GalaxyGorilla
commented
4 years ago This is supposed to fix
#5 0x495007 in nb_candidate_commit lib/northbound.c:756
#6 0x49ad84 in nb_cli_apply_changes lib/northbound_cli.c:168
#7 0x41c45c in no_te_path_segment_list_segment_magic pathd/path_cli.c:288
#8 0x41c7e7 in no_te_path_segment_list_segment pathd/path_cli_clippy.c:313
#9 0x42be38 in cmd_execute_command_real lib/command.c:907
#10 0x430d8b in cmd_execute_command lib/command.c:966
#11 0x43106b in cmd_execute lib/command.c:1120
#12 0x4f8e3b in vty_command lib/vty.c:526
#13 0x4f93f8 in vty_execute lib/vty.c:1293
#14 0x4feeab in vtysh_read lib/vty.c:2126
#15 0x4ed480 in thread_call lib/thread.c:1549
#16 0x47aac6 in frr_run lib/libfrr.c:1098
#17 0x41b58a in main pathd/path_main.c:150
#18 0x7fd81974282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#19 0x41b258 in _start (/usr/lib/frr/pathd+0x41b258)
0x60b00002b610 is located 32 bytes inside of 104-byte region [0x60b00002b5f0,0x60b00002b658)
freed by thread T0 here:
#0 0x7fd81a8f72ca in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x982ca)
#1 0x4830fe in qfree lib/memory.c:129
#2 0x425201 in srte_segment_entry_del pathd/pathd.c:137
#3 0x42113f in pathd_te_segment_list_segment_destroy pathd/path_nb_config.c:135
#4 0x493657 in nb_callback_destroy lib/northbound.c:949
#5 0x493657 in nb_callback_configuration lib/northbound.c:1171
#6 0x49423b in nb_transaction_process lib/northbound.c:1288
#7 0x494974 in nb_candidate_commit_apply lib/northbound.c:724
#8 0x495007 in nb_candidate_commit lib/northbound.c:756
#9 0x49ad84 in nb_cli_apply_changes lib/northbound_cli.c:168
#10 0x41c45c in no_te_path_segment_list_segment_magic pathd/path_cli.c:288
#11 0x41c7e7 in no_te_path_segment_list_segment pathd/path_cli_clippy.c:313
#12 0x42be38 in cmd_execute_command_real lib/command.c:907
#13 0x430d8b in cmd_execute_command lib/command.c:966
#14 0x43106b in cmd_execute lib/command.c:1120
#15 0x4f8e3b in vty_command lib/vty.c:526
#16 0x4f93f8 in vty_execute lib/vty.c:1293
#17 0x4feeab in vtysh_read lib/vty.c:2126
#18 0x4ed480 in thread_call lib/thread.c:1549
#19 0x47aac6 in frr_run lib/libfrr.c:1098
#20 0x41b58a in main pathd/path_main.c:150
#21 0x7fd81974282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
previously allocated by thread T0 here:
#0 0x7fd81a8f779a in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9879a)
#1 0x482958 in qcalloc lib/memory.c:110
#2 0x425151 in srte_segment_entry_add pathd/pathd.c:125
#3 0x42107d in pathd_te_segment_list_segment_create pathd/path_nb_config.c:120
#4 0x4933d0 in nb_callback_create lib/northbound.c:852
#5 0x4933d0 in nb_callback_configuration lib/northbound.c:1163
#6 0x49423b in nb_transaction_process lib/northbound.c:1288
#7 0x494974 in nb_candidate_commit_apply lib/northbound.c:724
#8 0x495007 in nb_candidate_commit lib/northbound.c:756
#9 0x49ad84 in nb_cli_apply_changes lib/northbound_cli.c:168
#10 0x41caec in te_path_segment_list_segment_magic pathd/path_cli.c:274
#11 0x41eb97 in te_path_segment_list_segment pathd/path_cli_clippy.c:260
#12 0x42be38 in cmd_execute_command_real lib/command.c:907
#13 0x430d8b in cmd_execute_command lib/command.c:966
#14 0x43106b in cmd_execute lib/command.c:1120
#15 0x4f8e3b in vty_command lib/vty.c:526
#16 0x4f93f8 in vty_execute lib/vty.c:1293
#17 0x4feeab in vtysh_read lib/vty.c:2126
#18 0x4ed480 in thread_call lib/thread.c:1549
#19 0x47aac6 in frr_run lib/libfrr.c:1098
#20 0x41b58a in main pathd/path_main.c:150
#21 0x7fd81974282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
SUMMARY: AddressSanitizer: heap-use-after-free pathd/path_nb_config.c:136 pathd_te_segment_list_segment_destroy
Shadow bytes around the buggy address:
0x0c167fffd670: fd fd fd fa fa fa fa fa fa fa fa fa fd fd fd fd
0x0c167fffd680: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa
0x0c167fffd690: fa fa fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c167fffd6a0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c167fffd6b0: fd fd fd fd fd fa fa fa fa fa fa fa fa fa fd fd
=>0x0c167fffd6c0: fd fd[fd]fd fd fd fd fd fd fd fd fa fa fa fa fa
0x0c167fffd6d0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
0x0c167fffd6e0: fd fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd
0x0c167fffd6f0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
0x0c167fffd700: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa
0x0c167fffd710: fa fa fa fa fa fa fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
rt1: Daemon pathd killed by AddressSanitizer2020-06-29 13:24:23,868 ERROR: assert failed at "test_isis_sr_te_topo1/test_memory_leak":
rt1: Daemon pathd killed by AddressSanitizer
Address Sanitizer triggered - Test failed
Signed-off-by: GalaxyGorilla sascha@netdef.org