Date: Fri, 3 Mar 2017 15:57:56 +0100 From: Alexander Tarasikov <alexander.tarasikov@gmail.com> To: Lee D <embaudarm@gmail.com> Cc: freebsd-hackers@freebsd.org Subject: Re: How approach debugging a kernel crash? Message-ID: <CAMChaFwecuGAojE2mmT4=K-qseAkMBrsEpstgx=xPfJOndmCOA@mail.gmail.com> In-Reply-To: <CANC_bnOUD1TDdrqYWpn4kw4kva8v4q1tpyUAGmm5bpVEU=RDrA@mail.gmail.com> References: <CANC_bnOUD1TDdrqYWpn4kw4kva8v4q1tpyUAGmm5bpVEU=RDrA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, the kernel prints the FAR, the fault address register, and the registers. Looks like it crashes inside the fault handler itself? I would go to the "abort_handler" or "exception_exit" and add debugging prints to UART into there to catch the initial abort. Hope this leads somewhere On Feb 27, 2017 06:35, "Lee D" <embaudarm@gmail.com> wrote: > Hi, > > I am trying to write a custom boot loader for ARM, to replace u-boot and > ubldr. > > As I'm working through this, I keep getting kernel crashes. I've got the > kernel debugger enabled, but doing a backtrace doesn't reveal any useful > information. > > How does one go about figuring out exactly what caused an exception? I > need to know where the kernel crashed so I can figure out what piece of > hardware I haven't set up correctly. > > The back trace is just a bunch of abort stuff, and ends in the message > "Unable to unwind into user mode". > > I've quoted the backtrace below, and also my kernel message. > > Mostly I'm looking for suggestions on how to go about finding the location > of the crash, as I expect to be doing this a lot this week :-) > > Thanks! > > Lee > > > db> bt > Tracing pid 0 tid 100000 td 0xc08f8470 > db_trace_self() at db_trace_self > pc = 0xc0669b44 lr = 0xc014c288 (db_hex2dec+0x1f4) > sp = 0xffff0cb0 fp = 0xffff0cc8 > db_hex2dec() at db_hex2dec+0x1f4 > pc = 0xc014c288 lr = 0xc014becc (db_command_loop+0x2f4) > sp = 0xffff0cd0 fp = 0xffff0d70 > r4 = 0x00000001 r5 = 0x00000000 > r6 = 0xc0704ae6 r10 = 0xc08f6f98 > db_command_loop() at db_command_loop+0x2f4 > pc = 0xc014becc lr = 0xc014bc4c (db_command_loop+0x74) > sp = 0xffff0d78 fp = 0xffff0d88 > r4 = 0xc06cfe7d r5 = 0xc06e1e0e > r6 = 0xc08f6f84 r7 = 0xffff0fa0 > r8 = 0xc08ead98 r9 = 0xc0791060 > r10 = 0xc08ead9c > db_command_loop() at db_command_loop+0x74 > pc = 0xc014bc4c lr = 0xc014f084 (db_fetch_ksymtab+0x2e8) > sp = 0xffff0d90 fp = 0xffff0ea8 > r4 = 0x00000807 r5 = 0x00000000 > r6 = 0xc08f6f90 r10 = 0xc08ead9c > db_fetch_ksymtab() at db_fetch_ksymtab+0x2e8 > pc = 0xc014f084 lr = 0xc0341870 (kdb_trap+0x180) > sp = 0xffff0eb0 fp = 0xffff0ed8 > r4 = 0x00000000 r5 = 0x00000807 > r6 = 0xc08eadb8 r10 = 0xc08ead9c > kdb_trap() at kdb_trap+0x180 > pc = 0xc0341870 lr = 0xc06908b4 (abort_handler+0x678) > sp = 0xffff0ee0 fp = 0xffff0f00 > r4 = 0xffff0fa0 r5 = 0x00000013 > r6 = 0xffff1030 r7 = 0x00000007 > r8 = 0x00000807 r9 = 0xc08f8470 > r10 = 0xffff0fa0 > abort_handler() at abort_handler+0x678 > pc = 0xc06908b4 lr = 0xc0690600 (abort_handler+0x3c4) > sp = 0xffff0f08 fp = 0xffff0f98 > r4 = 0x00000001 r5 = 0x00000007 > r6 = 0x00000000 r7 = 0x00000807 > r8 = 0x00000013 r10 = 0xffff0fa0 > abort_handler() at abort_handler+0x3c4 > pc = 0xc0690600 lr = 0xc066c42c (exception_exit) > sp = 0xffff0fa0 fp = 0xc0a13e70 > r4 = 0x00000000 r5 = 0xc08f8808 > r6 = 0x00000001 r7 = 0x00000000 > r8 = 0xc08f890c r9 = 0xc08f8908 > r10 = 0x00002802 > exception_exit() at exception_exit > pc = 0xc066c42c lr = 0x1000019c (0x1000019c) > sp = 0xffff1034 fp = 0xc0a13e70 > r0 = 0xc066c534 r1 = 0xc0a0b000 > r2 = 0xffff107c r3 = 0x20010193 > r4 = 0x00000000 r5 = 0xc08f8808 > r6 = 0x00000001 r7 = 0x00000000 > r8 = 0xc08f890c r9 = 0xc08f8908 > r10 = 0x00002802 r12 = 0xfefefeff > data_abort_entry() at data_abort_entry+0x30 > pc = 0xc066c534 lr = 0x1000019c (0x1000019c) > sp = 0xffff1034 fp = 0xc0a13e70 > Unable to unwind into user mode > > KDB: debugger