Date: Mon, 29 May 2006 12:12:22 GMT From: Michael Ortmann <mortmann@googlemail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: sparc64/98084: kernel panic when using tap interface driver on 6_stable/sparc64 Message-ID: <200605291212.k4TCCM8J097487@www.freebsd.org> Resent-Message-ID: <200605291220.k4TCKGUX004964@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 98084
>Category: sparc64
>Synopsis: kernel panic when using tap interface driver on 6_stable/sparc64
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-sparc64
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon May 29 12:20:16 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Michael Ortmann
>Release: 6_stable
>Organization:
>Environment:
FreeBSD server5.q-fin 6.1-STABLE FreeBSD 6.1-STABLE #0: Sun May 28 01:53:54 CEST 2006 root@server5.q-fin:/usr/obj/usr/src/sys/SERVER5 sparc64
>Description:
using the tap interface on 6_stable/sparc64 will lead to kernel panic
disovered when i tried to setup openvpn, but its no openvpn issue
"cat /dev/zero >/dev/tap0" will crash the machine instantly, any time
can be 100% reproduced on my machine (u60, smp)
i compiled and installed 6_stable (world+kernel) without optimization flags but with debug flags, so its no optimization issue
kernel coredump available
it seems to be no hardware issue since its a) reproduceable and b) make buildworld/installworld runs just fine.
my guess: tap interface driver broken for sparc64?
== symptom ==
# cat /dev/zero >/dev/tap0
tap0: Ethernet address: 00:bd:00:02:10:00
panic: trap: memory address not aligned
cpuid = 0
KDB: enter: panic
[thread 449 tid 100044]
Stopped at kdb_enter+0x3c: ta %xcc, 1
== kernel conf ==
machine sparc64
cpu SUN4U
ident SERVER5
# To statically compile in device wiring instead of /boot/device.hints
#hints "GENERIC.hints" # Default places to look for devices.
makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols
# Platforms supported
# At this time all platforms are supported, as-is.
#options SCHED_ULE # ULE scheduler
options SCHED_4BSD # 4BSD scheduler
#options PREEMPTION # Enable kernel thread preemption
options INET # InterNETworking
options INET6 # IPv6 communications protocols
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_ACL # Support for access control lists
options UFS_DIRHASH # Improve performance on big directories
#options MD_ROOT # MD is a potential root device
#options NFSCLIENT # Network Filesystem Client
#options NFSSERVER # Network Filesystem Server
#options NFS_ROOT # NFS usable as /, requires NFSCLIENT
#options MSDOSFS # MSDOS Filesystem
options CD9660 # ISO 9660 Filesystem
options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
options GEOM_GPT # GUID Partition Tables.
options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!]
options COMPAT_FREEBSD5 # Compatible with FreeBSD5
options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI
options KTRACE # ktrace(1) support
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options AHC_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~128k to driver.
options ADAPTIVE_GIANT # Giant mutex is adaptive.
# To make an SMP kernel, the next line is needed
options SMP # Symmetric MultiProcessor Kernel
# Standard busses
device ebus
device isa
device pci
device sbus
device central
device fhc
# Floppy drives
#device fdc
# SCSI Controllers
device sym # NCR/Symbios Logic (newer chipsets + those of `ncr')
# SCSI peripherals
device scbus # SCSI bus (required for SCSI)
device ch # SCSI media changers
device da # Direct Access (disks)
device sa # Sequential Access (tape etc)
device cd # CD
device pass # Passthrough device (direct SCSI access)
device ses # SCSI Environmental Services (and SAF-TE)
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc # AT keyboard controller
device atkbd # AT keyboard
device psm # PS/2 mouse
# syscons is the default console driver, resembling an SCO console
device sc
device creator # Creator, Creator3D and Elite3D framebuffers
device splash # Splash screen and screen saver support
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
#device ofw_console # Open Firmware console device
# Builtin hardware
device auxio # auxiliary I/O device
device clkbrd # Clock Board (blinkenlight on Sun Exx00)
device genclock # Generic clock interface
device eeprom # eeprom (really a front-end for the MK48Txx)
device mk48txx # Mostek MK48Txx clocks
device rtc # rtc (really a front-end for the MC146818)
device mc146818 # Motorola MC146818 and compatible clocks
# Serial (COM) ports
device sab # Siemens SAB82532 based serial ports
device uart # Multi-uart driver
device puc # Multi-channel uarts
# Parallel port
#device ppc
#device ppbus # Parallel port bus (required)
#device lpt # Printer
#device plip # TCP/IP over parallel
#device ppi # Parallel port interface device
#device vpo # Requires scbus and da
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device miibus # MII bus support
device hme # Sun HME (Happy Meal Ethernet)
#device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'')
