admin/geedge-jira
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6a8bfef5778fc7ddd06fa05776bf1ecd0f61d4c4
geedge-jira/md/OMPUB-777.md
hello 46daec8ae4 first
2025-09-14 21:52:36 +00:00

292 lines
22 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 福建项目福州移动5G SAPP根据当前包判断是否翻转外层隧道地址头翻转vlan头出现段错误
| ID | Creation Date | Assignee | Status |
|----|----------------|----------|--------|
| OMPUB-777 | 2023-01-13T10:10:37.000+0800 | 刘学利 | 已解决 |
---
IP地址192.168.19.21-22
重启频率频繁的时候大概10几分钟重启一次
备注dtls和fw_dtls插件已关闭
!image-2023-01-13-10-10-30-915.png|thumbnail! **liuxueli** commented on *2023-01-13T12:06:15.278+0800*:
* SAPP根据当前包判断是否翻转外层隧道地址头翻转vlan头出现段错误详细信息如下
*
** 版本sapp-4.2.90.8c77537-1.el7.x86_64
** 机器: 19.22
** 栈信息
***
{code:java}
Program terminated with signal 11, Segmentation fault.
#0  0x0000000000451ef1 in update_opposite_addr_info (top_stream_pr=0x7fff51d262dc, pstream_pr=0x7feb448d7004, p_stack=0x7fed6cdade84, cur_dir=1 '\001') at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/stream_manage.c:2221
2221                            memcpy(pstream_pr->stream_public.addr.vlan->c2s_addr_array,
Missing separate debuginfos, use: debuginfo-install bzip2-libs-1.0.6-13.el7.x86_64 elfutils-libelf-0.176-5.el7.x86_64 elfutils-libs-0.176-5.el7.x86_64 file-libs-5.11-37.el7.x86_64 glibc-2.17-317.el7.x86_64 libMESA_field_stat-1.0.3.0de785d-1.el7.x86_64 libMESA_field_stat2-2.10.11.b2095aa-1.el7.x86_64 libMESA_handle_logger-2.0.9.b677bb6-1.el7.x86_64 libMESA_htable-3.10.13.bd6fc34-1.el7.x86_64 libMESA_jump_layer-1.0.10.6fb4738-1.el7.x86_64 libMESA_prof_load-1.0.9.16148e7-1.el7.x86_64 libMV_Sketch-2.1.2.20220225.dc6bb95-1.el7.x86_64 libattr-2.4.46-13.el7.x86_64 libbreakpad_mini-1.0.9.9d98968-1.el7.x86_64 libcap-2.22-11.el7.x86_64 libcjson-1.7.12.6c09dcf-1.el7.x86_64 libdocumentanalyze-2.0.10.4c04402-1.el7.x86_64 libelua-2.0.1.7760c27-1.el7.x86_64 libgcc-4.8.5-44.el7.x86_64 libgcrypt-1.5.3-14.el7.x86_64 libgpg-error-1.12-3.el7.x86_64 libibverbs-56mlnx40-1.57102.x86_64 libmaatframe-3.6.14.f88f730-1.el7.x86_64 libnl3-3.2.28-4.el7.x86_64 libpcap-1.5.3-12.el7.x86_64 librulescan-3.0.1.6145620-1.el7.x86_64 libselinux-2.5-15.el7.x86_64 libstdc++-4.8.5-44.el7.x86_64 lz4-1.8.3-1.el7.x86_64 mrzcpd-4.5.4.15cfb61-1.el7.x86_64 numactl-libs-2.0.12-5.el7.x86_64 openssl-libs-1.0.2k-19.el7.x86_64 pcre-8.32-17.el7.x86_64 systemd-libs-219-78.el7.x86_64 xz-libs-5.2.2-1.el7.x86_64 zlib-1.2.7-18.el7.x86_64
(gdb) bt
#0  0x0000000000451ef1 in update_opposite_addr_info (top_stream_pr=0x7fff51d262dc, pstream_pr=0x7feb448d7004, p_stack=0x7fed6cdade84, cur_dir=1 '\001') at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/stream_manage.c:2221
#1  0x000000000044ee3d in dealipv6udppkt (pindex=pindex@entry=0x7ff5d4ff9080, a_packet=a_packet@entry=0x7f56080a09a6, data=data@entry=0x7f56080a09ce <Address 0x7f56080a09ce out of bounds>, thread_num=thread_num@entry=0, routedir=routedir@entry=0 '\000', 
    raw_pkt=raw_pkt@entry=0x7ff5d4ffa2c0, offset_to_raw_pkt_hdr=offset_to_raw_pkt_hdr@entry=126) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_udp.c:883
#2  0x000000000044c1c6 in ipv6_entry (pfstream_pr=pfstream_pr@entry=0x7ff5d4ff9248, this_layer_hdr=this_layer_hdr@entry=0x7f56080a09a6, thread_num=0, routedir=routedir@entry=0 '\000', raw_pkt=0x7ff5d4ffa2c0, offset_to_raw_pkt_hdr=86)
    at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_ipv6.c:862
