Date: Sat, 22 Sep 2001 09:59:40 -0700 From: "Chuck TheMascot" <freebsdfan@hotmail.com> To: freebsd-small@freebsd.org Subject: Kernel panic w/ Picobsd 4.4 & tftp boot Message-ID: <F217NoIn1EajKwFUXHQ000043d4@hotmail.com>
next in thread | raw e-mail | index | archive | help
I've been updating my PicoBSD firewall to the FreeBSD 4.4 release and it's
working fine when booted with the nfs version of pxeboot. I've never had
any success with the tftp only version of pxeboot, but I thought I'd give it
a try again. When I boot my kernel with the tftp version I get the
following crash:
--- snip ---
Copyright (c) 1992-2001 The FreeBSD Project. syms=[0x4+0x490+0x4+0x203]
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 4.4-RELEASE #0: Fri Sep 21 14:30:53 PDT 2001
pink@floyd:/usr/src/sys/compile/PICOBSD-thewall.net4501.pxe.0.2
Timecounter "i8254" frequency 1193182 Hz
CPU: AMD Enhanced Am486DX4 Write-Back (486-class CPU)
Origin = "AuthenticAMD" Id = 0x494 Stepping = 4
Features=0x1<FPU>
real memory = 67108864 (65536K bytes)
avail memory = 59330560 (57940K bytes)
pnpbios: Bad PnP BIOS data checksum
Preloaded elf kernel "kernel.gz" at 0xc05de000.
md1: Malloc disk
npx0: <math processor> on motherboard
npx0: INT 16 interface
pcib0: <Host to PCI bridge> on motherboard
pci0: <PCI bus> on pcib0
sis0: <NatSemi DP83815 10/100BaseTX> port 0xe000-0xe0ff mem
0xa0000000-0xa0000ff
f irq 10 at device 18.0 on pci0
sis0: Ethernet address: 00:00:24:c0:00:4c
miibus0: <MII bus> on sis0
ukphy0: <Generic IEEE 802.3u media interface> on miibus0
ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
sis1: <NatSemi DP83815 10/100BaseTX> port 0xe100-0xe1ff mem
0xa0001000-0xa0001ff
f irq 11 at device 19.0 on pci0
sis1: Ethernet address: 00:00:24:c0:00:4d
miibus1: <MII bus> on sis1
ukphy1: <Generic IEEE 802.3u media interface> on miibus1
ukphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
sis2: <NatSemi DP83815 10/100BaseTX> port 0xe200-0xe2ff mem
0xa0002000-0xa0002ff
f irq 5 at device 20.0 on pci0
sis2: Ethernet address: 00:00:24:c0:00:4e
miibus2: <MII bus> on sis2
ukphy2: <Generic IEEE 802.3u media interface> on miibus2
ukphy2: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
isa0: <ISA bus> on motherboard
orm0: <Option ROMs> at iomem 0xc8000-0xd1fff,0xe0000-0xe9fff on isa0
ata0 at port 0x1f0-0x1f7,0x3f6 irq 14 on isa0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
sio0 at port 0x3f8-0x3ff irq 4 flags 0x30 on isa0
sio0: type 16550A, console
IP packet filtering initialized, divert enabled, rule-based forwarding
disabled,
default to accept, logging limited to 100 packets/entry by default
no B_DEVMAGIC (bootdev=0)
Mounting root from ufs:/dev/md0c
Warning: Block size restricts cylinders per group to 12.
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x9c
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc0174928
stack pointer = 0x10:0xc01ef1ec
frame pointer = 0x10:0xc01ef204
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = Idle
interrupt mask =
trap number = 12
panic: page fault
syncing disks...
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x30
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc018d5d2
stack pointer = 0x10:0xc01eef54
frame pointer = 0x10:0xc01eef68
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = Idle
interrupt mask = bio
trap number = 12
panic: page fault
Uptime: 5s
Automatic reboot in 15 seconds - press a key on the console to abort
Rebooting...
--- snip ---
This is 100% reproducible. The first panic fault appears to be in
icmp_reflect, here's a snippet of the object and source:
--- snip ---
0xc017490c <icmp_reflect+180>: pushl 0x14(%ecx)
0xc017490f <icmp_reflect+183>: push $0xc046b4b8
0xc0174914 <icmp_reflect+188>: call 0xc0167390 <ifaof_ifpforaddr>
0xc0174919 <icmp_reflect+193>: mov %eax,%edx
0xc017491b <icmp_reflect+195>: add $0x8,%esp
0xc017491e <icmp_reflect+198>: test %edx,%edx
0xc0174920 <icmp_reflect+200>: jne 0xc0174928 <icmp_reflect+208>
0xc0174922 <icmp_reflect+202>: mov 0xc048c214,%edx
0xc0174928 <icmp_reflect+208>: mov 0x9c(%edx),%ecx
0xc017492e <icmp_reflect+214>: mov 0xfffffffc(%ebp),%eax
icmpdst.sin_addr = t;
if ((ia == (struct in_ifaddr *)0) && m->m_pkthdr.rcvif)
ia = (struct in_ifaddr *)ifaof_ifpforaddr(
(struct sockaddr *)&icmpdst, m->m_pkthdr.rcvif);
/*
* The following happens if the packet was not addressed to us,
* and was received on an interface with no IP address.
*/
if (ia == (struct in_ifaddr *)0)
ia = in_ifaddrhead.tqh_first;
--- snip ---
While watching the download with Ethereal I noticed that the last block of
the kernel download is not ack'ed by pxeboot. Looking at
/usr/src/lib/libstand/tftp.c it looks like that's expected as the source
includes the comment "let it time out ..." in tftp_close. I'm assuming the
icmp response is being sent because of the TFTP retries that are sent while
the kernel is starting up.
So if I've followed all of this correctly (doubtful!) I think
in_ifaddrhead.tqh_first hasn't been initialized at the point of the panic.
Perhaps this is just be a race condition caused timing of the tftp download.
The good news is that this is 100% reproducible here.
The second panic is in mfs_strategy. I haven't looked into that one in any
detail.
Any help would be much appreciated !
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-small" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F217NoIn1EajKwFUXHQ000043d4>