福建项目：福州移动5G SAPP根据当前包判断是否翻转外层隧道地址头，翻转vlan头出现段错误

ID	Creation Date	Assignee	Status
OMPUB-777	2023-01-13T10:10:37.000+0800	刘学利	已解决

IP地址：192.168.19.21-22 重启频率：频繁的时候大概10几分钟重启一次备注：dtls和fw_dtls插件已关闭

!image-2023-01-13-10-10-30-915.png|thumbnail! liuxueli commented on 2023-01-13T12:06:15.278+0800:

SAPP根据当前包判断是否翻转外层隧道地址头，翻转vlan头出现段错误，详细信息如下：

** 版本：sapp-4.2.90.8c77537-1.el7.x86_64 ** 机器: 19.22 ** 栈信息

{code:java} Program terminated with signal 11, Segmentation fault. #0 0x0000000000451ef1 in update_opposite_addr_info (top_stream_pr=0x7fff51d262dc, pstream_pr=0x7feb448d7004, p_stack=0x7fed6cdade84, cur_dir=1 '\001') at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/stream_manage.c:2221 2221 memcpy(pstream_pr->stream_public.addr.vlan->c2s_addr_array, Missing separate debuginfos, use: debuginfo-install bzip2-libs-1.0.6-13.el7.x86_64 elfutils-libelf-0.176-5.el7.x86_64 elfutils-libs-0.176-5.el7.x86_64 file-libs-5.11-37.el7.x86_64 glibc-2.17-317.el7.x86_64 libMESA_field_stat-1.0.3.0de785d-1.el7.x86_64 libMESA_field_stat2-2.10.11.b2095aa-1.el7.x86_64 libMESA_handle_logger-2.0.9.b677bb6-1.el7.x86_64 libMESA_htable-3.10.13.bd6fc34-1.el7.x86_64 libMESA_jump_layer-1.0.10.6fb4738-1.el7.x86_64 libMESA_prof_load-1.0.9.16148e7-1.el7.x86_64 libMV_Sketch-2.1.2.20220225.dc6bb95-1.el7.x86_64 libattr-2.4.46-13.el7.x86_64 libbreakpad_mini-1.0.9.9d98968-1.el7.x86_64 libcap-2.22-11.el7.x86_64 libcjson-1.7.12.6c09dcf-1.el7.x86_64 libdocumentanalyze-2.0.10.4c04402-1.el7.x86_64 libelua-2.0.1.7760c27-1.el7.x86_64 libgcc-4.8.5-44.el7.x86_64 libgcrypt-1.5.3-14.el7.x86_64 libgpg-error-1.12-3.el7.x86_64 libibverbs-56mlnx40-1.57102.x86_64 libmaatframe-3.6.14.f88f730-1.el7.x86_64 libnl3-3.2.28-4.el7.x86_64 libpcap-1.5.3-12.el7.x86_64 librulescan-3.0.1.6145620-1.el7.x86_64 libselinux-2.5-15.el7.x86_64 libstdc++-4.8.5-44.el7.x86_64 lz4-1.8.3-1.el7.x86_64 mrzcpd-4.5.4.15cfb61-1.el7.x86_64 numactl-libs-2.0.12-5.el7.x86_64 openssl-libs-1.0.2k-19.el7.x86_64 pcre-8.32-17.el7.x86_64 systemd-libs-219-78.el7.x86_64 xz-libs-5.2.2-1.el7.x86_64 zlib-1.2.7-18.el7.x86_64 (gdb) bt #0 0x0000000000451ef1 in update_opposite_addr_info (top_stream_pr=0x7fff51d262dc, pstream_pr=0x7feb448d7004, p_stack=0x7fed6cdade84, cur_dir=1 '\001') at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/stream_manage.c:2221 #1 0x000000000044ee3d in dealipv6udppkt (pindex=pindex@entry=0x7ff5d4ff9080, a_packet=a_packet@entry=0x7f56080a09a6, data=data@entry=0x7f56080a09ce <Address 0x7f56080a09ce out of bounds>, thread_num=thread_num@entry=0, routedir=routedir@entry=0 '\000', raw_pkt=raw_pkt@entry=0x7ff5d4ffa2c0, offset_to_raw_pkt_hdr=offset_to_raw_pkt_hdr@entry=126) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_udp.c:883 #2 0x000000000044c1c6 in ipv6_entry (pfstream_pr=pfstream_pr@entry=0x7ff5d4ff9248, this_layer_hdr=this_layer_hdr@entry=0x7f56080a09a6, thread_num=0, routedir=routedir@entry=0 '\000', raw_pkt=0x7ff5d4ffa2c0, offset_to_raw_pkt_hdr=86) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_ipv6.c:862 #3 0x0000000000455cbe in gtp_entry (pfstream_pr=pfstream_pr@entry=0x7fff51af68dc, this_layer_data=this_layer_data@entry=0x7f56080a098e, thread_num=thread_num@entry=0, routedir=routedir@entry=0 '\000', raw_pkt=raw_pkt@entry=0x7ff5d4ffa2c0, offset_to_raw_pkt_hdr=offset_to_raw_pkt_hdr@entry=70) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_gprs_tunnel.c:176 #4 0x000000000044ef1d in dealipv6udppkt (pindex=pindex@entry=0x7ff5d4ff94b0, a_packet=a_packet@entry=0x7f56080a0966, data=data@entry=0x7f56080a098e <Address 0x7f56080a098e out of bounds>, thread_num=thread_num@entry=0, routedir=routedir@entry=0 '\000', raw_pkt=raw_pkt@entry=0x7ff5d4ffa2c0, offset_to_raw_pkt_hdr=offset_to_raw_pkt_hdr@entry=62) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_udp.c:940 #5 0x000000000044c1c6 in ipv6_entry (pfstream_pr=pfstream_pr@entry=0x7ff5d4ff96d8, this_layer_hdr=0x7f56080a0966, thread_num=thread_num@entry=0, routedir=, raw_pkt=raw_pkt@entry=0x7ff5d4ffa2c0, offset_to_raw_pkt_hdr=offset_to_raw_pkt_hdr@entry=22) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_ipv6.c:862 #6 0x0000000000454ffc in IEEE_8021_entry (pfstream_pr=, this_layer_data=this_layer_data@entry=0x7f56080a095e, thread_num=thread_num@entry=0, routedir=routedir@entry=0 '\000', raw_pkt=0x7ff5d4ffa2c0, offset_to_raw_pkt_hdr=, eth_type=eth_type@entry=33024) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_vlan.c:111 #7 0x000000000044da96 in eth_entry (fstream_pr=fstream_pr@entry=0x0, this_layer_hdr=0x7f56080a0950, thread_num=thread_num@entry=0, dir=, raw_pkt=raw_pkt@entry=0x7ff5d4ffa2c0, offset_to_raw_pkt_hdr=offset_to_raw_pkt_hdr@entry=0) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_ethernet.c:189 #8 0x000000000043a1c7 in mesa_default_pkt_cb (p_raw_pkt=0x7ff5d4ffa2c0, dir=, thread_num=0) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/packet_io/packet_io.c:649 #9 0x000000000050f2ac in marsio4_pkt_hand (dir=0 '\000', raw_pkt=0x7ff5d4ffa2c0, rx_buff=0x7f56080a07c0, tid=0) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/packet_io/packet_io_marsio.c:664 #10 marsio4_process_packet (tid=tid@entry=0, raw_pkt=raw_pkt@entry=0x7ff5d4ffa2c0) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/packet_io/packet_io_marsio.c:706 #11 0x000000000050fc70 in marsio4_worker (arg=) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/packet_io/packet_io_marsio.c:872 #12 0x00007ffff79acea5 in start_thread () from /lib64/libpthread.so.0 #13 0x00007ffff59d396d in clone () from /lib64/libc.so.6 (gdb) l 2216 break; 2217 2218 case ADDR_TYPE_VLAN: 2219 if(ADDR_TYPE_VLAN == pstream_pr->stream_public.addr.addrtype){ 2220 if(cur_dir == DIR_C2S){ 2221 memcpy(pstream_pr->stream_public.addr.vlan->c2s_addr_array, 2222 p_stack->stream_public.addr.vlan->c2s_addr_array, 2223 sizeof(p_stack->stream_public.addr.vlan->c2s_addr_array)); 2224 pstream_pr->stream_public.addr.vlan->c2s_layer_num = p_stack->stream_public.addr.vlan->c2s_layer_num; 2225 } (gdb) l p_stack->stream_public.addr.vlan Function "p_stack->stream_public.addr.vlan" not defined. (gdb) p p_stack->stream_public.addr.vlan $1 = (struct layer_addr_vlan *) 0x0 {code}

