Date: Fri, 30 Sep 2022 19:05:50 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 266730] powerpc kernel crash on loadable modules that use copyin/copyout ifunc Message-ID: <bug-266730-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266730 Bug ID: 266730 Summary: powerpc kernel crash on loadable modules that use copyin/copyout ifunc Product: Base System Version: 13.1-STABLE Hardware: powerpc OS: Any Status: New Severity: Affects Many People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: alfredo@freebsd.org At least powerpc64 and powerpc64le kernels panic when copyin/copyout functions are called by external kernel modules (like pfsync, zfs and linuxulator). The panic with exception 0x480 (instruction segment exception) occurs in a context where the functions are set as pointers in cpuset_copy_cb struct. It doesn't crash when functions are called directly (without the struct) or wrapped to be called through a local function wrapper. This affects FreeBSD 13.1/STABLE and 14/CURRENT. How to reproduce: 1- Boot FreeBSD 13.1/STABLE 2- kldload pfsync Results: fatal kernel trap: exception = 0x480 (instruction segment exception) virtual address = 0x38bf00ec7fc3f378 srr0 = 0x38bf00ec7fc3f378 (0x78bf00ec7fc3f378) srr1 = 0x8000000000009032 current msr = 0x8000000000009032 lr = 0xc008000051a143f4 (0x8000051a143f4) frame = 0xc00800001b5afd50 curthread = 0xc0080000518330e0 pid = 832, comm = ifconfig panic: instruction segment exception trap cpuid = 1 time = 1664564648 KDB: stack backtrace: 0xc00800001b5af970: at kdb_backtrace+0x60 0xc00800001b5afa80: at vpanic+0x1b8 0xc00800001b5afb30: at panic+0x44 0xc00800001b5afb60: at trap+0x324 0xc00800001b5afc90: at powerpc_interrupt+0x1cc 0xc00800001b5afd20: kernel ISE trap @ 0x38bf00ec7fc3f378 by 0x38bf00ec7fc3f378: srr1=0x8000000000009032 r1=0xc00800001b5affd0 cr=0x28020a40 xer=0x20040000 ctr=0x38bf00ec7fc3f378 r2=0xc008000051a348e8 frame=0xc00800001b5afd50 0xc00800001b5affd0: at pfsyncioctl+0x368 0xc00800001b5b00f0: at ifioctl+0xc44 0xc00800001b5b0290: at soo_ioctl+0x1b4 0xc00800001b5b0320: at kern_ioctl+0x3d4 0xc00800001b5b03f0: at sys_ioctl+0x134 0xc00800001b5b0520: at syscall+0x194 0xc00800001b5b0620: at trap+0x5e8 0xc00800001b5b0750: at powerpc_interrupt+0x1cc 0xc00800001b5b07e0: user SC trap by 0x8013c5be0: srr1=0x800000000280f932 r1=0xfffffbfffe0c0 cr=0x22251682 xer=0 ctr=0x8013c5bd0 r2=0x8014a2478 frame=0xc00800001b5b0810 KDB: enter: panic [ thread pid 832 tid 100073 ] Stopped at kdb_enter+0x70: ori r0, r0, 0x0 db> -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-266730-227>