Re: Bug in virtio-net
On Tue, Dec 9, 2014 at 12:40 PM, Peter Grehan wrote: > Hi Shawn, > > I doubt this has anything to do with vtnet. My guess is that >>> netisr_proto[NETISR_ETHER].np_handler(m) is NULL for some reason. Do >>> you have a dump? >>> >> >> core.txt is attached. I've also uploaded it to the link below in case >> the attachment is scrubbed. >> >> http://0xfeedface.org/~shawn/2014-12-08_2028_core.txt >> > > Is the core dump available ? > > As Bryan mentioned, this is a NULL function pointer deref and not a data > access so is possibly related to corruption of data structures rather than > a bug in the virtio driver. The core dump would be able to point to what > went wrong. > > later, > > Peter. > > Gotcha. I'll see if I can upload it to Google Drive or somewhere. It's 1.6GB in size. I'm assuming just like any other core dump, they can contain sensitive info. I'll ping you both directly with the link when it's uploaded. Please keep sharing it to a minimum. Thanks, Shawn ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Bug in virtio-net
Hi Shawn, I doubt this has anything to do with vtnet. My guess is that netisr_proto[NETISR_ETHER].np_handler(m) is NULL for some reason. Do you have a dump? core.txt is attached. I've also uploaded it to the link below in case the attachment is scrubbed. http://0xfeedface.org/~shawn/2014-12-08_2028_core.txt Is the core dump available ? As Bryan mentioned, this is a NULL function pointer deref and not a data access so is possibly related to corruption of data structures rather than a bug in the virtio driver. The core dump would be able to point to what went wrong. later, Peter. ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Bug in virtio-net
On Mon, Dec 8, 2014 at 5:34 PM, Shawn Webb wrote: > I was running Poudriere in bhyve. I got this kernel panic. I'm on a new > 11-CURRENT as of this morning. Would this be a NULL pointer deref? > > `uname -a`: FreeBSD 11.0-CURRENT FreeBSD 11.0-CURRENT #1 > b5310d8(hardened/current/master)-dirty: Mon Dec 8 12:58:12 UTC 2014 > shawn@pkg-build-01:/usr/obj/usr/src/sys/LATT-SEC amd64 > > This bhyve VM is at r275606. The host is at r275575. > > Thanks, > > Shawn > > Kern panic backtrace: > > Fatal trap 12: page fault while in kernel mode > cpuid = 0; apic id = 00 > fault virtual address = 0x0 > fault code = supervisor read instruction, page not present > instruction pointer = 0x20:0x0 > stack pointer = 0x28:0xfe0469a0c830 > frame pointer = 0x28:0xfe0469a0c8b0 > code segment= base 0x0, limit 0xf, type 0x1b > = DPL 0, pres 1, long 1, def32 0, gran 1 > processor eflags= interrupt enabled, resume, IOPL = 0 > current process = 12 (irq267: virtio_pci0) > [ thread pid 12 tid 100040 ] > Stopped at 0:KDB: reentering > KDB: stack backtrace: > db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame > 0xfe0469a0bd90 > kdb_backtrace() at kdb_backtrace+0x39/frame 0xfe0469a0be40 > kdb_reenter() at kdb_reenter+0x33/frame 0xfe0469a0be50 > trap() at trap+0x54/frame 0xfe0469a0c060 > calltrap() at calltrap+0x8/frame 0xfe0469a0c060 > --- trap 0xc, rip = 0x80e06033, rsp = 0xfe0469a0c120, rbp = > 0xfe0469a0c1c0 --- > db_read_bytes() at db_read_bytes+0x53/frame 0xfe0469a0c1c0 > db_get_value() at db_get_value+0x38/frame 0xfe0469a0c210 > db_disasm() at db_disasm+0x23/frame 0xfe0469a0c330 > db_trap() at db_trap+0xc0/frame 0xfe0469a0c3c0 > kdb_trap() at kdb_trap+0x191/frame 0xfe0469a0c460 > trap_fatal() at trap_fatal+0x34c/frame 0xfe0469a0c4c0 > trap_pfault() at trap_pfault+0x33c/frame 0xfe0469a0c560 > trap() at trap+0x45e/frame 0xfe0469a0c770 > calltrap() at calltrap+0x8/frame 0xfe0469a0c770 > --- trap 0xc, rip = 0, rsp = 0xfe0469a0c830, rbp = > 0xfe0469a0c8b0 --- > uart_sab82532_class() at 0/frame 0xfe0469a0c8b0 > ether_input() at ether_input+0x26/frame 0xfe0469a0c8d0 > vtnet_rxq_eof() at vtnet_rxq_eof+0x7be/frame 0xfe0469a0c9a0 > vtnet_rx_vq_intr() at vtnet_rx_vq_intr+0x94/frame 0xfe0469a0c9e0 > intr_event_execute_handlers() at intr_event_execute_handlers+0x1b8/frame > 0xfe0469a0ca20 > ithread_loop() at ithread_loop+0x96/frame 0xfe0469a0ca70 > fork_exit() at fork_exit+0x9a/frame 0xfe0469a0cab0 > fork_trampoline() at fork_trampoline+0xe/frame 0xfe0469a0cab0 > --- trap 0, rip = 0, rsp = 0xfe0469a0cb70, rbp = 0 --- > I doubt this has anything to do with vtnet. My guess is that netisr_proto[NETISR_ETHER].np_handler(m) is NULL for some reason. Do you have a dump? > *** error reading from address 0 *** > KDB: reentering > KDB: stack backtrace: > db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame > 0xfe0469a0c100 > kdb_backtrace() at kdb_backtrace+0x39/frame 0xfe0469a0c1b0 > kdb_reenter() at kdb_reenter+0x33/frame 0xfe0469a0c1c0 > db_get_value() at db_get_value+0x52/frame 0xfe0469a0c210 > db_disasm() at db_disasm+0x23/frame 0xfe0469a0c330 > db_trap() at db_trap+0xc0/frame 0xfe0469a0c3c0 > kdb_trap() at kdb_trap+0x191/frame 0xfe0469a0c460 > trap_fatal() at trap_fatal+0x34c/frame 0xfe0469a0c4c0 > trap_pfault() at trap_pfault+0x33c/frame 0xfe0469a0c560 > trap() at trap+0x45e/frame 0xfe0469a0c770 > calltrap() at calltrap+0x8/frame 0xfe0469a0c770 > --- trap 0xc, rip = 0, rsp = 0xfe0469a0c830, rbp = > 0xfe0469a0c8b0 --- > uart_sab82532_class() at 0/frame 0xfe0469a0c8b0 > ether_input() at ether_input+0x26/frame 0xfe0469a0c8d0 > vtnet_rxq_eof() at vtnet_rxq_eof+0x7be/frame 0xfe0469a0c9a0 > vtnet_rx_vq_intr() at vtnet_rx_vq_intr+0x94/frame 0xfe0469a0c9e0 > intr_event_execute_handlers() at intr_event_execute_handlers+0x1b8/frame > 0xfe0469a0ca20 > ithread_loop() at ithread_loop+0x96/frame 0xfe0469a0ca70 > fork_exit() at fork_exit+0x9a/frame 0xfe0469a0cab0 > fork_trampoline() at fork_trampoline+0xe/frame 0xfe0469a0cab0 > --- trap 0, rip = 0, rsp = 0xfe0469a0cb70, rbp = 0 --- > > ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Bug in virtio-net
