[It looks like the 2 anonymous structs in the union in the new "struct socket" are being abused such that the ->sol_upcall from the 2nd struct is being access when it has a value that was apparently assigned via ->so_rcv->sb_sel . Details follow, added to prior notes that I sent out. I've submitted bugzilla 220404 for this. The new detailed material is interlaced with earlier material that I'd sent out.] On 2017-Jun-30, at 2:07 AM, Mark Millard <markmi at dsl-only.net> wrote: > The -r320482 kernel build is via gcc 4.2.1. > Both gcc 4.2.1 and clang based worlds show > the same problems. TARGET_ARCH=powerpc64 > is not showing the problems. > > The production kernel build fails > but the debug works --each built > from the same /usr/src/ tree. > > I'll note what a normal boot does > before getting to the login prompt but > after "Starting nfsd." ("Updating motd:" > can be mixed in the trap text: not shown > below.) > > I use an example and note a lot about what > varies and what stays the same from example > boot to example boot of the production > kernel. > > [Manually entered from camera pictures > of the screen.] > > fatal kernel trap > exception = 0x700 (program) (for "illegal instruction") > srr0 = 0x70bf878 (note: this varies, for example: 0x5e37230) > (note: r0 always matches srr0) > (note: ctr always matches srr0) > srr1 = 0x89032 (stays the same) > lr = 0x5b7b94 (note: solisten_wakeup+0x4c) (stays the same) > curthread = 0x5ab8ae0 (varies) > pid = 920 (varies), comm = mountd (stays the same) > > Tracing command mountd pid 920 tid 100119 (varies) td 0x5ab8ae0 (varies)(CPU 1) > (stack addr > range varies) > 0xd250a500: at soisconnected+0x21c (at stays the same) > 0xd250a540: at unp_connect2+0xf0 (at stays the same) > 0xd250a560: at unp_connectat+0x658 (at stays the same) > 0xd250a770: at unp_connect+0x2c (at stays the same) > 0xd250a790: at uipc_connect+0xc0 (at stays the same) > 0xd250a7d0: at soconnectat+0xa0 (at stays the same) > 0xd250a800: at soconnect+0x2c (at stays the same) > 0xd250a820: at kern_connect+0134 (at stays the same) > 0xd250a870: at sys_connect+0x64 (at stays the same) > 0xd250a8b0: at trap+0x638 (at stays the same) > 0xd250aa50: at powerpc_interrupt+0x1a0 (at stays the same) > 0xd250aa80: at user SC trap (at stays the same) > by 0x419db168 (stays the same) > srr1=0xf032 (stays the same) > r1 =0xffffd5e0 (stays the same) > cr =0x24440840 (stays the same) > xer =0x20000000 (stays the same) > ctr =0x419db160 (stays the same) (these are objdump reported addresses) > 005b7b48 <solisten_wakeup> stwu r1,-32(r1) > 005b7b4c <solisten_wakeup+0x4> mflr r0 > 005b7b50 <solisten_wakeup+0x8> stw r29,20(r1) > 005b7b54 <solisten_wakeup+0xc> stw r30,24(r1) > 005b7b58 <solisten_wakeup+0x10> stw r31,28(r1) > 005b7b5c <solisten_wakeup+0x14> stw r0,36(r1) > 005b7b60 <solisten_wakeup+0x18> mr r31,r1 > 005b7b64 <solisten_wakeup+0x1c> bcl- 20,4*cr7+so,005b7b68 <solisten_wakeup+0x20> > 005b7b68 <solisten_wakeup+0x20> mflr r30 > 005b7b6c <solisten_wakeup+0x24> lwz r0,-36(r30) > 005b7b70 <solisten_wakeup+0x28> add r30,r0,r30 > 005b7b74 <solisten_wakeup+0x2c> mr r29,r3 > 005b7b78 <solisten_wakeup+0x30> lwz r0,232(r3) > 005b7b7c <solisten_wakeup+0x34> cmpwi cr7,r0,0 > 005b7b80 <solisten_wakeup+0x38> beq- cr7,005b7b98 <solisten_wakeup+0x50> > 005b7b84 <solisten_wakeup+0x3c> lwz r4,236(r3) > 005b7b88 <solisten_wakeup+0x40> li r5,1 > 005b7b8c <solisten_wakeup+0x44> mtctr r0 > 005b7b90 <solisten_wakeup+0x48> bctrl > lr: > 005b7b94 <solisten_wakeup+0x4c> b 005b7bb4 <solisten_wakeup+0x6c> > . . . > > Apparently this means that sol->sol_upcall is not > pointing to code at all yet is not null. Given the > variability observed, it might be uninitialized > --or sol itself is junk. . . Note: r3 reported as: 0x70bf860 void solisten_wakeup(struct socket *sol) { if (sol->sol_upcall != NULL) (void )sol->sol_upcall(sol, sol->sol_upcallarg, M_NOWAIT); else { selwakeuppri(&sol->so_rdsel, PSOCK); KNOTE_LOCKED(&sol->so_rdsel.si_note, 0); } SOLISTEN_UNLOCK(sol); wakeup_one(&sol->sol_comp); } (kgdb) print/x &((struct socket*)0x70bf860)->sol_upcall $3 = 0x70bf948 (kgdb) print/x ((struct socket*)0x70bf860)->sol_upcall $2 = 0x70bf878 (kgdb) print/x &((struct socket*)0x70bf860)->so_rdsel $7 = 0x70bf878 (kgdb) print/x &((struct socket*)0x70bf860)->so_rdsel.si_tdlist $8 = 0x70bf878 (kgdb) print/x &((struct socket*)0x70bf860)->so_rdsel.si_tdlist.tqh_first $9 = 0x70bf878 But comparing to the first anonymous struct in the union in the new "struct socket": (kgdb) print/x &((struct socket*)0x70bf860)->sol_upcall $15 = 0x70bf948 (kgdb) print/x &((struct socket*)0x70bf860)->so_rcv->sb_sel $22 = 0x70bf948 ->so_rcv is a struct sockbuf and ->so_rcv->sb_sel is a struct slinfo* . So pointing back to ->so_rdsel might well make sense. The rest is just supporting notes from things that I looked at before isolating the above relationship. (these are kgdb reported addresses, not vmcore.5 file offsets) 0x70bf860: 0x00c4a0b4 0x01430000 0x00000000 0x00000000 . . . 