On Mon, Nov 15, 2021 at 02:51:16PM +0100, Hrvoje Popovski wrote: And you don'n see "--------> tdb_free() killing ourself" in dmesg output?
> On 15.11.2021. 13:11, Vitaliy Makkoveev wrote: > > Hi, > > > > Could you try this diff? It should still panic, but I suspect to see > > "--------> tdb_free() killing ourself" string. > > panic with your diff > > r620-1# panic: kernel diagnostic assertion "refcnt != ~0" failed: file > "/sys/kern/kern_synch.c", line 824 > Stopped at db_enter+0x10: popq %rbp > TID PID UID PRFLAGS PFLAGS CPU COMMAND > 229354 54144 68 0x10 0 2 sasyncd > *119032 22019 68 0x10 0 1 isakmpd > 491600 50358 0 0x14000 0x200 3 softnet > db_enter() at db_enter+0x10 > panic(ffffffff81e49a8f) at panic+0xbf > __assert(ffffffff81eb660d,ffffffff81e20855,338,ffffffff81e518ae) at > __assert+0x25 > refcnt_rele(ffff8000012e7470) at refcnt_rele+0x6f > tdb_unref(ffff8000012e7448) at tdb_unref+0x26 > pfkeyv2_send(fffffd83ae8761f0,ffff8000012d5900,50) at pfkeyv2_send+0x662 > pfkeyv2_output(fffffd80a555bc00,fffffd83ae8761f0,0,0) at pfkeyv2_output+0x8a > pfkeyv2_usrreq(fffffd83ae8761f0,9,fffffd80a555bc00,0,0,ffff800022cdc7f0) > at pfkeyv2_usrreq+0x1b0 > sosend(fffffd83ae8761f0,0,ffff800022cff160,0,0,0) at sosend+0x3a9 > dofilewritev(ffff800022cdc7f0,7,ffff800022cff160,0,ffff800022cff260) at > dofilewritev+0x14d > sys_writev(ffff800022cdc7f0,ffff800022cff200,ffff800022cff260) at > sys_writev+0xd2 > syscall(ffff800022cff2d0) at syscall+0x3a9 > Xsyscall() at Xsyscall+0x128 > end of kernel > end trace frame: 0x7f7ffffeb0d0, count: 2 > https://www.openbsd.org/ddb.html describes the minimum info required in > bug reports. Insufficient info makes it difficult to find and fix bugs. > ddb{1}> > > > ddb{1}> mach ddbcpu 0 > Stopped at x86_ipi_db+0x12: leave > x86_ipi_db(ffffffff82162ff0) at x86_ipi_db+0x12 > x86_ipi_handler() at x86_ipi_handler+0x80 > Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 > _kernel_lock() at _kernel_lock+0xa9 > softintr_dispatch(0) at softintr_dispatch+0x4a > Xsoftclock() at Xsoftclock+0x1f > acpicpu_idle() at acpicpu_idle+0x281 > sched_idle(ffffffff82162ff0) at sched_idle+0x27e > end trace frame: 0x0, count: 7 > ddb{0}> > > ddb{0}> mach ddbcpu 2 > Stopped at x86_ipi_db+0x12: leave > x86_ipi_db(ffff800022412ff0) at x86_ipi_db+0x12 > x86_ipi_handler() at x86_ipi_handler+0x80 > Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 > _kernel_lock() at _kernel_lock+0xb2 > syscall(ffff800022d83450) at syscall+0x29e > Xsyscall() at Xsyscall+0x128 > end of kernel > end trace frame: 0x7f7ffffc7320, count: 9 > > ddb{2}> mach ddbcpu 3 > Stopped at x86_ipi_db+0x12: leave > x86_ipi_db(ffff80002241bff0) at x86_ipi_db+0x12 > x86_ipi_handler() at x86_ipi_handler+0x80 > Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 > pf_find_state_byid(ffff800022c606f8) at pf_find_state_byid+0x41 > pfsync_in_upd_c(fffffd8003f5c2f0,54,10,2) at pfsync_in_upd_c+0xff > pfsync_input(ffff800022c60988,ffff800022c60994,f0,2) at pfsync_input+0x33e > ip_deliver(ffff800022c60988,ffff800022c60994,f0,2) at ip_deliver+0x103 > ip_ours(ffff800022c60988,ffff800022c60994,f00000e0,0) at ip_ours+0x31d > ip_input_if(ffff800022c60988,ffff800022c60994,4,0,ffff8000000a0048) at > ip_input_if+0x19d > ipv4_input(ffff8000000a0048,fffffd8002ea5c00) at ipv4_input+0x39 > ether_input(ffff8000000a0048,fffffd8002ea5c00) at ether_input+0x39f > if_input_process(ffff8000000a0048,ffff800022c60a78) at if_input_process+0x6f > ifiq_process(ffff80000009df00) at ifiq_process+0x69 > taskq_thread(ffff80000002f080) at taskq_thread+0x81 > end trace frame: 0x0, count: 1 > ddb{3}> > > ddb{3}> mach ddbcpu 4 > Stopped at x86_ipi_db+0x12: leave > x86_ipi_db(ffff800022424ff0) at x86_ipi_db+0x12 > x86_ipi_handler() at x86_ipi_handler+0x80 > Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 > acpicpu_idle() at acpicpu_idle+0x281 > sched_idle(ffff800022424ff0) at sched_idle+0x27e > end trace frame: 0x0, count: 10 > > ddb{4}> mach ddbcpu 5 > Stopped at x86_ipi_db+0x12: leave > x86_ipi_db(ffff80002242dff0) at x86_ipi_db+0x12 > x86_ipi_handler() at x86_ipi_handler+0x80 > Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 > acpicpu_idle() at acpicpu_idle+0x281 > sched_idle(ffff80002242dff0) at sched_idle+0x27e > end trace frame: 0x0, count: 10 > ddb{5}> > >
