On Wed, Feb 18, 2015 at 12:14:15PM +0100, Matthieu Herrb wrote: > Feb 18 12:09:59 castor /bsd: splassert: rtrequest1: want 5 have 0 > Feb 18 12:09:59 castor /bsd: Starting stack trace... > Feb 18 12:09:59 castor /bsd: splassert_check() at splassert_check+0x78 > Feb 18 12:09:59 castor /bsd: rtrequest1() at rtrequest1+0x5e > Feb 18 12:09:59 castor /bsd: nd6_prefix_offlink() at > nd6_prefix_offlink+0x1bf > Feb 18 12:09:59 castor /bsd: pfxlist_onlink_check() at > pfxlist_onlink_check+0x25e > Feb 18 12:09:59 castor /bsd: in6_control() at in6_control+0x894 > Feb 18 12:09:59 castor /bsd: ifioctl() at ifioctl+0x175 > Feb 18 12:09:59 castor /bsd: sys_ioctl() at sys_ioctl+0x169 > Feb 18 12:09:59 castor /bsd: syscall() at syscall+0x297 > Feb 18 12:09:59 castor /bsd: --- syscall (number 54) --- > Feb 18 12:09:59 castor /bsd: end of kernel > Feb 18 12:09:59 castor /bsd: end trace frame: 0xc8115948400, count: > 249 > Feb 18 12:09:59 castor /bsd: 0xc8115715cda: > Feb 18 12:09:59 castor /bsd: End of stack trace. > Feb 18 12:10:00 castor /bsd: carp0: state transition: BACKUP -> MASTER
Most calls to pfxlist_onlink_check() are protected by splsoftnet. Only the path in your trace does not set it. So I suggest to set splsoftnet() in in6_control(). I have included the dohooks() as this is done in IPv4. While there I have moved some splsoftnet() hiding in the declarations to the beginning of the code. ok? bluhm Index: netinet6/in6.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/in6.c,v retrieving revision 1.152 diff -u -p -r1.152 in6.c --- netinet6/in6.c 27 Jan 2015 10:34:27 -0000 1.152 +++ netinet6/in6.c 19 Feb 2015 18:47:06 -0000 @@ -552,6 +552,7 @@ in6_control(struct socket *so, u_long cm pr->ndpr_refcnt++; } + s = splsoftnet(); /* * this might affect the status of autoconfigured addresses, * that is, this address might make other addresses detached. @@ -559,6 +560,7 @@ in6_control(struct socket *so, u_long cm pfxlist_onlink_check(); dohooks(ifp->if_addrhooks, 0); + splx(s); break; } Index: netinet6/nd6_rtr.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/nd6_rtr.c,v retrieving revision 1.97 diff -u -p -r1.97 nd6_rtr.c --- netinet6/nd6_rtr.c 27 Jan 2015 03:17:36 -0000 1.97 +++ netinet6/nd6_rtr.c 19 Feb 2015 17:39:18 -0000 @@ -707,10 +707,10 @@ defrouter_reset(void) void defrouter_select(void) { - int s = splsoftnet(); struct nd_defrouter *dr, *selected_dr = NULL, *installed_dr = NULL; struct rtentry *rt = NULL; struct llinfo_nd6 *ln = NULL; + int s = splsoftnet(); /* * This function should be called only when acting as an autoconfigured @@ -1139,12 +1139,13 @@ prelist_update(struct nd_prefix *new, st struct ifaddr *ifa; struct ifnet *ifp = new->ndpr_ifp; struct nd_prefix *pr; - int s = splsoftnet(); - int error = 0; + int s, error = 0; int tempaddr_preferred = 0, autoconf = 0, statique = 0; int auth; struct in6_addrlifetime lt6_tmp; char addr[INET6_ADDRSTRLEN]; + + s = splsoftnet(); auth = 0; if (m) {