Date: Mon, 22 Aug 2011 15:08:46 +0400 From: Sergey Kandaurov <pluknet@gmail.com> To: Tom Vijlbrief <tom.vijlbrief@xs4all.nl> Cc: FreeBSD Net <freebsd-net@freebsd.org>, freebsd-current@freebsd.org Subject: Re: BETA1 IPv6 crash Message-ID: <CAE-mSO%2Bd2JSYhiNG2pRMReHDNYDBDba8h6vX4w7C-kQu3WYrdw@mail.gmail.com> In-Reply-To: <CAOQrpVf7bATyWmWRF0Cnwk_KWPygbSFXCSP6ZtGtkSL0czRGag@mail.gmail.com> References: <CAOQrpVdkqYm22jjgdOiu9f7GrALfrjCuY-VfYBibvF4Lb9m-=Q@mail.gmail.com> <CAE-mSOK3ZD92NG6DqzmZ_pdK0KoUZoN_s9c-iToa1XQ4vaBfFQ@mail.gmail.com> <CAOQrpVf7bATyWmWRF0Cnwk_KWPygbSFXCSP6ZtGtkSL0czRGag@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--000e0cd762ae5266d904ab161afa Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 8 August 2011 22:06, Tom Vijlbrief <tom.vijlbrief@xs4all.nl> wrote: > 2011/8/7 Sergey Kandaurov <pluknet@gmail.com>: >> On 7 August 2011 17:11, Tom Vijlbrief <tom.vijlbrief@xs4all.nl> wrote: >>> I installed BETA1 in a fresh ubuntu 11.04 KVM virtual machine with the >>> new installer. >>> >>> Major issue I noticed was the missing /home. >>> >>> It took me quite some time to get IPv6 working in the guest (a Linux >>> configuration issue), but now that it works >>> BETA1 panics in about 50% of the boot attempts: >>> >>> testbsd dumped core - see /var/crash/vmcore.0 >>> >>> Sun Aug =A07 08:25:28 CEST 2011 >>> >>> FreeBSD testbsd 9.0-BETA1 FreeBSD 9.0-BETA1 #0: Thu Jul 28 16:34:16 >>> UTC 2011 =A0 =A0 root@obrian.cse.buffalo.edu:/usr/obj/usr/src/sys/GENER= IC >>> i386 >>> >>> panic: _mtx_lock_sleep: recursed on non-recursive mutex if_addr_mtx @ >>> /usr/src/sys/netinet6/mld6.c:1676 >>> >>> GNU gdb 6.1.1 [FreeBSD] >>> Copyright 2004 Free Software Foundation, Inc. >>> GDB is free software, covered by the GNU General Public License, and yo= u are >>> welcome to change it and/or distribute copies of it under certain condi= tions. >>> Type "show copying" to see the conditions. >>> There is absolutely no warranty for GDB. =A0Type "show warranty" for de= tails. >>> This GDB was configured as "i386-marcel-freebsd"... >> [..] >>> panic: _mtx_lock_sleep: recursed on non-recursive mutex if_addr_mtx @ >>> /usr/src/sys/netinet6/mld6.c:1676 >>> >>> cpuid =3D 0 >>> KDB: enter: panic >>> Uptime: 28s >>> Physical memory: 491 MB >>> Dumping 45 MB: 30 14 >>> >>> #0 =A0doadump (textdump=3D1) at pcpu.h:244 >>> 244 =A0 =A0 pcpu.h: No such file or directory. >>> =A0 =A0 =A0 =A0in pcpu.h >>> (kgdb) #0 =A0doadump (textdump=3D1) at pcpu.h:244 >>> #1 =A00xc0a04965 in kern_reboot (howto=3D260) >>> =A0 =A0at /usr/src/sys/kern/kern_shutdown.c:430 >>> #2 =A00xc0a04291 in panic (fmt=3DVariable "fmt" is not available. >>> ) at /usr/src/sys/kern/kern_shutdown.c:595 >>> #3 =A00xc09f4a4a in _mtx_lock_sleep (m=3D0xc35f3a28, tid=3D3278693824, = opts=3D0, >>> =A0 =A0file=3D0xc0f1ab65 "/usr/src/sys/netinet6/mld6.c", line=3D1676) >>> =A0 =A0at /usr/src/sys/kern/kern_mutex.c:341 >>> #4 =A00xc09f4c67 in _mtx_lock_flags (m=3D0xc35f3a28, opts=3D0, >>> =A0 =A0file=3D0xc0f1ab65 "/usr/src/sys/netinet6/mld6.c", line=3D1676) >>> =A0 =A0at /usr/src/sys/kern/kern_mutex.c:203 >>> #5 =A00xc0bbf007 in mld_set_version (mli=3D0xc3589a00, version=3DVariab= le >>> "version" is not available. >>> ) >>> =A0 =A0at /usr/src/sys/netinet6/mld6.c:1676 >>> #6 =A00xc0bc0c00 in mld_input (m=3D0xc3951e00, off=3D48, icmp6len=3D24) >>> =A0 =A0at /usr/src/sys/netinet6/mld6.c:690 >>> #7 =A00xc0ba5696 in icmp6_input (mp=3D0xc3313a54, offp=3D0xc3313a68, pr= oto=3D58) >>> =A0 =A0at /usr/src/sys/netinet6/icmp6.c:654 >>> #8 =A00xc0bba23a in ip6_input (m=3D0xc3951e00) >>> =A0 =A0at /usr/src/sys/netinet6/ip6_input.c:964 >>> #9 =A00xc0ac9b1c in netisr_dispatch_src (proto=3D10, source=3D0, m=3D0x= c3951e00) >>> =A0 =A0at /usr/src/sys/net/netisr.c:1013 >>> #10 0xc0ac9da0 in netisr_dispatch (proto=3D10, m=3D0xc3951e00) >>> =A0 =A0at /usr/src/sys/net/netisr.c:1104 >>> #11 0xc0abecf1 in ether_demux (ifp=3D0xc35f3800, m=3D0xc3951e00) >>> =A0 =A0at /usr/src/sys/net/if_ethersubr.c:936 >>> #12 0xc0abf1b3 in ether_nh_input (m=3D0xc3951e00) >>> =A0 =A0at /usr/src/sys/net/if_ethersubr.c:755 >>> #13 0xc0ac9b1c in netisr_dispatch_src (proto=3D9, source=3D0, m=3D0xc39= 51e00) >>> =A0 =A0at /usr/src/sys/net/netisr.c:1013 >>> #14 0xc0ac9da0 in netisr_dispatch (proto=3D9, m=3D0xc3951e00) >>> =A0 =A0at /usr/src/sys/net/netisr.c:1104 >>> #15 0xc0abe7f5 in ether_input (ifp=3D0xc35f3800, m=3D0xc3951e00) >>> =A0 =A0at /usr/src/sys/net/if_ethersubr.c:796 >>> #16 0xc0672bc9 in lem_handle_rxtx (context=3D0xc3732000, pending=3D1) >>> =A0 =A0at /usr/src/sys/dev/e1000/if_lem.c:3554 >>> #17 0xc0a468ab in taskqueue_run_locked (queue=3D0xc359ca80) >>> =A0 =A0at /usr/src/sys/kern/subr_taskqueue.c:306 >>> #18 0xc0a47307 in taskqueue_thread_loop (arg=3D0xc37365ec) >>> =A0 =A0at /usr/src/sys/kern/subr_taskqueue.c:495 >>> #19 0xc09d7af8 in