kern/58715: cpu0: softints stuck for 16 seconds

[campbell+netbsd%mumble.net@localhost]

>Number:         58715
>Category:       kern
>Synopsis:       cpu0: softints stuck for 16 seconds
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Oct 03 13:50:00 +0000 2024
>Originator:     Taylor R Campbell
>Release:        current
>Organization:
The RoyBSD Foundation
>Environment:
NetBSD netbsd 10.99.12 NetBSD 10.99.12 (GENERIC) #2: Thu Oct  3 00:35:53 UTC 2024  roy@netbsd:/home/roy/src/out/sys/arch/amd64/compile/GENERIC amd64
>Description:
panic: cpu0: softints stuck for 16 seconds

db{0}> bt
breakpoint() at netbsd:breakpoint+0x5
vpanic() at netbsd:vpanic+0x171
panic() at netbsd:panic+0x3c
heartbeat() at netbsd:heartbeat+0x34c
hardclock() at netbsd:hardclock+0x8b
Xresume_lapic_timer() at netbsd:Xresume_lapic_timer+0x1e
--- interrupt ---
x86_stihlt() at netbsd:x86_stihlt+0x6
acpicpu_cstate_idle() at netbsd:acpicpu_cstate_idle+0x19a
idle_loop() at netbsd:idle_loop+0x128

In another instance (without the patch below), same panic but the stack trace was:

Crash version 10.99.6, image version 10.99.6.
Kernel compiled without options LOCKDEBUG.
System panicked: cpu0: softints stuck for 16 seconds
Backtrace from time of crash is available.
trace: pid 700 lid 700 at 0xffffc6844fccb670
sleepq_block() at sleepq_block+0x13a
cv_wait() at cv_wait+0x49
vioif_ctrl_send_command() at vioif_ctrl_send_command+0x1e6
vioif_set_rx_filter() at vioif_set_rx_filter+0x174
vioif_rx_filter() at vioif_rx_filter+0x157
vioif_ioctl() at vioif_ioctl+0x73
if_mcast_op() at if_mcast_op+0x54
in6m_destroy() at in6m_destroy+0x118
in6_leavegroup() at in6_leavegroup+0x34
in6_purgeaddr() at in6_purgeaddr+0xa5
in6_control1() at in6_control1+0x1205
in6_control() at in6_control+0x87
udp6_ioctl_wrapper() at udp6_ioctl_wrapper+0x33
compat_ifioctl() at compat_ifioctl+0xf5
doifioctl() at doifioctl+0xf06
sys_ioctl() at sys_ioctl+0x56d
syscall() at syscall+0x196
--- syscall (number 54) ---
syscall+0x196:
>How-To-Repeat:
Configure host with bridge0(vether0, vether1).

Configure a single guest with guest vioif0 <-> host vether0, guest vioif1 <-> host vether1.

Run dhcpcd with default configuration in the guest.

With this patch it triggers more reliably, but it d:

diff -r 05014b1ae511 sys/netinet/if_arp.c
--- a/sys/netinet/if_arp.c	Thu Sep 26 21:31:09 2024 +0000
+++ b/sys/netinet/if_arp.c	Thu Oct 03 13:33:45 2024 +0000
@@ -793,14 +793,6 @@
 	if (ah->ar_pln != sizeof(struct in_addr))
 		goto out;
 
-	ifp = if_get_bylla(ar_sha(ah), ah->ar_hln, &psref);
-	if (ifp) {
-		/* it's from me, ignore it. */
-		if_put(ifp, &psref);
-		ARP_STATINC(ARP_STAT_RCVLOCALSHA);
-		goto out;
-	}
-
 	rcvif = ifp = m_get_rcvif_psref(m, &psref);
 	if (__predict_false(rcvif == NULL))
 		goto out;
@@ -911,6 +903,12 @@
 	myaddr = ia->ia_addr.sin_addr;
 
 	/* XXX checks for bridge case? */
+	if (!memcmp(ar_sha(ah), CLLADDR(ifp->if_sadl), ifp->if_addrlen)) {
+		ARP_STATINC(ARP_STAT_RCVLOCALSHA);
+		goto out;	/* it's from me, ignore it. */
+	}
+
+	/* XXX checks for bridge case? */
 	if (!memcmp(ar_sha(ah), ifp->if_broadcastaddr, ifp->if_addrlen)) {
 		ARP_STATINC(ARP_STAT_RCVBCASTSHA);
 		log(LOG_ERR,
diff -r 05014b1ae511 sys/netinet6/nd6_nbr.c
--- a/sys/netinet6/nd6_nbr.c	Thu Sep 26 21:31:09 2024 +0000
+++ b/sys/netinet6/nd6_nbr.c	Thu Oct 03 13:33:45 2024 +0000
@@ -677,23 +677,21 @@
 	}
 
 	if (ndopts.nd_opts_tgt_lladdr != NULL) {
-		struct ifnet *ifp_ll;
-		struct psref psref_ll;
-
 		lladdr = (char *)(ndopts.nd_opts_tgt_lladdr + 1);
 		lladdrlen = ndopts.nd_opts_tgt_lladdr->nd_opt_len << 3;
+	}
 
-		if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) {
+	if (lladdr != NULL) {
+		if (((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) {
 			nd6log(LOG_INFO, "lladdrlen mismatch for %s "
-			    "(if %d, NA packet %d)\n", IN6_PRINT(ip6buf, &taddr6),
+			    "(if %d, NA packet %d)\n",
+			    IN6_PRINT(ip6buf, &taddr6),
 			    ifp->if_addrlen, lladdrlen - 2);
 			goto bad;
 		}
 
-		ifp_ll = if_get_bylla(lladdr, ifp->if_addrlen, &psref_ll);
-		if (ifp_ll != NULL) {
+		if (!memcmp(lladdr, CLLADDR(ifp->if_sadl), ifp->if_addrlen)) {
 			/* it's from me, ignore it. */
-			if_put(ifp_ll, &psref_ll);
 			goto freeit;
 		}
 	}

>Fix:
Yes, please!