[Bug 272947] cxgbei: kernel panic in soreceive when hw.cxgbe.nofldtxq="-24"

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 04 Aug 2023 21:11:48 UTC 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272947

            Bug ID: 272947
           Summary: cxgbei: kernel panic in soreceive when
                    hw.cxgbe.nofldtxq="-24"
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: asomers@FreeBSD.org

I just hit this kernel panic four times in a row when attempting to use cxgbei
to serve zvol-backed CTL targets.  The key thing seems to be that
hw.cxgbe.{nofldtxq,nofldrxq}="-24".  The panic did not happen when the value
was "-8" or the default.  After starting ctld, the panic happens within a
second or two of connecting the clients.

< in /boot/loader.conf >
hw.cxgbe.nofldtxq="-24"
hw.cxgbe.nofldrxq="-24"
t4_tom_load="YES"
cxgbei_load="YES"

< in /etc/ctl.conf >
portal-group pg0 {
    discovery-auth-group ag0
    discovery-filter portal-name-auth
    listen 172.30.10.58
    offload cxgbei
}
<Repeats for pg1-pg3>
target iqn.2018-10.net.MYDOMAIN.MYHOST:zd0 {
        auth-group no-authentication
        portal-group pg0
        portal-group pg1
        portal-group pg2
        portal-group pg3
        lun 0 {
                path /dev/zvol/MYPOOL/MYDATASET
                blocksize 4096
                option pblocksize 32768
        }
}
<Repeats for 63 more targets>

$ sudo ifconfig cc0 toe
$ sudo ifconfig cc1 toe
$ sudo ifconfig cc2 toe
$ sudo ifconfig cc3 toe
$ sudo zfs load-key -a
$ sudo service ctld onestart
< Connect clients, if they weren't already connected from before reboot >
<panics>

Fatal trap 12: page fault while in kernel mode
cpuid = 13; apic id = 42 
fault virtual address   = 0x0
fault code              = supervisor read instruction, page not present
instruction pointer     = 0x20:0x0
stack pointer           = 0x28:0xfffffe06058c2d38
frame pointer           = 0x28:0xfffffe06058c2d50
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 2255 (ctld)
rdi: fffff8018e70e000 rsi: 0000000000000000 rdx: fffffe06058c2da0
rcx: 0000000000000000  r8: 0000000000000000  r9: 0000000000000000
rax: ffffffff81d5c148 rbx: fffffe04dedf2ac0 rbp: fffffe06058c2d50
r10: d55588aa548cb865 r11: fffffe04dedf2fe0 r12: 0000000000000000
r13: 0000000000000000 r14: 0000000000000000 r15: fffffe04dedf2ac0
trap number             = 12
panic: page fault
cpuid = 13
time = 1691182043
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe06058c2af0
vpanic() at vpanic+0x148/frame 0xfffffe06058c2b40
panic() at panic+0x43/frame 0xfffffe06058c2ba0
trap_fatal() at trap_fatal+0x40b/frame 0xfffffe06058c2c00
trap_pfault() at trap_pfault+0x4f/frame 0xfffffe06058c2c60
calltrap() at calltrap+0x8/frame 0xfffffe06058c2c60
--- trap 0xc, rip = 0, rsp = 0xfffffe06058c2d38, rbp = 0xfffffe06058c2d50 ---
??() at 0/frame 0xfffffe06058c2d50
dofileread() at dofileread+0x83/frame 0xfffffe06058c2d90
sys_read() at sys_read+0xbc/frame 0xfffffe06058c2e00
amd64_syscall() at amd64_syscall+0x770/frame 0xfffffe06058c2f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe06058c2f30
--- syscall (3, FreeBSD ELF64, read), rip = 0x36bdda97469a, rsp =
0x36bdd3d2c558, rbp = 0x36bdd3d2c580 ---
KDB: enter: panic

