Bug 251600

Summary: CURRENT Kernel panics on Raspberry hardware with dhcpcd
Product: Base System Reporter: Denis Ahrens <denis>
Component: armAssignee: freebsd-arm (Nobody) <freebsd-arm>
Status: Closed Unable to Reproduce    
Severity: Affects Some People CC: emaste, roy
Priority: --- Keywords: crash
Version: CURRENT   
Hardware: arm64   
OS: Any   

Description Denis Ahrens 2020-12-05 10:18:34 UTC 
I try to use a Raspi4 as DSL router. That works fine with mpd5. For IPv6 I use dhcpcd but when I try my setup with CURRENT the kernel panics (with Raspi3 or Raspi4) when I start dhcpcd. With a Raspi3 and 12.1 the same setup works fine.

Here the panic:

panic: prefix 0xffffa000060c6000 has referencing addresses
cpuid = 0
time = 1607078839
KDB: stack backtrace:
db_trace_self() at db_trace_self_wrapper+0x30
	 pc = 0xffff00000055ae28  lr = 0xffff00000005eb10
	 sp = 0xffff00061d8dae40  fp = 0xffff00061d8db050

db_trace_self_wrapper() at vpanic+0x194
	 pc = 0xffff00000005eb10  lr = 0xffff00000029346c
	 sp = 0xffff00061d8db060  fp = 0xffff00061d8db0e0

vpanic() at panic+0x44
	 pc = 0xffff00000029346c  lr = 0xffff0000002934f8
	 sp = 0xffff00061d8db0f0  fp = 0xffff00061d8db170

panic() at nd6_prefix_del+0x224
	 pc = 0xffff0000002934f8  lr = 0xffff00000052f1dc
	 sp = 0xffff00061d8db180  fp = 0xffff00061d8db2d0

nd6_prefix_del() at nd6_ioctl+0x54c
	 pc = 0xffff00000052f1dc  lr = 0xffff00000052d6dc
	 sp = 0xffff00061d8db2e0  fp = 0xffff00061d8db310

nd6_ioctl() at ifioctl+0x528
	 pc = 0xffff00000052d6dc  lr = 0xffff0000005729dc
	 sp = 0xffff00061d8db320  fp = 0xffff00061d8db3d0

ifioctl() at kern_ioctl+0x2ec
	 pc = 0xffff0000005729dc  lr = 0xffff00000055c874
	 sp = 0xffff00061d8db3e0  fp = 0xffff00061d8db4f0

kern_ioctl() at sys_ioctl+0x144
	 pc = 0xffff00000055c874  lr = 0xffff00005996674c
	 sp = 0xffff00061d8db500  fp = 0xffff00061d8db580

sys_ioctl() at do_el0_sync+0x454
	 pc = 0xffff00005996674c  lr = 0xffff00000039e000
	 sp = 0xffff00061d8db590  fp = 0xffff00061d8db5b0

do_el0_sync() at handle_el0_sync+0x90
	 pc = 0xffff00000039e000  lr = 0xffff000000266a68
	 sp = 0xffff00061d8db5c0  fp = 0xffff00061d8db8e0

handle_el0_sync() at 0x251e84
	 pc = 0xffff000000266a68  lr = 0xffff000000268120
	 sp = 0xffff00061d8db8f0  fp = 0xffff00061d8db920

KDB: enter: panic
[ thread pid 1260 tid 100123 ]
Stopped at     0x40459e44

(the values of the registers are not correct since I only had a
screenshot of the panic and needed to type it in by hand and used
another panic as template, the rest is correct though)
Comment 1 roy 2021-02-01 23:50:24 UTC 
Looks like you're triggering this KASSERT
http://fxr.watson.org/fxr/source/netinet6/nd6_rtr.c#L1309

It's likely that the kernel received a RA before dhcpcd had a chance to take over.
Ensure that FreeBSD rc.conf and interface setup has zero IPv6 config and that net.inet6.ip6.accept_rtadv is 0.

Then you should not hit that KASSERT.
Comment 2 Denis Ahrens 2021-02-17 06:21:23 UTC 
with the release of the freebsd 13 ISO of alpha 2 the bug is not there anymore.