Re: [vpp-dev] crash in vlib_get_next_frame_internal

Stanislav Zaikin Mon, 05 Dec 2022 13:02:18 -0800

Keeping you updated :)

So, having the following piece of code in src/vlib/main.c,
  /* ??? Don't need valid flag: can use frame_index == ~0 */
  if (PREDICT_FALSE (!(*nf->flags & VLIB_FRAME_IS_ALLOCATED*)))
    {
      nf->frame = vlib_frame_alloc (vm, node, next_index);
      nf->flags |= VLIB_FRAME_IS_ALLOCATED;
    }


  f = nf->frame;
  ...
  n_used = *f->n_vectors*; // line 371 where null dereferencing took place
I assume that I got a vlib_next_frame with flags VLIB_FRAME_IS_ALLOCATED
but without a frame inside.
The only place which does that thing was introduced by
9f5b36926b74109974e7c3ce9bb3a0a7d676c46c (which is a good job btw), so I
think we should clear that flag as it done in other places.

I prepared a fix[0], please have a look.

[0] - https://gerrit.fd.io/r/c/vpp/+/37749

On Mon, 5 Dec 2022 at 10:53, Stanislav Zaikin <zsta...@gmail.com> wrote:

> Hello folks,
>
> I've got a crash on v22.10
> vnet[2391390]: received signal SIGSEGV, PC 0x7f4847feb994, faulting
> address 0x0
> vnet[2391390]: #0  0x00007f484805e85b 0x7f484805e85b
> vnet[2391390]: #1  0x00007f4847f753c0 0x7f4847f753c0
> vnet[2391390]: #2  0x00007f4847feb994 vlib_get_next_frame_internal + 0x64
> vnet[2391390]: #3  0x00007f484814e729 vlib_buffer_enqueue_to_next_fn_hsw +
> 0x3289
> vnet[2391390]: #4  0x00007f4848dcbf2e ip4_rewrite_node_fn_hsw + 0x28ae
> vnet[2391390]: #5  0x00007f4847fee6fb vlib_worker_loop + 0x1b3b
> vnet[2391390]: #6  0x00007f4848040afa vlib_worker_thread_fn + 0xaa
> vnet[2391390]: #7  0x00007f484803ae01 vlib_worker_thread_bootstrap_fn +
> 0x51
> vnet[2391390]: #8  0x00007f4847f69609 start_thread + 0xd9
> vnet[2391390]: #9  0x00007f4847ca7163 clone + 0x43
>
> (gdb) info line *0x7f4847feb994
> Line 371 of "/home/runner/work/vpp/vpp/src/vlib/main.c" starts at address
> 0x7f4847feb994 <vlib_get_next_frame_internal+100> and ends at
> 0x7f4847feb998 <vlib_get_next_frame_internal+104>.
>
> And the code for this line is following:
>   n_used = f->n_vectors;
>
> Which means that vlib_node_runtime_get_next_frame allocated
> vlib_next_frame with NULL in the frame field.
>
> I wonder how I can debug it further since vpp caught a segfault signal and
> in the core file I've got a completely different stacktrace. Is there a
> way to find exactly this vlib_next_frame structure? Any ideas are much
> appreciated.
>
> --
> Best regards
> Stanislav Zaikin
>


-- 
Best regards
Stanislav Zaikin

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#22285): https://lists.fd.io/g/vpp-dev/message/22285
Mute This Topic: https://lists.fd.io/mt/95465711/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] crash in vlib_get_next_frame_internal

Reply via email to