From: Xuan Zhuo <xuanzhuo@linux.alibaba.com>
To: "Corentin Noël" <corentin.noel@collabora.com>
Cc: Greg KH <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Michael S. Tsirkin <mst@redhat.com>,
Jason Wang <jasowang@redhat.com>,
virtualization@lists.linux-foundation.org,
regressions@lists.linux.dev, Eric Dumazet <edumazet@google.com>
Subject: Re: virtio-net: kernel panic in virtio_net.c
Date: Thu, 03 Jun 2021 10:44:43 +0800 [thread overview]
Message-ID: <1622688283.7488964-1-xuanzhuo@linux.alibaba.com> (raw)
In-Reply-To: <9b894cd65f67116b5eb3b57d714f8782619c5434.camel@collabora.com>
On Wed, 02 Jun 2021 19:54:41 +0200, Corentin Noël <corentin.noel@collabora.com> wrote:
> Sure, here is the decoded trace:
>
> [ 44.523231] skbuff: skb_over_panic: text:ffffffffad1a8434 len:3762
> put:3762 head:ffff9799e6b6b000 data:ffff9799e6b6b010 tail:0xec2
> end:0xec0 dev:<NULL>
> [ 44.525254] kernel BUG at net/core/skbuff.c:110!
> [ 44.525910] invalid opcode: 0000 [#1] SMP PTI
> [ 44.526521] CPU: 2 PID: 245 Comm: llvmpipe-0 Not tainted 5.13.0-
> rc4linux-v5.13-rc4-for-mesa-ci-184862285c49.tar.bz2 #1
> [ 44.528109] Hardware name: ChromiumOS crosvm, BIOS 0
> [ 44.529243] RIP: 0010:skb_panic (net/core/skbuff.c:110)
> [ 44.530284] Code: 4f 70 50 8b 87 bc 00 00 00 50 8b 87 b8 00 00 00 50
> ff b7 c8 00 00 00 4c 8b 8f c0 00 00 00 48 c7 c7 f0 af cf ad e8 43 4c fb
> ff <0f> 0b 48 8b 14 24 48 c7 c1 20 23 b1 ad e8 ab ff ff ff 48 c7 c6 60
> All code
> ========
> 0: 4f 70 50 rex.WRXB jo 0x53
> 3: 8b 87 bc 00 00 00 mov 0xbc(%rdi),%eax
> 9: 50 push %rax
> a: 8b 87 b8 00 00 00 mov 0xb8(%rdi),%eax
> 10: 50 push %rax
> 11: ff b7 c8 00 00 00 pushq 0xc8(%rdi)
> 17: 4c 8b 8f c0 00 00 00 mov 0xc0(%rdi),%r9
> 1e: 48 c7 c7 f0 af cf ad mov $0xffffffffadcfaff0,%rdi
> 25: e8 43 4c fb ff callq 0xfffffffffffb4c6d
> 2a:* 0f 0b ud2 <-- trapping
> instruction
> 2c: 48 8b 14 24 mov (%rsp),%rdx
> 30: 48 c7 c1 20 23 b1 ad mov $0xffffffffadb12320,%rcx
> 37: e8 ab ff ff ff callq 0xffffffffffffffe7
> 3c: 48 rex.W
> 3d: c7 .byte 0xc7
> 3e: c6 (bad)
> 3f: 60 (bad)
>
> Code starting with the faulting instruction
> ===========================================
> 0: 0f 0b ud2
> 2: 48 8b 14 24 mov (%rsp),%rdx
> 6: 48 c7 c1 20 23 b1 ad mov $0xffffffffadb12320,%rcx
> d: e8 ab ff ff ff callq 0xffffffffffffffbd
> 12: 48 rex.W
> 13: c7 .byte 0xc7
> 14: c6 (bad)
> 15: 60 (bad)
> [ 44.533988] RSP: 0000:ffffa651c134fc20 EFLAGS: 00010246
> [ 44.534723] RAX: 000000000000008b RBX: 0000000000000010 RCX:
> 00000000ffffdfff
> [ 44.535772] RDX: 0000000000000000 RSI: 00000000ffffffea RDI:
> 0000000000000000
> [ 44.536693] RBP: ffffd77b009adac0 R08: ffffffffadf44b08 R09:
> 0000000000009ffb
