[Bug 272966] armv7 Kernel page fault with non-sleepable locks held panic during in6ifa_ifwithaddr for kyua's sys/netpfil/pf/killstate:v6

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 06 Aug 2023 06:11:33 UTC 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272966

            Bug ID: 272966
           Summary: armv7 Kernel page fault with non-sleepable locks held
                    panic during in6ifa_ifwithaddr for kyua's
                    sys/netpfil/pf/killstate:v6
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: marklmi26-fbsd@yahoo.com

# /usr/bin/kyua test -k /usr/tests/Kyuafile sys/netpfil/pf/killstate:v6
sys/netpfil/pf/killstate:v6  ->  Kernel page fault with the following
non-sleepable locks held:
shared rm in6_ifaddr_lock (in6_ifaddr_lock) r = 0 (0xc0b5acd0) locked @
/usr/src/sys/netinet6/in6.c:1620
stack backtrace:
#0 0xc035e060 at witness_debugger+0x74
#1 0xc035f2ec at witness_warn+0x41c
#2 0xc0610b58 at abort_handler+0x1d8
#3 0xc05ef6ac at exception_exit+0
#4 0xc04986b4 at in6ifa_ifwithaddr+0x40
#5 0xc04aa060 at ip6_input+0xd38
#6 0xc04235bc at netisr_dispatch_src+0x100
#7 0xc041a384 at ether_demux+0x1bc
#8 0xc041bb68 at ether_nh_input+0x3dc
#9 0xc04235bc at netisr_dispatch_src+0x100
#10 0xc041a808 at ether_input+0xec
#11 0xe183810c at $a.10+0xbc
#12 0xc03504dc at taskqueue_run_locked+0xb8
#13 0xc0351560 at taskqueue_thread_loop+0x108
#14 0xc02a384c at fork_exit+0xa0
#15 0xc05ef640 at swi_exit+0
Fatal kernel mode data abort: 'Alignment Fault' on read
trapframe: 0xe01a2ae8
FSR=00000001, FAR=db540e76, spsr=00000013
r0 =e069aba0, r1 =00000001, r2 =ffffffff, r3 =c0b285d8
r4 =00000000, r5 =00000000, r6 =db540e76, r7 =db540e66
r8 =c0918b04, r9 =00000000, r10=db8a7400, r11=e01a2ba8
r12=00000000, ssp=e01a2b78, slr=c02e1790, pc =c04986b4

panic: Fatal abort
cpuid = 3
time = 1691301843
KDB: stack backtrace:
db_trace_self() at db_trace_self
         pc = 0xc05ecde4  lr = 0xc0079c70 (db_trace_self_wrapper+0x30)
         sp = 0xe01a28c0  fp = 0xe01a29d8
db_trace_self_wrapper() at db_trace_self_wrapper+0x30
         pc = 0xc0079c70  lr = 0xc02e99a0 (vpanic+0x140)
         sp = 0xe01a29e0  fp = 0xe01a2a00
         r4 = 0x00000100  r5 = 0x00000000
         r6 = 0xc07597e2  r7 = 0xc0aeaec8
vpanic() at vpanic+0x140
         pc = 0xc02e99a0  lr = 0xc02e9780 (doadump)
         sp = 0xe01a2a08  fp = 0xe01a2a0c
         r4 = 0xe01a2ae8  r5 = 0x00000013
         r6 = 0xdb540e76  r7 = 0x00000001
         r8 = 0x00000001  r9 = 0xe069aba0
        r10 = 0xdb540e76
doadump() at doadump
         pc = 0xc02e9780  lr = 0xc0611184 (abort_align)
         sp = 0xe01a2a14  fp = 0xe01a2a40
         r4 = 0xdb540e76  r5 = 0xe01a2a0c
         r6 = 0xc02e9780 r10 = 0xe01a2a14
abort_align() at abort_align
         pc = 0xc0611184  lr = 0xc0610c9c (abort_handler+0x31c)
         sp = 0xe01a2a48  fp = 0xe01a2ae0
         r4 = 0x00000013 r10 = 0xdb540e76
abort_handler() at abort_handler+0x31c
         pc = 0xc0610c9c  lr = 0xc05ef6ac (exception_exit)
         sp = 0xe01a2ae8  fp = 0xe01a2ba8
         r4 = 0x00000000  r5 = 0x00000000
         r6 = 0xdb540e76  r7 = 0xdb540e66
         r8 = 0xc0918b04  r9 = 0x00000000
        r10 = 0xdb8a7400
exception_exit() at exception_exit
         pc = 0xc05ef6ac  lr = 0xc02e1790 (_rm_rlock_debug+0x190)
         sp = 0xe01a2b78  fp = 0xe01a2ba8
         r0 = 0xe069aba0  r1 = 0x00000001
         r2 = 0xffffffff  r3 = 0xc0b285d8
         r4 = 0x00000000  r5 = 0x00000000
         r6 = 0xdb540e76  r7 = 0xdb540e66
         r8 = 0xc0918b04  r9 = 0x00000000
        r10 = 0xdb8a7400 r12 = 0x00000000
in6ifa_ifwithaddr() at in6ifa_ifwithaddr+0x40
         pc = 0xc04986b4  lr = 0xc04aa060 (ip6_input+0xd38)
         sp = 0xe01a2bb0  fp = 0xe01a2c70
         r4 = 0xdb540e76  r5 = 0xdb540e5e
         r6 = 0x00000000  r7 = 0xdb540e66
ip6_input() at ip6_input+0xd38
         pc = 0xc04aa060  lr = 0xc04235bc (netisr_dispatch_src+0x100)
         sp = 0xe01a2c78  fp = 0xe01a2ca0
         r4 = 0x0000000a  r5 = 0xdb540e00
         r6 = 0x00000000  r7 = 0xc0b5a398
         r8 = 0x000000dd  r9 = 0xdb863940
        r10 = 0x00000086
netisr_dispatch_src() at netisr_dispatch_src+0x100
         pc = 0xc04235bc  lr = 0xc041a384 (ether_demux+0x1bc)
         sp = 0xe01a2ca8  fp = 0xe01a2cc0
         r4 = 0xdb540e00  r5 = 0x00000006
         r6 = 0xdb8a7400  r7 = 0x5e4a6f28
         r8 = 0x000000dd  r9 = 0xdb863940
        r10 = 0x00000086
ether_demux() at ether_demux+0x1bc
         pc = 0xc041a384  lr = 0xc041bb68 (ether_nh_input+0x3dc)
         sp = 0xe01a2cc8  fp = 0xe01a2cf0
         r4 = 0xdb8a7400  r5 = 0xdb540e00
         r6 = 0xdb540e50 r10 = 0x00000086
ether_nh_input() at ether_nh_input+0x3dc
         pc = 0xc041bb68  lr = 0xc04235bc (netisr_dispatch_src+0x100)
         sp = 0xe01a2cf8  fp = 0xe01a2d20
         r4 = 0x0000002d  r5 = 0xdb540e00
         r6 = 0x00000000  r7 = 0xc0b5a378
         r8 = 0x5e4a6f28  r9 = 0xdb863940
        r10 = 0x00000000
netisr_dispatch_src() at netisr_dispatch_src+0x100
         pc = 0xc04235bc  lr = 0xc041a808 (ether_input+0xec)
         sp = 0xe01a2d28  fp = 0xe01a2d60
         r4 = 0xdb8a7400  r5 = 0x00000000
         r6 = 0xdb540e00  r7 = 0x00000000
         r8 = 0x5e4a6f28  r9 = 0xdb863940
        r10 = 0x00000000
ether_input() at ether_input+0xec
         pc = 0xc041a808  lr = 0xe183810c ($a.10+0xbc)
         sp = 0xe01a2d68  fp = 0xe01a2d90
         r4 = 0xdb8a7400  r5 = 0xdb85fdc0
         r6 = 0x00000000  r7 = 0xdb540e00
         r8 = 0xe18274d3  r9 = 0xdb85fdd0
        r10 = 0x00000000
$a.10() at $a.10+0xbc
         pc = 0xe183810c  lr = 0xc03504dc (taskqueue_run_locked+0xb8)
         sp = 0xe01a2d98  fp = 0xe01a2de0
         r4 = 0xdb721c00  r5 = 0xdb721c50
         r6 = 0xdb85fdec  r7 = 0x00000001
         r8 = 0x00000001  r9 = 0xc0768ff7
        r10 = 0x00000000
taskqueue_run_locked() at taskqueue_run_locked+0xb8
         pc = 0xc03504dc  lr = 0xc0351560 (taskqueue_thread_loop+0x108)
         sp = 0xe01a2de8  fp = 0xe01a2e18
         r4 = 0x00000000  r5 = 0xdb721c00
         r6 = 0xdb721c40  r7 = 0xc073cb53
         r8 = 0xdb721c50  r9 = 0x00000100
        r10 = 0xc0afde44
taskqueue_thread_loop() at taskqueue_thread_loop+0x108
         pc = 0xc0351560  lr = 0xc02a384c (fork_exit+0xa0)
         sp = 0xe01a2e20  fp = 0xe01a2e38
         r4 = 0xe069aba0  r5 = 0xc0ada560
         r6 = 0xc0351458  r7 = 0xe1848f94
         r8 = 0xe01a2e40  r9 = 0xc0afab7c
fork_exit() at fork_exit+0xa0
         pc = 0xc02a384c  lr = 0xc05ef640 (swi_exit)
         sp = 0xe01a2e40  fp = 0x00000000
         r4 = 0xc0351458  r5 = 0xe1848f94
         r6 = 0xc0942429  r7 = 0xc0f051d0
         r8 = 0xc0ada900 r10 = 0xc0afde44
swi_exit() at swi_exit
         pc = 0xc05ef640  lr = 0xc05ef640 (swi_exit)
         sp = 0xe01a2e40  fp = 0x00000000
KDB: enter: panic
[ thread pid 0 tid 100255 ]

Notes:

I'd set up armv7 USB boot media based on:

http://ftp3.freebsd.org/pub/FreeBSD/snapshots/ISO-IMAGES/14.0/FreeBSD-14.0-CURRENT-arm-armv7-GENERICSD-20230803-8a5c836b51ce-264491.img.xz

for the OrangePi+2Ed (it also handles the RPi2B v1.1). The OrangePi+2Ed u-boot
is on other media, so the boot media was not modified for that.  The built-in
Ethernet port was the only networking interface in use.

No builds by me were involved for the USB boot media. The ports installed
are from the FreeBSD servers and are for kyua activity's use (plus
dependencies), other than gdb.

I'll note that I've been preloading kernel modules:

# grep kldload ~/prekyua-kldloads.sh 
kldload -v -n zfs.ko
kldload -v -n cryptodev.ko
kldload -v -n nullfs.ko
kldload -v -n fdescfs.ko
kldload -v -n filemon.ko
kldload -v -n nfsd.ko
kldload -v -n tarfs.ko
kldload -v -n xz.ko
kldload -v -n geom_concat.ko
kldload -v -n geom_eli.ko
kldload -v -n geom_nop.ko
kldload -v -n geom_gate.ko
kldload -v -n geom_mirror.ko
kldload -v -n geom_multipath.ko
kldload -v -n sdt.ko
kldload -v -n dtrace.ko
kldload -v -n opensolaris.ko
kldload -v -n geom_raid3.ko
kldload -v -n geom_shsec.ko
kldload -v -n geom_stripe.ko
kldload -v -n geom_uzip.ko
kldload -v -n if_epair.ko
kldload -v -n if_gif.ko
kldload -v -n if_tuntap.ko
kldload -v -n if_lagg.ko
kldload -v -n if_infiniband.ko
kldload -v -n if_wg.ko
kldload -v -n ng_socket.ko
kldload -v -n netgraph.ko
kldload -v -n ng_hub.ko
kldload -v -n ng_bridge.ko
kldload -v -n ng_ether.ko
kldload -v -n ng_vlan_rotate.ko
kldload -v -n ipdivert.ko
kldload -v -n pf.ko
#kldload -v -n vmm.ko
kldload -v -n if_bridge.ko
kldload -v -n bridgestp.ko
kldload -v -n mqueuefs.ko
kldload -v -n tcpmd5.ko
kldload -v -n carp.ko
kldload -v -n sctp.ko
kldload -v -n if_stf.ko
kldload -v -n if_ovpn.ko
kldload -v -n ipsec.ko
#kldload -v -n ipfw.ko
#kldload -v -n pflog.ko
#kldload -v -n pfsync.ko
kldload -v -n dummynet.ko

(A few are commented out instead.)

-- 
You are receiving this mail because:
You are the assignee for the bug.