NetBSD Problem Report #43431

From martin@duskware.de  Mon Jun  7 19:13:56 2010
Return-Path: <martin@duskware.de>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id 4AE0E63B8CD
	for <gnats-bugs@gnats.NetBSD.org>; Mon,  7 Jun 2010 19:13:56 +0000 (UTC)
Message-Id: <20100607191355.85D4A63B102@mail.netbsd.org>
Date: Mon,  7 Jun 2010 19:13:55 +0000 (UTC)
From: martin@NetBSD.org
Reply-To: martin@NetBSD.org
To: gnats-bugs@gnats.NetBSD.org
Subject: mips trap handling broken
X-Send-Pr-Version: 3.95

>Number:         43431
>Category:       port-mips
>Synopsis:       mips trap handling broken
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    port-mips-maintainer
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Jun 07 19:15:00 +0000 2010
>Closed-Date:    Tue Jun 22 16:10:41 +0000 2010
>Last-Modified:  Tue Jun 22 16:10:41 +0000 2010
>Originator:     Martin Husemann
>Release:        NetBSD 5.99.30
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD 5.99.30 (CUBE) #22: Mon Jun  7 20:53:59 CEST 2010 evbmips-el, alchemy au1550
Architecture: mips
Machine: mips32
>Description:
Trying to boot an old userland with a current kernel fails in init:

init: copying out path `/sbin/init' 11
pid 1(init): ABI set to O32 (e_flags=0x1007)
trap: pid 1(init): sig 11: cause=0x8 epc=0x50505050 va=0x50505050
registers:
[ 0]=00000000 [ 1]=00000001 [ 2]=00000000 [ 3]=00000000
[ 4]=7dffb918 [ 5]=7fffdc14 [ 6]=00000000 [ 7]=7fffdbfc
[ 8]=7fffdc14 [ 9]=50505050 [10]=00000018 [11]=056de450
[12]=00000002 [13]=00000003 [14]=00000001 [15]=83f185e0
[16]=50505050 [17]=50505050 [18]=50505050 [19]=50505050
[20]=50505050 [21]=50505050 [22]=50505050 [23]=50505050
[24]=7dfa0000 [25]=7dfac2d8 [26]=00000000 [27]=00000000
[28]=7dff7150 [29]=7fffd724 [30]=50505050 [31]=50505050
Stopped in pid 1.1 (init) at    netbsd:cpu_Debugger+0x4:        jr      ra
                bdslot: nop
db> bt
cpu_Debugger+4 (804114d0,80360f40,b2,80360f5c) ra 80267524 sz 0
trap+35c (804114d0,8,50505050,50505050) ra 801b88e4 sz 144
mips32_UserGenException+d8 (804114d0,8,50505050,50505050) ra 0 sz 0
User-level: pid 1.1

Note the bogus register dump; this would have send a SIGSEGV to init - I
assume the args passed to from UserGenException() to trap() are bogus.
Maybe this was just a page fault misinterpreted some way?

>How-To-Repeat:
s/a

>Fix:
n/a

>Release-Note:

>Audit-Trail:
From: "Michael L. Hitch" <mhitch@lightning.msu.montana.edu>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: port-mips/43431: mips trap handling broken
Date: Tue, 8 Jun 2010 10:59:43 -0600 (MDT)

 On Mon, 7 Jun 2010, martin@NetBSD.org wrote:

