Michael Ortmann
2006-May-29 12:37 UTC
reproduceable kernel panic when trying to use tap0 interface (sparc64)
hello,
im using 6_stable on sparc64 and get a 100% reproduceable kernel panic.
it crashes when i try to usr/create the tap0 interface. (i discovered it
when i tried to run openvpn).
so i guess it may be the tap driver on sparc64.
i can provice kernel core and offer my help.
i wrote to the sparc64 mailinglist before but now i guess its better off
here.
regards,
Michael Ortmann
== how to reproduce the kernel panic =
# cat /dev/zero >/dev/tap0
tap0: Ethernet address: 00:bd:00:02:10:00
panic: trap: memory address not aligned
cpuid = 0
KDB: enter: panic
[thread 449 tid 100044]
Stopped at kdb_enter+0x3c: ta %xcc, 1
== uname -a
FreeBSD server5.q-fin 6.1-STABLE FreeBSD 6.1-STABLE #0: Sun May 28
01:53:54 CEST 2006 root@server5.q-fin:/usr/obj/usr/src/sys/SERVER5
sparc64
== kernel conf =
machine sparc64
cpu SUN4U
ident SERVER5
# To statically compile in device wiring instead of /boot/device.hints
#hints "GENERIC.hints" # Default places to look for
devices.
makeoptions DEBUG=-g # Build kernel with gdb(1) debug
symbols
# Platforms supported
# At this time all platforms are supported, as-is.
#options SCHED_ULE # ULE scheduler
options SCHED_4BSD # 4BSD scheduler
#options PREEMPTION # Enable kernel thread preemption
options INET # InterNETworking
options INET6 # IPv6 communications protocols
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_ACL # Support for access control lists
options UFS_DIRHASH # Improve performance on big
directories
#options MD_ROOT # MD is a potential root device
#options NFSCLIENT # Network Filesystem Client
#options NFSSERVER # Network Filesystem Server
#options NFS_ROOT # NFS usable as /, requires
NFSCLIENT
#options MSDOSFS # MSDOS Filesystem
options CD9660 # ISO 9660 Filesystem
options PROCFS # Process filesystem (requires
PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
options GEOM_GPT # GUID Partition Tables.
options COMPAT_43 # Compatible with BSD 4.3 [KEEP
THIS!]
options COMPAT_FREEBSD5 # Compatible with FreeBSD5
options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI
options KTRACE # ktrace(1) support
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time
extensions
options AHC_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~128k to driver.
options ADAPTIVE_GIANT # Giant mutex is adaptive.
# To make an SMP kernel, the next line is needed
options SMP # Symmetric MultiProcessor Kernel
# Standard busses
device ebus
device isa
device pci
device sbus
device central
device fhc
# Floppy drives
#device fdc
# SCSI Controllers
device sym # NCR/Symbios Logic (newer chipsets +
those of `ncr')
# SCSI peripherals
device scbus # SCSI bus (required for SCSI)
device ch # SCSI media changers
device da # Direct Access (disks)
device sa # Sequential Access (tape etc)
device cd # CD
device pass # Passthrough device (direct SCSI access)
device ses # SCSI Environmental Services (and SAF-TE)
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc # AT keyboard controller
device atkbd # AT keyboard
device psm # PS/2 mouse
# syscons is the default console driver, resembling an SCO console
device sc
device creator # Creator, Creator3D and Elite3D
framebuffers
device splash # Splash screen and screen saver support
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
#device ofw_console # Open Firmware console device
# Builtin hardware
device auxio # auxiliary I/O device
device clkbrd # Clock Board (blinkenlight on Sun Exx00)
device genclock # Generic clock interface
device eeprom # eeprom (really a front-end for the
MK48Txx)
device mk48txx # Mostek MK48Txx clocks
device rtc # rtc (really a front-end for the MC146818)
device mc146818 # Motorola MC146818 and compatible clocks
# Serial (COM) ports
device sab # Siemens SAB82532 based serial ports
device uart # Multi-uart driver
device puc # Multi-channel uarts
# Parallel port
#device ppc
#device ppbus # Parallel port bus (required)
#device lpt # Printer
#device plip # TCP/IP over parallel
#device ppi # Parallel port interface device
#device vpo # Requires scbus and da
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these
NICs!
device miibus # MII bus support
device hme # Sun HME (Happy Meal Ethernet)
#device xl # 3Com 3c90x (``Boomerang'',
``Cyclone'')
# Pseudo devices.
device loop # Network loopback
device mem # Memory and kernel memory devices
device random # Entropy device
device ether # Ethernet support
device tun # Packet tunnel.