> [ 44.537569] R10: 00000000ffffe000 R11: 3fffffffffffffff R12:
> ffff979ad2aa5600
> [ 44.538449] R13: 0000000000000000 R14: ffff9799e6b6b000 R15:
> 0000000000000eb2
> [ 44.539300] FS: 00007fdb9cb11700(0000) GS:ffff979aebd00000(0000)
> knlGS:0000000000000000
> [ 44.540376] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 44.541103] CR2: 00007f99099f4024 CR3: 0000000129558005 CR4:
> 0000000000370ee0
> [ 44.542057] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
> 0000000000000000
> [ 44.543063] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
> 0000000000000400
> [ 44.544063] Call Trace:
> [ 44.544385] skb_put.cold (net/core/skbuff.c:5254 (discriminator 1)
> net/core/skbuff.c:5252 (discriminator 1))
> [ 44.544864] page_to_skb (drivers/net/virtio_net.c:485)
> [ 44.545361] receive_buf (drivers/net/virtio_net.c:849
> drivers/net/virtio_net.c:1131)
> [ 44.545870] ? netif_receive_skb_list_internal (net/core/dev.c:5714)
> [ 44.546628] ? dev_gro_receive (net/core/dev.c:6103)
> [ 44.547135] ? napi_complete_done (./include/linux/list.h:35
> net/core/dev.c:5867 net/core/dev.c:5862 net/core/dev.c:6565)
> [ 44.547672] virtnet_poll (drivers/net/virtio_net.c:1427
> drivers/net/virtio_net.c:1525)
> [ 44.548251] __napi_poll (net/core/dev.c:6985)
> [ 44.548744] net_rx_action (net/core/dev.c:7054 net/core/dev.c:7139)
> [ 44.549264] __do_softirq (./arch/x86/include/asm/jump_label.h:19
> ./include/linux/jump_label.h:200 ./include/trace/events/irq.h:142
> kernel/softirq.c:560)
> [ 44.549762] irq_exit_rcu (kernel/softirq.c:433 kernel/softirq.c:637
> kernel/softirq.c:649)
> [ 44.551384] common_interrupt (arch/x86/kernel/irq.c:240
> (discriminator 13))
> [ 44.551991] ? asm_common_interrupt
> (./arch/x86/include/asm/idtentry.h:638)
> [ 44.552654] asm_common_interrupt
> (./arch/x86/include/asm/idtentry.h:638)
> [ 44.553276] RIP: 0033:0x7fdb981a82e4
> [ 44.553809] Code: d2 48 63 f6 c4 41 7a 6f 0c 01 c4 41 7a 6f 14 09 c4
> 41 7a 6f 24 11 c4 41 7a 6f 2c 31 c4 c1 31 6a c2 c4 c1 19 6a d5 c5 f9 6c
> f2 <c5> 79 6d c2 c5 f9 71 d6 08 c5 f9 db 44 24 20 c5 c1 71 f6 0b c5 f9
> All code
> ========
> 0: d2 48 63 rorb %cl,0x63(%rax)
> 3: f6 c4 41 test $0x41,%ah
> 6: 7a 6f jp 0x77
> 8: 0c 01 or $0x1,%al
> a: c4 41 7a 6f 14 09 vmovdqu (%r9,%rcx,1),%xmm10
> 10: c4 41 7a 6f 24 11 vmovdqu (%r9,%rdx,1),%xmm12
> 16: c4 41 7a 6f 2c 31 vmovdqu (%r9,%rsi,1),%xmm13
> 1c: c4 c1 31 6a c2 vpunpckhdq %xmm10,%xmm9,%xmm0
> 21: c4 c1 19 6a d5 vpunpckhdq %xmm13,%xmm12,%xmm2
> 26: c5 f9 6c f2 vpunpcklqdq %xmm2,%xmm0,%xmm6
> 2a:* c5 79 6d c2 vpunpckhqdq %xmm2,%xmm0,%xmm8
> <-- trapping instruction
> 2e: c5 f9 71 d6 08 vpsrlw $0x8,%xmm6,%xmm0
> 33: c5 f9 db 44 24 20 vpand 0x20(%rsp),%xmm0,%xmm0
