[Bug 280098] 9pfs panics on qemu+kvm

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 280098] 9pfs panics on qemu+kvm"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 280098] 9pfs panics on qemu+kvm"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 02 Jul 2024 20:15:39 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280098

            Bug ID: 280098
           Summary: 9pfs panics on qemu+kvm
           Product: Base System
           Version: 15.0-CURRENT
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: danilo@FreeBSD.org

I'm running FreeBSD-CURRENT on a qemu/kvm instance (managed by LXD).

FreeBSD freebsd 15.0-CURRENT FreeBSD 15.0-CURRENT #20 main-n271013-de1e91339b1:
Tue Jul  2 20:18:44 IST 2024    
root@freebsd:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64

When I load the virtio_9pfs module the system immediately panics:


Unread portion of the kernel message buffer:
virtio_p9fs0: <VirtIO 9P Transport> on virtio_pci7
panic: vtpci_modern_read_dev_config: device virtio_pci7 invalid device read
length 6 offset 2
cpuid = 1
time = 1719948130
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe006b124710
vpanic() at vpanic+0x13f/frame 0xfffffe006b124840
panic() at panic+0x43/frame 0xfffffe006b1248a0
vtpci_modern_read_dev_config() at vtpci_modern_read_dev_config+0x1e6/frame
0xfffffe006b1248f0
vt9p_attach() at vt9p_attach+0xe2/frame 0xfffffe006b124970
device_attach() at device_attach+0x3aa/frame 0xfffffe006b1249b0
vtpci_modern_probe_and_attach_child() at
vtpci_modern_probe_and_attach_child+0x7b/frame 0xfffffe006b1249e0
devclass_driver_added() at devclass_driver_added+0x29/frame 0xfffffe006b124a10
devclass_add_driver() at devclass_add_driver+0x138/frame 0xfffffe006b124a50
module_register_init() at module_register_init+0xb0/frame 0xfffffe006b124a80
linker_load_module() at linker_load_module+0xc23/frame 0xfffffe006b124d80
kern_kldload() at kern_kldload+0x16e/frame 0xfffffe006b124dd0
sys_kldload() at sys_kldload+0x5c/frame 0xfffffe006b124e00
amd64_syscall() at amd64_syscall+0x158/frame 0xfffffe006b124f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe006b124f30
--- syscall (304, FreeBSD ELF64, kldload), rip = 0x1292ad7867da, rsp =
0x1292aa5aeaa8, rbp = 0x1292aa5af020 ---



As you can see the panic happens inside vtpci_modern_read_dev_config because it
tried to read 6 bytes.
This function only accepts reading power-of-two sizes.

As far as I can tell, the intention was to use virtio_read_device_config() to
read the 9pfs tag, which is "config" in my case, so 6 bytes.

In fact, when I change the last argument (len) to 4, the device attaches and I
get:

virtio_p9fs0: <VirtIO 9P Transport> on virtio_pci7
virtio_p9fs0: Mount tag: conf

Note the mount tag "conf" missing the "ig".


This is the 9p related configuration LXD will create for qemu:

[device "dev-qemu_config-drive-9p"]                                             
driver = "virtio-9p-pci"                                                        
bus = "qemu_pcie2"                                                              
addr = "00.0"                                                                   
multifunction = "on"                                                            
mount_tag = "config"                                                            
fsdev = "qemu_config"  


Here is a backtrace from kgdb:

