Date: Fri, 30 Sep 2022 19:05:50 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 266730] powerpc kernel crash on loadable modules that use copyin/copyout ifunc Message-ID: <bug-266730-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D266730 Bug ID: 266730 Summary: powerpc kernel crash on loadable modules that use copyin/copyout ifunc Product: Base System Version: 13.1-STABLE Hardware: powerpc OS: Any Status: New Severity: Affects Many People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: alfredo@freebsd.org At least powerpc64 and powerpc64le kernels panic when copyin/copyout functi= ons are called by external kernel modules (like pfsync, zfs and linuxulator). The panic with exception 0x480 (instruction segment exception) occurs in a context where the functions are set as pointers in cpuset_copy_cb struct. It doesn't crash when functions are called directly (without the struct) or wrapped to be called through a local function wrapper. This affects FreeBSD 13.1/STABLE and 14/CURRENT. How to reproduce: 1- Boot FreeBSD 13.1/STABLE=20 2- kldload pfsync Results: fatal kernel trap: exception =3D 0x480 (instruction segment exception) virtual address =3D 0x38bf00ec7fc3f378 srr0 =3D 0x38bf00ec7fc3f378 (0x78bf00ec7fc3f378) srr1 =3D 0x8000000000009032 current msr =3D 0x8000000000009032 lr =3D 0xc008000051a143f4 (0x8000051a143f4) frame =3D 0xc00800001b5afd50 curthread =3D 0xc0080000518330e0 pid =3D 832, comm =3D ifconfig panic: instruction segment exception trap cpuid =3D 1 time =3D 1664564648 KDB: stack backtrace: 0xc00800001b5af970: at kdb_backtrace+0x60 0xc00800001b5afa80: at vpanic+0x1b8 0xc00800001b5afb30: at panic+0x44 0xc00800001b5afb60: at trap+0x324 0xc00800001b5afc90: at powerpc_interrupt+0x1cc 0xc00800001b5afd20: kernel ISE trap @ 0x38bf00ec7fc3f378 by 0x38bf00ec7fc3f= 378: srr1=3D0x8000000000009032 r1=3D0xc00800001b5affd0 cr=3D0x28020a40 xer=3D0x20040000 ctr=3D0x38bf00ec7fc3f378 r2=3D0xc008000051a348e8 frame=3D0xc00800001b5afd50 0xc00800001b5affd0: at pfsyncioctl+0x368 0xc00800001b5b00f0: at ifioctl+0xc44 0xc00800001b5b0290: at soo_ioctl+0x1b4 0xc00800001b5b0320: at kern_ioctl+0x3d4 0xc00800001b5b03f0: at sys_ioctl+0x134 0xc00800001b5b0520: at syscall+0x194 0xc00800001b5b0620: at trap+0x5e8 0xc00800001b5b0750: at powerpc_interrupt+0x1cc 0xc00800001b5b07e0: user SC trap by 0x8013c5be0: srr1=3D0x800000000280f932 r1=3D0xfffffbfffe0c0 cr=3D0x22251682 xer=3D0 ctr=3D0x8013c5bd0 r2=3D0x8014a2478 frame=3D0xc00800001b5b0810 KDB: enter: panic [ thread pid 832 tid 100073 ] Stopped at kdb_enter+0x70: ori r0, r0, 0x0 db> --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-266730-227>