Date: Sun, 06 Aug 2023 06:37:13 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 272966] armv7 Kernel page fault with non-sleepable locks held panic during in6ifa_ifwithaddr for kyua's sys/netpfil/pf/killstate:v6; more tests too Message-ID: <bug-272966-227-9r0wdJQXae@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-272966-227@https.bugs.freebsd.org/bugzilla/> References: <bug-272966-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D272966 Mark Millard <marklmi26-fbsd@yahoo.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|armv7 Kernel page fault |armv7 Kernel page fault |with non-sleepable locks |with non-sleepable locks |held panic during |held panic during |in6ifa_ifwithaddr for |in6ifa_ifwithaddr for |kyua's |kyua's |sys/netpfil/pf/killstate:v6 |sys/netpfil/pf/killstate:v6 | |; more tests too --- Comment #1 from Mark Millard <marklmi26-fbsd@yahoo.com> --- Another test that gets such: # /usr/bin/kyua test -k /usr/tests/Kyuafile sys/netpfil/pf/modulate:modulat= e_v6 sys/netpfil/pf/modulate:modulate_v6 -> Aug 6 06:34:37 generic kernel: nd6_dad_timer: called with non-tentative address fe80:3::91:a4ff:fef4:460a(epair0a) Kernel page fault with the following non-sleepable locks held: shared rm in6_ifaddr_lock (in6_ifaddr_lock) r =3D 0 (0xc0b5acd0) locked @ /usr/src/sys/netinet6/in6.c:1620 stack backtrace: #0 0xc035e060 at witness_debugger+0x74 #1 0xc035f2ec at witness_warn+0x41c #2 0xc0610b58 at abort_handler+0x1d8 #3 0xc05ef6ac at exception_exit+0 #4 0xc04986b4 at in6ifa_ifwithaddr+0x40 #5 0xc04aa060 at ip6_input+0xd38 #6 0xc04235bc at netisr_dispatch_src+0x100 #7 0xc041a384 at ether_demux+0x1bc #8 0xc041bb68 at ether_nh_input+0x3dc #9 0xc04235bc at netisr_dispatch_src+0x100 #10 0xc041a808 at ether_input+0xec #11 0xe173810c at $a.10+0xbc #12 0xc03504dc at taskqueue_run_locked+0xb8 #13 0xc0351560 at taskqueue_thread_loop+0x108 #14 0xc02a384c at fork_exit+0xa0 #15 0xc05ef640 at swi_exit+0 Fatal kernel mode data abort: 'Alignment Fault' on read trapframe: 0xe108aae8 FSR=3D00000001, FAR=3De0311576, spsr=3D00000013 r0 =3De0722000, r1 =3D00000001, r2 =3Dffffffff, r3 =3Dc0b285d8 r4 =3D00000000, r5 =3D00000000, r6 =3De0311576, r7 =3De0311566 r8 =3Dc0918b04, r9 =3D00000000, r10=3Ddb785000, r11=3De108aba8 r12=3D00000000, ssp=3De108ab78, slr=3Dc02e1790, pc =3Dc04986b4 panic: Fatal abort cpuid =3D 2 time =3D 1691303689 KDB: stack backtrace: db_trace_self() at db_trace_self pc =3D 0xc05ecde4 lr =3D 0xc0079c70 (db_trace_self_wrapper+0x30) sp =3D 0xe108a8c0 fp =3D 0xe108a9d8 db_trace_self_wrapper() at db_trace_self_wrapper+0x30 pc =3D 0xc0079c70 lr =3D 0xc02e99a0 (vpanic+0x140) sp =3D 0xe108a9e0 fp =3D 0xe108aa00 r4 =3D 0x00000100 r5 =3D 0x00000000 r6 =3D 0xc07597e2 r7 =3D 0xc0aeaec8 vpanic() at vpanic+0x140 pc =3D 0xc02e99a0 lr =3D 0xc02e9780 (doadump) sp =3D 0xe108aa08 fp =3D 0xe108aa0c r4 =3D 0xe108aae8 r5 =3D 0x00000013 r6 =3D 0xe0311576 r7 =3D 0x00000001 r8 =3D 0x00000001 r9 =3D 0xe0722000 r10 =3D 0xe0311576 doadump() at doadump pc =3D 0xc02e9780 lr =3D 0xc0611184 (abort_align) sp =3D 0xe108aa14 fp =3D 0xe108aa40 r4 =3D 0xe0311576 r5 =3D 0xe108aa0c r6 =3D 0xc02e9780 r10 =3D 0xe108aa14 abort_align() at abort_align pc =3D 0xc0611184 lr =3D 0xc0610c9c (abort_handler+0x31c) sp =3D 0xe108aa48 fp =3D 0xe108aae0 r4 =3D 0x00000013 r10 =3D 0xe0311576 abort_handler() at abort_handler+0x31c pc =3D 0xc0610c9c lr =3D 0xc05ef6ac (exception_exit) sp =3D 0xe108aae8 fp =3D 0xe108aba8 