Date: Sat, 7 Jan 2017 20:11:19 +0100 From: Jim <BM-2cWfdfG5CJsquqkJyry7hZT9LypbSEWEkQ@bitmessage.ch> To: freebsd-net@freebsd.org Subject: Panic in nd6_prefix_offlink() Message-ID: <20170107201119.22d9ceff88e935c2b3f072a1@bitmessage.ch>
next in thread | raw e-mail | index | archive | help
Hello,
I observe frequent crashes on Beagle Bone Black running CURRENT r311106 at home.
My home LAN is connected to DSL provider. The CPE router gets assigned IPv6 address (ds-lite) and advertises prefix/route to the LAN.
Every night the DSL connection is terminated by provider. Upon connection is reestablished the new IPv6 prefix is assigned to router and then advertised to LAN.
This event seems to cause kernel panic on Beagelebone board which goes to db> prompt.
Backtrace shows: nd6_timer() -> nd6_prefix_offlink() -> witness_assert() -> vpanic()
Here is the backtrace:
db> bt
Tracing pid 11 tid 100005 td 0xc2cc8000
db_trace_self() at db_trace_self
pc = 0xc067d5f8 lr = 0xc02580d4 (db_stack_trace+0x108)
sp = 0xccbdc878 fp = 0xccbdc890
db_stack_trace() at db_stack_trace+0x108
pc = 0xc02580d4 lr = 0xc0257d24 (db_command+0x274)
sp = 0xccbdc898 fp = 0xccbdc938
r4 = 0x00000001 r5 = 0x00000000
r6 = 0xc07126c7 r10 = 0xc09a3980
db_command() at db_command+0x274
pc = 0xc0257d24 lr = 0xc0257aa0 (db_command_loop+0x74)
sp = 0xccbdc940 fp = 0xccbdc950
r4 = 0xc06eb84e r5 = 0xc070afd2
r6 = 0xc09a396c r7 = 0xc07da9d0
r8 = 0xc093c198 r9 = 0xc093c19c
r10 = 0xccbdcb18
db_command_loop() at db_command_loop+0x74
pc = 0xc0257aa0 lr = 0xc025b1dc (db_trap+0x124)
sp = 0xccbdc958 fp = 0xccbdca70
r4 = 0x00000000 r5 = 0xc09a3978
r6 = 0xc093c1b8 r10 = 0xccbdcb18
db_trap() at db_trap+0x124
pc = 0xc025b1dc lr = 0xc03f6e28 (kdb_trap+0xd0)
sp = 0xccbdca78 fp = 0xccbdca98
r4 = 0x00000000 r5 = 0x00000001
r6 = 0xc093c1b8 r7 = 0xc07da9d0
kdb_trap() at kdb_trap+0xd0
pc = 0xc03f6e28 lr = 0xc069a0e0 (undefinedinstruction+0x304)
sp = 0xccbdcaa0 fp = 0xccbdcb10
r4 = 0x00000000 r5 = 0x00000000
r6 = 0xc0699d2c r7 = 0xe7ffffff
r8 = 0xc2cc8000 r9 = 0xc03f6718
r10 = 0xccbdcb18
undefinedinstruction() at undefinedinstruction+0x304
pc = 0xc069a0e0 lr = 0xc067ffe0 (exception_exit)
sp = 0xccbdcb18 fp = 0xccbdcbb0
r4 = 0xa0000093 r5 = 0xccbdcbf4
r6 = 0xc0712f90 r7 = 0xc09a6540
r8 = 0xc092d858 r9 = 0xc2cc8000
r10 = 0xc096d154
exception_exit() at exception_exit
pc = 0xc067ffe0 lr = 0xc03f6708 (kdb_enter+0x48)
sp = 0xccbdcba8 fp = 0xccbdcbb0
r0 = 0xc093c1ac r1 = 0x00000000
r2 = 0xccbdcae4 r3 = 0x00000213
r4 = 0xc070af2f r5 = 0xccbdcbf4
r6 = 0xc0712f90 r7 = 0xc09a6540
r8 = 0xc092d858 r9 = 0xc2cc8000
r10 = 0xc096d154 r12 = 0xc03fc8c4
$a.7() at $a.7
pc = 0xc03f671c lr = 0xc03b8294 (vpanic+0xd0)
sp = 0xccbdcbb8 fp = 0xccbdcbd0
r4 = 0x00000100 r10 = 0xc096d154
