Re: kernel diagnostic assertion "st->timeout == PFTM_UNLINKED" failed: file "

Thu, 30 Nov 2023 05:51:27 -0800 

On Thu, Nov 30, 2023 at 08:44:19AM +0100, Alexandr Nedvedicky wrote:
> Hello Johan,
> 
> On Wed, Nov 29, 2023 at 11:24:59PM -0500, Johan Huldtgren wrote:
> > 
> > so my machine paniced today, but the panic this time is completely 
> > different.
> > I don't know if it's related to this issue, the patch, or a completely new
> > issue, but I figured I'd start reporting it here. Unfortuntately when I 
> > tried
> > to swap CPU to collect traces from the other ones the machine froze and I 
> > was
> > forced to power cycle it. So I have the panic and initial trace but that's 
> > it. 
> > 
> > panic: ip_output no HDR
> > Stopped at      db_enter+0x14:  popq    %rbp
> >     TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
> >   74003  25022      0        0x10          0    2  afpd
> >  355827  29745    107   0x1100002  0x4000000    3  vmd
> >  451006  29745    107   0x1100002  0x4000000    4  vmd
> >  131508  78367    107   0x1100002  0x4000000    5  vmd
> >  112644  78367    107   0x1100002  0x4000000    1  vmd
> > *133058  91446      0     0x14000      0x200    0  softnet0
> > db_enter() at db_enter+0x14
> > panic(ffffffff820c20df) at panic+0xc3
> > ip_output(fffffd8076b76e00,0,fffffd9c9e59e708,0,0,fffffd9c9e59e690,e4a23bf8c0204936)
> >  at ip_output+0xa26
> > udp_output(fffffd9c9e59e690,fffffd8076b76e00,fffffd8079d14b00,0) at 
> > udp_output+0x3be
> > sosend(fffffd9c9e59f000,fffffd8079d14b00,0,fffffd8076b76e00,0,0) at 
> > sosend+0x37f
> > pflow_output_process(ffff8000011a0800) at pflow_output_process+0x67
> > taskq_thread(ffff800000035200) at taskq_thread+0x100
> > end trace frame: 0x0, count: 8
> > https://www.openbsd.org/ddb.html describes the minimum info required in bug
> > reports.  Insufficient info makes it difficult to find and fix bugs.
> > ddb{0}>
> > 
> > ddb{0}> show panic
> > *cpu0: ip_output no HDR
> > 
> > ddb{0}> trace
> > db_enter() at db_enter+0x14
> > panic(ffffffff820c20df) at panic+0xc3
> > ip_output(fffffd8076b76e00,0,fffffd9c9e59e708,0,0,fffffd9c9e59e690,e4a23bf8c0204936)
> >  at ip_output+0xa26
> > udp_output(fffffd9c9e59e690,fffffd8076b76e00,fffffd8079d14b00,0) at 
> > udp_output+0x3be
> > sosend(fffffd9c9e59f000,fffffd8079d14b00,0,fffffd8076b76e00,0,0) at 
> > sosend+0x37f
> > pflow_output_process(ffff8000011a0800) at pflow_output_process+0x67
> > taskq_thread(ffff800000035200) at taskq_thread+0x100
> > end trace frame: 0x0, count: -7
> > 
> 
>     This is a different issue to what we were seeing. The panic indicates
>     the ip_output() function deals with packet buffer which contains no
>     ip header. How it could happen that's the question...
> 

I found the reason of that panic. The `sc_mbuf{,6}' cumulative mbuf(9)
of pflow_softc structure has missing protection. So it was overwritten
concurrently with pflow_sendout_*(). I will fix this later.

Reply via email to