On Mon, May 31, 2021 at 04:44:11PM +0000, Miroslav Kubiczek wrote:
> Hello,
> We observe a crash with certain packets (BGP UPDATE with 2096 bytes whereas
> MTU was 1500):
>
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib64/libthread_db.so.1".
> Core was generated by `ovs-vswitchd unix:/var/run/openvswitch/db.sock
> -vconsole:emer -vsyslog:err -vfi'.
> Program terminated with signal 11, Segmentation fault.
> #0 dp_packet_set_size (v=572, b=0x0) at lib/dp-packet.h:578
> 578 b->mbuf.data_len = (uint16_t)v; /* Current seg length. */
> Missing separate debuginfos, use: debuginfo-install
> glibc-2.17-307.el7.1.x86_64 keyutils-libs-1.5.8-3.el7.x86_64
> krb5-libs-1.15.1-46.el7.x86_64 libatomic-4.8.5-44.el7.x86_64
> libcom_err-1.42.9-17.el7.x86_64 libevent-2.0.21-4.el7.x86_64
> libgcc-4.8.5-39.el7.x86_64 libpcap-1.5.3-12.el7.x86_64
> libselinux-2.5-15.el7.x86_64 libunwind-1.2-2.el7.x86_64
> numactl-libs-2.0.12-5.el7.x86_64 openssl-libs-1.0.2k-19.el7.x86_64
> pcre-8.32-17.el7.x86_64 python-libs-2.7.5-88.el7.x86_64
> unbound-libs-1.6.6-3.el7.x86_64 zlib-1.2.7-18.el7.x86_64
> (gdb) backtrace
> #0 dp_packet_set_size (v=572, b=0x0) at lib/dp-packet.h:578
> #1 netdev_linux_batch_rxq_recv_sock (rx=rx@entry=0x20b1c90, mtu=<optimized
> out>, batch=batch@entry=0x7ffcf27baee0) at lib/netdev-linux.c:1306
This looks something of a weird case overall, because it suggests that
you're using the userspace datapath but not DPDK network devices. Is
that correct?
This crash appears to be here:
if (mmsgs[i].msg_len > std_len) {
/* Build a single linear TSO packet by prepending the data from
* std_len buffer to the aux_buf. */
pkt = rx->aux_bufs[i];
dp_packet_set_size(pkt, mmsgs[i].msg_len - std_len);
Ending up passing a null 'pkt' to dp_packet_set_size() indicates that
somehow aux_bufs[i] didn't get initialized. I don't see how that would
happen.
_______________________________________________
discuss mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
