Hi neale, The function ipsec_sa_get call in esp_encrypt_inline/ esp_decrypt_inline has mem issue. In ipsec4-input-feature node, vnet_buffer (b[0])->ipsec.sad_index was setted by sa, but the sa maybe freed by main thread just after the node dispatch finish, the next dispatch loop the sa referenced by vnet_buffer (b[0])->ipsec.sad_index become invalid and will cause memory issue in esp_encrypt_inline. esp_decrypt/ah_encrypt/ah_decrpty all have same issue. Below is the crash stack I got:
2: /root/code/net-base/.vpp-22.02/src/vnet/ipsec/ipsec_sa.h:649 (ipsec_sa_get) assertion `! pool_is_free (ipsec_sa_pool, _e)' fails Program received signal SIGABRT, Aborted. [Switching to Thread 0x7ffa38472700 (LWP 4067)] 0x00007ffff35c11f7 in raise () from /lib64/libc.so.6 Missing separate debuginfos, use: debuginfo-install glibc-2.17-196.el7.x86_64 libgcc-4.8.5-16.el7.x86_64 libpcap-1.5.3-12.el7.x86_64 libstdc++-4.8.5-16.el7.x86_64 libuuid-2.23.2-43.el7.x86_64 (gdb) bt #0 0x00007ffff35c11f7 in raise () from /lib64/libc.so.6 #1 0x00007ffff35c28e8 in abort () from /lib64/libc.so.6 #2 0x000000000040b31b in os_panic () at /root/code/net-base/.vpp-22.02/src/vpp/vnet/main.c:413 #3 0x00007ffff3f081ff in debugger () at /root/code/net-base/.vpp-22.02/src/vppinfra/error.c:84 #4 0x00007ffff3f088d5 in _clib_error (how_to_die=2, function_name=0x0, line_number=0, fmt=0x7ffff6a26380 "%s:%d (%s) assertion `%s' fails") at /root/code/net-base/.vpp-22.02/src/vppinfra/error.c:143 #5 0x00007ffff5767800 in ipsec_sa_get (sa_index=24723) at /root/code/net-base/.vpp-22.02/src/vnet/ipsec/ipsec_sa.h:649 #6 0x00007ffff576f6ed in esp_encrypt_inline (vm=0x7ffefb476380, node=0x7ffefc5f5580, frame=0x7fff1cd85c80, lt=VNET_LINK_IP4, is_tun=0, async_next_node=1) at /root/code/net-base/.vpp-22.02/src/vnet/ipsec/esp_encrypt.c:661 #7 0x00007ffff5773afe in esp4_encrypt_node_fn (vm=0x7ffefb476380, node=0x7ffefc5f5580, from_frame=0x7fff1cd85c80) at /root/code/net-base/.vpp-22.02/src/vnet/ipsec/esp_encrypt.c:1171 #8 0x00007fffefc4f3ad in dispatch_pcap_trace (vm=0x7ffefb476380, node=0x7ffefc5f5580, frame=0x7fff1cd85c80) at /root/code/net-base/.vpp-22.02/src/plugins/dispatch-trace/main.c:210 #9 0x00007ffff475bb0d in dispatch_node (vm=0x7ffefb476380, node=0x7ffefc5f5580, type=VLIB_NODE_TYPE_INTERNAL, dispatch_state=VLIB_NODE_STATE_POLLING, frame=0x7fff1cd85c80, last_time_stamp=3114277064272384) at /root/code/net-base/.vpp-22.02/src/vlib/main.c:977 #10 0x00007ffff475cf25 in dispatch_pending_node (vm=0x7ffefb476380, pending_frame_index=0, last_time_stamp=3114277064272384) at /root/code/net-base/.vpp-22.02/src/vlib/main.c:1134 #11 0x00007ffff4760dcc in vlib_main_or_worker_loop (vm=0x7ffefb476380, is_main=0) at /root/code/net-base/.vpp-22.02/src/vlib/main.c:1600 #12 0x00007ffff4762594 in vlib_worker_loop (vm=0x7ffefb476380) at /root/code/net-base/.vpp-22.02/src/vlib/main.c:1734 #13 0x00007ffff47b5e68 in vlib_worker_thread_fn (arg=0x7ffef0b822c0) at /root/code/net-base/.vpp-22.02/src/vlib/threads.c:1533 #14 0x00007ffff3f32790 in clib_calljmp () at /root/code/net-base/.vpp-22.02/src/vppinfra/longjmp.S:123 #15 0x00007ffa38471dd0 in ?? () #16 0x00007ffff47a9820 in vlib_worker_thread_bootstrap_fn (arg=0x7ffef0b822c0) at /root/code/net-base/.vpp-22.02/src/vlib/threads.c:413 Backtrace stopped: previous frame inner to this frame (corrupt stack?) Xiaoming
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#22202): https://lists.fd.io/g/vpp-dev/message/22202 Mute This Topic: https://lists.fd.io/mt/95086868/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
