head -r320482 vs. TARGET_ARCH=powerpc production style kernel: jumps to non-code and traps (involves ->sol_upcall pointing to ->so_rdsel) bugzilla 220404
Mark Millard
markmi at dsl-only.net
Sat Jul 1 01:50:44 UTC 2017
[It looks like the 2 anonymous structs
in the union in the new "struct socket"
are being abused such that the ->sol_upcall
from the 2nd struct is being access when it
has a value that was apparently assigned
via ->so_rcv->sb_sel . Details follow,
added to prior notes that I sent out.
I've submitted bugzilla 220404 for this.
The new detailed material is interlaced
with earlier material that I'd sent out.]
On 2017-Jun-30, at 2:07 AM, Mark Millard <markmi at dsl-only.net> wrote:
> The -r320482 kernel build is via gcc 4.2.1.
> Both gcc 4.2.1 and clang based worlds show
> the same problems. TARGET_ARCH=powerpc64
> is not showing the problems.
>
> The production kernel build fails
> but the debug works --each built
> from the same /usr/src/ tree.
>
> I'll note what a normal boot does
> before getting to the login prompt but
> after "Starting nfsd." ("Updating motd:"
> can be mixed in the trap text: not shown
> below.)
>
> I use an example and note a lot about what
> varies and what stays the same from example
> boot to example boot of the production
> kernel.
>
> [Manually entered from camera pictures
> of the screen.]
>
> fatal kernel trap
> exception = 0x700 (program) (for "illegal instruction")
> srr0 = 0x70bf878 (note: this varies, for example: 0x5e37230)
> (note: r0 always matches srr0)
> (note: ctr always matches srr0)
> srr1 = 0x89032 (stays the same)
> lr = 0x5b7b94 (note: solisten_wakeup+0x4c) (stays the same)
> curthread = 0x5ab8ae0 (varies)
> pid = 920 (varies), comm = mountd (stays the same)
>
> Tracing command mountd pid 920 tid 100119 (varies) td 0x5ab8ae0 (varies)(CPU 1)
> (stack addr
> range varies)
> 0xd250a500: at soisconnected+0x21c (at stays the same)
> 0xd250a540: at unp_connect2+0xf0 (at stays the same)
> 0xd250a560: at unp_connectat+0x658 (at stays the same)
> 0xd250a770: at unp_connect+0x2c (at stays the same)
> 0xd250a790: at uipc_connect+0xc0 (at stays the same)
> 0xd250a7d0: at soconnectat+0xa0 (at stays the same)
> 0xd250a800: at soconnect+0x2c (at stays the same)
> 0xd250a820: at kern_connect+0134 (at stays the same)
> 0xd250a870: at sys_connect+0x64 (at stays the same)
> 0xd250a8b0: at trap+0x638 (at stays the same)
> 0xd250aa50: at powerpc_interrupt+0x1a0 (at stays the same)
> 0xd250aa80: at user SC trap (at stays the same)
> by 0x419db168 (stays the same)
> srr1=0xf032 (stays the same)
> r1 =0xffffd5e0 (stays the same)
> cr =0x24440840 (stays the same)
> xer =0x20000000 (stays the same)
> ctr =0x419db160 (stays the same)
(these are
objdump
reported
addresses)
> 005b7b48 <solisten_wakeup> stwu r1,-32(r1)
> 005b7b4c <solisten_wakeup+0x4> mflr r0
> 005b7b50 <solisten_wakeup+0x8> stw r29,20(r1)
> 005b7b54 <solisten_wakeup+0xc> stw r30,24(r1)
> 005b7b58 <solisten_wakeup+0x10> stw r31,28(r1)
> 005b7b5c <solisten_wakeup+0x14> stw r0,36(r1)
> 005b7b60 <solisten_wakeup+0x18> mr r31,r1
> 005b7b64 <solisten_wakeup+0x1c> bcl- 20,4*cr7+so,005b7b68 <solisten_wakeup+0x20>
> 005b7b68 <solisten_wakeup+0x20> mflr r30
> 005b7b6c <solisten_wakeup+0x24> lwz r0,-36(r30)
> 005b7b70 <solisten_wakeup+0x28> add r30,r0,r30
> 005b7b74 <solisten_wakeup+0x2c> mr r29,r3
> 005b7b78 <solisten_wakeup+0x30> lwz r0,232(r3)
> 005b7b7c <solisten_wakeup+0x34> cmpwi cr7,r0,0
> 005b7b80 <solisten_wakeup+0x38> beq- cr7,005b7b98 <solisten_wakeup+0x50>
> 005b7b84 <solisten_wakeup+0x3c> lwz r4,236(r3)
> 005b7b88 <solisten_wakeup+0x40> li r5,1
> 005b7b8c <solisten_wakeup+0x44> mtctr r0
> 005b7b90 <solisten_wakeup+0x48> bctrl
> lr:
> 005b7b94 <solisten_wakeup+0x4c> b 005b7bb4 <solisten_wakeup+0x6c>
> . . .
