BETA1 IPv6 crash

Sergey Kandaurov pluknet at gmail.com
Mon Aug 22 11:08:47 UTC 2011 

On 8 August 2011 22:06, Tom Vijlbrief <tom.vijlbrief at xs4all.nl> wrote:
> 2011/8/7 Sergey Kandaurov <pluknet at gmail.com>:
>> On 7 August 2011 17:11, Tom Vijlbrief <tom.vijlbrief at xs4all.nl> wrote:
>>> I installed BETA1 in a fresh ubuntu 11.04 KVM virtual machine with the
>>> new installer.
>>>
>>> Major issue I noticed was the missing /home.
>>>
>>> It took me quite some time to get IPv6 working in the guest (a Linux
>>> configuration issue), but now that it works
>>> BETA1 panics in about 50% of the boot attempts:
>>>
>>> testbsd dumped core - see /var/crash/vmcore.0
>>>
>>> Sun Aug  7 08:25:28 CEST 2011
>>>
>>> FreeBSD testbsd 9.0-BETA1 FreeBSD 9.0-BETA1 #0: Thu Jul 28 16:34:16
>>> UTC 2011     root at obrian.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC
>>> i386
>>>
>>> panic: _mtx_lock_sleep: recursed on non-recursive mutex if_addr_mtx @
>>> /usr/src/sys/netinet6/mld6.c:1676
>>>
>>> GNU gdb 6.1.1 [FreeBSD]
>>> Copyright 2004 Free Software Foundation, Inc.
>>> GDB is free software, covered by the GNU General Public License, and you are
>>> welcome to change it and/or distribute copies of it under certain conditions.
>>> Type "show copying" to see the conditions.
>>> There is absolutely no warranty for GDB.  Type "show warranty" for details.
>>> This GDB was configured as "i386-marcel-freebsd"...
>> [..]
>>> panic: _mtx_lock_sleep: recursed on non-recursive mutex if_addr_mtx @
>>> /usr/src/sys/netinet6/mld6.c:1676
>>>
>>> cpuid = 0
>>> KDB: enter: panic
>>> Uptime: 28s
>>> Physical memory: 491 MB
>>> Dumping 45 MB: 30 14
>>>
>>> #0  doadump (textdump=1) at pcpu.h:244
>>> 244     pcpu.h: No such file or directory.
>>>        in pcpu.h
>>> (kgdb) #0  doadump (textdump=1) at pcpu.h:244
>>> #1  0xc0a04965 in kern_reboot (howto=260)
>>>    at /usr/src/sys/kern/kern_shutdown.c:430
>>> #2  0xc0a04291 in panic (fmt=Variable "fmt" is not available.
>>> ) at /usr/src/sys/kern/kern_shutdown.c:595
>>> #3  0xc09f4a4a in _mtx_lock_sleep (m=0xc35f3a28, tid=3278693824, opts=0,
>>>    file=0xc0f1ab65 "/usr/src/sys/netinet6/mld6.c", line=1676)
>>>    at /usr/src/sys/kern/kern_mutex.c:341
>>> #4  0xc09f4c67 in _mtx_lock_flags (m=0xc35f3a28, opts=0,
>>>    file=0xc0f1ab65 "/usr/src/sys/netinet6/mld6.c", line=1676)
>>>    at /usr/src/sys/kern/kern_mutex.c:203
>>> #5  0xc0bbf007 in mld_set_version (mli=0xc3589a00, version=Variable
>>> "version" is not available.
>>> )
>>>    at /usr/src/sys/netinet6/mld6.c:1676
>>> #6  0xc0bc0c00 in mld_input (m=0xc3951e00, off=48, icmp6len=24)
>>>    at /usr/src/sys/netinet6/mld6.c:690
>>> #7  0xc0ba5696 in icmp6_input (mp=0xc3313a54, offp=0xc3313a68, proto=58)
>>>    at /usr/src/sys/netinet6/icmp6.c:654
>>> #8  0xc0bba23a in ip6_input (m=0xc3951e00)
>>>    at /usr/src/sys/netinet6/ip6_input.c:964
>>> #9  0xc0ac9b1c in netisr_dispatch_src (proto=10, source=0, m=0xc3951e00)
>>>    at /usr/src/sys/net/netisr.c:1013
>>> #10 0xc0ac9da0 in netisr_dispatch (proto=10, m=0xc3951e00)
>>>    at /usr/src/sys/net/netisr.c:1104
>>> #11 0xc0abecf1 in ether_demux (ifp=0xc35f3800, m=0xc3951e00)
>>>    at /usr/src/sys/net/if_ethersubr.c:936
>>> #12 0xc0abf1b3 in ether_nh_input (m=0xc3951e00)
>>>    at /usr/src/sys/net/if_ethersubr.c:755
>>> #13 0xc0ac9b1c in netisr_dispatch_src (proto=9, source=0, m=0xc3951e00)
>>>    at /usr/src/sys/net/netisr.c:1013
>>> #14 0xc0ac9da0 in netisr_dispatch (proto=9, m=0xc3951e00)
>>>    at /usr/src/sys/net/netisr.c:1104
>>> #15 0xc0abe7f5 in ether_input (ifp=0xc35f3800, m=0xc3951e00)
>>>    at /usr/src/sys/net/if_ethersubr.c:796
>>> #16 0xc0672bc9 in lem_handle_rxtx (context=0xc3732000, pending=1)
>>>    at /usr/src/sys/dev/e1000/if_lem.c:3554
>>> #17 0xc0a468ab in taskqueue_run_locked (queue=0xc359ca80)
>>>    at /usr/src/sys/kern/subr_taskqueue.c:306
>>> #18 0xc0a47307 in taskqueue_thread_loop (arg=0xc37365ec)
>>>    at /usr/src/sys/kern/subr_taskqueue.c:495
>>> #19 0xc09d7af8 in fork_exit (callout=0xc0a472a0 <taskqueue_thread_loop>,
>>>    arg=0xc37365ec, frame=0xc3313d28) at /usr/src/sys/kern/kern_fork.c:941
>>> #20 0xc0d1d714 in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:275
>>> (kgdb)
>>>
>>
>> This is the same as in PR kern/158426.
>> Can you try the patch from PR followup and report us whether it helps?
>> Full link to PR with patch:
>> http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/158426
>>
>
> I applied the patch and tried about 15 reboots and all went fine....
>