{code:java} Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7ff5d2ffe700 (LWP 23868)] 0x0000000000451ef1 in update_opposite_addr_info (top_stream_pr=0x7fff508310dc, pstream_pr=0x7fe9cfe75c44, p_stack=0x7fe9cebffb04, cur_dir=1 '\001') at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/stream_manage.c:2221 2221 memcpy(pstream_pr->stream_public.addr.vlan->c2s_addr_array, Missing separate debuginfos, use: debuginfo-install file-libs-5.11-37.el7.x86_64 libMESA_field_stat-1.0.3.0de785d-1.el7.x86_64 libMV_Sketch-2.1.2.20220225.dc6bb95-1.el7.x86_64 libdocumentanalyze-2.0.10.4c04402-1.el7.x86_64 libelua-2.0.1.7760c27-1.el7.x86_64 (gdb) l 2216 break; 2217 2218 case ADDR_TYPE_VLAN: 2219 if(ADDR_TYPE_VLAN == pstream_pr->stream_public.addr.addrtype){ 2220 if(cur_dir == DIR_C2S){ 2221 memcpy(pstream_pr->stream_public.addr.vlan->c2s_addr_array, 2222 p_stack->stream_public.addr.vlan->c2s_addr_array, 2223 sizeof(p_stack->stream_public.addr.vlan->c2s_addr_array)); 2224 pstream_pr->stream_public.addr.vlan->c2s_layer_num = p_stack->stream_public.addr.vlan->c2s_layer_num; 2225 } (gdb) p p_stack->stream_public.addr.vlan $1 = (struct layer_addr_vlan *) 0x0 (gdb) bt #0 0x0000000000451ef1 in update_opposite_addr_info (top_stream_pr=0x7fff508310dc, pstream_pr=0x7fe9cfe75c44, p_stack=0x7fe9cebffb04, cur_dir=1 '\001') at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/stream_manage.c:2221 #1 0x000000000044e648 in dealipv4udppkt (pindex=pindex@entry=0x7ff5d2ffc080, this_iphdr=0x7f557e055066, thread_num=thread_num@entry=0, routedir=routedir@entry=0 '\000', raw_pkt=raw_pkt@entry=0x7ff5d2ffd2c0, offset_to_raw_pkt_hdr=) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_udp.c:639 #2 0x000000000044f63e in process_ipv4_pkt (pfindex=pfindex@entry=0x7ff5d2ffc080, a_packet=, thread_num=thread_num@entry=0, routedir=routedir@entry=0 '\000', raw_pkt=raw_pkt@entry=0x7ff5d2ffd2c0, offset_to_raw_pkt_hdr=86) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_udp.c:980 #3 0x0000000000442dd5 in ipv4_entry (pfstream_pr=pfstream_pr@entry=0x7ff5d2ffc248, this_layer_data=this_layer_data@entry=0x7f557e055066, thread_num=0, routedir=routedir@entry=0 '\000', raw_pkt=, offset_to_raw_pkt_hdr=) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_ipv4.c:766 #4 0x0000000000455ca9 in gtp_entry (pfstream_pr=pfstream_pr@entry=0x7fff5056bfdc, this_layer_data=this_layer_data@entry=0x7f557e05504e, thread_num=thread_num@entry=0, routedir=routedir@entry=0 '\000', raw_pkt=raw_pkt@entry=0x7ff5d2ffd2c0, offset_to_raw_pkt_hdr=offset_to_raw_pkt_hdr@entry=70) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_gprs_tunnel.c:164 #5 0x000000000044ef1d in dealipv6udppkt (pindex=pindex@entry=0x7ff5d2ffc4b0, a_packet=a_packet@entry=0x7f557e055026, data=data@entry=0x7f557e05504e "\bh\bh", thread_num=thread_num@entry=0, routedir=routedir@entry=0 '\000', raw_pkt=raw_pkt@entry=0x7ff5d2ffd2c0, offset_to_raw_pkt_hdr=offset_to_raw_pkt_hdr@entry=62) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_udp.c:940 #6 0x000000000044c1c6 in ipv6_entry (pfstream_pr=pfstream_pr@entry=0x7ff5d2ffc6d8, this_layer_hdr=0x7f557e055026, thread_num=thread_num@entry=0, routedir=, raw_pkt=raw_pkt@entry=0x7ff5d2ffd2c0, offset_to_raw_pkt_hdr=offset_to_raw_pkt_hdr@entry=22) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_ipv6.c:862 #7 0x0000000000454ffc in IEEE_8021_entry (pfstream_pr=, this_layer_data=this_layer_data@entry=0x7f557e05501e, thread_num=thread_num@entry=0, routedir=routedir@entry=0 '\000', raw_pkt=0x7ff5d2ffd2c0, offset_to_raw_pkt_hdr=, eth_type=eth_type@entry=33024) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_vlan.c:111 #8 0x000000000044da96 in eth_entry (fstream_pr=fstream_pr@entry=0x0, this_layer_hdr=0x7f557e055010, thread_num=thread_num@entry=0, dir=, raw_pkt=raw_pkt@entry=0x7ff5d2ffd2c0, offset_to_raw_pkt_hdr=offset_to_raw_pkt_hdr@entry=0) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_ethernet.c:189 #9 0x000000000043a1c7 in mesa_default_pkt_cb (p_raw_pkt=0x7ff5d2ffd2c0, dir=, thread_num=0) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/packet_io/packet_io.c:649 #10 0x000000000050f2ac in marsio4_pkt_hand (dir=0 '\000', raw_pkt=0x7ff5d2ffd2c0, rx_buff=0x7f557e054e80, tid=0) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/packet_io/packet_io_marsio.c:664 #11 marsio4_process_packet (tid=tid@entry=0, raw_pkt=raw_pkt@entry=0x7ff5d2ffd2c0) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/packet_io/packet_io_marsio.c:706 #12 0x000000000050fc70 in marsio4_worker (arg=) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/packet_io/packet_io_marsio.c:872 #13 0x00007ffff79acea5 in start_thread () from /lib64/libpthread.so.0 #14 0x00007ffff59d396d in clone () from /lib64/libc.so.6 (gdb) f 7 {code}