>
> Apparently this means that sol->sol_upcall is not
> pointing to code at all yet is not null. Given the
> variability observed, it might be uninitialized
> --or sol itself is junk. . .
Note: r3 reported as: 0x70bf860
void
solisten_wakeup(struct socket *sol)
{
if (sol->sol_upcall != NULL)
(void )sol->sol_upcall(sol, sol->sol_upcallarg, M_NOWAIT);
else {
selwakeuppri(&sol->so_rdsel, PSOCK);
KNOTE_LOCKED(&sol->so_rdsel.si_note, 0);
}
SOLISTEN_UNLOCK(sol);
wakeup_one(&sol->sol_comp);
}
(kgdb) print/x &((struct socket*)0x70bf860)->sol_upcall
$3 = 0x70bf948
(kgdb) print/x ((struct socket*)0x70bf860)->sol_upcall
$2 = 0x70bf878
(kgdb) print/x &((struct socket*)0x70bf860)->so_rdsel
$7 = 0x70bf878
(kgdb) print/x &((struct socket*)0x70bf860)->so_rdsel.si_tdlist
$8 = 0x70bf878
(kgdb) print/x &((struct socket*)0x70bf860)->so_rdsel.si_tdlist.tqh_first
$9 = 0x70bf878
But comparing to the first anonymous struct in
the union in the new "struct socket":
(kgdb) print/x &((struct socket*)0x70bf860)->sol_upcall
$15 = 0x70bf948
(kgdb) print/x &((struct socket*)0x70bf860)->so_rcv->sb_sel
$22 = 0x70bf948
->so_rcv is a struct sockbuf and ->so_rcv->sb_sel
is a struct slinfo* .
So pointing back to ->so_rdsel might well make sense.
The rest is just supporting notes from things that I
looked at before isolating the above relationship.
(these are
kgdb reported
addresses, not
vmcore.5 file
offsets)
0x70bf860: 0x00c4a0b4 0x01430000 0x00000000 0x00000000
. . .
0x70bf940: 0x00000000 0x00000000 0x070bf878 0x00000000
but:
0x70bf870: 0x05ab8ae0 0x00000002 0x07271f80 0x07271f84
(kgdb) print/x *((struct socket*)0x70bf860)
$4 = {so_lock = {lock_object = {lo_name = 0xc4a0b4, lo_flags = 0x1430000, lo_data = 0x0, lo_witness = 0x0}, mtx_lock = 0x5ab8ae0}, so_count = 0x2, so_rdsel = {si_tdlist = {tqh_first = 0x7271f80,
tqh_last = 0x7271f84}, si_note = {kl_list = {slh_first = 0x0}, kl_lock = 0x5b6e84, kl_unlock = 0x5b6c64, kl_assert_locked = 0x5b65d4, kl_assert_unlocked = 0x5b65f0, kl_lockarg = 0x70bf860,
kl_autodestroy = 0x0}, si_mtx = 0x5ab01f0}, so_wrsel = {si_tdlist = {tqh_first = 0x0, tqh_last = 0x0}, si_note = {kl_list = {slh_first = 0x0}, kl_lock = 0x5b6d64, kl_unlock = 0x5b6b64,
kl_assert_locked = 0x5b660c, kl_assert_unlocked = 0x5b6628, kl_lockarg = 0x70bf860, kl_autodestroy = 0x0}, si_mtx = 0x0}, so_type = 0x1, so_options = 0x2, so_linger = 0x0, so_state = 0x0,
so_pcb = 0x70b08a0, so_vnet = 0x0, so_proto = 0xd03060, so_timeo = 0x0, so_error = 0x0, so_sigio = 0x0, so_cred = 0x5b2e600, so_label = 0x0, so_gencnt = 0x1285, so_emuldata = 0x0, osd = {
osd_nslots = 0x0, osd_slots = 0x0, osd_next = {le_next = 0x0, le_prev = 0x0}}, so_fibnum = 0x0, so_user_cookie = 0x0, so_ts_clock = 0x0, so_max_pacing_rate = 0x0, {{so_rcv = {sb_mtx = {
lock_object = {lo_name = 0x0, lo_flags = 0x70bf920, lo_data = 0x5d17860, lo_witness = 0x5d17a60}, mtx_lock = 0x1}, sb_sx = {lock_object = {lo_name = 0x0, lo_flags = 0x80, lo_data = 0x0,
lo_witness = 0x0}, sx_lock = 0x0}, sb_sel = 0x70bf878, sb_state = 0x0, sb_mb = 0x1, sb_mbtail = 0x800, sb_lastrecord = 0x2000, sb_sndptr = 0x2000, sb_fnrdy = 0x0, sb_sndptroff = 0x0,
sb_acc = 0x0, sb_ccc = 0x0, sb_hiwat = 0x0, sb_mbcnt = 0x0, sb_mcnt = 0x0, sb_ccnt = 0x0, sb_mbmax = 0x0, sb_ctl = 0x0, sb_lowat = 0x1, sb_timeo = 0x0, sb_flags = 0x0, sb_upcall = 0x0,
sb_upcallarg = 0x0, sb_aiojobq = {tqh_first = 0x0, tqh_last = 0x70bf9a4}, sb_aiotask = {ta_link = {stqe_next = 0x0}, ta_pending = 0x0, ta_priority = 0x0, ta_func = 0x58eeb4,
ta_context = 0x70bf860}}, so_snd = {sb_mtx = {lock_object = {lo_name = 0xc588cc, lo_flags = 0x1020000, lo_data = 0x0, lo_witness = 0x0}, mtx_lock = 0x6}, sb_sx = {lock_object = {
lo_name = 0xc58efc, lo_flags = 0x2320000, lo_data = 0x0, lo_witness = 0x0}, sx_lock = 0x6}, sb_sel = 0x70bf8a0, sb_state = 0x0, sb_mb = 0x0, sb_mbtail = 0x0, sb_lastrecord = 0x0,
sb_sndptr = 0x0, sb_fnrdy = 0x0, sb_sndptroff = 0x0, sb_acc = 0x0, sb_ccc = 0x0, sb_hiwat = 0x0, sb_mbcnt = 0x0, sb_mcnt = 0x0, sb_ccnt = 0x0, sb_mbmax = 0x0, sb_ctl = 0x0, sb_lowat = 0x800,