device pty # Pseudo-ttys (telnet etc)
#device md # Memory "disks"
#device gif # IPv6 and IPv4 tunneling
#device faith # IPv6-to-IPv4 relaying (translation)
# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
device bpf # Berkeley packet filter
#options GEOM_BDE
#options ACCEPT_FILTER_HTTP
device sound
device snd_audiocs
device if_bridge
device tap
device pf
#device pflog
options KDB
options DDB
options GDB
== dmesg =
Copyright (c) 1992-2006 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 6.1-STABLE #0: Sun May 28 01:53:54 CEST 2006
root@server5.q-fin:/usr/obj/usr/src/sys/SERVER5
real memory = 536870912 (512 MB)
avail memory = 510763008 (487 MB)
cpu0: Sun Microsystems UltraSparc-II Processor (296.01 MHz CPU)
cpu1: Sun Microsystems UltraSparc-II Processor (296.01 MHz CPU)
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
nexus0: <Open Firmware Nexus device>
pcib0: <U2P UPA-PCI bridge> on nexus0
pcib0: Psycho, impl 0, version 4, ign 0x7c0, bus B
pcib0: [FAST]
pcib0: [FAST]
pcib0: [GIANT-LOCKED]
pcib0: [GIANT-LOCKED]
pcib0: [FAST]
initializing counter-timer
Timecounter "counter-timer" frequency 1000000 Hz quality 100
pcib0 dvma: DVMA map: 0xfc000000 to 0xffffffff
pci0: <OFW PCI bus> on pcib0
ebus0: <PCI-EBus2 bridge> mem
0x70000000-0x70ffffff,0x71000000-0x717fffff at device 1.0 on pci0
auxio0: <Sun Auxiliary I/O> addr
0x1400726000-0x1400726003,0x1400728000-0x1400728003,0x140072a000-0x140072a003,0x140072c000-0x140072c003,0x140072f000-0x140072f003
on ebus0
ebus0: <power> addr 0x1400724000-0x1400724003 (no driver attached)
ebus0: <SUNW,pll> addr 0x1400504000-0x1400504002 (no driver attached)
ebus0: <sc> addr 0x1400500000-0x1400500007 (no driver attached)
sab0: <Siemens SAB 82532 v3.2> addr 0x1400400000-0x140040007f irq 43 on
ebus0
sab0: [FAST]
sabtty0: <ttyz0> on sab0
sabtty1: <ttyz1> on sab0
uart0: <16550 or compatible> addr 0x14003083f8-0x14003083ff irq 41 on
ebus0
uart0: keyboard (1200,n,8,1)
kbd0 at sunkbd0
uart1: <16550 or compatible> addr 0x14003062f8-0x14003062ff irq 42 on
ebus0
ebus0: <ecpp> addr
0x14003043bc-0x14003043cb,0x1400300398-0x1400300399,0x1400700000-0x140070000f
irq 34 (no driver attached)
ebus0: <fdthree> addr
0x14003023f0-0x14003023f7,0x1400706000-0x140070600f,0x1400720000-0x1400720003
irq 39 (no driver attached)
eeprom0: <EEPROM/clock> addr 0x1400000000-0x1400001fff on ebus0
eeprom0: model mk48t59
eeprom0: hostid 80bb1058
ebus0: <flashprom> addr 0x1000000000-0x10000fffff (no driver attached)
pcm0: <Sun Audiocs> addr
0x1400200000-0x14002000ff,0x1400702000-0x140070200f,0x1400704000-0x140070400f,0x1400722000-0x1400722003
irq 35,36 on ebus0
pcm0: <CS4231A Codec Id. 10>
hme0: <Sun HME 10/100 Ethernet> mem 0x100000-0x107fff at device 1.1 on
pci0
miibus0: <MII bus> on hme0
qsphy0: <QS6612 10/100 media interface> on miibus0
qsphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
hme0: Ethernet address: 08:00:20:bb:10:58
sym0: <875> port 0x1000-0x10ff mem 0x108000-0x1080ff,0x10a000-0x10afff
at device 3.0 on pci0
sym0: No NVRAM, ID 7, Fast-20, SE, parity checking
sym0: [GIANT-LOCKED]
sym1: <875> port 0x1400-0x14ff mem 0x10c000-0x10c0ff,0x10e000-0x10efff
at device 3.1 on pci0
sym1: No NVRAM, ID 7, Fast-20, SE, parity checking
sym1: [GIANT-LOCKED]
pcib1: <U2P UPA-PCI bridge> on nexus0
pcib1: Psycho, impl 0, version 4, ign 0x7c0, bus A
pcib1: [FAST]
pci1: <OFW PCI bus> on pcib1
creator0: <Creator3D> on nexus0
creator0: console
creator0: resolution 1280x1024
syscons0: <System console> on nexus0
syscons0: Unknown <16 virtual consoles, flags=0x300>
Timecounters tick every 1.000 msec
Waiting 5 seconds for SCSI devices to settle
SMP: AP CPU #1 Launched!
