svn commit: r258412 - in head/sys/arm: at91 econa s3c2xx0 sa11x0 xscale/i80321 xscale/i8134x xscale/ixp425 xscale/pxa

John-Mark Gurney jmg at funkthat.com
Mon Jan 13 05:52:24 UTC 2014 

Berislav Purgar wrote this message on Sun, Jan 12, 2014 at 12:25 +0100:
> On Sat, Jan 11, 2014 at 9:53 PM, John-Mark Gurney <jmg at funkthat.com> wrote:
> 
> > I have verified that this patch allows me to boot a kernel till it
> > mounts root...  As I haven't put together a root fs yet, I can't say
> > if it goes to single/multiuser yet...
> 
> I confirm that this patch works but i got panic when traying to mount root
> fs .
> 
> NFS ROOT: 10.42.1.1:/data/freebsd/gateworks
> 
> Interface npe0 IP-Address 10.42.1.15 Broadcast 10.42.1.255
> 
> Setting hostuuid: de4c14a8-7b7b-11e3-b57a-00d012035923.
> 
> Setting hostid: 0x3b43b7a9.
> 
> No suitable dump device was found.
> 
> Entropy harvesting: interrupts ethernet point_to_point swi.
> 
> Starting file system checks:
> 
> Fatal kernel mode data abort: 'Alignment Fault 3'
> 
> trapframe: 0xcd17dc90
> 
> FSR=00000003, FAR=c120926c, spsr=60000013
> 
> r0 =00000000, r1 =0000026c, r2 =00000000, r3 =00000000
> 
> r4 =00000000, r5 =00000000, r6 =c12867e0, r7 =c122fec0
> 
> r8 =c10dc100, r9 =00000000, r10=00000001, r11=c1209000
> 
> r12=c0666c38, ssp=cd17dce0, slr=000000f9, pc =c046fa08
> 
> 
> 
> [ thread pid 63 tid 100046 ]
> 
> Stopped at      vn_seek+0x298:  und     0xe18b20f1
> 
> 
> full dump is here :
> http://pastebin.com/HPHFgeFs
> http://pastebin.com/tu6gKaGb

So, I was able to reproduce this...   und 0xe18b20f1 is actually strd,
and it's trying to store a 64bit value into a misaligned pointer...
We are casting td_retval to an off_t, but td_retval is a register_t
(or 32bit aligned) and off_t is a 64bit value.  It became unaligned a
number of months ago...   I was able to boot using this patch:
Index: sys/sys/proc.h
===================================================================
--- sys/sys/proc.h      (revision 260580)
+++ sys/sys/proc.h      (working copy)
@@ -300,7 +300,7 @@
                TDS_RUNQ,
                TDS_RUNNING
        } td_state;                     /* (t) thread state */
-       register_t      td_retval[2];   /* (k) Syscall aux returns. */
+       register_t      td_retval[2] __aligned(sizeof(off_t));  /* (k) Syscall aux returns. */
        struct callout  td_slpcallout;  /* (h) Callout for sleep. */
        struct trapframe *td_frame;     /* (k) */
        struct vm_object *td_kstack_obj;/* (a) Kstack object. */

I'll bring this up on -arch...

The other option we could do is change td_retval into a union of
td_retval and an off_t, and do the access that way, which is probably
the best as it solves an aliasing issue too, BUT we'd be forced to
either define td_retval to access through the union, or change all the
uses of td_retval...

On the way coming up, I get:
pid 639 (newsyslog), uid 0: exited on signal 4 (core dumped)
Illegal instruction (core dumped)

which I'll take a look at shortly, but more importantly, as sshd
comes up, I get:
panic: vm_page_alloc: page 0xc0805db0 is wired

I can't get a bt from the crash though, as this is what I get:
db> bt
Tracing pid 793 tid 100054 td 0xc10db960
db_trace_self() at db_trace_self
         pc = 0xc05564d0  lr = 0xc055655c (db_trace_thread+0x50)
         sp = 0xc09578c0  fp = 0xc03cc32c
db_trace_thread() at db_trace_thread+0x50
         pc = 0xc055655c  lr = 0xc022b4d4 (db_command_init+0x620)
         sp = 0xc0957920  fp = 0xc03cc32c
db_command_init() at db_command_init+0x620
         pc = 0xc022b4d4  lr = 0xc022abac (db_skip_to_eol+0x480)
         sp = 0xc0957938  fp = 0xc03cc32c
         r4 = 0xc066fcd4  r5 = 0x00000000
db_skip_to_eol() at db_skip_to_eol+0x480
         pc = 0xc022abac  lr = 0xc022ad14 (db_command_loop+0x5c)
         sp = 0xc09579d8  fp = 0xc03cc32c
         r4 = 0xc09579ec  r5 = 0xc066ffa4
         r6 = 0x00000000  r7 = 0x00000000
         r8 = 0x00000001 r10 = 0x600000d3
db_command_loop() at db_command_loop+0x5c
         pc = 0xc022ad14  lr = 0xc022d15c (X_db_sym_numargs+0xec)
         sp = 0xc09579e0  fp = 0xc03cc32c
X_db_sym_numargs() at X_db_sym_numargs+0xec
         pc = 0xc022d15c  lr = 0xc03cc56c (kdb_trap+0xa4)
         sp = 0xc0957af8  fp = 0xc03cc32c
         r4 = 0xc0957b90
kdb_trap() at kdb_trap+0xa4
         pc = 0xc03cc56c  lr = 0xc0567dc8 (undefinedinstruction+0x2d8)
         sp = 0xc0957b18  fp = 0xc03cc32c
         r4 = 0x00000000  r5 = 0x00000000
         r6 = 0x00000000  r7 = 0xc0957b90
         r8 = 0xe7ffffff r10 = 0xe7ffffff
undefinedinstruction() at undefinedinstruction+0x2d8
         pc = 0xc0567dc8  lr = 0xc0558218 (exception_exit)
         sp = 0xc0957b90  fp = 0xc06012c8
         r4 = 0xffffffff  r5 = 0xffff1004
         r6 = 0xc06b9494  r7 = 0xc0957c14
         r8 = 0xc10db960  r9 = 0x00000001
        r10 = 0x00000000
exception_exit() at exception_exit
         pc = 0xc0558218  lr = 0xc03cc324 (kdb_enter+0x38)
         sp = 0xc0957be4  fp = 0xc06012c8
         r0 = 0x00000012  r1 = 0x60000013
         r2 = 0xc06c785c  r3 = 0xc06b94c0
         r4 = 0xc05d2898  r5 = 0xc0601dc0
         r6 = 0xc06b9494  r7 = 0xc0957c14
         r8 = 0xc10db960  r9 = 0x00000001
        r10 = 0x00000000 r12 = 0xc05cfb50
kdb_enter() at kdb_enter+0x44
         pc = 0xc03cc330  lr = 0xc0601dc0 (0xc0601dc0)
         sp = 0xc0957bec  fp = 0xc06012c8
         r4 = 0xc039a144
xscale_event_codes_size() at 0xc0601dc0
         pc = 0xc0601dc0  lr = 0x00000000 (0)
         sp = 0xc0957bf4  fp = 0xc06012c8
Unable to unwind into user mode

Though, I don't think user mode should start there.. there should be
a few more frames...
-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."

More information about the freebsd-arm mailing list