On Tue, Apr 21, 2020 at 10:38:54AM +0200, Martin Pieuchot wrote: > On 20/04/20(Mon) 14:27, Julian Brost wrote: > > On 2020-04-20 12:14, Martin Pieuchot wrote: > > >> login: panic: kernel diagnostic assertion "!ISSET(rt->rt_flags, > > >> RTF_LOCAL)" failed: file "/usr/src/sys/netinet6/nd6.c", line 727 > > > > > > That means some part of the ND code is incorrectly setting an `expire' > > > value to an entry that is local, and therefor should never expire. > > > > > > Could you try to reproduce the issue with the diff below? It should > > > also panic but points us to the place where the bug is. > > > > > > [...] > > With the diff applied, this is the panic message: > > > > starting network > > vio0: DAD detected duplicate IPv6 address fe80:1::1: NS in/out=0/1, NA in=1 > > vio0: DAD complete for fe80:1::1 - duplicate found > > vio0: manual intervention required > > reordering libraries:ndp info overwritten for fe80:1::1 by > > 76:fa:d3:57:ec:56 on vio0 > > panic: kernel diagnostic assertion "!ISSET(ln->ln_rt->rt_flags, > > RTF_LOCAL)" failed: file "/usr/src/sys/netinet6/nd6.c", line 309 > > Stopped at db_enter+0x10: popq %rbp > > > > TID PID UID PRFLAGS PFLAGS CPU COMMAND > > *457148 43436 0 0x14000 0x200 0 softnet > > db_enter() at db_enter+0x10 > > panic() at panic+0x128 > > __assert(ffffffff81c8d6ea,ffffffff81c94c17,135,ffffffff81c9fb69) at > > __assert+0x > > 2b > > > > nd6_llinfo_settimer(fffffd803ec6ff00,15180) at nd6_llinfo_settimer+0xdf > > nd6_cache_lladdr(ffff8000000972a8,ffff800014a496a0,fffffd803714f874,8,86,0) > > at n > > d6_cache_lladdr+0x2be > > > > nd6_rtr_cache(fffffd8036ee3000,28,38,86) at nd6_rtr_cache+0x31e > > icmp6_input(ffff800014a499d8,ffff800014a499e4,3a,18) at icmp6_input+0x33d > > ip_deliver(ffff800014a499d8,ffff800014a499e4,3a,18) at ip_deliver+0x1b3 > > ip6_input_if(ffff800014a499d8,ffff800014a499e4,29,0,ffff8000000972a8) at > > Thanks, diff below fixes nd6_rtr_cache(). It was already skipping > static entries the same should be done for local entries. > > I left the panic in there in case there's another place where the bug > can be triggered. > > Index: netinet6/nd6.c > =================================================================== > RCS file: /cvs/src/sys/netinet6/nd6.c,v > retrieving revision 1.229 > diff -u -p -r1.229 nd6.c > --- netinet6/nd6.c 29 Nov 2019 16:41:01 -0000 1.229 > +++ netinet6/nd6.c 21 Apr 2020 08:36:01 -0000 > @@ -306,6 +306,7 @@ nd6_llinfo_settimer(struct llinfo_nd6 *l > time_t expire = time_uptime + secs; > > NET_ASSERT_LOCKED(); > + KASSERT(!ISSET(ln->ln_rt->rt_flags, RTF_LOCAL)); > > ln->ln_rt->rt_expire = expire; > if (!timeout_pending(&nd6_timer_to) || expire < nd6_timer_next) { > @@ -1111,17 +1112,11 @@ nd6_cache_lladdr(struct ifnet *ifp, stru > > rt = nd6_lookup(from, 0, ifp, ifp->if_rdomain); > if (rt == NULL) { > -#if 0 > - /* nothing must be done if there's no lladdr */ > - if (!lladdr || !lladdrlen) > - return NULL; > -#endif > - > rt = nd6_lookup(from, 1, ifp, ifp->if_rdomain); > is_newentry = 1; > } else { > - /* do nothing if static ndp is set */ > - if (rt->rt_flags & RTF_STATIC) { > + /* do not overwrite local or static entry */ > + if (ISSET(rt->rt_flags, RTF_STATIC|RTF_LOCAL)) { > rtfree(rt); > return; > } >
Makes sense. OK claudio@ -- :wq Claudio