ../lib/thread.c:2006
#7 0x00007fae324c42b8 in fpt_run (arg=0x555dd74777c0) at ../lib/frr_pthread.c:309
#8 0x00007fae32405ea7 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#9 0x00007fae32325a2f in clone () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) p ctx->u.rinfo.intf_extra_list
$7 = {dh = {hitem = {next = 0x0, prev = 0x0}, count = 0}}
The issue happens after the introduction of this commit ac96497
The issue happens when netlink_route_change_read_unicast_internal returns anything other than 1. (
frr/zebra/dplane_fpm_nl.c
Line 603 in 7a2b85a
The ctx object is allocated just above the function
frr/zebra/dplane_fpm_nl.c
Line 601 in 7a2b85a
With the commit I pointed out the failure handling has dplane_ctx_fini(&ctx) which tries to access ditem->next as shown below.
frr/lib/typesafe.h
Line 411 in a19aa56
To Reproduce
Expected behavior
Zebra shouldn't crash
Screenshots
Versions
SONiC latest master
Linux 5.10
8.5.1
Additional context
The text was updated successfully, but these errors were encountered: