> -----Original Message----- > From: Sitsofe Wheeler [mailto:sitsofe@xxxxxxxxx] > Sent: Monday, August 25, 2014 11:48 AM > To: KY Srinivasan > Cc: Daniel Borkmann; David Miller; Haiyang Zhang; > devel@xxxxxxxxxxxxxxxxxxxxxx; netdev@xxxxxxxxxxxxxxx; linux- > kernel@xxxxxxxxxxxxxxx; Jesper Dangaard Brouer; Greg Kroah-Hartman > Subject: Re: BUG: unable to handle kernel paging request at > ffff8801f3febe63 (netvsc_select_queue) > > On Tue, Aug 19, 2014 at 12:40:53PM +0100, Sitsofe Wheeler wrote: > > On Tue, Aug 19, 2014 at 10:57:30AM +0200, Daniel Borkmann wrote: > > > On 08/19/2014 10:15 AM, Sitsofe Wheeler wrote: > > > >After a variety of issues on Hyper-V (host is running Windows 2012 > > > >R2) I updated to the latest kernel (3.17-rc1 > > > >7d1311b93e58ed55f3a31cc8f94c4b8fe988a2b9), turned on a bunch of > > > >kernel validation options and booted which has resulted in a BUG > > > >being triggered (IP claims to be at netvsc_select_queue), at least > > > >one of the network cards not working and a bunch of oopses. > > > > > > > >Guest is a customised Fedora 20 cloud image. Partial dmesg output > > > >is > > > >below: > > > > > > > >[ 16.064298] input: TPPS/2 IBM TrackPoint as > /devices/platform/i8042/serio1/input/input4 > > > >[ 19.292370] BUG: unable to handle kernel paging request at > ffff8801f3febe63 > > > >[ 19.293258] IP: [<ffffffff814e69ad>] netvsc_select_queue+0x3d/0x150 > > > >[ 19.293258] PGD 2db1067 PUD 207dc0067 PMD 207c20067 PTE > 80000001f3feb060 > > > >[ 19.293258] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC > > > >[ 19.293258] CPU: 8 PID: 568 Comm: arping Not tainted 3.17.0- > rc1.x86_64 #121 > > > >[ 19.293258] Hardware name: Microsoft Corporation Virtual > Machine/Virtual Machine, BIOS 090006 05/23/2012 > > > >[ 19.293258] task: ffff8800f29326a0 ti: ffff8801f940c000 task.ti: > ffff8801f940c000 > > > >[ 19.293258] RIP: 0010:[<ffffffff814e69ad>] [<ffffffff814e69ad>] > netvsc_select_queue+0x3d/0x150 > > > >[ 19.293258] RSP: 0018:ffff8801f940fc60 EFLAGS: 00010206 > > > >[ 19.293258] RAX: 0000000000000000 RBX: ffff8800f13e5680 RCX: > 000000000000ffff > > > >[ 19.293258] RDX: ffff8801f3fdbe58 RSI: ffff8801f39b8d80 RDI: > ffff8800f13e5680 > > > >[ 19.293258] RBP: ffff8801f940fc88 R08: 000000000000002a R09: > 0000000000000000 > > > >[ 19.293258] R10: ffff8800f13e4520 R11: 000000000000000a R12: > ffff8801f39b8d80 > > > >[ 19.293258] R13: 0000000000000000 R14: ffff8801f9bf1290 R15: > ffff8801f39b8d80 > > > >[ 19.293258] FS: 00007f777b980740(0000) GS:ffff880206d00000(0000) > knlGS:0000000000000000 > > > >[ 19.293258] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > > > >[ 19.293258] CR2: ffff8801f3febe63 CR3: 00000001f3aed000 CR4: > 00000000000406e0 > > > > > Hmm, I am not really familiar with hyper-v, but it seems 5b54dac856cb > ("hyperv: > > > Add support for virtual Receive Side Scaling (vRSS)") has been > > > introduced after > > > 