 > init: copying out path `/sbin/init' 11
 > pid 1(init): ABI set to O32 (e_flags=0x1007)
 > trap: pid 1(init): sig 11: cause=0x8 epc=0x50505050 va=0x50505050
 > registers:
 > [ 0]=00000000 [ 1]=00000001 [ 2]=00000000 [ 3]=00000000
 > [ 4]=7dffb918 [ 5]=7fffdc14 [ 6]=00000000 [ 7]=7fffdbfc
 > [ 8]=7fffdc14 [ 9]=50505050 [10]=00000018 [11]=056de450
 > [12]=00000002 [13]=00000003 [14]=00000001 [15]=83f185e0
 > [16]=50505050 [17]=50505050 [18]=50505050 [19]=50505050
 > [20]=50505050 [21]=50505050 [22]=50505050 [23]=50505050
 > [24]=7dfa0000 [25]=7dfac2d8 [26]=00000000 [27]=00000000
 > [28]=7dff7150 [29]=7fffd724 [30]=50505050 [31]=50505050
 > Stopped in pid 1.1 (init) at    netbsd:cpu_Debugger+0x4:        jr      ra
 >                bdslot: nop
 > db> bt
 > cpu_Debugger+4 (804114d0,80360f40,b2,80360f5c) ra 80267524 sz 0
 > trap+35c (804114d0,8,50505050,50505050) ra 801b88e4 sz 144
 > mips32_UserGenException+d8 (804114d0,8,50505050,50505050) ra 0 sz 0
 > User-level: pid 1.1
 >
 > Note the bogus register dump; this would have send a SIGSEGV to init - I
 > assume the args passed to from UserGenException() to trap() are bogus.
 > Maybe this was just a page fault misinterpreted some way?

    The register dump should be coming from the user registers saved in the 
 PCB, so presumably are the actual registers at the time of the exception
 (and the contents of some of them being 0x50505050 rather matches the 
 exception PC and virtual address of the fault.  The one major thing I 
 can't figure out, and can't tell from the information that gets printed is 
 how it ended up in DDB.  It looks to me like that should only happen if 
 the exception occurred in kernel mode, which shouldn't have come from 
 mips32_UserGenException.  Perhaps that DEBUG code should also print out 
 the status and type variable;  status is used to set whether the trap is 
 user or not, and sets T_USER in the trap variable - which is then used to 
 control if DDB gets entered.

 --
 Michael L. Hitch			mhitch@montana.edu
 Computer Consultant
 Information Technology Center
 Montana State University	Bozeman, MT	USA

From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc: port-mips-maintainer@netbsd.org, gnats-admin@netbsd.org,
	netbsd-bugs@netbsd.org, martin@NetBSD.org
Subject: Re: port-mips/43431: mips trap handling broken
Date: Tue, 8 Jun 2010 19:41:14 +0200

 On Tue, Jun 08, 2010 at 05:00:06PM +0000, Michael L. Hitch wrote:
 >  exception PC and virtual address of the fault.  The one major thing I 
 >  can't figure out, and can't tell from the information that gets printed is 
 >  how it ended up in DDB.

 That I can explain :-)
 I added a Debugger() to find out what's going on - otherwise it would kill 
 init.

 Martin

State-Changed-From-To: open->feedback
State-Changed-By: simonb@NetBSD.org
State-Changed-When: Tue, 22 Jun 2010 12:44:11 +0000
State-Changed-Why:
Should be fixed with rev 1.36 of sys/arch/mips/mips/mipsX_subr.S .


From: Simon Burge <simonb@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/43431 CVS commit: src/sys/arch/mips/mips
Date: Tue, 22 Jun 2010 12:42:21 +0000

 Module Name:	src
 Committed By:	simonb
 Date:		Tue Jun 22 12:42:21 UTC 2010

 Modified Files:
 	src/sys/arch/mips/mips: mipsX_subr.S

 Log Message:
 Restore (and update) half of the TLB miss handler that went missing
 during the mips64 merge.  This gets my sbmips kernel booting to the
 login prompt.  This code could not possibly have been tested after
 the merge.

 Should fix PR port-mips/43431.


 To generate a diff of this commit:
 cvs rdiff -u -r1.35 -r1.36 src/sys/arch/mips/mips/mipsX_subr.S

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: feedback->closed
State-Changed-By: martin@NetBSD.org
State-Changed-When: Tue, 22 Jun 2010 16:10:41 +0000
State-Changed-Why:
Both sgimips and evbmips (on the alchemy board) work again for me - thanks!


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.