__curthread ()
    at
/usr/home/asomers/src/github/Axcient/freebsd-src/sys/amd64/include/pcpu_aux.h:59
59              __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct
pcpu,
(kgdb) #0  __curthread ()
    at
/usr/home/asomers/src/github/Axcient/freebsd-src/sys/amd64/include/pcpu_aux.h:59
#1  doadump (textdump=textdump@entry=0)
    at
/usr/home/asomers/src/github/Axcient/freebsd-src/sys/kern/kern_shutdown.c:407
#2  0xffffffff804a2c8a in db_dump (dummy=<optimized out>,
    dummy2=<unavailable>, dummy3=<unavailable>, dummy4=<unavailable>)
    at
/usr/home/asomers/src/github/Axcient/freebsd-src/sys/ddb/db_command.c:593
#3  0xffffffff804a2a90 in db_command (last_cmdp=<optimized out>,
    cmd_table=<optimized out>, dopager=false)
    at
/usr/home/asomers/src/github/Axcient/freebsd-src/sys/ddb/db_command.c:506
#4  0xffffffff804a2bd6 in db_command_script (
    command=command@entry=0xffffffff817986d0 <db_recursion_data> "dump")
    at
/usr/home/asomers/src/github/Axcient/freebsd-src/sys/ddb/db_command.c:571
#5  0xffffffff804a8198 in db_script_exec (
    scriptname=scriptname@entry=0xfffffe06058c27d0 "kdb.enter.panic",
    warnifnotfound=warnifnotfound@entry=0)
    at /usr/home/asomers/src/github/Axcient/freebsd-src/sys/ddb/db_script.c:304
#6  0xffffffff804a7fb2 in db_script_kdbenter (eventname=<optimized out>)
    at /usr/home/asomers/src/github/Axcient/freebsd-src/sys/ddb/db_script.c:326
#7  0xffffffff804a6051 in db_trap (type=<optimized out>, code=<optimized out>)
    at /usr/home/asomers/src/github/Axcient/freebsd-src/sys/ddb/db_main.c:269
#8  0xffffffff80ba4956 in kdb_trap (type=type@entry=3, code=<unavailable>,
    code@entry=0, tf=tf@entry=0xfffffe06058c2a30)
    at /usr/home/asomers/src/github/Axcient/freebsd-src/sys/kern/subr_kdb.c:792
#9  0xffffffff81028851 in trap (frame=0xfffffe06058c2a30)
    at
/usr/home/asomers/src/github/Axcient/freebsd-src/sys/amd64/amd64/trap.c:610
#10 <signal handler called>
#11 kdb_enter (why=<optimized out>, msg=<optimized out>)
    at /usr/home/asomers/src/github/Axcient/freebsd-src/sys/kern/subr_kdb.c:558
#12 0xffffffff80b54dc9 in vpanic (fmt=<optimized out>,
    ap=ap@entry=0xfffffe06058c2b80)
    at
/usr/home/asomers/src/github/Axcient/freebsd-src/sys/kern/kern_shutdown.c:960
#13 0xffffffff80b54c43 in panic (
    fmt=0xffffffff816b7740 <gdb_consdev> "\020\2722\201\377\377\377\377\001")
    at
/usr/home/asomers/src/github/Axcient/freebsd-src/sys/kern/kern_shutdown.c:896
#14 0xffffffff81028d0b in trap_fatal (frame=0xfffffe06058c2c70, eva=0)
    at
/usr/home/asomers/src/github/Axcient/freebsd-src/sys/amd64/amd64/trap.c:954
#15 0xffffffff81028d5f in trap_pfault (frame=0xfffffe06058c2c70,
    usermode=false, signo=<optimized out>, ucode=<optimized out>)
    at
/usr/home/asomers/src/github/Axcient/freebsd-src/sys/amd64/amd64/trap.c:762
#16 <signal handler called>
#17 0x0000000000000000 in ?? ()
#18 0xffffffff80c00cbf in soreceive (so=0xfffff8018e70e000, psa=0x0,
    uio=0xfffffe06058c2da0, mp0=0x0, controlp=0x0, flagsp=0x0)
    at
/usr/home/asomers/src/github/Axcient/freebsd-src/sys/kern/uipc_socket.c:2910
#19 0xffffffff80bc65f3 in fo_read (uio=0xfffffe06058c2da0,
    active_cred=0xfffffe06058c2da0, td=0xfffffe04dedf2ac0,
    fp=<optimized out>, flags=<optimized out>)
    at /usr/home/asomers/src/github/Axcient/freebsd-src/sys/sys/file.h:343
#20 dofileread (td=td@entry=0xfffffe04dedf2ac0, fd=fd@entry=11,
    fp=<optimized out>, auio=auio@entry=0xfffffe06058c2da0,
    offset=offset@entry=-1, flags=flags@entry=0)
    at
/usr/home/asomers/src/github/Axcient/freebsd-src/sys/kern/sys_generic.c:369
#21 0xffffffff80bc614c in kern_readv (td=0xfffffe04dedf2ac0, fd=11,
    auio=0xfffffe06058c2da0)
    at
/usr/home/asomers/src/github/Axcient/freebsd-src/sys/kern/sys_generic.c:290
#22 sys_read (td=0xfffffe04dedf2ac0, uap=<optimized out>)
    at
/usr/home/asomers/src/github/Axcient/freebsd-src/sys/kern/sys_generic.c:206
#23 0xffffffff81029c50 in syscallenter (td=0xfffffe04dedf2ac0)
    at
/usr/home/asomers/src/github/Axcient/freebsd-src/sys/amd64/amd64/../../kern/subr_syscall.c:162
#24 amd64_syscall (td=0xfffffe04dedf2ac0, traced=0)
    at
/usr/home/asomers/src/github/Axcient/freebsd-src/sys/amd64/amd64/trap.c:1199
#25 <signal handler called>
#26 0x000036bdda97469a in ?? ()

-- 
You are receiving this mail because:
You are the assignee for the bug.