Bug in virtio-net

Bryan Venteicher bryanv at daemoninthecloset.org
Tue Dec 9 01:24:34 UTC 2014


On Mon, Dec 8, 2014 at 5:34 PM, Shawn Webb <lattera at gmail.com> wrote:

> I was running Poudriere in bhyve. I got this kernel panic. I'm on a new
> 11-CURRENT as of this morning. Would this be a NULL pointer deref?
>
> `uname -a`: FreeBSD  11.0-CURRENT FreeBSD 11.0-CURRENT #1
> b5310d8(hardened/current/master)-dirty: Mon Dec  8 12:58:12 UTC 2014
> shawn at pkg-build-01:/usr/obj/usr/src/sys/LATT-SEC  amd64
>
> This bhyve VM is at r275606. The host is at r275575.
>
> Thanks,
>
> Shawn
>
> Kern panic backtrace:
>
> Fatal trap 12: page fault while in kernel mode
> cpuid = 0; apic id = 00
> fault virtual address   = 0x0
> fault code              = supervisor read instruction, page not present
> instruction pointer     = 0x20:0x0
> stack pointer           = 0x28:0xfffffe0469a0c830
> frame pointer           = 0x28:0xfffffe0469a0c8b0
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, long 1, def32 0, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 12 (irq267: virtio_pci0)
> [ thread pid 12 tid 100040 ]
> Stopped at      0:KDB: reentering
> KDB: stack backtrace:
>       db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
> 0xfffffe0469a0bd90
> kdb_backtrace() at kdb_backtrace+0x39/frame 0xfffffe0469a0be40
> kdb_reenter() at kdb_reenter+0x33/frame 0xfffffe0469a0be50
> trap() at trap+0x54/frame 0xfffffe0469a0c060
> calltrap() at calltrap+0x8/frame 0xfffffe0469a0c060
> --- trap 0xc, rip = 0xffffffff80e06033, rsp = 0xfffffe0469a0c120, rbp =
> 0xfffffe0469a0c1c0 ---
> db_read_bytes() at db_read_bytes+0x53/frame 0xfffffe0469a0c1c0
> db_get_value() at db_get_value+0x38/frame 0xfffffe0469a0c210
> db_disasm() at db_disasm+0x23/frame 0xfffffe0469a0c330
> db_trap() at db_trap+0xc0/frame 0xfffffe0469a0c3c0
> kdb_trap() at kdb_trap+0x191/frame 0xfffffe0469a0c460
> trap_fatal() at trap_fatal+0x34c/frame 0xfffffe0469a0c4c0
> trap_pfault() at trap_pfault+0x33c/frame 0xfffffe0469a0c560
> trap() at trap+0x45e/frame 0xfffffe0469a0c770
> calltrap() at calltrap+0x8/frame 0xfffffe0469a0c770
> --- trap 0xc, rip = 0, rsp = 0xfffffe0469a0c830, rbp =
> 0xfffffe0469a0c8b0 ---
> uart_sab82532_class() at 0/frame 0xfffffe0469a0c8b0
> ether_input() at ether_input+0x26/frame 0xfffffe0469a0c8d0
> vtnet_rxq_eof() at vtnet_rxq_eof+0x7be/frame 0xfffffe0469a0c9a0
> vtnet_rx_vq_intr() at vtnet_rx_vq_intr+0x94/frame 0xfffffe0469a0c9e0
> intr_event_execute_handlers() at intr_event_execute_handlers+0x1b8/frame
> 0xfffffe0469a0ca20
> ithread_loop() at ithread_loop+0x96/frame 0xfffffe0469a0ca70
> fork_exit() at fork_exit+0x9a/frame 0xfffffe0469a0cab0
> fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0469a0cab0
> --- trap 0, rip = 0, rsp = 0xfffffe0469a0cb70, rbp = 0 ---
>


​I doubt this has anything to do with vtnet. My guess is that
netisr_proto[NETISR_ETHER].np_handler(m) is ​NULL for some reason. Do you
have a dump?



> *** error reading from address 0 ***
> KDB: reentering
> KDB: stack backtrace:
> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
> 0xfffffe0469a0c100
> kdb_backtrace() at kdb_backtrace+0x39/frame 0xfffffe0469a0c1b0
> kdb_reenter() at kdb_reenter+0x33/frame 0xfffffe0469a0c1c0
> db_get_value() at db_get_value+0x52/frame 0xfffffe0469a0c210
> db_disasm() at db_disasm+0x23/frame 0xfffffe0469a0c330
> db_trap() at db_trap+0xc0/frame 0xfffffe0469a0c3c0
> kdb_trap() at kdb_trap+0x191/frame 0xfffffe0469a0c460
> trap_fatal() at trap_fatal+0x34c/frame 0xfffffe0469a0c4c0
> trap_pfault() at trap_pfault+0x33c/frame 0xfffffe0469a0c560
> trap() at trap+0x45e/frame 0xfffffe0469a0c770
> calltrap() at calltrap+0x8/frame 0xfffffe0469a0c770
> --- trap 0xc, rip = 0, rsp = 0xfffffe0469a0c830, rbp =
> 0xfffffe0469a0c8b0 ---
> uart_sab82532_class() at 0/frame 0xfffffe0469a0c8b0
> ether_input() at ether_input+0x26/frame 0xfffffe0469a0c8d0
> vtnet_rxq_eof() at vtnet_rxq_eof+0x7be/frame 0xfffffe0469a0c9a0
> vtnet_rx_vq_intr() at vtnet_rx_vq_intr+0x94/frame 0xfffffe0469a0c9e0
> intr_event_execute_handlers() at intr_event_execute_handlers+0x1b8/frame
> 0xfffffe0469a0ca20
> ithread_loop() at ithread_loop+0x96/frame 0xfffffe0469a0ca70
> fork_exit() at fork_exit+0x9a/frame 0xfffffe0469a0cab0
> fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0469a0cab0
> --- trap 0, rip = 0, rsp = 0xfffffe0469a0cb70, rbp = 0 ---
>
>


More information about the freebsd-current mailing list