Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 7 Jan 2017 20:11:19 +0100
From:      Jim <BM-2cWfdfG5CJsquqkJyry7hZT9LypbSEWEkQ@bitmessage.ch>
To:        freebsd-net@freebsd.org
Subject:   Panic in nd6_prefix_offlink()
Message-ID:  <20170107201119.22d9ceff88e935c2b3f072a1@bitmessage.ch>

next in thread | raw e-mail | index | archive | help
Hello,

I observe frequent crashes on Beagle Bone Black running CURRENT r311106 at home.
My home LAN is connected to DSL provider. The CPE router gets assigned IPv6 address (ds-lite) and advertises prefix/route to the LAN.
Every night the DSL connection is terminated by provider. Upon connection is reestablished the new IPv6 prefix is assigned to router and then advertised to LAN. 
This event seems to cause kernel panic on Beagelebone board which goes to db> prompt.

Backtrace shows:  nd6_timer() -> nd6_prefix_offlink() -> witness_assert() -> vpanic() 
Here is the backtrace:


db> bt
Tracing pid 11 tid 100005 td 0xc2cc8000
db_trace_self() at db_trace_self
         pc = 0xc067d5f8  lr = 0xc02580d4 (db_stack_trace+0x108)
         sp = 0xccbdc878  fp = 0xccbdc890
db_stack_trace() at db_stack_trace+0x108
         pc = 0xc02580d4  lr = 0xc0257d24 (db_command+0x274)
         sp = 0xccbdc898  fp = 0xccbdc938
         r4 = 0x00000001  r5 = 0x00000000
         r6 = 0xc07126c7 r10 = 0xc09a3980
db_command() at db_command+0x274
         pc = 0xc0257d24  lr = 0xc0257aa0 (db_command_loop+0x74)
         sp = 0xccbdc940  fp = 0xccbdc950
         r4 = 0xc06eb84e  r5 = 0xc070afd2
         r6 = 0xc09a396c  r7 = 0xc07da9d0
         r8 = 0xc093c198  r9 = 0xc093c19c
        r10 = 0xccbdcb18
db_command_loop() at db_command_loop+0x74
         pc = 0xc0257aa0  lr = 0xc025b1dc (db_trap+0x124)
         sp = 0xccbdc958  fp = 0xccbdca70
         r4 = 0x00000000  r5 = 0xc09a3978
         r6 = 0xc093c1b8 r10 = 0xccbdcb18
db_trap() at db_trap+0x124
         pc = 0xc025b1dc  lr = 0xc03f6e28 (kdb_trap+0xd0)
         sp = 0xccbdca78  fp = 0xccbdca98
         r4 = 0x00000000  r5 = 0x00000001
         r6 = 0xc093c1b8  r7 = 0xc07da9d0
kdb_trap() at kdb_trap+0xd0
         pc = 0xc03f6e28  lr = 0xc069a0e0 (undefinedinstruction+0x304)
         sp = 0xccbdcaa0  fp = 0xccbdcb10
         r4 = 0x00000000  r5 = 0x00000000
         r6 = 0xc0699d2c  r7 = 0xe7ffffff
         r8 = 0xc2cc8000  r9 = 0xc03f6718
        r10 = 0xccbdcb18
undefinedinstruction() at undefinedinstruction+0x304
         pc = 0xc069a0e0  lr = 0xc067ffe0 (exception_exit)
         sp = 0xccbdcb18  fp = 0xccbdcbb0
         r4 = 0xa0000093  r5 = 0xccbdcbf4
         r6 = 0xc0712f90  r7 = 0xc09a6540
         r8 = 0xc092d858  r9 = 0xc2cc8000
        r10 = 0xc096d154
exception_exit() at exception_exit
         pc = 0xc067ffe0  lr = 0xc03f6708 (kdb_enter+0x48)
         sp = 0xccbdcba8  fp = 0xccbdcbb0
         r0 = 0xc093c1ac  r1 = 0x00000000
         r2 = 0xccbdcae4  r3 = 0x00000213
         r4 = 0xc070af2f  r5 = 0xccbdcbf4
         r6 = 0xc0712f90  r7 = 0xc09a6540
         r8 = 0xc092d858  r9 = 0xc2cc8000
        r10 = 0xc096d154 r12 = 0xc03fc8c4
$a.7() at $a.7
         pc = 0xc03f671c  lr = 0xc03b8294 (vpanic+0xd0)
         sp = 0xccbdcbb8  fp = 0xccbdcbd0
         r4 = 0x00000100 r10 = 0xc096d154
vpanic() at vpanic+0xd0
