From owner-freebsd-hackers@freebsd.org Fri Jun 23 22:45:07 2017 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E35C4D8BCA4 for ; Fri, 23 Jun 2017 22:45:07 +0000 (UTC) (envelope-from markmi@dsl-only.net) Received: from asp.reflexion.net (outbound-mail-210-43.reflexion.net [208.70.210.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8F9A0777FE for ; Fri, 23 Jun 2017 22:45:06 +0000 (UTC) (envelope-from markmi@dsl-only.net) Received: (qmail 2721 invoked from network); 23 Jun 2017 22:45:05 -0000 Received: from unknown (HELO mail-cs-02.app.dca.reflexion.local) (10.81.19.2) by 0 (rfx-qmail) with SMTP; 23 Jun 2017 22:45:05 -0000 Received: by mail-cs-02.app.dca.reflexion.local (Reflexion email security v8.40.1) with SMTP; Fri, 23 Jun 2017 18:45:05 -0400 (EDT) Received: (qmail 17594 invoked from network); 23 Jun 2017 22:45:05 -0000 Received: from unknown (HELO iron2.pdx.net) (69.64.224.71) by 0 (rfx-qmail) with (AES256-SHA encrypted) SMTP; 23 Jun 2017 22:45:05 -0000 Received: from [192.168.1.114] (c-76-115-7-162.hsd1.or.comcast.net [76.115.7.162]) by iron2.pdx.net (Postfix) with ESMTPSA id E965CEC86E7; Fri, 23 Jun 2017 15:45:04 -0700 (PDT) From: Mark Millard Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: Example head -r317820 manual backtrace that jumps to non-code (from a vmcore inspection); eventually kernel-thread stack overflowed Date: Fri, 23 Jun 2017 15:45:04 -0700 References: <0CB80542-64A3-4A5C-93A5-67F32104549B@dsl-only.net> <1A0158FB-3A37-460D-A532-E1BA00A310B2@dsl-only.net> To: FreeBSD PowerPC ML , freebsd-hackers@freebsd.org In-Reply-To: <1A0158FB-3A37-460D-A532-E1BA00A310B2@dsl-only.net> Message-Id: <559F5AC0-A5CE-4D37-A6DE-7BF71EF71420@dsl-only.net> X-Mailer: Apple Mail (2.3273) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jun 2017 22:45:08 -0000 [I've added notes about srr0 in the 0x700 trap frames: they are all 0x0 . It is not true of the 0x300 trap frame on tmpstk (from the kernel-thread stack overflow).] On 2017-Jun-23, at 3:01 PM, Mark Millard wrote: > [I've added somewhat more summary information to > one of the omitted stack regions.] >=20 > On 2017-Jun-23, at 2:58 AM, Mark Millard wrote: >=20 >> [For this memory layout the old PowerMac G5 >> so-called "Quad Core" running 32-bit >> powerpc FreeBSD ran for over 10 days, 8 hours >> before it finally had an example panic.] >>=20 >> This is from pid 960 tid 100110 "powerpd" with=20 >> stack 0xd24da000-0xd24ddfff (virtual). >>=20 >> Note: physical address in kgdb =3D vmcore_offset - 0x1000 >>=20 >> Look for sched_userret 's call and what happens after. >> And later for pvo_tree_RB_FIND 's call and what happens after. >>=20 >>=20 >> Working from high stack physical memory to low: >>=20 >> > offset> [ lr ] >> 06b2da80 ff ff dc a0 00 10 08 f8 00 00 00 ca ff ff dc a0 = |................| >>=20 >> (kgdb listing around lr) >> 0x1008ec : isync >> 0x1008f0 : addi r3,r1,8 >> 0x1008f4 : bl 0x8e7c64 >> 0x1008f8 : mfmsr r3 >> 0x1008fc : andi. r3,r3,32767 >>=20 >> [stkbckptr] [ lr ] >> 06b2da50 d2 4d da 80 00 8e 7e 08 00 10 08 f8 00 00 90 32 = |.M....~........2| >>=20 >> 0x8e7df0 : mfmsr r0 >> 0x8e7df4 : or r0,r0,r9 >> 0x8e7df8 : mtmsr r0 >> 0x8e7dfc : isync >> 0x8e7e00 : mr r3,r25 >> 0x8e7e04 : bl 0x8f231c >> 0x8e7e08 : lwz r11,0(r1) >> 0x8e7e0c : lwz r0,4(r11) >> 0x8e7e10 : mtlr r0 >>=20 >> [stkbckptr] [ lr#0 ] >> 06b2d990 d2 4d da 50 00 10 08 f8 00 00 0c 00 d2 4d da 50 = |.M.P.........M.P| >> 06b2d9a0 05 ad e0 00 00 00 00 00 d2 4d da 88 00 00 0c 00 = |.........M......| >> 06b2d9b0 ff ff dc d8 00 00 00 00 00 00 00 00 00 f6 58 00 = |..............X.