Date: Sun, 23 Sep 2001 21:31:10 -0500 From: Pete McKenna <pmckenna@qwest.net> To: Chuck TheMascot <freebsdfan@hotmail.com> Cc: freebsd-small@FreeBSD.ORG Subject: Re: Kernel panic w/ Picobsd 4.4 & tftp boot Message-ID: <20010923213110.A41133@otto.oss.qwest.net> In-Reply-To: <F217NoIn1EajKwFUXHQ000043d4@hotmail.com>; from freebsdfan@hotmail.com on Sat, Sep 22, 2001 at 09:59:40AM -0700 References: <F217NoIn1EajKwFUXHQ000043d4@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I was getting the same panic when using tftp with mfs_in_kernel. Switching to a seperate MFS fixed the problem. It would be better to fix the problem, but this works as a reliable workaround here. Pete On Sat, Sep 22, 2001 at 09:59:40AM -0700, Chuck TheMascot wrote: > I've been updating my PicoBSD firewall to the FreeBSD 4.4 release and it's > working fine when booted with the nfs version of pxeboot. I've never had > any success with the tftp only version of pxeboot, but I thought I'd give it > a try again. When I boot my kernel with the tftp version I get the > following crash: > > --- snip --- > Copyright (c) 1992-2001 The FreeBSD Project. syms=[0x4+0x490+0x4+0x203] > Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 > The Regents of the University of California. All rights reserved. > FreeBSD 4.4-RELEASE #0: Fri Sep 21 14:30:53 PDT 2001 > pink@floyd:/usr/src/sys/compile/PICOBSD-thewall.net4501.pxe.0.2 > Timecounter "i8254" frequency 1193182 Hz > CPU: AMD Enhanced Am486DX4 Write-Back (486-class CPU) > Origin = "AuthenticAMD" Id = 0x494 Stepping = 4 > Features=0x1<FPU> > real memory = 67108864 (65536K bytes) > avail memory = 59330560 (57940K bytes) > pnpbios: Bad PnP BIOS data checksum > Preloaded elf kernel "kernel.gz" at 0xc05de000. > md1: Malloc disk > npx0: <math processor> on motherboard > npx0: INT 16 interface > pcib0: <Host to PCI bridge> on motherboard > pci0: <PCI bus> on pcib0 > sis0: <NatSemi DP83815 10/100BaseTX> port 0xe000-0xe0ff mem > 0xa0000000-0xa0000ff > f irq 10 at device 18.0 on pci0 > sis0: Ethernet address: 00:00:24:c0:00:4c > miibus0: <MII bus> on sis0 > ukphy0: <Generic IEEE 802.3u media interface> on miibus0 > ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto > sis1: <NatSemi DP83815 10/100BaseTX> port 0xe100-0xe1ff mem > 0xa0001000-0xa0001ff > f irq 11 at device 19.0 on pci0 > sis1: Ethernet address: 00:00:24:c0:00:4d > miibus1: <MII bus> on sis1 > ukphy1: <Generic IEEE 802.3u media interface> on miibus1 > ukphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto > sis2: <NatSemi DP83815 10/100BaseTX> port 0xe200-0xe2ff mem > 0xa0002000-0xa0002ff > f irq 5 at device 20.0 on pci0 > sis2: Ethernet address: 00:00:24:c0:00:4e > miibus2: <MII bus> on sis2 > ukphy2: <Generic IEEE 802.3u media interface> on miibus2 > ukphy2: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto > isa0: <ISA bus> on motherboard > orm0: <Option ROMs> at iomem 0xc8000-0xd1fff,0xe0000-0xe9fff on isa0 > ata0 at port 0x1f0-0x1f7,0x3f6 irq 14 on isa0 > atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0 > atkbd0: <AT Keyboard> irq 1 on atkbdc0 > sio0 at port 0x3f8-0x3ff irq 4 flags 0x30 on isa0 > sio0: type 16550A, console > IP packet filtering initialized, divert enabled, rule-based forwarding > disabled, > default to accept, logging limited to 100 packets/entry by default > no B_DEVMAGIC (bootdev=0) > Mounting root from ufs:/dev/md0c > Warning: Block size restricts cylinders per group to 12. > > > Fatal trap 12: page fault while in kernel mode > fault virtual address = 0x9c > fault code = supervisor read, page not present > instruction pointer = 0x8:0xc0174928 > stack pointer = 0x10:0xc01ef1ec > frame pointer = 0x10:0xc01ef204 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, def32 1, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = Idle > interrupt mask = > trap number = 12 > panic: page fault > > syncing disks... > > Fatal trap 12: page fault while in kernel mode > fault virtual address = 0x30 > fault code = supervisor read, page not present > instruction pointer = 0x8:0xc018d5d2 > stack pointer = 0x10:0xc01eef54 > frame pointer = 0x10:0xc01eef68 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, def32 1, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = Idle > interrupt mask = bio > trap number = 12 > panic: page fault > Uptime: 5s > Automatic reboot in 15 seconds - press a key on the console to abort > Rebooting... > --- snip --- > > This is 100% reproducible. The first panic fault appears to be in > icmp_reflect, here's a snippet of the object and source: > > --- snip --- > 0xc017490c <icmp_reflect+180>: pushl 0x14(%ecx) > 0xc017490f <icmp_reflect+183>: push $0xc046b4b8 > 0xc0174914 <icmp_reflect+188>: call 0xc0167390 <ifaof_ifpforaddr> > 0xc0174919 <icmp_reflect+193>: mov %eax,%edx > 0xc017491b <icmp_reflect+195>: add $0x8,%esp > 0xc017491e <icmp_reflect+198>: test %edx,%edx > 0xc0174920 <icmp_reflect+200>: jne 0xc0174928 <icmp_reflect+208> > 0xc0174922 <icmp_reflect+202>: mov 0xc048c214,%edx > 0xc0174928 <icmp_reflect+208>: mov 0x9c(%edx),%ecx > 0xc017492e <icmp_reflect+214>: mov 0xfffffffc(%ebp),%eax > > icmpdst.sin_addr = t; > if ((ia == (struct in_ifaddr *)0) && m->m_pkthdr.rcvif) > ia = (struct in_ifaddr *)ifaof_ifpforaddr( > (struct sockaddr *)&icmpdst, m->m_pkthdr.rcvif); > /* > * The following happens if the packet was not addressed to us, > * and was received on an interface with no IP address. > */ > if (ia == (struct in_ifaddr *)0) > ia = in_ifaddrhead.tqh_first; > --- snip --- > > While watching the download with Ethereal I noticed that the last block of > the kernel download is not ack'ed by pxeboot. Looking at > /usr/src/lib/libstand/tftp.c it looks like that's expected as the source > includes the comment "let it time out ..." in tftp_close. I'm assuming the > icmp response is being sent because of the TFTP retries that are sent while > the kernel is starting up. > > So if I've followed all of this correctly (doubtful!) I think > in_ifaddrhead.tqh_first hasn't been initialized at the point of the panic. > Perhaps this is just be a race condition caused timing of the tftp download. > The good news is that this is 100% reproducible here. > > The second panic is in mfs_strategy. I haven't looked into that one in any > detail. > > Any help would be much appreciated ! > > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-small" in the body of the message -- Peter McKenna Qwest Internet Solutions pmckenna@qwest.net Main 612-664-4000 FAX 612-664-4770 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-small" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010923213110.A41133>