[Banana Pi] Fatal kernel mode data abort: 'Alignment Fault' on read
Lars Engels
lars.engels at 0x20.net
Thu Nov 5 10:49:03 UTC 2015
Using FreeBSD-armv6-11.0-A20-290366.img I can reproducible crash the
kernel by USB-tethering the Banana Pi to a mobile phone and run "
pkg bootstrap". It looks like this:
root at bananapi:/ # pkg bootstrap
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:11:armv6/latest, please wait...
Fatal kernel mode data abort: 'Alignment Fault' on read
trapframe: 0xea576a90
FSR=00000001, FAR=c43a1d6e, spsr=60000113
r0 =00000014, r1 =0000003c, r2 =0000003c, r3 =00000903
r4 =00000000, r5 =c43a1d6a, r6 =00000028, r7 =c43a1d56
r8 =00000000, r9 =00000014, r10=00000028, r11=ea576bf8
r12=00000000, ssp=ea576b20, slr=c061aba4, pc =c04f68e8
[ thread pid 13 tid 100024 ]
Stopped at tcp_input+0x820: ldr r0, [r5, #0x004]
db> bt
Tracing pid 13 tid 100024 td 0xc3d8ea20
db_trace_self() at db_trace_self
pc = 0xc061795c lr = 0xc0241d10 (db_stack_trace+0x108)
sp = 0xea576778 fp = 0xea576790
r10 = 0xc07fbae0
db_stack_trace() at db_stack_trace+0x108
pc = 0xc0241d10 lr = 0xc024175c (db_command+0x388)
sp = 0xea576798 fp = 0xea576838
r4 = 0x00000000 r5 = 0x00000000
r6 = 0x00000000 r10 = 0xc07fbae0
db_command() at db_command+0x388
pc = 0xc024175c lr = 0xc02413c4 (db_command_loop+0x74)
sp = 0xea576840 fp = 0xea576850
r4 = 0xc0663bc0 r5 = 0xc06817f5
r6 = 0xc07fbacc r7 = 0xea576a90
r8 = 0xc0797d60 r9 = 0xc073e8f4
r10 = 0xc0797d64
db_command_loop() at db_command_loop+0x74
pc = 0xc02413c4 lr = 0xc0243ef4 (db_trap+0x108)
sp = 0xea576858 fp = 0xea576970
r4 = 0x00000000 r5 = 0xc07fbad8
r6 = 0xc0797d88 r10 = 0xc0797d64
db_trap() at db_trap+0x108
pc = 0xc0243ef4 lr = 0xc03be9dc (kdb_trap+0x184)
sp = 0xea576978 fp = 0xea5769a0
r4 = 0x00000000 r5 = 0x00000001
r6 = 0xc0797d88 r7 = 0xea576a90
kdb_trap() at kdb_trap+0x184
pc = 0xc03be9dc lr = 0xc062f83c (abort_fatal+0x1d4)
sp = 0xea5769a8 fp = 0xea5769c8
r4 = 0xea576a90 r5 = 0x00000013
r6 = 0xc43a1d6e r7 = 0x00000001
r8 = 0x00000001 r9 = 0xc3d8ea20
r10 = 0x00000013
abort_fatal() at abort_fatal+0x1d4
pc = 0xc062f83c lr = 0xc062f8fc (uiomove_fromphys)
sp = 0xea5769d0 fp = 0xea5769e8
r4 = 0xea576a90 r5 = 0xc3d8ea20
r6 = 0x00000001 r7 = 0x00000001
r8 = 0xc43a1d6e r10 = 0x00000013
uiomove_fromphys() at uiomove_fromphys
pc = 0xc062f8fc lr = 0xc062f5d4 (abort_handler+0x448)
sp = 0xea5769f0 fp = 0xea576a88
r4 = 0xc062f8fc r5 = 0x00000000
r6 = 0xc3d8ea20 r7 = 0xea576a10
r8 = 0x00000013 r9 = 0xea576a90
r10 = 0xc062f84c
abort_handler() at abort_handler+0x448
pc = 0xc062f5d4 lr = 0xc0618ff4 (exception_exit)
sp = 0xea576a90 fp = 0xea576bf8
r4 = 0x00000000 r5 = 0xc43a1d6a
r6 = 0x00000028 r7 = 0xc43a1d56
r8 = 0x00000000 r9 = 0x00000014
r10 = 0x00000028
exception_exit() at exception_exit
pc = 0xc0618ff4 lr = 0xc061aba4 (in_cksum+0x3c)
sp = 0xea576b20 fp = 0xea576bf8
r0 = 0x00000014 r1 = 0x0000003c
r2 = 0x0000003c r3 = 0x00000903
r4 = 0x00000000 r5 = 0xc43a1d6a
r6 = 0x00000028 r7 = 0xc43a1d56
r8 = 0x00000000 r9 = 0x00000014
r10 = 0x00000028 r12 = 0x00000000
tcp_input() at tcp_input+0x824
pc = 0xc04f68ec lr = 0xc04811f0 (ip_input+0x164)
sp = 0xea576c00 fp = 0xea576c38
r4 = 0xc43a1d56 r5 = 0xc43f00b8
r6 = 0x00000016 r7 = 0x00000000
r8 = 0x00000000 r9 = 0xc0771720