| >> 06b2d9c0 00 00 00 00 41 9b 13 ac 01 81 00 00 00 00 00 00 = |....A...........| >> 06b2d9d0 00 00 00 01 00 00 00 02 43 1b de 83 01 81 33 68 = |........C.....3h| >> 06b2d9e0 01 81 00 00 01 81 00 00 00 00 00 00 ff ff dd f0 = |................| >> 06b2d9f0 00 00 04 e2 ff ff dd 70 00 00 00 50 d2 4d da 88 = |.......p...P.M..| >> 06b2da00 05 ad e0 00 01 81 33 60 41 a1 e5 68 0a 00 00 00 = |......3`A..h....| >> 06b2da10 00 d2 7e 68 d2 4d da 50 00 8e 7e 00 20 00 f0 34 = |..~h.M.P..~. ..4| >> [ lr#1 ] >>=20 >> 06b2da20 00 00 00 00 00 00 00 00 00 00 00 00 00 08 10 32 = |...............2| I'll use this first example to show srr0 from a trap frame for a 0x700 exception: 06b2da20 00 00 00 00 00 00 00 00 00 00 00 00 00 08 10 32 = |...............2| [ srr0 ] The ssr0 value is zero. That is true of all the rest of the 0x700 exception trap frames as well. (But not the final 0x300 one that is shown towards the end of the submittal.) 0x0: .long 0x0 0x4: .long 0x0 0x8: .long 0x0 0xc: .long 0x0 0x10: .long 0x0 0x14: .long 0xffa35e50 0x18: .long 0xffa35ee8 0x1c: .long 0x0 >> [exception] >> 06b2da30 00 00 07 00 41 a1 e5 68 0a 00 00 00 01 81 00 00 = |....A..h........| >> 06b2da40 41 9d e5 d4 42 00 00 00 00 d2 7e 68 d2 4d da 50 = |A...B.....~h.M.P| >>=20 >> lr#0: >> 0x1008ec : isync >> 0x1008f0 : addi r3,r1,8 >> 0x1008f4 : bl 0x8e7c64 >> 0x1008f8 : mfmsr r3 >> 0x1008fc : andi. r3,r3,32767 >>=20 >> lr#1: >> 0x8e7df0 : mfmsr r0 >> 0x8e7df4 : or r0,r0,r9 >> 0x8e7df8 : mtmsr r0 >> 0x8e7dfc : isync >> 0x8e7e00 : mr r3,r25 >> 0x8e7e04 : bl 0x8f231c >> 0x8e7e08 : lwz r11,0(r1) >>=20 >> (I will not repeat the #0 and #1 labels below for this >> very repetitive structure.) >>=20 >> [stkbckptr] [ lr ] >> 06b2d960 d2 4d d9 90 00 8a b4 a8 d2 4d d9 70 d2 4d d9 70 = |.M.......M.p.M.p| >>=20 >> 0x8ab470 : lwz r9,-32720(r30) >> 0x8ab474 : lwz r9,0(r9) >> 0x8ab478 : mtctr r9 >> 0x8ab47c : mr r3,r4 >> 0x8ab480 : mr r4,r29 >> 0x8ab484 : li r5,0 >> 0x8ab488 : li r6,0 >> 0x8ab48c : li r7,0 >> 0x8ab490 : li r8,0 >> 0x8ab494 : bctrl >> 0x8ab498 : sync =20 >> 0x8ab49c : li r0,4 >> 0x8ab4a0 : stw r0,16(r29) >> 0x8ab4a4 : bl 0x8ea4e8 >> 0x8ab4a8 : b 0x8ab518 = >> 0x8ab4ac : lwz r11,-32748(r30) >>=20 >> [stkbckptr] [ lr ] >> 06b2d8a0 d2 4d d9 60 00 10 08 f8 00 00 07 00 d2 4d d9 60 = |.M.`.........M.`| >> 06b2d8b0 05 ad e0 00 00 00 00 00 d2 4d d9 98 00 00 07 00 = |.........M......| >> 06b2d8c0 ff ff dc d8 00 00 00 00 00 00 00 00 00 f6 58 00 = |..............X.| >> 06b2d8d0 00 00 00 00 41 9b 13 ac 01 81 00 00 00 00 00 00 = |....A...........| >> 06b2d8e0 00 00 00 01 00 00 00 02 43 1b de 83 01 81 33 68 = |........C.....3h| >> 06b2d8f0 01 81 00 00 01 81 00 00 00 00 00 00 ff ff dd f0 = |................| >> 06b2d900 00 00 04 e2 ff ff dd 70 00 00 00 50 d2 4d d9 98 = |.......p...P.M..| >> 06b2d910 05 ad e0 00 01 81 33 60 41 a1 e5 68 0a 00 00 00 = |......3`A..h....| >> 06b2d920 00 d2 7e 68 d2 4d d9 60 00 8e 7e 00 20 08 10 34 = |..~h.M.`..~. ..4| >> [ lr ] >>=20 >> 06b2d930 00 00 00 00 00 00 00 00 00 00 00 00 00 08 10 32 = |...............2| >>=20 >> [exception] >> 06b2d940 00 00 07 00 41 a1 e5 68 0a 00 00 00 00 0d 00 56 = |....A..h.......V| >> 06b2d950 52 66 54 bf df 5d 0d 00 00 d2 6b 18 d2 4d d9 60 = |RfT..]....k..M.`| >>=20 >> 0x1008ec : isync >> 0x1008f0 : addi r3,r1,8 >> 0x1008f4 : bl 0x8e7c64 >> 0x1008f8 : mfmsr r3 >> 0x1008fc : andi. r3,r3,32767 >>=20 >> 0x8e7df0 : mfmsr r0 >> 0x8e7df4 : or r0,r0,r9 >> 0x8e7df8 : mtmsr r0 >> 0x8e7dfc : isync >> 0x8e7e00 : mr r3,r25 >> 0x8e7e04 : bl 0x8f231c >> 0x8e7e08 : lwz r11,0(r1) >>=20 >>=20 >> [stkbckptr] [ lr ] >> 06b2d870 d2 4d d8 a0 00 56 e7 68 00 d1 d5 cc d2 4d d8 80 = |.M...V.h.....M..