How approach debugging a kernel crash?

Alexander Tarasikov alexander.tarasikov at gmail.com
Fri Mar 3 14:57:58 UTC 2017 

Hi,
the kernel prints the FAR, the fault address register, and the registers.
Looks like it crashes inside the fault handler itself?

I would go to the "abort_handler" or "exception_exit" and add debugging
prints to UART into there to catch the initial abort. Hope this leads
somewhere

On Feb 27, 2017 06:35, "Lee D" <embaudarm at gmail.com> wrote:

> Hi,
>
> I am trying to write a custom boot loader for ARM, to replace u-boot and
> ubldr.
>
> As I'm working through this, I keep getting kernel crashes.  I've got the
> kernel debugger enabled, but doing a backtrace doesn't reveal any useful
> information.
>
> How does one go about figuring out exactly what caused an exception?  I
> need to know where the kernel crashed so I can figure out what piece of
> hardware I haven't set up correctly.
>
> The back trace is just a bunch of abort stuff, and ends in the message
> "Unable to unwind into user mode".
>
> I've quoted the backtrace below, and also my kernel message.
>
> Mostly I'm looking for suggestions on how to go about finding the location
> of the crash, as I expect to be doing this a lot this week :-)
>
> Thanks!
>
> Lee
>
>
> db> bt
> Tracing pid 0 tid 100000 td 0xc08f8470
> db_trace_self() at db_trace_self
>          pc = 0xc0669b44  lr = 0xc014c288 (db_hex2dec+0x1f4)
>          sp = 0xffff0cb0  fp = 0xffff0cc8
> db_hex2dec() at db_hex2dec+0x1f4
>          pc = 0xc014c288  lr = 0xc014becc (db_command_loop+0x2f4)
>          sp = 0xffff0cd0  fp = 0xffff0d70
>          r4 = 0x00000001  r5 = 0x00000000
>          r6 = 0xc0704ae6 r10 = 0xc08f6f98
> db_command_loop() at db_command_loop+0x2f4
>          pc = 0xc014becc  lr = 0xc014bc4c (db_command_loop+0x74)
>          sp = 0xffff0d78  fp = 0xffff0d88
>          r4 = 0xc06cfe7d  r5 = 0xc06e1e0e
>          r6 = 0xc08f6f84  r7 = 0xffff0fa0
>          r8 = 0xc08ead98  r9 = 0xc0791060
>         r10 = 0xc08ead9c
> db_command_loop() at db_command_loop+0x74
>          pc = 0xc014bc4c  lr = 0xc014f084 (db_fetch_ksymtab+0x2e8)
>          sp = 0xffff0d90  fp = 0xffff0ea8
>          r4 = 0x00000807  r5 = 0x00000000
>          r6 = 0xc08f6f90 r10 = 0xc08ead9c
> db_fetch_ksymtab() at db_fetch_ksymtab+0x2e8
>          pc = 0xc014f084  lr = 0xc0341870 (kdb_trap+0x180)
>          sp = 0xffff0eb0  fp = 0xffff0ed8
>          r4 = 0x00000000  r5 = 0x00000807
>          r6 = 0xc08eadb8 r10 = 0xc08ead9c
> kdb_trap() at kdb_trap+0x180
>          pc = 0xc0341870  lr = 0xc06908b4 (abort_handler+0x678)
>          sp = 0xffff0ee0  fp = 0xffff0f00
>          r4 = 0xffff0fa0  r5 = 0x00000013
>          r6 = 0xffff1030  r7 = 0x00000007
>          r8 = 0x00000807  r9 = 0xc08f8470
>         r10 = 0xffff0fa0
> abort_handler() at abort_handler+0x678
>          pc = 0xc06908b4  lr = 0xc0690600 (abort_handler+0x3c4)
>          sp = 0xffff0f08  fp = 0xffff0f98
>          r4 = 0x00000001  r5 = 0x00000007
>          r6 = 0x00000000  r7 = 0x00000807
>          r8 = 0x00000013 r10 = 0xffff0fa0
> abort_handler() at abort_handler+0x3c4
>          pc = 0xc0690600  lr = 0xc066c42c (exception_exit)
>          sp = 0xffff0fa0  fp = 0xc0a13e70
>          r4 = 0x00000000  r5 = 0xc08f8808
>          r6 = 0x00000001  r7 = 0x00000000
>          r8 = 0xc08f890c  r9 = 0xc08f8908
>         r10 = 0x00002802
> exception_exit() at exception_exit
>          pc = 0xc066c42c  lr = 0x1000019c (0x1000019c)
>          sp = 0xffff1034  fp = 0xc0a13e70
>          r0 = 0xc066c534  r1 = 0xc0a0b000
>          r2 = 0xffff107c  r3 = 0x20010193
>          r4 = 0x00000000  r5 = 0xc08f8808
>          r6 = 0x00000001  r7 = 0x00000000
>          r8 = 0xc08f890c  r9 = 0xc08f8908
>         r10 = 0x00002802 r12 = 0xfefefeff
> data_abort_entry() at data_abort_entry+0x30
>          pc = 0xc066c534  lr = 0x1000019c (0x1000019c)
>          sp = 0xffff1034  fp = 0xc0a13e70
> Unable to unwind into user mode
>
> KDB: debugger backends: ddb
> KDB: current backend: ddb
> Copyright (c) 1992-2016 The FreeBSD Project.
> Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
>         The Regents of the University of California. All rights reserved.
> FreeBSD is a registered trademark of The FreeBSD Foundation.
> FreeBSD 11.0-RELEASE-p1 #27 r309723M: Sat Feb 25 18:51:15 EST 2017
>     builder at abe:/usr/home/builder/projects/fbsd_11.0.1/obj/arm.
> armv6/usr/home/builder/projects/fbsd_11.0.1/src/sys/AXSACM
> arm
> FreeBSD clang version 3.8.0 (tags/RELEASE_380/final 262564) (based on LLVM
> 3.8.0)
> VT: init without driver.
> CPU: Cortex A9-r3 rev 0 (Cortex-A core)
>  Supported features: ARM_ISA THUMB2 JAZELLE THUMBEE ARMv4 Security_Ext
>  WB enabled LABT branch prediction disabled
> LoUU:2 LoC:2 LoUIS:2
> Cache level 1:
>  32KB/32B 4-way data cache WB Read-Alloc Write-Alloc
>  32KB/32B 4-way instruction cache Read-Alloc
> real memory  = 535822336 (511 MB)
> avail memory = 513486848 (489 MB)
> FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
> random: entropy device external interface
> ofwbus0: <Open Firmware Device Tree>
> simplebus0: <Flattened device tree simple bus> on ofwbus0
> simplebus1: <Flattened device tree simple bus> on ofwbus0
> simplebus2: <Flattened device tree simple bus> on ofwbus0
> l2cache0: <PL310 L2 cache controller> mem 0xf02000-0xf02fff on simplebus0
> l2cache0: cannot allocate IRQ, not using interrupt
> l2cache0: Part number: 0x3, release: 0x8
> l2cache0: L2 Cache enabled: 512KB/32B 8 ways
> gic0: <ARM Generic Interrupt Controller> mem
> 0xf01000-0xf01fff,0xf00100-0xf001ff on simplebus0
> gic0: pn 0x390, arch 0x1, rev 0x2, implementer 0x43b irqs 96
> mp_tmr0: <ARM MPCore Timers> mem 0xf00200-0xf002ff,0xf00600-0xf0061f on
> simplebus0
> Timecounter "MPCore" frequency 325000000 Hz quality 800
> Event timer "MPCore" frequency 325000000 Hz quality 1000
> zy7_slcr0: <Zynq-7000 slcr block> mem 0-0xfff on simplebus0
> zy7_devcfg0: <Zynq devcfg block> mem 0x7000-0x7fff on simplebus0
> uart0: <Cadence UART> mem 0x1000-0x1fff on simplebus1
> uart0: console (-1,n,8,1)
> ehci0: <Zynq-7000 EHCI USB 2.0 controller> mem 0x2000-0x2fff on simplebus1
> usbus0: EHCI version 1.0
> usbus0: stop timeout
> usbus0 on ehci0
> gpio0: <Zynq-7000 GPIO driver> mem 0xa000-0xafff on simplebus1
> gpiobus0: <GPIO bus> on gpio0
> gpioc0: <GPIO controller> on gpio0
> cgem0: <Cadence CGEM Gigabit Ethernet Interface> mem 0xb000-0xbfff on
> simplebus1
> miibus0: <MII bus> on cgem0
> rgephy0: <RTL8169S/8110S/8211 1000BASE-T media interface> PHY 0 on miibus0
> rgephy0:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX,
> 1000baseT-FDX, 1000baseT-FDX-master, auto
> rgephy1: <RTL8169S/8110S/8211 1000BASE-T media interface> PHY 1 on miibus0
> rgephy1:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX,
> 1000baseT-FDX, 1000baseT-FDX-master, auto
> cgem0: no mac address found, assigning random: 62:73:64:b9:65:d2
> cgem0: Ethernet address: 62:73:64:b9:65:d2
> sdhci_fdt0: <Zynq-7000 generic fdt SDHCI controller> mem 0x100000-0x100fff
> on simplebus1
> sdhci_fdt0: 1 slot(s) allocated
> mmc0: <MMC/SD bus> on sdhci_fdt0
> sdhci_fdt1: <Zynq-7000 generic fdt SDHCI controller> mem 0x101000-0x101fff
> on simplebus1
> sdhci_fdt1: 1 slot(s) allocated
> mmc1: <MMC/SD bus> on sdhci_fdt1
> cryptosoft0: <software crypto>
> Fatal kernel mode data abort: 'Translation Fault (L2)' on write
> trapframe: 0xffff0fa0
> FSR=00000807, FAR=ffff1030, spsr=20010193
> r0 =c066c534, r1 =c0a0b000, r2 =ffff107c, r3 =20010193
> r4 =00000000, r5 =c08f8808, r6 =00000001, r7 =00000000
> r8 =c08f890c, r9 =c08f8908, r10=00002802, r11=c0a13e70
> r12=fefefeff, ssp=ffff1034, slr=1000019c, pc =c066c534
>
> [ thread pid 0 tid 100000 ]
> Stopped at      data_abort_entry+0x30:  str     r0, [r13, -#0x004]!
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
>

More information about the freebsd-hackers mailing list