On Fri, Dec 24, 2021 at 02:04:17PM +0100, Alexander Bluhm wrote: > On Fri, Dec 24, 2021 at 12:55:04AM +0100, Alexander Bluhm wrote: > > If you use only regular IPsec or forwarding, I hope it is stable. > > false hope > > rt_timer_add(fffffd81b97f5390,ffffffff814218b0,ffff8000002040c0,0) at > rt_timer_ > add+0xc7 > icmp_mtudisc_clone(2438040a,0,1) at icmp_mtudisc_clone+0x174 > ip_output_ipsec_pmtu_update(ffff8000011e35a0,ffff8000226c0a08,2438040a,0,0) > at i > p_output_ipsec_pmtu_update+0x71 > ip_output_ipsec_send(ffff8000011e35a0,fffffd80b8735000,ffff8000226c0a08,1) at > i > p_output_ipsec_send+0x231 > ip_output(fffffd80b8735000,0,ffff8000226c0a08,1,0,0,457ea326bbcaae85) at > ip_out > put+0x7ca > ip_forward(fffffd80b8735000,ffff80000011e048,fffffd819089ce70,0) at > ip_forward+ > 0x2da > ip_input_if(ffff8000226c0b48,ffff8000226c0b54,4,0,ffff80000011e048) at > ip_input > _if+0x353 > ipv4_input(ffff80000011e048,fffffd80b8735000) at ipv4_input+0x39 > ether_input(ffff80000011e048,fffffd80b8735000) at ether_input+0x3ad > if_input_process(ffff80000011e048,ffff8000226c0c38) at if_input_process+0x6f > ifiq_process(ffff80000011dc00) at ifiq_process+0x69 > taskq_thread(ffff80000002e200) at taskq_thread+0x100 > end trace frame: 0x0, count: -12
/usr/src/sys/net/route.c:1491 3773: 49 8b 0f mov (%r15),%rcx 3776: 49 8b 47 08 mov 0x8(%r15),%rax 377a: 48 85 c9 test %rcx,%rcx 377d: 74 06 je 3785 <rt_timer_add+0xb5> 377f: 48 83 c1 08 add $0x8,%rcx 3783: eb 08 jmp 378d <rt_timer_add+0xbd> 3785: 49 8b 4f 20 mov 0x20(%r15),%rcx 3789: 48 83 c1 18 add $0x18,%rcx 378d: 48 89 01 mov %rax,(%rcx) 3790: 49 8b 07 mov (%r15),%rax 3793: 49 8b 4f 08 mov 0x8(%r15),%rcx * 3797: 48 89 01 mov %rax,(%rcx) 379a: 49 c7 47 08 ff ff ff movq $0xffffffffffffffff,0x8(%r15) 37a1: ff 37a2: 49 c7 07 ff ff ff ff movq $0xffffffffffffffff,(%r15) /usr/src/sys/net/route.c:1492 1484 /* 1485 * If there's already a timer with this action, destroy it before 1486 * we add a new one. 1487 */ 1488 LIST_FOREACH(r, &rt->rt_timer, rtt_link) { 1489 if (r->rtt_func == func) { 1490 LIST_REMOVE(r, rtt_link); * 1491 TAILQ_REMOVE(&r->rtt_queue->rtq_head, r, rtt_next); 1492 if (r->rtt_queue->rtq_count > 0) 1493 r->rtt_queue->rtq_count--; 1494 else 1495 printf("rt_timer_add: rtq_count reached 0\n"); 1496 pool_put(&rttimer_pool, r); 1497 break; /* only one per list, so we can quit... */ 1498 } 1499 } These lists don't look very MP safe.