| >>=20 >> 0x56e75c : bl 0x55c3cc >> 0x56e760 : mr r3,r28 >> 0x56e764 : bl 0x534744 >> 0x56e768 : lwz r9,-32756(r30) >>=20 >> [stkbckptr] [ lr ] >> 06b2d7b0 d2 4d d8 70 00 10 08 f8 00 00 07 00 d2 4d d8 70 = |.M.p.........M.p| >> 06b2d7c0 05 ad e0 00 00 00 00 00 d2 4d d8 a8 00 00 07 00 = |.........M......| >> 06b2d7d0 ff ff dc d8 00 00 00 00 00 00 00 00 00 f6 58 00 = |..............X.| >> 06b2d7e0 00 00 00 00 41 9b 13 ac 01 81 00 00 00 00 00 00 = |....A...........| >> 06b2d7f0 00 00 00 01 00 00 00 02 43 1b de 83 01 81 33 68 = |........C.....3h| >> 06b2d800 01 81 00 00 01 81 00 00 00 00 00 00 ff ff dd f0 = |................| >> 06b2d810 00 00 04 e2 ff ff dd 70 00 00 00 50 d2 4d d8 a8 = |.......p...P.M..| >> 06b2d820 05 ad e0 00 01 81 33 60 41 a1 e5 68 0a 00 00 00 = |......3`A..h....| >> 06b2d830 00 d2 7e 68 d2 4d d8 70 00 8e 7e 00 20 08 10 34 = |..~h.M.p..~. ..4| >> [ lr ] >>=20 >> 06b2d840 00 00 00 00 00 00 00 00 00 00 00 00 00 08 10 32 = |...............2| >>=20 >> [exception] >> 06b2d850 00 00 07 00 41 a1 e5 68 0a 00 00 00 05 ad e0 00 = |....A..h........| >> 06b2d860 d2 4d d8 88 05 f5 1a 50 00 d1 e7 24 d2 4d d8 70 = |.M.....P...$.M.p| >>=20 >> 0x1008ec : isync >> 0x1008f0 : addi r3,r1,8 >> 0x1008f4 : bl 0x8e7c64 >> 0x1008f8 : mfmsr r3 >> 0x1008fc : andi. r3,r3,32767 >>=20 >> 0x8e7df0 : mfmsr r0 >> 0x8e7df4 : or r0,r0,r9 >> 0x8e7df8 : mtmsr r0 >> 0x8e7dfc : isync >> 0x8e7e00 : mr r3,r25 >> 0x8e7e04 : bl 0x8f231c >> 0x8e7e08 : lwz r11,0(r1) >>=20 >>=20 >> [stkbckptr] [ lr ] >> 06b2d780 d2 4d d7 b0 00 00 00 02 00 d2 81 c8 d2 4d d7 90 = |.M...........M..| >>=20 >> 0x2: .long 0x0 >> 0x6: .long 0x0 >> 0xa: .long 0x0 >> 0xe: .long 0x0 >> 0x12: .long 0xffa3 >> 0x16: rlwnm. r16,r18,r31,30,17 >> 0x1a: rlwnm r8,r23,r0,0,0 >> 0x1e: .long 0x0 >> 0x22: .long 0x0 >> 0x26: .long 0x0 >> 0x2a: .long 0x0 >> 0x2e: .long 0x0 >>=20 >> [stkbckptr] [ lr ] >> 06b2d6c0 d2 4d d7 80 00 10 08 f8 00 00 07 00 d2 4d d7 80 = |.M...........M..| >> 06b2d6d0 05 ad e0 00 00 00 00 00 d2 4d d7 b8 00 00 07 00 = |.........M......| >> 06b2d6e0 ff ff dc d8 00 00 00 00 00 00 00 00 00 f6 58 00 = |..............X.| >> 06b2d6f0 00 00 00 00 41 9b 13 ac 01 81 00 00 00 00 00 00 = |....A...........| >> 06b2d700 00 00 00 01 00 00 00 02 43 1b de 83 01 81 33 68 = |........C.....3h| >> 06b2d710 01 81 00 00 01 81 00 00 00 00 00 00 ff ff dd f0 = |................| >> 06b2d720 00 00 04 e2 ff ff dd 70 00 00 00 50 d2 4d d7 b8 = |.......p...P.M..| >> 06b2d730 05 ad e0 00 01 81 33 60 41 a1 e5 68 0a 00 00 00 = |......3`A..h....| >> 06b2d740 00 d2 7e 68 d2 4d d7 80 00 8e 7e 00 20 08 10 34 = |..~h.M....~. ..4| >> [ lr ] >>=20 >> 06b2d750 00 00 00 00 00 00 00 00 00 00 00 00 00 08 10 32 = |...............2| >>=20 >> [exception] >> 06b2d760 00 00 07 00 41 a1 e5 68 0a 00 00 00 05 ad e0 00 = |....A..h........| >> 06b2d770 d2 4d d7 90 00 00 00 00 d2 4d d7 50 05 ad e0 00 = |.M.......M.P....| >>=20 >> 0x1008ec : isync >> 0x1008f0 : addi r3,r1,8 >> 0x1008f4 : bl 0x8e7c64 >> 0x1008f8 : mfmsr r3 >> 0x1008fc : andi. r3,r3,32767 >>=20 >> 0x8e7df0 : mfmsr r0 >> 0x8e7df4 : or r0,r0,r9 >> 0x8e7df8 : mtmsr r0 >> 0x8e7dfc : isync >> 0x8e7e00 : mr r3,r25 >> 0x8e7e04 : bl 0x8f231c >> 0x8e7e08 : lwz r11,0(r1) >>=20 >>=20 >> [stkbckptr] [ lr ] >> 06b2d690 d2 4d d6 c0 00 00 00 00 d2 4d d8 88 00 00 00 00 = |.M.......M......| >>=20 >> 0x0: .long 0x0 >> 0x4: .long 0x0 >> 0x8: .long 0x0 >> 0xc: .long 0x0 >> 0x10: .long 0x0 >> 0x14: .long 0xffa35e50 >> 0x18: .long 0xffa35ee8 >> 0x1c: .long 0x0 >>=20 >> [stkbckptr] [ lr ] >> 06b2d5d0 d2 4d d6 90 00 10 08 f8 00 00 07 00 d2 4d d6 90 = |.M...........M..