On 8.7.2021. 0:10, Vitaliy Makkoveev wrote:
> On Wed, Jul 07, 2021 at 11:07:08PM +0200, Hrvoje Popovski wrote:
>> On 7.7.2021. 22:36, Vitaliy Makkoveev wrote:
>>> Thanks. ipsp_spd_lookup() stopped panic in pool_get(9).
>>>
>>> I guess the panics continue because simultaneous modifications of
>>> 'tdbp->tdb_policy_head' break it. Could you try the diff below? It
>>> introduces `tdb_polhd_mtx' mutex(9) and uses it to protect
>>> 'tdbp->tdb_policy_head' modifications. I don't propose this diff for
>>> commit but to check my suggestion.
>>
>>
>> Hi,
>>
>> with this diff i'm getting this panic
>>
>> r620-1# panic: acquiring blockable sleep lock with spinlock or critical
>> section held (kernel_lock) &kernel_lock
>> Stopped at db_enter+0x10: popq %rbp
>> TID PID UID PRFLAGS PFLAGS CPU COMMAND
>> 375321 87823 0 0x14000 0x200 5 crynlk
>> 455594 99250 0 0x14000 0x200 0 crypto
>> 124997 16472 0 0x14000 0x200 1 softnet
>> 409214 30226 0 0x14000 0x200 3 softnet
>> 347403 66039 0 0x14000 0x200 4 softnet
>> *345146 25512 0 0x14000 0x200 2 softnet
>> db_enter() at db_enter+0x10
>> panic(ffffffff81e7ce76) at panic+0xbf
>> witness_checkorder(ffffffff82348dc0,9,0) at witness_checkorder+0xbce
>> __mp_lock(ffffffff82348bb8) at __mp_lock+0x5f
>> kpageflttrap(ffff800023864a30,147) at kpageflttrap+0x178
>> kerntrap(ffff800023864a30) at kerntrap+0x91
>> alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
>> ipsp_spd_lookup(fffffd80a05e9200,2,14,ffff800023864d0c,2,0) at
>> ipsp_spd_lookup+0x9fd
>> ip_output_ipsec_lookup(fffffd80a05e9200,14,ffff800023864d0c,0,0) at
>> ip_output_ipsec_lookup+0x4d
>> ip_output(fffffd80a05e9200,0,ffff800023864e98,1,0,0) at ip_output+0x42a
>> ip_forward(fffffd80a05e9200,ffff800000087048,fffffd83b39799a8,0) at
>> ip_forward+0x26a
>> ip_input_if(ffff800023864fd8,ffff800023864fe4,4,0,ffff800000087048) at
>> ip_input_if+0x365
>> ipv4_input(ffff800000087048,fffffd80a05e9200) at ipv4_input+0x39
>> if_input_process(ffff800000087048,ffff800023865058) at if_input_process+0x6f
>> end trace frame: 0xffff8000238650a0, count: 0
>> https://www.openbsd.org/ddb.html describes the minimum info required in
>> bug reports. Insufficient info makes it difficult to find and fix bugs.
>> ddb{2}>
>>
>> ddb{2}> show locks
>> shared rwlock netlock r = 0 (0xffffffff8219ce60)
>> #0 witness_lock+0x339
>> #1 if_input_process+0x43
>> #2 ifiq_process+0x69
>> #3 taskq_thread+0x9f
>> #4 proc_trampoline+0x1c
>> shared rwlock softnet r = 0 (0xffff800000030070)
>> #0 witness_lock+0x339
>> #1 taskq_thread+0x92
>> #2 proc_trampoline+0x1c
>> exclusive mutex /sys/netinet/ip_ipsp.c:95 r = 0 (0xffffffff82192398)
>> #0 witness_lock+0x339
>> #1 mtx_enter_try+0x95
>> #2 mtx_enter+0x48
>> #3 ipsp_spd_lookup+0x961
>> #4 ip_output_ipsec_lookup+0x4d
>> #5 ip_output+0x42a
>> #6 ip_forward+0x26a
>> #7 ip_input_if+0x365
>> #8 ipv4_input+0x39
>> #9 if_input_process+0x6f
>> #10 ifiq_process+0x69
>> #11 taskq_thread+0x9f
>> #12 proc_trampoline+0x1c
>>
>
> Thanks.
>
> Now panics only in ipsp_spd_lookup() and never in pfkeyv2_send() or in
> tdb_free() called from pfkeyv2_send(), right?
>
Yes,
i can only trigger this panic
r620-1# panic: acquiring blockable sleep lock with spinlock or critical
section held (kernel_lock) &kernel_lock
Stopped at db_enter+0x10: popq %rbp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
340098 10711 0 0x14000 0x200 3 crynlk
*173315 77636 0 0x14000 0x200 1 softnet
211687 60430 0 0x14000 0x200 2 softnet
db_enter() at db_enter+0x10
panic(ffffffff81e79af6) at panic+0xbf
witness_checkorder(ffffffff8237dbb8,9,0) at witness_checkorder+0xbce
__mp_lock(ffffffff8237d9b0) at __mp_lock+0x5f
kpageflttrap(ffff800023871010,147) at kpageflttrap+0x178
kerntrap(ffff800023871010) at kerntrap+0x91
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
ipsp_spd_lookup(fffffd80a1bde300,2,14,ffff8000238712ec,2,0) at
ipsp_spd_lookup+0x9fd
ip_output_ipsec_lookup(fffffd80a1bde300,14,ffff8000238712ec,0,0) at
ip_output_ipsec_lookup+0x4d
ip_output(fffffd80a1bde300,0,ffff800023871478,1,0,0) at ip_output+0x42a
ip_forward(fffffd80a1bde300,ffff800000087048,fffffd83b4060cb8,0) at
ip_forward+0x26a
ip_input_if(ffff8000238715b8,ffff8000238715c4,4,0,ffff800000087048) at
ip_input_if+0x365
ipv4_input(ffff800000087048,fffffd80a1bde300) at ipv4_input+0x39
if_input_process(ffff800000087048,ffff800023871638) at if_input_process+0x6f
end trace frame: 0xffff800023871680, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
