Bug 211389 - Translation Fault (L1) when executing a DTrace script
Summary: Translation Fault (L1) when executing a DTrace script
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: arm (show other bugs)
Version: 11.0-BETA2
Hardware: Any Any
: --- Affects Only Me
Assignee: Oleksandr Tymoshenko
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-07-26 17:42 UTC by Sevan Janiyan
Modified: 2018-04-03 23:44 UTC (History)
4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sevan Janiyan 2016-07-26 17:42:54 UTC 
Executing the following one liner on a Raspberry Pi (type B, 256MB RAM) results in a Translation Fault (L1) error & the system reboots

dtrace -n 'fbt:kernel:*_interrupt:entry { @m[execname] = count() }'

login: IMPLEMENT ME: dtrace_toxic_ranges
Fatal kernel mode data abort: 'Translation Fault (L1)' on read
trapframe: 0xc12fbad8
FSR=00000005, FAR=bfbfebc0, spsr=60000193
r0 =c2132de8, r1 =c12fbb98, r2 =00000000, r3 =bfbfebc0
r4 =c2598bc0, r5 =c2132f00, r6 =c01ba5c0, r7 =c1b50670
r8 =c12fbc90, r9 =c1ab5370, r10=c1b4a000, r11=c12fbb78
r12=00000000, ssp=c12fbb68, slr=c215a39c, pc =c219324c

running the stock FreeBSD 11.0-BETA2 r303168 image.
Comment 1 Sevan Janiyan 2016-07-29 21:15:07 UTC 
Issue is not specific to the PI though I appears that on the PI the reboot is immediate upon executing dtrace whereas on a BeagleBone Black (mine is a Rev A5C) dtrace appears to run for some time before producing the same error & rebooting


dtrace: description 'fbt:kernel:*_interrupt:entry ' matched 5 probes
dtrace: buffer size lowered to 2m
dtrace: aggregation size lowered to 2m

Fatal kernel mode data abort: 'Translation Fault (L1)' on read
trapframe: 0xdcfb8c68
FSR=00000005, FAR=bfbfeb20, spsr=60000093
r0 =c3224de8, r1 =dcfb8d28, r2 =00000000, r3 =bfbfeb20
r4 =c34da080, r5 =c3224f00, r6 =c0784a48, r7 =c2b75bc0
r8 =00000000, r9 =c096e174, r10=c29d8100, r11=dcfb8d08
r12=00000000, ssp=dcfb8cf8, slr=c324b114, pc =c32801e4

panic: Fatal abort
Uptime: 6m44s
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-04-03 21:23:34 UTC 
A commit references this bug:

Author: gonzo
Date: Tue Apr  3 21:22:44 UTC 2018
New revision: 331952
URL: https://svnweb.freebsd.org/changeset/base/331952

Log:
  MFC r312378 by andrew:

  Use the kernel stack in the ARM FBT DTrace provider. This is used to find
  the fifth argument to functions being traced, however there was an error
  where the userspace stack was being used. This may be invalid leading to
  a kernel panic if this address is unmapped.

  Submitted by:	Graeme Jenkinson <graeme.jenkinson@cl.cam.ac.uk>
  Differential Revision:	https://reviews.freebsd.org/D9229

  MFC commit fields
  PR:		211389

Changes:
_U  stable/11/
  stable/11/sys/cddl/dev/fbt/arm/fbt_isa.c