Date: Sat, 21 Aug 2021 18:20:03 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-arm@FreeBSD.org Subject: [Bug 257987] qemu arm panic with vtnet0 - Kernel page fault with the following non-sleepable locks held Message-ID: <bug-257987-7@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D257987 Bug ID: 257987 Summary: qemu arm panic with vtnet0 - Kernel page fault with the following non-sleepable locks held Product: Base System Version: CURRENT Hardware: arm OS: Any Status: New Severity: Affects Only Me Priority: --- Component: arm Assignee: freebsd-arm@FreeBSD.org Reporter: bcran@FreeBSD.org I started qemu-system-arm (v6.1.0-rc4 revision ecf2706e271fa705621f0d5ad9517fe15a22bf22) with FreeBSD 14.0-CURRENT with: CODE=3D/home/bcran/src/uefi/Build/ArmVirtQemu-ARM/RELEASE_GCC5/FV/QEMU_EFI.= fd VARS=3D/home/bcran/src/uefi/Build/ArmVirtQemu-ARM/RELEASE_GCC5/FV/QEMU_VARS= .fd FREEBSD=3DFreeBSD-14.0-CURRENT-arm-armv7-GENERICSD-20210819-eba8e643b19-248= 803.img qemu-system-arm -m 4G -cpu cortex-a15 -M virt -pflash $CODE -pflash $VARS -nographic -display none -drive file=3D$FREEBSD It panics with: Starting dhclient. DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 8 Kernel page fault with the following non-sleepable locks held: exclusive sleep mutex vtnet0-rx0 (vtnet0-rx0) r =3D 0 (0xdb01be00) locked @ /usr/src/sys/dev/virtio/network/if_vtnet.c:2184 stack backtrace: #0 0xc034c064 at witness_debugger+0x7c #1 0xc034d278 at witness_warn+0x430 #2 0xc05cefbc at abort_handler+0x1dc #3 0xc05af120 at exception_exit+0 #4 0xc046b388 at udp_input+0x284 #5 0xc04379a8 at ip_input+0x224 #6 0xc040a8a4 at netisr_dispatch_src+0x100 #7 0xc0402250 at ether_demux+0x1d0 #8 0xc0403aec at ether_nh_input+0x528 #9 0xc040a8a4 at netisr_dispatch_src+0x100 #10 0xc0402748 at ether_input+0x8c #11 0xc01c0de4 at vtnet_rx_vq_process+0x994 #12 0xc01b7310 at vtpci_intx_intr+0xac #13 0xc029a448 at ithread_loop+0x264 #14 0xc0296c5c at fork_exit+0xa0 #15 0xc05af0b0 at swi_exit+0 Fatal kernel mode data abort: 'Alignment Fault' on read trapframe: 0xd81d6a20 FSR=3D00000001, FAR=3Ddc85b01a, spsr=3D20000013 r0 =3D00000000, r1 =3D00000001, r2 =3D00000001, r3 =3Dd81d6b14 r4 =3D00000014, r5 =3Ddc85b01a, r6 =3D0000022c, r7 =3Ddc85b02e r8 =3D00000000, r9 =3Dc091ed6c, r10=3D0000022c, r11=3Dd81d6b58 r12=3D4300ffff, ssp=3Dd81d6ab0, slr=3Dc046b358, pc =3Dc046b388 panic: Fatal abort cpuid =3D 0 time =3D 1629370483 KDB: stack backtrace: db_trace_self() at db_trace_self pc =3D 0xc05ac788 lr =3D 0xc007aae8 (db_trace_self_wrapper+0x30) sp =3D 0xd81d67f8 fp =3D 0xd81d6910 db_trace_self_wrapper() at db_trace_self_wrapper+0x30 pc =3D 0xc007aae8 lr =3D 0xc02d95c4 (vpanic+0x17c) sp =3D 0xd81d6918 fp =3D 0xd81d6938 r4 =3D 0x00000100 r5 =3D 0x00000000 r6 =3D 0xc0755ef4 r7 =3D 0xc08de230 vpanic() at vpanic+0x17c pc =3D 0xc02d95c4 lr =3D 0xc02d9368 (doadump) sp =3D 0xd81d6940 fp =3D 0xd81d6944 r4 =3D 0xd81d6a20 r5 =3D 0x00000013 r6 =3D 0xdc85b01a r7 =3D 0x00000001 r8 =3D 0x00000001 r9 =3D 0xdafd37c0 r10 =3D 0xdc85b01a doadump() at doadump pc =3D 0xc02d9368 lr =3D 0xc05cf59c (abort_align) sp =3D 0xd81d694c fp =3D 0xd81d6978 r4 =3D 0xdc85b01a r5 =3D 0xd81d6944 r6 =3D 0xc02d9368 r10 =3D 0xd81d694c abort_align() at abort_align pc =3D 0xc05cf59c lr =3D 0xc05cf110 (abort_handler+0x330) sp =3D 0xd81d6980 fp =3D 0xd81d6a18 r4 =3D 0x00000013 r5 =3D 0xdc85b01a abort_handler() at abort_handler+0x330 pc =3D 0xc05cf110 lr =3D 0xc05af120 (exception_exit) sp =3D 0xd81d6a20 fp =3D 0xd81d6b58 r4 =3D 0x00000014 r5 =3D 0xdc85b01a r6 =3D 0x0000022c r7 =3D 0xdc85b02e r8 =3D 0x00000000 r9 =3D 0xc091ed6c r10 =3D 0x0000022c exception_exit() at exception_exit pc =3D 0xc05af120 lr =3D 0xc046b358 (udp_input+0x254) sp =3D 0xd81d6ab0 fp =3D 0xd81d6b58 r0 =3D 0x00000000 r1 =3D 0x00000001 r2 =3D 0x00000001 r3 =3D 0xd81d6b14 r4 =3D 0x00000014 r5 =3D 0xdc85b01a r6 =3D 0x0000022c r7 =3D 0xdc85b02e r8 =3D 0x00000000 r9 =3D 0xc091ed6c r10 =3D 0x0000022c r12 =3D 0x4300ffff udp_input() at udp_input+0x284 pc =3D 0xc046b388 lr =3D 0xc04379a8 (ip_input+0x224) sp =3D 0xd81d6b60 fp =3D 0xd81d6bc8 r4 =3D 0xdc85b01a r5 =3D 0xc8e91948 r6 =3D 0x00000001 r7 =3D 0x00000000 r8 =3D 0x00000000 r9 =3D 0x00000000 r10 =3D 0xc0916004 ip_input() at ip_input+0x224 pc =3D 0xc04379a8 lr =3D 0xc040a8a4 (netisr_dispatch_src+0x100) sp =3D 0xd81d6bd0 fp =3D 0xd81d6bf8 r4 =3D 0x00000001 r5 =3D 0xdc63fd00 r6 =3D 0x00000000 r7 =3D 0xc0b2b390 r8 =3D 0xc754cb00 r9 =3D 0x5e4a6f28 r10 =3D 0x00000008 netisr_dispatch_src() at netisr_dispatch_src+0x100 pc =3D 0xc040a8a4 lr =3D 0xc0402250 (ether_demux+0x1d0) sp =3D 0xd81d6c00 fp =3D 0xd81d6c18 r4 =3D 0xdb017c00 r5 =3D 0xdc63fd00 r6 =3D 0x00000800 r7 =3D 0xdb017c00 r8 =3D 0xc754cb00 r9 =3D 0x5e4a6f28 r10 =3D 0x00000008 ether_demux() at ether_demux+0x1d0 pc =3D 0xc0402250 lr =3D 0xc0403aec (ether_nh_input+0x528) sp =3D 0xd81d6c20 fp =3D 0xd81d6c88 r4 =3D 0xdb017c00 r5 =3D 0xdc85b00c r6 =3D 0xdc63fd00 r7 =3D 0x000000ff ether_nh_input() at ether_nh_input+0x528 pc =3D 0xc0403aec lr =3D 0xc040a8a4 (netisr_dispatch_src+0x100) sp =3D 0xd81d6c90 fp =3D 0xd81d6cb8 r4 =3D 0x00000001 r5 =3D 0xdc63fd00 r6 =3D 0x00000000 r7 =3D 0xc0b2b410 r8 =3D 0x5e4a6f28 r9 =3D 0x00000020 r10 =3D 0x00000000 netisr_dispatch_src() at netisr_dispatch_src+0x100 pc =3D 0xc040a8a4 lr =3D 0xc0402748 (ether_input+0x8c) sp =3D 0xd81d6cc0 fp =3D 0xd81d6cf8 r4 =3D 0xdb017c00 r5 =3D 0x00000000 r6 =3D 0xdc63fd00 r7 =3D 0x00000000 r8 =3D 0x5e4a6f28 r9 =3D 0x00000020 r10 =3D 0x00000000 ether_input() at ether_input+0x8c pc =3D 0xc0402748 lr =3D 0xc01c0de4 (vtnet_rx_vq_process+0x994) sp =3D 0xd81d6d00 fp =3D 0xd81d6d98 r4 =3D 0xdc63fd00 r5 =3D 0xdb017c00 r6 =3D 0xdb01be00 r7 =3D 0x00000000 r8 =3D 0xd81d6d70 r9 =3D 0x00000000 r10 =3D 0x00000000 vtnet_rx_vq_process() at vtnet_rx_vq_process+0x994 pc =3D 0xc01c0de4 lr =3D 0xc01b7310 (vtpci_intx_intr+0xac) sp =3D 0xd81d6da0 fp =3D 0xd81d6db0 r4 =3D 0xdafeec88 r5 =3D 0xc753be84 r6 =3D 0x00000000 r7 =3D 0xd94e3500 r8 =3D 0xc0753890 r9 =3D 0xd94e4d80 r10 =3D 0x00000000 vtpci_intx_intr() at vtpci_intx_intr+0xac pc =3D 0xc01b7310 lr =3D 0xc029a448 (ithread_loop+0x264) sp =3D 0xd81d6db8 fp =3D 0xd81d6e20 r4 =3D 0xd94e4d80 r5 =3D 0x00000000 r6 =3D 0xd94e3544 r10 =3D 0x00000000 ithread_loop() at ithread_loop+0x264 pc =3D 0xc029a448 lr =3D 0xc0296c5c (fork_exit+0xa0) sp =3D 0xd81d6e28 fp =3D 0xd81d6e40 r4 =3D 0xdafd37c0 r5 =3D 0xd947f530 r6 =3D 0xc029a1e4 r7 =3D 0xd94e5f40 r8 =3D 0xd81d6e48 r9 =3D 0x00000000 r10 =3D 0x00000000 fork_exit() at fork_exit+0xa0 pc =3D 0xc0296c5c lr =3D 0xc05af0b0 (swi_exit) sp =3D 0xd81d6e48 fp =3D 0x00000000 r4 =3D 0xc029a1e4 r5 =3D 0xd94e5f40 r6 =3D 0x00000000 r7 =3D 0x00000000 r8 =3D 0x00000000 r10 =3D 0x00000000 swi_exit() at swi_exit pc =3D 0xc05af0b0 lr =3D 0xc05af0b0 (swi_exit) sp =3D 0xd81d6e48 fp =3D 0x00000000 KDB: enter: panic [ thread pid 11 tid 100026 ] Stopped at kdb_enter+0x58: ldrb r15, [r15, r15, ror r15]! --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-257987-7>