nvme tcp receive errors
Sagi Grimberg
sagi at grimberg.me
Wed Apr 28 00:55:43 BST 2021
>>>>>>> This was observed on the recent 5.12-rc4, so it has all the latest tcp
>>>>>>> fixes. I'll check with reverting 0dc9edaf80ea and see if that makes a
>>>>>>> difference. It is currently reproducible, though it can take over an
>>>>>>> hour right now.
>>>>>>
>>>>>> After reverting 0dc9edaf80ea, we are observing a kernel panic (below).
>>>>>
>>>>> Ah, that's probably because WRITE_ZEROS are not set with RQF_SPECIAL..
>>>>> This patch is actually needed.
>>>>>
>>>>>
>>>>>> We'll try adding it back, plust adding your debug patch.
>>>>>
>>>>> Yes, that would give us more info about what is the state the
>>>>> request is in when getting these errors
>>>>
>>>> We have recreated with your debug patch:
>>>>
>>>> nvme nvme4: queue 6 no space in request 0x1 no space cmd_state 3
>>>>
>>>> State 3 corresponds to the "NVME_TCP_CMD_DATA_DONE".
>>>>
>>>> The summary from the test that I received:
>>>>
>>>> We have an Ethernet trace for this failure. I filtered the trace for the
>>>> connection that maps to "queue 6 of nvme4" and tracked the state of the IO
>>>> command with Command ID 0x1 ("Tag 0x1"). The sequence for this command per
>>>> the Ethernet trace is:
>>>>
>>>> 1. The target receives this Command in an Ethernet frame that has 9 Command
>>>> capsules and a partial H2CDATA PDU. The Command with ID 0x1 is a Read
>>>> operation for 16K IO size
>>>> 2. The target sends 11 frames of C2HDATA PDU's each with 1416 bytes and one
>>>> C2HDATA PDU with 832 bytes to complete the 16K transfer. LAS flag is set
>>>> in the last PDU.
>>>> 3. The target sends a Response for this Command.
>>>> 4. About 1.3 ms later, the Host logs this msg and closes the connection.
>>>>
>>>> Please let us know if you need any additional information.
>>>
>>> I'm not sure if this is just a different symptom of the same problem,
>>> but with the debug patch, we're occasionally hitting messages like:
>>>
>>> nvme nvme5: req 8 r2t len 16384 exceeded data len 16384 (8192 sent) cmd_state 2
>>
>> According to this message, this means the host got an r2t for 16384
>> bytes after it already sent 8192 (which can only happen if it previously
>> got an r2t soliciting 8192 bytes or more that accumulate to that). Can
>> you share for each r2t pdus in this sequence:
>> r2t_length
>> r2t_offset
>
> This one took a bit to go through. The traces all only have a single r2t
> pdu with 0 offset for the full length of the requested transfer. I had
> to add trace events to see what the heck the driver is thinking, and
> the result is even more confusing.
>
> The kernel message error:
>
> nvme5: req 5 op 1 r2t len 16384 exceeded data len 16384 (4096 sent)
>
> And all the new trace events for this request are:
>
> fio-25086 [011] .... 9630.542669: nvme_tcp_queue_rq: nvme5: qid=4 tag=5 op=1 data_len=16384
> fio-25093 [007] .... 9630.542854: nvme_tcp_cmd_pdu: nvme5: qid=4 tag=5 op=1 page_offset=3664 send_len=72
> <...>-22670 [003] .... 9630.544377: nvme_tcp_r2t: nvme5: qid=4 tag=5 op=1 r2t_len=16384 r2t_offset=0 data_sent=4096 data_len=16384
>
> The fact "data_sent" is non-zero on the very first r2t makes no sense to me.
Yep, not supposed to happen... Like the traces though! very useful and
absolutely worth having.
> I so far can not find any sequence where that could happen.
The only way that data_sent can increment is either by getting an r2t
solicitation or by sending incapsule data.
What is the ioccsz the controller is exposing?
in nvme_tcp_sned_cmd_pdu we have:
--
if (inline_data) {
req->state = NVME_TCP_SEND_DATA;
if (queue->data_digest)
crypto_ahash_init(queue->snd_hash);
} else {
nvme_tcp_done_send_req(queue);
}
--
Where inline_data flag is:
bool inline_data = nvme_tcp_has_inline_data(req);
which essentially boils down to:
req->data_len <= queue->cmnd_capsule_len - sizeof(struct nvme_command);
I wonder how does the nvme command sgl look like? is it an offset
sgl?
More information about the Linux-nvme
mailing list