From owner-freebsd-net@freebsd.org Sat Dec 1 13:22:12 2018
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 64A321317B5D
for <freebsd-net@mailman.ysv.freebsd.org>;
Sat, 1 Dec 2018 13:22:12 +0000 (UTC)
(envelope-from bugzilla-noreply@freebsd.org)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
[IPv6:2001:1900:2254:206a::50:5])
by mx1.freebsd.org (Postfix) with ESMTP id D8A7B831B3
for <freebsd-net@freebsd.org>; Sat, 1 Dec 2018 13:22:11 +0000 (UTC)
(envelope-from bugzilla-noreply@freebsd.org)
Received: by mailman.ysv.freebsd.org (Postfix)
id 96E781317B42; Sat, 1 Dec 2018 13:22:11 +0000 (UTC)
Delivered-To: net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7493B1317B39
for <net@mailman.ysv.freebsd.org>; Sat, 1 Dec 2018 13:22:11 +0000 (UTC)
(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org
[IPv6:2001:1900:2254:206a::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
(Client CN "mxrelay.ysv.freebsd.org",
Issuer "Let's Encrypt Authority X3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 11A26831AE
for <net@FreeBSD.org>; Sat, 1 Dec 2018 13:22:11 +0000 (UTC)
(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 46E231B9D4
for <net@FreeBSD.org>; Sat, 1 Dec 2018 13:22:10 +0000 (UTC)
(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id wB1DMAN3046469
for <net@FreeBSD.org>; Sat, 1 Dec 2018 13:22:10 GMT
(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id wB1DMALg046466
for net@FreeBSD.org; Sat, 1 Dec 2018 13:22:10 GMT
(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to
bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: net@FreeBSD.org
Subject: [Bug 233341] 12.0-RC1 i386 vnet does not behave like the amd64 vnet
version.
Date: Sat, 01 Dec 2018 13:22:09 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 12.0-STABLE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: kp@freebsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution:
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: net@FreeBSD.org
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields:
Message-ID: <bug-233341-7501-g1iwEMHYk2@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-233341-7501@https.bugs.freebsd.org/bugzilla/>
References: <bug-233341-7501@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-Rspamd-Queue-Id: D8A7B831B3
X-Spamd-Result: default: False [1.29 / 15.00];
local_wl_from(0.00)[freebsd.org];
NEURAL_SPAM_LONG(0.57)[0.567,0];
NEURAL_SPAM_MEDIUM(0.51)[0.511,0];
ASN(0.00)[asn:10310, ipnet:2001:1900:2254::/48, country:US];
NEURAL_SPAM_SHORT(0.21)[0.209,0]
X-Rspamd-Server: mx1.freebsd.org
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Dec 2018 13:22:12 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D233341
--- Comment #10 from Kristof Provost <kp@freebsd.org> ---
A simple kldload pflog / kldunload pflog is sufficient to provoke this on i=
386,
but not on amd64.
The panic happens trying to access V_pflogifs in pflog_clone_destroy():
#15 0x224022c0 in pflog_clone_destroy (ifp=3D0x22fc7800) at
/usr/src/sys/netpfil/pf/if_pflog.c:149
149 if (V_pflogifs[i] =3D=3D ifp)
(kgdb) info registers
eax 0xffffffc0 -64
ecx 0x7597b08 123304712
edx 0x2 2
ebx 0x9aa7680 162166400
esp 0x0 0x0
ebp 0x1db26acc 0x1db26acc
esi 0x22fc7800 586971136
edi 0x22fc7800 586971136
eip 0x224022c0 0x224022c0
eflags 0x210246 2163270
cs 0x20 32
ss 0x0 0
ds 0x28 40
es 0x28 40
fs 0x8 8
gs 0x0 0
(kgdb) disassemble
Dump of assembler code for function pflog_clone_destroy:
0x224022a0 <pflog_clone_destroy+0>: push %ebp
0x224022a1 <pflog_clone_destroy+1>: mov %esp,%ebp
0x224022a3 <pflog_clone_destroy+3>: push %esi
0x224022a4 <pflog_clone_destroy+4>: push %eax
0x224022a5 <pflog_clone_destroy+5>: mov $0xffffffc0,%eax
0x224022aa <pflog_clone_destroy+10>: mov 0x8(%ebp),%esi
0x224022ad <pflog_clone_destroy+13>: nop
0x224022ae <pflog_clone_destroy+14>: nop
0x224022af <pflog_clone_destroy+15>: nop
0x224022b0 <pflog_clone_destroy+16>: mov %fs:0x0,%ecx
0x224022b7 <pflog_clone_destroy+23>: mov 0x31c(%ecx),%ecx
0x224022bd <pflog_clone_destroy+29>: mov 0x1c(%ecx),%ecx
0x224022c0 <pflog_clone_destroy+32>: cmp %esi,0x22403140(%ecx,%eax,1)
<-------------
0x224022c7 <pflog_clone_destroy+39>: je 0x224022d0
<pflog_clone_destroy+48>
0x224022c9 <pflog_clone_destroy+41>: add $0x4,%eax
Strangely, adding a printf("KP: %d\n", i); just before that prevents it from
panicking. With that printf() the module unloads just fine. Disassembling t=
hat
version shows:
for (i =3D 0; i < PFLOGIFS_MAX; i++) {
printf("KP %d\n", i);
12b0: 89 7c 24 04 mov %edi,0x4(%esp)
12b4: c7 04 24 71 01 00 00 movl $0x171,(%esp)
12bb: e8 fc ff ff ff call 12bc <pflog_clone_destroy+0x=
1c>
12c0: 64 a1 00 00 00 00 mov %fs:0x0,%eax
if (V_pflogifs[i] =3D=3D ifp)
12c6: 8b 80 1c 03 00 00 mov 0x31c(%eax),%eax
12cc: 8b 40 1c mov 0x1c(%eax),%eax
12cf: 39 b4 b8 00 21 00 00 cmp %esi,0x2100(%eax,%edi,4)
12d6: 75 0b jne 12e3 <pflog_clone_destroy+0x=
43>
V_pflogifs[i] =3D NULL;
12d8: c7 84 b8 00 21 00 00 movl $0x0,0x2100(%eax,%edi,4)
<-------------------
12df: 00 00 00 00
static void
pflog_clone_destroy(struct ifnet *ifp)
{
int i;
for (i =3D 0; i < PFLOGIFS_MAX; i++) {
12e3: 47 inc %edi
12e4: 83 ff 10 cmp $0x10,%edi
12e7: 75 c7 jne 12b0 <pflog_clone_destroy+0x=
10>
printf("KP %d\n", i);
if (V_pflogifs[i] =3D=3D ifp)
V_pflogifs[i] =3D NULL;
As opposed to the panicking version:
for (i =3D 0; i < PFLOGIFS_MAX; i++)
if (V_pflogifs[i] =3D=3D ifp)
12b7: 8b 89 1c 03 00 00 mov 0x31c(%ecx),%ecx
12bd: 8b 49 1c mov 0x1c(%ecx),%ecx
12c0: 39 b4 01 40 21 00 00 cmp %esi,0x2140(%ecx,%eax,1)
<--------------
12c7: 74 07 je 12d0 <pflog_clone_destroy+0x=
30>
It's almost as if there's a compiler issue here. My x86 asm foo is a bit too
weak to work out what's supposed to be happening here, and what might be wr=
ong.
--=20
You are receiving this mail because:
You are the assignee for the bug.=