From owner-freebsd-net@freebsd.org Sat Jan 7 19:11:35 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9111BCA4D12 for ; Sat, 7 Jan 2017 19:11:35 +0000 (UTC) (envelope-from BM-2cWfdfG5CJsquqkJyry7hZT9LypbSEWEkQ@bitmessage.ch) Received: from mail.bitmessage.ch (unknown [IPv6:2002:92e4:70fc::92e4:70fc]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0969716C2 for ; Sat, 7 Jan 2017 19:11:34 +0000 (UTC) (envelope-from BM-2cWfdfG5CJsquqkJyry7hZT9LypbSEWEkQ@bitmessage.ch) dkim-signature: v=1; a=rsa-sha256; d=bitmessage.ch; s=mail; c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding; bh=huSjizxIHdS9mfv5g1XAVG06AGLr6KBzMk67GyFroT4=; b=sAX1L2n44OszusdpZ9t3ySMCDZrZBhQmba8YxOJ6eid7JuuO5NmBH3FoW3boQVxyUjYnwx2TbT/06IUK29KHCvo1sLp6PkBFO2DwMoZzf9ZM9BvYusz3Ix0962gb9eerGPzqcS3M+F1wgt16FC6lPqCCLiUj3QNZAbi6Egvq5m0= Received: from lion.3 (46-227-67-182.pool.ovpn.se [46.227.67.182]) by mail.bitmessage.ch with ESMTPSA (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256) ; Sat, 7 Jan 2017 20:11:06 +0100 Date: Sat, 7 Jan 2017 20:11:19 +0100 From: Jim To: freebsd-net@freebsd.org Subject: Panic in nd6_prefix_offlink() Message-Id: <20170107201119.22d9ceff88e935c2b3f072a1@bitmessage.ch> X-Mailer: Sylpheed 3.5.1 (GTK+ 2.24.29; amd64-portbld-freebsd10.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jan 2017 19:11:35 -0000 Hello, I observe frequent crashes on Beagle Bone Black running CURRENT r311106 at home. My home LAN is connected to DSL provider. The CPE router gets assigned IPv6 address (ds-lite) and advertises prefix/route to the LAN. Every night the DSL connection is terminated by provider. Upon connection is reestablished the new IPv6 prefix is assigned to router and then advertised to LAN. This event seems to cause kernel panic on Beagelebone board which goes to db> prompt. Backtrace shows: nd6_timer() -> nd6_prefix_offlink() -> witness_assert() -> vpanic() Here is the backtrace: db> bt Tracing pid 11 tid 100005 td 0xc2cc8000 db_trace_self() at db_trace_self pc = 0xc067d5f8 lr = 0xc02580d4 (db_stack_trace+0x108) sp = 0xccbdc878 fp = 0xccbdc890 db_stack_trace() at db_stack_trace+0x108 pc = 0xc02580d4 lr = 0xc0257d24 (db_command+0x274) sp = 0xccbdc898 fp = 0xccbdc938 r4 = 0x00000001 r5 = 0x00000000 r6 = 0xc07126c7 r10 = 0xc09a3980 db_command() at db_command+0x274 pc = 0xc0257d24 lr = 0xc0257aa0 (db_command_loop+0x74) sp = 0xccbdc940 fp = 0xccbdc950 r4 = 0xc06eb84e r5 = 0xc070afd2 r6 = 0xc09a396c r7 = 0xc07da9d0 r8 = 0xc093c198 r9 = 0xc093c19c r10 = 0xccbdcb18 db_command_loop() at db_command_loop+0x74 pc = 0xc0257aa0 lr = 0xc025b1dc (db_trap+0x124) sp = 0xccbdc958 fp = 0xccbdca70 r4 = 0x00000000 r5 = 0xc09a3978 r6 = 0xc093c1b8 r10 = 0xccbdcb18 db_trap() at db_trap+0x124 pc = 0xc025b1dc lr = 0xc03f6e28 (kdb_trap+0xd0) sp = 0xccbdca78 fp = 0xccbdca98 r4 = 0x00000000 r5 = 0x00000001 r6 = 0xc093c1b8 r7 = 0xc07da9d0 kdb_trap() at kdb_trap+0xd0 pc = 0xc03f6e28 lr = 0xc069a0e0 (undefinedinstruction+0x304) sp = 0xccbdcaa0 fp = 0xccbdcb10 r4 = 0x00000000 r5 = 0x00000000 r6 = 0xc0699d2c r7 = 0xe7ffffff r8 = 0xc2cc8000 r9 = 0xc03f6718 r10 = 0xccbdcb18 undefinedinstruction() at undefinedinstruction+0x304 pc = 0xc069a0e0 lr = 0xc067ffe0 (exception_exit) sp = 0xccbdcb18 fp = 0xccbdcbb0 r4 = 0xa0000093 r5 = 0xccbdcbf4 r6 = 0xc0712f90 r7 = 0xc09a6540 r8 = 0xc092d858 r9 = 0xc2cc8000 r10 = 0xc096d154 exception_exit() at exception_exit pc = 0xc067ffe0 lr = 0xc03f6708 (kdb_enter+0x48) sp = 0xccbdcba8 fp = 0xccbdcbb0 r0 = 0xc093c1ac r1 = 0x00000000 r2 = 0xccbdcae4 r3 = 0x00000213 r4 = 0xc070af2f r5 = 0xccbdcbf4 r6 = 0xc0712f90 r7 = 0xc09a6540 r8 = 0xc092d858 r9 = 0xc2cc8000 r10 = 0xc096d154 r12 = 0xc03fc8c4 $a.7() at $a.7 pc = 0xc03f671c lr = 0xc03b8294 (vpanic+0xd0) sp = 0xccbdcbb8 fp = 0xccbdcbd0 r4 = 0x00000100 r10 = 0xc096d154 vpanic() at vpanic+0xd0 pc = 0xc03b8294 lr = 0xc03b81c4 (vpanic) sp = 0xccbdcbd8 fp = 0xccbdcbec r4 = 0xc0712f90 r5 = 0xccbdcbf4 r6 = 0xc072c19b r7 = 0xc07191db r8 = 0x00000769 r9 = 0xc07ff0d4 vpanic() at vpanic pc = 0xc03b81c4 lr = 0xc0414e60 (witness_assert+0x34c) sp = 0xccbdcbf4 fp = 0xccbdcc30 r4 = 0xc03b81c4 r5 = 0xccbdcbf4 r6 = 0xc06ff839 r7 = 0xc072cf2c r8 = 0xc072c19b r9 = 0xc096d154 witness_assert() at witness_assert+0x34c pc = 0xc0414e60 lr = 0xc05ab190 (nd6_prefix_offlink+0x58) sp = 0xccbdcc38 fp = 0xccbdcce8 r4 = 0xc2cc2300 r5 = 0xc072cf29 r6 = 0xc2cc2400 r7 = 0xc2cc2400 r8 = 0xc2d9fc00 r9 = 0xccbdcd10 r10 = 0xc09a8ac8 nd6_prefix_offlink() at nd6_prefix_offlink+0x58 pc = 0xc05ab190 lr = 0xc059f58c (nd6_timer+0x3a8) sp = 0xccbdccf0 fp = 0xccbdcd38 r4 = 0xc2cc2300 r5 = 0xc08004a0 r6 = 0x00007f25 r7 = 0xc2cc2400 r8 = 0x00000000 r9 = 0xccbdcd10 r10 = 0xc09a8ac8 nd6_timer() at nd6_timer+0x3a8 pc = 0xc059f58c lr = 0xc03cf944 (softclock_call_cc+0x170) sp = 0xccbdcd40 fp = 0xccbdcda0 r4 = 0xc059f1e4 r5 = 0xc09a8a90 r6 = 0x00000084 r7 = 0xc09a6404 r8 = 0x00000001 r9 = 0x00840002 r10 = 0xc09a6640 softclock_call_cc() at softclock_call_cc+0x170 pc = 0xc03cf944 lr = 0xc03cfb90 (softclock+0x50) sp = 0xccbdcda8 fp = 0xccbdcdb0 r4 = 0xc09a6650 r5 = 0xc09a6640 r6 = 0xc2c80bec r7 = 0xc2c80bc0 r8 = 0xc09a6414 r9 = 0xc2cfad00 r10 = 0xc07046a1 softclock() at softclock+0x50 pc = 0xc03cfb90 lr = 0xc0385828 (intr_event_execute_handlers+0xc4) sp = 0xccbdcdb8 fp = 0xccbdcdd8 r4 = 0x00000000 r5 = 0xc2cfad48 intr_event_execute_handlers() at intr_event_execute_handlers+0xc4 pc = 0xc0385828 lr = 0xc0385f80 (ithread_loop+0x12c) sp = 0xccbdcde0 fp = 0xccbdce20 r4 = 0xc2cfad70 r5 = 0x00000000 r6 = 0xc2cfad00 r7 = 0xc2cc8000 r8 = 0xc2cfad6c r9 = 0xc07f8f70 r10 = 0xc2cfd00c ithread_loop() at ithread_loop+0x12c pc = 0xc0385f80 lr = 0xc0382fe8 (fork_exit+0x84) sp = 0xccbdce28 fp = 0xccbdce40 r4 = 0xc2cc8000 r5 = 0xc2cbf6f0 r6 = 0xc0385e54 r7 = 0xc2cfd000 r8 = 0xccbdce48 r9 = 0x00000000 r10 = 0x00000000 fork_exit() at fork_exit+0x84 pc = 0xc0382fe8 lr = 0xc067ff70 (swi_exit) sp = 0xccbdce48 fp = 0x00000000 r4 = 0xc0385e54 r5 = 0xc2cfd000 r6 = 0x00000000 r7 = 0x00000000 r8 = 0x00000000 r10 = 0x00000000 swi_exit() at swi_exit pc = 0xc067ff70 lr = 0xc067ff70 (swi_exit) sp = 0xccbdce48 fp = 0x00000000 As per svn log there were some changes in r306829 relevant to nd6_prefix_offlink(): r306829 | markj | 2016-10-07 23:10:53 +0200 (Fri, 07 Oct 2016) | 17 lines Lock the ND prefix list and add refcounting for prefixes. I would appreciate any advice on how to address observed crashes. Thanks. Kind regards, Jim