# Pseudo devices.
device loop # Network loopback
device mem # Memory and kernel memory devices
device random # Entropy device
device ether # Ethernet support
device tun # Packet tunnel.
device pty # Pseudo-ttys (telnet etc)
#device md # Memory "disks"
#device gif # IPv6 and IPv4 tunneling
#device faith # IPv6-to-IPv4 relaying (translation)
# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
device bpf # Berkeley packet filter
#options GEOM_BDE
#options ACCEPT_FILTER_HTTP
device sound
device snd_audiocs
device if_bridge
device tap
device pf
#device pflog
options KDB
options DDB
options GDB
== dmesg ==
Copyright (c) 1992-2006 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 6.1-STABLE #0: Sun May 28 01:53:54 CEST 2006
root@server5.q-fin:/usr/obj/usr/src/sys/SERVER5
real memory = 536870912 (512 MB)
avail memory = 510763008 (487 MB)
cpu0: Sun Microsystems UltraSparc-II Processor (296.01 MHz CPU)
cpu1: Sun Microsystems UltraSparc-II Processor (296.01 MHz CPU)
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
nexus0: <Open Firmware Nexus device>
pcib0: <U2P UPA-PCI bridge> on nexus0
pcib0: Psycho, impl 0, version 4, ign 0x7c0, bus B
pcib0: [FAST]
pcib0: [FAST]
pcib0: [GIANT-LOCKED]
pcib0: [GIANT-LOCKED]
pcib0: [FAST]
initializing counter-timer
Timecounter "counter-timer" frequency 1000000 Hz quality 100
pcib0 dvma: DVMA map: 0xfc000000 to 0xffffffff
pci0: <OFW PCI bus> on pcib0
ebus0: <PCI-EBus2 bridge> mem 0x70000000-0x70ffffff,0x71000000-0x717fffff at device 1.0 on pci0
auxio0: <Sun Auxiliary I/O> addr 0x1400726000-0x1400726003,0x1400728000-0x1400728003,0x140072a000-0x140072a003,0x140072c000-0x140072c003,0x140072f000-0x140072f003 on ebus0
ebus0: <power> addr 0x1400724000-0x1400724003 (no driver attached)
ebus0: <SUNW,pll> addr 0x1400504000-0x1400504002 (no driver attached)
ebus0: <sc> addr 0x1400500000-0x1400500007 (no driver attached)
sab0: <Siemens SAB 82532 v3.2> addr 0x1400400000-0x140040007f irq 43 on ebus0
sab0: [FAST]
sabtty0: <ttyz0> on sab0
sabtty1: <ttyz1> on sab0
uart0: <16550 or compatible> addr 0x14003083f8-0x14003083ff irq 41 on ebus0
uart0: keyboard (1200,n,8,1)
kbd0 at sunkbd0
uart1: <16550 or compatible> addr 0x14003062f8-0x14003062ff irq 42 on ebus0
ebus0: <ecpp> addr 0x14003043bc-0x14003043cb,0x1400300398-0x1400300399,0x1400700000-0x140070000f irq 34 (no driver attached)
ebus0: <fdthree> addr 0x14003023f0-0x14003023f7,0x1400706000-0x140070600f,0x1400720000-0x1400720003 irq 39 (no driver attached)
eeprom0: <EEPROM/clock> addr 0x1400000000-0x1400001fff on ebus0
eeprom0: model mk48t59
eeprom0: hostid 80bb1058
ebus0: <flashprom> addr 0x1000000000-0x10000fffff (no driver attached)
pcm0: <Sun Audiocs> addr 0x1400200000-0x14002000ff,0x1400702000-0x140070200f,0x1400704000-0x140070400f,0x1400722000-0x1400722003 irq 35,36 on ebus0
pcm0: <CS4231A Codec Id. 10>
hme0: <Sun HME 10/100 Ethernet> mem 0x100000-0x107fff at device 1.1 on pci0
miibus0: <MII bus> on hme0
