zebra: Skip route table lookup if zvrf is NULL #16858
Closed
+7
−0
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
A crash was observed in 8.4.4 zebra when FRR processes were being shutting down by automated script: Thread 1 (LWP 16051): #0 0x00007f63f449bb8f in raise () from /lib64/libpthread.so.0 FRRouting#1 0x00007f63f5c68300 in core_handler (signo=11, siginfo=0x7ffec6322cb0, context=<optimized out>) at lib/sigevent.c:261 FRRouting#2 <signal handler called> FRRouting#3 zebra_router_get_table (zvrf=zvrf@entry=0x0, tableid=tableid@entry=254, afi=afi@entry=AFI_IP, safi=safi@entry=SAFI_UNICAST) at /usr/include/bits/string_fortified.h:71 FRRouting#4 0x0000560d74192e6d in zebra_vrf_get_table_with_table_id (afi=AFI_IP, safi=SAFI_UNICAST, vrf_id=<optimized out>, table_id=254) at zebra/zebra_vrf.c:335 FRRouting#5 0x0000560d74186d20 in process_subq_early_route_add (ere=<optimized out>) at zebra/zebra_rib.c:2649 FRRouting#6 process_subq_early_route (lnode=0x560d7783c5f0) at zebra/zebra_rib.c:3127 FRRouting#7 process_subq (qindex=META_QUEUE_EARLY_ROUTE, subq=0x560d75cb1e40) at zebra/zebra_rib.c:3150 FRRouting#8 meta_queue_process (dummy=<optimized out>, data=0x560d75cba680) at zebra/zebra_rib.c:3202 FRRouting#9 0x00007f63f5c84550 in work_queue_run (thread=0x7ffec63233d0) at lib/workqueue.c:285 FRRouting#10 0x00007f63f5c7a4c1 in thread_call (thread=thread@entry=0x7ffec63233d0) at lib/thread.c:2008 FRRouting#11 0x00007f63f5c32088 in frr_run (master=0x560d75acbf50) at lib/libfrr.c:1216 FRRouting#12 0x0000560d7411c8f7 in main (argc=<optimized out>, argv=0x7ffec63237a8) at zebra/main.c:499 Below is analysis for the sequence of events which led to zebra crash: - configs including VRF configs were deleted in zebra - Some route messages for the deleted VRF were still in the zebra metaq waiting to be processed - when the route message was dequeued for processing, the VRF was already deleted - lookup of zvrf failed for the route vrf_id in route-entry, but the NULL return was not checked, resulted in SIGSEGV crash when it was dereferenced later Signed-off-by: Jenny Yuan <[email protected]>
mjstapp
reviewed
Sep 18, 2024
|
I'm pretty sure that this crash has already been solved via a different methodology. Look in current vrf shutdown code, I am pretty sure we now iterate the early route queue and remove those routes that match that vrf. |
|
In other words I would like to see a recreate of this crash in latest master before we accept this and I think the early route entry should be removed from the metaQ as the actual fix instead. |
|
Hi @donaldsharp , thanks for your review and comments. looks like this fix (e53fa58) would address the crash we saw in zebra. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A crash was observed in 8.4.4 zebra when FRR processes were being shutting down by automated script:
Thread 1 (LWP 16051):
#0 0x00007f63f449bb8f in raise () from /lib64/libpthread.so.0
#1 0x00007f63f5c68300 in core_handler (signo=11, siginfo=0x7ffec6322cb0, context=) at lib/sigevent.c:261
#2
#3 zebra_router_get_table (zvrf=zvrf@entry=0x0, tableid=tableid@entry=254, afi=afi@entry=AFI_IP, safi=safi@entry=SAFI_UNICAST) at /usr/include/bits/string_fortified.h:71
#4 0x0000560d74192e6d in zebra_vrf_get_table_with_table_id (afi=AFI_IP, safi=SAFI_UNICAST, vrf_id=, table_id=254) at zebra/zebra_vrf.c:335
#5 0x0000560d74186d20 in process_subq_early_route_add (ere=) at zebra/zebra_rib.c:2649
#6 process_subq_early_route (lnode=0x560d7783c5f0) at zebra/zebra_rib.c:3127
#7 process_subq (qindex=META_QUEUE_EARLY_ROUTE, subq=0x560d75cb1e40) at zebra/zebra_rib.c:3150
#8 meta_queue_process (dummy=, data=0x560d75cba680) at zebra/zebra_rib.c:3202
#9 0x00007f63f5c84550 in work_queue_run (thread=0x7ffec63233d0) at lib/workqueue.c:285
#10 0x00007f63f5c7a4c1 in thread_call (thread=thread@entry=0x7ffec63233d0) at lib/thread.c:2008
#11 0x00007f63f5c32088 in frr_run (master=0x560d75acbf50) at lib/libfrr.c:1216
#12 0x0000560d7411c8f7 in main (argc=, argv=0x7ffec63237a8) at zebra/main.c:499
Below is analysis for the sequence of events which led to zebra crash: