Return-Path: Received: from localhost (localhost [127.0.0.1]) by slugis (Cyrus v2.2.13-Debian-2.2.13-14.117.201112201012) with LMTPA; Tue, 09 Oct 2012 15:22:37 +0200 X-Sieve: CMU Sieve 2.2 Received: from localhost (localhost [127.0.0.1]) by slugis.knut.univention.de (Postfix) with ESMTP id 3D1AD164B116 for ; Tue, 9 Oct 2012 15:22:37 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by slugis.knut.univention.de (Postfix) with ESMTP id 31EBF164B11D for ; Tue, 9 Oct 2012 15:22:37 +0200 (CEST) X-Virus-Scanned: by amavisd-new-2.6.1 (20080629) (Debian) at knut.univention.de X-Spam-Flag: NO X-Spam-Score: -6.194 X-Spam-Level: X-Spam-Status: No, score=-6.194 tagged_above=-1000 required=3 tests=[AWL=0.404, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001] Received: from mail.univention.de ([127.0.0.1]) by localhost (slugis.knut.univention.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lyz3QX6lE-fk for ; Tue, 9 Oct 2012 15:22:37 +0200 (CEST) Received: from slugis.knut.univention.de (localhost [127.0.0.1]) by slugis.knut.univention.de (Postfix) with ESMTP id 1A1F3164B116 for ; Tue, 9 Oct 2012 15:22:34 +0200 (CEST) Delivery-Date: Tue, 09 Oct 2012 15:18:40 +0200 Received: from pop.kundenserver.de by slugis.knut.univention.de with POP3 (fetchmail-6.3.9-rc2) for (single-drop); Tue, 09 Oct 2012 15:22:34 +0200 (CEST) Received: from lists.xen.org (lists.xen.org [50.57.142.19]) by mx.kundenserver.de (node=mxeu0) with ESMTP (Nemesis) id 0M3hzR-1Tdems1oGX-00reQQ ; Tue, 09 Oct 2012 15:18:40 +0200 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TLZgG-0004VT-C8; Tue, 09 Oct 2012 13:17:04 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TLZgE-0004V8-Ea for xen-devel@lists.xensource.com; Tue, 09 Oct 2012 13:17:02 +0000 Received: from [85.158.139.83:31294] by server-13.bemta-5.messagelabs.com id 0F/B6-06496-DC324705; Tue, 09 Oct 2012 13:17:01 +0000 X-Env-Sender: Ian.Campbell@citrix.com X-Msg-Ref: server-4.tower-182.messagelabs.com!1349788620!29538369!1 X-Originating-IP: [62.200.22.115] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogNjIuMjAwLjIyLjExNSA9PiAxMTM0MjQ=\n X-StarScan-Received: X-StarScan-Version: 6.6.1.3; banners=-,-,- X-VirusChecked: Checked Received: (qmail 4121 invoked from network); 9 Oct 2012 13:17:00 -0000 Received: from smtp.eu.citrix.com (HELO SMTP.EU.CITRIX.COM) (62.200.22.115) by server-4.tower-182.messagelabs.com with RC4-SHA encrypted SMTP; 9 Oct 2012 13:17:00 -0000 X-IronPort-AV: E=Sophos;i="4.80,560,1344211200"; d="scan'208";a="15038125" Received: from lonpmailmx01.citrite.net ([10.30.203.162]) by LONPIPO01.EU.CITRIX.COM with ESMTP/TLS/RC4-MD5; 09 Oct 2012 13:17:00 +0000 Received: from [10.80.2.42] (10.80.2.42) by LONPMAILMX01.citrite.net (10.30.203.162) with Microsoft SMTP Server id 8.3.279.1; Tue, 9 Oct 2012 14:17:00 +0100 Message-ID: <1349788618.21847.170.camel@zakaz.uk.xensource.com> From: Ian Campbell To: Sander Eikelenboom Date: Tue, 9 Oct 2012 14:16:58 +0100 In-Reply-To: <1305237695.20121009130733@eikelenboom.it> References: <729626082.20121006002054@eikelenboom.it> <20121007233444.GA26929@localhost.localdomain> <1349686461.18008.18.camel@zakaz.uk.xensource.com> <120335733.20121009042424@eikelenboom.it> <1349774588.21847.105.camel@zakaz.uk.xensource.com> <1305237695.20121009130733@eikelenboom.it> Organization: Citrix Systems, Inc. X-Mailer: Evolution 3.4.3-1 MIME-Version: 1.0 Cc: Konrad Rzeszutek Wilk , "xen-devel@lists.xensource.com" , konrad Subject: Re: [Xen-devel] Kernel 3.7.0-pre-rc1 kernel BUG at drivers/net/xen-netback/netback.c:405 RIP: e030:[] [] netbk_gop_frag_copy+0x379/0x380 X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org X-UI-Loop: V01:Sb7Vl9Um3to=:lILgm65Kr8g7uvtdBaCJlOEcAVi18oMZYECdYVUf5JaG E5pNf8vUpQKqyWc11+p69Mp4S1TkvnJ3i6dDW2cPkfY6xVgHYJinogs7VqwfMlUMr8Wgn1E JMa2z9W0XmTYD/lI3nIJjQWmYMgC/NtqGT/c/BNiCZyCyOa7VwogZ9eA= Envelope-To: hahn@univention.de X-Kolab-Scheduling-Message: FALSE On Tue, 2012-10-09 at 12:07 +0100, Sander Eikelenboom wrote: > [ 199.342570] netbk_gop_frag_copy: size 5a8 offset 7102 > [ 199.342570] => 76aa > 1000 > [ 199.354626] netbk_gop_frag_copy failed: skb frag 0 page > [ 199.360930] copying from offset 7102, len 5a8 OK, this is now at least a real error. Making that last change (belt&braces) you made shouldn't really have changed anything though :-( > [ 199.366887] page:ffffea0000b0aa00 count:3 mapcount:0 mapping: (null) index:0x7f40fec00 > [ 199.373008] page flags: 0x40000000004000(head) The final 0x4000 is indeed PG_head as described, which makes this is a compound page. This could arise either from the use of transparent huge pages or via explicit __GFP_comp. It seems that the core networking stuff can generate these after 69b08f62e174 "net: use bigger pages in __netdev_alloc_frag". It's not clear to me that the r8169 driver uses those interfaces though, seems like only tg3 does currently. In any case it's not obvious how this interacts with bridging and forwarding, since even if a receiving driver can handle this sort of thing there's no guarantee that the resending driver can do so (e.g. netback can't!). This is one for netdev@ I think. I'll post there and CC you guys. > [ 199.379252] ------------[ cut here ]------------ > [ 199.385247] kernel BUG at drivers/net/xen-netback/netback.c:548! > [ 199.391334] invalid opcode: 0000 [#1] PREEMPT SMP > [ 199.397446] Modules linked in: > [ 199.403450] CPU 4 > [ 199.403500] Pid: 1183, comm: netback/4 Not tainted 3.6.0pre-rc1-20121008bisect #1 MSI MS-7640/890FXA-GD70 (MS-7640) > [ 199.415401] RIP: e030:[] [] xen_netbk_rx_action+0x89a/0x910 > [ 199.421690] RSP: e02b:ffff88003792bc20 EFLAGS: 00010282 > [ 199.428048] RAX: 0000000000000001 RBX: ffff88003197c600 RCX: 0000000000000000 > [ 199.434358] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff8800379202b0 > [ 199.440582] RBP: ffff88003792bd50 R08: 0000000000000002 R09: 0000000000000000 > [ 199.446740] R10: 0000000000000001 R11: ffff88003a26c000 R12: 0000000000000030 > [ 199.452965] R13: 0000000000000000 R14: ffff88002c2ae900 R15: 0000000000000001 > [ 199.459203] FS: 00007fcec7740700(0000) GS:ffff88003f900000(0000) knlGS:0000000000000000 > [ 199.465527] CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b > [ 199.471735] CR2: 00007fff5f59c000 CR3: 0000000001c0b000 CR4: 0000000000000660 > [ 199.477961] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > [ 199.484102] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 > [ 199.490274] Process netback/4 (pid: 1183, threadinfo ffff88003792a000, task ffff880037cec140) > [ 199.496631] Stack: > [ 199.502834] ffff88003792bd1c ffff880037cec7f0 ffff88003792bd00 ffff88003792bc80 > [ 199.509198] ffffffff00000001 00000000000005ea ffffc90010851a98 ffffc9001084cf30 > [ 199.515579] 0000000001080083 ffffc9001084cee0 0000000000000000 ffff880032b449c0 > [ 199.521944] Call Trace: > [ 199.528243] [] ? trace_hardirqs_on+0xd/0x10 > [ 199.534566] [] xen_netbk_kthread+0xba/0xa90 > [ 199.540826] [] ? try_to_wake_up+0x1b6/0x310 > [ 199.547193] [] ? wake_up_bit+0x40/0x40 > [ 199.553450] [] ? xen_netbk_tx_build_gops+0xa70/0xa70 > [ 199.559683] [] kthread+0xd6/0xe0 > [ 199.565827] [] kernel_thread_helper+0x4/0x10 > [ 199.572086] [] ? retint_restore_args+0x13/0x13 > [ 199.578268] [] ? gs_change+0x13/0x13 > [ 199.584344] Code: 00 00 00 42 8b 54 30 3c 41 8b 74 04 08 31 c0 e8 e5 37 2d 00 8b 83 c4 00 00 00 4c 03 b3 c8 00 00 00 4a 8b 7c 30 30 e8 36 24 c8 ff <0f> 0b eb fe 48 8b b3 d0 00 00 00 48 c7 c2 c0 36 47 81 48 c7 c7 > [ 199.597406] RIP [] xen_netbk_rx_action+0x89a/0x910 > [ 199.604013] RSP > [ 199.610610] ---[ end trace 03f82ac72747fb5a ]--- > [ 199.990340] device vif11.0 entered promiscuous mode > [ 200.466710] xen-blkback:ring-ref 9, event-channel 10, protocol 1 (x86_64-abi) > [ 200.476634] xen_bridge: port 11(vif11.0) entered forwarding state > [ 200.483621] xen_bridge: port 11(vif11.0) entered forwarding state > [ 200.653782] pciback 0000:03:06.0: enabling device (0000 -> 0001) > [ 200.661499] xen: registering gsi 22 triggering 0 polarity 1 > [ 200.669003] Already setup the GSI :22 > [ 200.677345] pciback 0000:03:06.0: enabling bus mastering > [ 201.267297] xen_bridge: port 9(vif9.0) entered forwarding state > [ 205.151290] tty_init_dev: 2 callbacks suppressed > [ 206.534137] device vif12.0 entered promiscuous mode > [ 206.867366] xen-blkback:ring-ref 8, event-channel 9, protocol 1 (x86_64-abi) > [ 206.877552] xen_bridge: port 12(vif12.0) entered forwarding state > [ 206.884869] xen_bridge: port 12(vif12.0) entered forwarding state > [ 208.574036] xen_bridge: port 10(vif10.0) entered forwarding state > [ 209.979799] netbk_gop_frag_copy: size 1080 offset 0 > [ 209.979799] => 1080 > 1000 > [ 209.994252] netbk_gop_frag_copy failed: skb frag 0 page > [ 210.001191] copying from offset 0, len 1080 > [ 210.008121] page:ffffea0000b0a800 count:3 mapcount:0 mapping: (null) index:0x7f40fec00 > [ 210.015124] page flags: 0x40000000004000(head) > [ 210.022122] ------------[ cut here ]------------ > [ 210.029035] kernel BUG at drivers/net/xen-netback/netback.c:548! > [ 210.035973] invalid opcode: 0000 [#2] PREEMPT SMP > [ 210.042819] Modules linked in: > [ 210.049467] CPU 0 > [ 210.049518] Pid: 1179, comm: netback/0 Tainted: G D 3.6.0pre-rc1-20121008bisect #1 MSI MS-7640/890FXA-GD70 (MS-7640) > [ 210.062788] RIP: e030:[] [] xen_netbk_rx_action+0x89a/0x910 > [ 210.069740] RSP: e02b:ffff880037923c20 EFLAGS: 00010282 > [ 210.076711] RAX: 0000000000000001 RBX: ffff880031993ae0 RCX: 0000000000000000 > [ 210.083744] RDX: ffff8800398a61e0 RSI: 0000000000000001 RDI: ffff8800379202b0 > [ 210.090801] RBP: ffff880037923d50 R08: 0000000000000002 R09: 0000000000000000 > [ 210.097787] R10: 0000000000000001 R11: ffff88003a26b330 R12: 0000000000000030 > [ 210.104759] R13: 0000000000000000 R14: ffff88002b4d8800 R15: 0000000000000001 > [ 210.111611] FS: 00007f695df80700(0000) GS:ffff88003f800000(0000) knlGS:0000000000000000 > [ 210.118570] CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b > [ 210.125586] CR2: 00007f695402e000 CR3: 0000000032a8f000 CR4: 0000000000000660 > [ 210.132677] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > [ 210.139560] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 > [ 210.146350] Process netback/0 (pid: 1179, threadinfo ffff880037922000, task ffff8800398a61e0) > [ 210.153213] Stack: > [ 210.159974] ffff880037923d1c ffff880037922010 ffff880037923d00 ffff880037923c80 > [ 210.166905] ffffffff810800b5 0000000000000662 ffffc90010824bb8 ffffc90010820050 > [ 210.173802] 0000000001080083 ffffc90010820000 0000000000000000 ffff8800375849c0 > [ 210.180780] Call Trace: > [ 210.187656] [] ? __alloc_workqueue_key+0x265/0x5d0 > [ 210.194674] [] ? trace_hardirqs_on+0xd/0x10 > [ 210.201690] [] xen_netbk_kthread+0xba/0xa90 > [ 210.208659] [] ? try_to_wake_up+0x1b6/0x310 > [ 210.215688] [] ? wake_up_bit+0x40/0x40 > [ 210.222665] [] ? xen_netbk_tx_build_gops+0xa70/0xa70 > [ 210.229651] [] kthread+0xd6/0xe0 > [ 210.236455] [] kernel_thread_helper+0x4/0x10 > [ 210.243111] [] ? retint_restore_args+0x13/0x13 > [ 210.249687] [] ? gs_change+0x13/0x13 > [ 210.256195] Code: 00 00 00 42 8b 54 30 3c 41 8b 74 04 08 31 c0 e8 e5 37 2d 00 8b 83 c4 00 00 00 4c 03 b3 c8 00 00 00 4a 8b 7c 30 30 e8 36 24 c8 ff <0f> 0b eb fe 48 8b b3 d0 00 00 00 48 c7 c2 c0 36 47 81 48 c7 c7 > [ 210.270166] RIP [] xen_netbk_rx_action+0x89a/0x910 > [ 210.276925] RSP > [ 210.284112] ---[ end trace 03f82ac72747fb5b ]--- > [ 213.634083] device vif13.0 entered promiscuous mode > [ 213.911267] xen-blkback:ring-ref 8, event-channel 9, protocol 1 (x86_64-abi) > [ 213.920749] vpn_bridge: port 1(vif13.0) entered forwarding state > [ 213.927480] vpn_bridge: port 1(vif13.0) entered forwarding state > [ 215.509632] xen_bridge: port 11(vif11.0) entered forwarding state > [ 215.825483] netbk_gop_frag_copy: size 2c1 offset 12d6 > [ 215.825483] => 1597 > 1000 > [ 215.838666] netbk_gop_frag_copy failed: skb frag 0 page > [ 215.845265] copying from offset 12d6, len 2c1 > [ 215.851790] page:ffffea0000b0a800 count:6 mapcount:0 mapping: (null) index:0x7f40fec00 > [ 215.858389] page flags: 0x40000000004000(head) > [ 215.864925] ------------[ cut here ]------------ > [ 215.871426] kernel BUG at drivers/net/xen-netback/netback.c:548! > [ 215.878069] invalid opcode: 0000 [#3] PREEMPT SMP > [ 215.884696] Modules linked in: > [ 215.891258] CPU 3 > [ 215.891308] Pid: 1182, comm: netback/3 Tainted: G D 3.6.0pre-rc1-20121008bisect #1 MSI MS-7640/890FXA-GD70 (MS-7640) > [ 215.904613] RIP: e030:[] [] xen_netbk_rx_action+0x89a/0x910 > [ 215.911538] RSP: e02b:ffff880037929c20 EFLAGS: 00010282 > [ 215.918336] RAX: 0000000000000001 RBX: ffff88002c361ee0 RCX: 0000000000000000 > [ 215.925236] RDX: ffff880037ced190 RSI: 0000000000000001 RDI: ffff8800379202b0 > [ 215.932144] RBP: ffff880037929d50 R08: 0000000000000002 R09: 0000000000000000 > [ 215.938988] R10: 0000000000000001 R11: ffff88003a26aca0 R12: 0000000000000030 > [ 215.945835] R13: 0000000000000000 R14: ffff88002b49b400 R15: 0000000000000001 > [ 215.952652] FS: 00007f695c355700(0000) GS:ffff88003f8c0000(0000) knlGS:0000000000000000 > [ 215.959476] CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b > [ 215.966165] CR2: 00007faa79583000 CR3: 0000000032a8f000 CR4: 0000000000000660 > [ 215.972789] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > [ 215.979339] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 > [ 215.985844] Process netback/3 (pid: 1182, threadinfo ffff880037928000, task ffff880037ced190) > [ 215.992486] Stack: > [ 215.999085] ffff880037929d1c ffff880037928010 ffff880037929d00 ffff880037929c80 > [ 216.005896] ffffffff810800b5 00000000000000ba ffffc900108466e0 ffffc90010841b78 > [ 216.012651] 0000000101080083 ffffc90010841b28 0000000100000000 ffff880031a869c0 > [ 216.019386] Call Trace: > [ 216.026026] [] ? __alloc_workqueue_key+0x265/0x5d0 > [ 216.032830] [] ? trace_hardirqs_on+0xd/0x10 > [ 216.039668] [] xen_netbk_kthread+0xba/0xa90 > [ 216.046435] [] ? try_to_wake_up+0x1b6/0x310 > [ 216.053094] [] ? wake_up_bit+0x40/0x40 > [ 216.059670] [] ? xen_netbk_tx_build_gops+0xa70/0xa70 > [ 216.066279] [] kthread+0xd6/0xe0 > [ 216.072817] [] kernel_thread_helper+0x4/0x10 > [ 216.079308] [] ? retint_restore_args+0x13/0x13 > [ 216.085783] [] ? gs_change+0x13/0x13 > [ 216.092234] Code: 00 00 00 42 8b 54 30 3c 41 8b 74 04 08 31 c0 e8 e5 37 2d 00 8b 83 c4 00 00 00 4c 03 b3 c8 00 00 00 4a 8b 7c 30 30 e8 36 24 c8 ff <0f> 0b eb fe 48 8b b3 d0 00 00 00 48 c7 c2 c0 36 47 81 48 c7 c7 > [ 216.106108] RIP [] xen_netbk_rx_action+0x89a/0x910 > [ 216.113118] RSP > [ 216.120011] ---[ end trace 03f82ac72747fb5c ]--- > [ 219.765094] device vif14.0 entered promiscuous mode > [ 220.062152] xen-blkback:ring-ref 8, event-channel 9, protocol 1 (x86_64-abi) > [ 220.072238] xen_bridge: port 13(vif14.0) entered forwarding state > [ 220.079416] xen_bridge: port 13(vif14.0) entered forwarding state > [ 221.912781] xen_bridge: port 12(vif12.0) entered forwarding state > [ 222.876167] netbk_gop_frag_copy: size 2c1 offset 1858 > [ 222.876167] => 1b19 > 1000 > [ 222.889279] netbk_gop_frag_copy failed: skb frag 0 page > [ 222.895959] copying from offset 1858, len 2c1 > [ 222.902484] page:ffffea0000b0a800 count:8 mapcount:0 mapping: (null) index:0x7f40fec00 > [ 222.909119] page flags: 0x40000000004000(head) > [ 222.915711] ------------[ cut here ]------------ > [ 222.922307] kernel BUG at drivers/net/xen-netback/netback.c:548! > [ 222.928950] invalid opcode: 0000 [#4] PREEMPT SMP > [ 222.935546] Modules linked in: > [ 222.942110] CPU 5 > [ 222.942161] Pid: 1184, comm: netback/5 Tainted: G D 3.6.0pre-rc1-20121008bisect #1 MSI MS-7640/890FXA-GD70 (MS-7640) > [ 222.955415] RIP: e030:[] [] xen_netbk_rx_action+0x89a/0x910 > [ 222.962350] RSP: e02b:ffff88003792dc20 EFLAGS: 00010282 > [ 222.969198] RAX: 0000000000000001 RBX: ffff88002b4f4ce0 RCX: 0000000000000000 > [ 222.976119] RDX: ffff880037ceb0f0 RSI: 0000000000000001 RDI: ffff8800379202b0 > [ 222.982987] RBP: ffff88003792dd50 R08: 0000000000000002 R09: 0000000000000000 > [ 222.989869] R10: 0000000000000001 R11: ffff88003a26b380 R12: 0000000000000030 > [ 222.996658] R13: 0000000000000000 R14: ffff88002b5a7800 R15: 0000000000000001 > [ 223.003490] FS: 00007f71c6ce2740(0000) GS:ffff88003f940000(0000) knlGS:0000000000000000 > [ 223.010257] CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b > [ 223.016868] CR2: 00007f71c66b4d15 CR3: 0000000031f46000 CR4: 0000000000000660 > [ 223.023470] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > [ 223.029999] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 > [ 223.036478] Process netback/5 (pid: 1184, threadinfo ffff88003792c000, task ffff880037ceb0f0) > [ 223.043095] Stack: > [ 223.049616] ffff88003792dd1c ffff88003792c010 ffff88003792dd00 ffff88003792dc80 > [ 223.056404] ffffffff810800b5 00000000000000ba ffffc9001085ce50 ffffc900108582e8 > [ 223.063150] 0000000101080083 ffffc90010858298 0000000100000000 ffff88002c38d9c0 > [ 223.069955] Call Trace: > [ 223.076591] [] ? __alloc_workqueue_key+0x265/0x5d0 > [ 223.083426] [] ? trace_hardirqs_on+0xd/0x10 > [ 223.090261] [] xen_netbk_kthread+0xba/0xa90 > [ 223.096990] [] ? try_to_wake_up+0x1b6/0x310 > [ 223.103620] [] ? wake_up_bit+0x40/0x40 > [ 223.110195] [] ? xen_netbk_tx_build_gops+0xa70/0xa70 > [ 223.116768] [] kthread+0xd6/0xe0 > [ 223.123312] [] kernel_thread_helper+0x4/0x10 > [ 223.129794] [] ? retint_restore_args+0x13/0x13 > [ 223.136217] [] ? gs_change+0x13/0x13 > [ 223.142658] Code: 00 00 00 42 8b 54 30 3c 41 8b 74 04 08 31 c0 e8 e5 37 2d 00 8b 83 c4 00 00 00 4c 03 b3 c8 00 00 00 4a 8b 7c 30 30 e8 36 24 c8 ff <0f> 0b eb fe 48 8b b3 d0 00 00 00 48 c7 c2 c0 36 47 81 48 c7 c7 > [ 223.156486] RIP [] xen_netbk_rx_action+0x89a/0x910 > [ 223.163337] RSP > [ 223.170212] ---[ end trace 03f82ac72747fb5d ]--- > [ 228.705439] device vif15.0 entered promiscuous mode > [ 228.880399] device vif15.0-emu entered promiscuous mode > [ 228.889286] xen_bridge: port 15(vif15.0-emu) entered forwarding state > [ 228.895546] xen_bridge: port 15(vif15.0-emu) entered forwarding state > [ 228.956267] vpn_bridge: port 1(vif13.0) entered forwarding state > [ 229.119709] pciback 0000:06:00.0: restoring config space at offset 0x3c (was 0x100, writing 0x10a) > [ 229.126644] pciback 0000:06:00.0: restoring config space at offset 0x10 (was 0x4, writing 0xf9a00004) > [ 229.133434] pciback 0000:06:00.0: restoring config space at offset 0xc (was 0x0, writing 0x10) > [ 234.170536] tty_init_dev: 15 callbacks suppressed > [ 235.092664] xen_bridge: port 13(vif14.0) entered forwarding state > [ 235.684229] device vif16.0 entered promiscuous mode > [ 235.805155] device vif16.0-emu entered promiscuous mode > [ 235.813948] xen_bridge: port 17(vif16.0-emu) entered forwarding state > [ 235.820242] xen_bridge: port 17(vif16.0-emu) entered forwarding state > [ 239.632852] xen_bridge: port 15(vif15.0-emu) entered disabled state > [ 239.641629] xen_bridge: port 15(vif15.0-emu) entered disabled state > [ 239.650288] device vif15.0-emu left promiscuous mode > [ 239.658618] xen_bridge: port 15(vif15.0-emu) entered disabled state > [ 240.982436] tty_init_dev: 15 callbacks suppressed > [ 241.386562] xen-blkback:ring-ref 8, event-channel 25, protocol 1 (x86_64-abi) > [ 241.400247] xen-blkback:ring-ref 9, event-channel 26, protocol 1 (x86_64-abi) > [ 241.454701] xen_bridge: port 14(vif15.0) entered forwarding state > [ 241.463330] xen_bridge: port 14(vif15.0) entered forwarding state > [ 246.690393] xen_bridge: port 17(vif16.0-emu) entered disabled state > [ 246.699042] xen_bridge: port 17(vif16.0-emu) entered disabled state > [ 246.708731] device vif16.0-emu left promiscuous mode > [ 246.717465] xen_bridge: port 17(vif16.0-emu) entered disabled state > [ 249.449321] xen-blkback:ring-ref 8, event-channel 25, protocol 1 (x86_64-abi) > [ 249.619531] xen_bridge: port 16(vif16.0) entered forwarding state > [ 249.628307] xen_bridge: port 16(vif16.0) entered forwarding state > [ 256.489967] xen_bridge: port 14(vif15.0) entered forwarding state > [ 264.654183] xen_bridge: port 16(vif16.0) entered forwarding state > [ 414.296535] tty_init_dev: 16 callbacks suppressed > [ 458.898093] netbk_gop_frag_copy: size 5a8 offset 3602 > [ 458.898093] => 3baa > 1000 > [ 458.920252] netbk_gop_frag_copy failed: skb frag 0 page > [ 458.928746] copying from offset 3602, len 5a8 > [ 458.937114] page:ffffea0000ada800 count:32749 mapcount:0 mapping: (null) index:0xffff88002b6a6100 > [ 458.945813] page flags: 0x40000000004000(head) > [ 458.954314] ------------[ cut here ]------------ > [ 458.962655] kernel BUG at drivers/net/xen-netback/netback.c:548! > [ 458.970929] invalid opcode: 0000 [#5] PREEMPT SMP > [ 458.979113] Modules linked in: > [ 458.987128] CPU 1 > [ 458.987178] Pid: 1180, comm: netback/1 Tainted: G D 3.6.0pre-rc1-20121008bisect #1 MSI MS-7640/890FXA-GD70 (MS-7640) > [ 459.003052] RIP: e030:[] [] xen_netbk_rx_action+0x89a/0x910 > [ 459.011121] RSP: e02b:ffff880037925c20 EFLAGS: 00010282 > [ 459.019135] RAX: 0000000000000001 RBX: ffff88002ab0bf00 RCX: 0000000000000000 > [ 459.027199] RDX: ffff8800398a30f0 RSI: 0000000000000001 RDI: ffff8800379202b0 > [ 459.035081] RBP: ffff880037925d50 R08: 0000000000000002 R09: 0000000000000000 > [ 459.042816] R10: 0000000000000001 R11: ffff88003a26bdb0 R12: 0000000000000030 > [ 459.050308] R13: 0000000000000000 R14: ffff88002b6a2e00 R15: 0000000000000001 > [ 459.057725] FS: 00007f8e25af5760(0000) GS:ffff88003f840000(0000) knlGS:0000000000000000 > [ 459.065052] CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b > [ 459.072248] CR2: 00007fe6b4d12fb0 CR3: 000000002c2f6000 CR4: 0000000000000660 > [ 459.079480] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > [ 459.086512] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 > [ 459.093386] Process netback/1 (pid: 1180, threadinfo ffff880037924000, task ffff8800398a30f0) > [ 459.100357] Stack: > [ 459.107071] ffff880037925d1c ffff880037924010 ffff880037925d00 ffff880037925c80 > [ 459.113808] ffffffff810800b5 000000000000042a ffffc9001082ff70 ffffc9001082b408 > [ 459.120494] 0000000001080083 ffffc9001082b3b8 0000000000000000 ffff8800329249c0 > [ 459.127129] Call Trace: > [ 459.133509] [] ? __alloc_workqueue_key+0x265/0x5d0 > [ 459.140118] [] ? trace_hardirqs_on+0xd/0x10 > [ 459.146604] [] xen_netbk_kthread+0xba/0xa90 > [ 459.153504] [] ? try_to_wake_up+0x1b6/0x310 > [ 459.159949] [] ? wake_up_bit+0x40/0x40 > [ 459.166431] [] ? xen_netbk_tx_build_gops+0xa70/0xa70 > [ 459.172778] [] kthread+0xd6/0xe0 > [ 459.179018] [] kernel_thread_helper+0x4/0x10 > [ 459.185291] [] ? retint_restore_args+0x13/0x13 > [ 459.191523] [] ? gs_change+0x13/0x13 > [ 459.197862] Code: 00 00 00 42 8b 54 30 3c 41 8b 74 04 08 31 c0 e8 e5 37 2d 00 8b 83 c4 00 00 00 4c 03 b3 c8 00 00 00 4a 8b 7c 30 30 e8 36 24 c8 ff <0f> 0b eb fe 48 8b b3 d0 00 00 00 48 c7 c2 c0 36 47 81 48 c7 c7 > [ 459.211184] RIP [] xen_netbk_rx_action+0x89a/0x910 > [ 459.217785] RSP > [ 459.224501] ---[ end trace 03f82ac72747fb5e ]--- > > > > > > This made me notice that offset and len in the caller are variously > > unsigned int, u16 or u32 while gop_frag_copy takes them as unsigned > > longs. None of the numbers involved here are anywhere big enough to > > cause any sort of overflow related error though. > > >> [ 197.892781] page:ffffea0000b18400 count:3 mapcount:0 mapping: (null) index:0x0 > >> [ 197.900778] page flags: 0x40000000004000(head) > >> [ 197.907074] ------------[ cut here ]------------ > >> [ 197.913345] kernel BUG at drivers/net/xen-netback/netback.c:546! > >> [ 197.919626] invalid opcode: 0000 [#1] PREEMPT SMP > >> [ 197.921573] xen_bridge: port 10(vif10.0) entered forwarding state > >> [ 197.932106] Modules linked in: > >> [ 197.938370] CPU 0 > >> [ 197.938420] Pid: 1180, comm: netback/0 Not tainted 3.6.0pre-rc1-20121008bisect #1 MSI MS-7640/890FXA-GD70 (MS-7640) > >> [ 197.951203] RIP: e030:[] [] xen_netbk_rx_action+0x89a/0x910 > >> [ 197.957775] RSP: e02b:ffff880037911c20 EFLAGS: 00010282 > >> [ 197.964290] RAX: 0000000000000001 RBX: ffff880036862ee0 RCX: 0000000000000000 > >> [ 197.970956] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff8800379102b0 > >> [ 197.977679] RBP: ffff880037911d50 R08: 0000000000000002 R09: 0000000000000000 > >> [ 197.984361] R10: 0000000000000001 R11: ffff880039925e40 R12: 0000000000000030 > >> [ 197.990958] R13: 0000000000000000 R14: ffff880031e71800 R15: 0000000000000001 > >> [ 197.997459] FS: 00007fb5dfcf7700(0000) GS:ffff88003f800000(0000) knlGS:0000000000000000 > >> [ 198.004123] CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b > >> [ 198.010827] CR2: 00007fb5d802d000 CR3: 0000000031fd3000 CR4: 0000000000000660 > >> [ 198.017534] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > >> [ 198.024168] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 > >> [ 198.030717] Process netback/0 (pid: 1180, threadinfo ffff880037910000, task ffff88003997d190) > >> [ 198.037326] Stack: > >> [ 198.043817] ffff880037911d1c ffff88003997d840 ffff880037911d00 ffff880037911c80 > >> [ 198.050573] ffffffff00000001 0000000000000662 ffffc90010824bb8 ffffc90010820050 > >> [ 198.057413] 0000000001080083 ffffc90010820000 0000000000000000 ffff880031cf09c0 > >> [ 198.064228] Call Trace: > >> [ 198.070887] [] ? trace_hardirqs_on+0xd/0x10 > >> [ 198.077604] [] xen_netbk_kthread+0xba/0xa90 > >> [ 198.084394] [] ? try_to_wake_up+0x1b6/0x310 > >> [ 198.091109] [] ? wake_up_bit+0x40/0x40 > >> [ 198.097726] [] ? xen_netbk_tx_build_gops+0xa70/0xa70 > >> [ 198.104343] [] kthread+0xd6/0xe0 > >> [ 198.111001] [] kernel_thread_helper+0x4/0x10 > >> [ 198.117737] [] ? retint_restore_args+0x13/0x13 > >> [ 198.124425] [] ? gs_change+0x13/0x13 > >> [ 198.131008] Code: 00 00 00 42 8b 54 30 3c 41 8b 74 04 08 31 c0 e8 e5 37 2d 00 8b 83 c4 00 00 00 4c 03 b3 c8 00 00 00 4a 8b 7c 30 30 e8 46 24 c8 ff <0f> 0b eb fe 48 8b b3 d0 00 00 00 48 c7 c2 c0 36 47 81 48 c7 c7 > >> [ 198.145094] RIP [] xen_netbk_rx_action+0x89a/0x910 > >> [ 198.152192] RSP > >> [ 198.159344] ---[ end trace cbdd0e4e80268fa8 ]--- > >> [ 199.703539] tty_init_dev: 2 callbacks suppressed > >> [ 200.712098] device vif12.0 entered promiscuous mode > >> [ 201.010433] xen-blkback:ring-ref 8, event-channel 9, protocol 1 (x86_64-abi) > >> [ 201.020644] xen_bridge: port 12(vif12.0) entered forwarding state > >> [ 201.027833] xen_bridge: port 12(vif12.0) entered forwarding state > >> [ 206.774576] netbk_gop_frag_copy failed: skb frag 0 page > >> [ 206.777945] device vif13.0 entered promiscuous mode > >> [ 206.788845] copying from offset 1ba4, len 2c1 > >> [ 206.795791] page:ffffea0000b18400 count:6 mapcount:0 mapping: (null) index:0x0 > >> [ 206.802771] page flags: 0x40000000004000(head) > >> [ 206.809619] ------------[ cut here ]------------ > >> [ 206.816498] kernel BUG at drivers/net/xen-netback/netback.c:546! > >> [ 206.823465] invalid opcode: 0000 [#2] PREEMPT SMP > >> [ 206.830354] Modules linked in: > >> [ 206.837176] CPU 3 > >> [ 206.837234] Pid: 1183, comm: netback/3 Tainted: G D 3.6.0pre-rc1-20121008bisect #1 MSI MS-7640/890FXA-GD70 (MS-7640) > >> [ 206.850881] RIP: e030:[] [] xen_netbk_rx_action+0x89a/0x910 > >> [ 206.857935] RSP: e02b:ffff880037917c20 EFLAGS: 00010282 > >> [ 206.864972] RAX: 0000000000000001 RBX: ffff880003313ae0 RCX: 0000000000000000 > >> [ 206.872049] RDX: ffff88003997b0f0 RSI: 0000000000000001 RDI: ffff8800379102b0 > >> [ 206.879147] RBP: ffff880037917d50 R08: 0000000000000002 R09: 0000000000000000 > >> [ 206.886242] R10: 0000000000000001 R11: ffff880039925640 R12: 0000000000000030 > >> [ 206.893163] R13: 0000000000000000 R14: ffff88002c7c4400 R15: 0000000000000001 > >> [ 206.900041] FS: 00007f800341a700(0000) GS:ffff88003f8c0000(0000) knlGS:0000000000000000 > >> [ 206.907145] CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b > >> [ 206.914126] CR2: 00007f8002b31fb0 CR3: 0000000001c0b000 CR4: 0000000000000660 > >> [ 206.921181] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > >> [ 206.927996] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 > >> [ 206.934711] Process netback/3 (pid: 1183, threadinfo ffff880037916000, task ffff88003997b0f0) > >> [ 206.941494] Stack: > >> [ 206.948105] ffff880037917d1c ffff880037916010 ffff880037917d00 ffff880037917c80 > >> [ 206.955062] ffffffff810800b5 00000000000000ba ffffc900108466e0 ffffc90010841b78 > >> [ 206.962007] 0000000101080083 ffffc90010841b28 0000000100000000 ffff88002c5bb9c0 > >> [ 206.968967] Call Trace: > >> [ 206.975830] [] ? __alloc_workqueue_key+0x265/0x5d0 > >> [ 206.982789] [] ? trace_hardirqs_on+0xd/0x10 > >> [ 206.989662] [] xen_netbk_kthread+0xba/0xa90 > >> [ 206.996570] [] ? try_to_wake_up+0x1b6/0x310 > >> [ 207.003523] [] ? wake_up_bit+0x40/0x40 > >> [ 207.010333] [] ? xen_netbk_tx_build_gops+0xa70/0xa70 > >> [ 207.017171] [] kthread+0xd6/0xe0 > >> [ 207.023890] [] kernel_thread_helper+0x4/0x10 > >> [ 207.030540] [] ? retint_restore_args+0x13/0x13 > >> [ 207.037275] [] ? gs_change+0x13/0x13 > >> [ 207.043890] Code: 00 00 00 42 8b 54 30 3c 41 8b 74 04 08 31 c0 e8 e5 37 2d 00 8b 83 c4 00 00 00 4c 03 b3 c8 00 00 00 4a 8b 7c 30 30 e8 46 24 c8 ff <0f> 0b eb fe 48 8b b3 d0 00 00 00 48 c7 c2 c0 36 47 81 48 c7 c7 > >> [ 207.057976] RIP [] xen_netbk_rx_action+0x89a/0x910 > >> [ 207.065064] RSP > >> [ 207.072056] ---[ end trace cbdd0e4e80268fa9 ]--- > >> [ 207.079366] xen-blkback:ring-ref 8, event-channel 9, protocol 1 (x86_64-abi) > >> [ 207.090256] vpn_bridge: port 1(vif13.0) entered forwarding state > >> [ 207.097403] vpn_bridge: port 1(vif13.0) entered forwarding state > >> [ 208.636257] xen_bridge: port 11(vif11.0) entered forwarding state > >> [ 211.515779] netbk_gop_frag_copy failed: skb frag 0 page > >> [ 211.522711] copying from offset 2126, len 2c1 > >> [ 211.529403] page:ffffea0000b18400 count:8 mapcount:0 mapping: (null) index:0x0 > >> [ 211.536142] page flags: 0x40000000004000(head) > >> [ 211.542942] ------------[ cut here ]------------ > >> [ 211.549664] kernel BUG at drivers/net/xen-netback/netback.c:546! > >> [ 211.556408] invalid opcode: 0000 [#3] PREEMPT SMP > >> [ 211.563168] Modules linked in: > >> [ 211.569739] CPU 4 > >> [ 211.569789] Pid: 1184, comm: netback/4 Tainted: G D 3.6.0pre-rc1-20121008bisect #1 MSI MS-7640/890FXA-GD70 (MS-7640) > >> [ 211.583126] RIP: e030:[] [] xen_netbk_rx_action+0x89a/0x910 > >> [ 211.590041] RSP: e02b:ffff880037921c20 EFLAGS: 00010282 > >> [ 211.596868] RAX: 0000000000000001 RBX: ffff8800375bc4e0 RCX: 0000000000000000 > >> [ 211.603890] RDX: ffff88003997a0a0 RSI: 0000000000000001 RDI: ffff8800379202b0 > >> [ 211.610792] RBP: ffff880037921d50 R08: 0000000000000002 R09: 0000000000000000 > >> [ 211.617608] R10: 0000000000000001 R11: ffff8800399249e0 R12: 0000000000000030 > >> [ 211.624537] R13: 0000000000000000 R14: ffff88002b98d400 R15: 0000000000000001 > >> [ 211.631302] FS: 00007f332d735740(0000) GS:ffff88003f900000(0000) knlGS:0000000000000000 > >> [ 211.638090] CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b > >> [ 211.644965] CR2: 00007f1023d22000 CR3: 0000000031fba000 CR4: 0000000000000660 > >> [ 211.651894] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > >> [ 211.658652] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 > >> [ 211.665288] Process netback/4 (pid: 1184, threadinfo ffff880037920000, task ffff88003997a0a0) > >> [ 211.671884] Stack: > >> [ 211.678376] ffff880037921d1c ffff880037920010 ffff880037921d00 ffff880037921c80 > >> [ 211.685145] ffffffff810800b5 00000000000000ba ffffc90010851a98 ffffc9001084cf30 > >> [ 211.691837] 0000000101080083 ffffc9001084cee0 0000000100000000 ffff88002c5bd9c0 > >> [ 211.698581] Call Trace: > >> [ 211.705349] [] ? __alloc_workqueue_key+0x265/0x5d0 > >> [ 211.712156] [] ? trace_hardirqs_on+0xd/0x10 > >> [ 211.718907] [] xen_netbk_kthread+0xba/0xa90 > >> [ 211.725654] [] ? try_to_wake_up+0x1b6/0x310 > >> [ 211.732369] [] ? wake_up_bit+0x40/0x40 > >> [ 211.739111] [] ? xen_netbk_tx_build_gops+0xa70/0xa70 > >> [ 211.745858] [] kthread+0xd6/0xe0 > >> [ 211.752449] [] kernel_thread_helper+0x4/0x10 > >> [ 211.758975] [] ? retint_restore_args+0x13/0x13 > >> [ 211.765575] [] ? gs_change+0x13/0x13 > >> [ 211.772016] Code: 00 00 00 42 8b 54 30 3c 41 8b 74 04 08 31 c0 e8 e5 37 2d 00 8b 83 c4 00 00 00 4c 03 b3 c8 00 00 00 4a 8b 7c 30 30 e8 46 24 c8 ff <0f> 0b eb fe 48 8b b3 d0 00 00 00 48 c7 c2 c0 36 47 81 48 c7 c7 > >> [ 211.785816] RIP [] xen_netbk_rx_action+0x89a/0x910 > >> [ 211.792586] RSP > >> [ 211.799394] ---[ end trace cbdd0e4e80268faa ]--- > >> [ 212.852714] device vif14.0 entered promiscuous mode > >> [ 213.234995] xen-blkback:ring-ref 8, event-channel 9, protocol 1 (x86_64-abi) > >> [ 213.245054] xen_bridge: port 13(vif14.0) entered forwarding state > >> [ 213.252087] xen_bridge: port 13(vif14.0) entered forwarding state > >> [ 214.691532] netbk_gop_frag_copy failed: skb frag 0 page > >> [ 214.698515] copying from offset 26a8, len 2c1 > >> [ 214.705472] page:ffffea0000b18400 count:10 mapcount:0 mapping: (null) index:0x0 > >> [ 214.712415] page flags: 0x40000000004000(head) > >> [ 214.719170] ------------[ cut here ]------------ > >> [ 214.725887] kernel BUG at drivers/net/xen-netback/netback.c:546! > >> [ 214.732563] invalid opcode: 0000 [#4] PREEMPT SMP > >> [ 214.739221] Modules linked in: > >> [ 214.745808] CPU 5 > >> [ 214.745859] Pid: 1185, comm: netback/5 Tainted: G D 3.6.0pre-rc1-20121008bisect #1 MSI MS-7640/890FXA-GD70 (MS-7640) > >> [ 214.759156] RIP: e030:[] [] xen_netbk_rx_action+0x89a/0x910 > >> [ 214.766127] RSP: e02b:ffff880037923c20 EFLAGS: 00010282 > >> [ 214.773012] RAX: 0000000000000001 RBX: ffff8800379172e0 RCX: 0000000000000000 > >> [ 214.780010] RDX: ffff880039ac8000 RSI: 0000000000000001 RDI: ffff8800379202b0 > >> [ 214.786988] RBP: ffff880037923d50 R08: 0000000000000002 R09: 0000000000000000 > >> [ 214.793870] R10: 0000000000000001 R11: ffff880039924460 R12: 0000000000000030 > >> [ 214.800812] R13: 0000000000000000 R14: ffff88002b8b4800 R15: 0000000000000001 > >> [ 214.807668] FS: 00007f236d331700(0000) GS:ffff88003f940000(0000) knlGS:0000000000000000 > >> [ 214.814545] CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b > >> [ 214.821415] CR2: 00007f236c42b6b0 CR3: 0000000039275000 CR4: 0000000000000660 > >> [ 214.828435] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > >> [ 214.835337] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 > >> [ 214.841963] Process netback/5 (pid: 1185, threadinfo ffff880037922000, task ffff880039ac8000) > >> [ 214.848655] Stack: > >> [ 214.855220] ffff880037923d1c ffff880037922010 ffff880037923d00 ffff880037923c80 > >> [ 214.861945] ffffffff810800b5 00000000000000ba ffffc9001085ce50 ffffc900108582e8 > >> [ 214.868699] 0000000101080083 ffffc90010858298 0000000100000000 ffff880031e939c0 > >> [ 214.875477] Call Trace: > >> [ 214.882247] [] ? __alloc_workqueue_key+0x265/0x5d0 > >> [ 214.889083] [] ? trace_hardirqs_on+0xd/0x10 > >> [ 214.895851] [] xen_netbk_kthread+0xba/0xa90 > >> [ 214.902612] [] ? try_to_wake_up+0x1b6/0x310 > >> [ 214.909343] [] ? wake_up_bit+0x40/0x40 > >> [ 214.916115] [] ? xen_netbk_tx_build_gops+0xa70/0xa70 > >> [ 214.922856] [] kthread+0xd6/0xe0 > >> [ 214.929527] [] kernel_thread_helper+0x4/0x10 > >> [ 214.936178] [] ? retint_restore_args+0x13/0x13 > >> [ 214.942781] [] ? gs_change+0x13/0x13 > >> [ 214.949279] Code: 00 00 00 42 8b 54 30 3c 41 8b 74 04 08 31 c0 e8 e5 37 2d 00 8b 83 c4 00 00 00 4c 03 b3 c8 00 00 00 4a 8b 7c 30 30 e8 46 24 c8 ff <0f> 0b eb fe 48 8b b3 d0 00 00 00 48 c7 c2 c0 36 47 81 48 c7 c7 > >> [ 214.963107] RIP [] xen_netbk_rx_action+0x89a/0x910 > >> [ 214.969952] RSP > >> [ 214.976802] ---[ end trace cbdd0e4e80268fab ]--- > >> [ 216.045946] xen_bridge: port 12(vif12.0) entered forwarding state > >> [ 220.405869] device vif15.0 entered promiscuous mode > >> [ 220.607946] device vif15.0-emu entered promiscuous mode > >> [ 220.625075] xen_bridge: port 15(vif15.0-emu) entered forwarding state > >> [ 220.633333] xen_bridge: port 15(vif15.0-emu) entered forwarding state > >> [ 220.890237] pciback 0000:06:00.0: restoring config space at offset 0x3c (was 0x100, writing 0x10a) > >> [ 220.898814] pciback 0000:06:00.0: restoring config space at offset 0x10 (was 0x4, writing 0xf9a00004) > >> [ 220.907406] pciback 0000:06:00.0: restoring config space at offset 0xc (was 0x0, writing 0x10) > >> [ 222.122750] vpn_bridge: port 1(vif13.0) entered forwarding state > >> [ 225.943971] tty_init_dev: 14 callbacks suppressed > >> [ 226.654618] device vif16.0 entered promiscuous mode > >> [ 226.775073] device vif16.0-emu entered promiscuous mode > >> [ 226.784025] xen_bridge: port 17(vif16.0-emu) entered forwarding state > >> [ 226.790188] xen_bridge: port 17(vif16.0-emu) entered forwarding state > >> [ 228.253024] xen_bridge: port 13(vif14.0) entered forwarding state > >> [ 229.788197] xen_bridge: port 15(vif15.0-emu) entered disabled state > >> [ 229.796826] xen_bridge: port 15(vif15.0-emu) entered disabled state > >> [ 229.805243] device vif15.0-emu left promiscuous mode > >> [ 229.813385] xen_bridge: port 15(vif15.0-emu) entered disabled state > >> [ 231.558329] xen-blkback:ring-ref 8, event-channel 25, protocol 1 (x86_64-abi) > >> [ 231.569080] xen-blkback:ring-ref 9, event-channel 26, protocol 1 (x86_64-abi) > >> [ 231.609663] xen_bridge: port 14(vif15.0) entered forwarding state > >> [ 231.617943] xen_bridge: port 14(vif15.0) entered forwarding state > >> [ 231.934347] tty_init_dev: 25 callbacks suppressed > >> > >> > >> > >> > >> > >> > >> > Ian. > >> > >> > diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c > >> > index 05593d8..ca4c47d 100644 > >> > --- a/drivers/net/xen-netback/netback.c > >> > +++ b/drivers/net/xen-netback/netback.c > >> > @@ -386,7 +386,7 @@ static struct netbk_rx_meta *get_next_rx_buffer(struct xenvif *vif, > >> > * Set up the grant operations for this fragment. If it's a flipping > >> > * interface, we also set up the unmap request from here. > >> > */ > >> > -static void netbk_gop_frag_copy(struct xenvif *vif, struct sk_buff *skb, > >> > +static int netbk_gop_frag_copy(struct xenvif *vif, struct sk_buff *skb, > >> > struct netrx_pending_operations *npo, > >> > struct page *page, unsigned long size, > >> > unsigned long offset, int *head) > >> > @@ -402,7 +402,8 @@ static void netbk_gop_frag_copy(struct xenvif *vif, struct sk_buff *skb, > >> > unsigned long bytes; > >> > > >> > /* Data must not cross a page boundary. */ > >> > - BUG_ON(size + offset > PAGE_SIZE); > >> > + if (size + offset > PAGE_SIZE) > >> > + return -1; > >> > > >> > meta = npo->meta + npo->meta_prod - 1; > >> > > >> > @@ -459,6 +460,7 @@ static void netbk_gop_frag_copy(struct xenvif *vif, struct sk_buff *skb, > >> > *head = 0; /* There must be something in this buffer now. */ > >> > > >> > } > >> > + return 0; > >> > } > >> > > >> > /* > >> > @@ -517,17 +519,31 @@ static int netbk_gop_skb(struct sk_buff *skb, > >> > if (data + len > skb_tail_pointer(skb)) > >> > len = skb_tail_pointer(skb) - data; > >> > > >> > - netbk_gop_frag_copy(vif, skb, npo, > >> > - virt_to_page(data), len, offset, &head); > >> > + if (netbk_gop_frag_copy(vif, skb, npo, > >> > + virt_to_page(data), len, offset, &head) < 0) { > >> > +printk(KERN_CRIT "netbk_gop_frag_copy failed: skb head %p-%p\n", > >> + skb->>data, skb_tail_pointer); > >> > +printk(KERN_CRIT "copying from %p-%p, offset %x, len %x\n", > >> > + data, data+len, offset, len); > >> > +dump_page(virt_to_page(data)); > >> > +BUG(); > >> > + } > >> > data += len; > >> > } > >> > > >> > for (i = 0; i < nr_frags; i++) { > >> > - netbk_gop_frag_copy(vif, skb, npo, > >> > + if (netbk_gop_frag_copy(vif, skb, npo, > >> > skb_frag_page(&skb_shinfo(skb)->frags[i]), > >> > skb_frag_size(&skb_shinfo(skb)->frags[i]), > >> > skb_shinfo(skb)->frags[i].page_offset, > >> > - &head); > >> > + &head) < 0) { > >> > +printk(KERN_CRIT "netbk_gop_frag_copy failed: skb frag %d page\n", i); > >> > +printk(KERN_CRIT "copying from offset %x, len %x\n", > >> > + skb_shinfo(skb)->frags[i].page_offset, > >> > + skb_frag_size(&skb_shinfo(skb)->frags[i])); > >> > +dump_page(skb_frag_page(&skb_shinfo(skb)->frags[i])); > >> > +BUG(); > >> > + } > >> > } > >> > > >> > return npo->meta_prod - old_meta_prod; > >> > >> > >> > >> > > > > _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel