From owner-freebsd-bugs@freebsd.org  Wed Oct 26 22:33:09 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 28020C23956
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 26 Oct 2016 22:33:09 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 0DD8CC06
 for <freebsd-bugs@FreeBSD.org>; Wed, 26 Oct 2016 22:33:09 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u9QMX8hV045376
 for <freebsd-bugs@FreeBSD.org>; Wed, 26 Oct 2016 22:33:08 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 213778] stable/11 -r307797 on BPi-M3 (cortex-a7): truss gets
 segmentation fault for handling SIGSYS
Date: Wed, 26 Oct 2016 22:33:09 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 11.0-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: markmi@dsl-only.net
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-213778-8-BcZo2ccTiW@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-213778-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-213778-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Oct 2016 22:33:09 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D213778

--- Comment #1 from Mark Millard <markmi@dsl-only.net> ---
(In reply to Mark Millard from comment #0)

The following is from a report about a different issue than truss but what =
it
also says about the value reported bh gdb for t->cs.number when truss gets =
the
segmentation fault may be relevant information for truss's behavior. . .


Using "ktrace -i -t +fw" it looks like every repeat of the problem ends up =
with
the following sort of sequence (a variation is shown later):

34629 cc1      CALL=20
mmap(0,0x4000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,0xffff=
ffff,0x1c,0,0)
34629 cc1      RET   mmap 568225792/0x21de7000
34629 cc1      PFLT  0x21de7000 VM_PROT_WRITE
34629 cc1      PRET  KERN_SUCCESS
34629 cc1      PFLT  0x21de8000 VM_PROT_WRITE
34629 cc1      PRET  KERN_SUCCESS
34629 cc1      PFLT  0x21de9000 VM_PROT_WRITE
34629 cc1      PRET  KERN_SUCCESS
34629 cc1      PFLT  0x21dea000 VM_PROT_WRITE
34629 cc1      PRET  KERN_SUCCESS
34629 cc1      PFLT  0x229e8000 VM_PROT_WRITE
34629 cc1      PRET  KERN_SUCCESS
34629 cc1      PFLT  0x229e9000 VM_PROT_WRITE
34629 cc1      PRET  KERN_SUCCESS
34629 cc1      PFLT  0x229ea000 VM_PROT_WRITE
34629 cc1      PRET  KERN_SUCCESS
34629 cc1      CSW   stop user "ast"
34629 cc1      CSW   resume user "ast"
34629 cc1      PFLT  0x229eb000 VM_PROT_WRITE
34629 cc1      PRET  KERN_SUCCESS
34629 cc1      PFLT  0x229ec000 VM_PROT_WRITE
34629 cc1      PRET  KERN_SUCCESS
34629 cc1      CALL  [-17504]
34629 cc1      RET   [-17504] -1 errno 78 Function not implemented
34629 cc1      PSIG  SIGSYS SIG_DFL code=3DSI_KERNEL
34629 cc1      NAMI  "cc1.core"
34630 as       CSW   stop kernel "piperd"
34630 as       Events dropped.
34630 as       RET   read 0
34630 as       CALL  close(0)
34630 as       RET   close 0
. . .

I'll note that for the source this was compiling I used gdb truss with run =
-feH
-o truss.log and it reported:

(gdb) print t->cs.number
$5 =3D 580828064

FYI: 580828064 =3D 0x229EBBA0

where the truss segmentation fault was at line 385 of the following (sc=3D=
=3DNULL
in the context):

380             t->cs.name =3D sysdecode_syscallname(t->proc->abi->abi,
t->cs.number);
381             if (t->cs.name =3D=3D NULL)
(gdb)=20
382                     fprintf(info->outfile, "-- UNKNOWN %s SYSCALL %d --=
\n",
383                         t->proc->abi->type, t->cs.number);
384=20=20=20=20=20
385             sc =3D get_syscall(t->cs.name, narg);
386             t->cs.nargs =3D sc->nargs;
387             assert(sc->nargs <=3D nitems(t->cs.s_args));
388=20=20=20=20=20
389             t->cs.sc =3D sc;

The 229E matched the upper part of local PFLT activity around the user "ast"
CSW's, including just before the bad call.

But the details do vary some based on the source file being compiled. For
example here the user "ast" CSW's are just before the mmap but are still ju=
st
after the 0x229ea000 PFLT:

34698 cc1      PRET  KERN_SUCCESS
34698 cc1      PFLT  0xbfbf2000 VM_PROT_WRITE
34698 cc1      PRET  KERN_SUCCESS
34698 cc1      PFLT  0x229e7000 VM_PROT_WRITE
34698 cc1      PRET  KERN_SUCCESS
34698 cc1      PFLT  0x229e8000 VM_PROT_WRITE
34698 cc1      PRET  KERN_SUCCESS
34698 cc1      PFLT  0x229e9000 VM_PROT_WRITE
34698 cc1      PRET  KERN_SUCCESS
34698 cc1      PFLT  0x229ea000 VM_PROT_WRITE
34698 cc1      PRET  KERN_SUCCESS
34698 cc1      CSW   stop user "ast"
34698 cc1      CSW   resume user "ast"
34698 cc1      CALL=20
mmap(0,0x4000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,0xffff=
ffff,0,0,0)
34698 cc1      RET   mmap 568225792/0x21de7000
34698 cc1      PFLT  0x21de7000 VM_PROT_WRITE
34698 cc1      PRET  KERN_SUCCESS
34698 cc1      PFLT  0x21de8000 VM_PROT_WRITE
34698 cc1      PRET  KERN_SUCCESS
34698 cc1      PFLT  0x21de9000 VM_PROT_WRITE
34698 cc1      PRET  KERN_SUCCESS
34698 cc1      PFLT  0x21dea000 VM_PROT_WRITE
34698 cc1      PRET  KERN_SUCCESS
34698 cc1      PFLT  0x229eb000 VM_PROT_WRITE
34698 cc1      PRET  KERN_SUCCESS
34698 cc1      CALL  [-25840]
34698 cc1      RET   [-25840] -1 errno 78 Function not implemented
34698 cc1      PSIG  SIGSYS SIG_DFL code=3DSI_KERNEL
34698 cc1      NAMI  "cc1.core"
34699 as       CSW   stop kernel "piperd"
34699 as       Events dropped.
34699 as       RET   read 0
34699 as       CALL  close(0)
34699 as       RET   close 0

-25840 in 2's complement is: 0xF...F9B10

Here doing the gdb truss instead reports:

(gdb) print t->cs.number
$1 =3D 580819728

and 580819728 =3D 0x229E9B10

and the 229E part matches several PFLT's in the area, including just before=
 the
bad call as well as just before the user "ast"s. Between them are some PFLT=
's
that do not match.

I would guess that the 229E in t->cs.number in truss is from the PFLT just
before the failing syscall in each case.

--=20
You are receiving this mail because:
You are the assignee for the bug.=