On Tue, Nov 15, 2022 at 03:07:05PM +0100, Leah Neukirchen wrote:
>
> I hit the same issue on a 7.2-RELEASE system, which was idle and had
> roughly 3 weeks of uptime.
>
> Stopped at rt_ifa_del+0x39: movb 0x1b6(%rax),%bl
> Same backtrace as in parent message.
>
> The system is virtualized on QEMU/KVM 7.0 on Linux x86_64, has networking
> over a bridge where radvd 2.19 announces a prefix. The same setup has
> been running for years with older OpenBSD versions, without issues.
FWIW, I have found that disabling IPv6 autoconf reliably avoids this.
I have also seen a related crash when running the command below. Which
means that it's not just the nd6 expiry task affected by this issue.
It is not yet known where the actual race is. Help appreciated.
# ifconfig vio0 -inet6 autoconf
login: kernel: protection fault trap, code=0
Stopped at rt_ifa_del+0x39: movb 0x1b6(%rax),%bl
ddb{2}> bt
rt_ifa_del(ffff8000008a0d00,800100,dead0009deadbeef,0) at rt_ifa_del+0x39
in6_unlink_ifa(ffff8000008a0d00,ffff8000004d72a8) at in6_unlink_ifa+0xae
in6_purgeaddr(ffff8000008a0d00) at in6_purgeaddr+0x127
in6_ifdetach(ffff8000004d72a8) at in6_ifdetach+0x19e
ifioctl(fffffd8782bf95b8,801169ac,ffff800022edac90,ffff800022e24fc8) at ifioctl
+0xdcc
soo_ioctl(fffffd877fc2ef00,801169ac,ffff800022edac90,ffff800022e24fc8) at soo_i
octl+0x171
sys_ioctl(ffff800022e24fc8,ffff800022edada0,ffff800022edae00) at sys_ioctl+0x2c
4
syscall(ffff800022edae70) at syscall+0x384
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffe1900, count: -9
ddb{2}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*88890 7233 11006 0 7 0x3 ifconfig
