Date: Fri, 30 Jun 2017 18:50:40 -0700 From: Mark Millard <markmi@dsl-only.net> To: glebius@FreeBSD.org, FreeBSD PowerPC ML <freebsd-ppc@freebsd.org>, FreeBSD Current <freebsd-current@freebsd.org>, freebsd-hackers@freebsd.org Cc: Justin Hibbits <jhibbits@FreeBSD.org>, Nathan Whitehorn <nwhitehorn@freebsd.org> Subject: Re: head -r320482 vs. TARGET_ARCH=powerpc production style kernel: jumps to non-code and traps (involves ->sol_upcall pointing to ->so_rdsel) bugzilla 220404 Message-ID: <3C743FFC-2E40-4077-988C-8C4BFBA7556B@dsl-only.net> In-Reply-To: <1F24D891-4D11-4623-8183-7F95D9637FB2@dsl-only.net> References: <1F24D891-4D11-4623-8183-7F95D9637FB2@dsl-only.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[It looks like the 2 anonymous structs
in the union in the new "struct socket"
are being abused such that the ->sol_upcall
from the 2nd struct is being access when it
has a value that was apparently assigned
via ->so_rcv->sb_sel . Details follow,
added to prior notes that I sent out.
I've submitted bugzilla 220404 for this.
The new detailed material is interlaced
with earlier material that I'd sent out.]
On 2017-Jun-30, at 2:07 AM, Mark Millard <markmi at dsl-only.net> wrote:
> The -r320482 kernel build is via gcc 4.2.1.
> Both gcc 4.2.1 and clang based worlds show
> the same problems. TARGET_ARCH=3Dpowerpc64
> is not showing the problems.
>=20
> The production kernel build fails
> but the debug works --each built
> from the same /usr/src/ tree.
>=20
> I'll note what a normal boot does
> before getting to the login prompt but
> after "Starting nfsd." ("Updating motd:"
> can be mixed in the trap text: not shown
> below.)
>=20
> I use an example and note a lot about what
> varies and what stays the same from example
> boot to example boot of the production
> kernel.
>=20
> [Manually entered from camera pictures
> of the screen.]
>=20
> fatal kernel trap
> exception =3D 0x700 (program) (for "illegal instruction")
> srr0 =3D 0x70bf878 (note: this varies, for example: 0x5e37230)
> (note: r0 always matches srr0)
> (note: ctr always matches srr0)
> srr1 =3D 0x89032 (stays the same)
> lr =3D 0x5b7b94 (note: solisten_wakeup+0x4c) (stays the same)
> curthread =3D 0x5ab8ae0 (varies)
> pid =3D 920 (varies), comm =3D mountd (stays the same)
>=20
> Tracing command mountd pid 920 tid 100119 (varies) td 0x5ab8ae0 =
(varies)(CPU 1)
> (stack addr
> range varies)
> 0xd250a500: at soisconnected+0x21c (at stays the same)
> 0xd250a540: at unp_connect2+0xf0 (at stays the same)
> 0xd250a560: at unp_connectat+0x658 (at stays the same)
> 0xd250a770: at unp_connect+0x2c (at stays the same)
> 0xd250a790: at uipc_connect+0xc0 (at stays the same)
> 0xd250a7d0: at soconnectat+0xa0 (at stays the same)
> 0xd250a800: at soconnect+0x2c (at stays the same)
> 0xd250a820: at kern_connect+0134 (at stays the same)
> 0xd250a870: at sys_connect+0x64 (at stays the same)
