Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 13 Jan 2014 07:23:30 -0700
From:      Ian Lepore <ian@FreeBSD.org>
To:        John-Mark Gurney <jmg@funkthat.com>
Cc:        "freebsd-arm@freebsd.org" <freebsd-arm@FreeBSD.org>
Subject:   Re: svn commit: r258412 - in head/sys/arm: at91 econa s3c2xx0 sa11x0 xscale/i80321 xscale/i8134x xscale/ixp425 xscale/pxa
Message-ID:  <1389623010.1230.3.camel@revolution.hippie.lan>
In-Reply-To: <20140113055215.GB2982@funkthat.com>
References:  <201311210108.rAL18AoQ051365@svn.freebsd.org> <20131221061048.GC99167@funkthat.com> <20140108071643.GB99167@funkthat.com> <1389197091.1158.370.camel@revolution.hippie.lan> <20140108173909.GF99167@funkthat.com> <20140110230241.GS46596@funkthat.com> <20140111135156.251a70fa@bender.Home> <20140111205303.GZ46596@funkthat.com> <CAAUsrB7FTVdu2nXKNjOhDxG=b3=KdUvNwtB30s2odJrYCR4XgQ@mail.gmail.com> <20140113055215.GB2982@funkthat.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 2014-01-12 at 21:52 -0800, John-Mark Gurney wrote:
[...]
> 
> which I'll take a look at shortly, but more importantly, as sshd
> comes up, I get:
> panic: vm_page_alloc: page 0xc0805db0 is wired
> 
> I can't get a bt from the crash though, as this is what I get:
> db> bt
> Tracing pid 793 tid 100054 td 0xc10db960
> db_trace_self() at db_trace_self
>          pc = 0xc05564d0  lr = 0xc055655c (db_trace_thread+0x50)
>          sp = 0xc09578c0  fp = 0xc03cc32c
> db_trace_thread() at db_trace_thread+0x50
>          pc = 0xc055655c  lr = 0xc022b4d4 (db_command_init+0x620)
>          sp = 0xc0957920  fp = 0xc03cc32c
> db_command_init() at db_command_init+0x620
>          pc = 0xc022b4d4  lr = 0xc022abac (db_skip_to_eol+0x480)
>          sp = 0xc0957938  fp = 0xc03cc32c
>          r4 = 0xc066fcd4  r5 = 0x00000000
> db_skip_to_eol() at db_skip_to_eol+0x480
>          pc = 0xc022abac  lr = 0xc022ad14 (db_command_loop+0x5c)
>          sp = 0xc09579d8  fp = 0xc03cc32c
>          r4 = 0xc09579ec  r5 = 0xc066ffa4
>          r6 = 0x00000000  r7 = 0x00000000
>          r8 = 0x00000001 r10 = 0x600000d3
> db_command_loop() at db_command_loop+0x5c
>          pc = 0xc022ad14  lr = 0xc022d15c (X_db_sym_numargs+0xec)
>          sp = 0xc09579e0  fp = 0xc03cc32c
> X_db_sym_numargs() at X_db_sym_numargs+0xec
>          pc = 0xc022d15c  lr = 0xc03cc56c (kdb_trap+0xa4)
>          sp = 0xc0957af8  fp = 0xc03cc32c
>          r4 = 0xc0957b90
> kdb_trap() at kdb_trap+0xa4
>          pc = 0xc03cc56c  lr = 0xc0567dc8 (undefinedinstruction+0x2d8)
>          sp = 0xc0957b18  fp = 0xc03cc32c
>          r4 = 0x00000000  r5 = 0x00000000
>          r6 = 0x00000000  r7 = 0xc0957b90
>          r8 = 0xe7ffffff r10 = 0xe7ffffff
> undefinedinstruction() at undefinedinstruction+0x2d8
>          pc = 0xc0567dc8  lr = 0xc0558218 (exception_exit)
>          sp = 0xc0957b90  fp = 0xc06012c8
>          r4 = 0xffffffff  r5 = 0xffff1004
>          r6 = 0xc06b9494  r7 = 0xc0957c14
>          r8 = 0xc10db960  r9 = 0x00000001
>         r10 = 0x00000000
> exception_exit() at exception_exit
>          pc = 0xc0558218  lr = 0xc03cc324 (kdb_enter+0x38)
>          sp = 0xc0957be4  fp = 0xc06012c8
>          r0 = 0x00000012  r1 = 0x60000013
>          r2 = 0xc06c785c  r3 = 0xc06b94c0
>          r4 = 0xc05d2898  r5 = 0xc0601dc0
>          r6 = 0xc06b9494  r7 = 0xc0957c14
>          r8 = 0xc10db960  r9 = 0x00000001
>         r10 = 0x00000000 r12 = 0xc05cfb50
> kdb_enter() at kdb_enter+0x44
>          pc = 0xc03cc330  lr = 0xc0601dc0 (0xc0601dc0)
>          sp = 0xc0957bec  fp = 0xc06012c8
>          r4 = 0xc039a144
> xscale_event_codes_size() at 0xc0601dc0
>          pc = 0xc0601dc0  lr = 0x00000000 (0)
>          sp = 0xc0957bf4  fp = 0xc06012c8
> Unable to unwind into user mode
> 
> Though, I don't think user mode should start there.. there should be
> a few more frames...

It looks like the unwinding ran into a corrupted stack.  Unable to
unwind into user mode happens when the saved PC in the next stack frame
has an address < 0xc0000000.  Another sign of brokeness is that
xscale_event_codes_size is data, not code (the tracer just looks up and
prints the nearest symbol to the address it's looking for).

-- Ian





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1389623010.1230.3.camel>