2.6 unwind problem in kernel/sched.c

From: Keith Owens <kaos_at_sgi.com>
Date: 2004-03-09 11:50:56
2.6.4-rc2, gcc 3.2.3, binutils 2.14.90.0.4.

kernel/sched.c does schedule() -> context_switch() -> switch_to()
followed by finish_task_switch().  finish_task_switch() calls
finish_arch_switch() which enables interrupts.  If there is an
interrupt pending, that interrupt runs at schedule+0x1090 (ssm).

At this point we are running on the new stack but cr_iip points into
schedule() so the unwinder uses schedule's unwind data (b0, ar.pfs in
r60, r61).  r60 and r61 are loaded from bsp on the new stack, they are
completely wrong and the unwind is useless.

kdb bt with unw_debug_level 6.  In this case the incorrect values for
b0 and ar.pfs ended up pointing at skip_rbs_switch.  That caused a loop
between skip_rbs_switch and schedule+0x1010, eventually psp <- psp+0x10
ran off the top of the stack and unwind aborted after about 60 useless
unwind entries.


0xa000000100014030 ia64_handle_irq+0xb0
        args (0x0, 0xe000023010d5fc60, 0x0, 0xfd, 0xa00000010000df20)
        sp 0xe000023010d5fc50 bsp 0xe000023010d59080 cfm 0x0000000000000308
unwind.build_script: ip 0xa00000010000df20
unwind.desc_abi: interrupt frame
unwind.build_script: state record for func 0xa00000010000df20, t=0:
  ar.pfs <- [sp+0x60]           -1
  psp <- psp+0x1d0              -1
  rp <- [sp+0x58]               -1
  ar.unat <- [sp+0x68]          -1
  pr <- [sp+0x90]               -1
  ar.fpsr <- [sp+0xc0]          -1
0xa00000010000df20 ia64_leave_kernel
        args (0x0, 0xe000023010d5fc60)
        sp 0xe000023010d5fc50 bsp 0xe000023010d59080 cfm 0x0000000000000002
unwind.unw_unwind: interrupt_frame pt 0xe000023010d5fc60
unwind.build_script: ip 0xa0000001000bee70
unwind.build_script: state record for func 0xa0000001000bdde0, t=795:
  ar.pfs <- r61         0
  psp <- psp+0x10               1
  rp <- r60             5
0xa0000001000bee70 schedule+0x1090
        args (0x0, 0xe000023010d5fe40, 0x0, 0xfd, 0xa00000010000df20)
        sp 0xe000023010d5fe20 bsp 0xe000023010d58f68 cfm 0x8000000000000f22
unwind.build_script: ip 0xa00000010000e2c0
unwind.build_script: using default for rp at ip=0xa00000010000e2c0 where=3 val=0x0
unwind.build_script: state record for func 0xa00000010000e2c0, t=0:
  ar.pfs <- r38         0
  rp <- b0              -1
unwind.get_scratch_regs: sp 0xe000023010d5fe30 pt 0xe000023010d5fc60
0xa00000010000e2c0 skip_rbs_switch+0x80
        args (0x0, 0xe000023010d5fe40)
        sp 0xe000023010d5fe30 bsp 0xe000023010d58f68 cfm 0x0000000000000002
unwind.build_script: ip 0xa0000001000bedf0
unwind.build_script: state record for func 0xa0000001000bdde0, t=771:
  ar.pfs <- r61         0
  psp <- psp+0x10               1
  rp <- r60             5
0xa0000001000bedf0 schedule+0x1010
        args (0x0, 0xe000023010d5fe40)
        sp 0xe000023010d5fe30 bsp 0xe000023010d58f68 cfm 0x0000000000000002
unwind.build_script: ip 0xa00000010000e2c0
unwind.build_script: using default for rp at ip=0xa00000010000e2c0 where=3 val=0x0
unwind.build_script: state record for func 0xa00000010000e2c0, t=0:
  ar.pfs <- r38         0
  rp <- b0              -1
unwind.get_scratch_regs: sp 0xe000023010d5fe40 pt 0xe000023010d5fc60
0xa00000010000e2c0 skip_rbs_switch+0x80
        args (0x0, 0xe000023010d5fe40)


-
To unsubscribe from this list: send the line "unsubscribe linux-ia64" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Received on Mon Mar 8 19:54:00 2004

This archive was generated by hypermail 2.1.8 : 2005-08-02 09:20:24 EST