[Bug 272966] armv7 Kernel page fault with non-sleepable locks held panic during in6ifa_ifwithaddr for kyua's sys/netpfil/pf/killstate:v6; more tests too

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 272966] armv7 Kernel page fault with non-sleepable locks held panic during in6ifa_ifwithaddr for kyua's sys/netpfil/pf/killstate:v6"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 06 Aug 2023 06:37:13 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272966

Mark Millard <marklmi26-fbsd@yahoo.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|armv7 Kernel page fault     |armv7 Kernel page fault
                   |with non-sleepable locks    |with non-sleepable locks
                   |held panic during           |held panic during
                   |in6ifa_ifwithaddr for       |in6ifa_ifwithaddr for
                   |kyua's                      |kyua's
                   |sys/netpfil/pf/killstate:v6 |sys/netpfil/pf/killstate:v6
                   |                            |; more tests too

--- Comment #1 from Mark Millard <marklmi26-fbsd@yahoo.com> ---
Another test that gets such:

# /usr/bin/kyua test -k /usr/tests/Kyuafile sys/netpfil/pf/modulate:modulate_v6
sys/netpfil/pf/modulate:modulate_v6  ->  Aug  6 06:34:37 generic kernel:
nd6_dad_timer: called with non-tentative address
fe80:3::91:a4ff:fef4:460a(epair0a)
Kernel page fault with the following non-sleepable locks held:
shared rm in6_ifaddr_lock (in6_ifaddr_lock) r = 0 (0xc0b5acd0) locked @
/usr/src/sys/netinet6/in6.c:1620
stack backtrace:
#0 0xc035e060 at witness_debugger+0x74
#1 0xc035f2ec at witness_warn+0x41c
#2 0xc0610b58 at abort_handler+0x1d8
#3 0xc05ef6ac at exception_exit+0
#4 0xc04986b4 at in6ifa_ifwithaddr+0x40
#5 0xc04aa060 at ip6_input+0xd38
#6 0xc04235bc at netisr_dispatch_src+0x100
#7 0xc041a384 at ether_demux+0x1bc
#8 0xc041bb68 at ether_nh_input+0x3dc
#9 0xc04235bc at netisr_dispatch_src+0x100
#10 0xc041a808 at ether_input+0xec
#11 0xe173810c at $a.10+0xbc
#12 0xc03504dc at taskqueue_run_locked+0xb8
#13 0xc0351560 at taskqueue_thread_loop+0x108
#14 0xc02a384c at fork_exit+0xa0
#15 0xc05ef640 at swi_exit+0
Fatal kernel mode data abort: 'Alignment Fault' on read
trapframe: 0xe108aae8
FSR=00000001, FAR=e0311576, spsr=00000013
r0 =e0722000, r1 =00000001, r2 =ffffffff, r3 =c0b285d8
r4 =00000000, r5 =00000000, r6 =e0311576, r7 =e0311566
r8 =c0918b04, r9 =00000000, r10=db785000, r11=e108aba8
r12=00000000, ssp=e108ab78, slr=c02e1790, pc =c04986b4

panic: Fatal abort
cpuid = 2
time = 1691303689
KDB: stack backtrace:
db_trace_self() at db_trace_self
         pc = 0xc05ecde4  lr = 0xc0079c70 (db_trace_self_wrapper+0x30)
         sp = 0xe108a8c0  fp = 0xe108a9d8
db_trace_self_wrapper() at db_trace_self_wrapper+0x30
         pc = 0xc0079c70  lr = 0xc02e99a0 (vpanic+0x140)
         sp = 0xe108a9e0  fp = 0xe108aa00
         r4 = 0x00000100  r5 = 0x00000000
         r6 = 0xc07597e2  r7 = 0xc0aeaec8
vpanic() at vpanic+0x140
         pc = 0xc02e99a0  lr = 0xc02e9780 (doadump)
         sp = 0xe108aa08  fp = 0xe108aa0c
         r4 = 0xe108aae8  r5 = 0x00000013
         r6 = 0xe0311576  r7 = 0x00000001
         r8 = 0x00000001  r9 = 0xe0722000
        r10 = 0xe0311576
doadump() at doadump
         pc = 0xc02e9780  lr = 0xc0611184 (abort_align)
         sp = 0xe108aa14  fp = 0xe108aa40
         r4 = 0xe0311576  r5 = 0xe108aa0c
         r6 = 0xc02e9780 r10 = 0xe108aa14
abort_align() at abort_align
         pc = 0xc0611184  lr = 0xc0610c9c (abort_handler+0x31c)
         sp = 0xe108aa48  fp = 0xe108aae0
         r4 = 0x00000013 r10 = 0xe0311576
abort_handler() at abort_handler+0x31c
         pc = 0xc0610c9c  lr = 0xc05ef6ac (exception_exit)
         sp = 0xe108aae8  fp = 0xe108aba8
         r4 = 0x00000000  r5 = 0x00000000
         r6 = 0xe0311576  r7 = 0xe0311566
         r8 = 0xc0918b04  r9 = 0x00000000
        r10 = 0xdb785000
exception_exit() at exception_exit
         pc = 0xc05ef6ac  lr = 0xc02e1790 (_rm_rlock_debug+0x190)
         sp = 0xe108ab78  fp = 0xe108aba8
         r0 = 0xe0722000  r1 = 0x00000001
         r2 = 0xffffffff  r3 = 0xc0b285d8
         r4 = 0x00000000  r5 = 0x00000000
         r6 = 0xe0311576  r7 = 0xe0311566
         r8 = 0xc0918b04  r9 = 0x00000000
        r10 = 0xdb785000 r12 = 0x00000000
in6ifa_ifwithaddr() at in6ifa_ifwithaddr+0x40
         pc = 0xc04986b4  lr = 0xc04aa060 (ip6_input+0xd38)
         sp = 0xe108abb0  fp = 0xe108ac70
         r4 = 0xe0311576  r5 = 0xe031155e
         r6 = 0x00000000  r7 = 0xe0311566
ip6_input() at ip6_input+0xd38
         pc = 0xc04aa060  lr = 0xc04235bc (netisr_dispatch_src+0x100)
         sp = 0xe108ac78  fp = 0xe108aca0
         r4 = 0x0000001a  r5 = 0xe0311500
         r6 = 0x00000000  r7 = 0xc0b5a398
         r8 = 0x000000dd  r9 = 0xc57f7a40
        r10 = 0x00000086
netisr_dispatch_src() at netisr_dispatch_src+0x100
         pc = 0xc04235bc  lr = 0xc041a384 (ether_demux+0x1bc)
         sp = 0xe108aca8  fp = 0xe108acc0
         r4 = 0xe0311500  r5 = 0x00000006
         r6 = 0xdb785000  r7 = 0x5e4a6f28
         r8 = 0x000000dd  r9 = 0xc57f7a40
        r10 = 0x00000086
ether_demux() at ether_demux+0x1bc
         pc = 0xc041a384  lr = 0xc041bb68 (ether_nh_input+0x3dc)
         sp = 0xe108acc8  fp = 0xe108acf0
         r4 = 0xdb785000  r5 = 0xe0311500
         r6 = 0xe0311550 r10 = 0x00000086
ether_nh_input() at ether_nh_input+0x3dc
         pc = 0xc041bb68  lr = 0xc04235bc (netisr_dispatch_src+0x100)
         sp = 0xe108acf8  fp = 0xe108ad20
         r4 = 0x00000048  r5 = 0xe0311500
         r6 = 0x00000000  r7 = 0xc0b5a378
         r8 = 0x5e4a6f28  r9 = 0xc57f7a40
        r10 = 0x00000000
netisr_dispatch_src() at netisr_dispatch_src+0x100
         pc = 0xc04235bc  lr = 0xc041a808 (ether_input+0xec)
         sp = 0xe108ad28  fp = 0xe108ad60
         r4 = 0xdb785000  r5 = 0x00000000
         r6 = 0xe0311500  r7 = 0x00000000
         r8 = 0x5e4a6f28  r9 = 0xc57f7a40
        r10 = 0x00000000
ether_input() at ether_input+0xec
         pc = 0xc041a808  lr = 0xe173810c ($a.10+0xbc)
         sp = 0xe108ad68  fp = 0xe108ad90
         r4 = 0xdb785000  r5 = 0xe02dc040
         r6 = 0x00000000  r7 = 0xe0311500
         r8 = 0xe17274d3  r9 = 0xe02dc050
        r10 = 0x00000000
$a.10() at $a.10+0xbc
         pc = 0xe173810c  lr = 0xc03504dc (taskqueue_run_locked+0xb8)
         sp = 0xe108ad98  fp = 0xe108ade0
         r4 = 0xe02dfc00  r5 = 0xe02dfc50
         r6 = 0xe02dc06c  r7 = 0x00000001
         r8 = 0x00000001  r9 = 0xc0768ff7
        r10 = 0x00000000
taskqueue_run_locked() at taskqueue_run_locked+0xb8
         pc = 0xc03504dc  lr = 0xc0351560 (taskqueue_thread_loop+0x108)
         sp = 0xe108ade8  fp = 0xe108ae18
         r4 = 0x00000000  r5 = 0xe02dfc00
         r6 = 0xe02dfc40  r7 = 0xc073cb53
         r8 = 0xe02dfc50  r9 = 0x00000100
        r10 = 0xc0afde44
taskqueue_thread_loop() at taskqueue_thread_loop+0x108
         pc = 0xc0351560  lr = 0xc02a384c (fork_exit+0xa0)
         sp = 0xe108ae20  fp = 0xe108ae38
         r4 = 0xe0722000  r5 = 0xc0ada560
         r6 = 0xc0351458  r7 = 0xe1748f94
         r8 = 0xe108ae40  r9 = 0xc0afab7c
fork_exit() at fork_exit+0xa0
         pc = 0xc02a384c  lr = 0xc05ef640 (swi_exit)
         sp = 0xe108ae40  fp = 0x00000000
         r4 = 0xc0351458  r5 = 0xe1748f94
         r6 = 0xc0942429  r7 = 0xc72f21d0
         r8 = 0xc0ada900 r10 = 0xc0afde44
swi_exit() at swi_exit
         pc = 0xc05ef640  lr = 0xc05ef640 (swi_exit)
         sp = 0xe108ae40  fp = 0x00000000
KDB: enter: panic
[ thread pid 0 tid 100261 ]

-- 
You are receiving this mail because:
You are the assignee for the bug.