From owner-freebsd-net@freebsd.org Fri Dec 11 10:13:01 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BFBF89D83E8 for ; Fri, 11 Dec 2015 10:13:01 +0000 (UTC) (envelope-from melifaro@ipfw.ru) Received: from forward16o.cmail.yandex.net (forward16o.cmail.yandex.net [IPv6:2a02:6b8:0:1a72::1e6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "forwards.mail.yandex.net", Issuer "Certum Level IV CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7BBEC1D1F; Fri, 11 Dec 2015 10:13:01 +0000 (UTC) (envelope-from melifaro@ipfw.ru) Received: from web21o.yandex.ru (web21o.yandex.ru [IPv6:2a02:6b8:0:1a2d::5:121]) by forward16o.cmail.yandex.net (Yandex) with ESMTP id 96E7E20EF7; Fri, 11 Dec 2015 13:12:57 +0300 (MSK) Received: from 127.0.0.1 (localhost [127.0.0.1]) by web21o.yandex.ru (Yandex) with ESMTP id 86584401A3F; Fri, 11 Dec 2015 13:12:56 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfw.ru; s=mail; t=1449828777; bh=2Gs0Q33K9LAJ4U7JSV3+GFk6m0W6RNcHf9SGaQ8Vbow=; h=From:To:In-Reply-To:References:Subject:Date; b=OFUofFPFfO2OmyyT+Rv36+MJWL2JXg3NKWYGigSFHMBgGJtU6Sg7SlQXkNxfcS6/5 fcfCcm+jf1y1CnkcNTmPhN1xfhDHql8lcA4OSI5k9CP5SAG8vJPLGd/fdlcxgZTPq1 fJHChI/PFk+QWlD9sED9N0Tm+Ukbus+2TQuFg/ZI= Received: by web21o.yandex.ru with HTTP; Fri, 11 Dec 2015 13:12:55 +0300 From: Alexander V. Chernikov To: Hans Petter Selasky , Adrian Chadd , "freebsd-net@freebsd.org" In-Reply-To: <566A94A1.60400@selasky.org> References: null <2739461446298483@web2h.yandex.ru> <566A94A1.60400@selasky.org> Subject: Re: Race between arptimer() and lle removal [WAS: panic in arptimer in r289937] MIME-Version: 1.0 Message-Id: <2850091449828775@web21o.yandex.ru> X-Mailer: Yamail [ http://yandex.ru ] 5.0 Date: Fri, 11 Dec 2015 13:12:55 +0300 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=koi8-r X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Dec 2015 10:13:01 -0000 11.12.2015, 12:15, "Hans Petter Selasky" : > Hi, > > Pulling the nail out of the haystack hopefully. > >>> šAny ideas on where next to look? > > Adrian: In your dump aswell I see: > > la_flags = 1 > > That means there was a race calling arptimer() and removing the "lle". Yes. The interesting part here is why lle is removed. There are quite a few reasons: either interface address deleted or interface going down, or explicit delete request. That's why I asked Adrian about interface stuff (and haven't got a reply). > > Alexander: Can you comment on the following patch: > > š> Index: netinet/if_ether.c > š> =================================================================== > š> --- netinet/if_ether.c (revision 291256) > š> +++ netinet/if_ether.c (working copy) > š> @@ -185,7 +185,13 @@ > š> LLE_WUNLOCK(lle); > š> return; > š> } > š> - ifp = lle->lle_tbl->llt_ifp; > š> + if (lle->la_flags & LLE_LINKED) { > š> + ifp = lle->lle_tbl->llt_ifp; > š> + } else { > š> + /* XXX RACE entry has been freed */ > š> + llentry_free(lle); > š> + return; > š> + } > š> CURVNET_SET(ifp->if_vnet); > š> > š> if ((lle->la_flags & LLE_DELETED) == 0) { > > We need a check in arptimer() that the lle is still linked before Yes, I had exactly that approach in mind. (And nd6_llinfo_timer() needs the same fix). So, would you commit it or should I? > proceeding, in there from what I can see. Because the callback is not > protected by a mutex, it is not atomically stopped by callout_stop(). > > --HPS