This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
more on "snapshot generated" oops on Alpha
- To: egcs-bugs at cygnus dot com
- Subject: more on "snapshot generated" oops on Alpha
- From: Michal Jaegermann <michal at ellpspace dot math dot ualberta dot ca>
- Date: Sun, 9 Aug 1998 20:37:11 -0600
This is a followup to my earlier report that Linux kernel 2.0.35
compiled on Alpha (EB64+) with an egcs snapshot produces a series
of "Oops" on shutdown. This is, unfortunately, still true with the
latest available 19980803 snapshot. (BTW - my other report that
net/drivers/slhc.c file causes signal 11 was cleared in this
snapshot).
Here is the more detailed information about "oops" problem. It
happens consistently on exit from various daemons in function
tcp_close_pending() from net/ipv4/tcp.c. This "oops" always looks
like that (code was disassembled by comparing log file with
an, included for a comparison, output of objdump utility
pc = [<fffffc0000368638>] ps = 0000
rp = [<fffffc000036a998>] sp = fffffc000776dc28
r0=7 r1=1 r2=fffffc00078ff930 r3=0
r8=7
r16=0 r17=5 r18=0 r19=5d
r20=0 r21=7 r22=4 r23=1
r24=2f800000000 r25=6f800000000 r26=fffffc000036a998 r27=fffffc000031b5e0
r28=0 r29=fffffc0000435648 r30=fffffc000776dc28
Code: 47ff041f nop
44630410 mov t2,a0
00000035 call_pal 0x35
<a6090020> ldq a0,32(s0)
47ff0411 clr a1
f53fffdf bne s0,700 <tcp_close_pending+0x20>
a75e0000 ldq ra,0(sp)
a53e0008 ldq s0,8(sp)
a55e0010 ldq s1,16(sp)
addq sp,0x20,sp
ret zero,(ra),0x1
76c: 1f 04 ff 47 nop
770: 10 04 63 44 mov t2,a0
774: 35 00 00 00 call_pal 0x35
778: 20 00 09 a6 ldq a0,32(s0)
77c: 11 04 ff 47 clr a1
780: df ff 3f f5 bne s0,700 <tcp_close_pending+0x20>
784: 00 00 5e a7 ldq ra,0(sp)
788: 08 00 3e a5 ldq s0,8(sp)
78c: 10 00 5e a5 ldq s1,16(sp)
790: 1e 14 c4 43 addq sp,0x20,sp
794: 01 80 fa 6b ret zero,(ra),0x1
798: 1f 04 ff 47 nop
79c: 1f 04 ff 47 nop
This seem to include pieces of inline function skb_dequeue()
and, I am afraid, that I am unable to tell if the bomb is a fault
in egcs or if constraints in skb_dequeue() are not good enough.
I include below assembler code for tcp_close_pending() produced
by egcs release 1.0.3a, and which works fine, an assembler from
the current egcs snapshot and preprocessed file tcp.c.
