Bug 235489

Summary: llan driver causes fatal kernel trap: 0x300 (data storage interrupt) when system is low on memory
Product: Base System Reporter: Leandro Lupori <luporl>
Component: kernAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Some People    
Priority: ---    
Version: CURRENT   
Hardware: powerpc   
OS: Any   

Description Leandro Lupori freebsd_committer freebsd_triage 2019-02-04 12:51:49 UTC 
When running several builders in parallel, on QEMU, with 8GB of memory, a fatal kernel trap caused by llan driver is sometimes observed, when the system starts to run out of swap space.

fatal kernel trap:

   exception       = 0x300 (data storage interrupt)
   virtual address = 0x18
   dsisr           = 0x42000000
   srr0            = 0xc000000000ac9104 (0xac9104)
   srr1            = 0x8000000000009032
   current msr     = 0x8000000000009032
   lr              = 0xc000000000ac90ec (0xac90ec)
   curthread       = 0xc000000006deb000
          pid = 12, comm = irq16781321: llan0

panic: data storage interrupt trap
cpuid = 2
time = 1549288422
KDB: stack backtrace:
0xe0000000005a5ed0: at .kdb_backtrace+0x5c
0xe0000000005a6000: at .vpanic+0x1b4
0xe0000000005a60c0: at .panic+0x38
0xe0000000005a6150: at .trap_fatal+0x25c
0xe0000000005a61e0: at .trap+0xeec
0xe0000000005a6380: at .powerpc_interrupt+0x290
0xe0000000005a6420: kernel DSI write trap @ 0x18 by .llan_intr+0xf4: srr1=0x8000000000009032
            r1=0xe0000000005a66d0 cr=0x22000042 xer=0 ctr=0 r2=0xc000000001569528 sr=0x42000000
0xe0000000005a66d0: at .llan_intr+0xd8
0xe0000000005a6770: at .ithread_loop+0x25c
0xe0000000005a6850: at .fork_exit+0xd0
0xe0000000005a68f0: at .fork_trampoline+0x10
0xe0000000005a6920: at -0x4
KDB: enter: panic
[ thread pid 12 tid 100153 ]
Stopped at      .kdb_enter+0x60:        ld      r2, r1, 0x28
db>

It seems like there is some point in the driver that does not check properly if UMA allocation failed.
Comment 1 commit-hook freebsd_committer freebsd_triage 2019-02-05 18:16:59 UTC 
A commit references this bug:

Author: luporl
Date: Tue Feb  5 18:16:14 UTC 2019
New revision: 343791
URL: https://svnweb.freebsd.org/changeset/base/343791

Log:
  [ppc64] llan: fix fatal kernel trap when system is low on memory

  When running several builders in parallel, on QEMU, with 8GB of
  memory, a fatal kernel trap (0x300 (data storage interrupt))
  caused by llan driver is sometimes observed, when the system
  starts to run out of swap space.

  This happens because, at llan_intr(), a phyp call to add a
  logical LAN buffer is always made when llan_add_rxbuf() fails,
  even if it fails to allocate a new buffer.

  PR:	235489
  Reviewed by:	jhibbits
  Differential Revision:	https://reviews.freebsd.org/D19084

Changes:
  head/sys/powerpc/pseries/phyp_llan.c