From nobody Wed Nov  5 21:07:20 2025
X-Original-To: virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4d1yZJ62rzz659XX
	for <virtualization@mlmmj.nyi.freebsd.org>; Wed, 05 Nov 2025 21:07:20 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4d1yZJ5PSgz3CXx
	for <virtualization@FreeBSD.org>; Wed, 05 Nov 2025 21:07:20 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1762376840;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=J4hY0YeynHaDXWGxQ0i8uB+ZCD8mVcIeszaNlvm6kio=;
	b=kItVQG0rsMrLUm8IUxITDIuzNNOIIZFwPrJ519teEhePqyXGuKUZ6NaZlv6dCJ7UG5V5vJ
	BlbcF8pWG5xl74TfpuJ8d6IUocssCJrN0vYUz4FH/Q/vRKABMBISnTAtGAt4w7EV+tlRA3
	kd2mCkCuCnhA4v5mQBiP7ZMENlgrDZShrNCmccwTdgxiYyTI/Hxwzx3uPWljpTeBh9r+7g
	t+WC35k9VlSXHt+pjsrtPmPRpXGbD79nd2J2XGnyCSVPvGGwUoeVt3MgeiI7a+1X5F2vgv
	yZjGE3VPU5OI5Gwxs0mk29BPpn3hw4hvWc4qp58VOg7T7ozvcrZmXTx1XkRCwA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1762376840;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=J4hY0YeynHaDXWGxQ0i8uB+ZCD8mVcIeszaNlvm6kio=;
	b=BmNDpalH2Kf7vaY8jglXH8RvZnFVXLRcTz76SC7mUOakJ3iSTLg/JZEnzH6Ib3PzJYRdvN
	vG4IP26r8ON5ZwI/C5scc18hq0sKPf0q5sZukMFhqpnH6dawJzC86NLXyxd6uwnvL0sOLS
	cQEoFDlavVJTHmXwB8O8x12D2mhoUhjECjO6ACbjFxf7EmXc688yJJ4TWvRLOBGojLbMLg
	0/o5ByZw/i6aJUl99Q8MEApeP/ys8+lx802er5m7MGI6PZegRWpQ0CX3iGiWwWoT45m7I0
	2qlGo18DuWj1cpL2MnLfA3xSy/XqvW5xBxdZlGv+gLdYJ1l99M33Y8zqq6Tdtw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1762376840; a=rsa-sha256; cv=none;
	b=xnXfMxp1/Sl73zjLyptA03i/H4kFAZgAtfT9+3jpTPtmyd6qMqJ74M+ZBrcjYiexGEerF1
	nVrcJlEGI16/4eedo4XztVJImr8/2Ycqvb3d1yA1t7sNovp/38iviNm2qGcJ3pdQkgP1yx
	zOVCcDRdYZxF0+VM5OaPJ0amd6OMj7aimZJwLt9KqdRsH4QJ57WgAbE+yLN4CGvdH3GfgO
	8R78eA0v0uuTQfd6wP0zKSEryECG9JKfkfvYwoTArVULkehRX9DxGLGNs/Rl9DhvYNL5Gy
	XXPoFGgH2ziH+2946Ba4Q03ivWMJqsTHYgJXArxiMPUB24YOeBTTq01GzxqBFQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4d1yZJ4txgz10gC
	for <virtualization@FreeBSD.org>; Wed, 05 Nov 2025 21:07:20 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 5A5L7Kt8006854
	for <virtualization@FreeBSD.org>; Wed, 5 Nov 2025 21:07:20 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 5A5L7KRj006853
	for virtualization@FreeBSD.org; Wed, 5 Nov 2025 21:07:20 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: virtualization@FreeBSD.org
Subject: [Bug 290098] bhyve crashes when trying to run a 9front VM
Date: Wed, 05 Nov 2025 21:07:20 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bhyve
X-Bugzilla-Version: 15.0-STABLE
X-Bugzilla-Keywords: crash
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: bakul@iitbombay.org
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: virtualization@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-290098-27103-XVQr786j8H@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-290098-27103@https.bugs.freebsd.org/bugzilla/>
References: <bug-290098-27103@https.bugs.freebsd.org/bugzilla/>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D290098

--- Comment #17 from Bakul Shah <bakul@iitbombay.org> ---
Finally getting around to this.... I set a breakpoint on the line
in question and ran bhyve until the assert was triggered. I don't
know PCI or bhyve code well but happy to work with anyone to track
this down. Note also that a netbsd vm dies on the same assert.

Running bhyve under gdb I see
[Switching to LWP 252876 of process 93322]

Thread 20 "vcpu 0" hit Breakpoint 1, modify_bar_registration (pi=3D0x801e2a=
900,
    idx=3D0, registration=3D1) at /usr/src/usr.sbin/bhyve/pci_emul.c:706
706             assert(error =3D=3D 0);
(gdb) c
Continuing.