Best regards,
Michal Jaegermann
michal@ellpspace.math.ualberta.ca
michal@harddata.com
Results of a dump of a working object file produced by egcs-1.3.0a
0000000000000728 <tcp_close_pending>:
728: 00 00 bb 27 ldah gp,0(t12)
72c: 00 00 bd 23 lda gp,0(gp)
730: e0 ff de 23 lda sp,-32(sp)
734: 00 00 5e b7 stq ra,0(sp)
738: 08 00 3e b5 stq s0,8(sp)
73c: 10 00 5e b5 stq s1,16(sp)
740: 38 01 50 21 lda s1,312(a0)
744: 00 00 e0 2f unop
748: 1f 04 ff 47 nop
74c: 00 00 e0 2f unop
750: 1f 04 ff 47 nop
754: 00 00 e0 2f unop
758: 1f 04 ff 47 nop
75c: 00 00 e0 2f unop
760: 36 00 00 00 call_pal 0x36
764: 03 04 00 44 mov v0,t2
768: 04 f4 e0 47 mov 0x7,t3
76c: 10 04 84 44 mov t3,a0
770: 35 00 00 00 call_pal 0x35
774: 00 00 4a a4 ldq t1,0(s1)
778: 09 04 ff 47 clr s0
77c: a1 05 4a 40 cmpeq t1,s1,t0
780: 0a 00 20 f4 bne t0,7ac <tcp_close_pending+0x84>
784: 10 00 2a a0 ldl t0,16(s1)
788: 09 04 42 44 mov t1,s0
78c: 00 00 49 a4 ldq t1,0(s0)
790: 21 35 20 40 subq t0,0x1,t0
794: 10 00 2a b0 stl t0,16(s1)
798: 08 00 42 b5 stq s1,8(t1)
79c: 00 00 4a b4 stq t1,0(s1)
7a0: 00 00 e9 b7 stq zero,0(s0)
7a4: 08 00 e9 b7 stq zero,8(s0)
7a8: 10 00 e9 b7 stq zero,16(s0)
7ac: 10 04 63 44 mov t2,a0
7b0: 35 00 00 00 call_pal 0x35
7b4: 0a 00 20 e5 beq s0,7e0 <tcp_close_pending+0xb8>
7b8: 20 00 09 a6 ldq a0,32(s0)
7bc: 11 04 ff 47 clr a1
7c0: a3 08 40 d3 bsr ra,2a50 <tcp_close+0x8>
7c4: 10 04 29 45 mov s0,a0
7c8: 11 34 e0 47 mov 0x1,a1
7cc: 00 00 7d a7 ldq t12,0(gp)
7d0: 00 40 5b 6b jsr ra,(t12),7d4 <tcp_close_pending+0xac>
7d4: 00 00 ba 27 ldah gp,0(ra)
7d8: 00 00 bd 23 lda gp,0(gp)
7dc: e0 ff ff c3 br 760 <tcp_close_pending+0x38>
7e0: 00 00 5e a7 ldq ra,0(sp)
7e4: 08 00 3e a5 ldq s0,8(sp)
7e8: 10 00 5e a5 ldq s1,16(sp)
7ec: 1e 14 c4 43 addq sp,0x20,sp
7f0: 01 80 fa 6b ret zero,(ra),0x1
7f4: 00 00 e0 2f unop
The same - compiler output
.align 3
.ent tcp_close_pending
tcp_close_pending:
ldgp $29,0($27)
$tcp_close_pending..ng:
lda $30,-32($30)
.frame $30,32,$26,0
stq $26,0($30)
stq $9,8($30)
stq $10,16($30)
.mask 0x4000600,-32
.prologue 1
lda $10,312($16)
.align 5
$L580:
call_pal 54
bis $0,$0,$3
bis $31,7,$4
bis $4,$4,$16
call_pal 53
ldq $2,0($10)
bis $31,$31,$9
cmpeq $2,$10,$1
bne $1,$L587
ldl $1,16($10)
bis $2,$2,$9
ldq $2,0($9)
subq $1,1,$1
stl $1,16($10)
stq $10,8($2)
stq $2,0($10)
stq $31,0($9)
stq $31,8($9)
stq $31,16($9)
$L587:
bis $3,$3,$16
call_pal 53
beq $9,$L579
ldq $16,32($9)
bis $31,$31,$17
bsr $26,$tcp_close..ng
bis $9,$9,$16
bis $31,1,$17
jsr $26,kfree_skb
ldgp $29,0($26)
br $31,$L580
.align 4
$L579:
ldq $26,0($30)
ldq $9,8($30)
ldq $10,16($30)
addq $30,32,$30
ret $31,($26),1
.end tcp_close_pending
The same function; object created with egcs-19980803 snapshot.
