On Sat, Dec 04, 2021 at 10:41:02AM +0100, Hrvoje Popovski wrote: > r620-2# uvm_fault(0xffffffff8229d4e0, 0x137, 0, 2) -> e > kernel: page fault trap, code=0 > Stopped at ipsp_spd_lookup+0xa2f: movq %rax,0(%rcx) > TID PID UID PRFLAGS PFLAGS CPU COMMAND > 419237 67407 0 0x14000 0x200 0 softnet > *157694 94649 0 0x14000 0x200 2K softnet > ipsp_spd_lookup(fffffd80a4139800,2,14,2,0,0,5b815d966b14b44b,fffffd80a4139800) > at ipsp_spd_lookup+0xa2f
Thanks a lot for the test. It crashes here: /home/bluhm/openbsd/cvs/src/sys/netinet/ip_spd.c:414 cdc: 48 03 0a add (%rdx),%rcx * cdf: 48 89 01 mov %rax,(%rcx) ce2: 49 8b 80 30 01 00 00 mov 0x130(%r8),%rax ce9: 49 8b 88 38 01 00 00 mov 0x138(%r8),%rcx cf0: 48 89 01 mov %rax,(%rcx) cf3: 49 c7 80 38 01 00 00 movq $0xffffffffffffffff,0x138(%r8) cfa: ff ff ff ff cfe: 49 c7 80 30 01 00 00 movq $0xffffffffffffffff,0x130(%r8) d05: ff ff ff ff /home/bluhm/openbsd/cvs/src/sys/netinet/ip_spd.c:416 nomatchout: /* Cached TDB was not good. */ * TAILQ_REMOVE(&ipo->ipo_tdb->tdb_policy_head, ipo, ipo_tdb_next); tdb_unref(ipo->ipo_tdb); ipo->ipo_tdb = NULL; ipo->ipo_last_searched = 0; So mvs@'s concerns are correct, my IPsec workaround is not sufficient. I want to avoid another rwlock in the input path. Maybe I can throw some mutexes into IPsec to make it work. bluhm > ip_output_ipsec_lookup(fffffd80a4139800,14,0,ffff800022c60228,0) at > ip_output_ipsec_lookup+0x4c > ip_output(fffffd80a4139800,0,ffff800022c603e8,1,0,0,3ada3367ffb43fe1) at > ip_output+0x39d > ip_forward(fffffd80a4139800,ffff800000087048,fffffd8394511078,0) at > ip_forward+0x26a > ip_input_if(ffff800022c60528,ffff800022c60534,4,0,ffff800000087048) at > ip_input_if+0x353 > ipv4_input(ffff800000087048,fffffd80a4139800) at ipv4_input+0x39 > ether_input(ffff800000087048,fffffd80a4139800) at ether_input+0x3aa > if_input_process(ffff800000087048,ffff800022c60618) at if_input_process+0x92 > ifiq_process(ffff800000087458) at ifiq_process+0x69 > taskq_thread(ffff80000002f080) at taskq_thread+0x81 > end trace frame: 0x0, count: 5