[Bug 272966] 14.0-ALPHA1 too: armv7 Kernel page fault with non-sleepable locks held panic during in6ifa_ifwithaddr for kyua's sys/netpfil/pf/killstate:v6; more tests too

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272966

--- Comment #14 from Mark Millard <marklmi26-fbsd@yahoo.com> ---
(In reply to Mark Linimon from comment #11)

So I loaded a subset of the kernel modules that
avoided the odd messages but was sufficient to
run the test in the description. It still crashes.

But is not same non-sleepable lock being held:

# /usr/bin/kyua test -k /usr/tests/Kyuafile sys/netpfil/pf/killstate:v6
sys/netpfil/pf/killstate:v6  ->  Kernel page fault with the following
non-sleepable locks held:
shared rm pf rulesets (pf rulesets) r = 0 (0xe2f507f0) locked @
/home/pkgbuild/worktrees/main/sys/netpfil/pf/pf.c:10331
stack backtrace:
#0 0xc037b984 at witness_debugger+0x78
#1 0xc037cc44 at witness_warn+0x428
#2 0xc063de6c at abort_handler+0x1d4
#3 0xc061c5fc at exception_exit+0
#4 0xe1f2db5c at pf_state_insert+0x21c
#5 0xe1f3f224 at $a+0x2a8
#6 0xe1f3bcf4 at $a+0xe8
#7 0xe1f585cc at $a+0x68
#8 0xc044a8e4 at pfil_mbuf_in+0x60
#9 0xc04d6640 at ip6_input+0xaf8
#10 0xc0449310 at netisr_dispatch_src+0xfc
#11 0xc04402a8 at ether_demux+0x1b0
#12 0xc044193c at ether_nh_input+0x3dc
#13 0xc0449310 at netisr_dispatch_src+0xfc
#14 0xc0440724 at ether_input+0xf0
#15 0xe16b2070 at $a+0xbc
#16 0xc036d744 at taskqueue_run_locked+0x1b4
#17 0xc036e6d0 at taskqueue_thread_loop+0x108
Fatal kernel mode data abort: 'Alignment Fault' on read
trapframe: 0xe02d45e0
FSR=00000001, FAR=e2f50694, spsr=60000013
r0 =e2f50694, r1 =c09afcfc, r2 =00000001, r3 =00000000
r4 =e37dc000, r5 =db9e7600, r6 =db8daa00, r7 =e37e0f80
r8 =c097d8d8, r9 =e37dc0c0, r10=c09a5524, r11=e02d46c0
r12=e1f9ab74, ssp=e02d4670, slr=e1f2d968, pc =e1f2db5c

panic: Fatal abort
cpuid = 3
time = 1747099766
KDB: stack backtrace:
db_trace_self() at db_trace_self
         pc = 0xc0619d80  lr = 0xc007589c (db_trace_self_wrapper+0x30)
         sp = 0xe02d43b8  fp = 0xe02d44d0
db_trace_self_wrapper() at db_trace_self_wrapper+0x30
         pc = 0xc007589c  lr = 0xc03017c0 (vpanic+0x140)
         sp = 0xe02d44d8  fp = 0xe02d44f8
         r4 = 0x00000100  r5 = 0x00000000
         r6 = 0xc07111ee  r7 = 0xc0b66204
vpanic() at vpanic+0x140
         pc = 0xc03017c0  lr = 0xc0301680 (vpanic)
         sp = 0xe02d4500  fp = 0xe02d4504
         r4 = 0xe02d45e0  r5 = 0x00000013
         r6 = 0xe2f50694  r7 = 0x00000001
         r8 = 0x00000001  r9 = 0x00000013
        r10 = 0xe2f50694
vpanic() at vpanic
         pc = 0xc0301680  lr = 0xc063e450 (abort_align)
         sp = 0xe02d450c  fp = 0xe02d4538
         r4 = 0x00000001  r5 = 0x00000001
         r6 = 0x00000013  r7 = 0xe2f50694
         r8 = 0xe02d4504  r9 = 0xc0301680
        r10 = 0xe02d450c
abort_align() at abort_align
         pc = 0xc063e450  lr = 0xc063df98 (abort_handler+0x300)
         sp = 0xe02d4540  fp = 0xe02d45d8
         r4 = 0xe063d000 r10 = 0xe2f50694
abort_handler() at abort_handler+0x300
         pc = 0xc063df98  lr = 0xc061c5fc (exception_exit)
         sp = 0xe02d45e0  fp = 0xe02d46c0
         r4 = 0xe37dc000  r5 = 0xdb9e7600
         r6 = 0xdb8daa00  r7 = 0xe37e0f80
         r8 = 0xc097d8d8  r9 = 0xe37dc0c0
        r10 = 0xc09a5524
exception_exit() at exception_exit
         pc = 0xc061c5fc  lr = 0xe1f2d968 (pf_state_insert+0x28)
         sp = 0xe02d4670  fp = 0xe02d46c0
         r0 = 0xe2f50694  r1 = 0xc09afcfc
         r2 = 0x00000001  r3 = 0x00000000
         r4 = 0xe37dc000  r5 = 0xdb9e7600
         r6 = 0xdb8daa00  r7 = 0xe37e0f80
         r8 = 0xc097d8d8  r9 = 0xe37dc0c0
        r10 = 0xc09a5524 r12 = 0xe1f9ab74
pf_state_insert() at pf_state_insert+0x21c
         pc = 0xe1f2db5c  lr = 0xe1f3f224 ($a+0x2a8)
         sp = 0xe02d46c8  fp = 0xe02d4948
         r4 = 0x00000000  r5 = 0xe37dc000
         r6 = 0x00000000  r7 = 0xe37e0f80
         r8 = 0xc097d8d8  r9 = 0xe37dc0c0
        r10 = 0xe0f1b000
$a() at $a+0x2a8
         pc = 0xe1f3f224  lr = 0xe1f3bcf4 ($a+0xe8)
         sp = 0xe02d4950  fp = 0xe02d4b60
         r4 = 0xe02d4ae4  r5 = 0x00000008
         r6 = 0x00000000  r7 = 0xe02d4ae6
         r8 = 0xe02d4a76  r9 = 0x00000001
        r10 = 0x00000001
$a() at $a+0xe8
         pc = 0xe1f3bcf4  lr = 0xe1f585cc ($a+0x68)
         sp = 0xe02d4b68  fp = 0xe02d4b80
         r4 = 0xe02d4bec  r5 = 0x00000001
         r6 = 0xe02d4bec  r7 = 0xdb80ac60
         r8 = 0x00000000  r9 = 0xe07f0a00
        r10 = 0xe2f48800
$a() at $a+0x68
         pc = 0xe1f585cc  lr = 0xc044a8e4 (pfil_mbuf_in+0x60)
         sp = 0xe02d4b88  fp = 0xe02d4ba8
         r4 = 0xe1f58564  r5 = 0xe2f48800
pfil_mbuf_in() at pfil_mbuf_in+0x60
         pc = 0xc044a8e4  lr = 0xc04d6640 (ip6_input+0xaf8)
         sp = 0xe02d4bb0  fp = 0xe02d4c70
         r4 = 0xc097d8d8  r5 = 0xe07f0a50
         r6 = 0xe07f0a68  r7 = 0x16000000