vpanic() at vpanic+0xd0
pc = 0xc03b8294 lr = 0xc03b81c4 (vpanic)
sp = 0xccbdcbd8 fp = 0xccbdcbec
r4 = 0xc0712f90 r5 = 0xccbdcbf4
r6 = 0xc072c19b r7 = 0xc07191db
r8 = 0x00000769 r9 = 0xc07ff0d4
vpanic() at vpanic
pc = 0xc03b81c4 lr = 0xc0414e60 (witness_assert+0x34c)
sp = 0xccbdcbf4 fp = 0xccbdcc30
r4 = 0xc03b81c4 r5 = 0xccbdcbf4
r6 = 0xc06ff839 r7 = 0xc072cf2c
r8 = 0xc072c19b r9 = 0xc096d154
witness_assert() at witness_assert+0x34c
pc = 0xc0414e60 lr = 0xc05ab190 (nd6_prefix_offlink+0x58)
sp = 0xccbdcc38 fp = 0xccbdcce8
r4 = 0xc2cc2300 r5 = 0xc072cf29
r6 = 0xc2cc2400 r7 = 0xc2cc2400
r8 = 0xc2d9fc00 r9 = 0xccbdcd10
r10 = 0xc09a8ac8
nd6_prefix_offlink() at nd6_prefix_offlink+0x58
pc = 0xc05ab190 lr = 0xc059f58c (nd6_timer+0x3a8)
sp = 0xccbdccf0 fp = 0xccbdcd38
r4 = 0xc2cc2300 r5 = 0xc08004a0
r6 = 0x00007f25 r7 = 0xc2cc2400
r8 = 0x00000000 r9 = 0xccbdcd10
r10 = 0xc09a8ac8
nd6_timer() at nd6_timer+0x3a8
pc = 0xc059f58c lr = 0xc03cf944 (softclock_call_cc+0x170)
sp = 0xccbdcd40 fp = 0xccbdcda0
r4 = 0xc059f1e4 r5 = 0xc09a8a90
r6 = 0x00000084 r7 = 0xc09a6404
r8 = 0x00000001 r9 = 0x00840002
r10 = 0xc09a6640
softclock_call_cc() at softclock_call_cc+0x170
pc = 0xc03cf944 lr = 0xc03cfb90 (softclock+0x50)
sp = 0xccbdcda8 fp = 0xccbdcdb0
r4 = 0xc09a6650 r5 = 0xc09a6640
r6 = 0xc2c80bec r7 = 0xc2c80bc0
r8 = 0xc09a6414 r9 = 0xc2cfad00
r10 = 0xc07046a1
softclock() at softclock+0x50
pc = 0xc03cfb90 lr = 0xc0385828 (intr_event_execute_handlers+0xc4)
sp = 0xccbdcdb8 fp = 0xccbdcdd8
r4 = 0x00000000 r5 = 0xc2cfad48
intr_event_execute_handlers() at intr_event_execute_handlers+0xc4
pc = 0xc0385828 lr = 0xc0385f80 (ithread_loop+0x12c)
sp = 0xccbdcde0 fp = 0xccbdce20
r4 = 0xc2cfad70 r5 = 0x00000000
r6 = 0xc2cfad00 r7 = 0xc2cc8000
r8 = 0xc2cfad6c r9 = 0xc07f8f70
r10 = 0xc2cfd00c
ithread_loop() at ithread_loop+0x12c
pc = 0xc0385f80 lr = 0xc0382fe8 (fork_exit+0x84)
sp = 0xccbdce28 fp = 0xccbdce40
r4 = 0xc2cc8000 r5 = 0xc2cbf6f0
r6 = 0xc0385e54 r7 = 0xc2cfd000
r8 = 0xccbdce48 r9 = 0x00000000
r10 = 0x00000000
fork_exit() at fork_exit+0x84
pc = 0xc0382fe8 lr = 0xc067ff70 (swi_exit)
sp = 0xccbdce48 fp = 0x00000000
r4 = 0xc0385e54 r5 = 0xc2cfd000
r6 = 0x00000000 r7 = 0x00000000
r8 = 0x00000000 r10 = 0x00000000
swi_exit() at swi_exit
pc = 0xc067ff70 lr = 0xc067ff70 (swi_exit)
sp = 0xccbdce48 fp = 0x00000000
As per svn log there were some changes in r306829 relevant to nd6_prefix_offlink():
r306829 | markj | 2016-10-07 23:10:53 +0200 (Fri, 07 Oct 2016) | 17 lines
Lock the ND prefix list and add refcounting for prefixes.
I would appreciate any advice on how to address observed crashes.
Thanks.
Kind regards,
Jim
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170107201119.22d9ceff88e935c2b3f072a1>