Subject: port-arm32/7123: Registers corrupted when a process is swapped out
To: None <gnats-bugs@gnats.netbsd.org>
From: Richard Earnshaw <rearnsha@cambridge.arm.com>
List: netbsd-bugs
Date: 03/10/1999 18:16:09
>Number: 7123
>Category: port-arm32
>Synopsis: Registers corrupted when a process is swapped out
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: port-arm32-maintainer (NetBSD/arm32 Portmaster)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Mar 10 10:20:00 1999
>Last-Modified:
>Originator: Richard Earnshaw
>Organization:
ARM
--
>Release: Netbsd-current 19990305<NetBSD-current source date>
>Environment:
System: NetBSD shark1 1.3K NetBSD 1.3K (SHARK) #15: Sat Mar 6 15:01:12 GMT 1999 rearnsha@shark1:/work/rearnsha/netbsd/sys/arch/arm32/compile/SHARK arm32
>Description:
If a processes gets swapped out while blocked in wait4(), the
registers are sometimes corrupted when the process is finally
resumed.
While trying to compile kdelib-1.1 (addressbook.cc), I get a
repeated core-dump from the bin/sh process that is running the
pkglibtool-1.2p1 script. After some hacking of my bin/sh to
lock the wait4 function into memory (see port-arm32/7122), I
have managed to catch the SWI called by wait4 returning with
invalid register values. Forcing the frame pointer to the
correct value seems to indicate that the stack is valid, just
that it is incorrectly addressed.
I've included a gdb transcript below. Note that in the stack
back-traces, wait4 appears to be called directly from
waitproc(); in fact wait4 is frameless, so the real caller is
wait3(), which was called from waitproc(): The value of lr
indicates that this is indeed the case.
bash-2.03# gdb /bin/sh 29937
arm--netbsd target configuration is high experimental
Report any problems to amb@physig.ph.kcl.ac.uk
GDB is free software and you are welcome to distribute copies of it
under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.16 (arm--netbsd), Copyright 1996 Free Software Foundation, Inc...
/tmp/29937: No such file or directory.
Attaching to program `/bin/sh', process 29937
0x33784 in wait4 ()
(gdb) break *wait4
Breakpoint 1 at 0x33780
(gdb) break *wait4+8
Breakpoint 2 at 0x33788
(gdb) c
Continuing.
Breakpoint 2, 0x33788 in wait4 ()
(gdb) where
#0 0x33788 in wait4 ()
#1 0xb344 in waitproc (block=137, status=0xefbfc948)
at /work/rearnsha/netbsd/bin/sh/jobs.c:895
#2 0xafac in dowait (block=1, job=0x78000)
at /work/rearnsha/netbsd/bin/sh/jobs.c:765
#3 0xae00 in waitforjob (jp=0x1) at /work/rearnsha/netbsd/bin/sh/jobs.c:708
#4 0x3ef4 in evalcommand (cmd=0x78000, flags=0, backcmd=0x0)
at /work/rearnsha/netbsd/bin/sh/eval.c:863
#5 0x2bc0 in evaltree (n=0x1, flags=484468)
at /work/rearnsha/netbsd/bin/sh/eval.c:271
#6 0x2948 in evalstring (s=0x1 <Error reading address 0x1: Invalid argument>)
at /work/rearnsha/netbsd/bin/sh/eval.c:174
#7 0x28f4 in evalcmd (argc=137, argv=0xefbfc948)
at /work/rearnsha/netbsd/bin/sh/eval.c:154
#8 0x3d5c in evalcommand (cmd=0x78000, flags=2, backcmd=0x0)
...
(gdb) c
Continuing.
Breakpoint 1, 0x33780 in wait4 ()
(gdb)
Continuing.
Breakpoint 2, 0x33788 in wait4 ()
(gdb)
Continuing.
Breakpoint 1, 0x33780 in wait4 ()
(gdb)
Continuing.
Breakpoint 2, 0x33788 in wait4 ()
(gdb)
Continuing.
Breakpoint 1, 0x33780 in wait4 ()
(gdb)
Continuing.
Breakpoint 2, 0x33788 in wait4 ()
(gdb)
Continuing.
Breakpoint 1, 0x33780 in wait4 ()
(gdb) where
#0 0x33780 in wait4 ()
#1 0xb344 in waitproc (block=-1, status=0xefbfc9c0)
at /work/rearnsha/netbsd/bin/sh/jobs.c:895
#2 0xafac in dowait (block=1, job=0x78000)
at /work/rearnsha/netbsd/bin/sh/jobs.c:765
#3 0xae00 in waitforjob (jp=0x1) at /work/rearnsha/netbsd/bin/sh/jobs.c:708
#4 0x3ef4 in evalcommand (cmd=0x78000, flags=0, backcmd=0x0)
at /work/rearnsha/netbsd/bin/sh/eval.c:863
#5 0x2bc0 in evaltree (n=0x1, flags=484468)
at /work/rearnsha/netbsd/bin/sh/eval.c:271
#6 0x2948 in evalstring (s=0x1 <Error reading address 0x1: Invalid argument>)
at /work/rearnsha/netbsd/bin/sh/eval.c:174
#7 0x28f4 in evalcmd (argc=-1, argv=0xefbfc9c0)
at /work/rearnsha/netbsd/bin/sh/eval.c:154
#8 0x3d5c in evalcommand (cmd=0x78000, flags=2, backcmd=0x0)
at /work/rearnsha/netbsd/bin/sh/eval.c:815
#9 0x2bc0 in evaltree (n=0x1, flags=484468)
at /work/rearnsha/netbsd/bin/sh/eval.c:271
#10 0x2afc in evaltree (n=0x1, flags=484468)
at /work/rearnsha/netbsd/bin/sh/eval.c:237
#11 0x2b34 in evaltree (n=0x1, flags=484468)
at /work/rearnsha/netbsd/bin/sh/eval.c:243
#12 0x2b34 in evaltree (n=0x1, flags=484468)
...