0x70bf940: 0x00000000 0x00000000 0x070bf878 0x00000000 but: 0x70bf870: 0x05ab8ae0 0x00000002 0x07271f80 0x07271f84 (kgdb) print/x *((struct socket*)0x70bf860) $4 = {so_lock = {lock_object = {lo_name = 0xc4a0b4, lo_flags = 0x1430000, lo_data = 0x0, lo_witness = 0x0}, mtx_lock = 0x5ab8ae0}, so_count = 0x2, so_rdsel = {si_tdlist = {tqh_first = 0x7271f80, tqh_last = 0x7271f84}, si_note = {kl_list = {slh_first = 0x0}, kl_lock = 0x5b6e84, kl_unlock = 0x5b6c64, kl_assert_locked = 0x5b65d4, kl_assert_unlocked = 0x5b65f0, kl_lockarg = 0x70bf860, kl_autodestroy = 0x0}, si_mtx = 0x5ab01f0}, so_wrsel = {si_tdlist = {tqh_first = 0x0, tqh_last = 0x0}, si_note = {kl_list = {slh_first = 0x0}, kl_lock = 0x5b6d64, kl_unlock = 0x5b6b64, kl_assert_locked = 0x5b660c, kl_assert_unlocked = 0x5b6628, kl_lockarg = 0x70bf860, kl_autodestroy = 0x0}, si_mtx = 0x0}, so_type = 0x1, so_options = 0x2, so_linger = 0x0, so_state = 0x0, so_pcb = 0x70b08a0, so_vnet = 0x0, so_proto = 0xd03060, so_timeo = 0x0, so_error = 0x0, so_sigio = 0x0, so_cred = 0x5b2e600, so_label = 0x0, so_gencnt = 0x1285, so_emuldata = 0x0, osd = { osd_nslots = 0x0, osd_slots = 0x0, osd_next = {le_next = 0x0, le_prev = 0x0}}, so_fibnum = 0x0, so_user_cookie = 0x0, so_ts_clock = 0x0, so_max_pacing_rate = 0x0, {{so_rcv = {sb_mtx = { lock_object = {lo_name = 0x0, lo_flags = 0x70bf920, lo_data = 0x5d17860, lo_witness = 0x5d17a60}, mtx_lock = 0x1}, sb_sx = {lock_object = {lo_name = 0x0, lo_flags = 0x80, lo_data = 0x0, lo_witness = 0x0}, sx_lock = 0x0}, sb_sel = 0x70bf878, sb_state = 0x0, sb_mb = 0x1, sb_mbtail = 0x800, sb_lastrecord = 0x2000, sb_sndptr = 0x2000, sb_fnrdy = 0x0, sb_sndptroff = 0x0, sb_acc = 0x0, sb_ccc = 0x0, sb_hiwat = 0x0, sb_mbcnt = 0x0, sb_mcnt = 0x0, sb_ccnt = 0x0, sb_mbmax = 0x0, sb_ctl = 0x0, sb_lowat = 0x1, sb_timeo = 0x0, sb_flags = 0x0, sb_upcall = 0x0, sb_upcallarg = 0x0, sb_aiojobq = {tqh_first = 0x0, tqh_last = 0x70bf9a4}, sb_aiotask = {ta_link = {stqe_next = 0x0}, ta_pending = 0x0, ta_priority = 0x0, ta_func = 0x58eeb4, ta_context = 0x70bf860}}, so_snd = {sb_mtx = {lock_object = {lo_name = 0xc588cc, lo_flags = 0x1020000, lo_data = 0x0, lo_witness = 0x0}, mtx_lock = 0x6}, sb_sx = {lock_object = { lo_name = 0xc58efc, lo_flags = 0x2320000, lo_data = 0x0, lo_witness = 0x0}, sx_lock = 0x6}, sb_sel = 0x70bf8a0, sb_state = 0x0, sb_mb = 0x0, sb_mbtail = 0x0, sb_lastrecord = 0x0, sb_sndptr = 0x0, sb_fnrdy = 0x0, sb_sndptroff = 0x0, sb_acc = 0x0, sb_ccc = 0x0, sb_hiwat = 0x0, sb_mbcnt = 0x0, sb_mcnt = 0x0, sb_ccnt = 0x0, sb_mbmax = 0x0, sb_ctl = 0x0, sb_lowat = 0x800, sb_timeo = 0x0, sb_flags = 0x0, sb_upcall = 0x0, sb_upcallarg = 0x0, sb_aiojobq = {tqh_first = 0x0, tqh_last = 0x70bfa44}, sb_aiotask = {ta_link = {stqe_next = 0x0}, ta_pending = 0x0, ta_priority = 0x0, ta_func = 0x58ee80, ta_context = 0x70bf860}}, so_list = {tqe_next = 0x0, tqe_prev = 0x0}, so_listen = 0x0, so_qstate = 0x0, so_peerlabel = 0x0, so_oobmark = 0x0}, { sol_incomp = {tqh_first = 0x0, tqh_last = 0x70bf920}, sol_comp = {tqh_first = 0x5d17860, tqh_last = 0x5d17a60}, sol_qlen = 0x1, sol_incqlen = 0x0, sol_qlimit = 0x80, sol_accept_filter = 0x0, sol_accept_filter_arg = 0x0, sol_accept_filter_str = 0x0, sol_upcall = 0x70bf878, sol_upcallarg = 0x0, sol_sbrcv_lowat = 0x1, sol_sbsnd_lowat = 0x800, sol_sbrcv_hiwat = 0x2000, sol_sbsnd_hiwat = 0x2000, sol_sbrcv_flags = 0x0, sol_sbsnd_flags = 0x0, sol_sbrcv_timeo = 0x0, sol_sbsnd_timeo = 0x0}}} For lo_name in sb_sx's lock_object: (kgdb) x/64c 0xc58ef0 0xc58ef0 <.rodata.str1.4+376864>: 116 't' 109 'm' 99 'c' 111 'o' 112 'p' 121 'y' 105 'i' 110 'n' 0xc58ef8 <.rodata.str1.4+376872>: 0 '\0' 0 '\0' 0 '\0' 0 '\0' 115 's' 111 'o' 95 '_' 115 's' 0xc58f00 <.rodata.str1.4+376880>: 110 'n' 100 'd' 95 '_' 115 's' 120 'x' 0 '\0' 0 '\0' 0 '\0' which looks coherent to me: so_snd_sx For ta_func in sb_aiotask: (kgdb) x/64i 0x58ee80 0x58ee80 <soaio_snd>: stwu r1,-32(r1) . . . Looks coherent to me. But sol_upcall does not. > > > 005b8548 <soisconnected+0x1f8> li r10,1 > 005b854c <soisconnected+0x1fc> b 005b8558 <soisconnected+0x208> > 005b8550 <soisconnected+0x200> stwcx. r10,0,r9 > 005b8554 <soisconnected+0x204> li r10,0 > 005b8558 <soisconnected+0x208> cmpwi cr7,r10,0 > 005b855c <soisconnected+0x20c> bne- cr7,005b8568 <soisconnected+0x218> > 005b8560 <soisconnected+0x210> addi r3,r28,16 > 005b8564 <soisconnected+0x214> bl 004d4218 <__mtx_unlock_sleep> > 005b8568 <soisconnected+0x218> mr r3,r27 > at soisconnected+0x21c: > 005b856c <soisconnected+0x21c> bl 005b7b48 <solisten_wakeup> > 005b8570 <soisconnected+0x220> b 005b89f0 <soisconnected+0x6a0> > . . . > > void > soisconnected(struct socket *so) > { > struct socket *head; > . . . > restart: > SOCK_LOCK(so); > if ((head = so->so_listen) != NULL && > __predict_false(SOLISTEN_TRYLOCK(head) == 0)) { > SOCK_UNLOCK(so); > goto restart; > } > so->so_state &= ~(SS_ISCONNECTING|SS_ISDISCONNECTING|SS_ISCONFIRMING); > so->so_state |= SS_ISCONNECTED; > if (head != NULL && (so->so_qstate == SQ_INCOMP)) { > again: > if ((so->so_options & SO_ACCEPTFILTER) == 0) { > TAILQ_REMOVE(&head->sol_incomp, so, so_list); > head->sol_incqlen--; > TAILQ_INSERT_TAIL(&head->sol_comp, so, so_list); > head->sol_qlen++; > so->so_qstate = SQ_COMP; > SOCK_UNLOCK(so); > solisten_wakeup(head); /* unlocks */ > . . . Exception and its struct trapframe: (these are vmcore file offsets: subtract 0x1000 to get address) [ lr#0 ]: inside dbtrap 00c83f40 d2 50 a4 e0 00 10 0c 54 07 0b f8 78 d2 50 a4 e0 |.P.....T...x.P..