#3  0x0000000000455cbe in gtp_entry (pfstream_pr=pfstream_pr@entry=0x7fff51af68dc, this_layer_data=this_layer_data@entry=0x7f56080a098e, thread_num=thread_num@entry=0, routedir=routedir@entry=0 '\000', raw_pkt=raw_pkt@entry=0x7ff5d4ffa2c0, 
    offset_to_raw_pkt_hdr=offset_to_raw_pkt_hdr@entry=70) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_gprs_tunnel.c:176
#4  0x000000000044ef1d in dealipv6udppkt (pindex=pindex@entry=0x7ff5d4ff94b0, a_packet=a_packet@entry=0x7f56080a0966, data=data@entry=0x7f56080a098e <Address 0x7f56080a098e out of bounds>, thread_num=thread_num@entry=0, routedir=routedir@entry=0 '\000', 
    raw_pkt=raw_pkt@entry=0x7ff5d4ffa2c0, offset_to_raw_pkt_hdr=offset_to_raw_pkt_hdr@entry=62) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_udp.c:940
#5  0x000000000044c1c6 in ipv6_entry (pfstream_pr=pfstream_pr@entry=0x7ff5d4ff96d8, this_layer_hdr=0x7f56080a0966, thread_num=thread_num@entry=0, routedir=<optimized out>, raw_pkt=raw_pkt@entry=0x7ff5d4ffa2c0, 
    offset_to_raw_pkt_hdr=offset_to_raw_pkt_hdr@entry=22) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_ipv6.c:862
#6  0x0000000000454ffc in IEEE_8021_entry (pfstream_pr=<optimized out>, this_layer_data=this_layer_data@entry=0x7f56080a095e, thread_num=thread_num@entry=0, routedir=routedir@entry=0 '\000', raw_pkt=0x7ff5d4ffa2c0, offset_to_raw_pkt_hdr=<optimized out>, 
    eth_type=eth_type@entry=33024) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_vlan.c:111
#7  0x000000000044da96 in eth_entry (fstream_pr=fstream_pr@entry=0x0, this_layer_hdr=0x7f56080a0950, thread_num=thread_num@entry=0, dir=<optimized out>, raw_pkt=raw_pkt@entry=0x7ff5d4ffa2c0, offset_to_raw_pkt_hdr=offset_to_raw_pkt_hdr@entry=0)
    at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_ethernet.c:189
#8  0x000000000043a1c7 in mesa_default_pkt_cb (p_raw_pkt=0x7ff5d4ffa2c0, dir=<optimized out>, thread_num=0) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/packet_io/packet_io.c:649
#9  0x000000000050f2ac in marsio4_pkt_hand (dir=0 '\000', raw_pkt=0x7ff5d4ffa2c0, rx_buff=0x7f56080a07c0, tid=0) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/packet_io/packet_io_marsio.c:664
#10 marsio4_process_packet (tid=tid@entry=0, raw_pkt=raw_pkt@entry=0x7ff5d4ffa2c0) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/packet_io/packet_io_marsio.c:706
#11 0x000000000050fc70 in marsio4_worker (arg=<optimized out>) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/packet_io/packet_io_marsio.c:872
#12 0x00007ffff79acea5 in start_thread () from /lib64/libpthread.so.0
#13 0x00007ffff59d396d in clone () from /lib64/libc.so.6
(gdb) l
2216                    break;
2217                    
2218                case ADDR_TYPE_VLAN:
2219                    if(ADDR_TYPE_VLAN == pstream_pr->stream_public.addr.addrtype){
2220                        if(cur_dir == DIR_C2S){
2221                            memcpy(pstream_pr->stream_public.addr.vlan->c2s_addr_array,
2222                                    p_stack->stream_public.addr.vlan->c2s_addr_array,
2223                                    sizeof(p_stack->stream_public.addr.vlan->c2s_addr_array));
2224                            pstream_pr->stream_public.addr.vlan->c2s_layer_num = p_stack->stream_public.addr.vlan->c2s_layer_num;
2225                        }
(gdb) l p_stack->stream_public.addr.vlan
Function "p_stack->stream_public.addr.vlan" not defined.
