On 15.11.2021. 13:11, Vitaliy Makkoveev wrote:
> Hi,
>
> Could you try this diff? It should still panic, but I suspect to see
> "--------> tdb_free() killing ourself" string.
panic with your diff
r620-1# panic: kernel diagnostic assertion "refcnt != ~0" failed: file
"/sys/kern/kern_synch.c", line 824
Stopped at db_enter+0x10: popq %rbp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
229354 54144 68 0x10 0 2 sasyncd
*119032 22019 68 0x10 0 1 isakmpd
491600 50358 0 0x14000 0x200 3 softnet
db_enter() at db_enter+0x10
panic(ffffffff81e49a8f) at panic+0xbf
__assert(ffffffff81eb660d,ffffffff81e20855,338,ffffffff81e518ae) at
__assert+0x25
refcnt_rele(ffff8000012e7470) at refcnt_rele+0x6f
tdb_unref(ffff8000012e7448) at tdb_unref+0x26
pfkeyv2_send(fffffd83ae8761f0,ffff8000012d5900,50) at pfkeyv2_send+0x662
pfkeyv2_output(fffffd80a555bc00,fffffd83ae8761f0,0,0) at pfkeyv2_output+0x8a
pfkeyv2_usrreq(fffffd83ae8761f0,9,fffffd80a555bc00,0,0,ffff800022cdc7f0)
at pfkeyv2_usrreq+0x1b0
sosend(fffffd83ae8761f0,0,ffff800022cff160,0,0,0) at sosend+0x3a9
dofilewritev(ffff800022cdc7f0,7,ffff800022cff160,0,ffff800022cff260) at
dofilewritev+0x14d
sys_writev(ffff800022cdc7f0,ffff800022cff200,ffff800022cff260) at
sys_writev+0xd2
syscall(ffff800022cff2d0) at syscall+0x3a9
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffeb0d0, count: 2
https://www.openbsd.org/ddb.html describes the minimum info required in
bug reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> mach ddbcpu 0
Stopped at x86_ipi_db+0x12: leave
x86_ipi_db(ffffffff82162ff0) at x86_ipi_db+0x12
x86_ipi_handler() at x86_ipi_handler+0x80
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
_kernel_lock() at _kernel_lock+0xa9
softintr_dispatch(0) at softintr_dispatch+0x4a
Xsoftclock() at Xsoftclock+0x1f
acpicpu_idle() at acpicpu_idle+0x281
sched_idle(ffffffff82162ff0) at sched_idle+0x27e
end trace frame: 0x0, count: 7
ddb{0}>
ddb{0}> mach ddbcpu 2
Stopped at x86_ipi_db+0x12: leave
x86_ipi_db(ffff800022412ff0) at x86_ipi_db+0x12
x86_ipi_handler() at x86_ipi_handler+0x80
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
_kernel_lock() at _kernel_lock+0xb2
syscall(ffff800022d83450) at syscall+0x29e
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffc7320, count: 9
ddb{2}> mach ddbcpu 3
Stopped at x86_ipi_db+0x12: leave
x86_ipi_db(ffff80002241bff0) at x86_ipi_db+0x12
x86_ipi_handler() at x86_ipi_handler+0x80
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
pf_find_state_byid(ffff800022c606f8) at pf_find_state_byid+0x41
pfsync_in_upd_c(fffffd8003f5c2f0,54,10,2) at pfsync_in_upd_c+0xff
pfsync_input(ffff800022c60988,ffff800022c60994,f0,2) at pfsync_input+0x33e
ip_deliver(ffff800022c60988,ffff800022c60994,f0,2) at ip_deliver+0x103
ip_ours(ffff800022c60988,ffff800022c60994,f00000e0,0) at ip_ours+0x31d
ip_input_if(ffff800022c60988,ffff800022c60994,4,0,ffff8000000a0048) at
ip_input_if+0x19d
ipv4_input(ffff8000000a0048,fffffd8002ea5c00) at ipv4_input+0x39
ether_input(ffff8000000a0048,fffffd8002ea5c00) at ether_input+0x39f
if_input_process(ffff8000000a0048,ffff800022c60a78) at if_input_process+0x6f
ifiq_process(ffff80000009df00) at ifiq_process+0x69
taskq_thread(ffff80000002f080) at taskq_thread+0x81
end trace frame: 0x0, count: 1
ddb{3}>
ddb{3}> mach ddbcpu 4
Stopped at x86_ipi_db+0x12: leave
x86_ipi_db(ffff800022424ff0) at x86_ipi_db+0x12
x86_ipi_handler() at x86_ipi_handler+0x80
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
acpicpu_idle() at acpicpu_idle+0x281
sched_idle(ffff800022424ff0) at sched_idle+0x27e
end trace frame: 0x0, count: 10
ddb{4}> mach ddbcpu 5
Stopped at x86_ipi_db+0x12: leave
x86_ipi_db(ffff80002242dff0) at x86_ipi_db+0x12
x86_ipi_handler() at x86_ipi_handler+0x80
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
acpicpu_idle() at acpicpu_idle+0x281
sched_idle(ffff80002242dff0) at sched_idle+0x27e
end trace frame: 0x0, count: 10
ddb{5}>