backends: ddb > KDB: current backend: ddb > Copyright (c) 1992-2016 The FreeBSD Project. > Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 > The Regents of the University of California. All rights reserved. > FreeBSD is a registered trademark of The FreeBSD Foundation. > FreeBSD 11.0-RELEASE-p1 #27 r309723M: Sat Feb 25 18:51:15 EST 2017 > builder@abe:/usr/home/builder/projects/fbsd_11.0.1/obj/arm. > armv6/usr/home/builder/projects/fbsd_11.0.1/src/sys/AXSACM > arm > FreeBSD clang version 3.8.0 (tags/RELEASE_380/final 262564) (based on LLVM > 3.8.0) > VT: init without driver. > CPU: Cortex A9-r3 rev 0 (Cortex-A core) > Supported features: ARM_ISA THUMB2 JAZELLE THUMBEE ARMv4 Security_Ext > WB enabled LABT branch prediction disabled > LoUU:2 LoC:2 LoUIS:2 > Cache level 1: > 32KB/32B 4-way data cache WB Read-Alloc Write-Alloc > 32KB/32B 4-way instruction cache Read-Alloc > real memory = 535822336 (511 MB) > avail memory = 513486848 (489 MB) > FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs > random: entropy device external interface > ofwbus0: <Open Firmware Device Tree> > simplebus0: <Flattened device tree simple bus> on ofwbus0 > simplebus1: <Flattened device tree simple bus> on ofwbus0 > simplebus2: <Flattened device tree simple bus> on ofwbus0 > l2cache0: <PL310 L2 cache controller> mem 0xf02000-0xf02fff on simplebus0 > l2cache0: cannot allocate IRQ, not using interrupt > l2cache0: Part number: 0x3, release: 0x8 > l2cache0: L2 Cache enabled: 512KB/32B 8 ways > gic0: <ARM Generic Interrupt Controller> mem > 0xf01000-0xf01fff,0xf00100-0xf001ff on simplebus0 > gic0: pn 0x390, arch 0x1, rev 0x2, implementer 0x43b irqs 96 > mp_tmr0: <ARM MPCore Timers> mem 0xf00200-0xf002ff,0xf00600-0xf0061f on > simplebus0 > Timecounter "MPCore" frequency 325000000 Hz quality 800 > Event timer "MPCore" frequency 325000000 Hz quality 1000 > zy7_slcr0: <Zynq-7000 slcr block> mem 0-0xfff on simplebus0 > zy7_devcfg0: <Zynq devcfg block> mem 0x7000-0x7fff on simplebus0 > uart0: <Cadence UART> mem 0x1000-0x1fff on simplebus1 > uart0: console (-1,n,8,1) > ehci0: <Zynq-7000 EHCI USB 2.0 controller> mem 0x2000-0x2fff on simplebus1 > usbus0: EHCI version 1.0 > usbus0: stop timeout > usbus0 on ehci0 > gpio0: <Zynq-7000 GPIO driver> mem 0xa000-0xafff on simplebus1 > gpiobus0: <GPIO bus> on gpio0 > gpioc0: <GPIO controller> on gpio0 > cgem0: <Cadence CGEM Gigabit Ethernet Interface> mem 0xb000-0xbfff on > simplebus1 > miibus0: <MII bus> on cgem0 > rgephy0: <RTL8169S/8110S/8211 1000BASE-T media interface> PHY 0 on miibus0 > rgephy0: none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, > 1000baseT-FDX, 1000baseT-FDX-master, auto > rgephy1: <RTL8169S/8110S/8211 1000BASE-T media interface> PHY 1 on miibus0 > rgephy1: none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, > 1000baseT-FDX, 1000baseT-FDX-master, auto > cgem0: no mac address found, assigning random: 62:73:64:b9:65:d2 > cgem0: Ethernet address: 62:73:64:b9:65:d2 > sdhci_fdt0: <Zynq-7000 generic fdt SDHCI controller> mem 0x100000-0x100fff > on simplebus1 > sdhci_fdt0: 1 slot(s) allocated > mmc0: <MMC/SD bus> on sdhci_fdt0 > sdhci_fdt1: <Zynq-7000 generic fdt SDHCI controller> mem 0x101000-0x101fff > on simplebus1 > sdhci_fdt1: 1 slot(s) allocated > mmc1: <MMC/SD bus> on sdhci_fdt1 > cryptosoft0: <software crypto> > Fatal kernel mode data abort: 'Translation Fault (L2)' on write > trapframe: 0xffff0fa0 > FSR=00000807, FAR=ffff1030, spsr=20010193 > r0 =c066c534, r1 =c0a0b000, r2 =ffff107c, r3 =20010193 > r4 =00000000, r5 =c08f8808, r6 =00000001, r7 =00000000 > r8 =c08f890c, r9 =c08f8908, r10=00002802, r11=c0a13e70 > r12=fefefeff, ssp=ffff1034, slr=1000019c, pc =c066c534 > > [ thread pid 0 tid 100000 ] > Stopped at data_abort_entry+0x30: str r0, [r13, -#0x004]! > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAMChaFwecuGAojE2mmT4=K-qseAkMBrsEpstgx=xPfJOndmCOA>