> 0xd250a8b0: at trap+0x638 (at stays the same)
> 0xd250aa50: at powerpc_interrupt+0x1a0 (at stays the same)
> 0xd250aa80: at user SC trap (at stays the same)
> by 0x419db168 (stays the same)
> srr1=3D0xf032 (stays the same)
> r1 =3D0xffffd5e0 (stays the same)
> cr =3D0x24440840 (stays the same)
> xer =3D0x20000000 (stays the same)
> ctr =3D0x419db160 (stays the same)
(these are
objdump
reported
addresses)
> 005b7b48 <solisten_wakeup> stwu r1,-32(r1)
> 005b7b4c <solisten_wakeup+0x4> mflr r0
> 005b7b50 <solisten_wakeup+0x8> stw r29,20(r1)
> 005b7b54 <solisten_wakeup+0xc> stw r30,24(r1)
> 005b7b58 <solisten_wakeup+0x10> stw r31,28(r1)
> 005b7b5c <solisten_wakeup+0x14> stw r0,36(r1)
> 005b7b60 <solisten_wakeup+0x18> mr r31,r1
> 005b7b64 <solisten_wakeup+0x1c> bcl- 20,4*cr7+so,005b7b68 =
<solisten_wakeup+0x20>
> 005b7b68 <solisten_wakeup+0x20> mflr r30
> 005b7b6c <solisten_wakeup+0x24> lwz r0,-36(r30)
> 005b7b70 <solisten_wakeup+0x28> add r30,r0,r30
> 005b7b74 <solisten_wakeup+0x2c> mr r29,r3
> 005b7b78 <solisten_wakeup+0x30> lwz r0,232(r3)
> 005b7b7c <solisten_wakeup+0x34> cmpwi cr7,r0,0
> 005b7b80 <solisten_wakeup+0x38> beq- cr7,005b7b98 =
<solisten_wakeup+0x50>
> 005b7b84 <solisten_wakeup+0x3c> lwz r4,236(r3)
> 005b7b88 <solisten_wakeup+0x40> li r5,1
> 005b7b8c <solisten_wakeup+0x44> mtctr r0
> 005b7b90 <solisten_wakeup+0x48> bctrl
> lr:
> 005b7b94 <solisten_wakeup+0x4c> b 005b7bb4 =
<solisten_wakeup+0x6c>
> . . .
>=20
> Apparently this means that sol->sol_upcall is not
> pointing to code at all yet is not null. Given the
> variability observed, it might be uninitialized
> --or sol itself is junk. . .
Note: r3 reported as: 0x70bf860
void
solisten_wakeup(struct socket *sol)
{
if (sol->sol_upcall !=3D NULL)
(void )sol->sol_upcall(sol, sol->sol_upcallarg, =
M_NOWAIT);
else {
selwakeuppri(&sol->so_rdsel, PSOCK);
KNOTE_LOCKED(&sol->so_rdsel.si_note, 0);
}
SOLISTEN_UNLOCK(sol);
wakeup_one(&sol->sol_comp);
}
(kgdb) print/x &((struct socket*)0x70bf860)->sol_upcall
$3 =3D 0x70bf948
(kgdb) print/x ((struct socket*)0x70bf860)->sol_upcall
$2 =3D 0x70bf878
(kgdb) print/x &((struct socket*)0x70bf860)->so_rdsel
$7 =3D 0x70bf878
(kgdb) print/x &((struct socket*)0x70bf860)->so_rdsel.si_tdlist
$8 =3D 0x70bf878
(kgdb) print/x &((struct =
socket*)0x70bf860)->so_rdsel.si_tdlist.tqh_first
$9 =3D 0x70bf878
But comparing to the first anonymous struct in
the union in the new "struct socket":
(kgdb) print/x &((struct socket*)0x70bf860)->sol_upcall
$15 =3D 0x70bf948
(kgdb) print/x &((struct socket*)0x70bf860)->so_rcv->sb_sel
$22 =3D 0x70bf948
->so_rcv is a struct sockbuf and ->so_rcv->sb_sel
is a struct slinfo* .
So pointing back to ->so_rdsel might well make sense.
The rest is just supporting notes from things that I
looked at before isolating the above relationship.
(these are
kgdb reported
addresses, not
vmcore.5 file
offsets)
0x70bf860: 0x00c4a0b4 0x01430000 0x00000000 =
0x00000000
. . .
