[Bug 257987] qemu arm panic with vtnet0 - Kernel page fault with the following non-sleepable locks held

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 21 Aug 2021 18:20:03 UTC 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=257987

            Bug ID: 257987
           Summary: qemu arm panic with vtnet0 - Kernel page fault with
                    the following non-sleepable locks held
           Product: Base System
           Version: CURRENT
          Hardware: arm
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: arm
          Assignee: freebsd-arm@FreeBSD.org
          Reporter: bcran@FreeBSD.org

I started qemu-system-arm (v6.1.0-rc4 revision
ecf2706e271fa705621f0d5ad9517fe15a22bf22) with FreeBSD 14.0-CURRENT with:

CODE=/home/bcran/src/uefi/Build/ArmVirtQemu-ARM/RELEASE_GCC5/FV/QEMU_EFI.fd
VARS=/home/bcran/src/uefi/Build/ArmVirtQemu-ARM/RELEASE_GCC5/FV/QEMU_VARS.fd
FREEBSD=FreeBSD-14.0-CURRENT-arm-armv7-GENERICSD-20210819-eba8e643b19-248803.img

qemu-system-arm -m 4G -cpu cortex-a15 -M virt -pflash $CODE -pflash $VARS
-nographic -display none -drive file=$FREEBSD

It panics with:

Starting dhclient.
DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 8
Kernel page fault with the following non-sleepable locks held:
exclusive sleep mutex vtnet0-rx0 (vtnet0-rx0) r = 0 (0xdb01be00) locked @
/usr/src/sys/dev/virtio/network/if_vtnet.c:2184
stack backtrace:
#0 0xc034c064 at witness_debugger+0x7c
#1 0xc034d278 at witness_warn+0x430
#2 0xc05cefbc at abort_handler+0x1dc
#3 0xc05af120 at exception_exit+0
#4 0xc046b388 at udp_input+0x284
#5 0xc04379a8 at ip_input+0x224
#6 0xc040a8a4 at netisr_dispatch_src+0x100
#7 0xc0402250 at ether_demux+0x1d0
#8 0xc0403aec at ether_nh_input+0x528
#9 0xc040a8a4 at netisr_dispatch_src+0x100
#10 0xc0402748 at ether_input+0x8c
#11 0xc01c0de4 at vtnet_rx_vq_process+0x994
#12 0xc01b7310 at vtpci_intx_intr+0xac
#13 0xc029a448 at ithread_loop+0x264
#14 0xc0296c5c at fork_exit+0xa0
#15 0xc05af0b0 at swi_exit+0
Fatal kernel mode data abort: 'Alignment Fault' on read
trapframe: 0xd81d6a20
FSR=00000001, FAR=dc85b01a, spsr=20000013
r0 =00000000, r1 =00000001, r2 =00000001, r3 =d81d6b14
r4 =00000014, r5 =dc85b01a, r6 =0000022c, r7 =dc85b02e
r8 =00000000, r9 =c091ed6c, r10=0000022c, r11=d81d6b58
r12=4300ffff, ssp=d81d6ab0, slr=c046b358, pc =c046b388

panic: Fatal abort
cpuid = 0
time = 1629370483
KDB: stack backtrace:
db_trace_self() at db_trace_self
         pc = 0xc05ac788  lr = 0xc007aae8 (db_trace_self_wrapper+0x30)
         sp = 0xd81d67f8  fp = 0xd81d6910
db_trace_self_wrapper() at db_trace_self_wrapper+0x30
         pc = 0xc007aae8  lr = 0xc02d95c4 (vpanic+0x17c)
         sp = 0xd81d6918  fp = 0xd81d6938
         r4 = 0x00000100  r5 = 0x00000000
         r6 = 0xc0755ef4  r7 = 0xc08de230
vpanic() at vpanic+0x17c
         pc = 0xc02d95c4  lr = 0xc02d9368 (doadump)
         sp = 0xd81d6940  fp = 0xd81d6944
         r4 = 0xd81d6a20  r5 = 0x00000013
         r6 = 0xdc85b01a  r7 = 0x00000001
         r8 = 0x00000001  r9 = 0xdafd37c0
        r10 = 0xdc85b01a
doadump() at doadump
         pc = 0xc02d9368  lr = 0xc05cf59c (abort_align)
         sp = 0xd81d694c  fp = 0xd81d6978
         r4 = 0xdc85b01a  r5 = 0xd81d6944
         r6 = 0xc02d9368 r10 = 0xd81d694c
abort_align() at abort_align
         pc = 0xc05cf59c  lr = 0xc05cf110 (abort_handler+0x330)
         sp = 0xd81d6980  fp = 0xd81d6a18
         r4 = 0x00000013  r5 = 0xdc85b01a
abort_handler() at abort_handler+0x330
         pc = 0xc05cf110  lr = 0xc05af120 (exception_exit)
         sp = 0xd81d6a20  fp = 0xd81d6b58
         r4 = 0x00000014  r5 = 0xdc85b01a
         r6 = 0x0000022c  r7 = 0xdc85b02e
         r8 = 0x00000000  r9 = 0xc091ed6c
        r10 = 0x0000022c
exception_exit() at exception_exit
         pc = 0xc05af120  lr = 0xc046b358 (udp_input+0x254)
         sp = 0xd81d6ab0  fp = 0xd81d6b58
         r0 = 0x00000000  r1 = 0x00000001
         r2 = 0x00000001  r3 = 0xd81d6b14
         r4 = 0x00000014  r5 = 0xdc85b01a
         r6 = 0x0000022c  r7 = 0xdc85b02e
         r8 = 0x00000000  r9 = 0xc091ed6c
        r10 = 0x0000022c r12 = 0x4300ffff
udp_input() at udp_input+0x284
         pc = 0xc046b388  lr = 0xc04379a8 (ip_input+0x224)
         sp = 0xd81d6b60  fp = 0xd81d6bc8
         r4 = 0xdc85b01a  r5 = 0xc8e91948
         r6 = 0x00000001  r7 = 0x00000000
         r8 = 0x00000000  r9 = 0x00000000
        r10 = 0xc0916004
ip_input() at ip_input+0x224
         pc = 0xc04379a8  lr = 0xc040a8a4 (netisr_dispatch_src+0x100)
         sp = 0xd81d6bd0  fp = 0xd81d6bf8
         r4 = 0x00000001  r5 = 0xdc63fd00
         r6 = 0x00000000  r7 = 0xc0b2b390
         r8 = 0xc754cb00  r9 = 0x5e4a6f28
        r10 = 0x00000008
netisr_dispatch_src() at netisr_dispatch_src+0x100
         pc = 0xc040a8a4  lr = 0xc0402250 (ether_demux+0x1d0)
         sp = 0xd81d6c00  fp = 0xd81d6c18
         r4 = 0xdb017c00  r5 = 0xdc63fd00
         r6 = 0x00000800  r7 = 0xdb017c00
         r8 = 0xc754cb00  r9 = 0x5e4a6f28
        r10 = 0x00000008
ether_demux() at ether_demux+0x1d0
         pc = 0xc0402250  lr = 0xc0403aec (ether_nh_input+0x528)
         sp = 0xd81d6c20  fp = 0xd81d6c88
         r4 = 0xdb017c00  r5 = 0xdc85b00c
         r6 = 0xdc63fd00  r7 = 0x000000ff
ether_nh_input() at ether_nh_input+0x528
         pc = 0xc0403aec  lr = 0xc040a8a4 (netisr_dispatch_src+0x100)
         sp = 0xd81d6c90  fp = 0xd81d6cb8
         r4 = 0x00000001  r5 = 0xdc63fd00
         r6 = 0x00000000  r7 = 0xc0b2b410
         r8 = 0x5e4a6f28  r9 = 0x00000020
        r10 = 0x00000000
netisr_dispatch_src() at netisr_dispatch_src+0x100
         pc = 0xc040a8a4  lr = 0xc0402748 (ether_input+0x8c)
         sp = 0xd81d6cc0  fp = 0xd81d6cf8
         r4 = 0xdb017c00  r5 = 0x00000000
         r6 = 0xdc63fd00  r7 = 0x00000000
         r8 = 0x5e4a6f28  r9 = 0x00000020
        r10 = 0x00000000
ether_input() at ether_input+0x8c
         pc = 0xc0402748  lr = 0xc01c0de4 (vtnet_rx_vq_process+0x994)
         sp = 0xd81d6d00  fp = 0xd81d6d98
         r4 = 0xdc63fd00  r5 = 0xdb017c00
         r6 = 0xdb01be00  r7 = 0x00000000
         r8 = 0xd81d6d70  r9 = 0x00000000
        r10 = 0x00000000
vtnet_rx_vq_process() at vtnet_rx_vq_process+0x994
         pc = 0xc01c0de4  lr = 0xc01b7310 (vtpci_intx_intr+0xac)
         sp = 0xd81d6da0  fp = 0xd81d6db0
         r4 = 0xdafeec88  r5 = 0xc753be84
         r6 = 0x00000000  r7 = 0xd94e3500
         r8 = 0xc0753890  r9 = 0xd94e4d80
        r10 = 0x00000000
vtpci_intx_intr() at vtpci_intx_intr+0xac
         pc = 0xc01b7310  lr = 0xc029a448 (ithread_loop+0x264)
         sp = 0xd81d6db8  fp = 0xd81d6e20
         r4 = 0xd94e4d80  r5 = 0x00000000
         r6 = 0xd94e3544 r10 = 0x00000000
ithread_loop() at ithread_loop+0x264
         pc = 0xc029a448  lr = 0xc0296c5c (fork_exit+0xa0)
         sp = 0xd81d6e28  fp = 0xd81d6e40
         r4 = 0xdafd37c0  r5 = 0xd947f530
         r6 = 0xc029a1e4  r7 = 0xd94e5f40
         r8 = 0xd81d6e48  r9 = 0x00000000
        r10 = 0x00000000
fork_exit() at fork_exit+0xa0
         pc = 0xc0296c5c  lr = 0xc05af0b0 (swi_exit)
         sp = 0xd81d6e48  fp = 0x00000000
         r4 = 0xc029a1e4  r5 = 0xd94e5f40
         r6 = 0x00000000  r7 = 0x00000000
         r8 = 0x00000000 r10 = 0x00000000
swi_exit() at swi_exit
         pc = 0xc05af0b0  lr = 0xc05af0b0 (swi_exit)
         sp = 0xd81d6e48  fp = 0x00000000
KDB: enter: panic
[ thread pid 11 tid 100026 ]
Stopped at      kdb_enter+0x58: ldrb    r15, [r15, r15, ror r15]!

-- 
You are receiving this mail because:
You are the assignee for the bug.