Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 22 Aug 2011 15:08:46 +0400
From:      Sergey Kandaurov <pluknet@gmail.com>
To:        Tom Vijlbrief <tom.vijlbrief@xs4all.nl>
Cc:        FreeBSD Net <freebsd-net@freebsd.org>, freebsd-current@freebsd.org
Subject:   Re: BETA1 IPv6 crash
Message-ID:  <CAE-mSO%2Bd2JSYhiNG2pRMReHDNYDBDba8h6vX4w7C-kQu3WYrdw@mail.gmail.com>
In-Reply-To: <CAOQrpVf7bATyWmWRF0Cnwk_KWPygbSFXCSP6ZtGtkSL0czRGag@mail.gmail.com>
References:  <CAOQrpVdkqYm22jjgdOiu9f7GrALfrjCuY-VfYBibvF4Lb9m-=Q@mail.gmail.com> <CAE-mSOK3ZD92NG6DqzmZ_pdK0KoUZoN_s9c-iToa1XQ4vaBfFQ@mail.gmail.com> <CAOQrpVf7bATyWmWRF0Cnwk_KWPygbSFXCSP6ZtGtkSL0czRGag@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
--000e0cd762ae5266d904ab161afa
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 8 August 2011 22:06, Tom Vijlbrief <tom.vijlbrief@xs4all.nl> wrote:
> 2011/8/7 Sergey Kandaurov <pluknet@gmail.com>:
>> On 7 August 2011 17:11, Tom Vijlbrief <tom.vijlbrief@xs4all.nl> wrote:
>>> I installed BETA1 in a fresh ubuntu 11.04 KVM virtual machine with the
>>> new installer.
>>>
>>> Major issue I noticed was the missing /home.
>>>
>>> It took me quite some time to get IPv6 working in the guest (a Linux
>>> configuration issue), but now that it works
>>> BETA1 panics in about 50% of the boot attempts:
>>>
>>> testbsd dumped core - see /var/crash/vmcore.0
>>>
>>> Sun Aug =A07 08:25:28 CEST 2011
>>>
>>> FreeBSD testbsd 9.0-BETA1 FreeBSD 9.0-BETA1 #0: Thu Jul 28 16:34:16
>>> UTC 2011 =A0 =A0 root@obrian.cse.buffalo.edu:/usr/obj/usr/src/sys/GENER=
IC
>>> i386
>>>
>>> panic: _mtx_lock_sleep: recursed on non-recursive mutex if_addr_mtx @
>>> /usr/src/sys/netinet6/mld6.c:1676
>>>
>>> GNU gdb 6.1.1 [FreeBSD]
>>> Copyright 2004 Free Software Foundation, Inc.
>>> GDB is free software, covered by the GNU General Public License, and yo=
u are
>>> welcome to change it and/or distribute copies of it under certain condi=
tions.
>>> Type "show copying" to see the conditions.
>>> There is absolutely no warranty for GDB. =A0Type "show warranty" for de=
tails.
>>> This GDB was configured as "i386-marcel-freebsd"...
>> [..]
>>> panic: _mtx_lock_sleep: recursed on non-recursive mutex if_addr_mtx @
>>> /usr/src/sys/netinet6/mld6.c:1676
>>>
>>> cpuid =3D 0
>>> KDB: enter: panic
>>> Uptime: 28s
>>> Physical memory: 491 MB
>>> Dumping 45 MB: 30 14
>>>
>>> #0 =A0doadump (textdump=3D1) at pcpu.h:244
>>> 244 =A0 =A0 pcpu.h: No such file or directory.
>>> =A0 =A0 =A0 =A0in pcpu.h
>>> (kgdb) #0 =A0doadump (textdump=3D1) at pcpu.h:244
>>> #1 =A00xc0a04965 in kern_reboot (howto=3D260)
>>> =A0 =A0at /usr/src/sys/kern/kern_shutdown.c:430
>>> #2 =A00xc0a04291 in panic (fmt=3DVariable "fmt" is not available.
