profile
viewpoint

Ask questionsSegmentation fault when a rpc callback returns SR_ERR_CALLBACK_SHELVE

When an RPC callback returns SR_ERR_CALLBACK_SHELVE and sr_process_events is called a second time to finalize the operation (and return the result), a segmentation fault occurs when trying to access a libyang parsing error.

Program terminated with signal SIGSEGV, Segmentation fault.
#0  sr_errinfo_new_ly (err_info=err_info@entry=0x7fffe28ae400, ly_ctx=0x28da9c0)
    at /root/sshfs_root/sysrepo/src/log.c:217
217             if (e->level == LY_LLWRN) {
#1  0x00007f20d8bc91fe in sr_shmsub_rpc_listen_process_rpc_events (rpc_subs=0x3852f30, conn=0x2982f60)
    at /root/sshfs_root/sysrepo/src/shm_sub.c:2513
#2  0x00007f20d8ba1ea2 in sr_process_events (subscription=0x381bad0, session=0x0, stop_time_in=0x0)
    at /root/sshfs_root/sysrepo/src/sysrepo.c:2978
...

I think the segfault occurs because I have registered a log callback for libyang which causes ly_err_first to return NULL because the error has already been consumed.

In any case, this segfault hides another problem. The RPC input fails to be parsed a second time when sr_process_events is called again when the (async) RPC callback has finished its work and tries to return the result.

I don't know how to fix this. Could you help?

Thanks in advance.

sysrepo/sysrepo

Answer questions rjarry

This (naive) patch fixes the problem:

diff --git a/src/log.c b/src/log.c
index 1be87ce08746..1485e8a4a518 100644
--- a/src/log.c
+++ b/src/log.c
@@ -210,8 +210,8 @@ sr_errinfo_new_ly(sr_error_info_t **err_info, struct ly_ctx *ly_ctx)
     struct ly_err_item *e;
 
     e = ly_err_first(ly_ctx);
-    /* this function is called only when an error is expected */
-    assert(e);
+    if (!e)
+           return;
 
     do {
         if (e->level == LY_LLWRN) {
diff --git a/src/shm_sub.c b/src/shm_sub.c
index 4af86bb2f177..3302ae189bc5 100644
--- a/src/shm_sub.c
+++ b/src/shm_sub.c
@@ -2578,7 +2578,7 @@ process_event:
                 /* this subscription did not process the event yet, skip it */
                 SR_LOG_INF("Shelved processing \"%s\" event with ID %u priority %u.",
                         sr_ev2str(multi_sub_shm->event), multi_sub_shm->request_id, multi_sub_shm->priority);
-                continue;
+                goto cleanup_rdunlock;
             } else if (timed_out || (ret != SR_ERR_OK)) {
                 /* whole event failed */
                 err_code = ret;
useful!

Related questions

why "There is a not enabled node in ietf-system module, it can not be committed to the running" occured when I try to call "sr_set_item" in running datastore? hot 1
sysrepocfg error using config false in a YANG file hot 1
New sysrepo: leafref can't be used as a list key hot 1
possibility send notification in another thread during subtree_change callback hot 1
Can't connect to netopeer2-server via a unix socket when sysrepo is run as an unprivilieged process hot 1
Filling up startup datastore hot 1
[New-Sysrepo] sr_main_lock not released when install new netopeer2-server hot 1
Can't connect to netopeer2-server via a unix socket when sysrepo is run as an unprivilieged process hot 1
Sysrepo Api to lock DB hot 1
Python global_loop() replacement hot 1
Github User Rank List