> 39: c5 c1 71 f6 0b vpsllw $0xb,%xmm6,%xmm7
> 3e: c5 .byte 0xc5
> 3f: f9 stc
>
> Code starting with the faulting instruction
> ===========================================
> 0: c5 79 6d c2 vpunpckhqdq %xmm2,%xmm0,%xmm8
> 4: c5 f9 71 d6 08 vpsrlw $0x8,%xmm6,%xmm0
> 9: c5 f9 db 44 24 20 vpand 0x20(%rsp),%xmm0,%xmm0
> f: c5 c1 71 f6 0b vpsllw $0xb,%xmm6,%xmm7
> 14: c5 .byte 0xc5
> 15: f9 stc
> [ 44.556477] RSP: 002b:00007fdb9cb10240 EFLAGS: 00000202
> [ 44.557224] RAX: 0000000000122d40 RBX: 00007fdb5f9e8790 RCX:
> 0000000000122d40
> [ 44.558200] RDX: 0000000000122d40 RSI: 0000000000122d40 RDI:
> 000055d7049b9368
> [ 44.559088] RBP: 00007fdb9cb10ba0 R08: 00007fdb981a5174 R09:
> 00007fdb5e544040
> [ 44.560042] R10: 000000000000ffff R11: 000000000000ffff R12:
> 0000000000000000
> [ 44.560991] R13: 0000000000000000 R14: 0000000000005000 R15:
> 0000000000000000
> [ 44.561965] Modules linked in:
> [ 44.562426] ---[ end trace 9a32eb9d31cb21a1 ]---
> [ 44.563091] RIP: 0010:skb_panic (net/core/skbuff.c:110)
> [ 44.563721] Code: 4f 70 50 8b 87 bc 00 00 00 50 8b 87 b8 00 00 00 50
> ff b7 c8 00 00 00 4c 8b 8f c0 00 00 00 48 c7 c7 f0 af cf ad e8 43 4c fb
> ff <0f> 0b 48 8b 14 24 48 c7 c1 20 23 b1 ad e8 ab ff ff ff 48 c7 c6 60
> All code
> ========
> 0: 4f 70 50 rex.WRXB jo 0x53
> 3: 8b 87 bc 00 00 00 mov 0xbc(%rdi),%eax
> 9: 50 push %rax
> a: 8b 87 b8 00 00 00 mov 0xb8(%rdi),%eax
> 10: 50 push %rax
> 11: ff b7 c8 00 00 00 pushq 0xc8(%rdi)
> 17: 4c 8b 8f c0 00 00 00 mov 0xc0(%rdi),%r9
> 1e: 48 c7 c7 f0 af cf ad mov $0xffffffffadcfaff0,%rdi
> 25: e8 43 4c fb ff callq 0xfffffffffffb4c6d
> 2a:* 0f 0b ud2 <-- trapping
> instruction
> 2c: 48 8b 14 24 mov (%rsp),%rdx
> 30: 48 c7 c1 20 23 b1 ad mov $0xffffffffadb12320,%rcx
> 37: e8 ab ff ff ff callq 0xffffffffffffffe7
> 3c: 48 rex.W
> 3d: c7 .byte 0xc7
> 3e: c6 (bad)
> 3f: 60 (bad)
>
> Code starting with the faulting instruction
> ===========================================
> 0: 0f 0b ud2
> 2: 48 8b 14 24 mov (%rsp),%rdx
> 6: 48 c7 c1 20 23 b1 ad mov $0xffffffffadb12320,%rcx
> d: e8 ab ff ff ff callq 0xffffffffffffffbd
> 12: 48 rex.W
> 13: c7 .byte 0xc7
> 14: c6 (bad)
> 15: 60 (bad)
> [ 44.566252] RSP: 0000:ffffa651c134fc20 EFLAGS: 00010246
> [ 44.567051] RAX: 000000000000008b RBX: 0000000000000010 RCX:
> 00000000ffffdfff
> [ 44.567947] RDX: 0000000000000000 RSI: 00000000ffffffea RDI:
> 0000000000000000
> [ 44.568839] RBP: ffffd77b009adac0 R08: ffffffffadf44b08 R09:
> 0000000000009ffb
> [ 44.569725] R10: 00000000ffffe000 R11: 3fffffffffffffff R12:
> ffff979ad2aa5600
> [ 44.570608] R13: 0000000000000000 R14: ffff9799e6b6b000 R15:
> 0000000000000eb2
> [ 44.571483] FS: 00007fdb9cb11700(0000) GS:ffff979aebd00000(0000)
> knlGS:0000000000000000
> [ 44.572694] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 44.573474] CR2: 00007f99099f4024 CR3: 0000000129558005 CR4:
> 0000000000370ee0
> [ 44.574531] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
> 0000000000000000
> [ 44.575597] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
> 0000000000000400
> [ 44.576618] Kernel panic - not syncing: Fatal exception in interrupt
> [ 44.577996] Kernel Offset: 0x2ba00000 from 0xffffffff81000000
> (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
>
Can you test this patch on the latest net branch?
Thanks.
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index fa407eb8b457..78a01c71a17c 100644
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -406,7 +406,7 @@ static struct sk_buff *page_to_skb(struct virtnet_info *vi,
* add_recvbuf_mergeable() + get_mergeable_buf_len()
*/
truesize = headroom ? PAGE_SIZE : truesize;
- tailroom = truesize - len - headroom;
+ tailroom = truesize - len - headroom - (hdr_padded_len - hdr_len);
buf = p - headroom;
len -= hdr_len;
next prev parent reply other threads:[~2021-06-03 2:46 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-01 16:06 virtio-net: kernel panic in virtio_net.c Corentin Noël
2021-06-01 17:07 ` Greg KH
2021-06-01 17:09 ` Corentin Noël
2021-06-01 17:47 ` Eric Dumazet
2021-06-02 2:01 ` Xuan Zhuo
2021-06-02 17:56 ` Corentin Noël
2021-06-02 17:54 ` Corentin Noël
2021-06-03 2:44 ` Xuan Zhuo [this message]
2021-06-03 8:57 ` Corentin Noël
2021-06-08 12:17 ` Greg KH
2021-06-09 1:48 ` Xuan Zhuo
2021-06-09 4:50 ` Greg KH
2021-06-09 6:08 ` Xuan Zhuo
2021-06-09 6:24 ` Greg KH
2021-06-09 7:51 ` Xuan Zhuo
2021-06-09 8:03 ` Greg KH
2021-06-09 8:08 ` Xuan Zhuo
2021-10-07 12:04 Corentin Noël
2021-10-07 13:10 ` Michael S. Tsirkin
2021-10-07 13:51 ` Eric Dumazet
2021-10-07 14:02 ` Corentin Noël
2021-10-07 14:13 ` Greg KH
2021-10-07 15:06 ` Xuan Zhuo
2021-10-07 15:25 ` Greg KH
2021-10-07 16:17 ` Xuan Zhuo
2021-10-08 8:06 ` Greg KH
2021-10-08 10:02 ` Michael S. Tsirkin
2021-10-08 12:21 ` Corentin Noël
2021-10-08 16:27 ` Xuan Zhuo
2021-10-09 5:19 ` Greg KH
2021-10-09 9:31 ` Xuan Zhuo
2021-10-08 7:59 ` Thorsten Leemhuis
2021-10-12 12:44 ` Thorsten Leemhuis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1622688283.7488964-1-xuanzhuo@linux.alibaba.com \
--to=xuanzhuo@linux.alibaba.com \
--cc=corentin.noel@collabora.com \
--cc=edumazet@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=jasowang@redhat.com \
--cc=mst@redhat.com \
--cc=regressions@lists.linux.dev \
--cc=stable@vger.kernel.org \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).