Date: Sat, 6 Oct 2001 08:05:33 -0700 (PDT) From: Skip Hansen <shansen@earthlink.net> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/31085: kernel panic on tftp only pxeboot Message-ID: <200110061505.f96F5XK54035@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 31085
>Category: kern
>Synopsis: kernel panic on tftp only pxeboot
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Oct 06 08:10:02 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator: Skip Hansen
>Release: 4.4 release
>Organization:
Consultant
>Environment:
(PicoBSD build from 4.4 release, sorry no uname in crunch)
FreeBSD 4.4-RELEASE #0: Sun Sep 23 10:12:32 PDT 2001
pink@floyd:/usr/src/sys/compile/PICOBSD-thewall.net4501.pxe.0.2
>Description:
When I boot my kernel with the tftp only version of pxeboot I get the
following crash:
--- snip ---
Copyright (c) 1992-2001 The FreeBSD Project. syms=[0x4+0x490+0x4+0x203]
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 4.4-RELEASE #0: Fri Sep 21 14:30:53 PDT 2001
pink@floyd:/usr/src/sys/compile/PICOBSD-thewall.net4501.pxe.0.2
Timecounter "i8254" frequency 1193182 Hz
CPU: AMD Enhanced Am486DX4 Write-Back (486-class CPU)
Origin = "AuthenticAMD" Id = 0x494 Stepping = 4
Features=0x1<FPU>
real memory = 67108864 (65536K bytes)
avail memory = 59330560 (57940K bytes)
pnpbios: Bad PnP BIOS data checksum
Preloaded elf kernel "kernel.gz" at 0xc05de000.
md1: Malloc disk
npx0: <math processor> on motherboard
npx0: INT 16 interface
pcib0: <Host to PCI bridge> on motherboard
pci0: <PCI bus> on pcib0
sis0: <NatSemi DP83815 10/100BaseTX> port 0xe000-0xe0ff mem
0xa0000000-0xa0000ff
f irq 10 at device 18.0 on pci0
sis0: Ethernet address: 00:00:24:c0:00:4c
miibus0: <MII bus> on sis0
ukphy0: <Generic IEEE 802.3u media interface> on miibus0
ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
sis1: <NatSemi DP83815 10/100BaseTX> port 0xe100-0xe1ff mem
0xa0001000-0xa0001ff
f irq 11 at device 19.0 on pci0
sis1: Ethernet address: 00:00:24:c0:00:4d
miibus1: <MII bus> on sis1
ukphy1: <Generic IEEE 802.3u media interface> on miibus1
ukphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
sis2: <NatSemi DP83815 10/100BaseTX> port 0xe200-0xe2ff mem
0xa0002000-0xa0002ff
f irq 5 at device 20.0 on pci0
sis2: Ethernet address: 00:00:24:c0:00:4e
miibus2: <MII bus> on sis2
ukphy2: <Generic IEEE 802.3u media interface> on miibus2
ukphy2: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
isa0: <ISA bus> on motherboard
orm0: <Option ROMs> at iomem 0xc8000-0xd1fff,0xe0000-0xe9fff on isa0
ata0 at port 0x1f0-0x1f7,0x3f6 irq 14 on isa0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
sio0 at port 0x3f8-0x3ff irq 4 flags 0x30 on isa0
sio0: type 16550A, console
IP packet filtering initialized, divert enabled, rule-based forwarding
disabled,
default to accept, logging limited to 100 packets/entry by default
no B_DEVMAGIC (bootdev=0)
Mounting root from ufs:/dev/md0c
Warning: Block size restricts cylinders per group to 12.
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x9c
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc0174928
stack pointer = 0x10:0xc01ef1ec
frame pointer = 0x10:0xc01ef204
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = Idle
interrupt mask =
trap number = 12
panic: page fault
syncing disks...
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x30
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc018d5d2
stack pointer = 0x10:0xc01eef54
frame pointer = 0x10:0xc01eef68
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = Idle
interrupt mask = bio
trap number = 12
panic: page fault
Uptime: 5s
Automatic reboot in 15 seconds - press a key on the console to abort
Rebooting...
--- snip ---
This is 100% reproducible. The first panic fault appears to be in
icmp_reflect, here's a snippet of the object and source:
--- snip ---
0xc017490c <icmp_reflect+180>: pushl 0x14(%ecx)
0xc017490f <icmp_reflect+183>: push $0xc046b4b8
0xc0174914 <icmp_reflect+188>: call 0xc0167390 <ifaof_ifpforaddr>
0xc0174919 <icmp_reflect+193>: mov %eax,%edx
0xc017491b <icmp_reflect+195>: add $0x8,%esp
0xc017491e <icmp_reflect+198>: test %edx,%edx
0xc0174920 <icmp_reflect+200>: jne 0xc0174928 <icmp_reflect+208>
0xc0174922 <icmp_reflect+202>: mov 0xc048c214,%edx
0xc0174928 <icmp_reflect+208>: mov 0x9c(%edx),%ecx
0xc017492e <icmp_reflect+214>: mov 0xfffffffc(%ebp),%eax
icmpdst.sin_addr = t;
if ((ia == (struct in_ifaddr *)0) && m->m_pkthdr.rcvif)
ia = (struct in_ifaddr *)ifaof_ifpforaddr(
(struct sockaddr *)&icmpdst, m->m_pkthdr.rcvif);
/*
* The following happens if the packet was not addressed to us,
* and was received on an interface with no IP address.
*/
if (ia == (struct in_ifaddr *)0)
ia = in_ifaddrhead.tqh_first;
--- snip ---
While watching the download with Ethereal I noticed that the last block of the kernel download is not ack'ed by pxeboot. Looking at /usr/src/lib/libstand/tftp.c it looks like that's expected as the source includes the comment "let it time out ..." in tftp_close. I'm assuming the icmp response is being sent because of the TFTP retries that are sent while the kernel is starting up.
So if I've followed all of this correctly (doubtful!) I think
in_ifaddrhead.tqh_first hasn't been initialized at the point of the panic. Perhaps this is just be a race condition caused timing of the tftp download.
The good news is that this is 100% reproducible here.
The second panic is in mfs_strategy. I haven't looked into that one in any detail.
>How-To-Repeat:
Set LOADER_TFTP_SUPPORT=YES in /etc/defaults.make.conf, rebuild pxeboot. TFTP server is also a FreeBSD 4.4 release system. Note: the same kernel binary works fine when booted via tftp/nfs. The PicoBSD configuration & binaries (for a Soekris Engineering Net4501 card) are available @ http://prdownloads.sourceforge.net/thewall/thewall.net4501.pxe.0.2.tgz .
I believe (but have not confirmed) that this is a generic problem, not specific to my PicoBSD build.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200110061505.f96F5XK54035>