Re: bnxt panic - HWRM_RING_ALLOC command returned RESOURCE_ALLOC_ERROR error.

Tue, 02 Jan 2024 16:50:26 -0800 

On Wed, Jan 03, 2024 at 12:26:26AM +0100, Hrvoje Popovski wrote:
> While testing kettenis@ ipl diff from tech@ and doing iperf3 to bnxt
> interface and ifconfig bnxt0 down/up at the same time I can trigger
> panic. Panic can be triggered without kettenis@ diff...

It is easy to reproduce.  ifconfig bnxt1 down/up a few times while
receiving TCP traffic with iperf3.  Machine still has kettenis@ diff.
My panic looks different.

root@ot42:.../~# ifconfig bnxt1 down
bnxt1: unexpected completion type 3
...
bnxt1: unexpected completion type 3
uvm_fault(0xffffffff8256c0b8, 0x30, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at      bnxt_rx_fill+0x5f:      movq    0x30(%rdx),%rdx
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
 452275   8801      0    0x100003  0x4000000    3  iperf3
 343849  34751      0     0x14000      0x200    2  softnet1
 154248  41240      0     0x14000      0x200    1  softnet0
bnxt_rx_fill(ffff8000002df888) at bnxt_rx_fill+0x5f
bnxt_intr(ffff8000002df888) at bnxt_intr+0x406
intr_handler(ffff80005c04c040,ffff8000000a7800) at intr_handler+0x72
Xintr_ioapic_edge1_untramp() at Xintr_ioapic_edge1_untramp+0x18f
acpicpu_idle() at acpicpu_idle+0x11f
sched_idle(ffff80005a61fff0) at sched_idle+0x282
end trace frame: 0x0, count: 9
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{7}> show panic
*cpu7: uvm_fault(0xffffffff8256c0b8, 0x30, 0, 1) -> e
ddb{7}> trace
bnxt_rx_fill(ffff8000002df888) at bnxt_rx_fill+0x5f
bnxt_intr(ffff8000002df888) at bnxt_intr+0x406
intr_handler(ffff80005c04c040,ffff8000000a7800) at intr_handler+0x72
Xintr_ioapic_edge1_untramp() at Xintr_ioapic_edge1_untramp+0x18f
acpicpu_idle() at acpicpu_idle+0x11f
sched_idle(ffff80005a61fff0) at sched_idle+0x282
end trace frame: 0x0, count: -6
ddb{7}> show register
rdi               0xffff8000002df958
rsi               0xffff8000002df918
rbp               0xffff80005c04bf20
rbx               0xffff8000002df024
rdx                                0
rcx                                0
rax                              0x4
r8                0xcccccccccccccc01
r9                               0x1
r10               0x7be05f26dfeb8079
r11               0x81c2c48b86f2e7bd
r12                              0x1
r13                              0x1
r14               0xffff8000002df888
r15               0xffff8000002df000
rip               0xffffffff81b6180f    bnxt_rx_fill+0x5f
cs                               0x8
rflags                       0x10202    __ALIGN_SIZE+0xf202
rsp               0xffff80005c04bee0
ss                              0x10
bnxt_rx_fill+0x5f:      movq    0x30(%rdx),%rdx

In my case, I would say rx->rx_ring_mem is NULL.
                slots = bnxt_rx_fill_slots(sc, &rx->rx_ring,
                    BNXT_DMA_KVA(rx->rx_ring_mem), rx->rx_slots,
                    &rx->rx_prod, MCLBYTES,
                    RX_PROD_PKT_BD_TYPE_RX_PROD_PKT, slots);

For Hrvoje's panic it looks like tx->tx_slots is NULL.
        bnxt_free_slots(sc, tx->tx_slots, tx->tx_ring.ring_size,
            tx->tx_ring.ring_size);

Reply via email to