sb_timeo = 0x0, sb_flags = 0x0, sb_upcall = 0x0, sb_upcallarg = 0x0, sb_aiojobq = {tqh_first = 0x0, tqh_last = 0x70bfa44}, sb_aiotask = {ta_link = {stqe_next = 0x0}, ta_pending = 0x0,
ta_priority = 0x0, ta_func = 0x58ee80, ta_context = 0x70bf860}}, so_list = {tqe_next = 0x0, tqe_prev = 0x0}, so_listen = 0x0, so_qstate = 0x0, so_peerlabel = 0x0, so_oobmark = 0x0}, {
sol_incomp = {tqh_first = 0x0, tqh_last = 0x70bf920}, sol_comp = {tqh_first = 0x5d17860, tqh_last = 0x5d17a60}, sol_qlen = 0x1, sol_incqlen = 0x0, sol_qlimit = 0x80, sol_accept_filter = 0x0,
sol_accept_filter_arg = 0x0, sol_accept_filter_str = 0x0, sol_upcall = 0x70bf878, sol_upcallarg = 0x0, sol_sbrcv_lowat = 0x1, sol_sbsnd_lowat = 0x800, sol_sbrcv_hiwat = 0x2000,
sol_sbsnd_hiwat = 0x2000, sol_sbrcv_flags = 0x0, sol_sbsnd_flags = 0x0, sol_sbrcv_timeo = 0x0, sol_sbsnd_timeo = 0x0}}}
For lo_name in sb_sx's lock_object:
(kgdb) x/64c 0xc58ef0
0xc58ef0 <.rodata.str1.4+376864>: 116 't' 109 'm' 99 'c' 111 'o' 112 'p' 121 'y' 105 'i' 110 'n'
0xc58ef8 <.rodata.str1.4+376872>: 0 '\0' 0 '\0' 0 '\0' 0 '\0' 115 's' 111 'o' 95 '_' 115 's'
0xc58f00 <.rodata.str1.4+376880>: 110 'n' 100 'd' 95 '_' 115 's' 120 'x' 0 '\0' 0 '\0' 0 '\0'
which looks coherent to me: so_snd_sx
For ta_func in sb_aiotask:
(kgdb) x/64i 0x58ee80
0x58ee80 <soaio_snd>: stwu r1,-32(r1)
. . .
Looks coherent to me.
But sol_upcall does not.
>
>
> 005b8548 <soisconnected+0x1f8> li r10,1
> 005b854c <soisconnected+0x1fc> b 005b8558 <soisconnected+0x208>
> 005b8550 <soisconnected+0x200> stwcx. r10,0,r9
> 005b8554 <soisconnected+0x204> li r10,0
> 005b8558 <soisconnected+0x208> cmpwi cr7,r10,0
> 005b855c <soisconnected+0x20c> bne- cr7,005b8568 <soisconnected+0x218>
> 005b8560 <soisconnected+0x210> addi r3,r28,16
> 005b8564 <soisconnected+0x214> bl 004d4218 <__mtx_unlock_sleep>
> 005b8568 <soisconnected+0x218> mr r3,r27
> at soisconnected+0x21c:
> 005b856c <soisconnected+0x21c> bl 005b7b48 <solisten_wakeup>
> 005b8570 <soisconnected+0x220> b 005b89f0 <soisconnected+0x6a0>
> . . .
>
> void
> soisconnected(struct socket *so)
> {
> struct socket *head;
> . . .
> restart:
> SOCK_LOCK(so);
> if ((head = so->so_listen) != NULL &&
> __predict_false(SOLISTEN_TRYLOCK(head) == 0)) {
> SOCK_UNLOCK(so);
> goto restart;
> }
> so->so_state &= ~(SS_ISCONNECTING|SS_ISDISCONNECTING|SS_ISCONFIRMING);
> so->so_state |= SS_ISCONNECTED;
> if (head != NULL && (so->so_qstate == SQ_INCOMP)) {
> again:
> if ((so->so_options & SO_ACCEPTFILTER) == 0) {
> TAILQ_REMOVE(&head->sol_incomp, so, so_list);
> head->sol_incqlen--;
> TAILQ_INSERT_TAIL(&head->sol_comp, so, so_list);
> head->sol_qlen++;
> so->so_qstate = SQ_COMP;
> SOCK_UNLOCK(so);
> solisten_wakeup(head); /* unlocks */
> . . .
