[Bug 257987] qemu arm panic with vtnet0 - Kernel page fault with the following non-sleepable locks held
Date: Sat, 21 Aug 2021 18:20:03 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=257987
Bug ID: 257987
Summary: qemu arm panic with vtnet0 - Kernel page fault with
the following non-sleepable locks held
Product: Base System
Version: CURRENT
Hardware: arm
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: arm
Assignee: freebsd-arm@FreeBSD.org
Reporter: bcran@FreeBSD.org
I started qemu-system-arm (v6.1.0-rc4 revision
ecf2706e271fa705621f0d5ad9517fe15a22bf22) with FreeBSD 14.0-CURRENT with:
CODE=/home/bcran/src/uefi/Build/ArmVirtQemu-ARM/RELEASE_GCC5/FV/QEMU_EFI.fd
VARS=/home/bcran/src/uefi/Build/ArmVirtQemu-ARM/RELEASE_GCC5/FV/QEMU_VARS.fd
FREEBSD=FreeBSD-14.0-CURRENT-arm-armv7-GENERICSD-20210819-eba8e643b19-248803.img
qemu-system-arm -m 4G -cpu cortex-a15 -M virt -pflash $CODE -pflash $VARS
-nographic -display none -drive file=$FREEBSD
It panics with:
Starting dhclient.
DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 8
Kernel page fault with the following non-sleepable locks held:
exclusive sleep mutex vtnet0-rx0 (vtnet0-rx0) r = 0 (0xdb01be00) locked @
/usr/src/sys/dev/virtio/network/if_vtnet.c:2184
stack backtrace:
#0 0xc034c064 at witness_debugger+0x7c
#1 0xc034d278 at witness_warn+0x430
#2 0xc05cefbc at abort_handler+0x1dc
#3 0xc05af120 at exception_exit+0
#4 0xc046b388 at udp_input+0x284
#5 0xc04379a8 at ip_input+0x224
#6 0xc040a8a4 at netisr_dispatch_src+0x100
#7 0xc0402250 at ether_demux+0x1d0
#8 0xc0403aec at ether_nh_input+0x528
#9 0xc040a8a4 at netisr_dispatch_src+0x100
#10 0xc0402748 at ether_input+0x8c
#11 0xc01c0de4 at vtnet_rx_vq_process+0x994
#12 0xc01b7310 at vtpci_intx_intr+0xac
#13 0xc029a448 at ithread_loop+0x264
#14 0xc0296c5c at fork_exit+0xa0
#15 0xc05af0b0 at swi_exit+0
Fatal kernel mode data abort: 'Alignment Fault' on read
trapframe: 0xd81d6a20
FSR=00000001, FAR=dc85b01a, spsr=20000013
r0 =00000000, r1 =00000001, r2 =00000001, r3 =d81d6b14
r4 =00000014, r5 =dc85b01a, r6 =0000022c, r7 =dc85b02e
r8 =00000000, r9 =c091ed6c, r10=0000022c, r11=d81d6b58
r12=4300ffff, ssp=d81d6ab0, slr=c046b358, pc =c046b388
panic: Fatal abort
cpuid = 0
time = 1629370483
KDB: stack backtrace:
db_trace_self() at db_trace_self
pc = 0xc05ac788 lr = 0xc007aae8 (db_trace_self_wrapper+0x30)
sp = 0xd81d67f8 fp = 0xd81d6910
db_trace_self_wrapper() at db_trace_self_wrapper+0x30
pc = 0xc007aae8 lr = 0xc02d95c4 (vpanic+0x17c)
sp = 0xd81d6918 fp = 0xd81d6938
r4 = 0x00000100 r5 = 0x00000000
r6 = 0xc0755ef4 r7 = 0xc08de230
vpanic() at vpanic+0x17c
pc = 0xc02d95c4 lr = 0xc02d9368 (doadump)
sp = 0xd81d6940 fp = 0xd81d6944
r4 = 0xd81d6a20 r5 = 0x00000013
r6 = 0xdc85b01a r7 = 0x00000001
r8 = 0x00000001 r9 = 0xdafd37c0
r10 = 0xdc85b01a
doadump() at doadump
pc = 0xc02d9368 lr = 0xc05cf59c (abort_align)
sp = 0xd81d694c fp = 0xd81d6978
r4 = 0xdc85b01a r5 = 0xd81d6944
r6 = 0xc02d9368 r10 = 0xd81d694c
abort_align() at abort_align
pc = 0xc05cf59c lr = 0xc05cf110 (abort_handler+0x330)
sp = 0xd81d6980 fp = 0xd81d6a18
r4 = 0x00000013 r5 = 0xdc85b01a
abort_handler() at abort_handler+0x330
pc = 0xc05cf110 lr = 0xc05af120 (exception_exit)
sp = 0xd81d6a20 fp = 0xd81d6b58