| 00c83f50 05 ab 8a e0 07 0b f8 60 00 00 00 00 00 00 00 01 |.......`........| [ r3 ] 00c83f60 00 00 00 00 00 00 00 01 00 00 00 00 05 d1 78 70 |..............xp| 00c83f70 00 00 00 01 05 ab 8a e0 00 00 00 00 00 00 00 00 |................| 00c83f80 01 81 00 00 01 82 00 00 00 00 00 00 01 82 00 00 |................| 00c83f90 01 82 00 00 00 03 8d 6c 00 03 8d 6c 00 00 00 00 |.......l...l....| 00c83fa0 ff ff d7 58 00 00 00 00 00 d1 1a 84 00 d1 1a 84 |...X............| 00c83fb0 d2 50 a5 1c 07 0b f8 60 05 d1 78 60 07 0b f8 60 |.P.....`..x`...`| [ r28 ] 00c83fc0 00 d2 aa a0 d2 50 a4 e0 00 5b 7b 94 20 00 f0 44 |.....P...[{. ..D| [ lr#1 ]: solisten_wakeup+0x4c 00c83fd0 00 00 00 00 07 0b f8 78 07 0b f8 78 00 08 90 32 |.......x...x...2| [ srr0 ] [exception] 00c83fe0 00 00 07 00 00 00 00 00 00 00 00 00 01 c4 5f 00 |.............._.| 00c83ff0 00 00 00 00 00 10 01 40 00 00 00 00 00 00 00 00 |......._at_........| solisten_wakeup+0x4c's related stack frame: 0b4004e0 d2 50 a5 00 00 50 8d f8 00 d2 b0 60 00 00 00 04 |.P...P.....`....| 0b4004f0 05 d1 7a 78 05 d1 79 30 00 d2 aa a0 d2 50 a5 00 |..zx..y0.....P..| 0xd250a500: at soisconnected+0x21c (at stays the same) 0b400500 d2 50 a5 40 00 5b 85 70 00 d2 aa a0 d2 50 a5 10 |.P._at_.[.p.....P..| 0b400510 d2 50 a5 60 00 5b d0 d8 00 d2 ab 90 00 00 00 04 |.P.`.[..........| 0b400520 05 d1 78 60 05 ab 8a e0 07 25 94 80 05 d1 7a 78 |..x`.....%....zx| 0b400530 07 0b 7a 10 05 d1 78 60 00 d2 ab 90 d2 50 a5 40 |..z...x`.....P._at_| 0xd250a540: at unp_connect2+0xf0 (at stays the same) 0b400540 d2 50 a5 60 00 5c 38 34 07 25 94 80 05 d1 7a 78 |.P.`.\84.%....zx| 0b400550 07 0b 7a 10 07 0b 79 58 00 d2 ab 90 d2 50 a5 60 |..z...yX.....P.`| "so" first then "so2" second, with so2 failing: 0x005c3824 <unp_connect2+228>: mr r3,r8 0x005c3828 <unp_connect2+232>: bl 0x5b8350 <soisconnected> 0x005c382c <unp_connect2+236>: mr r3,r29 0x005c3830 <unp_connect2+240>: bl 0x5b8350 <soisconnected> 0x005c3834 <unp_connect2+244>: li r3,0 static int unp_connect2(struct socket *so, struct socket *so2, int req) . . . case SOCK_STREAM: case SOCK_SEQPACKET: unp2->unp_conn = unp; if (req == PRU_CONNECT && ((unp->unp_flags | unp2->unp_flags) & UNP_CONNWAIT)) soisconnecting(so); else soisconnected(so); soisconnected(so2); break; . . . 