From owner-svn-src-head@freebsd.org Thu May 21 13:39:27 2020 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 745C92D854F; Thu, 21 May 2020 13:39:27 +0000 (UTC) (envelope-from pho@holm.cc) Received: from relay05.pair.com (relay05.pair.com [216.92.24.67]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 49SW1p3hdjz3VhP; Thu, 21 May 2020 13:39:26 +0000 (UTC) (envelope-from pho@holm.cc) Received: from x8.osted.lan (ip-5-186-118-155.cgn.fibianet.dk [5.186.118.155]) by relay05.pair.com (Postfix) with ESMTP id F17BF1A2D63; Thu, 21 May 2020 09:39:24 -0400 (EDT) Received: from x8.osted.lan (localhost [127.0.0.1]) by x8.osted.lan (8.15.2/8.15.2) with ESMTPS id 04LDdOLr066570 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Thu, 21 May 2020 15:39:24 +0200 (CEST) (envelope-from pho@x8.osted.lan) Received: (from pho@localhost) by x8.osted.lan (8.15.2/8.15.2/Submit) id 04LDdO7Q066569; Thu, 21 May 2020 15:39:24 +0200 (CEST) (envelope-from pho) Date: Thu, 21 May 2020 15:39:24 +0200 From: Peter Holm To: Wei Hu Cc: Wei Hu , "src-committers@freebsd.org" , "svn-src-all@freebsd.org" , "svn-src-head@freebsd.org" Subject: Re: svn commit: r361275 - in head/sys: conf dev/hyperv/hvsock dev/hyperv/include dev/hyperv/vmbus modules/hyperv modules/hyperv/hvsock sys Message-ID: <20200521133924.GA66412@x8.osted.lan> References: <202005201103.04KB3xTp013965@repo.freebsd.org> <20200521122422.GA65523@x8.osted.lan> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 49SW1p3hdjz3VhP X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of pho@holm.cc has no SPF policy when checking 216.92.24.67) smtp.mailfrom=pho@holm.cc X-Spamd-Result: default: False [1.09 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.66)[-0.658]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; NEURAL_SPAM_SHORT(0.68)[0.680]; NEURAL_HAM_LONG(-0.03)[-0.033]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[freebsd.org]; AUTH_NA(1.00)[]; RCPT_COUNT_FIVE(0.00)[5]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_NA(0.00)[no SPF record]; FORGED_SENDER(0.30)[pho@freebsd.org,pho@holm.cc]; RCVD_IN_DNSWL_LOW(-0.10)[216.92.24.67:from]; RCVD_TLS_LAST(0.00)[]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:7859, ipnet:216.92.0.0/16, country:US]; MIME_TRACE(0.00)[0:+]; FROM_NEQ_ENVFROM(0.00)[pho@freebsd.org,pho@holm.cc]; RECEIVED_SPAMHAUS_PBL(0.00)[5.186.118.155:received] X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 May 2020 13:39:27 -0000 On Thu, May 21, 2020 at 01:01:18PM +0000, Wei Hu wrote: > > -----Original Message----- > > From: Peter Holm > > Sent: Thursday, May 21, 2020 8:24 PM > > To: Wei Hu > > Cc: src-committers@freebsd.org; svn-src-all@freebsd.org; svn-src- > > head@freebsd.org > > Subject: Re: svn commit: r361275 - in head/sys: conf dev/hyperv/hvsock > > dev/hyperv/include dev/hyperv/vmbus modules/hyperv > > modules/hyperv/hvsock sys > > > > On Wed, May 20, 2020 at 11:03:59AM +0000, Wei Hu wrote: > > > Author: whu > > > Date: Wed May 20 11:03:59 2020 > > > New Revision: 361275 > > > URL: > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsvnweb > > .freebsd.org%2Fchangeset%2Fbase%2F361275&data=02%7C01%7Cweh% > > 40microsoft.com%7C61c524b5022b47b2c4e108d7fd81e75f%7C72f988bf86f14 > > 1af91ab2d7cd011db47%7C1%7C0%7C637256606689750658&sdata=mw > > 4IXP3DnxICnK4U%2F8MzLbvMAzCuxih2f0waDyMSCTE%3D&reserved=0 > > > > > > Log: > > > HyperV socket implementation for FreeBSD > > > > > > This change adds Hyper-V socket feature in FreeBSD. New socket address > > > family AF_HYPERV and its kernel support are added. > > > > > > > Found this with a syscall fuzz test: > > > > panic: page fault > > cpuid = 2 > > time = 1590050529 > > KDB: stack backtrace: > > db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame > > 0xfffffe033d21d530 > > vpanic() at vpanic+0x182/frame 0xfffffe033d21d580 > > panic() at panic+0x43/frame 0xfffffe033d21d5e0 > > trap_fatal() at trap_fatal+0x387/frame 0xfffffe033d21d640 > > trap_pfault() at trap_pfault+0x99/frame 0xfffffe033d21d6a0 > > trap() at trap+0x2a5/frame 0xfffffe033d21d7b0 > > calltrap() at calltrap+0x8/frame 0xfffffe033d21d7b0 > > --- trap 0xc, rip = 0xffffffff80bcd3ba, rsp = 0xfffffe033d21d880, rbp = > > 0xfffffe033d21d910 --- > > _sx_xlock_hard() at _sx_xlock_hard+0x17a/frame 0xfffffe033d21d910 > > _sx_xlock() at _sx_xlock+0xba/frame 0xfffffe033d21d950 > > hvs_trans_close() at hvs_trans_close+0x42/frame 0xfffffe033d21d970 > > soclose() at soclose+0x161/frame 0xfffffe033d21d9e0 > > _fdrop() at _fdrop+0x1a/frame 0xfffffe033d21da00 > > closef() at closef+0x1db/frame 0xfffffe033d21da90 > > closefp() at closefp+0x96/frame 0xfffffe033d21dad0 > > amd64_syscall() at amd64_syscall+0x159/frame 0xfffffe033d21dbf0 > > fast_syscall_common() at fast_syscall_common+0x101/frame > > 0xfffffe033d21dbf0 > > --- syscall (6, FreeBSD ELF64, sys_close), rip = 0x8004283ca, rsp = 0x7fffffffe328, > > rbp = 0x7fffffffe460 --- > > > > https://nam06.safelinks.protection.outlook.com/?url=https:%2F%2Fpeople.free > > bsd.org%2F~pho%2Fstress%2Flog%2Fsetsockopt2- > > 2.txt&data=02%7C01%7Cweh%40microsoft.com%7C61c524b5022b47b2c > > 4e108d7fd81e75f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63 > > 7256606689750658&sdata=RuBmWrBv7lGnhF2IHZ5NOP2rmV0c%2BJXuk > > RZl260KSIw%3D&reserved=0 > > > > Could this be yours? > > > Yes. Looks the lock was not initialized. The lock only gets initialized when it is running > on HyperV. This type of socket only works on HyperV. > > How to reproduce it? Was it on HyperV? I am not sure how it can enter this state. > > Wei The test is syscall() fuzzing, which typically flushes out missing parameter validations. This was *not* run on HyperV. You can find the test case here: https://svnweb.freebsd.org/base/user/pho/stress2/misc/setsockopt2.sh - Peter