altq kernel panic with recent HEAD

Matthew Dillon dillon at apollo.backplane.com
Wed Oct 11 10:01:43 PDT 2006


:Yes. I have smp enabled on my ht pentium (not for performance, more
:for smp testing).
:> 
:> i think the dump is needed to get some details.
:
:Available in ~kylebutt/crash on leaf
:
:Kyle

    There is still a mbuf in the IFQ and ifq_len is non-zero.  The
    altq_purge() call did not purge the IFQ.

    In this case altq_purge() calls cbq_request() which calls cbq_purge().
    Either cbq_purge() did not get called or it did not actually purge the
    whole queue.

    Here's a question for the PF masters.... when cbq_add_altq() is called
    is it possible for the IFQ to already have packets queued to it?
    Because if that is the case then those packets will never be placed
    under CBQ management and can cause this situation to occur. 

    I have included a patch that should theoretically panic if CBQ is
    associated with an IFQ that has packets in it already.  Try this
    and tell me if it panics here rather then later.

					-Matt
					Matthew Dillon 
					<dillon at xxxxxxxxxxxxx>

Index: altq/altq_cbq.c
===================================================================
RCS file: /cvs/src/sys/net/altq/altq_cbq.c,v
retrieving revision 1.4
diff -u -r1.4 altq_cbq.c
--- altq/altq_cbq.c	5 Sep 2006 00:55:47 -0000	1.4
+++ altq/altq_cbq.c	11 Oct 2006 16:53:28 -0000
@@ -231,6 +231,7 @@
 	callout_init(&cbqp->cbq_callout);
 	cbqp->cbq_qlen = 0;
 	cbqp->ifnp.ifq_ = &ifp->if_snd;	    /* keep the ifq */
+	KKASSERT(cbqp->ifnp.ifq_->ifq_len == 0);
 
 	/* keep the state in pf_altq */
 	a->altq_disc = cbqp;


			KGDB SESSION TRACE


(kgdb) print *ifq
$1 = {
  ifq_head = 0xd6c74b00, 	<<<<<<<<<< MBUF STILL IN QUEUE
  ifq_tail = 0xd6c74b00, 
  ifq_len = 1, 			<<<<<<<<<< COUNT OF 1 IS CORRECT
  ifq_maxlen = 255, 
  ifq_drops = 0, 
  altq_type = 1, 
  altq_flags = 1, 
  altq_disc = 0xcce421c0, 
  altq_ifp = 0xd500d9c0, 
  altq_enqueue = 0xc031a2da <cbq_enqueue>, 
  altq_dequeue = 0xc031a425 <cbq_dequeue>, 
  altq_request = 0xc0319c09 <cbq_request>, 
  altq_clfier = 0x0, 
  altq_classify = 0, 
  altq_tbr = 0x0
}
(kgdb) frame
#12 0xc0320389 in altq_enable (ifq=0xd500da84)
    at /usr/src/sys/net/altq/altq_subr.c:155
155             KKASSERT(ifq->ifq_len == 0);
(kgdb) 

int
altq_enable(struct ifaltq *ifq)
{
        if (!ifq_is_ready(ifq))
                return ENXIO;
        if (ifq_is_enabled(ifq))
                return 0;
 
        crit_enter();
        ifq_purge(ifq);
        KKASSERT(ifq->ifq_len == 0);	<<<<<<<<<<<<<<<<<,
        ifq->altq_flags |= ALTQF_ENABLED;
        if (ifq->altq_clfier != NULL)
                ifq->altq_flags |= ALTQF_CLASSIFY;
        crit_exit();
  
        return 0;
}

(kgdb) print *(cbq_state_t *)ifq->altq_disc
$3 = {
  cbq_qlen = 0, 			<<<<<<<<<<<< COUNT OF 0 IS INCORRECT,
						     OR THE CBQ NEVER SAW
						     THE PACKET IN THE IFQ
  cbq_class_tbl = {0x0, 0xc1894e60, 0xc1894f40, 0xc1895020, 0xc1895100, 
    0xc18951e0, 0xc18952c0, 0x0 <repeats 249 times>}, 
  ifnp = {
    queued_ = 0, 
    efficient_ = 0, 
    wrr_ = 1, 
    ns_per_byte_ = 31250, 
    maxqueued_ = 1, 
    maxpkt_ = 1500, 
    qi_ = 0, 
    qo_ = 0, 
    active_ = {0xc1894e60, 0xc1894f40, 0x0, 0x0, 0xc18951e0, 0x0, 0x0, 0x0}, 
    na_ = {0, 0, 0, 0, 0, 0, 0, 0}, 
    num_ = {1, 4, 0, 0, 1, 0, 0, 0}, 
    alloc_ = {32000, 38000, 0, 0, 2000, 0, 0, 0}, 
    M_ = {21, 6, 0, 0, 1, 0, 0, 0}, 
    ifq_ = 0xd500da84, 
    default_ = 0xc1894f40, 
    root_ = 0xc1894e60, 
    ctl_ = 0x0, 
    restart = 0xc031a4ec <cbqrestart>, 
    borrowed_ = {0x0}, 
    class_ = {0x0}, 
    curlen_ = {0}, 
    now_ = {{
        tv_sec = 0, 
        tv_usec = 0
      }}, 
    is_overlimit_ = {0}, 
    cutoff_ = 32, 
    ifnow_ = {
      tv_sec = 0, 
      tv_usec = 0
    }, 
    maxiftime_ = 187500, 
    pollcache_ = 0x0
  }, 
  cbq_callout = {
    c_links = {
      sle = {
        sle_next = 0x0
      }, 
      tqe = {
        tqe_next = 0x0, 
        tqe_prev = 0x0
      }
    }, 
    c_time = 0, 
    c_arg = 0x0, 
    c_func = 0, 
    c_flags = 16, 
    c_gd = 0x0
  }
}
(kgdb) 





More information about the Bugs mailing list