0x70bf940: 0x00000000 0x00000000 0x070bf878 =
0x00000000
but:
0x70bf870: 0x05ab8ae0 0x00000002 0x07271f80 =
0x07271f84
(kgdb) print/x *((struct socket*)0x70bf860) =20
$4 =3D {so_lock =3D {lock_object =3D {lo_name =3D 0xc4a0b4, lo_flags =3D =
0x1430000, lo_data =3D 0x0, lo_witness =3D 0x0}, mtx_lock =3D =
0x5ab8ae0}, so_count =3D 0x2, so_rdsel =3D {si_tdlist =3D {tqh_first =3D =
0x7271f80,=20
tqh_last =3D 0x7271f84}, si_note =3D {kl_list =3D {slh_first =3D =
0x0}, kl_lock =3D 0x5b6e84, kl_unlock =3D 0x5b6c64, kl_assert_locked =3D =
0x5b65d4, kl_assert_unlocked =3D 0x5b65f0, kl_lockarg =3D 0x70bf860,=20
kl_autodestroy =3D 0x0}, si_mtx =3D 0x5ab01f0}, so_wrsel =3D =
{si_tdlist =3D {tqh_first =3D 0x0, tqh_last =3D 0x0}, si_note =3D =
{kl_list =3D {slh_first =3D 0x0}, kl_lock =3D 0x5b6d64, kl_unlock =3D =
0x5b6b64,=20
kl_assert_locked =3D 0x5b660c, kl_assert_unlocked =3D 0x5b6628, =
kl_lockarg =3D 0x70bf860, kl_autodestroy =3D 0x0}, si_mtx =3D 0x0}, =
so_type =3D 0x1, so_options =3D 0x2, so_linger =3D 0x0, so_state =3D =
0x0,=20
so_pcb =3D 0x70b08a0, so_vnet =3D 0x0, so_proto =3D 0xd03060, so_timeo =
=3D 0x0, so_error =3D 0x0, so_sigio =3D 0x0, so_cred =3D 0x5b2e600, =
so_label =3D 0x0, so_gencnt =3D 0x1285, so_emuldata =3D 0x0, osd =3D {
osd_nslots =3D 0x0, osd_slots =3D 0x0, osd_next =3D {le_next =3D =
0x0, le_prev =3D 0x0}}, so_fibnum =3D 0x0, so_user_cookie =3D 0x0, =
so_ts_clock =3D 0x0, so_max_pacing_rate =3D 0x0, {{so_rcv =3D {sb_mtx =3D =
{
lock_object =3D {lo_name =3D 0x0, lo_flags =3D 0x70bf920, =
lo_data =3D 0x5d17860, lo_witness =3D 0x5d17a60}, mtx_lock =3D 0x1}, =
sb_sx =3D {lock_object =3D {lo_name =3D 0x0, lo_flags =3D 0x80, lo_data =
=3D 0x0,=20
lo_witness =3D 0x0}, sx_lock =3D 0x0}, sb_sel =3D 0x70bf878, =
sb_state =3D 0x0, sb_mb =3D 0x1, sb_mbtail =3D 0x800, sb_lastrecord =3D =
0x2000, sb_sndptr =3D 0x2000, sb_fnrdy =3D 0x0, sb_sndptroff =3D 0x0,=20
sb_acc =3D 0x0, sb_ccc =3D 0x0, sb_hiwat =3D 0x0, sb_mbcnt =3D =
0x0, sb_mcnt =3D 0x0, sb_ccnt =3D 0x0, sb_mbmax =3D 0x0, sb_ctl =3D 0x0, =
sb_lowat =3D 0x1, sb_timeo =3D 0x0, sb_flags =3D 0x0, sb_upcall =3D 0x0,=20=
sb_upcallarg =3D 0x0, sb_aiojobq =3D {tqh_first =3D 0x0, =
tqh_last =3D 0x70bf9a4}, sb_aiotask =3D {ta_link =3D {stqe_next =3D =
0x0}, ta_pending =3D 0x0, ta_priority =3D 0x0, ta_func =3D 0x58eeb4,=20
ta_context =3D 0x70bf860}}, so_snd =3D {sb_mtx =3D =
{lock_object =3D {lo_name =3D 0xc588cc, lo_flags =3D 0x1020000, lo_data =
=3D 0x0, lo_witness =3D 0x0}, mtx_lock =3D 0x6}, sb_sx =3D {lock_object =
=3D {
lo_name =3D 0xc58efc, lo_flags =3D 0x2320000, lo_data =3D =
0x0, lo_witness =3D 0x0}, sx_lock =3D 0x6}, sb_sel =3D 0x70bf8a0, =
sb_state =3D 0x0, sb_mb =3D 0x0, sb_mbtail =3D 0x0, sb_lastrecord =3D =
0x0,=20
sb_sndptr =3D 0x0, sb_fnrdy =3D 0x0, sb_sndptroff =3D 0x0, =
sb_acc =3D 0x0, sb_ccc =3D 0x0, sb_hiwat =3D 0x0, sb_mbcnt =3D 0x0, =
sb_mcnt =3D 0x0, sb_ccnt =3D 0x0, sb_mbmax =3D 0x0, sb_ctl =3D 0x0, =