0fd5d57ba345 ("packet: check for ndo_select_queue during queue > selection"). > > > > > > arping seems to send a raw packet (AF_PACKET) via normal > > > packet_sendmsg() out and when doing the queue selection in > > > packet_pick_tx_queue(), we discover that the device has > > > ndo_select_queue implemented, so we respect that and call into it. > > > In netvsc_select_queue(), the fallback of __packet_pick_tx_queue() is > not being invoked here. > > > > > > Given that the next log message is "hv_netvsc vmbus_0_15: net device > > > safe to remove" ... could it be that your back pointer to the device > > > context (the actual struct hv_device) is already invalid when you > > > try to get hv_get_drvdata(hdev) as it's sort of decoupled from > > > netdev_priv(ndev) ? (Just a wild guess ...) > > > > Thanks for investigating! After setting DEBUG_PAGEALLOC=n I'm now > > getting a GPF with an IP of rndis_filter_open: > > > > [ 28.255083] EXT4-fs (sdb1): mounted filesystem with ordered data mode. > Opts: (null) > > [ 28.531276] systemd-journald[366]: Received request to flush runtime > journal from PID 1 > > [ 29.401494] hv_utils: KVP: user-mode registering done. > > [ 34.628072] hv_netvsc vmbus_0_15: net device safe to remove > > [ 34.676573] hv_netvsc: hv_netvsc channel opened successfully > > [ 34.860292] hv_netvsc vmbus_0_15 eth1: unable to establish send > buffer's gpadl > > [ 34.948983] hv_netvsc vmbus_0_15 eth1: unable to connect to NetVSP - 4 > > [ 35.073575] general protection fault: 0000 [#1] SMP > > [ 35.097981] CPU: 8 PID: 678 Comm: ip Not tainted 3.17.0-rc1.x86_64 #124 > > [ 35.097981] Hardware name: Microsoft Corporation Virtual > Machine/Virtual Machine, BIOS 090006 05/23/2012 > > [ 35.097981] task: ffff8801f49f1350 ti: ffff8801f8f10000 task.ti: > ffff8801f8f10000 > > [ 35.263681] RIP: 0010:[<ffffffff814e9fef>] [<ffffffff814e9fef>] > rndis_filter_open+0x1f/0x60 > > [ 35.263681] RSP: 0018:ffff8801f8f13780 EFLAGS: 00010246 > > [ 35.263681] RAX: 0000000000000000 RBX: 6b6b6b6b6b6b6b6b RCX: > 0000000000000006 > > [ 35.263681] RDX: 0000000000000006 RSI: ffff8801f49f1a90 RDI: > ffff8801fbb8d480 > > [ 35.263681] RBP: ffff8801f8f13788 R08: 0000000000000000 R09: > 0000000000000000 > > [ 35.263681] R10: 0000000000000001 R11: 0000000000000001 R12: > ffff8801fbb8d480 > > [ 35.263681] R13: 0000000000000000 R14: 0000000000000000 R15: > 0000000000000001 > > [ 35.263681] FS: 00007ff9ce3aa740(0000) GS:ffff880207d00000(0000) > knlGS:0000000000000000 > > [ 35.263681] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > > [ 35.263681] CR2: 00007fff85779b10 CR3: 00000001f4244000 CR4: > 00000000000406e0 > > [ 35.263681] Stack: > > [ 35.263681] ffff8800f17d8000 ffff8801f8f137b0 ffffffff814e6505 > ffff8800f17d8000 > > [ 35.263681] ffffffff8188f980 0000000000000000 ffff8801f8f137d8 > ffffffff815d0978 > > [ 35.263681] ffff8800f17d8000 ffff8800f17d8000 0000000000001003 > ffff8801f8f13810 > > [ 35.263681] Call Trace: > > [ 35.263681] [<ffffffff814e6505>] netvsc_open+0x25/0xb0 > > [ 35.263681] [<ffffffff815d0978>] __dev_open+0x98/0x110 > > [ 35.263681] [<ffffffff815d0c79>] __dev_change_flags+0xb9/0x160 > > [ 35.263681] [<ffffffff815d0d49>] dev_change_flags+0x29/0x60 > > [ 35.263681] [<ffffffff815e1415>] do_setlink+0x2d5/0xa60 > > [ 35.263681] [<ffffffff811a4ac1>] ? deactivate_slab+0x1c1/0x500 > > [ 35.263681] [<ffffffff815e23ad>] rtnl_newlink+0x49d/0x760 > > [ 35.263681] [<ffffffff815e202f>] ? rtnl_newlink+0x11f/0x760 > > [ 35.263681] [<ffffffff815bc800>] ? __alloc_skb+0x70/0x240 > > [ 35.263681] [<ffffffff81010a0b>] ? save_stack_trace+0x2b/0x50 > > [ 35.263681] [<ffffffff815de8c1>] rtnetlink_rcv_msg+0x221/0x260 > > [ 35.263681] [<ffffffff810b980d>] ? trace_hardirqs_on+0xd/0x10 > > [ 35.263681] [<ffffffff815de67b>] ? rtnetlink_rcv+0x1b/0x40 > > [ 35.263681] [<ffffffff815de6a0>] ? rtnetlink_rcv+0x40/0x40 > > [ 35.263681] [<ffffffff815fc4b5>] netlink_rcv_skb+0x65/0xb0 > > [ 35.263681] [<ffffffff815de68a>] rtnetlink_rcv+0x2a/0x40 > > [ 35.263681] [<ffffffff815fa5ec>] netlink_unicast+0xcc/0x1a0 > > [ 35.263681] [<ffffffff815fb3ee>] netlink_sendmsg+0x6de/0x750 > > [ 35.263681] [<ffffffff815b3dd8>] sock_sendmsg+0x88/0xb0 > > [ 35.263681] [<ffffffff81184e9a>] ? might_fault+0x5a/0xb0 > > [ 35.263681] [<ffffffff81184ee3>] ? might_fault+0xa3/0xb0 > > [ 35.263681] [<ffffffff81184e9a>] ? might_fault+0x5a/0xb0 > > [ 35.263681] [<ffffffff815c26cd>] ? verify_iovec+0x7d/0xf0 > > [ 35.263681] [<ffffffff815b41e6>] ___sys_sendmsg+0x296/0x2b0 > > [ 35.263681] [<ffffffff8118356d>] ? handle_mm_fault+0x69d/0x12a0 > > [ 35.263681] [<ffffffff810403e3>] ? __do_page_fault+0x1c3/0x4f0 > > [ 35.263681] [<ffffffff810b6a5f>] ? up_read+0x1f/0x40 > > [ 35.263681] [<ffffffff8104064c>] ? __do_page_fault+0x42c/0x4f0 > > [ 35.263681] [<ffffffff811e1f15>] ? mntput_no_expire+0x65/0x170 > > [ 35.263681] [<ffffffff811e1eb5>] ? mntput_no_expire+0x5/0x170 > > [ 35.263681] [<ffffffff811e27c5>] ? mntput+0x35/0x40 > > [ 35.263681] [<ffffffff811c3022>] ? __fput+0x1b2/0x1d0 > > [ 35.263681] [<ffffffff815b5172>] __sys_sendmsg+0x42/0x70 > > [ 35.263681] [<ffffffff815b51ae>] SyS_sendmsg+0xe/0x10 > > [ 35.263681] [<ffffffff816a2d29>] system_call_fastpath+0x16/0x1b > > [ 35.263681] Code: 41 5e 41 5f 5d c3 66 0f 1f 44 00 00 66 66 66 66 90 48 8b 87 > 20 01 00 00 48 85 c0 74 2f 55 48 89 e5 53 48 8b 98 40 02 00 00 31 c0 <83> 7b 08 > 02 75 2b be 0d 00 00 00 48 89 df e8 9e f9 ff ff 85 c0 > > [ 35.263681] RIP [<ffffffff814e9fef>] rndis_filter_open+0x1f/0x60 > > [ 35.263681] RSP <ffff8801f8f13780> > > [ 35.264682] ---[ end trace 91f7878e7e46f8d5 ]--- > > K. Y: Are the above on your radar? Only Daniel has investigated the original > BUG and there's been no follow up on the GPF... I will look at this as well. K. Y > > -- > Sitsofe | http://sucs.org/~sits/ _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel