On Tue, Aug 19, 2014 at 12:40:53PM +0100, Sitsofe Wheeler wrote: > On Tue, Aug 19, 2014 at 10:57:30AM +0200, Daniel Borkmann wrote: > > On 08/19/2014 10:15 AM, Sitsofe Wheeler wrote: > > >After a variety of issues on Hyper-V (host is running Windows 2012 R2) I > > >updated to the latest kernel (3.17-rc1 > > >7d1311b93e58ed55f3a31cc8f94c4b8fe988a2b9), turned on a bunch of kernel > > >validation options and booted which has resulted in a BUG being > > >triggered (IP claims to be at netvsc_select_queue), at least one of the > > >network cards not working and a bunch of oopses. > > > > > >Guest is a customised Fedora 20 cloud image. Partial dmesg output is > > >below: > > > > > >[ 16.064298] input: TPPS/2 IBM TrackPoint as /devices/platform/i8042/serio1/input/input4 > > >[ 19.292370] BUG: unable to handle kernel paging request at ffff8801f3febe63 > > >[ 19.293258] IP: [<ffffffff814e69ad>] netvsc_select_queue+0x3d/0x150 > > >[ 19.293258] PGD 2db1067 PUD 207dc0067 PMD 207c20067 PTE 80000001f3feb060 > > >[ 19.293258] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC > > >[ 19.293258] CPU: 8 PID: 568 Comm: arping Not tainted 3.17.0-rc1.x86_64 #121 > > >[ 19.293258] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS 090006 05/23/2012 > > >[ 19.293258] task: ffff8800f29326a0 ti: ffff8801f940c000 task.ti: ffff8801f940c000 > > >[ 19.293258] RIP: 0010:[<ffffffff814e69ad>] [<ffffffff814e69ad>] netvsc_select_queue+0x3d/0x150 > > >[ 19.293258] RSP: 0018:ffff8801f940fc60 EFLAGS: 00010206 > > >[ 19.293258] RAX: 0000000000000000 RBX: ffff8800f13e5680 RCX: 000000000000ffff > > >[ 19.293258] RDX: ffff8801f3fdbe58 RSI: ffff8801f39b8d80 RDI: ffff8800f13e5680 > > >[ 19.293258] RBP: ffff8801f940fc88 R08: 000000000000002a R09: 0000000000000000 > > >[ 19.293258] R10: ffff8800f13e4520 R11: 000000000000000a R12: ffff8801f39b8d80 > > >[ 19.293258] R13: 0000000000000000 R14: ffff8801f9bf1290 R15: ffff8801f39b8d80 > > >[ 19.293258] FS: 00007f777b980740(0000) GS:ffff880206d00000(0000) knlGS:0000000000000000 > > >[ 19.293258] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > > >[ 19.293258] CR2: ffff8801f3febe63 CR3: 00000001f3aed000 CR4: 00000000000406e0 > > > Hmm, I am not really familiar with hyper-v, but it seems 5b54dac856cb ("hyperv: > > Add support for virtual Receive Side Scaling (vRSS)") has been introduced after > > 0fd5d57ba345 ("packet: check for ndo_select_queue during queue selection"). > > > > arping seems to send a raw packet (AF_PACKET) via normal packet_sendmsg() out > > and when doing the queue selection in packet_pick_tx_queue(), we discover that > > the device has ndo_select_queue implemented, so we respect that and call into > > it. In netvsc_select_queue(), the fallback of __packet_pick_tx_queue() is not > > being invoked here. > > > > Given that the next log message is "hv_netvsc vmbus_0_15: net device safe to > > remove" ... could it be that your back pointer to the device context (the actual > > struct hv_device) is already invalid when you try to get hv_get_drvdata(hdev) > > as it's sort of decoupled from netdev_priv(ndev) ? (Just a wild guess ...) > > Thanks for investigating! After setting DEBUG_PAGEALLOC=n I'm now > getting a GPF with an IP of rndis_filter_open: > > [ 28.255083] EXT4-fs (sdb1): mounted filesystem with ordered data mode. Opts: (null) > [ 28.531276] systemd-journald[366]: Received request to flush runtime journal from PID 1 > [ 29.401494] hv_utils: KVP: user-mode registering done. > [ 34.628072] hv_netvsc vmbus_0_15: net device safe to remove > [ 34.676573] hv_netvsc: hv_netvsc channel opened successfully > [ 34.860292] hv_netvsc vmbus_0_15 eth1: unable to establish send buffer's gpadl > [ 34.948983] hv_netvsc vmbus_0_15 eth1: unable to connect to NetVSP - 4 > [ 35.073575] general protection fault: 0000 [#1] SMP > [ 35.097981] CPU: 8 PID: 678 Comm: ip Not tainted 3.17.0-rc1.x86_64 #124 > [ 35.097981] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS 090006 05/23/2012 > [ 35.097981] task: ffff8801f49f1350 ti: ffff8801f8f10000 task.ti: ffff8801f8f10000 > [ 35.263681] RIP: 0010:[<ffffffff814e9fef>] [<ffffffff814e9fef>] rndis_filter_open+0x1f/0x60 > [ 35.263681] RSP: 0018:ffff8801f8f13780 EFLAGS: 00010246 > [ 35.263681] RAX: 0000000000000000 RBX: 6b6b6b6b6b6b6b6b RCX: 0000000000000006 > [ 35.263681] RDX: 0000000000000006 RSI: ffff8801f49f1a90 RDI: ffff8801fbb8d480 > [ 35.263681] RBP: ffff8801f8f13788 R08: 0000000000000000 R09: 0000000000000000 > [ 35.263681] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8801fbb8d480 > [ 35.263681] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000001 > [ 35.263681] FS: 00007ff9ce3aa740(0000) GS:ffff880207d00000(0000) knlGS:0000000000000000 > [ 35.263681] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 35.263681] CR2: 00007fff85779b10 CR3: 00000001f4244000 CR4: 00000000000406e0 > [ 35.263681] Stack: > [ 35.263681] ffff8800f17d8000 ffff8801f8f137b0 ffffffff814e6505 ffff8800f17d8000 > [ 35.263681] ffffffff8188f980 0000000000000000 ffff8801f8f137d8 ffffffff815d0978 > [ 35.263681] ffff8800f17d8000 ffff8800f17d8000 0000000000001003 ffff8801f8f13810 > [ 35.263681] Call Trace: > [ 35.263681] [<ffffffff814e6505>] netvsc_open+0x25/0xb0 > [ 35.263681] [<ffffffff815d0978>] __dev_open+0x98/0x110 > [ 35.263681] [<ffffffff815d0c79>] __dev_change_flags+0xb9/0x160 > [ 35.263681] [<ffffffff815d0d49>] dev_change_flags+0x29/0x60 > [ 35.263681] [<ffffffff815e1415>] do_setlink+0x2d5/0xa60 > [ 35.263681] [<ffffffff811a4ac1>] ? deactivate_slab+0x1c1/0x500 > [ 35.263681] [<ffffffff815e23ad>] rtnl_newlink+0x49d/0x760 > [ 35.263681] [<ffffffff815e202f>] ? rtnl_newlink+0x11f/0x760 > [ 35.263681] [<ffffffff815bc800>] ? __alloc_skb+0x70/0x240 > [ 35.263681] [<ffffffff81010a0b>] ? save_stack_trace+0x2b/0x50 > [ 35.263681] [<ffffffff815de8c1>] rtnetlink_rcv_msg+0x221/0x260 > [ 35.263681] [<ffffffff810b980d>] ? trace_hardirqs_on+0xd/0x10 > [ 35.263681] [<ffffffff815de67b>] ? rtnetlink_rcv+0x1b/0x40 > [ 35.263681] [<ffffffff815de6a0>] ? rtnetlink_rcv+0x40/0x40 > [ 35.263681] [<ffffffff815fc4b5>] netlink_rcv_skb+0x65/0xb0 > [ 35.263681] [<ffffffff815de68a>] rtnetlink_rcv+0x2a/0x40 > [ 35.263681] [<ffffffff815fa5ec>] netlink_unicast+0xcc/0x1a0 > [ 35.263681] [<ffffffff815fb3ee>] netlink_sendmsg+0x6de/0x750 > [ 35.263681] [<ffffffff815b3dd8>] sock_sendmsg+0x88/0xb0 > [ 35.263681] [<ffffffff81184e9a>] ? might_fault+0x5a/0xb0 > [ 35.263681] [<ffffffff81184ee3>] ? might_fault+0xa3/0xb0 > [ 35.263681] [<ffffffff81184e9a>] ? might_fault+0x5a/0xb0 > [ 35.263681] [<ffffffff815c26cd>] ? verify_iovec+0x7d/0xf0 > [ 35.263681] [<ffffffff815b41e6>] ___sys_sendmsg+0x296/0x2b0 > [ 35.263681] [<ffffffff8118356d>] ? handle_mm_fault+0x69d/0x12a0 > [ 35.263681] [<ffffffff810403e3>] ? __do_page_fault+0x1c3/0x4f0 > [ 35.263681] [<ffffffff810b6a5f>] ? up_read+0x1f/0x40 > [ 35.263681] [<ffffffff8104064c>] ? __do_page_fault+0x42c/0x4f0 > [ 35.263681] [<ffffffff811e1f15>] ? mntput_no_expire+0x65/0x170 > [ 35.263681] [<ffffffff811e1eb5>] ? mntput_no_expire+0x5/0x170 > [ 35.263681] [<ffffffff811e27c5>] ? mntput+0x35/0x40 > [ 35.263681] [<ffffffff811c3022>] ? __fput+0x1b2/0x1d0 > [ 35.263681] [<ffffffff815b5172>] __sys_sendmsg+0x42/0x70 > [ 35.263681] [<ffffffff815b51ae>] SyS_sendmsg+0xe/0x10 > [ 35.263681] [<ffffffff816a2d29>] system_call_fastpath+0x16/0x1b > [ 35.263681] Code: 41 5e 41 5f 5d c3 66 0f 1f 44 00 00 66 66 66 66 90 48 8b 87 20 01 00 00 48 85 c0 74 2f 55 48 89 e5 53 48 8b 98 40 02 00 00 31 c0 <83> 7b 08 02 75 2b be 0d 00 00 00 48 89 df e8 9e f9 ff ff 85 c0 > [ 35.263681] RIP [<ffffffff814e9fef>] rndis_filter_open+0x1f/0x60 > [ 35.263681] RSP <ffff8801f8f13780> > [ 35.264682] ---[ end trace 91f7878e7e46f8d5 ]--- K. Y: Are the above on your radar? Only Daniel has investigated the original BUG and there's been no follow up on the GPF... -- Sitsofe | http://sucs.org/~sits/ _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel