[Bug 271288] FreeBSD 13.2; Alignment Fault ; network related

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 06 May 2023 20:42:16 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271288

            Bug ID: 271288
           Summary: FreeBSD 13.2; Alignment Fault ; network related
           Product: Base System
           Version: 13.2-RELEASE
          Hardware: arm
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: arm
          Assignee: freebsd-arm@FreeBSD.org
          Reporter: martin@bxlr.sk

In qemu, using FreeBSD-13.2-RELEASE-arm-armv7-GENERICSD.img image, with out
without virtio network system fails to boot and crashes on data alignment
fault.

With virtio VM started as:

qemu-system-arm -M virt -m 2048 -nic tap -bios u-boot.bin -hda
FreeBSD-13.2-RELEASE-arm-armv7-GENERICSD.img -s \
-device virtio-net-pci,netdev=network0 -netdev tap,id=network0,br=br0

Crashes the system during network initialization:

DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 7
Fatal kernel mode data abort: 'Alignment Fault' on read
trapframe: 0xd5ec5a60
FSR=00000001, FAR=d8e4f01a, spsr=20000013
r0 =00000000, r1 =00000001, r2 =00000001, r3 =d5ec5b4c
r4 =00000014, r5 =d8dd4300, r6 =d8e4f02e, r7 =00000134
r8 =00000000, r9 =00000134, r10=d8e4f01a, r11=d5ec5b90
r12=4400ffff, ssp=d5ec5af0, slr=c04a9728, pc =c04a9750

panic: Fatal abort
cpuid = 0
time = 1680843368
KDB: stack backtrace:
#0 0xc035786c at kdb_backtrace+0x48
#1 0xc02fdd20 at vpanic+0x140
#2 0xc02fdbe0 at vpanic+0
#3 0xc06304ac at abort_align+0
#4 0xc063052c at abort_align+0x80
#5 0xc063017c at abort_handler+0x480
#6 0xc060f480 at exception_exit+0
#7 0xc04a9750 at udp_input+0x288
#8 0xc0473f54 at ip_input+0x1e0
#9 0xc04447c0 at netisr_dispatch_src+0xf8
#10 0xc043bf2c at ether_demux+0x1a4
#11 0xc043d5e4 at ether_nh_input+0x480
#12 0xc04447c0 at netisr_dispatch_src+0xf8
#13 0xc043c404 at ether_input+0x50
#14 0xc01c0838 at vtnet_rx_vq_process+0x880
#15 0xc01b70d0 at vtpci_intx_intr+0xac
#16 0xc02b87f0 at ithread_loop+0x2ec
#17 0xc02b465c at fork_exit+0xc0
Uptime: 49s

Quick check with gdb reveals:

Breakpoint 2, udp_input (mp=<optimized out>, offp=<optimized out>, proto=17) at
/usr/src/sys/netinet/udp_usrreq.c:504
504     in /usr/src/sys/netinet/udp_usrreq.c
=> 0xc04a9750 <udp_input+648>:  03 00 9a e8     ldm     r10, {r0, r1}
   0xc04a9754 <udp_input+652>:  00 20 a0 e3     mov     r2, #0
   0xc04a9758 <udp_input+656>:  08 30 da e5     ldrb    r3, [r10, #8]

(gdb) i r $r10 $cpsr
r10            0xd8ebc01a          -655638502
cpsr           0x20000013          536870931
(gdb)

I simplified the setup and removed the tap interface from the qemu setup.
Machine boots but crashes while I try to SSH to it:

login: Fatal kernel mode data abort: 'Alignment Fault' on read
trapframe: 0xd5ecea18
FSR=00000001, FAR=e1141032, spsr=60000013
r0 =00000014, r1 =0000003c, r2 =00000010, r3 =00000010
r4 =e114102e, r5 =d8e84200, r6 =00000028, r7 =00000000
r8 =00000014, r9 =00000000, r10=00000028, r11=d5eceb88
r12=d8e84200, ssp=d5eceaa8, slr=c04847c8, pc =c0482e58

panic: Fatal abort
cpuid = 0
time = 1680843499
KDB: stack backtrace:
#0 0xc035786c at kdb_backtrace+0x48
#1 0xc02fdd20 at vpanic+0x140
#2 0xc02fdbe0 at vpanic+0
#3 0xc06304ac at abort_align+0
#4 0xc063052c at abort_align+0x80
#5 0xc063017c at abort_handler+0x480
#6 0xc060f480 at exception_exit+0
#7 0xc0482e58 at tcp_input_with_port+0x4c4
#8 0xc04847c8 at tcp_input+0x10
#9 0xc0473f54 at ip_input+0x1e0
#10 0xc04447c0 at netisr_dispatch_src+0xf8
#11 0xc043bf2c at ether_demux+0x1a4
#12 0xc043d5e4 at ether_nh_input+0x480
#13 0xc04447c0 at netisr_dispatch_src+0xf8
#14 0xc043c404 at ether_input+0x50
#15 0xc01c0838 at vtnet_rx_vq_process+0x880
#16 0xc01b70d0 at vtpci_intx_intr+0xac
#17 0xc02b87f0 at ithread_loop+0x2ec
Uptime: 1m17s

Breakpoint 3, tcp_fields_to_host (th=0xe114402e) at
/usr/src/sys/netinet/tcp_var.h:1126
1126    /usr/src/sys/netinet/tcp_var.h: No such file or directory.
=> 0xc0482e58 <tcp_input_with_port+1220>:       03 00 94 e9     ldmib   r4,
{r0, r1}

(gdb) i r $r4 $cpsr
r4             0xe114402e          -518766546
cpsr           0x60000013          1610612755
(gdb)

It seems data structures are not aligned to their native boundaries.

-- 
You are receiving this mail because:
You are the assignee for the bug.