Date: Wed, 10 Oct 2018 12:32:30 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 231659] [em][igb][softcrypto] 12-ALPHA7 r338900 crashes with IPsec on network load Message-ID: <bug-231659-7501-22aSn4ptQ0@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-231659-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-231659-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D231659 --- Comment #34 from Lev A. Serebryakov <lev@FreeBSD.org> --- Ok, I have new data. Softcrypto or IPsec is only symptom, not cause. Cause is igb/em driver (different files, logically same place). I can reproduce driver KASSERT on kernel with INVARIANTS without any crypto= at all. Conditions are: low-power hardware, high load, receive data as fast as possible. On Celeron J3160 + igb(8) it requires to load system with IPSec with soft crypto to trigger bug. I was not able to trigger it without crypto or AESNI. On Atom D2500 + em(8) it requires either soft crypto (easy!) or multitude of plain connections without crypto. For example, 32 iperf3 streams for 2+ min= utes is enough. With IPsec it triggers with 1 stream for 5 seconds. So, I can reproduce this on Atom D2500 + em(8) with simple "iperf3 -c <serv= er> -R -t 3600 --nstreams 32 Without INVARIANTS, it is very hard to catch this bug without IPsec. I thin= k, it is because this memory corruption is hard to notice without additional traffic processing. I think, IPsec is only way to deiscover that memory is corrupted, not a way to corrupt memory. Here is stack trace with INVARIANTS and without any crypto. It is virutally= the same as with crypto. As usual, I can provide kernel file and full crash dump and can re-run tests with any patches and settings. I'm sure now, it is bug in Intel driver. Race condition, maybe? panic: Assertion (staterr & E1000_RXD_STAT_DD) !=3D 0 failed at /data/src/sys/dev/e1000/em_txrx.c:698 cpuid =3D 1 time =3D 1539169364 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe000043f= 900 vpanic() at vpanic+0x1a3/frame 0xfffffe000043f960 panic() at panic+0x43/frame 0xfffffe000043f9c0 em_isc_rxd_pkt_get() at em_isc_rxd_pkt_get+0x1d4/frame 0xfffffe000043fa10 iflib_rxeof() at iflib_rxeof+0x128/frame 0xfffffe000043fb00 _task_fn_rx() at _task_fn_rx+0x49/frame 0xfffffe000043fb30 gtaskqueue_run_locked() at gtaskqueue_run_locked+0xf9/frame 0xfffffe000043f= b80 gtaskqueue_thread_loop() at gtaskqueue_thread_loop+0x88/frame 0xfffffe000043fbb0 fork_exit() at fork_exit+0x84/frame 0xfffffe000043fbf0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe000043fbf0 --- trap 0, rip =3D 0, rsp =3D 0, rbp =3D 0 --- Uptime: 17m24s Dumping 477 out of 4060 MB:..4%..11%..21%..31%..41%..51%..61%..71%..81%..91% #0 doadump (textdump=3D1) at pcpu.h:230 230 pcpu.h: No such file or directory. in pcpu.h (kgdb) #0 doadump (textdump=3D1) at pcpu.h:230 #1 0xffffffff80565c60 in kern_reboot (howto=3D260) at /data/src/sys/kern/kern_shutdown.c:446 #2 0xffffffff805660b3 in vpanic (fmt=3D<value optimized out>, ap=3D<value optimized out>) at /data/src/sys/kern/kern_shutdown.c:872 #3 0xffffffff80565e13 in panic (fmt=3D<value optimized out>) at /data/src/sys/kern/kern_shutdown.c:799 #4 0xffffffff803f1d94 in em_isc_rxd_pkt_get (arg=3D<value optimized out>, ri=3D<value optimized out>) at /data/src/sys/dev/e1000/em_txrx.c:698 #5 0xffffffff80668b28 in iflib_rxeof (rxq=3D0xfffff80002295ac0, budget=3D<= value optimized out>) at /data/src/sys/net/iflib.c:2684 #6 0xffffffff80664f69 in _task_fn_rx (context=3D0xfffff80002295ac0) at /data/src/sys/net/iflib.c:3820 #7 0xffffffff805a6039 in gtaskqueue_run_locked (queue=3D0xfffff800021dc500= ) at /data/src/sys/kern/subr_gtaskqueue.c:332 #8 0xffffffff805a5df8 in gtaskqueue_thread_loop (arg=3D<value optimized ou= t>) at /data/src/sys/kern/subr_gtaskqueue.c:507 #9 0xffffffff8052f7e4 in fork_exit (callout=3D0xffffffff805a5d70 <gtaskqueue_thread_loop>, arg=3D0xfffffe00017f8020, frame=3D0xfffffe000043f= c00) at /data/src/sys/kern/kern_fork.c:1057 #10 0xffffffff8081ce2e in fork_trampoline () at /data/src/sys/amd64/amd64/exception.S:993 #11 0x0000000000000000 in ?? () Current language: auto; currently minimal (kgdb) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-231659-7501-22aSn4ptQ0>