| >> 06b2d5e0 05 ad e0 00 00 00 00 00 d2 4d d6 c8 00 00 07 00 = |.........M......| >> 06b2d5f0 ff ff dc d8 00 00 00 00 00 00 00 00 00 f6 58 00 = |..............X.| >> 06b2d600 00 00 00 00 41 9b 13 ac 01 81 00 00 00 00 00 00 = |....A...........| >> 06b2d610 00 00 00 01 00 00 00 02 43 1b de 83 01 81 33 68 = |........C.....3h| >> 06b2d620 01 81 00 00 01 81 00 00 00 00 00 00 ff ff dd f0 = |................| >> 06b2d630 00 00 04 e2 ff ff dd 70 00 00 00 50 d2 4d d6 c8 = |.......p...P.M..| >> 06b2d640 05 ad e0 00 01 81 33 60 41 a1 e5 68 0a 00 00 00 = |......3`A..h....| >> 06b2d650 00 d2 7e 68 d2 4d d6 90 00 8e 7e 00 20 08 10 34 = |..~h.M....~. ..4| >> [ lr ] >>=20 >> 06b2d660 00 00 00 00 00 00 00 00 00 00 00 00 00 08 10 32 = |...............2| >>=20 >> [exception] >> 06b2d670 00 00 07 00 41 a1 e5 68 0a 00 00 00 00 00 00 02 = |....A..h........| >> 06b2d680 d2 4d d6 b0 00 e8 7d 3c 00 f3 77 70 ff ff dd 70 = |.M....}<..wp...p| >>=20 >> 0x1008ec : isync >> 0x1008f0 : addi r3,r1,8 >> 0x1008f4 : bl 0x8e7c64 >> 0x1008f8 : mfmsr r3 >> 0x1008fc : andi. r3,r3,32767 >>=20 >> 0x8e7df0 : mfmsr r0 >> 0x8e7df4 : or r0,r0,r9 >> 0x8e7df8 : mtmsr r0 >> 0x8e7dfc : isync >> 0x8e7e00 : mr r3,r25 >> 0x8e7e04 : bl 0x8f231c >> 0x8e7e08 : lwz r11,0(r1) >>=20 >>=20 >> [stkbckptr] [ lr ] >> 06b2d5a0 d2 4d d5 d0 05 ad e0 00 00 d1 e5 3c d2 4d d5 b0 = |.M.........<.M..| >>=20 >> 0x5addff4: dozi r19,r0,-26304 >> 0x5addff8: dozi r18,r12,1536 >> 0x5addffc: dozi r18,r12,1472 >> 0x5ade000: .long 0xebb800 >> 0x5ade004: .long 0x5f51a50 >> 0x5ade008: .long 0x0 >> 0x5ade00c: .long 0x5f51a58 >>=20 >> [stkbckptr] [ lr ] >> 06b2d4e0 d2 4d d5 a0 00 10 08 f8 00 00 07 00 d2 4d d5 a0 = |.M...........M..| >> 06b2d4f0 05 ad e0 00 00 00 00 00 d2 4d d5 d8 00 00 07 00 = |.........M......| >> 06b2d500 ff ff dc d8 00 00 00 00 00 00 00 00 00 f6 58 00 = |..............X.| >> 06b2d510 00 00 00 00 41 9b 13 ac 01 81 00 00 00 00 00 00 = |....A...........| >> 06b2d520 00 00 00 01 00 00 00 02 43 1b de 83 01 81 33 68 = |........C.....3h| >> 06b2d530 01 81 00 00 01 81 00 00 00 00 00 00 ff ff dd f0 = |................| >> 06b2d540 00 00 04 e2 ff ff dd 70 00 00 00 50 d2 4d d5 d8 = |.......p...P.M..| >> 06b2d550 05 ad e0 00 01 81 33 60 41 a1 e5 68 0a 00 00 00 = |......3`A..h....| >> 06b2d560 00 d2 7e 68 d2 4d d5 a0 00 8e 7e 00 20 08 10 34 = |..~h.M....~. ..4| >> [ lr ] >>=20 >> 06b2d570 00 00 00 00 00 00 00 00 00 00 00 00 00 08 10 32 = |...............2| >>=20 >> [exception] >> 06b2d580 00 00 07 00 41 a1 e5 68 0a 00 00 00 d2 4d d5 90 = |....A..h.....M..| >> 06b2d590 d2 4d d5 b0 00 56 4e 38 00 cf 51 80 05 fd 3c d0 = |.M...VN8..Q...<.| >>=20 >> 0x1008ec : isync >> 0x1008f0 : addi r3,r1,8 >> 0x1008f4 : bl 0x8e7c64 >> 0x1008f8 : mfmsr r3 >> 0x1008fc : andi. r3,r3,32767 >>=20 >> 0x8e7df0 : mfmsr r0 >> 0x8e7df4 : or r0,r0,r9 >> 0x8e7df8 : mtmsr r0 >> 0x8e7dfc : isync >> 0x8e7e00 : mr r3,r25 >> 0x8e7e04 : bl 0x8f231c >> 0x8e7e08 : lwz r11,0(r1) >>=20 >>=20 >> [stkbckptr] [ lr ] >> 06b2d4b0 d2 4d d4 e0 00 55 28 b4 d2 4d d4 c0 d2 4d d4 c0 = |.M...U(..M...M..| >>=20 >> 0x552884 : stwu r1,-32(r1) >> 0x552888 : mflr r0 >> 0x55288c : stw r28,16(r1) >> 0x552890 : stw r29,20(r1) >> 0x552894 : stw r30,24(r1) >> 0x552898 : stw r31,28(r1) >> 0x55289c : stw r0,36(r1) >> 0x5528a0 : mr r31,r1 >> 0x5528a4 : mr r28,r4 >> 0x5528a8 : mr r29,r5 >> 0x5528ac : mr r4,r5 >> 0x5528b0 : bl 0x5527ac = >> 0x5528b4 : cmpwi r3,0 >>=20 >> [stkbckptr] [ lr ] >> 06b2d3f0 d2 4d d4 b0 00 10 08 f8 00 00 07 00 d2 4d d4 b0 = |.M...........M..