Exception and its struct trapframe:
(these are
vmcore file
offsets:
subtract
0x1000 to
get
address)
[ lr#0 ]: inside dbtrap
00c83f40 d2 50 a4 e0 00 10 0c 54 07 0b f8 78 d2 50 a4 e0 |.P.....T...x.P..|
00c83f50 05 ab 8a e0 07 0b f8 60 00 00 00 00 00 00 00 01 |.......`........|
[ r3 ]
00c83f60 00 00 00 00 00 00 00 01 00 00 00 00 05 d1 78 70 |..............xp|
00c83f70 00 00 00 01 05 ab 8a e0 00 00 00 00 00 00 00 00 |................|
00c83f80 01 81 00 00 01 82 00 00 00 00 00 00 01 82 00 00 |................|
00c83f90 01 82 00 00 00 03 8d 6c 00 03 8d 6c 00 00 00 00 |.......l...l....|
00c83fa0 ff ff d7 58 00 00 00 00 00 d1 1a 84 00 d1 1a 84 |...X............|
00c83fb0 d2 50 a5 1c 07 0b f8 60 05 d1 78 60 07 0b f8 60 |.P.....`..x`...`|
[ r28 ]
00c83fc0 00 d2 aa a0 d2 50 a4 e0 00 5b 7b 94 20 00 f0 44 |.....P...[{. ..D|
[ lr#1 ]: solisten_wakeup+0x4c
00c83fd0 00 00 00 00 07 0b f8 78 07 0b f8 78 00 08 90 32 |.......x...x...2|
[ srr0 ]
[exception]
00c83fe0 00 00 07 00 00 00 00 00 00 00 00 00 01 c4 5f 00 |.............._.|
00c83ff0 00 00 00 00 00 10 01 40 00 00 00 00 00 00 00 00 |....... at ........|
solisten_wakeup+0x4c's related stack frame:
0b4004e0 d2 50 a5 00 00 50 8d f8 00 d2 b0 60 00 00 00 04 |.P...P.....`....|
0b4004f0 05 d1 7a 78 05 d1 79 30 00 d2 aa a0 d2 50 a5 00 |..zx..y0.....P..|
0xd250a500: at soisconnected+0x21c (at stays the same)
0b400500 d2 50 a5 40 00 5b 85 70 00 d2 aa a0 d2 50 a5 10 |.P. at .[.p.....P..|
0b400510 d2 50 a5 60 00 5b d0 d8 00 d2 ab 90 00 00 00 04 |.P.`.[..........|
0b400520 05 d1 78 60 05 ab 8a e0 07 25 94 80 05 d1 7a 78 |..x`.....%....zx|
0b400530 07 0b 7a 10 05 d1 78 60 00 d2 ab 90 d2 50 a5 40 |..z...x`.....P.@|
0xd250a540: at unp_connect2+0xf0 (at stays the same)
0b400540 d2 50 a5 60 00 5c 38 34 07 25 94 80 05 d1 7a 78 |.P.`.\84.%....zx|
0b400550 07 0b 7a 10 07 0b 79 58 00 d2 ab 90 d2 50 a5 60 |..z...yX.....P.`|
"so" first then "so2" second, with so2 failing:
0x005c3824 <unp_connect2+228>: mr r3,r8
0x005c3828 <unp_connect2+232>: bl 0x5b8350 <soisconnected>
0x005c382c <unp_connect2+236>: mr r3,r29
0x005c3830 <unp_connect2+240>: bl 0x5b8350 <soisconnected>
0x005c3834 <unp_connect2+244>: li r3,0
static int
unp_connect2(struct socket *so, struct socket *so2, int req)
. . .
case SOCK_STREAM:
case SOCK_SEQPACKET:
unp2->unp_conn = unp;
if (req == PRU_CONNECT &&
((unp->unp_flags | unp2->unp_flags) & UNP_CONNWAIT))
soisconnecting(so);
else
soisconnected(so);
soisconnected(so2);
break;
. . .
