Date: Wed, 8 Jun 2005 16:16:56 +0200 From: Max Laier <max@love2party.net> To: Matthew Grooms <mgrooms@seton.org> Cc: pf@freebsd.org, glebius@freebsd.org, freebsd-stable@freebsd.org, Palle Girgensohn <girgen@pingpong.net>, Kris Kennaway <kris@obsecurity.org> Subject: Re: 5.4-RELEASE lockups on amd64 SMP Message-ID: <200506081617.05938.max@love2party.net> In-Reply-To: <42A62F52.10705@seton.org> References: <28FCC7CB4CF6EA43AF83BCA2096E97D013E555@AUSEX2VS1.seton.org> <FE7557D15F7C812D72BC16E3@palle.girgensohn.se> <42A62F52.10705@seton.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart1125684.lrgfy40mCT Content-Type: multipart/mixed; boundary="Boundary-01=_c3vpCai3WMMzsSJ" Content-Transfer-Encoding: 7bit Content-Disposition: inline --Boundary-01=_c3vpCai3WMMzsSJ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Matthew, can you try the attached diff. Available for 5 and CURRENT. I recall that= =20 this problem was seen before, strange that I didn't see the problem. Sound= s=20 familiar to you? Please try the patch and let me know if that helps. Than= ks=20 a lot. On Wednesday 08 June 2005 01:35, Matthew Grooms wrote: > Once again, here are the backtraces for the panic and lor ... > > Tracing id 110 tid 100089 td 0xffffff012f3f0c80 > kdb_enter() at kdb_enter+0x2f > panic() at panic+0x249 > uma_dbg_free() at uma_dbg_free+0x188 > uma_zfree_arg() at uma_zfree_arg+0x1b0 > pf_purge_expired_states() at pf_purge_expired_states+0x41 > pfsync_input at pfsync_input+xb35 > pf_input() at ip_input+0x10f > netisr_processqueue() at netisr_processqueue+0x17 > swi_net() at swi_net+0xa8 > ithread_loop() at ithread_loop+0xd9 > fork_exit() at fork_exit+0xc3 > fork_trampoline() at fork_trampoline+0xe > --- trap 0, rip =3D 0, rsp =3D 0xffffffffb44f9d00, rbp =3D 0 --- > db> continue > boot() called on cpu#0 > Uptime: 13h42m43s > Dumping 4864 MB > 16 32 ... > > lock order reversal =2E.. > alltraps_with_regs_pushed() at alltraps_with_regs_pushed+0x5 > pf_state_tree_lan_ext_RB_REMOVE() at pf_state_tree_lan_ext_RB_REMOVE+0x10c This LOR is a consequence of the fault, so it can be disregarded. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --Boundary-01=_c3vpCai3WMMzsSJ Content-Type: text/x-diff; charset="iso-8859-1"; name="if_pfsync.senddef6.diff" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="if_pfsync.senddef6.diff" Index: if_pfsync.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /usr/store/mlaier/fcvs/src/sys/contrib/pf/net/if_pfsync.c,v retrieving revision 1.15 diff -u -r1.15 if_pfsync.c =2D-- if_pfsync.c 3 May 2005 16:43:32 -0000 1.15 +++ if_pfsync.c 8 Jun 2005 14:04:44 -0000 @@ -132,6 +132,7 @@ =20 static void pfsync_clone_destroy(struct ifnet *); static int pfsync_clone_create(struct if_clone *, int); +static void pfsync_senddef(void *); #else void pfsyncattach(int); #endif @@ -174,6 +175,8 @@ callout_stop(&sc->sc_bulk_tmo); callout_stop(&sc->sc_bulkfail_tmo); =20 + callout_stop(&sc->sc_send_tmo); + #if NBPFILTER > 0 bpfdetach(ifp); #endif @@ -220,6 +223,7 @@ callout_init(&sc->sc_tmo, 0); callout_init(&sc->sc_bulk_tmo, 0); callout_init(&sc->sc_bulkfail_tmo, 0); + callout_init(&sc->sc_send_tmo, 0); if_attach(ifp); =20 LIST_INSERT_HEAD(&pfsync_list, sc, sc_next); @@ -1033,6 +1037,7 @@ if (pfsyncr.pfsyncr_maxupdates > 255) return (EINVAL); #ifdef __FreeBSD__ + callout_drain(&sc->sc_send_tmo); PF_LOCK(); #endif sc->sc_maxupdates =3D pfsyncr.pfsyncr_maxupdates; @@ -1789,15 +1794,14 @@ #endif =20 pfsyncstats.pfsyncs_opackets++; =2D #ifdef __FreeBSD__ =2D PF_UNLOCK(); =2D#endif + if (IF_HANDOFF(&sc->sc_ifq, m, NULL)) + pfsyncstats.pfsyncs_oerrors++; + else + callout_reset(&sc->sc_send_tmo, 1, pfsync_senddef, sc); +#else if (ip_output(m, NULL, NULL, IP_RAWOUTPUT, &sc->sc_imo, NULL)) pfsyncstats.pfsyncs_oerrors++; =2D =2D#ifdef __FreeBSD__ =2D PF_LOCK(); #endif } else m_freem(m); @@ -1807,6 +1811,22 @@ =20 =20 #ifdef __FreeBSD__ +static void +pfsync_senddef(void *arg) +{ + struct pfsync_softc *sc =3D (struct pfsync_softc *)arg; + struct mbuf *m; + + for(;;) { + IF_DEQUEUE(&sc->sc_ifq, m); + if (m =3D=3D NULL) + break; + if (ip_output(m, NULL, NULL, IP_RAWOUTPUT, &sc->sc_imo, NULL)) + pfsyncstats.pfsyncs_oerrors++; + } +} + + static int pfsync_modevent(module_t mod, int type, void *data) { Index: if_pfsync.h =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /usr/store/mlaier/fcvs/src/sys/contrib/pf/net/if_pfsync.h,v retrieving revision 1.5 diff -u -r1.5 if_pfsync.h =2D-- if_pfsync.h 3 May 2005 16:43:32 -0000 1.5 +++ if_pfsync.h 8 Jun 2005 14:06:03 -0000 @@ -164,6 +164,10 @@ struct in_addr sc_sendaddr; struct mbuf *sc_mbuf; /* current cumulative mbuf */ struct mbuf *sc_mbuf_net; /* current cumulative mbuf */ +#ifdef __FreeBSD__ + struct ifqueue sc_ifq; + struct callout sc_send_tmo; +#endif union sc_statep sc_statep; union sc_statep sc_statep_net; u_int32_t sc_ureq_received; --Boundary-01=_c3vpCai3WMMzsSJ Content-Type: text/x-diff; charset="iso-8859-1"; name="if_pfsync.senddef5.diff" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="if_pfsync.senddef5.diff" Index: if_pfsync.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /usr/store/mlaier/fcvs/src/sys/contrib/pf/net/if_pfsync.c,v retrieving revision 1.11.2.2 diff -u -r1.11.2.2 if_pfsync.c =2D-- if_pfsync.c 19 May 2005 10:59:22 -0000 1.11.2.2 +++ if_pfsync.c 8 Jun 2005 14:07:17 -0000 @@ -130,6 +130,7 @@ =20 static void pfsync_clone_destroy(struct ifnet *); static int pfsync_clone_create(struct if_clone *, int); +static void pfsync_senddef(void *); #else void pfsyncattach(int); #endif @@ -170,6 +171,8 @@ callout_stop(&sc->sc_bulk_tmo); callout_stop(&sc->sc_bulkfail_tmo); =20 + callout_stop(&sc->sc_send_tmo); + #if NBPFILTER > 0 bpfdetach(ifp); #endif @@ -216,6 +219,7 @@ callout_init(&sc->sc_tmo, 0); callout_init(&sc->sc_bulk_tmo, 0); callout_init(&sc->sc_bulkfail_tmo, 0); + callout_init(&sc->sc_send_tmo, 0); if_attach(&sc->sc_if); =20 LIST_INSERT_HEAD(&pfsync_list, sc, sc_next); @@ -913,6 +917,7 @@ if (pfsyncr.pfsyncr_maxupdates > 255) return (EINVAL); #ifdef __FreeBSD__ + callout_drain(&sc->sc_send_tmo); PF_LOCK(); #endif sc->sc_maxupdates =3D pfsyncr.pfsyncr_maxupdates; @@ -1634,15 +1639,14 @@ #endif =20 pfsyncstats.pfsyncs_opackets++; =2D #ifdef __FreeBSD__ =2D PF_UNLOCK(); =2D#endif + if (IF_HANDOFF(&sc->sc_ifq, m, NULL)) + pfsyncstats.pfsyncs_oerrors++; + else + callout_reset(&sc->sc_send_tmo, 1, pfsync_senddef, sc); +#else if (ip_output(m, NULL, NULL, IP_RAWOUTPUT, &sc->sc_imo, NULL)) pfsyncstats.pfsyncs_oerrors++; =2D =2D#ifdef __FreeBSD__ =2D PF_LOCK(); #endif } else m_freem(m); @@ -1652,6 +1656,22 @@ =20 =20 #ifdef __FreeBSD__ +static void +pfsync_senddef(void *arg) +{ + struct pfsync_softc *sc =3D (struct pfsync_softc *)arg; + struct mbuf *m; + + for(;;) { + IF_DEQUEUE(&sc->sc_ifq, m); + if (m =3D=3D NULL) + break; + if (ip_output(m, NULL, NULL, IP_RAWOUTPUT, &sc->sc_imo, NULL)) + pfsyncstats.pfsyncs_oerrors++; + } +} + + static int pfsync_modevent(module_t mod, int type, void *data) { Index: if_pfsync.h =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /usr/store/mlaier/fcvs/src/sys/contrib/pf/net/if_pfsync.h,v retrieving revision 1.4 diff -u -r1.4 if_pfsync.h =2D-- if_pfsync.h 16 Jun 2004 23:24:00 -0000 1.4 +++ if_pfsync.h 8 Jun 2005 14:07:48 -0000 @@ -158,8 +158,12 @@ struct timeout sc_bulkfail_tmo; #endif struct in_addr sc_sendaddr; =2D struct mbuf *sc_mbuf; /* current cummulative mbuf */ =2D struct mbuf *sc_mbuf_net; /* current cummulative mbuf */ + struct mbuf *sc_mbuf; /* current cumulative mbuf */ + struct mbuf *sc_mbuf_net; /* current cumulative mbuf */ +#ifdef __FreeBSD__ + struct ifqueue sc_ifq; + struct callout sc_send_tmo; +#endif union sc_statep sc_statep; union sc_statep sc_statep_net; u_int32_t sc_ureq_received; --Boundary-01=_c3vpCai3WMMzsSJ-- --nextPart1125684.lrgfy40mCT Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQBCpv3hXyyEoT62BG0RAjkbAJ9Q/uCUL4sZrVOaTgWe4qA2/3qEowCeIeji J/uis8u+MOLegOc8UWoaRb0= =SF3/ -----END PGP SIGNATURE----- --nextPart1125684.lrgfy40mCT--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200506081617.05938.max>