| >> 06b2d400 05 ad e0 00 00 00 00 00 d2 4d d4 e8 00 00 07 00 = |.........M......| >> 06b2d410 ff ff dc d8 00 00 00 00 00 00 00 00 00 f6 58 00 = |..............X.| >> 06b2d420 00 00 00 00 41 9b 13 ac 01 81 00 00 00 00 00 00 = |....A...........| >> 06b2d430 00 00 00 01 00 00 00 02 43 1b de 83 01 81 33 68 = |........C.....3h| >> 06b2d440 01 81 00 00 01 81 00 00 00 00 00 00 ff ff dd f0 = |................| >> 06b2d450 00 00 04 e2 ff ff dd 70 00 00 00 50 d2 4d d4 e8 = |.......p...P.M..| >> 06b2d460 05 ad e0 00 01 81 33 60 41 a1 e5 68 0a 00 00 00 = |......3`A..h....| >> 06b2d470 00 d2 7e 68 d2 4d d4 b0 00 8e 7e 00 20 08 10 34 = |..~h.M....~. ..4| >> [ lr ] >>=20 >> 06b2d480 00 00 00 00 00 00 00 00 00 00 00 00 00 08 10 32 = |...............2| >>=20 >> [exception] >> 06b2d490 00 00 07 00 41 a1 e5 68 0a 00 00 00 d2 4d d4 a0 = |....A..h.....M..| >> 06b2d4a0 00 fc f9 dc 00 ce 0f 8c 00 d2 80 6c d2 4d d4 b0 = |...........l.M..| >>=20 >> 0x1008ec : isync >> 0x1008f0 : addi r3,r1,8 >> 0x1008f4 : bl 0x8e7c64 >> 0x1008f8 : mfmsr r3 >> 0x1008fc : andi. r3,r3,32767 >>=20 >> 0x8e7df0 : mfmsr r0 >> 0x8e7df4 : or r0,r0,r9 >> 0x8e7df8 : mtmsr r0 >> 0x8e7dfc : isync >> 0x8e7e00 : mr r3,r25 >> 0x8e7e04 : bl 0x8f231c >> 0x8e7e08 : lwz r11,0(r1) >>=20 >>=20 >> . . . lots omitted . . . >=20 > Omitting trapframe/trapagain/powerpc_interrupt material > that continues to have "00 00 07 00" for the exception > field. The "00 8e 7e 00" lr#1's also stays the same. >=20 > [stkbckptr] [ lr ] > 06b2d3c0 d2 4d d3 f0 00 56 4e ac 00 d2 6b c0 d2 4d d3 d0 = |.M...VN...k..M..| >=20 > 0x564e9c : addi r3,r27,672 > 0x564ea0 : li r4,0 > 0x564ea4 : li r5,0 > 0x564ea8 : bl 0x51691c = <_callout_stop_safe> > 0x564eac : mr r3,r26 >=20 > [stkbckptr] [ lr ] > 06b2d300 d2 4d d3 c0 00 10 08 f8 00 00 07 00 d2 4d d3 c0 = |.M...........M..| > (trapframe and such) >=20 > [stkbckptr] [ lr ] > 06b2d2d0 d2 4d d3 00 00 00 00 00 00 d1 d5 cc d2 4d d2 e0 = |.M...........M..| >=20 > 0x0: .long 0x0 > 0x4: .long 0x0 > 0x8: .long 0x0 > 0xc: .long 0x0 > 0x10: .long 0x0 > 0x14: .long 0xffa35e50 > 0x18: .long 0xffa35ee8 > 0x1c: .long 0x0 > 0x20: .long 0x0 > 0x24: .long 0x0 > 0x28: .long 0x0 >=20 > [stkbckptr] [ lr ] > 06b2d210 d2 4d d2 d0 00 10 08 f8 00 00 07 00 d2 4d d2 d0 = |.M...........M..| > (trap frame and such) >=20 > [stkbckptr] [ lr ] > 06b2d1e0 d2 4d d2 10 00 8e a5 0c 05 ad e0 00 00 0c fc 85 = |.M..............| >=20 > 0x8ea500 : mr r31,r1 > 0x8ea504 : mr r29,r2 > 0x8ea508 : bl 0x5000c8 > 0x8ea50c : lwz r0,744(r29) >=20 > [stkbckptr] [ lr ] > 06b2d120 d2 4d d1 e0 00 10 08 f8 00 00 07 00 d2 4d d1 e0 = |.M...........M..| > (trap frame and such) >=20 > [stkbckptr] [ lr ] > 06b2d0f0 d2 4d d1 20 ff ff ff ff 05 ad e0 00 00 00 00 00 |.M. = ............| >=20 > (odd virtual lr address in lr area) >=20 > [stkbckptr] [ lr ] > 06b2d030 d2 4d d0 f0 00 10 08 f8 00 00 07 00 d2 4d d0 f0 = |.M...........M..| > (trap frame and such) >=20 > [stkbckptr] [ lr ] > 06b2d000 d2 4d d0 30 00 4c d8 94 00 fc f8 c0 00 00 00 00 = |.M.0.L..........| >=20 > 0x4cd88c <__mtx_lock_sleep+376>: mr r3,r20 > 0x4cd890 <__mtx_lock_sleep+380>: bl 0x553358 > 0x4cd894 <__mtx_lock_sleep+384>: lwz r9,16(r27) >=20 > [stkbckptr] [ lr ] > 06b2cf40 d2 4d d0 00 00 10 08 f8 00 00 07 00 d2 4d d0 00 = |.M...........M..| > (trap frame and such) >=20 > [stkbckptr] [ lr ] > 06b2cf10 d2 4d cf 40 d2 4d cf 38 00 d2 6f 20 d2 4d cf 20 = |.M.@.M.8..o .M. | >=20 > (virtual lr address points back into the threads stack) >=20 > [stkbckptr] [ lr ] > 06b2ce50 d2 4d cf 10 00 10 08 f8 00 00 07 00 d2 4d cf 10 = |.M...........M..