sb_lowat =3D 0x800,=20
sb_timeo =3D 0x0, sb_flags =3D 0x0, sb_upcall =3D 0x0, =
sb_upcallarg =3D 0x0, sb_aiojobq =3D {tqh_first =3D 0x0, tqh_last =3D =
0x70bfa44}, sb_aiotask =3D {ta_link =3D {stqe_next =3D 0x0}, ta_pending =
=3D 0x0,=20
ta_priority =3D 0x0, ta_func =3D 0x58ee80, ta_context =3D =
0x70bf860}}, so_list =3D {tqe_next =3D 0x0, tqe_prev =3D 0x0}, so_listen =
=3D 0x0, so_qstate =3D 0x0, so_peerlabel =3D 0x0, so_oobmark =3D 0x0}, {
sol_incomp =3D {tqh_first =3D 0x0, tqh_last =3D 0x70bf920}, =
sol_comp =3D {tqh_first =3D 0x5d17860, tqh_last =3D 0x5d17a60}, sol_qlen =
=3D 0x1, sol_incqlen =3D 0x0, sol_qlimit =3D 0x80, sol_accept_filter =3D =
0x0,=20
sol_accept_filter_arg =3D 0x0, sol_accept_filter_str =3D 0x0, =
sol_upcall =3D 0x70bf878, sol_upcallarg =3D 0x0, sol_sbrcv_lowat =3D =
0x1, sol_sbsnd_lowat =3D 0x800, sol_sbrcv_hiwat =3D 0x2000,=20
sol_sbsnd_hiwat =3D 0x2000, sol_sbrcv_flags =3D 0x0, =
sol_sbsnd_flags =3D 0x0, sol_sbrcv_timeo =3D 0x0, sol_sbsnd_timeo =3D =
0x0}}}
For lo_name in sb_sx's lock_object:
(kgdb) x/64c 0xc58ef0
0xc58ef0 <.rodata.str1.4+376864>: 116 't' 109 'm' 99 'c' 111 'o' =
112 'p' 121 'y' 105 'i' 110 'n'
0xc58ef8 <.rodata.str1.4+376872>: 0 '\0' 0 '\0' 0 '\0' 0 '\0' =
115 's' 111 'o' 95 '_' 115 's'
0xc58f00 <.rodata.str1.4+376880>: 110 'n' 100 'd' 95 '_' 115 's' =
120 'x' 0 '\0' 0 '\0' 0 '\0'
which looks coherent to me: so_snd_sx
For ta_func in sb_aiotask:
(kgdb) x/64i 0x58ee80
0x58ee80 <soaio_snd>: stwu r1,-32(r1)
. . .
Looks coherent to me.
But sol_upcall does not.
>=20
>=20
> 005b8548 <soisconnected+0x1f8> li r10,1
> 005b854c <soisconnected+0x1fc> b 005b8558 <soisconnected+0x208>
> 005b8550 <soisconnected+0x200> stwcx. r10,0,r9
> 005b8554 <soisconnected+0x204> li r10,0
> 005b8558 <soisconnected+0x208> cmpwi cr7,r10,0
> 005b855c <soisconnected+0x20c> bne- cr7,005b8568 =
<soisconnected+0x218>
> 005b8560 <soisconnected+0x210> addi r3,r28,16
> 005b8564 <soisconnected+0x214> bl 004d4218 <__mtx_unlock_sleep>
> 005b8568 <soisconnected+0x218> mr r3,r27
> at soisconnected+0x21c:
> 005b856c <soisconnected+0x21c> bl 005b7b48 <solisten_wakeup>
> 005b8570 <soisconnected+0x220> b 005b89f0 <soisconnected+0x6a0>
> . . .
>=20
> void
> soisconnected(struct socket *so)
> {
> struct socket *head;
> . . .
> restart: =20
> SOCK_LOCK(so);
> if ((head =3D so->so_listen) !=3D NULL &&
> __predict_false(SOLISTEN_TRYLOCK(head) =3D=3D 0)) {
> SOCK_UNLOCK(so);
> goto restart;
> } =20
> so->so_state &=3D =
~(SS_ISCONNECTING|SS_ISDISCONNECTING|SS_ISCONFIRMING);
> so->so_state |=3D SS_ISCONNECTED;
> if (head !=3D NULL && (so->so_qstate =3D=3D SQ_INCOMP)) {
> again:
> if ((so->so_options & SO_ACCEPTFILTER) =3D=3D 0) {
> TAILQ_REMOVE(&head->sol_incomp, so, so_list);
> head->sol_incqlen--;
> TAILQ_INSERT_TAIL(&head->sol_comp, so, =
so_list);
> head->sol_qlen++;
> so->so_qstate =3D SQ_COMP;
> SOCK_UNLOCK(so);
> solisten_wakeup(head); /* unlocks */
> . . .
