Keeping you updated :)
So, having the following piece of code in src/vlib/main.c,
/* ??? Don't need valid flag: can use frame_index == ~0 */
if (PREDICT_FALSE (!(*nf->flags & VLIB_FRAME_IS_ALLOCATED*)))
{
nf->frame = vlib_frame_alloc (vm, node, next_index);
nf->flags |= VLIB_FRAME_IS_ALLOCATED;
}
f = nf->frame;
...
n_used = *f->n_vectors*; // line 371 where null dereferencing took place
I assume that I got a vlib_next_frame with flags VLIB_FRAME_IS_ALLOCATED
but without a frame inside.
The only place which does that thing was introduced by
9f5b36926b74109974e7c3ce9bb3a0a7d676c46c (which is a good job btw), so I
think we should clear that flag as it done in other places.
I prepared a fix[0], please have a look.
[0] - https://gerrit.fd.io/r/c/vpp/+/37749
On Mon, 5 Dec 2022 at 10:53, Stanislav Zaikin <[email protected]> wrote:
> Hello folks,
>
> I've got a crash on v22.10
> vnet[2391390]: received signal SIGSEGV, PC 0x7f4847feb994, faulting
> address 0x0
> vnet[2391390]: #0 0x00007f484805e85b 0x7f484805e85b
> vnet[2391390]: #1 0x00007f4847f753c0 0x7f4847f753c0
> vnet[2391390]: #2 0x00007f4847feb994 vlib_get_next_frame_internal + 0x64
> vnet[2391390]: #3 0x00007f484814e729 vlib_buffer_enqueue_to_next_fn_hsw +
> 0x3289
> vnet[2391390]: #4 0x00007f4848dcbf2e ip4_rewrite_node_fn_hsw + 0x28ae
> vnet[2391390]: #5 0x00007f4847fee6fb vlib_worker_loop + 0x1b3b
> vnet[2391390]: #6 0x00007f4848040afa vlib_worker_thread_fn + 0xaa
> vnet[2391390]: #7 0x00007f484803ae01 vlib_worker_thread_bootstrap_fn +
> 0x51
> vnet[2391390]: #8 0x00007f4847f69609 start_thread + 0xd9
> vnet[2391390]: #9 0x00007f4847ca7163 clone + 0x43
>
> (gdb) info line *0x7f4847feb994
> Line 371 of "/home/runner/work/vpp/vpp/src/vlib/main.c" starts at address
> 0x7f4847feb994 <vlib_get_next_frame_internal+100> and ends at
> 0x7f4847feb998 <vlib_get_next_frame_internal+104>.
>
> And the code for this line is following:
> n_used = f->n_vectors;
>
> Which means that vlib_node_runtime_get_next_frame allocated
> vlib_next_frame with NULL in the frame field.
>
> I wonder how I can debug it further since vpp caught a segfault signal and
> in the core file I've got a completely different stacktrace. Is there a
> way to find exactly this vlib_next_frame structure? Any ideas are much
> appreciated.
>
> --
> Best regards
> Stanislav Zaikin
>
--
Best regards
Stanislav Zaikin
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#22285): https://lists.fd.io/g/vpp-dev/message/22285
Mute This Topic: https://lists.fd.io/mt/95465711/21656
Group Owner: [email protected]
Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