(gdb) p p_stack->stream_public.addr.vlan
$1 = (struct layer_addr_vlan *) 0x0
{code}
 
***
{code:java}
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ff5d2ffe700 (LWP 23868)]
0x0000000000451ef1 in update_opposite_addr_info (top_stream_pr=0x7fff508310dc, pstream_pr=0x7fe9cfe75c44, p_stack=0x7fe9cebffb04, cur_dir=1 '\001') at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/stream_manage.c:2221
2221                                                    memcpy(pstream_pr->stream_public.addr.vlan->c2s_addr_array,
Missing separate debuginfos, use: debuginfo-install file-libs-5.11-37.el7.x86_64 libMESA_field_stat-1.0.3.0de785d-1.el7.x86_64 libMV_Sketch-2.1.2.20220225.dc6bb95-1.el7.x86_64 libdocumentanalyze-2.0.10.4c04402-1.el7.x86_64 libelua-2.0.1.7760c27-1.el7.x86_64
(gdb) l
2216                                    break;
2217
2218                            case ADDR_TYPE_VLAN:
2219                                    if(ADDR_TYPE_VLAN == pstream_pr->stream_public.addr.addrtype){
2220                                            if(cur_dir == DIR_C2S){
2221                                                    memcpy(pstream_pr->stream_public.addr.vlan->c2s_addr_array,
2222                                                            p_stack->stream_public.addr.vlan->c2s_addr_array,
2223                                                            sizeof(p_stack->stream_public.addr.vlan->c2s_addr_array));
2224                                pstream_pr->stream_public.addr.vlan->c2s_layer_num = p_stack->stream_public.addr.vlan->c2s_layer_num;
2225                                            }
(gdb) p p_stack->stream_public.addr.vlan
$1 = (struct layer_addr_vlan *) 0x0
(gdb) bt
#0  0x0000000000451ef1 in update_opposite_addr_info (top_stream_pr=0x7fff508310dc, pstream_pr=0x7fe9cfe75c44, p_stack=0x7fe9cebffb04, cur_dir=1 '\001') at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/stream_manage.c:2221
#1  0x000000000044e648 in dealipv4udppkt (pindex=pindex@entry=0x7ff5d2ffc080, this_iphdr=0x7f557e055066, thread_num=thread_num@entry=0, routedir=routedir@entry=0 '\000', raw_pkt=raw_pkt@entry=0x7ff5d2ffd2c0, offset_to_raw_pkt_hdr=<optimized out>)
    at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_udp.c:639
#2  0x000000000044f63e in process_ipv4_pkt (pfindex=pfindex@entry=0x7ff5d2ffc080, a_packet=<optimized out>, thread_num=thread_num@entry=0, routedir=routedir@entry=0 '\000', raw_pkt=raw_pkt@entry=0x7ff5d2ffd2c0, offset_to_raw_pkt_hdr=86)
    at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_udp.c:980
#3  0x0000000000442dd5 in ipv4_entry (pfstream_pr=pfstream_pr@entry=0x7ff5d2ffc248, this_layer_data=this_layer_data@entry=0x7f557e055066, thread_num=0, routedir=routedir@entry=0 '\000', raw_pkt=<optimized out>, offset_to_raw_pkt_hdr=<optimized out>)
    at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_ipv4.c:766
#4  0x0000000000455ca9 in gtp_entry (pfstream_pr=pfstream_pr@entry=0x7fff5056bfdc, this_layer_data=this_layer_data@entry=0x7f557e05504e, thread_num=thread_num@entry=0, routedir=routedir@entry=0 '\000', raw_pkt=raw_pkt@entry=0x7ff5d2ffd2c0, 
    offset_to_raw_pkt_hdr=offset_to_raw_pkt_hdr@entry=70) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_gprs_tunnel.c:164