0xd250a560: at unp_connectat+0x658 (at stays the same) 0b400560 d2 50 a7 70 00 5c 3e c4 05 ab 8a e0 00 fd c1 c0 |.P.p.\>.........| 0b400570 d2 50 a6 3d 00 00 00 01 02 00 01 00 00 00 04 00 |.P.=............| 0b400580 04 00 00 00 00 00 00 00 00 00 00 00 05 a3 7c 60 |..............|`| 0b400590 00 00 00 00 ff ff ff 9c 00 00 00 00 00 fd c1 c0 |................| 0b4005a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 0b4005b0 00 00 00 00 ff ff 00 00 00 00 00 00 00 00 00 00 |................| 0b4005c0 07 25 94 80 05 a3 72 40 00 00 00 01 05 b2 10 15 |.%....r_at_........| 0b4005d0 00 00 00 00 00 8c 05 bc 00 00 00 00 44 eb 41 81 |............D.A.| 0b4005e0 00 00 00 00 00 00 c1 44 05 ab 8a e0 05 b2 e6 00 |.......D........| 0b4005f0 00 20 00 00 05 b2 10 00 05 b2 10 09 00 00 00 0c |. ..............| 0b400600 00 00 00 00 d2 50 a6 00 00 d3 23 bc 00 ce eb 40 |.....P....#...._at_| 0b400610 07 25 94 80 d2 50 a6 38 05 b2 e6 00 05 ab 8a e0 |.%...P.8........| 0b400620 02 00 01 00 00 00 04 00 04 00 00 00 00 00 00 00 |................| 0b400630 05 c9 91 ec 00 00 00 04 07 0b 79 58 d2 2f 76 61 |..........yX./va| 0b400640 72 2f 72 75 6e 2f 72 70 63 62 69 6e 64 2e 73 6f |r/run/rpcbind.so| 0b400650 63 6b 00 70 00 00 00 05 00 00 00 00 00 00 00 10 |ck.p............| 0b400660 05 d8 c4 80 d0 21 56 d4 00 d3 23 bc 00 00 00 04 |.....!V...#.....| 0b400670 d2 50 a6 a0 40 00 f0 34 00 d1 1a 84 00 f5 0d 00 |.P.._at_..4........| 0b400680 00 f5 0d 00 00 d1 1a 84 05 c9 91 ec 00 00 00 08 |................| 0b400690 41 99 00 00 05 c2 49 d8 41 98 80 00 41 98 c0 00 |A.....I.A...A...| 0b4006a0 00 00 00 07 00 00 00 05 d0 21 57 c8 41 99 00 00 |.........!W.A...| 0b4006b0 05 c9 91 ec 00 fd c1 c0 00 d3 36 8c d2 50 a6 c0 |..........6..P..| 0b4006c0 d2 50 a6 e0 00 8c 74 c0 05 c9 91 38 00 00 00 04 |.P....t....8....| 0b4006d0 d2 50 a6 f0 00 fd c1 c0 d2 50 a6 e0 d2 50 a6 e0 |.P.......P...P..| 0b4006e0 d2 50 a7 10 00 8f a0 94 d2 50 a6 f0 d2 50 a6 f0 |.P.......P...P..| 0b4006f0 d2 50 a7 10 00 00 00 00 00 00 01 21 00 00 00 41 |.P.........!...A| 0b400700 00 00 00 06 05 be e4 c0 00 d2 ab 64 d2 50 a7 10 |...........d.P..| 0b400710 d2 50 a7 80 00 48 f2 70 00 d3 11 94 d2 50 a7 20 |.P...H.p.....P. | 0b400720 d2 50 a7 40 00 87 1c 04 02 00 07 ff ff ff ff ff |.P._at_............| 0b400730 04 00 00 00 00 1f ff ff 00 d3 10 54 68 a4 aa 22 |...........Th.."| 0b400740 d2 50 a7 60 00 87 1c 40 00 00 00 00 05 ab 8a e0 |.P.`..._at_........| 0b400750 05 ab 8a e0 ff ff ff 9c 05 ab 8a e0 05 ab 8a e0 |................