(kgdb) bt
#0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57
#1  doadump (textdump=textdump@entry=0) at
/usr/src/sys/kern/kern_shutdown.c:404
#2  0xffffffff8049d09a in db_dump (dummy=<optimized out>, dummy2=<optimized
out>, dummy3=<optimized out>, dummy4=<optimized out>) at
/usr/src/sys/ddb/db_command.c:595
#3  0xffffffff8049ce9d in db_command (last_cmdp=<optimized out>,
cmd_table=<optimized out>, dopager=true) at /usr/src/sys/ddb/db_command.c:508
#4  0xffffffff8049cb5d in db_command_loop () at
/usr/src/sys/ddb/db_command.c:555
#5  0xffffffff804a0616 in db_trap (type=<optimized out>, code=<optimized out>)
at /usr/src/sys/ddb/db_main.c:267
#6  0xffffffff80b9435f in kdb_trap (type=type@entry=3, code=code@entry=0,
tf=tf@entry=0xfffffe006b124650) at /usr/src/sys/kern/subr_kdb.c:790
#7  0xffffffff8105f409 in trap (frame=0xfffffe006b124650) at
/usr/src/sys/amd64/amd64/trap.c:606
#8  <signal handler called>
#9  kdb_enter (why=<optimized out>, msg=<optimized out>) at
/usr/src/sys/kern/subr_kdb.c:556
#10 0xffffffff80b44c10 in vpanic (fmt=0xffffffff812544ba "%s: device %s invalid
device read length %d offset %d", ap=ap@entry=0xfffffe006b124880) at
/usr/src/sys/kern/kern_shutdown.c:967
#11 0xffffffff80b44a93 in panic (fmt=0xffffffff81b97480 <cnputs_mtx>
"\331\f\024\201\377\377\377\377") at /usr/src/sys/kern/kern_shutdown.c:892
#12 0xffffffff8096b1b6 in vtpci_modern_read_dev_config (dev=0xfffff80001a67000,
offset=2, dst=0xfffff800011b5f40, length=6) at
/usr/src/sys/dev/virtio/pci/virtio_pci_modern.c:675
#13 0xffffffff82c08562 in vt9p_attach (dev=0xfffff80001a68e00) at
/usr/src/sys/dev/virtio/p9fs/virtio_p9fs.c:355
#14 0xffffffff80b823fa in DEVICE_ATTACH (dev=0xfffff80001a68e00) at
./device_if.h:195
#15 device_attach (dev=dev@entry=0xfffff80001a68e00) at
/usr/src/sys/kern/subr_bus.c:2548
#16 0xffffffff8096b90b in vtpci_modern_probe_and_attach_child
(sc=0xfffff80001a60800) at /usr/src/sys/dev/virtio/pci/virtio_pci_modern.c:1141
#17 0xffffffff80b7f9a9 in BUS_DRIVER_ADDED (_dev=0xfffff80001a67000,
_driver=0xffffffff82c0a2a8 <vt9p_drv>) at ./bus_if.h:210
#18 devclass_driver_added (dc=dc@entry=0xfffff8000187d480,
driver=driver@entry=0xffffffff82c0a2a8 <vt9p_drv>) at
/usr/src/sys/kern/subr_bus.c:603
#19 0xffffffff80b7f8f8 in devclass_add_driver (dc=0xfffff8000187d480,
driver=0xffffffff82c0a2a8 <vt9p_drv>, pass=2147483647, dcp=0x0) at
/usr/src/sys/kern/subr_bus.c:690
#20 0xffffffff80b1de30 in module_register_init (arg=0xffffffff82c0a260
<virtio_p9fs_virtio_pci_mod>) at /usr/src/sys/kern/kern_module.c:120
#21 0xffffffff80b0d003 in linker_file_sysinit (lf=0xfffff8000e9aac00) at
/usr/src/sys/kern/kern_linker.c:241
#22 linker_load_file (filename=0xfffff80003a8d1e0
"/boot/kernel/virtio_p9fs.ko", result=<optimized out>) at
/usr/src/sys/kern/kern_linker.c:500
#23 linker_load_module (kldname=kldname@entry=0x0,
modname=modname@entry=0xfffff80001793800 "virtio_p9fs",
parent=parent@entry=0x0, verinfo=verinfo@entry=0x0,
lfpp=lfpp@entry=0xfffffe006b124da0) at /usr/src/sys/kern/kern_linker.c:2288
#24 0xffffffff80b0ed3e in kern_kldload (td=td@entry=0xfffff8000ef48000,
file=file@entry=0xfffff80001793800 "virtio_p9fs",
fileid=fileid@entry=0xfffffe006b124de4) at /usr/src/sys/kern/kern_linker.c:1236
#25 0xffffffff80b0ee3c in sys_kldload (td=0xfffff8000ef48000, uap=<optimized
out>) at /usr/src/sys/kern/kern_linker.c:1259
#26 0xffffffff81060818 in syscallenter (td=0xfffff8000ef48000) at
/usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:189
#27 amd64_syscall (td=0xfffff8000ef48000, traced=0) at
/usr/src/sys/amd64/amd64/trap.c:1192


Let me know if more information is needed.

-- 
You are receiving this mail because:
You are the assignee for the bug.