>>> ) at /usr/src/sys/kern/kern_shutdown.c:595
>>> #3 =A00xc09f4a4a in _mtx_lock_sleep (m=3D0xc35f3a28, tid=3D3278693824, =
opts=3D0,
>>> =A0 =A0file=3D0xc0f1ab65 "/usr/src/sys/netinet6/mld6.c", line=3D1676)
>>> =A0 =A0at /usr/src/sys/kern/kern_mutex.c:341
>>> #4 =A00xc09f4c67 in _mtx_lock_flags (m=3D0xc35f3a28, opts=3D0,
>>> =A0 =A0file=3D0xc0f1ab65 "/usr/src/sys/netinet6/mld6.c", line=3D1676)
>>> =A0 =A0at /usr/src/sys/kern/kern_mutex.c:203
>>> #5 =A00xc0bbf007 in mld_set_version (mli=3D0xc3589a00, version=3DVariab=
le
>>> "version" is not available.
>>> )
>>> =A0 =A0at /usr/src/sys/netinet6/mld6.c:1676
>>> #6 =A00xc0bc0c00 in mld_input (m=3D0xc3951e00, off=3D48, icmp6len=3D24)
>>> =A0 =A0at /usr/src/sys/netinet6/mld6.c:690
>>> #7 =A00xc0ba5696 in icmp6_input (mp=3D0xc3313a54, offp=3D0xc3313a68, pr=
oto=3D58)
>>> =A0 =A0at /usr/src/sys/netinet6/icmp6.c:654
>>> #8 =A00xc0bba23a in ip6_input (m=3D0xc3951e00)
>>> =A0 =A0at /usr/src/sys/netinet6/ip6_input.c:964
>>> #9 =A00xc0ac9b1c in netisr_dispatch_src (proto=3D10, source=3D0, m=3D0x=
c3951e00)
>>> =A0 =A0at /usr/src/sys/net/netisr.c:1013
>>> #10 0xc0ac9da0 in netisr_dispatch (proto=3D10, m=3D0xc3951e00)
>>> =A0 =A0at /usr/src/sys/net/netisr.c:1104
>>> #11 0xc0abecf1 in ether_demux (ifp=3D0xc35f3800, m=3D0xc3951e00)
>>> =A0 =A0at /usr/src/sys/net/if_ethersubr.c:936
>>> #12 0xc0abf1b3 in ether_nh_input (m=3D0xc3951e00)
>>> =A0 =A0at /usr/src/sys/net/if_ethersubr.c:755
>>> #13 0xc0ac9b1c in netisr_dispatch_src (proto=3D9, source=3D0, m=3D0xc39=
51e00)
>>> =A0 =A0at /usr/src/sys/net/netisr.c:1013
>>> #14 0xc0ac9da0 in netisr_dispatch (proto=3D9, m=3D0xc3951e00)
>>> =A0 =A0at /usr/src/sys/net/netisr.c:1104
>>> #15 0xc0abe7f5 in ether_input (ifp=3D0xc35f3800, m=3D0xc3951e00)
>>> =A0 =A0at /usr/src/sys/net/if_ethersubr.c:796
>>> #16 0xc0672bc9 in lem_handle_rxtx (context=3D0xc3732000, pending=3D1)
>>> =A0 =A0at /usr/src/sys/dev/e1000/if_lem.c:3554
>>> #17 0xc0a468ab in taskqueue_run_locked (queue=3D0xc359ca80)
>>> =A0 =A0at /usr/src/sys/kern/subr_taskqueue.c:306
>>> #18 0xc0a47307 in taskqueue_thread_loop (arg=3D0xc37365ec)
>>> =A0 =A0at /usr/src/sys/kern/subr_taskqueue.c:495
>>> #19 0xc09d7af8 in fork_exit (callout=3D0xc0a472a0 <taskqueue_thread_loo=
p>,
>>> =A0 =A0arg=3D0xc37365ec, frame=3D0xc3313d28) at /usr/src/sys/kern/kern_=
fork.c:941
>>> #20 0xc0d1d714 in fork_trampoline () at /usr/src/sys/i386/i386/exceptio=
n.s:275
>>> (kgdb)
>>>
>>
>> This is the same as in PR kern/158426.
>> Can you try the patch from PR followup and report us whether it helps?
>> Full link to PR with patch:
>> http://www.freebsd.org/cgi/query-pr.cgi?pr=3Dkern/158426
>>
>
> I applied the patch and tried about 15 reboots and all went fine....
>