Thread 20 "vcpu 0" hit Breakpoint 1, modify_bar_registration (pi=3D0x801e2a=
c00,
    idx=3D0, registration=3D1) at /usr/src/usr.sbin/bhyve/pci_emul.c:706
706             assert(error =3D=3D 0);
(gdb)
Continuing.

Thread 20 "vcpu 0" hit Breakpoint 1, modify_bar_registration (pi=3D0x801e2a=
900,
    idx=3D0, registration=3D1) at /usr/src/usr.sbin/bhyve/pci_emul.c:706
706             assert(error =3D=3D 0);
(gdb)
Continuing.

Thread 20 "vcpu 0" hit Breakpoint 1, modify_bar_registration (pi=3D0x801e2a=
c00,
    idx=3D0, registration=3D1) at /usr/src/usr.sbin/bhyve/pci_emul.c:706
706             assert(error =3D=3D 0);
(gdb)
Continuing.

Thread 20 "vcpu 0" hit Breakpoint 1, modify_bar_registration (pi=3D0x801e2a=
900,
    idx=3D0, registration=3Dregistration@entry=3D1)
    at /usr/src/usr.sbin/bhyve/pci_emul.c:706
706             assert(error =3D=3D 0);
(gdb) c
Continuing.

Thread 20 "vcpu 0" hit Breakpoint 1, modify_bar_registration (pi=3D0x801e2a=
900,
    idx=3D0, registration=3Dregistration@entry=3D1)
    at /usr/src/usr.sbin/bhyve/pci_emul.c:706
706             assert(error =3D=3D 0);
(gdb)
Continuing.

Thread 20 "vcpu 0" hit Breakpoint 1, modify_bar_registration (pi=3D0x801e2a=
c00,
    idx=3D0, registration=3Dregistration@entry=3D1)
    at /usr/src/usr.sbin/bhyve/pci_emul.c:706
706             assert(error =3D=3D 0);
(gdb)
Continuing.

Thread 20 "vcpu 0" hit Breakpoint 1, modify_bar_registration (pi=3D0x801e2a=
c00,
    idx=3D0, registration=3Dregistration@entry=3D1)
    at /usr/src/usr.sbin/bhyve/pci_emul.c:706
706             assert(error =3D=3D 0);
(gdb)
Continuing.
Assertion failed: (error =3D=3D 0), function modify_bar_registration, file
/usr/src/usr.sbin/bhyve/pci_emul.c, line 706.

Thread 20 "vcpu 0" received signal SIGABRT, Aborted.
Sent by thr_kill() from pid 93322 and user 0.
0x0000000801b409ea in thr_kill () from /lib/libsys.so.7
(gdb) where
#0  0x0000000801b409ea in thr_kill () from /lib/libsys.so.7
#1  0x00000008018c8804 in raise () from /lib/libc.so.7
#2  0x0000000801979969 in abort () from /lib/libc.so.7
#3  0x00000008018ab3f1 in __assert () from /lib/libc.so.7
#4  0x0000000001067d27 in modify_bar_registration (pi=3D0x801e2af00, idx=3D=
1,
    registration=3Dregistration@entry=3D1)
    at /usr/src/usr.sbin/bhyve/pci_emul.c:706
#5  0x00000000010679a9 in register_bar (pi=3D0x3dbcc, idx=3D6)
    at /usr/src/usr.sbin/bhyve/pci_emul.c:723
#6  0x00000000010677f6 in pci_cfgrw (in=3D<optimized out>, bus=3D<optimized=
 out>,
    slot=3D<optimized out>, func=3D<optimized out>, coff=3D<optimized out>,
    bytes=3D<optimized out>, valp=3D0x7fffddbead0c)
    at /usr/src/usr.sbin/bhyve/pci_emul.c:2367
#7  0x0000000001068134 in pci_emul_cfgdata (ctx=3D<optimized out>, in=3D252=
876,
    port=3D<optimized out>, bytes=3D0, eax=3D<optimized out>, arg=3D<optimi=
zed out>)
    at /usr/src/usr.sbin/bhyve/pci_emul.c:2468
#8  0x0000000001080a89 in emulate_inout (ctx=3D0x801e1a000, vcpu=3D0x801e0d=
060,
    vmexit=3Dvmexit@entry=3D0x7fffddbeaec8)
    at /usr/src/usr.sbin/bhyve/amd64/inout.c:222
#9  0x000000000107de50 in vmexit_inout (ctx=3D0x3dbcc, vcpu=3D0x6,
    vmrun=3D<optimized out>) at /usr/src/usr.sbin/bhyve/amd64/vmexit.c:84
#10 0x0000000001050740 in vm_loop (ctx=3D0x801e1a000, vcpu=3D0x801e0d060)
    at /usr/src/usr.sbin/bhyve/bhyverun.c:651
#11 0x000000000104f4c7 in fbsdrun_start_thread (param=3D0x801e0b040)
    at /usr/src/usr.sbin/bhyve/bhyverun.c:563
#12 0x00000008011d0d21 in ?? () from /lib/libthr.so.3
#13 0x0000000000000000 in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffddbeb000

--=20
You are receiving this mail because:
You are the assignee for the bug.=