(gdb) info reg
r0 0xffffffff -1
r1 0xefbfc9c0 -272643648
r2 0x2 2
r3 0x0 0
r4 0x1 1
r5 0x76474 484468
r6 0x75c00 482304
r7 0x78000 491520
r8 0x0 0
r9 0xa1838 661560
r10 0x0 0
fp 0xefbfc9ac -272643668
ip 0xefbfc9c0 -272643648
sp 0xefbfc9a0 -272643680
lr 0x2c0f0 180464
pc 0x33780 210816
fps 0x0 0
ps 0x20000010 536870928
(gdb) c
Continuing.
Breakpoint 2, 0x33788 in wait4 ()
(gdb) where
#0 0x33788 in wait4 ()
#1 0x1395c in hashvar (p=0xefbfc948 "")
at /work/rearnsha/netbsd/bin/sh/var.c:739
#2 0x50cc in cmdlookup (name=0x0, add=0)
at /work/rearnsha/netbsd/bin/sh/exec.c:752
#3 0x4974 in find_command (name=0x78000 "£", entry=0xefbfca20, act=1,
path=0xefbfd778 "/home/rearnsha/bin/arm32:/home/rearnsha/bin/arm32:/home/rea
rnsha/bin/scripts:/usr/local/bin:/usr/ucb:/bin:/usr/bin:/usr/local/gnu/bin:/usr/
local/contrib/bin:/usr/X11R6/bin:/usr/pkg/bin:/usr/pkg/bin:/u"...)
at /work/rearnsha/netbsd/bin/sh/exec.c:462
#4 0x3ef4 in evalcommand (cmd=0x78000, flags=0, backcmd=0x0)
at /work/rearnsha/netbsd/bin/sh/eval.c:863
#5 0x2bc0 in evaltree (n=0x0, flags=0)
at /work/rearnsha/netbsd/bin/sh/eval.c:271
#6 0x2948 in evalstring (s=0x0) at /work/rearnsha/netbsd/bin/sh/eval.c:174
#7 0x28f4 in evalcmd (argc=163, argv=0xefbfc948)
at /work/rearnsha/netbsd/bin/sh/eval.c:154
#8 0x3d5c in evalcommand (cmd=0x78000, flags=2, backcmd=0x0)
at /work/rearnsha/netbsd/bin/sh/eval.c:815
#9 0x2bc0 in evaltree (n=0x0, flags=0)
at /work/rearnsha/netbsd/bin/sh/eval.c:271
#10 0x2afc in evaltree (n=0x0, flags=0)
at /work/rearnsha/netbsd/bin/sh/eval.c:237
...
(gdb) info reg
r0 0xa3 163
r1 0xefbfc948 -272643768
r2 0x2 2
r3 0x0 0
r4 0x1 1
r5 0x76474 484468
r6 0x75c00 482304
r7 0x78000 491520
r8 0x0 0
r9 0xa181c 661532
r10 0x0 0
fp 0xefbfc934 -272643788
ip 0xefbfc948 -272643768
sp 0xefbfc928 -272643800
lr 0x2c0f0 180464
pc 0x33788 210824
fps 0x0 0
ps 0x10 16
(gdb) set $fp = 0xefbfc9ac
(gdb) where
#0 0x33788 in wait4 ()
#1 0xb344 in waitproc (block=163, status=0xefbfc948)
at /work/rearnsha/netbsd/bin/sh/jobs.c:895
#2 0xafac in dowait (block=1, job=0x78000)
at /work/rearnsha/netbsd/bin/sh/jobs.c:765
#3 0xae00 in waitforjob (jp=0x1) at /work/rearnsha/netbsd/bin/sh/jobs.c:708
#4 0x3ef4 in evalcommand (cmd=0x78000, flags=0, backcmd=0x0)
at /work/rearnsha/netbsd/bin/sh/eval.c:863
#5 0x2bc0 in evaltree (n=0x1, flags=484468)
at /work/rearnsha/netbsd/bin/sh/eval.c:271
#6 0x2948 in evalstring (s=0x1 <Error reading address 0x1: Invalid argument>)
at /work/rearnsha/netbsd/bin/sh/eval.c:174
#7 0x28f4 in evalcmd (argc=163, argv=0xefbfc948)
at /work/rearnsha/netbsd/bin/sh/eval.c:154
#8 0x3d5c in evalcommand (cmd=0x78000, flags=2, backcmd=0x0)
at /work/rearnsha/netbsd/bin/sh/eval.c:815
#9 0x2bc0 in evaltree (n=0x1, flags=484468)
at /work/rearnsha/netbsd/bin/sh/eval.c:271
#10 0x2afc in evaltree (n=0x1, flags=484468)
at /work/rearnsha/netbsd/bin/sh/eval.c:237
#11 0x2b34 in evaltree (n=0x1, flags=484468)
at /work/rearnsha/netbsd/bin/sh/eval.c:243
#12 0x2b34 in evaltree (n=0x1, flags=484468)
...
>How-To-Repeat:
Try to build kdelib-1.1 on a 32-Mb shark.
>Fix:
No idea.
>Audit-Trail:
>Unformatted: