On Tue, Jun 28, 2022 at 10:51:29AM +0200, Alexander Bluhm wrote:
> arpintr() looks MP safe and I cannot trigger a crash with this diff.
Running parallel forwarding and arp -d in a loop triggers route
NULL pointer dereference after a while. I have to figure out if
it is related to this diff.
bluhm
root@ot31:.../~# while :; do arp -nd 10.6.16.36 >/dev/null; done
arp: delete: can't locate 10.6.16.36
arp: delete: can't locate 10.6.16.36
arp: delete: can't locate 10.6.16.36
arp: delete: can't locate 10.6.16.36
uvmp_afnaicu:lt (0 x f ff f ff f f 8 31 a 59 9 8 , 0 x6 0, 0, 2
) - > e
kkeerrnneell: pdagieag fnoasultict t ra p , c o de = 0 a
Stopped at rtref+0x11: lock incl 0x60(%rdi) s
TID PID UID PRFLAGS PFLAGS CPU COMMAND
202508 43068 0 0x100003 0 3 arp
37126 11508 91 0x1000012 0 5 snmpd
340135 94731 0 0x14000 0x200 1 softnet
230690 38637 0 0x14000 0x200 2 softnet
33711 215 0 0x14000 0x200 4 softnet
*104852 83709 0 0x14000 0x200 6 softnet
rtref(0) at rtref+0x11
rtable_match(0,ffff8000246b6e98,fffffd800b58e658) at rtable_match+0xb9
rtalloc_mpath(ffff8000246b6e98,fffffd800b58e658,0) at rtalloc_mpath+0x2e
in_ouraddr(fffffd80b278d300,ffff80000077d048,ffff8000246b6f18) at in_ouraddr+0x
84
ip_input_if(ffff8000246b6fb8,ffff8000246b6fc4,4,0,ffff80000077d048) at ip_input
_if+0x1cd
ipv4_input(ffff80000077d048,fffffd80b278d300) at ipv4_input+0x39
ether_input(ffff80000077d048,fffffd80b278d300) at ether_input+0x3ad
if_input_process(ffff80000077d048,ffff8000246b70a8) at if_input_process+0x6f
ifiq_process(ffff800000781100) at ifiq_process+0x69
taskq_thread(ffff800000036080) at taskq_thread+0x100
end trace frame: 0x0, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{6}> show register
rdi 0
rsi 0xfffffd8834a02590
rbp 0xffff8000246b6dc0
rbx 0xffff8000246b6dd8
rdx 0
rcx 0xffff8000224377e0
rax 0
r8 0
r9 0x4
r10 0x24
r11 0xf4ba682f767b269e
r12 0xfffffd8834a02590
r13 0xffff8000246b6e98
r14 0
r15 0xfffffd800b58e658
rip 0xffffffff813b2691 rtref+0x11
cs 0x8
rflags 0x10282 __ALIGN_SIZE+0xf282
rsp 0xffff8000246b6db0
ss 0x10
rtref+0x11: lock incl 0x60(%rdi)
ddb{6}> show panic
*cpu6: uvm_fault(0xffffffff831a5998, 0x60, 0, 2) -> e
cpu2: kernel diagnostic assertion "(rt->rt_flags & RTF_MPATH) || mrt->rt_prior
ity != prio" failed: file "/usr/src/sys/net/rtable.c", line 613
ddb{6}> trace
rtref(0) at rtref+0x11
rtable_match(0,ffff8000246b6e98,fffffd800b58e658) at rtable_match+0xb9
rtalloc_mpath(ffff8000246b6e98,fffffd800b58e658,0) at rtalloc_mpath+0x2e
in_ouraddr(fffffd80b278d300,ffff80000077d048,ffff8000246b6f18) at in_ouraddr+0x
84
ip_input_if(ffff8000246b6fb8,ffff8000246b6fc4,4,0,ffff80000077d048) at ip_input
_if+0x1cd
ipv4_input(ffff80000077d048,fffffd80b278d300) at ipv4_input+0x39
ether_input(ffff80000077d048,fffffd80b278d300) at ether_input+0x3ad
if_input_process(ffff80000077d048,ffff8000246b70a8) at if_input_process+0x6f
ifiq_process(ffff800000781100) at ifiq_process+0x69
taskq_thread(ffff800000036080) at taskq_thread+0x100
end trace frame: 0x0, count: -10
ddb{6}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
43068 202508 86288 0 7 0x100003 arp
16981 183305 55181 0 3 0x100083 kqread top
55181 168823 55818 0 3 0x10008b sigsusp ksh
55818 177517 59472 0 3 0x9a kqread sshd
61572 18246 0 0 3 0x14200 bored sosplice
86288 511512 1 0 3 0x10008b sigsusp ksh
88947 37559 1 0 3 0x100098 kqread cron
33580 243044 1 99 3 0x1100090 kqread sndiod
96861 268522 1 110 3 0x100090 kqread sndiod
78020 360065 25250 95 3 0x1100092 kqread smtpd
21363 422206 25250 103 3 0x1100092 kqread smtpd
26374 175617 25250 95 3 0x1100092 kqread smtpd
50987 371703 25250 95 3 0x100092 kqread smtpd
93507 389621 25250 95 3 0x1100092 kqread smtpd
79576 150347 25250 95 3 0x1100092 kqread smtpd
25250 448177 1 0 3 0x100080 kqread smtpd
8305 136296 1 0 3 0x80 kqread relayd
33505 102618 1 89 3 0x1100092 kqread relayd
2184 364276 1 89 3 0x1100092 kqread relayd
33987 290534 1 89 3 0x1100092 kqread relayd
88165 408505 1 89 3 0x1100092 kqread relayd
28865 15769 1 89 3 0x1100092 kqread relayd
39596 460434 1 89 3 0x1100092 kqread relayd
25914 79064 1 89 3 0x1100092 kqread relayd
43512 132169 1 89 3 0x1100092 kqread relayd
67218 210109 1 0 3 0x100080 kqread snmpd
11508 37126 1 91 7 0x1000012 snmpd
59472 479145 1 0 3 0x88 kqread sshd
53178 20916 0 0 3 0x14280 nfsidl nfsio
95307 371149 0 0 3 0x14280 nfsidl nfsio
42041 401497 0 0 3 0x14280 nfsidl nfsio
6638 200768 0 0 3 0x14280 nfsidl nfsio
62366 44451 1 0 3 0x100080 kqread ntpd
40975 350900 41890 83 3 0x100092 kqread ntpd
41890 513098 1 83 3 0x1100092 kqread ntpd
75435 440365 37802 74 3 0x1100092 bpf pflogd
37802 419185 1 0 3 0x80 netio pflogd
73341 244144 42007 73 3 0x1100090 kqread syslogd
42007 22105 1 0 3 0x100082 netio syslogd
39675 433062 1 0 3 0x100080 kqread resolvd
5108 418924 90895 77 3 0x100092 kqread dhcpleased
7706 410184 90895 77 3 0x100092 kqread dhcpleased
90895 140437 1 0 3 0x80 kqread dhcpleased
19547 107006 34432 115 3 0x100092 kqread slaacd
15050 195077 34432 115 3 0x100092 kqread slaacd
34432 436921 1 0 3 0x100080 kqread slaacd
62855 212226 0 0 3 0x14200 bored smr
88140 302486 0 0 3 0x14200 pgzero zerothread
22065 33268 0 0 3 0x14200 aiodoned aiodoned
81626 452959 0 0 3 0x14200 syncer update
10653 14420 0 0 3 0x14200 cleaner cleaner
95247 324422 0 0 3 0x14200 reaper reaper
43938 437255 0 0 3 0x14200 pgdaemon pagedaemon
13893 163489 0 0 3 0x14200 usbtsk usbtask
59494 306157 0 0 3 0x14200 usbatsk usbatsk
95083 399470 0 0 3 0x40014200 acpi0 acpi0
11611 12128 0 0 7 0x40014200 idle7
24792 245853 0 0 3 0x40014200 idle6
60405 141192 0 0 3 0x40014200 idle5
52343 110720 0 0 3 0x40014200 idle4
74019 238412 0 0 3 0x40014200 idle3
13427 316688 0 0 3 0x40014200 idle2
35082 126760 0 0 3 0x40014200 idle1
50867 401832 0 0 3 0x14200 bored sensors
94731 340135 0 0 7 0x14200 softnet
38637 230690 0 0 7 0x14200 softnet
215 33711 0 0 7 0x14200 softnet
*83709 104852 0 0 7 0x14200 softnet
91832 268994 0 0 3 0x14200 artnfini systqmp
76592 65076 0 0 3 0x14200 bored systq
88699 473337 0 0 3 0x40014200 bored softclock
94119 197022 0 0 7 0x40014200 idle0
1 144699 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