yangwei commented on 2023-06-05T09:35:53.296+0800:

福建环境部署模式为镜像，注入链路中的数据包需要操作系统协议栈转发，封装格式与原始包不同（不能包含GTP、VLAN、MPLS等）。

出现重启的192.168.19.21-22这两台，对于解析封装格式的配置项不正确，修改后暂无重启的现象。

关于VLAN地址翻转的问题，代码逻辑无异常，在线运行需要在大流量下超过10分钟以上才复现，出现段错误的四元组无规律，需要继续观察。

liuxueli commented on 2023-09-14T15:36:00.730+0800:

福建环境: 192.168.27.110复现问题， ** 版本:sapp-pr-4.3.13.9ea6b23-1.el8.x86_64 ** 栈：

{code:java} 第一次 (gdb) bt #0 0x0000000000447e26 in update_opposite_addr_info () #1 0x0000000000445079 in dealipv6udppkt () #2 0x0000000000441d0c in ipv6_entry () #3 0x000000000044bfbf in gtp_entry () #4 0x0000000000445251 in dealipv6udppkt () #5 0x0000000000441d0c in ipv6_entry () #6 0x00000000004435e9 in eth_entry () #7 0x000000000042e153 in mesa_default_pkt_cb () #8 0x00000000004eb157 in marsio4_process_packet () #9 0x00000000004eb851 in marsio4_worker () #10 0x00007ffff799d1ca in start_thread () from /lib64/libpthread.so.0 #11 0x00007ffff4f53e73 in clone () from /lib64/libc.so.6 (gdb)

第二次 #0 0x000000000044814f in update_opposite_addr_info () #1 0x00000000004445ec in dealipv4udppkt () #2 0x0000000000437a9f in ipv4_entry () #3 0x000000000044c1f6 in gtp_entry () #4 0x0000000000445251 in dealipv6udppkt () #5 0x0000000000441d0c in ipv6_entry () #6 0x00000000004435e9 in eth_entry () #7 0x000000000042e153 in mesa_default_pkt_cb () #8 0x00000000004eb157 in marsio4_process_packet () #9 0x00000000004eb851 in marsio4_worker () #10 0x00007ffff799d1ca in start_thread () from /lib64/libpthread.so.0 #11 0x00007ffff4f53e73 in clone () from /lib64/libc.so.6 (gdb) r {code}