Exception and its struct trapframe:
(these are
vmcore file
offsets:
subtract
0x1000 to
get
address)
[ lr#0 ]: inside dbtrap
00c83f40 d2 50 a4 e0 00 10 0c 54 07 0b f8 78 d2 50 a4 e0 =
|.P.....T...x.P..|
00c83f50 05 ab 8a e0 07 0b f8 60 00 00 00 00 00 00 00 01 =
|.......`........|
[ r3 ]
00c83f60 00 00 00 00 00 00 00 01 00 00 00 00 05 d1 78 70 =
|..............xp|
00c83f70 00 00 00 01 05 ab 8a e0 00 00 00 00 00 00 00 00 =
|................|
00c83f80 01 81 00 00 01 82 00 00 00 00 00 00 01 82 00 00 =
|................|
00c83f90 01 82 00 00 00 03 8d 6c 00 03 8d 6c 00 00 00 00 =
|.......l...l....|
00c83fa0 ff ff d7 58 00 00 00 00 00 d1 1a 84 00 d1 1a 84 =
|...X............|
00c83fb0 d2 50 a5 1c 07 0b f8 60 05 d1 78 60 07 0b f8 60 =
|.P.....`..x`...`|
[ r28 ]
00c83fc0 00 d2 aa a0 d2 50 a4 e0 00 5b 7b 94 20 00 f0 44 =
|.....P...[{. ..D|
[ lr#1 ]: solisten_wakeup+0x4c
00c83fd0 00 00 00 00 07 0b f8 78 07 0b f8 78 00 08 90 32 =
|.......x...x...2|
[ srr0 ]
[exception]
00c83fe0 00 00 07 00 00 00 00 00 00 00 00 00 01 c4 5f 00 =
|.............._.|
00c83ff0 00 00 00 00 00 10 01 40 00 00 00 00 00 00 00 00 =
|.......@........|
solisten_wakeup+0x4c's related stack frame:
0b4004e0 d2 50 a5 00 00 50 8d f8 00 d2 b0 60 00 00 00 04 =
|.P...P.....`....|
0b4004f0 05 d1 7a 78 05 d1 79 30 00 d2 aa a0 d2 50 a5 00 =
|..zx..y0.....P..|
0xd250a500: at soisconnected+0x21c (at stays the same)
0b400500 d2 50 a5 40 00 5b 85 70 00 d2 aa a0 d2 50 a5 10 =
|.P.@.[.p.....P..|
0b400510 d2 50 a5 60 00 5b d0 d8 00 d2 ab 90 00 00 00 04 =
|.P.`.[..........|
0b400520 05 d1 78 60 05 ab 8a e0 07 25 94 80 05 d1 7a 78 =
|..x`.....%....zx|
0b400530 07 0b 7a 10 05 d1 78 60 00 d2 ab 90 d2 50 a5 40 =
|..z...x`.....P.@|
0xd250a540: at unp_connect2+0xf0 (at stays the same)
0b400540 d2 50 a5 60 00 5c 38 34 07 25 94 80 05 d1 7a 78 =
|.P.`.\84.%....zx|
0b400550 07 0b 7a 10 07 0b 79 58 00 d2 ab 90 d2 50 a5 60 =
|..z...yX.....P.`|
"so" first then "so2" second, with so2 failing:
0x005c3824 <unp_connect2+228>: mr r3,r8
0x005c3828 <unp_connect2+232>: bl 0x5b8350 <soisconnected>
0x005c382c <unp_connect2+236>: mr r3,r29
0x005c3830 <unp_connect2+240>: bl 0x5b8350 <soisconnected>
0x005c3834 <unp_connect2+244>: li r3,0
static int
unp_connect2(struct socket *so, struct socket *so2, int req)
. . .
case SOCK_STREAM:
case SOCK_SEQPACKET:
unp2->unp_conn =3D unp;
if (req =3D=3D PRU_CONNECT &&
((unp->unp_flags | unp2->unp_flags) & UNP_CONNWAIT))
soisconnecting(so);
else
soisconnected(so);
soisconnected(so2);
break;
. . .