fork_exit (callout=3D0xc0a472a0 <taskqueue_thread_loo= p>, >>> =A0 =A0arg=3D0xc37365ec, frame=3D0xc3313d28) at /usr/src/sys/kern/kern_= fork.c:941 >>> #20 0xc0d1d714 in fork_trampoline () at /usr/src/sys/i386/i386/exceptio= n.s:275 >>> (kgdb) >>> >> >> This is the same as in PR kern/158426. >> Can you try the patch from PR followup and report us whether it helps? >> Full link to PR with patch: >> http://www.freebsd.org/cgi/query-pr.cgi?pr=3Dkern/158426 >> > > I applied the patch and tried about 15 reboots and all went fine.... > Hi, Tom. A better fix for this problem has been developed since then. Would you please try it as well? For doing that, you need to revert a previous patch and apply this one. Please report if this change also fixes the panic for you, so it has better chances to get into 9.0 release. Index: sys/netinet6/mld6.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- sys/netinet6/mld6.c (revision 224471) +++ sys/netinet6/mld6.c (working copy) @@ -680,7 +680,6 @@ mld_v1_input_query(struct ifnet *ifp, const struct IN6_MULTI_LOCK(); MLD_LOCK(); - IF_ADDR_LOCK(ifp); /* * Switch to MLDv1 host compatibility mode. @@ -693,6 +692,7 @@ mld_v1_input_query(struct ifnet *ifp, const struct if (timer =3D=3D 0) timer =3D 1; + IF_ADDR_LOCK(ifp); if (is_general_query) { /* * For each reporting group joined on this @@ -888,7 +888,6 @@ mld_v2_input_query(struct ifnet *ifp, const struct IN6_MULTI_LOCK(); MLD_LOCK(); - IF_ADDR_LOCK(ifp); mli =3D MLD_IFINFO(ifp); KASSERT(mli !=3D NULL, ("%s: no mld_ifinfo for ifp %p", __func__, i= fp)); @@ -936,14 +935,18 @@ mld_v2_input_query(struct ifnet *ifp, const struct * Queries for groups we are not a member of on this * link are simply ignored. */ + IF_ADDR_LOCK(ifp); inm =3D in6m_lookup_locked(ifp, &mld->mld_addr); - if (inm =3D=3D NULL) + if (inm =3D=3D NULL) { + IF_ADDR_UNLOCK(ifp); goto out_locked; + } if (nsrc > 0) { if (!ratecheck(&inm->in6m_lastgsrtv, &V_mld_gsrdelay)) { CTR1(KTR_MLD, "%s: GS query throttled.", __func__); + IF_ADDR_UNLOCK(ifp); goto out_locked; } } @@ -961,10 +964,10 @@ mld_v2_input_query(struct ifnet *ifp, const struct /* XXX Clear embedded scope ID as userland won't expect it.= */ in6_clearscope(&mld->mld_addr); + IF_ADDR_UNLOCK(ifp); } out_locked: - IF_ADDR_UNLOCK(ifp); MLD_UNLOCK(); IN6_MULTI_UNLOCK(); --=20 wbr, pluknet --000e0cd762ae5266d904ab161afa Content-Type: application/octet-stream; name="mld6.locking.2.patch" Content-Disposition: attachment; filename="mld6.locking.2.