From nobody Tue Apr  1 08:43:21 2025
X-Original-To: net@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRhNT48mMz5s9st
	for <net@mlmmj.nyi.freebsd.org>; Tue, 01 Apr 2025 08:43:21 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRhNT3Sz5z3dBh
	for <net@FreeBSD.org>; Tue, 01 Apr 2025 08:43:21 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743497001;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=kdUlfCOJXtO6VGT8+kgte/N8asxq+DsMmh8S8ByuTbw=;
	b=kBoVe0vBrOO3x7rD2XerxVMnjRQkJ9k63Z5TQtq+ioGpirCEHvVKsvEjYd2mCewiXAy1fp
	zku/wItzbiq8XMqHR7HQgGJCJsylCtJl1euk2tximbgbvjC55Kw29gz2XOQbyejwD0MgE4
	Q+IYCzG5owDWlQsYlDWECYlxsMmtWFZBZHjs+g13zZ5tFeX3aZnNTiDX/+KL2TNIZ/hp1v
	DOQ3dcHlCm2XOIE7684puYGsy0fZZkXyiTGaU9WCNBAgD87WTeMJkcfjEar23HqUEBkmVh
	eC8K2wcMSRq27WZHLvYc2UE/qJZHtKRTQwxhBOHveFaZKZcvR87B6oYSC7xnpw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743497001; a=rsa-sha256; cv=none;
	b=KdEGpSWdI8iHwPuCYiOJ1Z2YE2QycBZBTdKSC3sR4CI8jH3yuWkjGqoQ+F+ZgiEYQZWb8r
	l8j8DG5++Qi2AbPsKA3KBAOefdL3gWCbZPrc2JmQcHr1FA54fT/8Az2NZgZvObpL/UqIlF
	FPtYFkpOxA80R31Wnf30jay4eRfzzTde8XbZRATMyI7pm7dEENASznVS3BUQf/PP3/FH9v
	SGEz/fB1dueb4E8kfoVCWz1KNDad5kKVYsCM1Qya2Yq6sa/vH9pJ3SL9+HsqA2ZQBzrD5O
	AXdQzNVHnjbZKd5NrASnu5hIgQYk4exUErbtkQ/ms2pvwOKX5WI2eGHfbuHksw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743497001;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=kdUlfCOJXtO6VGT8+kgte/N8asxq+DsMmh8S8ByuTbw=;
	b=nY6MhQpHXgepIiBqWXWxCc8nHHFwr0Ehj0d0LHnfOhx6Lqr9vk2JKPRCRavykIZlDCWL3u
	6Xk9qfwobUf4vYWVyxA7ejDbPTfh+e+O3qmG0Do0m/ehlC/gJzAXs05Vm8sqgHnKJuJNtI
	xDScXTFtnnQveeoVVdNV3RDwSm5qq7daOTLmjjXA0bTmxHNPV1o29PWFMLQQ60VhE7Hq10
	rTCKJ6iz+tsyu40qjDjg9IlWHRH3BndL4l96pzLBQepH7sEJHwxWDIa1AteqhkO9saY+fR
	mmnhZjADiNqBenOb+Xvn2TgwbTYENT2JPoJZfOxWG+TBLwZQmIuvw9CGRQL2Lw==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRhNT34w4z8Fn
	for <net@FreeBSD.org>; Tue, 01 Apr 2025 08:43:21 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 5318hL0d044263
	for <net@FreeBSD.org>; Tue, 1 Apr 2025 08:43:21 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 5318hL8X044262
	for net@FreeBSD.org; Tue, 1 Apr 2025 08:43:21 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: net@FreeBSD.org
Subject: [Bug 285813] Panic (NULL deref) in arptimer
Date: Tue, 01 Apr 2025 08:43:21 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 14.2-STABLE
X-Bugzilla-Keywords: crash
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: peter.blok@bsd4all.org
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: net@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-285813-7501-YZpahxpA3Z@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-285813-7501@https.bugs.freebsd.org/bugzilla/>
References: <bug-285813-7501@https.bugs.freebsd.org/bugzilla/>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-net
List-Help: <mailto:freebsd-net+help@freebsd.org>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Subscribe: <mailto:freebsd-net+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-net+unsubscribe@freebsd.org>
Sender: owner-freebsd-net@FreeBSD.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D285813

--- Comment #2 from Peter Blok <peter.blok@bsd4all.org> ---
Well v has been optimised out, but as far as I can tell lv_rw_owner returns
NULL when RW_LOCK_READ is set. But to reach the call to lv_rw_owner
RW_LOCK_READ has to be unset.

#define lv_rw_wowner(v)                         \
    ((v) & RW_LOCK_READ ? NULL :                    \
     (struct thread *)RW_OWNER((v)))

To me it looks as if another thread got the lock in between the if and the =
call
to lv_rw_owner

(kgdb) bt
#0  __curthread () at /usr/14-stable/sys/amd64/include/pcpu_aux.h:57
#1  doadump (textdump=3D<optimized out>) at
/usr/14-stable/sys/kern/kern_shutdown.c:405
#2  0xffffffff805ebfcb in kern_reboot (howto=3D260) at
/usr/14-stable/sys/kern/kern_shutdown.c:523
#3  0xffffffff805ec4c9 in vpanic (fmt=3D0xffffffff80a03764 "%s",
ap=3Dap@entry=3D0xfffffe00109d6bb0) at /usr/14-stable/sys/kern/kern_shutdow=
n.c:967
#4  0xffffffff805ec303 in panic (fmt=3D<unavailable>) at
/usr/14-stable/sys/kern/kern_shutdown.c:891
#5  0xffffffff809a61af in trap_fatal (frame=3D<optimized out>, eva=3D<optim=
ized
out>) at /usr/14-stable/sys/amd64/amd64/trap.c:986
#6  0xffffffff809a61af in trap_pfault (frame=3D0xfffffe00109d6c30,
usermode=3Dfalse, signo=3D<optimized out>, ucode=3D<optimized out>)
#7  <signal handler called>
#8  __rw_wlock_hard (c=3Dc@entry=3D0xfffff8001bc27d28, v=3D<optimized out>)=
 at
/usr/14-stable/sys/kern/kern_rwlock.c:1005
#9  0xffffffff80748432 in arptimer (arg=3D0xfffff8001bc27c00) at
/usr/14-stable/sys/netinet/if_ether.c:212
#10 0xffffffff8060a249 in softclock_call_cc (c=3D0xfffff8001bc27cd0,
cc=3Dcc@entry=3D0xffffffff81ddd0c0, direct=3Ddirect@entry=3D0)
    at /usr/14-stable/sys/kern/kern_timeout.c:719
#11 0xffffffff8060ba15 in softclock_thread (arg=3Darg@entry=3D0xffffffff81d=
dd0c0)
at /usr/14-stable/sys/kern/kern_timeout.c:858
#12 0xffffffff805a6a41 in fork_exit (callout=3D0xffffffff8060b930
<softclock_thread>, arg=3D0xffffffff81ddd0c0, frame=3D0xfffffe00109d6f40)
    at /usr/14-stable/sys/kern/kern_fork.c:1153
#13 <signal handler called>
#14 0xa5b2b4b2b4a3b4b2 in ?? ()

--=20
You are receiving this mail because:
You are the assignee for the bug.=