liuxueli commented on 2023-09-21T21:05:48.695+0800:

sapp.4.3.23版本已修复 ** sapp.4.3.23.asan报错信息 ** {code:java} ================================================================= ==1969==ERROR: AddressSanitizer: heap-use-after-free on address 0x61107483bf0c at pc 0x00000048bda9 bp 0x7fff6bf291a0 sp 0x7fff6bf29190 READ of size 1 at 0x61107483bf0c thread T25 (sapp_marsio_15) #0 0x48bda8 in update_opposite_addr_info /home/yangwei/SOURCE/sapp/src/dealpkt/stream_manage.c:2245 #1 0x480a2a in dealipv6udppkt /home/yangwei/SOURCE/sapp/src/dealpkt/deal_udp.c:970 #2 0x475150 in ipv6_entry /home/yangwei/SOURCE/sapp/src/dealpkt/deal_ipv6.c:866 #3 0x49b2de in gtp_entry /home/yangwei/SOURCE/sapp/src/dealpkt/deal_gprs_tunnel.c:177 #4 0x480dbb in dealipv6udppkt /home/yangwei/SOURCE/sapp/src/dealpkt/deal_udp.c:1028 #5 0x475150 in ipv6_entry /home/yangwei/SOURCE/sapp/src/dealpkt/deal_ipv6.c:866 #6 0x47ab61 in eth_entry /home/yangwei/SOURCE/sapp/src/dealpkt/deal_ethernet.c:185 #7 0x43d2d9 in mesa_default_pkt_cb /home/yangwei/SOURCE/sapp/src/packet_io/packet_io.c:653 #8 0x4f4c5e in marsio4_pkt_hand /home/yangwei/SOURCE/sapp/src/packet_io/packet_io_marsio.c:761 #9 0x4f4c5e in marsio4_process_packet /home/yangwei/SOURCE/sapp/src/packet_io/packet_io_marsio.c:805 #10 0x4f6507 in marsio4_worker /home/yangwei/SOURCE/sapp/src/packet_io/packet_io_marsio.c:963 #11 0x7ffff6be81c9 in start_thread (/lib64/libpthread.so.0+0x81c9) #12 0x7ffff4702e72 in __clone (/lib64/libc.so.6+0x39e72)0x61107483bf0c is located 76 bytes inside of 196-byte region [0x61107483bec0,0x61107483bf84) freed by thread T25 (sapp_marsio_15) here: #0 0x7ffff6eef7f0 in __interceptor_free (/lib64/libasan.so.5+0xef7f0) #1 0x48aebc in free_heap_stream_info /home/yangwei/SOURCE/sapp/src/dealpkt/stream_manage.c:2087 #2 0x47da6c in udp_free_stream /home/yangwei/SOURCE/sapp/src/dealpkt/deal_udp.c:347 #3 0x483e77 in del_stream /home/yangwei/SOURCE/sapp/src/dealpkt/stream_manage.c:277 #4 0x483e77 in streamaddlist /home/yangwei/SOURCE/sapp/src/dealpkt/stream_manage.c:344 #5 0x47c634 in udp_add_new_stream /home/yangwei/SOURCE/sapp/src/dealpkt/deal_udp.c:213 #6 0x480fee in dealipv6udppkt /home/yangwei/SOURCE/sapp/src/dealpkt/deal_udp.c:896 #7 0x475150 in ipv6_entry /home/yangwei/SOURCE/sapp/src/dealpkt/deal_ipv6.c:866 #8 0x49b2de in gtp_entry /home/yangwei/SOURCE/sapp/src/dealpkt/deal_gprs_tunnel.c:177 #9 0x480dbb in dealipv6udppkt /home/yangwei/SOURCE/sapp/src/dealpkt/deal_udp.c:1028 #10 0x475150 in ipv6_entry /home/yangwei/SOURCE/sapp/src/dealpkt/deal_ipv6.c:866 #11 0x47ab61 in eth_entry /home/yangwei/SOURCE/sapp/src/dealpkt/deal_ethernet.c:185 #12 0x43d2d9 in mesa_default_pkt_cb /home/yangwei/SOURCE/sapp/src/packet_io/packet_io.c:653 #13 0x4f4c5e in marsio4_pkt_hand /home/yangwei/SOURCE/sapp/src/packet_io/packet_io_marsio.c:761 #14 0x4f4c5e in marsio4_process_packet /home/yangwei/SOURCE/sapp/src/packet_io/packet_io_marsio.c:805 #15 0x4f6507 in marsio4_worker /home/yangwei/SOURCE/sapp/src/packet_io/packet_io_marsio.c:963 #16 0x7ffff6be81c9 in