| > (trap frame and such) >=20 > [stkbckptr] [ lr ] > 06b2ce20 d2 4d ce 50 00 8b e5 e4 00 d2 6f 20 d2 4d ce 30 = |.M.P......o .M.0| >=20 > 0x8be5d4 : mr r3,r28 > 0x8be5d8 : li r4,0 > 0x8be5dc : li r5,0 > 0x8be5e0 : bl 0x4ef784 = <_rw_runlock_cookie> > 0x8be5e4 : stw r29,40(r27) >=20 > [stkbckptr] [ lr ] > 06b2cd60 d2 4d ce 20 00 10 08 f8 00 00 07 00 d2 4d ce 20 |.M. = .........M. | > (trap frame and such) >=20 > [stkbckptr] [ lr ] > 06b2cd30 d2 4d cd 60 00 1b 8b 10 7f ff ff ff 00 00 00 04 = |.M.`............| >=20 > 0x1b8b08 : mr r10,r28 > 0x1b8b0c : bl 0x517c5c = > 0x1b8b10 : li r3,0 >=20 > [stkbckptr] [ lr ] > 06b2cc70 d2 4d cd 30 00 10 08 f8 00 00 07 00 d2 4d cd 30 = |.M.0.........M.0| > (trap frame and such) >=20 > And the next one is as was in the original > submittal: See below. >=20 >> [stkbckptr] [ lr ] >> 06b2cc40 d2 4d cc 70 00 ce 0f f8 d2 4d cc 50 d2 4d cc 50 = |.M.p.....M.P.M.P| >>=20 >> 0xce0fec : .long 0x0 >> 0xce0ff0 : .long 0xce0fec >> 0xce0ff4 : .long 0x552698 >> 0xce0ff8 : .long 0x0 >> 0xce0ffc : .long 0xce0ff8 >> 0xce1000 : .long 0x552698 >>=20 >> FYI: mmu_kextract should be tied to moea_kextract >> and moea_kextract starts at 0x008b107c . >>=20 >> FYI: >>=20 >> 0x552698 : stwu r1,-32(r1) >> 0x55269c : stw r31,24(r1) >> 0x5526a0 : mr r31,r1 >> 0x5526a4 : li r3,6 >> 0x5526a8 : lwz r11,0(r1) >> 0x5526ac : lwz r31,-8(r11) >> 0x5526b0 : mr r1,r11 >> 0x5526b4 : blr >> 0x5526b8 : .long 0x7cba74 >>=20 >>=20 >> [stkbckptr] [ lr ] >> 06b2cb80 d2 4d cc 40 00 10 08 f8 00 00 07 00 d2 4d cc 40 = |.M.@.........M.@| >> 06b2cb90 05 ad e0 00 00 00 00 00 d2 4d cc 78 00 00 07 00 = |.........M.x....| >> 06b2cba0 ff ff dc d8 00 00 00 00 00 00 00 00 00 f6 58 00 = |..............X.| >> 06b2cbb0 00 00 00 00 41 9b 13 ac 01 81 00 00 00 00 00 00 = |....A...........| >> 06b2cbc0 00 00 00 01 00 00 00 02 43 1b de 83 01 81 33 68 = |........C.....3h| >> 06b2cbd0 01 81 00 00 01 81 00 00 00 00 00 00 ff ff dd f0 = |................| >> 06b2cbe0 00 00 04 e2 ff ff dd 70 00 00 00 50 d2 4d cc 78 = |.......p...P.M.x| >> 06b2cbf0 05 ad e0 00 01 81 33 60 41 a1 e5 68 0a 00 00 00 = |......3`A..h....| >> 06b2cc00 00 d2 7e 68 d2 4d cc 40 00 8e 7e 00 20 08 10 34 = |..~h.M.@..~. ..4| >> [ lr ] >>=20 >> 06b2cc10 00 00 00 00 00 00 00 00 00 00 00 00 00 08 10 32 = |...............2| >>=20 >> [exception] >> 06b2cc20 00 00 07 00 41 a1 e5 68 0a 00 00 00 d2 4d cc 30 = |....A..h.....M.0| >> 06b2cc30 e0 be 40 00 00 d4 db 94 7f ff ff ff 00 d4 db 80 = |..@.............| >>=20 >> 0x1008ec : isync >> 0x1008f0 : addi r3,r1,8 >> 0x1008f4 : bl 0x8e7c64 >> 0x1008f8 : mfmsr r3 >> 0x1008fc : andi. r3,r3,32767 >>=20 >> 0x8e7df0 : mfmsr r0 >> 0x8e7df4 : or r0,r0,r9 >> 0x8e7df8 : mtmsr r0 >> 0x8e7dfc : isync >> 0x8e7e00 : mr r3,r25 >> 0x8e7e04 : bl 0x8f231c >> 0x8e7e08 : lwz r11,0(r1) >>=20 >>=20 >> [stkbckptr] [ lr ] >> 06b2cb50 d2 4d cb 80 00 8b 63 3c 00 d2 6b c0 d2 4d cb 60 = |.M....c<..k..M.`| >>=20 >> 0x8b6334 : addi r4,r31,24 >> 0x8b6338 : bl 0x8ed944 = >> 0x8b633c : lwz r11,0(r1) >>=20 >> [stkbckptr] [ lr ] >> 06b2ca90 d2 4d cb 50 00 10 08 f8 00 00 07 00 d2 4d cb 50 = |.M.P.........M.P| >> 06b2caa0 05 ad e0 00 00 00 00 00 d2 4d cb 88 00 00 07 00 = |.........M......| >> 06b2cab0 ff ff dc d8 00 00 00 00 00 00 00 00 00 f6 58 00 = |..............X.| >> 06b2cac0 00 00 00 00 41 9b 13 ac 01 81 00 00 00 00 00 00 = |....A...........| >> 06b2cad0 00 00 00 01 00 00 00 02 43 1b de 83 01 81 33 68 = |........C.....3h| >> 06b2cae0 01 81 00 00 01 81 00 00 00 00 00 00 ff ff dd f0 = |................| >> 06b2caf0 00 00 04 e2 ff ff dd 70 00 00 00 50 d2 4d cb 88 = |.......p...P.M..