Re: IPsec tdb ref counting

Mon, 15 Nov 2021 03:36:07 -0800 

On 14.11.2021. 22:50, Alexander Bluhm wrote:
> New diff with fix from mvs@.  Please continue testing with this one.

Hi,

i've applied this diff on sasyncd setup with two ipsec sessions and i'm
getting this panic. Box didn't panic instantly but after some time. I
will leave ddb console active...


r620-1# panic: kernel diagnostic assertion "refcnt != ~0" failed: file
"/sys/kern/kern_synch.c", line 824
Stopped at      db_enter+0x10:  popq    %rbp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
 382266  23173     68        0x10       0x80    3  sasyncd
 407096  64559     68        0x10       0x80    1  isakmpd
*287846  76389      0     0x14000 0x40000200    0K softclock
db_enter() at db_enter+0x10
panic(ffffffff81e52fc8) at panic+0xbf
__assert(ffffffff81ebf6f1,ffffffff81e23497,338,ffffffff81e54ff7) at
__assert+0x25
refcnt_rele(ffff800001488038) at refcnt_rele+0x6f
tdb_free(ffff800001488010) at tdb_free+0x116
tdb_timeout(ffff800001488010) at tdb_timeout+0x39
timeout_run(ffff800001488068) at timeout_run+0x93
softclock_thread(ffff8000fffff260) at softclock_thread+0x11d
end trace frame: 0x0, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in
bug reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{0}>


ddb{0}> show locks
exclusive rwlock netlock r = 0 (0xffffffff8219c1b8)
#0  witness_lock+0x333
#1  tdb_timeout+0x18
#2  timeout_run+0x93
#3  softclock_thread+0x11d
#4  proc_trampoline+0x1c
shared rwlock timeout r = 0 (0xffffffff82160700)
#0  witness_lock+0x333
#1  timeout_run+0x88
#2  softclock_thread+0x11d
#3  proc_trampoline+0x1c
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff8233cbd0)
#0  witness_lock+0x333
#1  __mp_acquire_count+0x38
#2  mi_switch+0x299
#3  sleep_finish+0x11c
#4  softclock_thread+0xd4
#5  proc_trampoline+0x1c



ddb{0}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 23173  382266  23482     68  7        0x90                sasyncd
 23482  270620      1      0  3        0x80  kqread        sasyncd
 64559  407096  82882     68  7        0x90                isakmpd
 82882  269197      1      0  3        0x80  netio         isakmpd
 37653  133205  65408      0  3    0x100083  ttyin         ksh
 65408  289926  97192   1000  3    0x10008b  sigsusp       ksh
 97192  251184   8671   1000  3        0x98  kqread        sshd
  8671   56983  39827      0  3        0x82  kqread        sshd
 46017  298252      1      0  3    0x100083  ttyin         ksh
  1861  295220      1      0  3    0x100098  kqread        cron
 16854  177115  71819     95  3    0x100092  kqread        smtpd
  1393  225046  71819    103  3    0x100092  kqread        smtpd
 64691  272570  71819     95  3    0x100092  kqread        smtpd
 83230  208366  71819     95  3    0x100092  kqread        smtpd
 97497  421023  71819     95  3    0x100092  kqread        smtpd
 88432  457526  71819     95  3    0x100092  kqread        smtpd
 71819  188076      1      0  3    0x100080  kqread        smtpd
 39827  214126      1      0  3        0x88  kqread        sshd
 29655  495924      1      0  3    0x100080  kqread        ntpd
 36076  376711  37441     83  3    0x100092  kqread        ntpd
 37441  106087      1     83  3    0x100092  kqread        ntpd
 68059  409459   2456     74  3    0x100092  bpf           pflogd
  2456  325385      1      0  3        0x80  netio         pflogd
 10369   56599  82476     73  3    0x100090  kqread        syslogd
 82476    4579      1      0  3    0x100082  netio         syslogd
 40946  324347      0      0  3     0x14200  bored         smr
 77501  384609      0      0  3     0x14200  pgzero        zerothread
 78741  290337      0      0  3     0x14200  aiodoned      aiodoned
 45215  268650      0      0  3     0x14200  syncer        update
 62355   93014      0      0  3     0x14200  cleaner       cleaner
 44276  256950      0      0  3     0x14200  reaper        reaper
 30498  450293      0      0  3     0x14200  pgdaemon      pagedaemon
 43809   11307      0      0  3     0x14200  usbtsk        usbtask
 58116   68425      0      0  3     0x14200  usbatsk       usbatsk
 25415  496397      0      0  3  0x40014200  acpi0         acpi0
  9902   65516      0      0  7  0x40014200                idle5
 23605  371050      0      0  7  0x40014200                idle4
 96607  441776      0      0  3  0x40014200                idle3
  5176  230617      0      0  7  0x40014200                idle2
 19030  267534      0      0  3  0x40014200                idle1
 32317  110469      0      0  3     0x14200  bored         sensors
 77670   69914      0      0  3     0x14200  bored         softnet
 76476  412718      0      0  3     0x14200  bored         systqmp
  2878  385617      0      0  3     0x14200  bored         systq
*76389  287846      0      0  7  0x40014200                softclock
 23236   11183      0      0  3  0x40014200                idle0
     1   95380      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper




ddb{0}> mach ddbcpu 1
Stopped at      x86_ipi_db+0x12:        leave
x86_ipi_db(ffff800022409ff0) at x86_ipi_db+0x12
x86_ipi_handler() at x86_ipi_handler+0x80
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff8233c9c8) at __mp_lock+0xa7
__mp_acquire_count(ffffffff8233c9c8,3) at __mp_acquire_count+0x38
mi_switch() at mi_switch+0x299
sleep_finish(ffff800022d8d310,1) at sleep_finish+0x11c
msleep(fffffd841c7ad0e0,fffffd841c7ad0e0,318,ffffffff81eb639b,76e) at
msleep+0x
cc
kqueue_sleep(fffffd841c7ad0e0,ffff800022d8d810) at kqueue_sleep+0xbe
kqueue_scan(ffff800022d8d5c0,8,ffff800022d8d4c0,ffff800022d8d810,ffff800022cec0
08,ffff800022d8d77c) at kqueue_scan+0xfc
dopselect(ffff800022cec008,17,d1c4a8b34b0,d1c4a8ac2e0,0,ffff800022d8d810,2fe4ad
0c81ebc82d,ffff800022cec008) at dopselect+0x388
sys_pselect(ffff800022cec008,ffff800022d8d880,ffff800022d8d8e0) at
sys_pselect+
0xdb
syscall(ffff800022d8d950) at syscall+0x3a9
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff4aa0, count: 1
ddb{1}>


ddb{1}> mach ddbcpu 2
Stopped at      x86_ipi_db+0x12:        leave
x86_ipi_db(ffff800022412ff0) at x86_ipi_db+0x12
x86_ipi_handler() at x86_ipi_handler+0x80
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
acpicpu_idle() at acpicpu_idle+0x281
sched_idle(ffff800022412ff0) at sched_idle+0x27e
end trace frame: 0x0, count: 10
ddb{2}>


ddb{2}> mach ddbcpu 3
Stopped at      x86_ipi_db+0x12:        leave
x86_ipi_db(ffff80002241bff0) at x86_ipi_db+0x12
x86_ipi_handler() at x86_ipi_handler+0x80
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff8233c9c8) at __mp_lock+0xa0
__mp_acquire_count(ffffffff8233c9c8,3) at __mp_acquire_count+0x38
mi_switch() at mi_switch+0x299
sleep_finish(ffff800022d33680,1) at sleep_finish+0x11c
msleep(fffffd841c7ad1b8,fffffd841c7ad1b8,318,ffffffff81eb639b,19e2) at
msleep+0
xcc
kqueue_sleep(fffffd841c7ad1b8,ffff800022d33b80) at kqueue_sleep+0xbe
kqueue_scan(ffff800022d33930,3,ffff800022d33830,ffff800022d33b80,ffff800022cecd
28,ffff800022d33aec) at kqueue_scan+0xfc
dopselect(ffff800022cecd28,6,7eba489b100,7eba489bc70,0,ffff800022d33b80,2fe4ad0
c81ebc82d,ffff800022cecd28) at dopselect+0x388
sys_pselect(ffff800022cecd28,ffff800022d33bf0,ffff800022d33c50) at
sys_pselect+
0xdb
syscall(ffff800022d33cc0) at syscall+0x3a9
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd4a10, count: 1
ddb{3}>


ddb{3}> mach ddbcpu 4
Stopped at      x86_ipi_db+0x12:        leave
x86_ipi_db(ffff800022424ff0) at x86_ipi_db+0x12
x86_ipi_handler() at x86_ipi_handler+0x80
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
acpicpu_idle() at acpicpu_idle+0x281
sched_idle(ffff800022424ff0) at sched_idle+0x27e
end trace frame: 0x0, count: 10


ddb{4}> mach ddbcpu 5
Stopped at      x86_ipi_db+0x12:        leave
x86_ipi_db(ffff80002242dff0) at x86_ipi_db+0x12
x86_ipi_handler() at x86_ipi_handler+0x80
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
acpicpu_idle() at acpicpu_idle+0x281
sched_idle(ffff80002242dff0) at sched_idle+0x27e
end trace frame: 0x0, count: 10
ddb{5}>

Reply via email to