#5  0x000000000044ef1d in dealipv6udppkt (pindex=pindex@entry=0x7ff5d2ffc4b0, a_packet=a_packet@entry=0x7f557e055026, data=data@entry=0x7f557e05504e "\bh\bh", thread_num=thread_num@entry=0, routedir=routedir@entry=0 '\000', 
    raw_pkt=raw_pkt@entry=0x7ff5d2ffd2c0, offset_to_raw_pkt_hdr=offset_to_raw_pkt_hdr@entry=62) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_udp.c:940
#6  0x000000000044c1c6 in ipv6_entry (pfstream_pr=pfstream_pr@entry=0x7ff5d2ffc6d8, this_layer_hdr=0x7f557e055026, thread_num=thread_num@entry=0, routedir=<optimized out>, raw_pkt=raw_pkt@entry=0x7ff5d2ffd2c0, 
    offset_to_raw_pkt_hdr=offset_to_raw_pkt_hdr@entry=22) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_ipv6.c:862
#7  0x0000000000454ffc in IEEE_8021_entry (pfstream_pr=<optimized out>, this_layer_data=this_layer_data@entry=0x7f557e05501e, thread_num=thread_num@entry=0, routedir=routedir@entry=0 '\000', raw_pkt=0x7ff5d2ffd2c0, offset_to_raw_pkt_hdr=<optimized out>, 
    eth_type=eth_type@entry=33024) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_vlan.c:111
#8  0x000000000044da96 in eth_entry (fstream_pr=fstream_pr@entry=0x0, this_layer_hdr=0x7f557e055010, thread_num=thread_num@entry=0, dir=<optimized out>, raw_pkt=raw_pkt@entry=0x7ff5d2ffd2c0, offset_to_raw_pkt_hdr=offset_to_raw_pkt_hdr@entry=0)
    at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/dealpkt/deal_ethernet.c:189
#9  0x000000000043a1c7 in mesa_default_pkt_cb (p_raw_pkt=0x7ff5d2ffd2c0, dir=<optimized out>, thread_num=0) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/packet_io/packet_io.c:649
#10 0x000000000050f2ac in marsio4_pkt_hand (dir=0 '\000', raw_pkt=0x7ff5d2ffd2c0, rx_buff=0x7f557e054e80, tid=0) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/packet_io/packet_io_marsio.c:664
#11 marsio4_process_packet (tid=tid@entry=0, raw_pkt=raw_pkt@entry=0x7ff5d2ffd2c0) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/packet_io/packet_io_marsio.c:706
#12 0x000000000050fc70 in marsio4_worker (arg=<optimized out>) at /usr/src/debug/sapp-4.2.90.8c77537-Linux/executable/src_0/src/packet_io/packet_io_marsio.c:872
#13 0x00007ffff79acea5 in start_thread () from /lib64/libpthread.so.0
#14 0x00007ffff59d396d in clone () from /lib64/libc.so.6
(gdb) f 7
{code}
---
**yangwei** commented on *2023-06-05T09:35:53.296+0800*:
福建环境部署模式为镜像注入链路中的数据包需要操作系统协议栈转发封装格式与原始包不同不能包含GTP、VLAN、MPLS等
出现重启的192.168.19.21-22这两台对于解析封装格式的配置项不正确修改后暂无重启的现象。
关于VLAN地址翻转的问题代码逻辑无异常在线运行需要在大流量下超过10分钟以上才复现出现段错误的四元组无规律需要继续观察。
---
**liuxueli** commented on *2023-09-14T15:36:00.730+0800*:
* 福建环境: 192.168.27.110复现问题,
** 版本:sapp-pr-4.3.13.9ea6b23-1.el8.x86_64
** 栈:
***
{code:java}
第一次
(gdb) bt
#0  0x0000000000447e26 in update_opposite_addr_info ()
#1  0x0000000000445079 in dealipv6udppkt ()
#2  0x0000000000441d0c in ipv6_entry ()
#3  0x000000000044bfbf in gtp_entry ()
#4  0x0000000000445251 in dealipv6udppkt ()
#5  0x0000000000441d0c in ipv6_entry ()
#6  0x00000000004435e9 in eth_entry ()
#7  0x000000000042e153 in mesa_default_pkt_cb ()
#8  0x00000000004eb157 in marsio4_process_packet ()
#9  0x00000000004eb851 in marsio4_worker ()
#10 0x00007ffff799d1ca in start_thread () from /lib64/libpthread.so.0
#11 0x00007ffff4f53e73 in clone () from /lib64/libc.so.6
(gdb)
第二次
#0  0x000000000044814f in update_opposite_addr_info ()
#1  0x00000000004445ec in dealipv4udppkt ()
#2  0x0000000000437a9f in ipv4_entry ()