| >> 06b2cb00 05 ad e0 00 01 81 33 60 41 a1 e5 68 0a 00 00 00 = |......3`A..h....| >> 06b2cb10 00 d2 7e 68 d2 4d cb 50 00 8e 7e 00 20 08 10 34 = |..~h.M.P..~. ..4| >> [ lr ] >>=20 >> 06b2cb20 00 00 00 00 00 00 00 00 00 00 00 00 00 08 10 32 = |...............2| >>=20 >> [exception] >> 06b2cc20 00 00 07 00 41 a1 e5 68 0a 00 00 00 d2 4d cc 30 = |....A..h.....M.0| >> 06b2cb30 00 00 07 00 41 a1 e5 68 0a 00 00 00 fa 50 05 af = |....A..h.....P..| >> 06b2cb40 e0 be 10 00 00 fc fd e0 00 d2 6d 9c d2 4d cb 50 = |..........m..M.P| >>=20 >> 0x1008ec : isync >> 0x1008f0 : addi r3,r1,8 >> 0x1008f4 : bl 0x8e7c64 >> 0x1008f8 : mfmsr r3 >> 0x1008fc : andi. r3,r3,32767 >>=20 >> 0x8e7df0 : mfmsr r0 >> 0x8e7df4 : or r0,r0,r9 >> 0x8e7df8 : mtmsr r0 >> 0x8e7dfc : isync >> 0x8e7e00 : mr r3,r25 >> 0x8e7e04 : bl 0x8f231c >> 0x8e7e08 : lwz r11,0(r1) >>=20 >>=20 >> [stkbckptr] [ lr ] >> 06b2ca60 d2 4d ca 90 fa 50 05 af fa 50 05 af fa 50 05 af = |.M...P...P...P..| >>=20 >> (Unknown virtual to physical for 0xfa5005af -> ?) >> This repeats after a matching trap frame as the >> stack use grows and grows. >>=20 >> [stkbckptr] [ lr ] >> 06b2c9a0 d2 4d ca 60 00 10 08 f8 00 00 07 00 d2 4d ca 60 = |.M.`.........M.`| >> 06b2c9b0 05 ad e0 00 00 00 00 00 d2 4d ca 98 00 00 07 00 = |.........M......| >> 06b2c9c0 ff ff dc d8 00 00 00 00 00 00 00 00 00 f6 58 00 = |..............X.| >> 06b2c9d0 00 00 00 00 41 9b 13 ac 01 81 00 00 00 00 00 00 = |....A...........| >> 06b2c9e0 00 00 00 01 00 00 00 02 43 1b de 83 01 81 33 68 = |........C.....3h| >> 06b2c9f0 01 81 00 00 01 81 00 00 00 00 00 00 ff ff dd f0 = |................| >> 06b2ca00 00 00 04 e2 ff ff dd 70 00 00 00 50 d2 4d ca 98 = |.......p...P.M..| >> 06b2ca10 05 ad e0 00 01 81 33 60 41 a1 e5 68 0a 00 00 00 = |......3`A..h....| >> 06b2ca20 00 d2 7e 68 d2 4d ca 60 00 8e 7e 00 20 08 10 34 = |..~h.M.`..~. ..4| >> [ lr ] >>=20 >> 06b2ca30 00 00 00 00 00 00 00 00 00 00 00 00 00 08 10 32 = |...............2| >>=20 >> [exception] >> 06b2ca40 00 00 07 00 41 a1 e5 68 0a 00 00 00 fa 50 05 af = |....A..h.....P..| >> 06b2ca50 fa 50 05 af fa 50 05 af fa 50 05 af fa 50 05 af = |.P...P...P...P..| >>=20 >> 0x1008ec : isync >> 0x1008f0 : addi r3,r1,8 >> 0x1008f4 : bl 0x8e7c64 >> 0x1008f8 : mfmsr r3 >> 0x1008fc : andi. r3,r3,32767 >>=20 >> 0x8e7df0 : mfmsr r0 >> 0x8e7df4 : or r0,r0,r9 >> 0x8e7df8 : mtmsr r0 >> 0x8e7dfc : isync >> 0x8e7e00 : mr r3,r25 >> 0x8e7e04 : bl 0x8f231c >> 0x8e7e08 : lwz r11,0(r1) >>=20 >>=20 >> . . . lots omitted repeating the lr being: fa 50 05 af >> then powerpc_interrupt being used via trapagain . . . >>=20 >> [stkbckptr] [ lr ] >> 06b2a120 d2 4d a1 50 fa 50 05 af fa 50 05 af fa 50 05 af = |.M.P.P...P...P..| >>=20 >> (Unknown virtual to physical for 0xf15005af -> ?) >>=20 >> [stkbckptr] [ lr ] >> 06b2a060 d2 4d a1 20 00 10 08 f8 00 00 07 00 d2 4d a1 20 |.M. = .........M. | >> 06b2a070 05 ad e0 00 00 00 00 00 d2 4d a1 58 00 00 07 00 = |.........M.X....| >> 06b2a080 ff ff dc d8 00 00 00 00 00 00 00 00 00 f6 58 00 = |..............X.| >> 06b2a090 00 00 00 00 41 9b 13 ac 01 81 00 00 00 00 00 00 = |....A...........| >> 06b2a0a0 00 00 00 01 00 00 00 02 43 1b de 83 01 81 33 68 = |........C.....3h| >> 06b2a0b0 01 81 00 00 01 81 00 00 00 00 00 00 ff ff dd f0 = |................| >> 06b2a0c0 00 00 04 e2 ff ff dd 70 00 00 00 50 d2 4d a1 58 = |.......p...P.M.X| >> 06b2a0d0 05 ad e0 00 01 81 33 60 41 a1 e5 68 0a 00 00 00 = |......3`A..h....| >> 06b2a0e0 00 d2 7e 68 d2 4d a1 20 00 8e 7e 00 20 08 10 34 |..~h.M. = ..~. ..4| >> [ lr ] >>=20 >> 06b2a0f0 00 00 00 00 00 00 00 00 00 00 00 00 00 08 10 32 = |...............2| >>=20 >> [exception] >> 06b2a100 00 00 07 00 41 a1 e5 68 0a 00 00 00 fa 50 05 af = |....A..h.....P..