0xd250a560: at unp_connectat+0x658 (at stays the same)
0b400560 d2 50 a7 70 00 5c 3e c4 05 ab 8a e0 00 fd c1 c0 =
|.P.p.\>.........|
0b400570 d2 50 a6 3d 00 00 00 01 02 00 01 00 00 00 04 00 =
|.P.=3D............|
0b400580 04 00 00 00 00 00 00 00 00 00 00 00 05 a3 7c 60 =
|..............|`|
0b400590 00 00 00 00 ff ff ff 9c 00 00 00 00 00 fd c1 c0 =
|................|
0b4005a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =
|................|
0b4005b0 00 00 00 00 ff ff 00 00 00 00 00 00 00 00 00 00 =
|................|
0b4005c0 07 25 94 80 05 a3 72 40 00 00 00 01 05 b2 10 15 =
|.%....r@........|
0b4005d0 00 00 00 00 00 8c 05 bc 00 00 00 00 44 eb 41 81 =
|............D.A.|
0b4005e0 00 00 00 00 00 00 c1 44 05 ab 8a e0 05 b2 e6 00 =
|.......D........|
0b4005f0 00 20 00 00 05 b2 10 00 05 b2 10 09 00 00 00 0c |. =
..............|
0b400600 00 00 00 00 d2 50 a6 00 00 d3 23 bc 00 ce eb 40 =
|.....P....#....@|
0b400610 07 25 94 80 d2 50 a6 38 05 b2 e6 00 05 ab 8a e0 =
|.%...P.8........|
0b400620 02 00 01 00 00 00 04 00 04 00 00 00 00 00 00 00 =
|................|
0b400630 05 c9 91 ec 00 00 00 04 07 0b 79 58 d2 2f 76 61 =
|..........yX./va|
0b400640 72 2f 72 75 6e 2f 72 70 63 62 69 6e 64 2e 73 6f =
|r/run/rpcbind.so|
0b400650 63 6b 00 70 00 00 00 05 00 00 00 00 00 00 00 10 =
|ck.p............|
0b400660 05 d8 c4 80 d0 21 56 d4 00 d3 23 bc 00 00 00 04 =
|.....!V...#.....|
0b400670 d2 50 a6 a0 40 00 f0 34 00 d1 1a 84 00 f5 0d 00 =
|.P..@..4........|
0b400680 00 f5 0d 00 00 d1 1a 84 05 c9 91 ec 00 00 00 08 =
|................|
0b400690 41 99 00 00 05 c2 49 d8 41 98 80 00 41 98 c0 00 =
|A.....I.A...A...|
0b4006a0 00 00 00 07 00 00 00 05 d0 21 57 c8 41 99 00 00 =
|.........!W.A...|
0b4006b0 05 c9 91 ec 00 fd c1 c0 00 d3 36 8c d2 50 a6 c0 =
|..........6..P..|
0b4006c0 d2 50 a6 e0 00 8c 74 c0 05 c9 91 38 00 00 00 04 =
|.P....t....8....|
0b4006d0 d2 50 a6 f0 00 fd c1 c0 d2 50 a6 e0 d2 50 a6 e0 =
|.P.......P...P..|
0b4006e0 d2 50 a7 10 00 8f a0 94 d2 50 a6 f0 d2 50 a6 f0 =
|.P.......P...P..|
0b4006f0 d2 50 a7 10 00 00 00 00 00 00 01 21 00 00 00 41 =
|.P.........!...A|
0b400700 00 00 00 06 05 be e4 c0 00 d2 ab 64 d2 50 a7 10 =
|...........d.P..|
0b400710 d2 50 a7 80 00 48 f2 70 00 d3 11 94 d2 50 a7 20 =
|.P...H.p.....P. |
0b400720 d2 50 a7 40 00 87 1c 04 02 00 07 ff ff ff ff ff =
|.P.@............|
0b400730 04 00 00 00 00 1f ff ff 00 d3 10 54 68 a4 aa 22 =
|...........Th.."|
0b400740 d2 50 a7 60 00 87 1c 40 00 00 00 00 05 ab 8a e0 =
|.P.`...@........|
0b400750 05 ab 8a e0 ff ff ff 9c 05 ab 8a e0 05 ab 8a e0 =
|................|
0b400760 05 b1 54 20 05 d1 7a 78 00 d2 ab 90 d2 50 a7 70 |..T =
..zx.....P.p|
The unp_connectat context is more complicated so I stop
quoting code here.
0xd250a770: at unp_connect+0x2c (at stays the same)
0b400770 d2 50 a7 90 00 5c 41 c8 00 d2 ab 64 d2 50 a7 80 =
|.P...\A....d.P..|
0b400780 d2 50 a7 e0 00 48 f5 e0 d2 50 a7 90 00 00 00 00 =
|.P...H...P......|
0xd250a790: at uipc_connect+0xc0 (at stays the same)
0b400790 d2 50 a7 d0 00 5c 7b cc 00 00 00 06 05 be e4 c0 =
|.P...\{.........|
0b4007a0 d2 50 a8 10 00 86 32 e8 20 00 f0 38 00 00 00 01 |.P....2. =
..8....|
0b4007b0 00 03 8d 6c 00 00 00 00 ff ff d7 58 05 b1 54 20 =
|...l.......X..T |
0b4007c0 ff ff ff 9c 05 d1 7a 78 00 d2 ab 64 d2 50 a7 d0 =
|......zx...d.P..|
0xd250a7d0: at soconnectat+0xa0 (at stays the same)
0b4007d0 d2 50 a8 00 00 5b 61 68 00 d2 ab 64 d2 50 a7 e0 =
|.P...[ah...d.P..|
0b4007e0 d2 50 a8 20 00 5b ff 64 05 b1 54 20 05 ab 8a e0 |.P. .[.d..T =
....|
0b4007f0 00 00 00 00 05 d1 7a 78 00 d2 ab 64 d2 50 a8 00 =
|......zx...d.P..|
0xd250a800: at soconnect+0x2c (at stays the same)
0b400800 d2 50 a8 20 00 5b 61 f4 05 b1 54 20 05 ab 8a e0 |.P. .[a...T =
....|
0b400810 00 00 00 25 05 d1 7a 78 d2 50 a8 20 d2 50 a8 20 |...%..zx.P. =
.P. |
0xd250a820: at kern_connect+0134 (at stays the same)
0b400820 d2 50 a8 70 00 5c 19 14 ff ff d7 68 00 00 00 16 =
|.P.p.\.....h....|
0b400830 00 00 00 17 05 b1 54 20 02 00 00 00 80 00 00 00 |......T =
........|
0b400840 04 00 00 00 00 00 00 00 41 98 c0 00 05 be e4 c0 =
|........A.......|
0b400850 05 ab 8a e0 00 00 00 00 d2 50 aa 88 05 ab 8a e0 =
|.........P......|
0b400860 00 00 00 00 05 ab 8d 78 00 d2 ab 64 d2 50 a8 70 =
|.......x...d.P.p|
0xd250a870: at sys_connect+0x64 (at stays the same)
0b400870 d2 50 a8 b0 00 5c 1c 58 d2 50 aa 88 00 00 04 00 =
|.P...\.X.P......|
0b400880 00 00 00 01 d2 50 aa 88 00 00 00 80 05 b1 54 20 =
|.....P........T |
0b400890 d2 50 a8 b0 00 8f c3 b0 d2 50 aa 88 00 00 00 00 =
|.P.......P......|
0b4008a0 05 ab 8d 70 05 d9 5a b0 00 d3 37 e8 d2 50 a8 b0 =
|...p..Z...7..P..|
0xd250a8b0: at trap+0x638 (at stays the same)
0b4008b0 d2 50 aa 50 00 8f cc 3c 5a 2e a6 14 b1 ae c2 60 =
|.P.P...<Z......`|
0b4008c0 00 00 00 00 05 ab 8a e0 00 d2 8e 28 d2 50 a8 d0 =
|...........(.P..|
0b4008d0 d2 50 a8 f0 00 8f 47 e0 05 b9 a4 00 00 00 00 00 =
|.P....G.........|
0b4008e0 00 00 00 01 05 ab 8a e0 00 d2 8e 28 d2 50 a8 f0 =
|...........(.P..|
0b4008f0 d2 50 a9 10 00 51 09 b0 00 00 00 00 00 00 00 00 =
|.P...Q..........|
0b400900 c2 b6 68 a7 df 5d 0d 00 00 d3 21 38 d2 50 a9 10 =
|..h..]....!8.P..|
0b400910 d2 50 a9 30 00 49 88 38 00 00 00 00 00 00 00 00 =
|.P.0.I.8........|
0b400920 d2 50 a9 40 00 00 00 00 d2 50 a9 30 00 00 00 00 =
|.P.@.....P.0....|
0b400930 d2 50 a9 60 05 ab 8a e0 00 d3 21 38 d2 50 a9 40 =
|.P.`......!8.P.@|
0b400940 d2 50 a9 60 00 8f 47 e0 05 ab 8a e0 00 00 00 14 =
|.P.`..G.........|
0b400950 c2 b6 68 a7 df 5d 0d 00 00 d3 21 38 d2 50 a9 60 =
|..h..]....!8.P.`|
0b400960 d2 50 a9 b0 00 8b 57 18 d2 50 a9 70 00 00 00 00 =
|.P....W..P.p....|
0b400970 d2 50 a9 b0 00 00 00 00 00 00 00 00 00 00 00 04 =
|.P..............|
0b400980 00 00 00 00 00 00 00 00 ff ff d7 58 00 01 86 a0 =
|...........X....|
0b400990 00 00 00 03 00 f6 f6 90 00 00 00 14 c2 b6 68 a7 =
|..............h.|
0b4009a0 df 5d 0d 00 df 5d 0d 30 00 d3 21 38 d2 50 a9 b0 =
|.]...].0..!8.P..|
0b4009b0 d2 50 aa 30 00 8b 73 88 00 00 00 00 00 00 00 00 =
|.P.0..s.........|
0b4009c0 00 00 00 00 05 d9 5a b0 00 00 00 00 00 00 00 14 =
|......Z.........|
0b4009d0 c2 b6 68 a7 c9 51 c2 06 00 00 00 00 00 00 00 00 =
|..h..Q..........|
0b4009e0 00 00 00 00 00 00 00 00 01 81 00 00 01 82 00 00 =
|................|
0b4009f0 00 00 00 00 01 82 00 00 01 82 00 00 00 03 8d 6c =
|...............l|
0b400a00 00 03 51 ec 00 00 0e e0 01 81 00 00 01 82 00 00 =
|..Q.............|
0b400a10 00 00 00 00 01 82 00 00 01 82 00 00 00 03 8d 6c =
|...............l|
0b400a20 00 03 8d 6c 00 00 00 00 ff ff d7 58 00 01 86 a0 =
|...l.......X....|
0b400a30 00 00 00 03 d2 50 aa 88 05 ab 8a e0 00 00 23 28 =
|.....P........#(|
0b400a40 41 cf 70 00 42 00 00 00 00 d3 34 88 d2 50 aa 50 =
|A.p.B.....4..P.P|
0xd250aa50: at powerpc_interrupt+0x1a0 (at stays the same)
0b400a50 d2 50 aa 80 00 8f 20 dc d2 50 aa 60 d2 50 aa 60 |.P.... =
..P.`.P.`|
0b400a60 d2 50 aa 80 00 00 00 04 00 00 23 28 00 00 23 28 =
|.P........#(..#(|
0b400a70 41 cf 70 00 42 00 00 00 10 34 4e bf 00 00 f0 32 =
|A.p.B....4N....2|
0xd250aa80: at user SC trap (at stays the same)
by 0x419db168 (stays the same)
srr1=3D0xf032 (stays the same)
r1 =3D0xffffd5e0 (stays the same)
cr =3D0x24440840 (stays the same)
xer =3D0x20000000 (stays the same)
ctr =3D0x419db160 (stays the same)
0b400a80 ff ff d5 e0 00 10 08 f8 00 00 00 62 ff ff d5 e0 =
|...........b....|
0b400a90 41 a4 60 08 00 00 00 04 ff ff d7 68 00 00 00 17 =
|A.`........h....|
0b400aa0 00 03 80 00 41 a5 99 34 ff ff d2 64 ff ff d2 60 =
|....A..4...d...`|
0b400ab0 00 05 8a ad 00 00 02 9b 41 83 e4 00 00 00 00 00 =
|........A.......|
0b400ac0 01 81 00 00 01 82 00 00 00 00 00 00 01 82 00 00 =
|................|
0b400ad0 01 82 00 00 00 03 8d 6c 00 03 8d 6c 00 00 00 00 =
|.......l...l....|
=3D=3D=3D
Mark Millard
markmi at dsl-only.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C743FFC-2E40-4077-988C-8C4BFBA7556B>