r4 = 0x00000014 r5 = 0xdc85b01a
r6 = 0x0000022c r7 = 0xdc85b02e
r8 = 0x00000000 r9 = 0xc091ed6c
r10 = 0x0000022c
exception_exit() at exception_exit
pc = 0xc05af120 lr = 0xc046b358 (udp_input+0x254)
sp = 0xd81d6ab0 fp = 0xd81d6b58
r0 = 0x00000000 r1 = 0x00000001
r2 = 0x00000001 r3 = 0xd81d6b14
r4 = 0x00000014 r5 = 0xdc85b01a
r6 = 0x0000022c r7 = 0xdc85b02e
r8 = 0x00000000 r9 = 0xc091ed6c
r10 = 0x0000022c r12 = 0x4300ffff
udp_input() at udp_input+0x284
pc = 0xc046b388 lr = 0xc04379a8 (ip_input+0x224)
sp = 0xd81d6b60 fp = 0xd81d6bc8
r4 = 0xdc85b01a r5 = 0xc8e91948
r6 = 0x00000001 r7 = 0x00000000
r8 = 0x00000000 r9 = 0x00000000
r10 = 0xc0916004
ip_input() at ip_input+0x224
pc = 0xc04379a8 lr = 0xc040a8a4 (netisr_dispatch_src+0x100)
sp = 0xd81d6bd0 fp = 0xd81d6bf8
r4 = 0x00000001 r5 = 0xdc63fd00
r6 = 0x00000000 r7 = 0xc0b2b390
r8 = 0xc754cb00 r9 = 0x5e4a6f28
r10 = 0x00000008
netisr_dispatch_src() at netisr_dispatch_src+0x100
pc = 0xc040a8a4 lr = 0xc0402250 (ether_demux+0x1d0)
sp = 0xd81d6c00 fp = 0xd81d6c18
r4 = 0xdb017c00 r5 = 0xdc63fd00
r6 = 0x00000800 r7 = 0xdb017c00
r8 = 0xc754cb00 r9 = 0x5e4a6f28
r10 = 0x00000008
ether_demux() at ether_demux+0x1d0
pc = 0xc0402250 lr = 0xc0403aec (ether_nh_input+0x528)
sp = 0xd81d6c20 fp = 0xd81d6c88
r4 = 0xdb017c00 r5 = 0xdc85b00c
r6 = 0xdc63fd00 r7 = 0x000000ff
ether_nh_input() at ether_nh_input+0x528
pc = 0xc0403aec lr = 0xc040a8a4 (netisr_dispatch_src+0x100)
sp = 0xd81d6c90 fp = 0xd81d6cb8
r4 = 0x00000001 r5 = 0xdc63fd00
r6 = 0x00000000 r7 = 0xc0b2b410
r8 = 0x5e4a6f28 r9 = 0x00000020
r10 = 0x00000000
netisr_dispatch_src() at netisr_dispatch_src+0x100
pc = 0xc040a8a4 lr = 0xc0402748 (ether_input+0x8c)
sp = 0xd81d6cc0 fp = 0xd81d6cf8
r4 = 0xdb017c00 r5 = 0x00000000
r6 = 0xdc63fd00 r7 = 0x00000000
r8 = 0x5e4a6f28 r9 = 0x00000020
r10 = 0x00000000
ether_input() at ether_input+0x8c
pc = 0xc0402748 lr = 0xc01c0de4 (vtnet_rx_vq_process+0x994)
sp = 0xd81d6d00 fp = 0xd81d6d98
r4 = 0xdc63fd00 r5 = 0xdb017c00
r6 = 0xdb01be00 r7 = 0x00000000
r8 = 0xd81d6d70 r9 = 0x00000000
r10 = 0x00000000
vtnet_rx_vq_process() at vtnet_rx_vq_process+0x994
pc = 0xc01c0de4 lr = 0xc01b7310 (vtpci_intx_intr+0xac)
sp = 0xd81d6da0 fp = 0xd81d6db0
r4 = 0xdafeec88 r5 = 0xc753be84
r6 = 0x00000000 r7 = 0xd94e3500
r8 = 0xc0753890 r9 = 0xd94e4d80
r10 = 0x00000000
vtpci_intx_intr() at vtpci_intx_intr+0xac
pc = 0xc01b7310 lr = 0xc029a448 (ithread_loop+0x264)
sp = 0xd81d6db8 fp = 0xd81d6e20
r4 = 0xd94e4d80 r5 = 0x00000000
r6 = 0xd94e3544 r10 = 0x00000000
ithread_loop() at ithread_loop+0x264
pc = 0xc029a448 lr = 0xc0296c5c (fork_exit+0xa0)
sp = 0xd81d6e28 fp = 0xd81d6e40
r4 = 0xdafd37c0 r5 = 0xd947f530
r6 = 0xc029a1e4 r7 = 0xd94e5f40
r8 = 0xd81d6e48 r9 = 0x00000000
r10 = 0x00000000
fork_exit() at fork_exit+0xa0
pc = 0xc0296c5c lr = 0xc05af0b0 (swi_exit)
sp = 0xd81d6e48 fp = 0x00000000
r4 = 0xc029a1e4 r5 = 0xd94e5f40
r6 = 0x00000000 r7 = 0x00000000
r8 = 0x00000000 r10 = 0x00000000
swi_exit() at swi_exit
pc = 0xc05af0b0 lr = 0xc05af0b0 (swi_exit)
sp = 0xd81d6e48 fp = 0x00000000
KDB: enter: panic
[ thread pid 11 tid 100026 ]
Stopped at kdb_enter+0x58: ldrb r15, [r15, r15, ror r15]!
--
You are receiving this mail because:
You are the assignee for the bug.