00000000000006e0 <tcp_close_pending>:
6e0: 00 00 bb 27 ldah gp,0(t12)
6e4: 00 00 bd 23 lda gp,0(gp)
6e8: 3e 15 c4 43 subq sp,0x20,sp
6ec: 00 00 5e b7 stq ra,0(sp)
6f0: 08 00 3e b5 stq s0,8(sp)
6f4: 10 00 5e b5 stq s1,16(sp)
6f8: 38 01 50 21 lda s1,312(a0)
6fc: 07 00 e0 c3 br 71c <tcp_close_pending+0x3c>
700: c9 08 40 d3 bsr ra,2a28 <tcp_close+0x8>
704: 10 04 29 45 mov s0,a0
708: 11 34 e0 47 mov 0x1,a1
70c: 00 00 7d a7 ldq t12,0(gp)
710: 00 40 5b 6b jsr ra,(t12),714 <tcp_close_pending+0x34>
714: 00 00 ba 27 ldah gp,0(ra)
718: 00 00 bd 23 lda gp,0(gp)
71c: 36 00 00 00 call_pal 0x36
720: 03 04 00 44 mov v0,t2
724: 04 f4 e0 47 mov 0x7,t3
728: 10 04 84 44 mov t3,a0
72c: 35 00 00 00 call_pal 0x35
730: 00 00 4a a4 ldq t1,0(s1)
734: 09 04 ff 47 clr s0
738: a1 05 4a 40 cmpeq t1,s1,t0
73c: 0c 00 20 f4 bne t0,770 <tcp_close_pending+0x90>
740: 10 00 2a a0 ldl t0,16(s1)
744: 09 04 42 44 mov t1,s0
748: 00 00 49 a4 ldq t1,0(s0)
74c: 21 35 20 40 subq t0,0x1,t0
750: 10 00 2a b0 stl t0,16(s1)
754: 08 00 42 b5 stq s1,8(t1)
758: 00 00 4a b4 stq t1,0(s1)
75c: 00 00 e9 b7 stq zero,0(s0)
760: 08 00 e9 b7 stq zero,8(s0)
764: 10 00 e9 b7 stq zero,16(s0)
768: 1f 04 ff 47 nop
76c: 1f 04 ff 47 nop
770: 10 04 63 44 mov t2,a0
774: 35 00 00 00 call_pal 0x35
778: 20 00 09 a6 ldq a0,32(s0)
77c: 11 04 ff 47 clr a1
780: df ff 3f f5 bne s0,700 <tcp_close_pending+0x20>
784: 00 00 5e a7 ldq ra,0(sp)
788: 08 00 3e a5 ldq s0,8(sp)
78c: 10 00 5e a5 ldq s1,16(sp)
790: 1e 14 c4 43 addq sp,0x20,sp
794: 01 80 fa 6b ret zero,(ra),0x1
798: 1f 04 ff 47 nop
79c: 1f 04 ff 47 nop
And a compiler output
.align 5
.ent tcp_close_pending
tcp_close_pending:
.frame $30,32,$26,0
.mask 0x4000600,-32
ldgp $29,0($27)
$tcp_close_pending..ng:
subq $30,32,$30
stq $26,0($30)
stq $9,8($30)
stq $10,16($30)
.prologue 1
lda $10,312($16)
br $31,$L601
.align 4
$L603:
bsr $26,$tcp_close..ng
bis $9,$9,$16
bis $31,1,$17
jsr $26,kfree_skb
ldgp $29,0($26)
$L601:
call_pal 54
bis $0,$0,$3
bis $31,7,$4
bis $4,$4,$16
call_pal 53
ldq $2,0($10)
bis $31,$31,$9
cmpeq $2,$10,$1
bne $1,$L609
ldl $1,16($10)
bis $2,$2,$9
ldq $2,0($9)
subq $1,1,$1
stl $1,16($10)
stq $10,8($2)
stq $2,0($10)
stq $31,0($9)
stq $31,8($9)
stq $31,16($9)
.align 4
$L609:
bis $3,$3,$16
call_pal 53
ldq $16,32($9)
bis $31,$31,$17
bne $9,$L603
ldq $26,0($30)
ldq $9,8($30)
ldq $10,16($30)
addq $30,32,$30
ret $31,($26),1
.end tcp_close_pending
tcp.OUT.c.gz