Hi, Tom.
A better fix for this problem has been developed since then. Would you
please try it as well? For doing that, you need to revert a previous
patch and apply this one.
Please report if this change also fixes the panic for you, so it  has
better chances to get into 9.0 release.


Index: sys/netinet6/mld6.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- sys/netinet6/mld6.c (revision 224471)
+++ sys/netinet6/mld6.c (working copy)
@@ -680,7 +680,6 @@ mld_v1_input_query(struct ifnet *ifp, const struct

        IN6_MULTI_LOCK();
        MLD_LOCK();
-       IF_ADDR_LOCK(ifp);

        /*
         * Switch to MLDv1 host compatibility mode.
@@ -693,6 +692,7 @@ mld_v1_input_query(struct ifnet *ifp, const struct
        if (timer =3D=3D 0)
                timer =3D 1;

+       IF_ADDR_LOCK(ifp);
        if (is_general_query) {
                /*
                 * For each reporting group joined on this
@@ -888,7 +888,6 @@ mld_v2_input_query(struct ifnet *ifp, const struct

        IN6_MULTI_LOCK();

        MLD_LOCK();
-       IF_ADDR_LOCK(ifp);

        mli =3D MLD_IFINFO(ifp);
        KASSERT(mli !=3D NULL, ("%s: no mld_ifinfo for ifp %p", __func__, i=
fp));
@@ -936,14 +935,18 @@ mld_v2_input_query(struct ifnet *ifp, const struct
                 * Queries for groups we are not a member of on this
                 * link are simply ignored.
                 */
+               IF_ADDR_LOCK(ifp);
                inm =3D in6m_lookup_locked(ifp, &mld->mld_addr);
-               if (inm =3D=3D NULL)
+               if (inm =3D=3D NULL) {
+                       IF_ADDR_UNLOCK(ifp);
                        goto out_locked;
+               }
                if (nsrc > 0) {
                        if (!ratecheck(&inm->in6m_lastgsrtv,
                            &V_mld_gsrdelay)) {
                                CTR1(KTR_MLD, "%s: GS query throttled.",
                                    __func__);
+                               IF_ADDR_UNLOCK(ifp);
                                goto out_locked;
                        }
                }
@@ -961,10 +964,10 @@ mld_v2_input_query(struct ifnet *ifp, const struct

                /* XXX Clear embedded scope ID as userland won't expect it.=
 */
                in6_clearscope(&mld->mld_addr);
+               IF_ADDR_UNLOCK(ifp);
        }

 out_locked:
-       IF_ADDR_UNLOCK(ifp);
        MLD_UNLOCK();
        IN6_MULTI_UNLOCK();


--=20
wbr,
pluknet

--000e0cd762ae5266d904ab161afa
Content-Type: application/octet-stream; name="mld6.locking.2.patch"
Content-Disposition: attachment; filename="mld6.locking.2.patch"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_grncdatp0