qsphy0: <QS6612 10/100 media interface> on miibus0
qsphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
hme0: Ethernet address: 08:00:20:bb:10:58
sym0: <875> port 0x1000-0x10ff mem 0x108000-0x1080ff,0x10a000-0x10afff at device 3.0 on pci0
sym0: No NVRAM, ID 7, Fast-20, SE, parity checking
sym0: [GIANT-LOCKED]
sym1: <875> port 0x1400-0x14ff mem 0x10c000-0x10c0ff,0x10e000-0x10efff at device 3.1 on pci0
sym1: No NVRAM, ID 7, Fast-20, SE, parity checking
sym1: [GIANT-LOCKED]
pcib1: <U2P UPA-PCI bridge> on nexus0
pcib1: Psycho, impl 0, version 4, ign 0x7c0, bus A
pcib1: [FAST]
pci1: <OFW PCI bus> on pcib1
creator0: <Creator3D> on nexus0
creator0: console
creator0: resolution 1280x1024
syscons0: <System console> on nexus0
syscons0: Unknown <16 virtual consoles, flags=0x300>
Timecounters tick every 1.000 msec
Waiting 5 seconds for SCSI devices to settle
SMP: AP CPU #1 Launched!
cd0 at sym0 bus 0 target 6 lun 0
cd0: <TOSHIBA XM6201TASUN32XCD 1103> Removable CD-ROM SCSI-2 device
cd0: 10.000MB/s transfers (10.000MHz, offset 16)
cd0: Attempt to query device size failed: NOT READY, Medium not present
da0 at sym0 bus 0 target 0 lun 0
da0: <SEAGATE ST336737LC 0105> Fixed Direct Access SCSI-3 device
da0: 40.000MB/s transfers (20.000MHz, offset 16, 16bit), Tagged Queueing Enabled
da0: 35242MB (72176566 512 byte sectors: 255H 63S/T 4492C)
Trying to mount root from ufs:/dev/da0a
== /etc/make.conf ==
[...]
CFLAGS= -g -pipe
[...]
== kgdb kernel core ==
server5# kgdb -n 1
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "sparc64-marcel-freebsd".
Unread portion of the kernel message buffer:
tap0: Ethernet address: 00:bd:00:02:10:00
panic: trap: memory address not aligned
cpuid = 0
KDB: enter: panic
panic: from debugger
cpuid = 0
Uptime: 2m24s
Dumping 512 MB (1 chunks)
chunk at 0xa0000000: 536870912 bytes |
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
240 savectx(&dumppcb);
(kgdb) bt
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
#1 0x00000000c014bc78 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
#2 0x00000000c014c118 in panic (fmt=0xc02e9dd8 "from debugger") at /usr/src/sys/kern/kern_shutdown.c:565
#3 0x00000000c00a2270 in db_panic (addr=3222722396, have_addr=0, count=-1, modif=0xd64368a0 "")
at /usr/src/sys/ddb/db_command.c:438
#4 0x00000000c00a21d4 in db_command (last_cmdp=0xc035b260, cmd_table=0x0, aux_cmd_tablep=0xc0312368,
aux_cmd_tablep_end=0xc0312380) at /usr/src/sys/ddb/db_command.c:350
#5 0x00000000c00a22f8 in db_command_loop () at /usr/src/sys/ddb/db_command.c:458
#6 0x00000000c00a4ed8 in db_trap (type=-700224848, code=0) at /usr/src/sys/ddb/db_main.c:221
#7 0x00000000c016db88 in kdb_trap (type=107, code=0, tf=0xd6436d30) at /usr/src/sys/kern/subr_kdb.c:473
#8 0x00000000c02cd70c in trap (tf=0xd6436d30) at /usr/src/sys/sparc64/sparc64/trap.c:307
#9 0x00000000c0058fe0 in tl1_trap ()
#10 0x00000000c016d75c in kdb_enter (msg=0xc02f6858 "panic") at /usr/src/sys/kern/subr_kdb.c:267