| 0b400760 05 b1 54 20 05 d1 7a 78 00 d2 ab 90 d2 50 a7 70 |..T ..zx.....P.p| The unp_connectat context is more complicated so I stop quoting code here. 0xd250a770: at unp_connect+0x2c (at stays the same) 0b400770 d2 50 a7 90 00 5c 41 c8 00 d2 ab 64 d2 50 a7 80 |.P...\A....d.P..| 0b400780 d2 50 a7 e0 00 48 f5 e0 d2 50 a7 90 00 00 00 00 |.P...H...P......| 0xd250a790: at uipc_connect+0xc0 (at stays the same) 0b400790 d2 50 a7 d0 00 5c 7b cc 00 00 00 06 05 be e4 c0 |.P...\{.........| 0b4007a0 d2 50 a8 10 00 86 32 e8 20 00 f0 38 00 00 00 01 |.P....2. ..8....| 0b4007b0 00 03 8d 6c 00 00 00 00 ff ff d7 58 05 b1 54 20 |...l.......X..T | 0b4007c0 ff ff ff 9c 05 d1 7a 78 00 d2 ab 64 d2 50 a7 d0 |......zx...d.P..| 0xd250a7d0: at soconnectat+0xa0 (at stays the same) 0b4007d0 d2 50 a8 00 00 5b 61 68 00 d2 ab 64 d2 50 a7 e0 |.P...[ah...d.P..| 0b4007e0 d2 50 a8 20 00 5b ff 64 05 b1 54 20 05 ab 8a e0 |.P. .[.d..T ....| 0b4007f0 00 00 00 00 05 d1 7a 78 00 d2 ab 64 d2 50 a8 00 |......zx...d.P..| 0xd250a800: at soconnect+0x2c (at stays the same) 0b400800 d2 50 a8 20 00 5b 61 f4 05 b1 54 20 05 ab 8a e0 |.P. .[a...T ....| 0b400810 00 00 00 25 05 d1 7a 78 d2 50 a8 20 d2 50 a8 20 |...%..zx.P. .P. | 0xd250a820: at kern_connect+0134 (at stays the same) 0b400820 d2 50 a8 70 00 5c 19 14 ff ff d7 68 00 00 00 16 |.P.p.\.....h....| 0b400830 00 00 00 17 05 b1 54 20 02 00 00 00 80 00 00 00 |......T ........| 0b400840 04 00 00 00 00 00 00 00 41 98 c0 00 05 be e4 c0 |........A.......| 0b400850 05 ab 8a e0 00 00 00 00 d2 50 aa 88 05 ab 8a e0 |.........P......| 0b400860 00 00 00 00 05 ab 8d 78 00 d2 ab 64 d2 50 a8 70 |.......x...d.P.p| 0xd250a870: at sys_connect+0x64 (at stays the same) 0b400870 d2 50 a8 b0 00 5c 1c 58 d2 50 aa 88 00 00 04 00 |.P...\.X.P......| 0b400880 00 00 00 01 d2 50 aa 88 00 00 00 80 05 b1 54 20 |.....P........T | 0b400890 d2 50 a8 b0 00 8f c3 b0 d2 50 aa 88 00 00 00 00 |.P.......P......| 0b4008a0 05 ab 8d 70 05 d9 5a b0 00 d3 37 e8 d2 50 a8 b0 |...p..Z...7..P..| 0xd250a8b0: at trap+0x638 (at stays the same) 0b4008b0 d2 50 aa 50 00 8f cc 3c 5a 2e a6 14 b1 ae c2 60 |.P.P...<Z......`| 0b4008c0 00 00 00 00 05 ab 8a e0 00 d2 8e 28 d2 50 a8 d0 |...........(.P..| 0b4008d0 d2 50 a8 f0 00 8f 47 e0 05 b9 a4 00 00 00 00 00 |.P....G.........| 0b4008e0 00 00 00 01 05 ab 8a e0 00 d2 8e 28 d2 50 a8 f0 |...........(.P..| 0b4008f0 d2 50 a9 10 00 51 09 b0 00 00 00 00 00 00 00 00 |.P...Q..........| 0b400900 c2 b6 68 a7 df 5d 0d 00 00 d3 21 38 d2 50 a9 10 |..h..]....!8.P..| 0b400910 d2 50 a9 30 00 49 88 38 00 00 00 00 00 00 00 00 |.P.0.I.8........