STREAMS/UX for the HP 9000 Reference Manual

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1 Networking Software

201

202

203

204

205

206

207

208

209

210

205

Debugging STREAMS/UX Modules and Drivers

Debugging Examples

the value of sp at the time of the panic. To get this information, we do a

manual stack back-trace. See “Manual Stack Back-Tracing” for details on

how this is done. The resulting table is shown below:

Now that we have the values of sp, we want to look into the stack frame of

the procedure above spput() in the stack trace, to ﬁnd what value that

procedure saved in its stack for arg1. In this case, the procedure above

spput() is $call_trap. $call_trap is one of the low-level kernel utility

procedures which is hand-coded in assembly and does not create a normal

stack frame. Instead it creates a “save state” area, which contains the values

of all the registers at the time the trap or interrupt took place. The structure

save_state is deﬁned in /usr/include/machine/save_state.h. The general

registers are stored ﬁrst, and are located at “top of save state area” +

“register number” * 4. So, for example, arg1, which is also known as r25,

will be 25*4 = 100 off of the beginning of the save state area. To ﬁnd the top

of the save state area, subtract the size of the save_state structure (0x230 in

release 9.0) from the value of sp for $call_trap:

0x7ffe6e08-0x230>sp # set sp to top of trap save state

<sp/X

7FFE6BD8: 0xF000009 # first word of save state area

0x7ffe6bd8+0x4/X

7FFE6BDC: 0 # find contents of r1 (lp->last_mp)

# at sp + 1*4. NULL, as we thought

0x7ffe6bd8+0x64/X # find contents of arg1 (lp) at

# sp + 25*4.

7FFE6C38: 0xFFFFFFBF

0xFFFFFFBF is a very unlikely value for lp. It is more likely that the

contents of arg1 were changed in the process of taking a trap. The four arg

registers are considered scratch registers, and the trap path is very likely to

have overwritten these registers before it created the save state area.

sp pcoqh Procedure Address Frame Size

0x1fdb80

0x1fdb50

0x1fdad0

0x7ffe6f88

0x7ffe6f08

0x7ffe6e08

0x7ffe6bd8

0x7ffe6b98

0x24b34

0xc8f48

0xc8938

0x13e8cc

0xcc108

0xbd3f4

0x3b584

0x49a48

doadump+0xEC

panic_boot+354

boot+0x24

panic+0xf0

trap+0xf18

$call_trap

spput+0x4c

csq_lateral+0x80

0x30

0x80

0x100

0x230

0x40

0x80