0xd250a560: at unp_connectat+0x658 (at stays the same)
0b400560 d2 50 a7 70 00 5c 3e c4 05 ab 8a e0 00 fd c1 c0 |.P.p.\>.........|
0b400570 d2 50 a6 3d 00 00 00 01 02 00 01 00 00 00 04 00 |.P.=............|
0b400580 04 00 00 00 00 00 00 00 00 00 00 00 05 a3 7c 60 |..............|`|
0b400590 00 00 00 00 ff ff ff 9c 00 00 00 00 00 fd c1 c0 |................|
0b4005a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
0b4005b0 00 00 00 00 ff ff 00 00 00 00 00 00 00 00 00 00 |................|
0b4005c0 07 25 94 80 05 a3 72 40 00 00 00 01 05 b2 10 15 |.%....r at ........|
0b4005d0 00 00 00 00 00 8c 05 bc 00 00 00 00 44 eb 41 81 |............D.A.|
0b4005e0 00 00 00 00 00 00 c1 44 05 ab 8a e0 05 b2 e6 00 |.......D........|
0b4005f0 00 20 00 00 05 b2 10 00 05 b2 10 09 00 00 00 0c |. ..............|
0b400600 00 00 00 00 d2 50 a6 00 00 d3 23 bc 00 ce eb 40 |.....P....#....@|
0b400610 07 25 94 80 d2 50 a6 38 05 b2 e6 00 05 ab 8a e0 |.%...P.8........|
0b400620 02 00 01 00 00 00 04 00 04 00 00 00 00 00 00 00 |................|
0b400630 05 c9 91 ec 00 00 00 04 07 0b 79 58 d2 2f 76 61 |..........yX./va|
0b400640 72 2f 72 75 6e 2f 72 70 63 62 69 6e 64 2e 73 6f |r/run/rpcbind.so|
0b400650 63 6b 00 70 00 00 00 05 00 00 00 00 00 00 00 10 |ck.p............|
0b400660 05 d8 c4 80 d0 21 56 d4 00 d3 23 bc 00 00 00 04 |.....!V...#.....|
0b400670 d2 50 a6 a0 40 00 f0 34 00 d1 1a 84 00 f5 0d 00 |.P.. at ..4........|
0b400680 00 f5 0d 00 00 d1 1a 84 05 c9 91 ec 00 00 00 08 |................|
0b400690 41 99 00 00 05 c2 49 d8 41 98 80 00 41 98 c0 00 |A.....I.A...A...|
0b4006a0 00 00 00 07 00 00 00 05 d0 21 57 c8 41 99 00 00 |.........!W.A...|
0b4006b0 05 c9 91 ec 00 fd c1 c0 00 d3 36 8c d2 50 a6 c0 |..........6..P..|
0b4006c0 d2 50 a6 e0 00 8c 74 c0 05 c9 91 38 00 00 00 04 |.P....t....8....|
0b4006d0 d2 50 a6 f0 00 fd c1 c0 d2 50 a6 e0 d2 50 a6 e0 |.P.......P...P..|
0b4006e0 d2 50 a7 10 00 8f a0 94 d2 50 a6 f0 d2 50 a6 f0 |.P.......P...P..|
0b4006f0 d2 50 a7 10 00 00 00 00 00 00 01 21 00 00 00 41 |.P.........!...A|
0b400700 00 00 00 06 05 be e4 c0 00 d2 ab 64 d2 50 a7 10 |...........d.P..|
0b400710 d2 50 a7 80 00 48 f2 70 00 d3 11 94 d2 50 a7 20 |.P...H.p.....P. |
0b400720 d2 50 a7 40 00 87 1c 04 02 00 07 ff ff ff ff ff |.P. at ............|
0b400730 04 00 00 00 00 1f ff ff 00 d3 10 54 68 a4 aa 22 |...........Th.."|
0b400740 d2 50 a7 60 00 87 1c 40 00 00 00 00 05 ab 8a e0 |.P.`... at ........|
0b400750 05 ab 8a e0 ff ff ff 9c 05 ab 8a e0 05 ab 8a e0 |................|
0b400760 05 b1 54 20 05 d1 7a 78 00 d2 ab 90 d2 50 a7 70 |..T ..zx.....P.p|
The unp_connectat context is more complicated so I stop
quoting code here.
