[Bug 273081] aarch64 kyua run on main [so: 15]: sys/net/if_lagg_test:status_stress got "Fatal data abort" panic

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 12 Sep 2023 03:24:41 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273081

Mark Millard <marklmi26-fbsd@yahoo.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Version|14.0-STABLE                 |15.0-CURRENT
         Resolution|Overcome By Events          |---
             Status|Closed                      |New
            Summary|aarch64 kyua run on         |aarch64 kyua run on main
                   |14.0-ALPHA1:                |[so: 15]:
                   |sys/net/if_lagg_test:status |sys/net/if_lagg_test:status
                   |_stress got "Fatal data     |_stress got "Fatal data
                   |abort" panic                |abort" panic

--- Comment #2 from Mark Millard <marklmi26-fbsd@yahoo.com> ---
Trying the snapshot kernel of main [so: 15] did get the
panic . . .

# uname -apKU
FreeBSD CA78C-WDK23-ZFS 15.0-CURRENT FreeBSD 15.0-CURRENT aarch64 1500000 #0
main-n265205-03a7c36ddbc0: Thu Sep  7 03:05:31 UTC 2023    
root@releng3.nyi.freebsd.org:/usr/obj/usr/src/arm64.aarch64/sys/GENERIC arm64
aarch64 1500000 1500000

# /usr/bin/kyua test -k /usr/tests/Kyuafile sys/net/if_lagg_test:status_stress
sys/net/if_lagg_test:status_stress  ->  

got:

panic: vm_fault failed: 0xffff0000006813b4 error 1

GNU gdb (GDB) 13.1 [GDB v13.1 for FreeBSD]
. . .
Reading symbols from /boot/kernel/kernel...
Reading symbols from /usr/lib/debug//boot/kernel/kernel.debug...

Unread portion of the kernel message buffer:
<6>ue0: 3 link states coalesced
<6>ue0: link state changed to UP
<6>lagg0: link state changed to DOWN
<6>ue0: link state changed to DOWN
Fatal data abort:
 x0: 0xffff00015df8d800 (infiniband_input.printedonce + 0x11eff68)
 x1: 0x0000000000000001
 x2: 0xdeadc0dedeadc0de
 x3: 0xffff000000593e34 (ifdead_ioctl + 0x0)
 x4: 0xffffa0004fb6285e
 x5: 0xffffa0004fc00192
 x6: 0x000000006767616c
 x7: 0x6e6d760070617401
 x8: 0x00000000000001a4
 x9: 0xffffa0004fc00000
x10: 0x0000000000210005
x11: 0x000000007ffffffe
x12: 0x0000000000000008
x13: 0x0000000000000000
x14: 0x0000000000010000
x15: 0x0000000000000001
x16: 0x0000000000010000
x17: 0x0000000000000007
x18: 0xffff00015df8d500
<6>ue0: link state changed to UP
(infiniband_input.printedonce + 0x11efc68)
x19: 0xffff00015df8d800 (infiniband_input.printedonce + 0x11eff68)
x20: 0xffffa0004fb62800
x21: 0xffffa0004fb62858
x22: 0x000000000000000c
x23: 0x0000000000000005
x24: 0x0000000000000000
x25: 0xffff000000c58000 (sysctl___net_netlink_debug + 0x40)
x26: 0x0000000000000000
x27: 0xffff000000cd9000 (sdt_vfs_vop_vop_spare5_return + 0x10)
x28: 0xffff000000cd9000 (sdt_vfs_vop_vop_spare5_return + 0x10)
x29: 0xffff00015df8d520 (infiniband_input.printedonce + 0x11efc88)
 sp: 0xffff00015df8d500
 lr: 0xffff000000680cbc (dump_iface + 0x2c0)
elr: 0xffff0000006813b4 (dump_sa + 0x1c)
spsr: 0x0000000000400045
far: 0xdeadc0dedeadc0df
esr: 0x0000000096000004
panic: vm_fault failed: 0xffff0000006813b4 error 1
cpuid = 3
time = 1694485392
KDB: stack backtrace:
db_trace_self() at db_trace_self
db_trace_self_wrapper() at db_trace_self_wrapper+0x30
vpanic() at vpanic+0x19c
panic() at panic+0x44
data_abort() at data_abort+0x35c
handle_el1h_sync() at handle_el1h_sync+0x14
--- exception, esr 0x96000004
dump_sa() at dump_sa+0x1c
dump_iface() at dump_iface+0x2bc
dump_cb() at dump_cb+0x18
if_foreach_sleep() at if_foreach_sleep+0x254
rtnl_handle_getlink() at rtnl_handle_getlink+0xec
rtnl_handle_message() at rtnl_handle_message+0x19c
nl_taskqueue_handler() at nl_taskqueue_handler+0x5dc
taskqueue_run_locked() at taskqueue_run_locked+0x17c
taskqueue_thread_loop() at taskqueue_thread_loop+0xc8
fork_exit() at fork_exit+0x74
fork_trampoline() at fork_trampoline+0x14
KDB: enter: panic

get_curthread () at /usr/src/sys/arm64/include/pcpu.h:77
77              __asm __volatile("ldr   %0, [x18]" : "=&r"(td));
(kgdb) #0  get_curthread () at /usr/src/sys/arm64/include/pcpu.h:77
#1  doadump (textdump=0, textdump@entry=1576585744)
   at /usr/src/sys/kern/kern_shutdown.c:405
#2  0xffff0000000ec18c in db_dump (dummy=<optimized out>,     
dummy2=<optimized out>, dummy3=<optimized out>, dummy4=<optimized out>)
   at /usr/src/sys/ddb/db_command.c:591
#3  0xffff0000000ebf88 in db_command (last_cmdp=<optimized out>,     
cmd_table=<optimized out>, dopager=true)
   at /usr/src/sys/ddb/db_command.c:504
#4  0xffff0000000ebc80 in db_command_loop ()
   at /usr/src/sys/ddb/db_command.c:551
#5  0xffff0000000ef440 in db_trap (type=<optimized out>, code=<optimized out>)
   at /usr/src/sys/ddb/db_main.c:268
#6  0xffff0000004b4860 in kdb_trap (type=60, code=0, tf=<optimized out>)
   at /usr/src/sys/kern/subr_kdb.c:790
#7  <signal handler called>
#8  <signal handler called>
#9  <signal handler called>
#10 <signal handler called>
#11 <signal handler called>
#12 <signal handler called>
#13 <signal handler called>
#14 <signal handler called>
#15 <signal handler called>
#16 <signal handler called>
#17 <signal handler called>
#18 <signal handler called>
#19 <signal handler called>
#20 <signal handler called>
#21 <signal handler called>
#22 <signal handler called>
#23 <signal handler called>
Backtrace stopped: Cannot access memory at address 0x10
(kgdb) 

(Again, kgdb's stack frames #7 and larger are not particularly
useful.)

Possibly interesting are the slightly different values:

 x2: 0xdeadc0dedeadc0de
and:
far: 0xdeadc0dedeadc0df


Context note: trying 14.0-BETA1's snapshot on USB3 media again
did not get a panic, again.

-- 
You are receiving this mail because:
You are the assignee for the bug.