kern/58470: modunload if_wg crashes if no wgN interfaces have been created

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/58470: modunload if_wg crashes if no wgN interfaces have been created
From: campbell+netbsd%mumble.net@localhost
Date: Fri, 26 Jul 2024 16:10:01 +0000 (UTC)

>Number:         58470
>Category:       kern
>Synopsis:       modunload if_wg crashes if no wgN interfaces have been created
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Jul 26 16:10:00 +0000 2024
>Originator:     campbell+netbsd%mumble.net@localhost
>Release:        current, 10
>Organization:
The NetWG Foundunloaded
>Environment:
>Description:
# modunload if_wg
[ 118370.9606438] panic: Trap: Data Abort (EL1): Translation Fault L2 with write access for 0000000000000000: pc ffffc000005fd838: str x1, [x21]

[ 118370.9606438] cpu0: Begin traceback...
[ 118370.9606438] trace fp ffffc000bf207710
[ 118370.9716538] fp ffffc000bf207740 vpanic() at ffffc000005f2970 netbsd:vpanic+0x1a0
[ 118370.9716538] fp ffffc000bf2077a0 panic() at ffffc000005f2a54 netbsd:panic+0x44
[ 118370.9818178] fp ffffc000bf207830 data_abort_handler() at ffffc000000b51e8 netbsd:data_abort_handler+0x718
[ 118370.9818178] tf ffffc000bf2078e0 el1_trap() at ffffc000000b6784 netbsd:el1_vectors+0x784
[ 118370.9936878] ---- Data Abort (EL1): trapframe 0xffffc000bf2078e0 (304 bytes) ----
[ 118370.9936878]     pc=ffffc000005fd838,   spsr=0000000020000005
[ 118370.9936878]    esr=0000000096000046,    far=0000000000000000
[ 118371.0029099]     x0=0000000000000002,     x1=ffffc000005fd5c0
[ 118371.0029099]     x2=ffffc00000bfdd00,     x3=0000000000000001
[ 118371.0029099]     x4=0000000000000000,     x5=0000000000000000
[ 118371.0029099]     x6=0000000000000007,     x7=0000000000000000
[ 118371.0029099]     x8=ffffc00000f49000,     x9=000000000000000f
[ 118371.0029099]    x10=ffff00007fbbf000,    x11=0000000000000000
[ 118371.0029099]    x12=0000000000000000,    x13=0000000000000000
[ 118371.0143349]    x14=0000000000000001,    x15=0000000000000000
[ 118371.0143349]    x16=ffffc00000004560,    x17=0000fad5e1e1dc84
[ 118371.0143349]    x18=0000000000000000,    x19=ffffc00001a00000
[ 118371.0143349]    x20=0000000000000000,    x21=0000000000000000
[ 118371.0143349]    x22=ffffc00001215f80,    x23=ffffc0000121a000
[ 118371.0244689]    x24=ffffc00000f44000,    x25=000000000000002f
[ 118371.0244689]    x26=0000000000000037,    x27=ffffc00000f54160
[ 118371.0244689]    x28=ffffc000005fd000, fp=x29=ffffc000bf207c10
[ 118371.0244689] lr=x30=ffffc000005fd800,     sp=ffffc000bf207c10
[ 118371.0244689] ------------------------------------------------
[ 118371.0244689] fp ffffc000bf207c10 workqueue_destroy() at ffffc000005fd838 netbsd:workqueue_destroy+0x64
[ 118371.0361287] fp ffffc000bf207c90 if_wg_modcmd() at ffffc00001a0b4d8 if_wg:if_wg_modcmd+0x58
[ 118371.0456108] fp ffffc000bf207cd0 module_do_unload() at ffffc000005983a4 netbsd:module_do_unload+0xc4
[ 118371.0456108] fp ffffc000bf207d30 module_unload() at ffffc0000059a220 netbsd:module_unload+0x40
[ 118371.0563616] fp ffffc000bf207d50 sys_modctl() at ffffc00000607578 netbsd:sys_modctl+0x318
[ 118371.0666035] fp ffffc000bf207e20 syscall() at ffffc000000b32fc netbsd:syscall+0x12c
[ 118371.0768117] tf ffffc000bf207ed0 el0_trap() at ffffc000000b67f0 netbsd:el1_trap_exit+0x68
[ 118371.0880649] ---- SVC Instruction Execution: trapframe 0xffffc000bf207ed0 (304 bytes) ----
[ 118371.0880649]     pc=0000fad5e1e1c838,   spsr=0000000020000000
[ 118371.0880649]    esr=00000000560000f6,    far=0000fad5e1f28ba0
[ 118371.0880649]     x0=0000000000000001,     x1=0000ffffffa0a30a
[ 118371.0880649]     x2=0000ffffffa09dc0,     x3=0000000000000001
[ 118371.0977353]     x4=0000fad5e21f58c8,     x5=0000000000000000
[ 118371.0977353]     x6=0000000000000000,     x7=0000fad5e21e2e63
[ 118371.0977353]     x8=0000000000000000,     x9=0000000000000000
[ 118371.0977353]    x10=0000000000000000,    x11=0000000000000000
[ 118371.0977353]    x12=0000000000000000,    x13=0000000000000000
[ 118371.0977353]    x14=0000000000000001,    x15=0000000000000000
[ 118371.0977353]    x16=0000fad5e1fd19d0,    x17=0000fad5e1e1dc84
[ 118371.0977353]    x18=0000000000000000,    x19=0000ffffffa09da8
[ 118371.1103645]    x20=0000000000000001,    x21=0000fad5e1e1c834
[ 118371.1103645]    x22=0000000000000002,    x23=0000000008aefda8
[ 118371.1103645]    x24=0000ffffffa0afe0,    x25=0000ffffef930000
[ 118371.1103645]    x26=0000000000000000,    x27=0000000000000000
[ 118371.1103645]    x28=0000000000000000, fp=x29=0000ffffffa09d60
[ 118371.1103645] lr=x30=0000000008ad0cd0,     sp=0000ffffffa09d30
[ 118371.1199806] ------------------------------------------------
[ 118371.1199806] cpu0: End traceback...
Stopped in pid 3628.3628 (modunload) at netbsd:cpu_Debugger+0xc:        ldp     x29, x30, [sp],#16

>How-To-Repeat:
# modload if_wg
# modunload if_wg

with no intervening `if wgN create'
>Fix:
Destroy workqueue and pktqueue conditionally, since they are lazily created when the first wgN interface is created, owing to annoying module initialization order issues.

Prev by Date: Re: port-amd64/58410: x86_patch() panic with core ultra processor
Next by Date: Re: kern/58470 (modunload if_wg crashes if no wgN interfaces have been created)
Previous by Thread: kern/58468: kernel libsodium import needs review and crypto self-tests
Next by Thread: Re: kern/58470 (modunload if_wg crashes if no wgN interfaces have been created)
Indexes:

Home | Main Index | Thread Index | Old Index