0xd250a770: at unp_connect+0x2c (at stays the same)
0b400770 d2 50 a7 90 00 5c 41 c8 00 d2 ab 64 d2 50 a7 80 |.P...\A....d.P..|
0b400780 d2 50 a7 e0 00 48 f5 e0 d2 50 a7 90 00 00 00 00 |.P...H...P......|
0xd250a790: at uipc_connect+0xc0 (at stays the same)
0b400790 d2 50 a7 d0 00 5c 7b cc 00 00 00 06 05 be e4 c0 |.P...\{.........|
0b4007a0 d2 50 a8 10 00 86 32 e8 20 00 f0 38 00 00 00 01 |.P....2. ..8....|
0b4007b0 00 03 8d 6c 00 00 00 00 ff ff d7 58 05 b1 54 20 |...l.......X..T |
0b4007c0 ff ff ff 9c 05 d1 7a 78 00 d2 ab 64 d2 50 a7 d0 |......zx...d.P..|
0xd250a7d0: at soconnectat+0xa0 (at stays the same)
0b4007d0 d2 50 a8 00 00 5b 61 68 00 d2 ab 64 d2 50 a7 e0 |.P...[ah...d.P..|
0b4007e0 d2 50 a8 20 00 5b ff 64 05 b1 54 20 05 ab 8a e0 |.P. .[.d..T ....|
0b4007f0 00 00 00 00 05 d1 7a 78 00 d2 ab 64 d2 50 a8 00 |......zx...d.P..|
0xd250a800: at soconnect+0x2c (at stays the same)
0b400800 d2 50 a8 20 00 5b 61 f4 05 b1 54 20 05 ab 8a e0 |.P. .[a...T ....|
0b400810 00 00 00 25 05 d1 7a 78 d2 50 a8 20 d2 50 a8 20 |...%..zx.P. .P. |
0xd250a820: at kern_connect+0134 (at stays the same)
0b400820 d2 50 a8 70 00 5c 19 14 ff ff d7 68 00 00 00 16 |.P.p.\.....h....|
0b400830 00 00 00 17 05 b1 54 20 02 00 00 00 80 00 00 00 |......T ........|
0b400840 04 00 00 00 00 00 00 00 41 98 c0 00 05 be e4 c0 |........A.......|
0b400850 05 ab 8a e0 00 00 00 00 d2 50 aa 88 05 ab 8a e0 |.........P......|
0b400860 00 00 00 00 05 ab 8d 78 00 d2 ab 64 d2 50 a8 70 |.......x...d.P.p|
0xd250a870: at sys_connect+0x64 (at stays the same)
0b400870 d2 50 a8 b0 00 5c 1c 58 d2 50 aa 88 00 00 04 00 |.P...\.X.P......|
0b400880 00 00 00 01 d2 50 aa 88 00 00 00 80 05 b1 54 20 |.....P........T |
0b400890 d2 50 a8 b0 00 8f c3 b0 d2 50 aa 88 00 00 00 00 |.P.......P......|
0b4008a0 05 ab 8d 70 05 d9 5a b0 00 d3 37 e8 d2 50 a8 b0 |...p..Z...7..P..|
0xd250a8b0: at trap+0x638 (at stays the same)
0b4008b0 d2 50 aa 50 00 8f cc 3c 5a 2e a6 14 b1 ae c2 60 |.P.P...<Z......`|
0b4008c0 00 00 00 00 05 ab 8a e0 00 d2 8e 28 d2 50 a8 d0 |...........(.P..|
0b4008d0 d2 50 a8 f0 00 8f 47 e0 05 b9 a4 00 00 00 00 00 |.P....G.........|
0b4008e0 00 00 00 01 05 ab 8a e0 00 d2 8e 28 d2 50 a8 f0 |...........(.P..|
0b4008f0 d2 50 a9 10 00 51 09 b0 00 00 00 00 00 00 00 00 |.P...Q..........|
0b400900 c2 b6 68 a7 df 5d 0d 00 00 d3 21 38 d2 50 a9 10 |..h..]....!8.P..|
0b400910 d2 50 a9 30 00 49 88 38 00 00 00 00 00 00 00 00 |.P.0.I.8........|
0b400920 d2 50 a9 40 00 00 00 00 d2 50 a9 30 00 00 00 00 |.P. at .....P.0....|