start_thread (/lib64/libpthread.so.0+0x81c9) previously allocated by thread T25 (sapp_marsio_15) here: #0 0x7ffff6eefbb8 in __interceptor_malloc (/lib64/libasan.so.5+0xefbb8) #1 0x4ba63e in sapp_mem_malloc /home/yangwei/SOURCE/sapp/src/common/sapp_mem.c:60 #2 0x48d441 in copy_stream_info_to_heap_single_layer /home/yangwei/SOURCE/sapp/src/dealpkt/stream_manage.c:2538 #3 0x48e767 in copy_stream_info_to_heap /home/yangwei/SOURCE/sapp/src/dealpkt/stream_manage.c:2589 #4 0x47c492 in udp_add_new_stream /home/yangwei/SOURCE/sapp/src/dealpkt/deal_udp.c:186 #5 0x480fee in dealipv6udppkt /home/yangwei/SOURCE/sapp/src/dealpkt/deal_udp.c:896 #6 0x475150 in ipv6_entry /home/yangwei/SOURCE/sapp/src/dealpkt/deal_ipv6.c:866 #7 0x47ab61 in eth_entry /home/yangwei/SOURCE/sapp/src/dealpkt/deal_ethernet.c:185 #8 0x43d2d9 in mesa_default_pkt_cb /home/yangwei/SOURCE/sapp/src/packet_io/packet_io.c:653 #9 0x4f4c5e in marsio4_pkt_hand /home/yangwei/SOURCE/sapp/src/packet_io/packet_io_marsio.c:761 #10 0x4f4c5e in marsio4_process_packet /home/yangwei/SOURCE/sapp/src/packet_io/packet_io_marsio.c:805 #11 0x4f6507 in marsio4_worker /home/yangwei/SOURCE/sapp/src/packet_io/packet_io_marsio.c:963 #12 0x7ffff6be81c9 in start_thread (/lib64/libpthread.so.0+0x81c9)Thread T25 (sapp_marsio_15) created by T0 here: #0 0x7ffff6e52eb3 in __interceptor_pthread_create (/lib64/libasan.so.5+0x52eb3) #1 0x4fad8d in marsio_dl_io_run /home/yangwei/SOURCE/sapp/src/packet_io/packet_io_marsio.c:1405 #2 0x4ddddd in MESA_platform_run /home/yangwei/SOURCE/sapp/src/sapp_dev/sapp_init.c:329 #3 0x4da0c7 in libsapp_setup_env /home/yangwei/SOURCE/sapp/src/sapp_dev/sapp_plug.c:207 #4 0x412678 in main /home/yangwei/SOURCE/sapp/src/entry/sapp_main.c:23 #5 0x7ffff4703d84 in __libc_start_main (/lib64/libc.so.6+0x3ad84)SUMMARY: AddressSanitizer: heap-use-after-free /home/yangwei/SOURCE/sapp/src/dealpkt/stream_manage.c:2245 in update_opposite_addr_info Shadow bytes around the buggy address: 0x0c228e8ff790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c228e8ff7a0: 04 fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c228e8ff7b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c228e8ff7c0: 00 00 00 00 00 00 00 00 04 fa fa fa fa fa fa fa 0x0c228e8ff7d0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd =>0x0c228e8ff7e0: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c228e8ff7f0: fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c228e8ff800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c228e8ff810: 00 00 00 00 00 00 00 00 04 fa fa fa fa fa fa fa 0x0c228e8ff820: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 0x0c228e8ff830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==1969==ABORTING {code}

Attachments

34430/image-2023-01-13-10-10-30-915.png

34461/OMPUB-777.vlan.segmentfault.pcap

34462/OMPUB-777.vlan.segmentfault-2.pcap

34463/OMPUB-777.vlan.segmentfault-3.pcap

22 KiB Raw Blame History Unescape Escape

福建项目：福州移动5G SAPP根据当前包判断是否翻转外层隧道地址头，翻转vlan头出现段错误

Attachments

22 KiB

Raw Blame History