#3  0x000000000044c1f6 in gtp_entry ()
#4  0x0000000000445251 in dealipv6udppkt ()
#5  0x0000000000441d0c in ipv6_entry ()
#6  0x00000000004435e9 in eth_entry ()
#7  0x000000000042e153 in mesa_default_pkt_cb ()
#8  0x00000000004eb157 in marsio4_process_packet ()
#9  0x00000000004eb851 in marsio4_worker ()
#10 0x00007ffff799d1ca in start_thread () from /lib64/libpthread.so.0
#11 0x00007ffff4f53e73 in clone () from /lib64/libc.so.6
(gdb) r
{code}
---
**liuxueli** commented on *2023-09-21T21:05:48.695+0800*:
* sapp.4.3.23版本已修复
** sapp.4.3.23.asan报错信息
**
{code:java}
=================================================================
==1969==ERROR: AddressSanitizer: heap-use-after-free on address 0x61107483bf0c at pc 0x00000048bda9 bp 0x7fff6bf291a0 sp 0x7fff6bf29190
READ of size 1 at 0x61107483bf0c thread T25 (sapp_marsio_15)
    #0 0x48bda8 in update_opposite_addr_info /home/yangwei/SOURCE/sapp/src/dealpkt/stream_manage.c:2245
    #1 0x480a2a in dealipv6udppkt /home/yangwei/SOURCE/sapp/src/dealpkt/deal_udp.c:970
    #2 0x475150 in ipv6_entry /home/yangwei/SOURCE/sapp/src/dealpkt/deal_ipv6.c:866
    #3 0x49b2de in gtp_entry /home/yangwei/SOURCE/sapp/src/dealpkt/deal_gprs_tunnel.c:177
    #4 0x480dbb in dealipv6udppkt /home/yangwei/SOURCE/sapp/src/dealpkt/deal_udp.c:1028
    #5 0x475150 in ipv6_entry /home/yangwei/SOURCE/sapp/src/dealpkt/deal_ipv6.c:866
    #6 0x47ab61 in eth_entry /home/yangwei/SOURCE/sapp/src/dealpkt/deal_ethernet.c:185
    #7 0x43d2d9 in mesa_default_pkt_cb /home/yangwei/SOURCE/sapp/src/packet_io/packet_io.c:653
    #8 0x4f4c5e in marsio4_pkt_hand /home/yangwei/SOURCE/sapp/src/packet_io/packet_io_marsio.c:761
    #9 0x4f4c5e in marsio4_process_packet /home/yangwei/SOURCE/sapp/src/packet_io/packet_io_marsio.c:805
    #10 0x4f6507 in marsio4_worker /home/yangwei/SOURCE/sapp/src/packet_io/packet_io_marsio.c:963
    #11 0x7ffff6be81c9 in start_thread (/lib64/libpthread.so.0+0x81c9)
    #12 0x7ffff4702e72 in __clone (/lib64/libc.so.6+0x39e72)0x61107483bf0c is located 76 bytes inside of 196-byte region [0x61107483bec0,0x61107483bf84)
freed by thread T25 (sapp_marsio_15) here:
    #0 0x7ffff6eef7f0 in __interceptor_free (/lib64/libasan.so.5+0xef7f0)
    #1 0x48aebc in free_heap_stream_info /home/yangwei/SOURCE/sapp/src/dealpkt/stream_manage.c:2087
    #2 0x47da6c in udp_free_stream /home/yangwei/SOURCE/sapp/src/dealpkt/deal_udp.c:347
    #3 0x483e77 in del_stream /home/yangwei/SOURCE/sapp/src/dealpkt/stream_manage.c:277
    #4 0x483e77 in streamaddlist /home/yangwei/SOURCE/sapp/src/dealpkt/stream_manage.c:344
    #5 0x47c634 in udp_add_new_stream /home/yangwei/SOURCE/sapp/src/dealpkt/deal_udp.c:213
    #6 0x480fee in dealipv6udppkt /home/yangwei/SOURCE/sapp/src/dealpkt/deal_udp.c:896
    #7 0x475150 in ipv6_entry /home/yangwei/SOURCE/sapp/src/dealpkt/deal_ipv6.c:866
    #8 0x49b2de in gtp_entry /home/yangwei/SOURCE/sapp/src/dealpkt/deal_gprs_tunnel.c:177
    #9 0x480dbb in dealipv6udppkt /home/yangwei/SOURCE/sapp/src/dealpkt/deal_udp.c:1028
    #10 0x475150 in ipv6_entry /home/yangwei/SOURCE/sapp/src/dealpkt/deal_ipv6.c:866
    #11 0x47ab61 in eth_entry /home/yangwei/SOURCE/sapp/src/dealpkt/deal_ethernet.c:185
    #12 0x43d2d9 in mesa_default_pkt_cb /home/yangwei/SOURCE/sapp/src/packet_io/packet_io.c:653
    #13 0x4f4c5e in marsio4_pkt_hand /home/yangwei/SOURCE/sapp/src/packet_io/packet_io_marsio.c:761