| 0b400920 d2 50 a9 40 00 00 00 00 d2 50 a9 30 00 00 00 00 |.P._at_.....P.0....| 0b400930 d2 50 a9 60 05 ab 8a e0 00 d3 21 38 d2 50 a9 40 |.P.`......!8.P._at_| 0b400940 d2 50 a9 60 00 8f 47 e0 05 ab 8a e0 00 00 00 14 |.P.`..G.........| 0b400950 c2 b6 68 a7 df 5d 0d 00 00 d3 21 38 d2 50 a9 60 |..h..]....!8.P.`| 0b400960 d2 50 a9 b0 00 8b 57 18 d2 50 a9 70 00 00 00 00 |.P....W..P.p....| 0b400970 d2 50 a9 b0 00 00 00 00 00 00 00 00 00 00 00 04 |.P..............| 0b400980 00 00 00 00 00 00 00 00 ff ff d7 58 00 01 86 a0 |...........X....| 0b400990 00 00 00 03 00 f6 f6 90 00 00 00 14 c2 b6 68 a7 |..............h.| 0b4009a0 df 5d 0d 00 df 5d 0d 30 00 d3 21 38 d2 50 a9 b0 |.]...].0..!8.P..| 0b4009b0 d2 50 aa 30 00 8b 73 88 00 00 00 00 00 00 00 00 |.P.0..s.........| 0b4009c0 00 00 00 00 05 d9 5a b0 00 00 00 00 00 00 00 14 |......Z.........| 0b4009d0 c2 b6 68 a7 c9 51 c2 06 00 00 00 00 00 00 00 00 |..h..Q..........| 0b4009e0 00 00 00 00 00 00 00 00 01 81 00 00 01 82 00 00 |................| 0b4009f0 00 00 00 00 01 82 00 00 01 82 00 00 00 03 8d 6c |...............l| 0b400a00 00 03 51 ec 00 00 0e e0 01 81 00 00 01 82 00 00 |..Q.............| 0b400a10 00 00 00 00 01 82 00 00 01 82 00 00 00 03 8d 6c |...............l| 0b400a20 00 03 8d 6c 00 00 00 00 ff ff d7 58 00 01 86 a0 |...l.......X....| 0b400a30 00 00 00 03 d2 50 aa 88 05 ab 8a e0 00 00 23 28 |.....P........#(| 0b400a40 41 cf 70 00 42 00 00 00 00 d3 34 88 d2 50 aa 50 |A.p.B.....4..P.P| 0xd250aa50: at powerpc_interrupt+0x1a0 (at stays the same) 0b400a50 d2 50 aa 80 00 8f 20 dc d2 50 aa 60 d2 50 aa 60 |.P.... ..P.`.P.`| 0b400a60 d2 50 aa 80 00 00 00 04 00 00 23 28 00 00 23 28 |.P........#(..#(| 0b400a70 41 cf 70 00 42 00 00 00 10 34 4e bf 00 00 f0 32 |A.p.B....4N....2| 0xd250aa80: at user SC trap (at stays the same) by 0x419db168 (stays the same) srr1=0xf032 (stays the same) r1 =0xffffd5e0 (stays the same) cr =0x24440840 (stays the same) xer =0x20000000 (stays the same) ctr =0x419db160 (stays the same) 0b400a80 ff ff d5 e0 00 10 08 f8 00 00 00 62 ff ff d5 e0 |...........b....| 0b400a90 41 a4 60 08 00 00 00 04 ff ff d7 68 00 00 00 17 |A.`........h....| 0b400aa0 00 03 80 00 41 a5 99 34 ff ff d2 64 ff ff d2 60 |....A..4...d...`| 0b400ab0 00 05 8a ad 00 00 02 9b 41 83 e4 00 00 00 00 00 |........A.......| 0b400ac0 01 81 00 00 01 82 00 00 00 00 00 00 01 82 00 00 |................| 0b400ad0 01 82 00 00 00 03 8d 6c 00 03 8d 6c 00 00 00 00 |.......l...l....| === Mark Millard markmi at dsl-only.netReceived on Fri Jun 30 2017 - 23:50:44 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:12 UTC