首页 > itarticle > unaligned reference fault in scsi driver when narrow device connected.

unaligned reference fault in scsi driver when narrow device connected.

admin 11月 14, 2020 0

Unaligned Reference Fault in SCSI driver when narrow device connected.

When the driver finds that the target device is going to the Data Phase
erroneously, it transfers two bytes at a time and tries to get the
device to an expected phase before aborting the command. Since narrow
devices transfer only one byte at a time, there is a possibility that
the target device may change phase after transferring one byte resulting
in phase mismatch. The phase mismatch handler in the driver adjusts the
data address by one which results in an odd byte aligned address.
Later, when this address was accessed, the system panicked with an
alignment fault.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182

System crash dump analysis report
=================================

Symptom
-------
  System crash with panic string as Data memory protection/access
  rights/alignment fault.

Root Cause
----------
  The Unaligned Reference Fault in C8xx_isrMA() .

Action Plan
-----------
  Please install the following patches:

     PHKL_30510    SCSI IO Cumulative Patch
     PHKL_30511    SCSI Ultra160 Cumulative Patch

Detail Analysis
---------------

			=======================
			= General Information =
			=======================

Dump time Thu Jul  8 16:16:13 2004 UTC-8
System has been up 14 minutes.

System Name      : HP-UX
Node Name        : localhost
Model            : 9000/785/J5600
HP-UX version    : B.11.11 (64-bit Kernel)
Number of CPU's  : 2
Disabled CPU's   : 0
CPU type         : PCXW (552 Mhz)
CPU Architecture : PA-RISC 2.0
Load average     : 0.11  0.10  0.08  

			================
			= Crash Events =
			================

Panic string : Data memory protection/access rights/alignment fault

Getting trap information from trap marker at 0x0.0x107fbd0
Trap information
================

Type 18: Data Memory Protection Trap/unaligned Data Reference Trap
Interruption Instruction Register:
	IIR = 0x4b810000
Interruption Space and Offset Registers:
	ISR.IOR = 0x0.0xfffffffff4800b59
Interruption Instruction Address Queue:
	PCSQ.PCOQ = 0x0.0x524fdc = c8xx_isrMA+0x3cc
Interrupt Instruction at c8xx_isrMA+0x3cc:
	ldw  0(ret0),r1

Virtual address information:


VA 0x0.0xfffffffff4800b59 translates to PA 0xfffffffff4800b59
  Page table entry: hpde2_0_t 0x269ffe0
    Access rights : 0x10 PDE_AR_KRW
    Protection key: 0x0 KERNEL/PUBLIC
    Page size     : 4KB


Stack Trace for Crash event 0
=============================

==============  EVENT  ============================
= Event #0 is PANIC on CPU #1
= p crash_event_t 0xa02000
= p rpb_t 0x9fb100
= Using pc from pim.wide.rp_rp_hi = 0x226c1c
==============  EVENT  ============================
SR4=0x00000000
                SP         RP Return Name
0x0000000001080290 0x00226c1c panic+0x6c
0x00000000010801f0 0x0027badc report_trap_or_int_and_panic+0x94
0x0000000001080150 0x0027b020 interrupt+0x208
0x00000000010800a0 0x0015bd88 ihandler+0x930
+-------------  TRAP  ----------------------------
|  Trap type 18 in KERNEL mode at 0x524fdc (c8xx_isrMA+0x3cc)
|  p struct save_state 0.0x107fbd0
+-------------  TRAP  ----------------------------
SR4=0x00000000
                SP         RP Return Name
0x000000000107fbd0 0x00524fdc c8xx_isrMA+0x3cc
0x000000000107f9e0 0x00527f70 c8xx_isrSIP+0x158
0x000000000107f8e0 0x00528b0c c8xx_isr+0x334
0x000000000107f670 0x00370784 sapic_interrupt+0x2c
0x000000000107f5e0 0x0015d654 mp_ext_interrupt+0x26c
0x000000000107f4d0 0x0015bd64 ihandler+0x90c
+-------------  TRAP  ----------------------------
|  Trap type 4 in KERNEL mode at 0x16d360 (idle+0x2a8)
|  p struct save_state 0.0x107f000
+-------------  TRAP  ----------------------------
SR4=0x00000000
                SP         RP Return Name
0x0000000006bea2d0 0x0016d360 idle+0x2a8
0x0000000006bea050 0x0016b64c swidle+0x28