SW5kZXg6IHN5cy9uZXRpbmV0Ni9tbGQ2LmMKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gc3lzL25ldGluZXQ2L21s
ZDYuYwkocmV2aXNpb24gMjI0NDcxKQorKysgc3lzL25ldGluZXQ2L21sZDYuYwkod29ya2luZyBj
b3B5KQpAQCAtNjgwLDcgKzY4MCw2IEBAIG1sZF92MV9pbnB1dF9xdWVyeShzdHJ1Y3QgaWZuZXQg
KmlmcCwgY29uc3Qgc3RydWN0CiAKIAlJTjZfTVVMVElfTE9DSygpOwogCU1MRF9MT0NLKCk7Ci0J
SUZfQUREUl9MT0NLKGlmcCk7CiAKIAkvKgogCSAqIFN3aXRjaCB0byBNTER2MSBob3N0IGNvbXBh
dGliaWxpdHkgbW9kZS4KQEAgLTY5Myw2ICs2OTIsNyBAQCBtbGRfdjFfaW5wdXRfcXVlcnkoc3Ry
dWN0IGlmbmV0ICppZnAsIGNvbnN0IHN0cnVjdAogCWlmICh0aW1lciA9PSAwKQogCQl0aW1lciA9
IDE7CiAKKwlJRl9BRERSX0xPQ0soaWZwKTsKIAlpZiAoaXNfZ2VuZXJhbF9xdWVyeSkgewogCQkv
KgogCQkgKiBGb3IgZWFjaCByZXBvcnRpbmcgZ3JvdXAgam9pbmVkIG9uIHRoaXMKQEAgLTg4OCw3
ICs4ODgsNiBAQCBtbGRfdjJfaW5wdXRfcXVlcnkoc3RydWN0IGlmbmV0ICppZnAsIGNvbnN0IHN0
cnVjdAogCiAJSU42X01VTFRJX0xPQ0soKTsKIAlNTERfTE9DSygpOwotCUlGX0FERFJfTE9DSyhp
ZnApOwogCiAJbWxpID0gTUxEX0lGSU5GTyhpZnApOwogCUtBU1NFUlQobWxpICE9IE5VTEwsICgi
JXM6IG5vIG1sZF9pZmluZm8gZm9yIGlmcCAlcCIsIF9fZnVuY19fLCBpZnApKTsKQEAgLTkzNiwx
NCArOTM1LDE4IEBAIG1sZF92Ml9pbnB1dF9xdWVyeShzdHJ1Y3QgaWZuZXQgKmlmcCwgY29uc3Qg
c3RydWN0CiAJCSAqIFF1ZXJpZXMgZm9yIGdyb3VwcyB3ZSBhcmUgbm90IGEgbWVtYmVyIG9mIG9u
IHRoaXMKIAkJICogbGluayBhcmUgc2ltcGx5IGlnbm9yZWQuCiAJCSAqLworCQlJRl9BRERSX0xP
Q0soaWZwKTsKIAkJaW5tID0gaW42bV9sb29rdXBfbG9ja2VkKGlmcCwgJm1sZC0+bWxkX2FkZHIp
OwotCQlpZiAoaW5tID09IE5VTEwpCisJCWlmIChpbm0gPT0gTlVMTCkgeworCQkJSUZfQUREUl9V
TkxPQ0soaWZwKTsKIAkJCWdvdG8gb3V0X2xvY2tlZDsKKwkJfQogCQlpZiAobnNyYyA+IDApIHsK
IAkJCWlmICghcmF0ZWNoZWNrKCZpbm0tPmluNm1fbGFzdGdzcnR2LAogCQkJICAgICZWX21sZF9n
c3JkZWxheSkpIHsKIAkJCQlDVFIxKEtUUl9NTEQsICIlczogR1MgcXVlcnkgdGhyb3R0bGVkLiIs
CiAJCQkJICAgIF9fZnVuY19fKTsKKwkJCQlJRl9BRERSX1VOTE9DSyhpZnApOwogCQkJCWdvdG8g
b3V0X2xvY2tlZDsKIAkJCX0KIAkJfQpAQCAtOTYxLDEwICs5NjQsMTAgQEAgbWxkX3YyX2lucHV0
X3F1ZXJ5KHN0cnVjdCBpZm5ldCAqaWZwLCBjb25zdCBzdHJ1Y3QKIAogCQkvKiBYWFggQ2xlYXIg
ZW1iZWRkZWQgc2NvcGUgSUQgYXMgdXNlcmxhbmQgd29uJ3QgZXhwZWN0IGl0LiAqLwogCQlpbjZf
Y2xlYXJzY29wZSgmbWxkLT5tbGRfYWRkcik7CisJCUlGX0FERFJfVU5MT0NLKGlmcCk7CiAJfQog
CiBvdXRfbG9ja2VkOgotCUlGX0FERFJfVU5MT0NLKGlmcCk7CiAJTUxEX1VOTE9DSygpOwogCUlO
Nl9NVUxUSV9VTkxPQ0soKTsKIAo=
--000e0cd762ae5266d904ab161afa--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAE-mSO%2Bd2JSYhiNG2pRMReHDNYDBDba8h6vX4w7C-kQu3WYrdw>