Hi, Tom.
A better fix for this problem has been developed since then. Would you
please try it as well? For doing that, you need to revert a previous
patch and apply this one.
Please report if this change also fixes the panic for you, so it  has
better chances to get into 9.0 release.


Index: sys/netinet6/mld6.c
===================================================================
--- sys/netinet6/mld6.c (revision 224471)
+++ sys/netinet6/mld6.c (working copy)
@@ -680,7 +680,6 @@ mld_v1_input_query(struct ifnet *ifp, const struct

        IN6_MULTI_LOCK();
        MLD_LOCK();
-       IF_ADDR_LOCK(ifp);

        /*
         * Switch to MLDv1 host compatibility mode.
@@ -693,6 +692,7 @@ mld_v1_input_query(struct ifnet *ifp, const struct
        if (timer == 0)
                timer = 1;

+       IF_ADDR_LOCK(ifp);
        if (is_general_query) {
                /*
                 * For each reporting group joined on this
@@ -888,7 +888,6 @@ mld_v2_input_query(struct ifnet *ifp, const struct

        IN6_MULTI_LOCK();

        MLD_LOCK();
-       IF_ADDR_LOCK(ifp);

        mli = MLD_IFINFO(ifp);
        KASSERT(mli != NULL, ("%s: no mld_ifinfo for ifp %p", __func__, ifp));
@@ -936,14 +935,18 @@ mld_v2_input_query(struct ifnet *ifp, const struct
                 * Queries for groups we are not a member of on this
                 * link are simply ignored.
                 */
+               IF_ADDR_LOCK(ifp);
                inm = in6m_lookup_locked(ifp, &mld->mld_addr);
-               if (inm == NULL)
+               if (inm == NULL) {
+                       IF_ADDR_UNLOCK(ifp);
                        goto out_locked;
+               }
                if (nsrc > 0) {
                        if (!ratecheck(&inm->in6m_lastgsrtv,
                            &V_mld_gsrdelay)) {
                                CTR1(KTR_MLD, "%s: GS query throttled.",
                                    __func__);
+                               IF_ADDR_UNLOCK(ifp);
                                goto out_locked;
                        }
                }
@@ -961,10 +964,10 @@ mld_v2_input_query(struct ifnet *ifp, const struct

                /* XXX Clear embedded scope ID as userland won't expect it. */
                in6_clearscope(&mld->mld_addr);
+               IF_ADDR_UNLOCK(ifp);
        }

 out_locked:
-       IF_ADDR_UNLOCK(ifp);
        MLD_UNLOCK();
        IN6_MULTI_UNLOCK();


-- 
wbr,
pluknet
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mld6.locking.2.patch
Type: application/octet-stream
Size: 1615 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20110822/cdc7b6ff/mld6.locking.2.obj

More information about the freebsd-current mailing list