r10 = 0xc07fe444
ip_input() at ip_input+0x164
pc = 0xc04811f0 lr = 0xc045fea0 (netisr_dispatch_src+0xc4)
sp = 0xea576c40 fp = 0xea576c68
r4 = 0x00000001 r5 = 0xc43a1d00
r6 = 0x00000000 r7 = 0xc07f78b0
r8 = 0x00000800 r9 = 0xc07f78f8
r10 = 0xc3d69400
netisr_dispatch_src() at netisr_dispatch_src+0xc4
pc = 0xc045fea0 lr = 0xc045bf90 (ether_demux+0x1c4)
sp = 0xea576c70 fp = 0xea576c80
r4 = 0xc3d69400 r5 = 0x00000800
r6 = 0xc43a1d48 r7 = 0xc43a1d10
r8 = 0x00000800 r9 = 0xc07f7978
r10 = 0xc3d69400
ether_demux() at ether_demux+0x1c4
pc = 0xc045bf90 lr = 0xc045cd84 (ether_nh_input+0x3c4)
sp = 0xea576c88 fp = 0xea576ca8
r4 = 0xc3d69400 r5 = 0xc43a1d00
ether_nh_input() at ether_nh_input+0x3c4
pc = 0xc045cd84 lr = 0xc045fea0 (netisr_dispatch_src+0xc4)
sp = 0xea576cb0 fp = 0xea576cd8
r4 = 0x00000005 r5 = 0xc43a1d00
r6 = 0x00000000 r7 = 0xc07f7930
r8 = 0xc0695640 r10 = 0xc3d69400
netisr_dispatch_src() at netisr_dispatch_src+0xc4
pc = 0xc045fea0 lr = 0xc045c2c0 (ether_input+0x60)
sp = 0xea576ce0 fp = 0xea576cf8
r4 = 0xc3d69400 r5 = 0xc43a1d00
r6 = 0x00000000 r7 = 0x00000000
r8 = 0xc0695640 r9 = 0xc0695653
r10 = 0xc3d69400
ether_input() at ether_input+0x60
pc = 0xc045c2c0 lr = 0xc5764d88 (uether_rxflush+0x84)
sp = 0xea576d00 fp = 0xea576d18
r4 = 0xc4474800 r5 = 0xc3d69400
r6 = 0xc5764f4f r7 = 0xc43a1d00
r8 = 0x00000000 r9 = 0xc48ee0c0
uether_rxflush() at uether_rxflush+0x84
pc = 0xc5764d88 lr = 0xc47b47e8 (urndis_bulk_read_callback+0x3a4)
sp = 0xea576d20 fp = 0xea576d98
r4 = 0xc4474800 r5 = 0xc3d69400
r6 = 0xc47bdae0 r7 = 0xc48eeaa0
r8 = 0x00000076 r10 = 0xc3d69400
urndis_bulk_read_callback() at urndis_bulk_read_callback+0x3a4
pc = 0xc47b47e8 lr = 0xc02a528c (usbd_callback_wrapper+0x6cc)
sp = 0xea576da0 fp = 0xea576dd8
r4 = 0xc48ee0c0 r5 = 0xc48ee173
r6 = 0xc066e31c r7 = 0xc448c4b8
r8 = 0xc48ee000 r9 = 0xc078632c
r10 = 0xc48ee030
usbd_callback_wrapper() at usbd_callback_wrapper+0x6cc
pc = 0xc02a528c lr = 0xc02a6550 (usb_command_wrapper+0x174)
sp = 0xea576de0 fp = 0xea576df8
r4 = 0xc48ee030 r5 = 0xc078632c
r6 = 0xc066e66b r7 = 0xc066e692
r8 = 0x00000000 r9 = 0xc066e67f
r10 = 0xc3e28d0c
usb_command_wrapper() at usb_command_wrapper+0x174
pc = 0xc02a6550 lr = 0xc02a5498 (usb_callback_proc+0x68)
sp = 0xea576e00 fp = 0xea576e08
r4 = 0xc066e31c r5 = 0xc48ee000
r6 = 0xc48ee044 r7 = 0xc066dc12
r8 = 0xc0786374 r9 = 0xc066dc1e
usb_callback_proc() at usb_callback_proc+0x68
pc = 0xc02a5498 lr = 0xc02a0354 (usb_process+0xdc)
sp = 0xea576e10 fp = 0xea576e30
r4 = 0xc3e28cfc r5 = 0xc3e28d04
usb_process() at usb_process+0xdc
pc = 0xc02a0354 lr = 0xc034da54 (fork_exit+0xa0)
sp = 0xea576e38 fp = 0xea576e50
r4 = 0xc3d8ea20 r5 = 0xc3d88000
r6 = 0xc02a0278 r7 = 0xc3e28cfc
r8 = 0xea576e58 r9 = 0x00000000
r10 = 0x00000000
fork_exit() at fork_exit+0xa0
pc = 0xc034da54 lr = 0xc0618f84 (swi_exit)
sp = 0xea576e58 fp = 0x00000000
r4 = 0xc02a0278 r5 = 0xc3e28cfc
r6 = 0x00000000 r7 = 0x00000000
r8 = 0x00000000 r10 = 0x00000000
swi_exit() at swi_exit
pc = 0xc0618f84 lr = 0xc0618f84 (swi_exit)
sp = 0xea576e58 fp = 0x00000000
db>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 603 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-arm/attachments/20151105/7d8e8310/attachment.bin>
More information about the freebsd-arm
mailing list