[ovs-discuss] openvswitch-2.14.0 crashes

Ilya Maximets i.maximets at ovn.org
Fri Jul 9 20:13:48 UTC 2021 

> On Mon, May 31, 2021 at 04:44:11PM +0000, Miroslav Kubiczek wrote:
>> Hello,
>> We observe a crash with certain packets (BGP UPDATE with 2096 bytes whereas MTU was 1500):
>> 
>> [Thread debugging using libthread_db enabled]
>> Using host libthread_db library "/lib64/libthread_db.so.1".
>> Core was generated by `ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfi'.
>> Program terminated with signal 11, Segmentation fault.
>> #0  dp_packet_set_size (v=572, b=0x0) at lib/dp-packet.h:578
>> 578         b->mbuf.data_len = (uint16_t)v;  /* Current seg length. */
>> Missing separate debuginfos, use: debuginfo-install glibc-2.17-307.el7.1.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.15.1-46.el7.x86_64 libatomic-4.8.5-44.el7.x86_64 libcom_err-1.42.9-17.el7.x86_64 libevent-2.0.21-4.el7.x86_64 libgcc-4.8.5-39.el7.x86_64 libpcap-1.5.3-12.el7.x86_64 libselinux-2.5-15.el7.x86_64 libunwind-1.2-2.el7.x86_64 numactl-libs-2.0.12-5.el7.x86_64 openssl-libs-1.0.2k-19.el7.x86_64 pcre-8.32-17.el7.x86_64 python-libs-2.7.5-88.el7.x86_64 unbound-libs-1.6.6-3.el7.x86_64 zlib-1.2.7-18.el7.x86_64
>> (gdb) backtrace
>> #0  dp_packet_set_size (v=572, b=0x0) at lib/dp-packet.h:578
>> #1  netdev_linux_batch_rxq_recv_sock (rx=rx at entry=0x20b1c90, mtu=<optimized out>, batch=batch at entry=0x7ffcf27baee0) at lib/netdev-linux.c:1306
> 
> This looks something of a weird case overall, because it suggests that
> you're using the userspace datapath but not DPDK network devices.  Is
> that correct?
> 
> This crash appears to be here:
> 
>         if (mmsgs[i].msg_len > std_len) {
>             /* Build a single linear TSO packet by prepending the data from
>              * std_len buffer to the aux_buf. */
>             pkt = rx->aux_bufs[i];
>             dp_packet_set_size(pkt, mmsgs[i].msg_len - std_len);
> 
> Ending up passing a null 'pkt' to dp_packet_set_size() indicates that
> somehow aux_bufs[i] didn't get initialized.  I don't see how that would
> happen.


Just in case someone will find this thread.
This particular crash was fixed by the following patch:
https://patchwork.ozlabs.org/project/openvswitch/patch/162548620436.40409.579366497986013480.stgit@wsfd-netdev64.ntdv.lab.eng.bos.redhat.com/

Best regards, Ilya Maximets.

More information about the discuss mailing list