cd0 at sym0 bus 0 target 6 lun 0
cd0: <TOSHIBA XM6201TASUN32XCD 1103> Removable CD-ROM SCSI-2 device
cd0: 10.000MB/s transfers (10.000MHz, offset 16)
cd0: Attempt to query device size failed: NOT READY, Medium not present
da0 at sym0 bus 0 target 0 lun 0
da0: <SEAGATE ST336737LC 0105> Fixed Direct Access SCSI-3 device
da0: 40.000MB/s transfers (20.000MHz, offset 16, 16bit), Tagged Queueing
Enabled
da0: 35242MB (72176566 512 byte sectors: 255H 63S/T 4492C)
Trying to mount root from ufs:/dev/da0a
== /etc/make.conf =
[...]
CFLAGS= -g -pipe
[...]
== kgdb kernel core =
server5# kgdb -n 1
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "sparc64-marcel-freebsd".
Unread portion of the kernel message buffer:
tap0: Ethernet address: 00:bd:00:02:10:00
panic: trap: memory address not aligned
cpuid = 0
KDB: enter: panic
panic: from debugger
cpuid = 0
Uptime: 2m24s
Dumping 512 MB (1 chunks)
chunk at 0xa0000000: 536870912 bytes |
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
240 savectx(&dumppcb);
(kgdb) bt
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
#1 0x00000000c014bc78 in boot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:409
#2 0x00000000c014c118 in panic (fmt=0xc02e9dd8 "from debugger") at
/usr/src/sys/kern/kern_shutdown.c:565
#3 0x00000000c00a2270 in db_panic (addr=3222722396, have_addr=0,
count=-1, modif=0xd64368a0 "")
at /usr/src/sys/ddb/db_command.c:438
#4 0x00000000c00a21d4 in db_command (last_cmdp=0xc035b260,
cmd_table=0x0, aux_cmd_tablep=0xc0312368,
aux_cmd_tablep_end=0xc0312380) at /usr/src/sys/ddb/db_command.c:350
#5 0x00000000c00a22f8 in db_command_loop () at
/usr/src/sys/ddb/db_command.c:458
#6 0x00000000c00a4ed8 in db_trap (type=-700224848, code=0) at
/usr/src/sys/ddb/db_main.c:221
#7 0x00000000c016db88 in kdb_trap (type=107, code=0, tf=0xd6436d30) at
/usr/src/sys/kern/subr_kdb.c:473
#8 0x00000000c02cd70c in trap (tf=0xd6436d30) at
/usr/src/sys/sparc64/sparc64/trap.c:307
#9 0x00000000c0058fe0 in tl1_trap ()
#10 0x00000000c016d75c in kdb_enter (msg=0xc02f6858 "panic") at
/usr/src/sys/kern/subr_kdb.c:267
#11 0x00000000c016d75c in kdb_enter (msg=0xc02f6858 "panic") at
/usr/src/sys/kern/subr_kdb.c:267
#12 0x00000000c014c028 in panic (fmt=0xc030ea28 "trap: %s") at
/usr/src/sys/kern/kern_shutdown.c:549
#13 0x00000000c02cd898 in trap (tf=0xd6437130) at
/usr/src/sys/sparc64/sparc64/trap.c:369
#14 0x00000000c0058fe0 in tl1_trap ()
#15 0x00000000c01e3aa8 in tapioctl (dev=0xfffff800a08ae800,
cmd=18446735280406397536, data=0x0, flag=0, td=0x0)
at atomic.h:278
#16 0x00000000c0117e6c in dev_refthread (dev=0xfffff800a084f300) at
/usr/src/sys/kern/kern_conf.c:124
#17 0x00000000c0118284 in giant_ioctl (dev=0xfffff800b5d4ac00,
cmd=2147772029, data=0xd643753c "", fflag=2,
td=0xfffff800a64a0260) at /usr/src/sys/kern/kern_conf.c:288
#18 0x00000000c00f71b4 in devfs_ioctl_f (fp=0xfffff800a62ef338,
com=2147772029, data=0xd643753c, cred=0xfffff800a084f100,
td=0xfffff800a64a0260) at /usr/src/sys/fs/devfs/devfs_vnops.c:407
#19 0x00000000c011c8bc in kern_fcntl (td=0xfffff800a64a0260, fd=3,
cmd=4, arg=1) at file.h:258
#20 0x00000000c011c0d8 in fcntl (td=0xfffff800a64a0260, uap=0xd64378c0)
at /usr/src/sys/kern/kern_descrip.c:339
#21 0x00000000c02cdea4 in syscall (tf=0xd6437880) at
/usr/src/sys/sparc64/sparc64/trap.c:592
#22 0x00000000c0058dc0 in tl0_intr ()
#23 0x0000000000000000 in ?? ()
(kgdb) bt full
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
No locals.