         pc = 0xc03b8294  lr = 0xc03b81c4 (vpanic)
         sp = 0xccbdcbd8  fp = 0xccbdcbec
         r4 = 0xc0712f90  r5 = 0xccbdcbf4
         r6 = 0xc072c19b  r7 = 0xc07191db
         r8 = 0x00000769  r9 = 0xc07ff0d4
vpanic() at vpanic
         pc = 0xc03b81c4  lr = 0xc0414e60 (witness_assert+0x34c)
         sp = 0xccbdcbf4  fp = 0xccbdcc30
         r4 = 0xc03b81c4  r5 = 0xccbdcbf4
         r6 = 0xc06ff839  r7 = 0xc072cf2c
         r8 = 0xc072c19b  r9 = 0xc096d154
witness_assert() at witness_assert+0x34c
         pc = 0xc0414e60  lr = 0xc05ab190 (nd6_prefix_offlink+0x58)
         sp = 0xccbdcc38  fp = 0xccbdcce8
         r4 = 0xc2cc2300  r5 = 0xc072cf29
         r6 = 0xc2cc2400  r7 = 0xc2cc2400
         r8 = 0xc2d9fc00  r9 = 0xccbdcd10
        r10 = 0xc09a8ac8
nd6_prefix_offlink() at nd6_prefix_offlink+0x58
         pc = 0xc05ab190  lr = 0xc059f58c (nd6_timer+0x3a8)
         sp = 0xccbdccf0  fp = 0xccbdcd38
         r4 = 0xc2cc2300  r5 = 0xc08004a0
         r6 = 0x00007f25  r7 = 0xc2cc2400
         r8 = 0x00000000  r9 = 0xccbdcd10
        r10 = 0xc09a8ac8
nd6_timer() at nd6_timer+0x3a8
         pc = 0xc059f58c  lr = 0xc03cf944 (softclock_call_cc+0x170)
         sp = 0xccbdcd40  fp = 0xccbdcda0
         r4 = 0xc059f1e4  r5 = 0xc09a8a90
         r6 = 0x00000084  r7 = 0xc09a6404
         r8 = 0x00000001  r9 = 0x00840002
        r10 = 0xc09a6640
softclock_call_cc() at softclock_call_cc+0x170
         pc = 0xc03cf944  lr = 0xc03cfb90 (softclock+0x50)
         sp = 0xccbdcda8  fp = 0xccbdcdb0
         r4 = 0xc09a6650  r5 = 0xc09a6640
         r6 = 0xc2c80bec  r7 = 0xc2c80bc0
         r8 = 0xc09a6414  r9 = 0xc2cfad00
        r10 = 0xc07046a1
softclock() at softclock+0x50
         pc = 0xc03cfb90  lr = 0xc0385828 (intr_event_execute_handlers+0xc4)
         sp = 0xccbdcdb8  fp = 0xccbdcdd8
         r4 = 0x00000000  r5 = 0xc2cfad48
intr_event_execute_handlers() at intr_event_execute_handlers+0xc4
         pc = 0xc0385828  lr = 0xc0385f80 (ithread_loop+0x12c)
         sp = 0xccbdcde0  fp = 0xccbdce20
         r4 = 0xc2cfad70  r5 = 0x00000000
         r6 = 0xc2cfad00  r7 = 0xc2cc8000
         r8 = 0xc2cfad6c  r9 = 0xc07f8f70
        r10 = 0xc2cfd00c
ithread_loop() at ithread_loop+0x12c
         pc = 0xc0385f80  lr = 0xc0382fe8 (fork_exit+0x84)
         sp = 0xccbdce28  fp = 0xccbdce40
         r4 = 0xc2cc8000  r5 = 0xc2cbf6f0
         r6 = 0xc0385e54  r7 = 0xc2cfd000
         r8 = 0xccbdce48  r9 = 0x00000000
        r10 = 0x00000000
fork_exit() at fork_exit+0x84
         pc = 0xc0382fe8  lr = 0xc067ff70 (swi_exit)
         sp = 0xccbdce48  fp = 0x00000000
         r4 = 0xc0385e54  r5 = 0xc2cfd000
         r6 = 0x00000000  r7 = 0x00000000
         r8 = 0x00000000 r10 = 0x00000000
swi_exit() at swi_exit
         pc = 0xc067ff70  lr = 0xc067ff70 (swi_exit)
         sp = 0xccbdce48  fp = 0x00000000


As per svn log there were some changes in r306829 relevant to nd6_prefix_offlink():

r306829 | markj | 2016-10-07 23:10:53 +0200 (Fri, 07 Oct 2016) | 17 lines
Lock the ND prefix list and add refcounting for prefixes.

I would appreciate any advice on how to address observed crashes.


Thanks.

Kind regards,

Jim




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170107201119.22d9ceff88e935c2b3f072a1>