#11 0x00000000c016d75c in kdb_enter (msg=0xc02f6858 "panic") at /usr/src/sys/kern/subr_kdb.c:267
#12 0x00000000c014c028 in panic (fmt=0xc030ea28 "trap: %s") at /usr/src/sys/kern/kern_shutdown.c:549
#13 0x00000000c02cd898 in trap (tf=0xd6437130) at /usr/src/sys/sparc64/sparc64/trap.c:369
#14 0x00000000c0058fe0 in tl1_trap ()
#15 0x00000000c01e3aa8 in tapioctl (dev=0xfffff800a08ae800, cmd=18446735280406397536, data=0x0, flag=0, td=0x0)
at atomic.h:278
#16 0x00000000c0117e6c in dev_refthread (dev=0xfffff800a084f300) at /usr/src/sys/kern/kern_conf.c:124
#17 0x00000000c0118284 in giant_ioctl (dev=0xfffff800b5d4ac00, cmd=2147772029, data=0xd643753c "", fflag=2,
td=0xfffff800a64a0260) at /usr/src/sys/kern/kern_conf.c:288
#18 0x00000000c00f71b4 in devfs_ioctl_f (fp=0xfffff800a62ef338, com=2147772029, data=0xd643753c, cred=0xfffff800a084f100,
td=0xfffff800a64a0260) at /usr/src/sys/fs/devfs/devfs_vnops.c:407
#19 0x00000000c011c8bc in kern_fcntl (td=0xfffff800a64a0260, fd=3, cmd=4, arg=1) at file.h:258
#20 0x00000000c011c0d8 in fcntl (td=0xfffff800a64a0260, uap=0xd64378c0) at /usr/src/sys/kern/kern_descrip.c:339
#21 0x00000000c02cdea4 in syscall (tf=0xd6437880) at /usr/src/sys/sparc64/sparc64/trap.c:592
#22 0x00000000c0058dc0 in tl0_intr ()
#23 0x0000000000000000 in ?? ()
(kgdb) bt full
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
No locals.
#1 0x00000000c014bc78 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
first_buf_printf = 1
#2 0x00000000c014c118 in panic (fmt=0xc02e9dd8 "from debugger") at /usr/src/sys/kern/kern_shutdown.c:565
td = (struct thread *) 0xfffff800a64a0260
bootopt = 260
newpanic = 0
ap = 0xd6436798
buf = "trap: memory address not aligned", '\0' <repeats 223 times>
#3 0x00000000c00a2270 in db_panic (addr=3222722396, have_addr=0, count=-1, modif=0xd64368a0 "")
at /usr/src/sys/ddb/db_command.c:438
No locals.
#4 0x00000000c00a21d4 in db_command (last_cmdp=0xc035b260, cmd_table=0x0, aux_cmd_tablep=0xc0312368,
aux_cmd_tablep_end=0xc0312380) at /usr/src/sys/ddb/db_command.c:350
cmd = (struct command *) 0xc02d4258
t = -1072244900
modif = '\0' <repeats 15 times>,
[...]
addr = 3222722396
count = -1
have_addr = 0
result = -1072244900
#5 0x00000000c00a22f8 in db_command_loop () at /usr/src/sys/ddb/db_command.c:458
No locals.
#6 0x00000000c00a4ed8 in db_trap (type=-700224848, code=0) at /usr/src/sys/ddb/db_main.c:221
jb = {{_jb = {3594740465, 3221900884, 3594740209, 0, 0, 0}}}
prev_jb = (void *) 0x0
bkpt = 0
#7 0x00000000c016db88 in kdb_trap (type=107, code=0, tf=0xd6436d30) at /usr/src/sys/kern/subr_kdb.c:473
did_stop_cpus = 1
handled = 0
#8 0x00000000c02cd70c in trap (tf=0xd6436d30) at /usr/src/sys/sparc64/sparc64/trap.c:307
td = (struct thread *) 0xfffff800a64a0260
p = (struct proc *) 0x12
sticks = 3224332381
error = 0
sig = 0
#9 0x00000000c0058fe0 in tl1_trap ()
No symbol table info available.
#10 0x00000000c016d75c in kdb_enter (msg=0xc02f6858 "panic") at /usr/src/sys/kern/subr_kdb.c:267
No locals.