#1 0x00000000c014bc78 in boot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:409
first_buf_printf = 1
#2 0x00000000c014c118 in panic (fmt=0xc02e9dd8 "from debugger") at
/usr/src/sys/kern/kern_shutdown.c:565
td = (struct thread *) 0xfffff800a64a0260
bootopt = 260
newpanic = 0
ap = 0xd6436798
buf = "trap: memory address not aligned", '\0'
<repeats 223 times>
#3 0x00000000c00a2270 in db_panic (addr=3222722396, have_addr=0,
count=-1, modif=0xd64368a0 "")
at /usr/src/sys/ddb/db_command.c:438
No locals.
#4 0x00000000c00a21d4 in db_command (last_cmdp=0xc035b260,
cmd_table=0x0, aux_cmd_tablep=0xc0312368,
aux_cmd_tablep_end=0xc0312380) at /usr/src/sys/ddb/db_command.c:350
cmd = (struct command *) 0xc02d4258
t = -1072244900
modif = '\0' <repeats 15 times>,
[...]
addr = 3222722396
count = -1
have_addr = 0
result = -1072244900
#5 0x00000000c00a22f8 in db_command_loop () at
/usr/src/sys/ddb/db_command.c:458
No locals.
#6 0x00000000c00a4ed8 in db_trap (type=-700224848, code=0) at
/usr/src/sys/ddb/db_main.c:221
jb = {{_jb = {3594740465, 3221900884, 3594740209, 0, 0, 0}}}
prev_jb = (void *) 0x0
bkpt = 0
#7 0x00000000c016db88 in kdb_trap (type=107, code=0, tf=0xd6436d30) at
/usr/src/sys/kern/subr_kdb.c:473
did_stop_cpus = 1
handled = 0
#8 0x00000000c02cd70c in trap (tf=0xd6436d30) at
/usr/src/sys/sparc64/sparc64/trap.c:307
td = (struct thread *) 0xfffff800a64a0260
p = (struct proc *) 0x12
sticks = 3224332381
error = 0
sig = 0
#9 0x00000000c0058fe0 in tl1_trap ()
No symbol table info available.
#10 0x00000000c016d75c in kdb_enter (msg=0xc02f6858 "panic") at
/usr/src/sys/kern/subr_kdb.c:267
No locals.
#11 0x00000000c016d75c in kdb_enter (msg=0xc02f6858 "panic") at
/usr/src/sys/kern/subr_kdb.c:267
No locals.
#12 0x00000000c014c028 in panic (fmt=0xc030ea28 "trap: %s") at
/usr/src/sys/kern/kern_shutdown.c:549
td = (struct thread *) 0xfffff800a64a0260
bootopt = 256
newpanic = 1
ap = 0xd6437038
buf = "trap: memory address not aligned", '\0'
<repeats 223 times>
#13 0x00000000c02cd898 in trap (tf=0xd6437130) at
/usr/src/sys/sparc64/sparc64/trap.c:369
td = (struct thread *) 0xfffff800a64a0260
p = (struct proc *) 0x407d7028
sticks = 0
error = -1070536152
sig = -1069914416
#14 0x00000000c0058fe0 in tl1_trap ()
No symbol table info available.
#15 0x00000000c01e3aa8 in tapioctl (dev=0xfffff800a08ae800,
cmd=18446735280406397536, data=0x0, flag=0, td=0x0)
at atomic.h:278
_tid = 18446735280406397536
tp = (struct tap_softc *) 0xfffff800a08ae800
ifp = (struct ifnet *) 0xfffff800a08ae800
f = 0
#16 0x00000000c0117e6c in dev_refthread (dev=0xfffff800a084f300) at
/usr/src/sys/kern/kern_conf.c:124
csw = (struct cdevsw *) 0xc033b968
#17 0x00000000c0118284 in giant_ioctl (dev=0xfffff800b5d4ac00,
cmd=2147772029, data=0xd643753c "", fflag=2,
td=0xfffff800a64a0260) at /usr/src/sys/kern/kern_conf.c:288
retval = -1244353536
#18 0x00000000c00f71b4 in devfs_ioctl_f (fp=0xfffff800a62ef338,
com=2147772029, data=0xd643753c, cred=0xfffff800a084f100,
td=0xfffff800a64a0260) at /usr/src/sys/fs/devfs/devfs_vnops.c:407
dev = (struct cdev *) 0xfffff800b5d4ac00
dsw = (struct cdevsw *) 0xc033b968
vp = (struct vnode *) 0x0
vpold = (struct vnode *) 0xfffff800a62ef338
error = 0
i = -700222148
p = 0xfffff800a62ef338 "???"
fgn = (struct fiodgname_arg *) 0xfffff800a64a0260
#19 0x00000000c011c8bc in kern_fcntl (td=0xfffff800a64a0260, fd=3,
cmd=4, arg=1) at file.h:258
fdp = (struct filedesc *) 0xfffff800b5d4bc00
flp = (struct flock *) 0x1
fp = (struct file *) 0xfffff800a62ef338
p = (struct proc *) 0xfffff800a651fa80
pop = 0x0
vp = (struct vnode *) 0x4
newmin = 1
error = 0
flg = 64
tmp = 0
giant_locked = 1
#20 0x00000000c011c0d8 in fcntl (td=0xfffff800a64a0260, uap=0xd64378c0)
at /usr/src/sys/kern/kern_descrip.c:339
fl = {l_start = 3594743537, l_len = 3222767276, l_pid = 0,
l_type = 0, l_whence = 0}
arg = 1
error = 0
#21 0x00000000c02cdea4 in syscall (tf=0xd6437880) at
/usr/src/sys/sparc64/sparc64/trap.c:592
callp = (struct sysent *) 0xc0328f48
td = (struct thread *) 0xfffff800a64a0260
args = {3594743745, 3221589512, 3221589052, 3221589048,
658606396932, 100, 0, 0}
argp = (register_t *) 0xd64378c0
p = (struct proc *) 0xfffff800a651fa80
sticks = 10
code = 92
tpc = 1081962532
reg = 0
regcnt = 6
narg = 3
error = 0
#22 0x00000000c0058dc0 in tl0_intr ()
No symbol table info available.
#23 0x0000000000000000 in ?? ()
No symbol table info available.
Robert Watson
2006-May-30 06:46 UTC
reproduceable kernel panic when trying to use tap0 interface (sparc64)
On Mon, 29 May 2006, Michael Ortmann wrote:> im using 6_stable on sparc64 and get a 100% reproduceable kernel panic. it > crashes when i try to usr/create the tap0 interface. (i discovered it when i > tried to run openvpn). so i guess it may be the tap driver on sparc64. i can > provice kernel core and offer my help. i wrote to the sparc64 mailinglist > before but now i guess its better off here.This sounds like a kernel code alignment bug, which is likely easy to fix. However...> == how to reproduce the kernel panic => > # cat /dev/zero >/dev/tap0 > > tap0: Ethernet address: 00:bd:00:02:10:00 > panic: trap: memory address not aligned > cpuid = 0 > KDB: enter: panic > [thread 449 tid 100044] > Stopped at kdb_enter+0x3c: ta %xcc, 1Whoops, the gdb stack trace below looks corrupted and/or wrong. Could you instead provide the output of the "trace" command in DDB? DDB traces can be more reliable under some circumstances, and more resistant to mistakes such as matching the wrong kernel to the wrong core, gdb bugs, and so on. Robert N M Watson
Michael Ortmann
2006-May-30 06:53 UTC
reproduceable kernel panic when trying to use tap0 interface (sparc64)
Robert Watson schrieb:> This sounds like a kernel code alignment bug, which is likely easy to > fix. However...the bug has been fixed (fast!): http://www.freebsd.org/cgi/query-pr.cgi?pr=sparc64/98084>> == how to reproduce the kernel panic =>> >> # cat /dev/zero >/dev/tap0 >> >> tap0: Ethernet address: 00:bd:00:02:10:00 >> panic: trap: memory address not aligned >> cpuid = 0 >> KDB: enter: panic >> [thread 449 tid 100044] >> Stopped at kdb_enter+0x3c: ta %xcc, 1 > > > Whoops, the gdb stack trace below looks corrupted and/or wrong. Could > you instead provide the output of the "trace" command in DDB? DDB > traces can be more reliable under some circumstances, and more resistant > to mistakes such as matching the wrong kernel to the wrong core, gdb > bugs, and so on.ill keep it in mind for the next time, thanks. regards, Michael Ortmann