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_grncdatp0 SW5kZXg6IHN5cy9uZXRpbmV0Ni9tbGQ2LmMKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gc3lzL25ldGluZXQ2L21s ZDYuYwkocmV2aXNpb24gMjI0NDcxKQorKysgc3lzL25ldGluZXQ2L21sZDYuYwkod29ya2luZyBj b3B5KQpAQCAtNjgwLDcgKzY4MCw2IEBAIG1sZF92MV9pbnB1dF9xdWVyeShzdHJ1Y3QgaWZuZXQg KmlmcCwgY29uc3Qgc3RydWN0CiAKIAlJTjZfTVVMVElfTE9DSygpOwogCU1MRF9MT0NLKCk7Ci0J SUZfQUREUl9MT0NLKGlmcCk7CiAKIAkvKgogCSAqIFN3aXRjaCB0byBNTER2MSBob3N0IGNvbXBh dGliaWxpdHkgbW9kZS4KQEAgLTY5Myw2ICs2OTIsNyBAQCBtbGRfdjFfaW5wdXRfcXVlcnkoc3Ry dWN0IGlmbmV0ICppZnAsIGNvbnN0IHN0cnVjdAogCWlmICh0aW1lciA9PSAwKQogCQl0aW1lciA9 IDE7CiAKKwlJRl9BRERSX0xPQ0soaWZwKTsKIAlpZiAoaXNfZ2VuZXJhbF9xdWVyeSkgewogCQkv KgogCQkgKiBGb3IgZWFjaCByZXBvcnRpbmcgZ3JvdXAgam9pbmVkIG9uIHRoaXMKQEAgLTg4OCw3 ICs4ODgsNiBAQCBtbGRfdjJfaW5wdXRfcXVlcnkoc3RydWN0IGlmbmV0ICppZnAsIGNvbnN0IHN0 cnVjdAogCiAJSU42X01VTFRJX0xPQ0soKTsKIAlNTERfTE9DSygpOwotCUlGX0FERFJfTE9DSyhp ZnApOwogCiAJbWxpID0gTUxEX0lGSU5GTyhpZnApOwogCUtBU1NFUlQobWxpICE9IE5VTEwsICgi JXM6IG5vIG1sZF9pZmluZm8gZm9yIGlmcCAlcCIsIF9fZnVuY19fLCBpZnApKTsKQEAgLTkzNiwx NCArOTM1LDE4IEBAIG1sZF92Ml9pbnB1dF9xdWVyeShzdHJ1Y3QgaWZuZXQgKmlmcCwgY29uc3Qg c3RydWN0CiAJCSAqIFF1ZXJpZXMgZm9yIGdyb3VwcyB3ZSBhcmUgbm90IGEgbWVtYmVyIG9mIG9u IHRoaXMKIAkJICogbGluayBhcmUgc2ltcGx5IGlnbm9yZWQuCiAJCSAqLworCQlJRl9BRERSX0xP Q0soaWZwKTsKIAkJaW5tID0gaW42bV9sb29rdXBfbG9ja2VkKGlmcCwgJm1sZC0+bWxkX2FkZHIp OwotCQlpZiAoaW5tID09IE5VTEwpCisJCWlmIChpbm0gPT0gTlVMTCkgeworCQkJSUZfQUREUl9V TkxPQ0soaWZwKTsKIAkJCWdvdG8gb3V0X2xvY2tlZDsKKwkJfQogCQlpZiAobnNyYyA+IDApIHsK IAkJCWlmICghcmF0ZWNoZWNrKCZpbm0tPmluNm1fbGFzdGdzcnR2LAogCQkJICAgICZWX21sZF9n c3JkZWxheSkpIHsKIAkJCQlDVFIxKEtUUl9NTEQsICIlczogR1MgcXVlcnkgdGhyb3R0bGVkLiIs CiAJCQkJICAgIF9fZnVuY19fKTsKKwkJCQlJRl9BRERSX1VOTE9DSyhpZnApOwogCQkJCWdvdG8g b3V0X2xvY2tlZDsKIAkJCX0KIAkJfQpAQCAtOTYxLDEwICs5NjQsMTAgQEAgbWxkX3YyX2lucHV0 X3F1ZXJ5KHN0cnVjdCBpZm5ldCAqaWZwLCBjb25zdCBzdHJ1Y3QKIAogCQkvKiBYWFggQ2xlYXIg ZW1iZWRkZWQgc2NvcGUgSUQgYXMgdXNlcmxhbmQgd29uJ3QgZXhwZWN0IGl0LiAqLwogCQlpbjZf Y2xlYXJzY29wZSgmbWxkLT5tbGRfYWRkcik7CisJCUlGX0FERFJfVU5MT0NLKGlmcCk7CiAJfQog CiBvdXRfbG9ja2VkOgotCUlGX0FERFJfVU5MT0NLKGlmcCk7CiAJTUxEX1VOTE9DSygpOwogCUlO Nl9NVUxUSV9VTkxPQ0soKTsKIAo= --000e0cd762ae5266d904ab161afa--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAE-mSO%2Bd2JSYhiNG2pRMReHDNYDBDba8h6vX4w7C-kQu3WYrdw>