0b400930 d2 50 a9 60 05 ab 8a e0 00 d3 21 38 d2 50 a9 40 |.P.`......!8.P.@|
0b400940 d2 50 a9 60 00 8f 47 e0 05 ab 8a e0 00 00 00 14 |.P.`..G.........|
0b400950 c2 b6 68 a7 df 5d 0d 00 00 d3 21 38 d2 50 a9 60 |..h..]....!8.P.`|
0b400960 d2 50 a9 b0 00 8b 57 18 d2 50 a9 70 00 00 00 00 |.P....W..P.p....|
0b400970 d2 50 a9 b0 00 00 00 00 00 00 00 00 00 00 00 04 |.P..............|
0b400980 00 00 00 00 00 00 00 00 ff ff d7 58 00 01 86 a0 |...........X....|
0b400990 00 00 00 03 00 f6 f6 90 00 00 00 14 c2 b6 68 a7 |..............h.|
0b4009a0 df 5d 0d 00 df 5d 0d 30 00 d3 21 38 d2 50 a9 b0 |.]...].0..!8.P..|
0b4009b0 d2 50 aa 30 00 8b 73 88 00 00 00 00 00 00 00 00 |.P.0..s.........|
0b4009c0 00 00 00 00 05 d9 5a b0 00 00 00 00 00 00 00 14 |......Z.........|
0b4009d0 c2 b6 68 a7 c9 51 c2 06 00 00 00 00 00 00 00 00 |..h..Q..........|
0b4009e0 00 00 00 00 00 00 00 00 01 81 00 00 01 82 00 00 |................|
0b4009f0 00 00 00 00 01 82 00 00 01 82 00 00 00 03 8d 6c |...............l|
0b400a00 00 03 51 ec 00 00 0e e0 01 81 00 00 01 82 00 00 |..Q.............|
0b400a10 00 00 00 00 01 82 00 00 01 82 00 00 00 03 8d 6c |...............l|
0b400a20 00 03 8d 6c 00 00 00 00 ff ff d7 58 00 01 86 a0 |...l.......X....|
0b400a30 00 00 00 03 d2 50 aa 88 05 ab 8a e0 00 00 23 28 |.....P........#(|
0b400a40 41 cf 70 00 42 00 00 00 00 d3 34 88 d2 50 aa 50 |A.p.B.....4..P.P|
0xd250aa50: at powerpc_interrupt+0x1a0 (at stays the same)
0b400a50 d2 50 aa 80 00 8f 20 dc d2 50 aa 60 d2 50 aa 60 |.P.... ..P.`.P.`|
0b400a60 d2 50 aa 80 00 00 00 04 00 00 23 28 00 00 23 28 |.P........#(..#(|
0b400a70 41 cf 70 00 42 00 00 00 10 34 4e bf 00 00 f0 32 |A.p.B....4N....2|
0xd250aa80: at user SC trap (at stays the same)
by 0x419db168 (stays the same)
srr1=0xf032 (stays the same)
r1 =0xffffd5e0 (stays the same)
cr =0x24440840 (stays the same)
xer =0x20000000 (stays the same)
ctr =0x419db160 (stays the same)
0b400a80 ff ff d5 e0 00 10 08 f8 00 00 00 62 ff ff d5 e0 |...........b....|
0b400a90 41 a4 60 08 00 00 00 04 ff ff d7 68 00 00 00 17 |A.`........h....|
0b400aa0 00 03 80 00 41 a5 99 34 ff ff d2 64 ff ff d2 60 |....A..4...d...`|
0b400ab0 00 05 8a ad 00 00 02 9b 41 83 e4 00 00 00 00 00 |........A.......|
0b400ac0 01 81 00 00 01 82 00 00 00 00 00 00 01 82 00 00 |................|
0b400ad0 01 82 00 00 00 03 8d 6c 00 03 8d 6c 00 00 00 00 |.......l...l....|
===
Mark Millard
markmi at dsl-only.net
More information about the freebsd-hackers
mailing list