    #14 0x4f4c5e in marsio4_process_packet /home/yangwei/SOURCE/sapp/src/packet_io/packet_io_marsio.c:805
    #15 0x4f6507 in marsio4_worker /home/yangwei/SOURCE/sapp/src/packet_io/packet_io_marsio.c:963
    #16 0x7ffff6be81c9 in start_thread (/lib64/libpthread.so.0+0x81c9)
previously allocated by thread T25 (sapp_marsio_15) here:
    #0 0x7ffff6eefbb8 in __interceptor_malloc (/lib64/libasan.so.5+0xefbb8)
    #1 0x4ba63e in sapp_mem_malloc /home/yangwei/SOURCE/sapp/src/common/sapp_mem.c:60
    #2 0x48d441 in copy_stream_info_to_heap_single_layer /home/yangwei/SOURCE/sapp/src/dealpkt/stream_manage.c:2538
    #3 0x48e767 in copy_stream_info_to_heap /home/yangwei/SOURCE/sapp/src/dealpkt/stream_manage.c:2589
    #4 0x47c492 in udp_add_new_stream /home/yangwei/SOURCE/sapp/src/dealpkt/deal_udp.c:186
    #5 0x480fee in dealipv6udppkt /home/yangwei/SOURCE/sapp/src/dealpkt/deal_udp.c:896
    #6 0x475150 in ipv6_entry /home/yangwei/SOURCE/sapp/src/dealpkt/deal_ipv6.c:866
    #7 0x47ab61 in eth_entry /home/yangwei/SOURCE/sapp/src/dealpkt/deal_ethernet.c:185
    #8 0x43d2d9 in mesa_default_pkt_cb /home/yangwei/SOURCE/sapp/src/packet_io/packet_io.c:653
    #9 0x4f4c5e in marsio4_pkt_hand /home/yangwei/SOURCE/sapp/src/packet_io/packet_io_marsio.c:761
    #10 0x4f4c5e in marsio4_process_packet /home/yangwei/SOURCE/sapp/src/packet_io/packet_io_marsio.c:805
    #11 0x4f6507 in marsio4_worker /home/yangwei/SOURCE/sapp/src/packet_io/packet_io_marsio.c:963
    #12 0x7ffff6be81c9 in start_thread (/lib64/libpthread.so.0+0x81c9)Thread T25 (sapp_marsio_15) created by T0 here:
    #0 0x7ffff6e52eb3 in __interceptor_pthread_create (/lib64/libasan.so.5+0x52eb3)
    #1 0x4fad8d in marsio_dl_io_run /home/yangwei/SOURCE/sapp/src/packet_io/packet_io_marsio.c:1405
    #2 0x4ddddd in MESA_platform_run /home/yangwei/SOURCE/sapp/src/sapp_dev/sapp_init.c:329
    #3 0x4da0c7 in libsapp_setup_env /home/yangwei/SOURCE/sapp/src/sapp_dev/sapp_plug.c:207
    #4 0x412678 in main /home/yangwei/SOURCE/sapp/src/entry/sapp_main.c:23
    #5 0x7ffff4703d84 in __libc_start_main (/lib64/libc.so.6+0x3ad84)SUMMARY: AddressSanitizer: heap-use-after-free /home/yangwei/SOURCE/sapp/src/dealpkt/stream_manage.c:2245 in update_opposite_addr_info
Shadow bytes around the buggy address:
  0x0c228e8ff790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c228e8ff7a0: 04 fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c228e8ff7b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c228e8ff7c0: 00 00 00 00 00 00 00 00 04 fa fa fa fa fa fa fa
  0x0c228e8ff7d0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
=>0x0c228e8ff7e0: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c228e8ff7f0: fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c228e8ff800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c228e8ff810: 00 00 00 00 00 00 00 00 04 fa fa fa fa fa fa fa
  0x0c228e8ff820: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c228e8ff830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==1969==ABORTING
{code}
---
## Attachments
**34430/image-2023-01-13-10-10-30-915.png**
---
**34461/OMPUB-777.vlan.segmentfault.pcap**
---
**34462/OMPUB-777.vlan.segmentfault-2.pcap**
---
**34463/OMPUB-777.vlan.segmentfault-3.pcap**
---
Reference in New Issue View Git Blame Copy Permalink