r4 =3D 0x00000000 r5 =3D 0x00000000 r6 =3D 0xe0311576 r7 =3D 0xe0311566 r8 =3D 0xc0918b04 r9 =3D 0x00000000 r10 =3D 0xdb785000 exception_exit() at exception_exit pc =3D 0xc05ef6ac lr =3D 0xc02e1790 (_rm_rlock_debug+0x190) sp =3D 0xe108ab78 fp =3D 0xe108aba8 r0 =3D 0xe0722000 r1 =3D 0x00000001 r2 =3D 0xffffffff r3 =3D 0xc0b285d8 r4 =3D 0x00000000 r5 =3D 0x00000000 r6 =3D 0xe0311576 r7 =3D 0xe0311566 r8 =3D 0xc0918b04 r9 =3D 0x00000000 r10 =3D 0xdb785000 r12 =3D 0x00000000 in6ifa_ifwithaddr() at in6ifa_ifwithaddr+0x40 pc =3D 0xc04986b4 lr =3D 0xc04aa060 (ip6_input+0xd38) sp =3D 0xe108abb0 fp =3D 0xe108ac70 r4 =3D 0xe0311576 r5 =3D 0xe031155e r6 =3D 0x00000000 r7 =3D 0xe0311566 ip6_input() at ip6_input+0xd38 pc =3D 0xc04aa060 lr =3D 0xc04235bc (netisr_dispatch_src+0x100) sp =3D 0xe108ac78 fp =3D 0xe108aca0 r4 =3D 0x0000001a r5 =3D 0xe0311500 r6 =3D 0x00000000 r7 =3D 0xc0b5a398 r8 =3D 0x000000dd r9 =3D 0xc57f7a40 r10 =3D 0x00000086 netisr_dispatch_src() at netisr_dispatch_src+0x100 pc =3D 0xc04235bc lr =3D 0xc041a384 (ether_demux+0x1bc) sp =3D 0xe108aca8 fp =3D 0xe108acc0 r4 =3D 0xe0311500 r5 =3D 0x00000006 r6 =3D 0xdb785000 r7 =3D 0x5e4a6f28 r8 =3D 0x000000dd r9 =3D 0xc57f7a40 r10 =3D 0x00000086 ether_demux() at ether_demux+0x1bc pc =3D 0xc041a384 lr =3D 0xc041bb68 (ether_nh_input+0x3dc) sp =3D 0xe108acc8 fp =3D 0xe108acf0 r4 =3D 0xdb785000 r5 =3D 0xe0311500 r6 =3D 0xe0311550 r10 =3D 0x00000086 ether_nh_input() at ether_nh_input+0x3dc pc =3D 0xc041bb68 lr =3D 0xc04235bc (netisr_dispatch_src+0x100) sp =3D 0xe108acf8 fp =3D 0xe108ad20 r4 =3D 0x00000048 r5 =3D 0xe0311500 r6 =3D 0x00000000 r7 =3D 0xc0b5a378 r8 =3D 0x5e4a6f28 r9 =3D 0xc57f7a40 r10 =3D 0x00000000 netisr_dispatch_src() at netisr_dispatch_src+0x100 pc =3D 0xc04235bc lr =3D 0xc041a808 (ether_input+0xec) sp =3D 0xe108ad28 fp =3D 0xe108ad60 r4 =3D 0xdb785000 r5 =3D 0x00000000 r6 =3D 0xe0311500 r7 =3D 0x00000000 r8 =3D 0x5e4a6f28 r9 =3D 0xc57f7a40 r10 =3D 0x00000000 ether_input() at ether_input+0xec pc =3D 0xc041a808 lr =3D 0xe173810c ($a.10+0xbc) sp =3D 0xe108ad68 fp =3D 0xe108ad90 r4 =3D 0xdb785000 r5 =3D 0xe02dc040 r6 =3D 0x00000000 r7 =3D 0xe0311500 r8 =3D 0xe17274d3 r9 =3D 0xe02dc050 r10 =3D 0x00000000 $a.10() at $a.10+0xbc pc =3D 0xe173810c lr =3D 0xc03504dc (taskqueue_run_locked+0xb8) sp =3D 0xe108ad98 fp =3D 0xe108ade0 r4 =3D 0xe02dfc00 r5 =3D 0xe02dfc50 r6 =3D 0xe02dc06c r7 =3D 0x00000001 r8 =3D 0x00000001 r9 =3D 0xc0768ff7 r10 =3D 0x00000000 taskqueue_run_locked() at taskqueue_run_locked+0xb8 pc =3D 0xc03504dc lr =3D 0xc0351560 (taskqueue_thread_loop+0x108) sp =3D 0xe108ade8 fp =3D 0xe108ae18 r4 =3D 0x00000000 r5 =3D 0xe02dfc00 r6 =3D 0xe02dfc40 r7 =3D 0xc073cb53 r8 =3D 0xe02dfc50 r9 =3D 0x00000100 r10 =3D 0xc0afde44 taskqueue_thread_loop() at taskqueue_thread_loop+0x108 pc =3D 0xc0351560 lr =3D 0xc02a384c (fork_exit+0xa0) sp =3D 0xe108ae20 fp =3D 0xe108ae38 r4 =3D 0xe0722000 r5 =3D 0xc0ada560 r6 =3D 0xc0351458 r7 =3D 0xe1748f94 r8 =3D 0xe108ae40 r9 =3D 0xc0afab7c fork_exit() at fork_exit+0xa0 pc =3D 0xc02a384c lr =3D 0xc05ef640 (swi_exit) sp =3D 0xe108ae40 fp =3D 0x00000000 r4 =3D 0xc0351458 r5 =3D 0xe1748f94 r6 =3D 0xc0942429 r7 =3D 0xc72f21d0 r8 =3D 0xc0ada900 r10 =3D 0xc0afde44 swi_exit() at swi_exit pc =3D 0xc05ef640 lr =3D 0xc05ef640 (swi_exit) sp =3D 0xe108ae40 fp =3D 0x00000000 KDB: enter: panic [ thread pid 0 tid 100261 ] --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-272966-227-9r0wdJQXae>