         r8 = 0xc0bd62fc r10 = 0xe2f48800
ip6_input() at ip6_input+0xaf8
         pc = 0xc04d6640  lr = 0xc0449310 (netisr_dispatch_src+0xfc)
         sp = 0xe02d4c78  fp = 0xe02d4ca0
         r4 = 0x00000002  r5 = 0xc0bd5724
         r6 = 0xe07f2000  r7 = 0x00000000
         r8 = 0x5e4a6f28  r9 = 0xdb7b4b80
        r10 = 0x0000dd86
netisr_dispatch_src() at netisr_dispatch_src+0xfc
         pc = 0xc0449310  lr = 0xc04402a8 (ether_demux+0x1b0)
         sp = 0xe02d4ca8  fp = 0xe02d4cb8
         r4 = 0xe07f2000  r5 = 0x00000006
         r6 = 0xe07f20c2  r7 = 0x00000000
         r8 = 0x5e4a6f28  r9 = 0xdb7b4b80
ether_demux() at ether_demux+0x1b0
         pc = 0xc04402a8  lr = 0xc044193c (ether_nh_input+0x3dc)
         sp = 0xe02d4cc0  fp = 0xe02d4ce8
         r4 = 0xe2f48800  r5 = 0xe07f2000
ether_nh_input() at ether_nh_input+0x3dc
         pc = 0xc044193c  lr = 0xc0449310 (netisr_dispatch_src+0xfc)
         sp = 0xe02d4cf0  fp = 0xe02d4d18
         r4 = 0x00000007  r5 = 0xc0bd5704
         r6 = 0xe07f2000  r7 = 0x00000000
         r8 = 0x5e4a6f28  r9 = 0xdb7b4b80
        r10 = 0xe16a1373
netisr_dispatch_src() at netisr_dispatch_src+0xfc
         pc = 0xc0449310  lr = 0xc0440724 (ether_input+0xf0)
         sp = 0xe02d4d20  fp = 0xe02d4d58
         r4 = 0xe2f48800  r5 = 0x00000000
         r6 = 0x00000000  r7 = 0x00000000
         r8 = 0x5e4a6f28  r9 = 0xdb7b4b80
ether_input() at ether_input+0xf0
         pc = 0xc0440724  lr = 0xe16b2070 ($a+0xbc)
         sp = 0xe02d4d60  fp = 0xe02d4d88
         r4 = 0xe2f48800  r5 = 0xdbaa5000
         r6 = 0x00000000  r7 = 0x00000000
         r8 = 0xe07f2000  r9 = 0xdbaa5010
$a() at $a+0xbc
         pc = 0xe16b2070  lr = 0xc036d744 (taskqueue_run_locked+0x1b4)
         sp = 0xe02d4d90  fp = 0xe02d4de0
         r4 = 0xdb919100  r5 = 0xdb919150
         r6 = 0xdbaa502c  r7 = 0x00000001
         r8 = 0x00000001  r9 = 0xc07280b7
        r10 = 0x00000000
taskqueue_run_locked() at taskqueue_run_locked+0x1b4
         pc = 0xc036d744  lr = 0xc036e6d0 (taskqueue_thread_loop+0x108)
         sp = 0xe02d4de8  fp = 0xe02d4e18
         r4 = 0x00000000  r5 = 0xdb919100
         r6 = 0xdb919140  r7 = 0xc0789154
         r8 = 0xdb919150  r9 = 0x00000100
        r10 = 0xc0b55c60
taskqueue_thread_loop() at taskqueue_thread_loop+0x108
         pc = 0xc036e6d0  lr = 0xc02b7d50 (fork_exit+0xa0)
         sp = 0xe02d4e20  fp = 0xe02d4e38
         r4 = 0xe02d4e40  r5 = 0xe063d000
         r6 = 0xc036e5c8  r7 = 0xc0b558b8
         r8 = 0xe16c2f60  r9 = 0xc0b75ebc
fork_exit() at fork_exit+0xa0
         pc = 0xc02b7d50  lr = 0xc061c590 (swi_exit)
         sp = 0xe02d4e40  fp = 0x00000000
         r4 = 0xc036e5c8  r5 = 0xe16c2f60
         r6 = 0xc7122c00  r7 = 0xc74d41d0
         r8 = 0xc74d41c0 r10 = 0xc0b55c60
swi_exit() at swi_exit
         pc = 0xc061c590  lr = 0xc061c590 (swi_exit)
         sp = 0xe02d4e40  fp = 0x00000000
KDB: enter: panic
[ thread pid 0 tid 100228 ]
Stopped at      kdb_enter+0x54: ldrb    r15, [r15, r15, ror r15]!

-- 
You are receiving this mail because:
You are the assignee for the bug.