Date: Fri, 12 Jul 2019 13:51:37 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 238642] netmap: fix kernel pointer printing in netmap_generic.c Message-ID: <bug-238642-7501-vcVZVbcNTV@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-238642-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-238642-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D238642 Aleksandr Fedorov <aleksandr.fedorov@itglobal.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aleksandr.fedorov@itglobal. | |com --- Comment #5 from Aleksandr Fedorov <aleksandr.fedorov@itglobal.com> --- It seems something goes wrong. With with changes i saw a panic on CURRENT: root@current:~ # ifconfig vlan0 create up=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 root@current:~ # vale-ctl -a vale0:vlan0=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20 Fatal trap 12: page fault while in kernel mode=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 cpuid =3D 2; apic id =3D 02=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 fault virtual address =3D 0x2a0=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20 fault code =3D supervisor read data, page not present=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20 instruction pointer =3D 0x20:0xffffffff80cb96cf=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 stack pointer =3D 0x28:0xfffffe008fa48da0 frame pointer =3D 0x28:0xfffffe008fa48da0 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 665 (vale-ctl) trap number =3D 12 panic: page fault=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20 cpuid =3D 2=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20 time =3D 1562949961=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 KDB: stack backtrace:=20=20 db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe008fa48= a60 vpanic() at vpanic+0x19d/frame 0xfffffe008fa48ab0 panic() at panic+0x43/frame 0xfffffe008fa48b10 trap_fatal() at trap_fatal+0x39c/frame 0xfffffe008fa48b70 trap_pfault() at trap_pfault+0x62/frame 0xfffffe008fa48bc0 trap() at trap+0x2b4/frame 0xfffffe008fa48cd0 calltrap() at calltrap+0x8/frame 0xfffffe008fa48cd0 --- trap 0xc, rip =3D 0xffffffff80cb96cf, rsp =3D 0xfffffe008fa48da0, rbp = =3D 0xfffffe008fa48da0 --- strlen() at strlen+0x1f/frame 0xfffffe008fa48da0 kvprintf() at kvprintf+0xf79/frame 0xfffffe008fa48ec0 vprintf() at vprintf+0x81/frame 0xfffffe008fa48f90 printf() at printf+0x43/frame 0xfffffe008fa48ff0 generic_netmap_attach() at generic_netmap_attach+0x309/frame 0xfffffe008fa4= 9040 netmap_get_hw_na() at netmap_get_hw_na+0x81/frame 0xfffffe008fa49070 netmap_get_bdg_na() at netmap_get_bdg_na+0x213/frame 0xfffffe008fa49100 netmap_vale_attach() at netmap_vale_attach+0xe0/frame 0xfffffe008fa49140 netmap_ioctl() at netmap_ioctl+0x8a9/frame 0xfffffe008fa49200 netmap_ioctl_legacy() at netmap_ioctl_legacy+0x4fd/frame 0xfffffe008fa495b0 netmap_ioctl() at netmap_ioctl+0x16b/frame 0xfffffe008fa49670 freebsd_netmap_ioctl() at freebsd_netmap_ioctl+0x88/frame 0xfffffe008fa496b0 devfs_ioctl() at devfs_ioctl+0xca/frame 0xfffffe008fa49700 VOP_IOCTL_APV() at VOP_IOCTL_APV+0x63/frame 0xfffffe008fa49720 vn_ioctl() at vn_ioctl+0x13d/frame 0xfffffe008fa49830 devfs_ioctl_f() at devfs_ioctl_f+0x1f/frame 0xfffffe008fa49850 kern_ioctl() at kern_ioctl+0x28a/frame 0xfffffe008fa498c0 sys_ioctl() at sys_ioctl+0x15d/frame 0xfffffe008fa49990 amd64_syscall() at amd64_syscall+0x276/frame 0xfffffe008fa49ab0 fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe008fa49ab0 --- syscall (54, FreeBSD ELF64, sys_ioctl), rip =3D 0x80041631a, rsp =3D 0x7fffffffeab8, rbp =3D 0x7fffffffeb50 --- KDB: enter: panic [ thread pid 665 tid 100131 ] Stopped at kdb_enter+0x3b: movq $0,kdb_why db>=20 This happens due the fact that gna->prev equal zero. For example old output without this patch: root@current:~ # vale-ctl -a vale0:vlan0 792.670615 [1130] generic_netmap_attach Emulated adapter for vlan0 crea= ted (prev was 0) =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20 ^^^^^^^!!!!! I don't know why, but this if evaluated as false: 1121 if (NM_NA_VALID(ifp)) { 1122 gna->prev =3D NA(ifp); /* save old na */ 1123 netmap_adapter_get(gna->prev); 1124 } And then: 1129 nm_prinf("Emulated adapter for %s created (prev was %s)", na->name, gna->prev->name); =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20 ^^^^!!!! Null pointer dereference. --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-238642-7501-vcVZVbcNTV>