#11 0x00000000c016d75c in kdb_enter (msg=0xc02f6858 "panic") at /usr/src/sys/kern/subr_kdb.c:267
No locals.
#12 0x00000000c014c028 in panic (fmt=0xc030ea28 "trap: %s") at /usr/src/sys/kern/kern_shutdown.c:549
td = (struct thread *) 0xfffff800a64a0260
bootopt = 256
newpanic = 1
ap = 0xd6437038
buf = "trap: memory address not aligned", '\0' <repeats 223 times>
#13 0x00000000c02cd898 in trap (tf=0xd6437130) at /usr/src/sys/sparc64/sparc64/trap.c:369
td = (struct thread *) 0xfffff800a64a0260
p = (struct proc *) 0x407d7028
sticks = 0
error = -1070536152
sig = -1069914416
#14 0x00000000c0058fe0 in tl1_trap ()
No symbol table info available.
#15 0x00000000c01e3aa8 in tapioctl (dev=0xfffff800a08ae800, cmd=18446735280406397536, data=0x0, flag=0, td=0x0)
at atomic.h:278
_tid = 18446735280406397536
tp = (struct tap_softc *) 0xfffff800a08ae800
ifp = (struct ifnet *) 0xfffff800a08ae800
f = 0
#16 0x00000000c0117e6c in dev_refthread (dev=0xfffff800a084f300) at /usr/src/sys/kern/kern_conf.c:124
csw = (struct cdevsw *) 0xc033b968
#17 0x00000000c0118284 in giant_ioctl (dev=0xfffff800b5d4ac00, cmd=2147772029, data=0xd643753c "", fflag=2,
td=0xfffff800a64a0260) at /usr/src/sys/kern/kern_conf.c:288
retval = -1244353536
#18 0x00000000c00f71b4 in devfs_ioctl_f (fp=0xfffff800a62ef338, com=2147772029, data=0xd643753c, cred=0xfffff800a084f100,
td=0xfffff800a64a0260) at /usr/src/sys/fs/devfs/devfs_vnops.c:407
dev = (struct cdev *) 0xfffff800b5d4ac00
dsw = (struct cdevsw *) 0xc033b968
vp = (struct vnode *) 0x0
vpold = (struct vnode *) 0xfffff800a62ef338
error = 0
i = -700222148
p = 0xfffff800a62ef338 "ÿÿø"
fgn = (struct fiodgname_arg *) 0xfffff800a64a0260
#19 0x00000000c011c8bc in kern_fcntl (td=0xfffff800a64a0260, fd=3, cmd=4, arg=1) at file.h:258
fdp = (struct filedesc *) 0xfffff800b5d4bc00
flp = (struct flock *) 0x1
fp = (struct file *) 0xfffff800a62ef338
p = (struct proc *) 0xfffff800a651fa80
pop = 0x0
vp = (struct vnode *) 0x4
newmin = 1
error = 0
flg = 64
tmp = 0
giant_locked = 1
#20 0x00000000c011c0d8 in fcntl (td=0xfffff800a64a0260, uap=0xd64378c0) at /usr/src/sys/kern/kern_descrip.c:339
fl = {l_start = 3594743537, l_len = 3222767276, l_pid = 0, l_type = 0, l_whence = 0}
arg = 1
error = 0
#21 0x00000000c02cdea4 in syscall (tf=0xd6437880) at /usr/src/sys/sparc64/sparc64/trap.c:592
callp = (struct sysent *) 0xc0328f48
td = (struct thread *) 0xfffff800a64a0260
args = {3594743745, 3221589512, 3221589052, 3221589048, 658606396932, 100, 0, 0}
argp = (register_t *) 0xd64378c0
p = (struct proc *) 0xfffff800a651fa80
sticks = 10
code = 92
tpc = 1081962532
reg = 0
regcnt = 6
narg = 3
error = 0
#22 0x00000000c0058dc0 in tl0_intr ()
No symbol table info available.
#23 0x0000000000000000 in ?? ()
No symbol table info available.
>How-To-Repeat:
cat /dev/zero >/dev/tap0
>Fix:
it worked in the past as i can read in mailinglists but i dont know when it was broken. maybe one could use an older freebsd version. on i386 that error does not exist.
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200605291212.k4TCCM8J097487>