From owner-freebsd-bugs@freebsd.org Mon Mar 12 21:53:18 2018 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A10CFF4E536 for ; Mon, 12 Mar 2018 21:53:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1214C764D0 for ; Mon, 12 Mar 2018 21:53:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 44B7219BC2 for ; Mon, 12 Mar 2018 21:53:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w2CLrH44047126 for ; Mon, 12 Mar 2018 21:53:17 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w2CLrHlQ047125 for freebsd-bugs@FreeBSD.org; Mon, 12 Mar 2018 21:53:17 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 226562] [stable/10] backport pci/cardbus hot-remove support from FreeBSD 11 to 10 Date: Mon, 12 Mar 2018 21:53:17 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.4-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: decui@microsoft.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Mar 2018 21:53:18 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D226562 Dexuan Cui changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |decui@microsoft.com --- Comment #1 from Dexuan Cui --- How to reproduce the issue: 1. build & install a stable/10 kernel in a VM running on Windows Server 2016 with Mellanox ConnectX-3 device that supports SR-IOV:=20 2. Enable SR-IOV for the VM by assigning a VF to the VM: [root@decui-103 ~]# hn1: vmbus0: chan34 subidx0 offer got notify, nvs type 128 vmbus0: chan34 assigned to cpu0 [vcpu0] pcib1: on vmbus0 pcib0: allocated type 3 (0xfe0000000-0xfe0001fff) for rid 0 of pcib1 vmbus0: allocated type 3 (0xfe0000000-0xfe0001fff) for rid 0 of pcib1 pcib1: gpadl_conn(chan34) succeeded pcib1: chan34 opened pci1: on pcib1 pci1: domain=3D2, physical bus=3D0 found-> vendor=3D0x15b3, dev=3D0x1004, revid=3D0x00 domain=3D2, bus=3D0, slot=3D2, func=3D0 class=3D02-00-00, hdrtype=3D0x00, mfdev=3D0 cmdreg=3D0x0000, statreg=3D0x0010, cachelnsz=3D0 (dwords) lattimer=3D0x00 (0 ns), mingnt=3D0x00 (0 ns), maxlat=3D0x00 (0 ns) MSI-X supports 52 messages in map 0x18 map[18]: type Prefetchable Memory, range 64, base 0, size 23, memory disabled pci1: at device 2.0 (no driver attached) [root@decui-103 ~]# [root@decui-103 ~]# pciconf -l ... none1@pci2:0:2:0: class=3D0x020000 card=3D0x61b015b3 chip=3D0x100415b= 3 rev=3D0x00 hdr=3D0x00 3. disable the VF for the VM: [root@decui-103 ~]# pcib1: chan34 revoked hn1: pcib1: got notify, nvs type 128 chan34 detached pci1: detached pcib1: chan34 closed pcib1: detached vmbus0: chan34 freed [root@decui-103 ~]# [root@decui-103 ~]# pciconf -l ... none1@pci2:0:2:0: class=3D0x020000 card=3D0x61b015b3 chip=3D0x100415b= 3 rev=3D0x00 hdr=3D0x00 Here 'pciconf -l' should not show the VF any more while it does. 4. Repeat steps 2 and 3 a few times (usually I only need to repeat them 2~5 times), the VM will panic: Fatal trap 9: general protection fault while in kernel mode cpuid =3D 14; apic id =3D 0e instruction pointer =3D 0x20:0xffffffff809bac4a stack pointer =3D 0x28:0xfffffe00002f48d0 frame pointer =3D 0x28:0xfffffe00002f48f0 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 0 (vmbusdev) trap number =3D 9 panic: general protection fault cpuid =3D 14 KDB: stack backtrace: #0 0xffffffff809c64c0 at kdb_backtrace+0x60 #1 0xffffffff80986c86 at vpanic+0x126 #2 0xffffffff80986b53 at panic+0x43 #3 0xffffffff80da647d at trap_fatal+0x35d #4 0xffffffff80da6104 at trap+0x784 #5 0xffffffff80d8b5dc at calltrap+0x8 #6 0xffffffff809bab05 at device_delete_child+0x15 #7 0xffffffff809bab18 at device_delete_child+0x28 #8 0xffffffff80e3ad2c at hv_pci_delete_device+0x9c #9 0xffffffff80e3b113 at hv_eject_device_work+0x23 #10 0xffffffff809d7a05 at taskqueue_run_locked+0xf5 #11 0xffffffff809d8858 at taskqueue_thread_loop+0xb8 #12 0xffffffff8094d61a at fork_exit+0x9a #13 0xffffffff80d8bb1e at fork_trampoline+0xe I suspect the VM is accessing some free()'d memory when it hits the panic. --=20 You are receiving this mail because: You are the assignee for the bug.=