Stack Trace for Crash event 0 with all args
===========================================

==============  EVENT  ============================
= Event #0 is PANIC on CPU #1
= p crash_event_t 0xa02000
= p rpb_t 0x9fb100
= Using pc from pim.wide.rp_rp_hi = 0x226c1c
==============  EVENT  ============================
SR4=0x00000000
                SP         RP Return Name
0x0000000001080290 0x00226c1c panic+0x6c
0x00000000010801f0 0x0027badc report_trap_or_int_and_panic+0x94
         arg0: 0x0000000000000002
         arg1: 0x0000000000000012
         arg2: 0x000000000107fbd0
         arg3: 0x00000000008b1d68
0x0000000001080150 0x0027b020 interrupt+0x208
         ....  --------n/a-------
         arg1: 0x000000000107fbd0
0x00000000010800a0 0x0015bd88 ihandler+0x930
+-------------  TRAP  ----------------------------
|  Trap type 18 in KERNEL mode at 0x524fdc (c8xx_isrMA+0x3cc)
|  p struct save_state 0.0x107fbd0
+-------------  TRAP  ----------------------------
SR4=0x00000000
                SP         RP Return Name
0x000000000107fbd0 0x00524fdc c8xx_isrMA+0x3cc
         arg0: 0x0000000041236800
         arg1: 0x0000000043421800
         arg2: 0x0000000043417800
0x000000000107f9e0 0x00527f70 c8xx_isrSIP+0x158
         arg0: 0x0000000041236800
         arg1: 0x0000000043421800
         arg2: 0xffffffffff031600
0x000000000107f8e0 0x00528b0c c8xx_isr+0x334
         arg0: 0x0000000041236800
         arg1: 0x0000000000000000
0x000000000107f670 0x00370784 sapic_interrupt+0x2c
0x000000000107f5e0 0x0015d654 mp_ext_interrupt+0x26c
         arg0: 0x000000000107f000
0x000000000107f4d0 0x0015bd64 ihandler+0x90c
+-------------  TRAP  ----------------------------
|  Trap type 4 in KERNEL mode at 0x16d360 (idle+0x2a8)
|  p struct save_state 0.0x107f000
+-------------  TRAP  ----------------------------
SR4=0x00000000
                SP         RP Return Name
0x0000000006bea2d0 0x0016d360 idle+0x2a8
0x0000000006bea050 0x0016b64c swidle+0x28

System panic with an alignment fault and the following stack trace
when connected to a narrow device:

     panic+0x6c
     report_trap_or_int_and_panic+0x94
     interrupt+0x208
     $ihndlr_rtn+0x0
     c8xx_isrMA+0x3cc
     c8xx_isrSIP+0x158
     c8xx_isr+0x334
     sapic_interrupt+0x2c
     mp_ext_interrupt+0x26c
     ivti_patch_to_nop3+0x0
     idle_nonpset_loop+0x704
     idle+0x7ac
     swidle_exit+0x0

When the driver finds that the target device is going to the Data Phase
erroneously, it transfers two bytes  at a time and tries to get the
device to an expected phase before aborting the command.  Since narrow
devices transfer only one byte at a time, there is a possibility that
the target device may change phase after transferring one byte resulting
in phase mismatch.  The phase mismatch handler in the driver adjusts the
data address by one which results in an odd byte aligned address.
Later, when this address was  accessed, the system panicked with an
alignment fault.
微海报分享

近期文章

近期评论

标签

热门

文章归档

分类目录

功能