I was running Poudriere in bhyve. I got this kernel panic. I'm on a new 11-CURRENT as of this morning. Would this be a NULL pointer deref? `uname -a`: FreeBSD 11.0-CURRENT FreeBSD 11.0-CURRENT #1 b5310d8(hardened/current/master)-dirty: Mon Dec 8 12:58:12 UTC 2014 shawn@pkg-build-01:/usr/obj/usr/src/sys/LATT-SEC amd64 This bhyve VM is at r275606. The host is at r275575. Thanks, Shawn Kern panic backtrace: Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x0 fault code = supervisor read instruction, page not present instruction pointer = 0x20:0x0 stack pointer = 0x28:0xfe0469a0c830 frame pointer = 0x28:0xfe0469a0c8b0 code segment= base 0x0, limit 0xf, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags= interrupt enabled, resume, IOPL = 0 current process = 12 (irq267: virtio_pci0) [ thread pid 12 tid 100040 ] Stopped at 0:KDB: reentering KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfe0469a0bd90 kdb_backtrace() at kdb_backtrace+0x39/frame 0xfe0469a0be40 kdb_reenter() at kdb_reenter+0x33/frame 0xfe0469a0be50 trap() at trap+0x54/frame 0xfe0469a0c060 calltrap() at calltrap+0x8/frame 0xfe0469a0c060 --- trap 0xc, rip = 0x80e06033, rsp = 0xfe0469a0c120, rbp = 0xfe0469a0c1c0 --- db_read_bytes() at db_read_bytes+0x53/frame 0xfe0469a0c1c0 db_get_value() at db_get_value+0x38/frame 0xfe0469a0c210 db_disasm() at db_disasm+0x23/frame 0xfe0469a0c330 db_trap() at db_trap+0xc0/frame 0xfe0469a0c3c0 kdb_trap() at kdb_trap+0x191/frame 0xfe0469a0c460 trap_fatal() at trap_fatal+0x34c/frame 0xfe0469a0c4c0 trap_pfault() at trap_pfault+0x33c/frame 0xfe0469a0c560 trap() at trap+0x45e/frame 0xfe0469a0c770 calltrap() at calltrap+0x8/frame 0xfe0469a0c770 --- trap 0xc, rip = 0, rsp = 0xfe0469a0c830, rbp = 0xfe0469a0c8b0 --- uart_sab82532_class() at 0/frame 0xfe0469a0c8b0 ether_input() at ether_input+0x26/frame 0xfe0469a0c8d0 vtnet_rxq_eof() at vtnet_rxq_eof+0x7be/frame 0xfe0469a0c9a0 vtnet_rx_vq_intr() at vtnet_rx_vq_intr+0x94/frame 0xfe0469a0c9e0 intr_event_execute_handlers() at intr_event_execute_handlers+0x1b8/frame 0xfe0469a0ca20 ithread_loop() at ithread_loop+0x96/frame 0xfe0469a0ca70 fork_exit() at fork_exit+0x9a/frame 0xfe0469a0cab0 fork_trampoline() at fork_trampoline+0xe/frame 0xfe0469a0cab0 --- trap 0, rip = 0, rsp = 0xfe0469a0cb70, rbp = 0 --- *** error reading from address 0 *** KDB: reentering KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfe0469a0c100 kdb_backtrace() at kdb_backtrace+0x39/frame 0xfe0469a0c1b0 kdb_reenter() at kdb_reenter+0x33/frame 0xfe0469a0c1c0 db_get_value() at db_get_value+0x52/frame 0xfe0469a0c210 db_disasm() at db_disasm+0x23/frame 0xfe0469a0c330 db_trap() at db_trap+0xc0/frame 0xfe0469a0c3c0 kdb_trap() at kdb_trap+0x191/frame 0xfe0469a0c460 trap_fatal() at trap_fatal+0x34c/frame 0xfe0469a0c4c0 trap_pfault() at trap_pfault+0x33c/frame 0xfe0469a0c560 trap() at trap+0x45e/frame 0xfe0469a0c770 calltrap() at calltrap+0x8/frame 0xfe0469a0c770 --- trap 0xc, rip = 0, rsp = 0xfe0469a0c830, rbp = 0xfe0469a0c8b0 --- uart_sab82532_class() at 0/frame 0xfe0469a0c8b0 ether_input() at ether_input+0x26/frame 0xfe0469a0c8d0 vtnet_rxq_eof() at vtnet_rxq_eof+0x7be/frame 0xfe0469a0c9a0 vtnet_rx_vq_intr() at vtnet_rx_vq_intr+0x94/frame 0xfe0469a0c9e0 intr_event_execute_handlers() at intr_event_execute_handlers+0x1b8/frame 0xfe0469a0ca20 ithread_loop() at ithread_loop+0x96/frame 0xfe0469a0ca70 fork_exit() at fork_exit+0x9a/frame 0xfe0469a0cab0 fork_trampoline() at fork_trampoline+0xe/frame 0xfe0469a0cab0 --- trap 0, rip = 0, rsp = 0xfe0469a0cb70, rbp = 0 --- signature.asc Description: This is a digitally signed message part