| >> 06b2a110 fa 50 05 af fa 50 05 af fa 50 05 af fa 50 05 af = |.P...P...P...P..| >>=20 >> 0x1008ec : isync >> 0x1008f0 : addi r3,r1,8 >> 0x1008f4 : bl 0x8e7c64 >> 0x1008f8 : mfmsr r3 >> 0x1008fc : andi. r3,r3,32767 >>=20 >> 0x8e7df0 : mfmsr r0 >> 0x8e7df4 : or r0,r0,r9 >> 0x8e7df8 : mtmsr r0 >> 0x8e7dfc : isync >> 0x8e7e00 : mr r3,r25 >> 0x8e7e04 : bl 0x8f231c >> 0x8e7e08 : lwz r11,0(r1) >>=20 >>=20 >> [stkbckptr] [ lr ] >> 06b2a030 d2 4d a0 60 fa 50 05 af fa 50 05 af fa 50 05 af = |.M.`.P...P...P..| >>=20 >> (Unknown virtual to physical for 0xf15005af -> ?) >>=20 >> Then tmpstk ends up with: >>=20 >> [stkbckptr] [ lr ] >> 00c78f40 d2 4d a0 30 00 10 0c 54 00 00 07 00 d2 4d a0 30 = |.M.0...T.....M.0| >> 00c78f50 05 ad e0 00 00 00 00 00 d2 4d a0 68 00 00 07 00 = |.........M.h....| >> 00c78f60 ff ff dc d8 00 00 00 00 00 00 00 00 00 f6 58 00 = |..............X.| >> 00c78f70 00 00 00 00 41 9b 13 ac 01 81 00 00 00 00 00 00 = |....A...........| >> 00c78f80 00 00 00 01 00 00 00 02 43 1b de 83 01 81 33 68 = |........C.....3h| >> 00c78f90 01 81 00 00 01 81 00 00 00 00 00 00 ff ff dd f0 = |................| >> 00c78fa0 00 00 04 e2 ff ff dd 70 00 00 00 50 d2 4d a0 68 = |.......p...P.M.h| >> 00c78fb0 05 ad e0 00 01 81 33 60 00 8e 7e 00 20 08 10 34 = |......3`..~. ..4| >> 00c78fc0 00 00 10 32 d2 4d a0 30 00 8e 7e 00 00 08 10 32 = |...2.M.0..~....2| >> [ lr ] >>=20 >> 00c78fd0 00 00 00 00 00 00 00 00 00 10 07 fc 00 00 10 32 = |...............2| 00c78fd0 00 00 00 00 00 00 00 00 00 10 07 fc 00 00 10 32 = |...............2| [ srr0 ] 0x1007d4 : mfsprg r31,0 0x1007d8 : mfsrr0 r30 0x1007dc : stw r30,168(r31) 0x1007e0 : mfsrr1 r30 0x1007e4 : stw r30,172(r31) 0x1007e8 : mfmsr r30 0x1007ec : ori r30,r30,50 0x1007f0 : mtmsr r30 0x1007f4 : isync 0x1007f8 : mfsprg r31,1 0x1007fc : stwu r31,-192(r1) 0x100800 : stw r0,8(r1) >> [exception] >> 00c78fe0 00 00 03 00 d2 4d 9f 70 42 00 00 00 01 c4 4f 00 = |.....M.pB.....O.| >> 00c78ff0 00 00 00 00 00 10 01 40 00 00 00 00 00 00 00 00 = |.......@........| >>=20 >> 0x100c20 : mfxer r3 >> 0x100c24 : mfctr r4 >> 0x100c28 : mfsprg r5,3 >> 0x100c2c : stw r3,144(r1) >> 0x100c30 : stw r4,148(r1) >> 0x100c34 : stw r5,160(r1) >> 0x100c38 : stw r28,164(r1) >> 0x100c3c : stw r29,168(r1) >> 0x100c40 : stw r30,152(r1) >> 0x100c44 : stw r31,156(r1) >> 0x100c48 : lwz r2,0(r2) >> 0x100c4c : addi r3,r1,8 >> 0x100c50 : bl 0x8f1cdc >> 0x100c54 : mr. r3,r3 >> 0x100c58 : bne- 0x100e3c >> 0x100c5c : lwz r3,160(r1) >>=20 >> 0x8e7df0 : mfmsr r0 >> 0x8e7df4 : or r0,r0,r9 >> 0x8e7df8 : mtmsr r0 >> 0x8e7dfc : isync >> 0x8e7e00 : mr r3,r25 >> 0x8e7e04 : bl 0x8f231c >> 0x8e7e08 : lwz r11,0(r1) >>=20 >>=20 >> Before the db> prompt it reports: >>=20 >> [ thread pid 960 tid 100110 ] >> Stopped at k_trap+0x28: stuw r31,-0xc0(r1) >>=20 >> where (0x28=3D40 decimal): >>=20 >> 0x001007d4 : mfsprg r31,0 >> 0x001007d8 : mfsrr0 r30 >> 0x001007dc : stw r30,168(r31) >> 0x001007e0 : mfsrr1 r30 >> 0x001007e4 : stw r30,172(r31) >> 0x001007e8 : mfmsr r30 >> 0x001007ec : ori r30,r30,50 >> 0x001007f0 : mtmsr r30 >> 0x001007f4 : isync >> 0x001007f8 : mfsprg r31,1 >> 0x001007fc : stwu r31,-192(r1) >> 0x00100800 : stw r0,8(r1) >> 0x00100804 : stw r31,12(r1) >>=20 >> (-192 decimal =3D -0xc0) >>=20 >> r1 reported as: 0xd24da030 . >>=20 >> dar reported as: 0xd24d9f70 . >> (0xd24da030 - 0xc0 =3D0xd24d9f70) >> So out of range for the thread's stack: >> pid 960 tid 100110 "powerpd" with=20 >> stack 0xd24da000-0xd24ddfff (virtual). =3D=3D=3D Mark Millard markmi at dsl-only.net