BTW - if you have a procnto-400, but not procnto-400.sym, all is not lost...

The crash dump tells you the relocated address of main

Shutdown[0,0] S/C/F=11/1/11 C/D=0004b954/000a474c state(d0)= now lock exit
                                 ^        ^
                                 &main     &actives

and the original binary gives the unrelocated address...

(632) cburgess@titirangi100:~$ ntoppc-nm $QNX_TARGET/ppcbe/boot/sys/procnto-400 | grep main
00038b24 T _main
00045afc T kernel_main
00005954 T main
00001064 G main_attrp
00000aa8 g mapped_remaining.88
000373d4 T timer_remaining

so...

0x4b954 - 0x5954 = 0x46000

and finally

ntoppc-ld -T $QNX_TARGET/ppcbe/lib/nto.link -Ttext 0x46000 -o procnto-400.sym $QNX_TARGET/ppcbe/boot/sys/procnto-400

ntoppc-gdb procnto-400.sym
GNU gdb 6.7 qnx-nto update 6 (rev. 109)
Copyright (C) 2007 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>;
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "--host=i686-pc-linux-gnu --target=powerpc-unknown-nto-qnx6.3.2"...
(gdb) x/i 0x9840c
0x9840c <strcpy>:	lbz     r9,0(r4)
(gdb) x/w 0x9840c
0x9840c <strcpy>:	0x89240000
(gdb)

and we can confirm the instruction stream is the same..

instruction[0009840c]:
89 24 00 00 38 84 00 01 7d 20 07 74 2c 00 00 00 99 23 00 00 39 63 00 01 4d 82

Cheers!

Colin

Douglas Bailey wrote:
> They are virtual addresses.
> 
> Addresses in the kernel space will match symbols in your procnto.sym
> file (generated if you [+keeplinked] in your build file) so you can look
> around with gdb.  Looks like there's lots of those in the information
> you've got -- on PPC, kernel addresses are in the first 256M.
> 
> Addresses outside the kernel space are more difficult -- you need to
> know what address space they belong to and use gdb on that program.
> Probably not an issue here.
> 
> Addresses in kernel interrupt code are most difficult, as you don't have
> any symbolic information to figure them out...
> 
> In this case, it looks like a procnto thread was running, servicing a
> request made by proc/boot/ps (from the PID and ASPACE PID lines).  The
> S/C/F codes indicate a segfault.  The state (d0 = now lock exit) are an
> artifact of a fault in a procnto thread.
> 
> Aside from that I can't contribute much without digging into the .sym
> file.
> 
>> -----Original Message-----
>> From: Robert D'Attilio [mailto:community-noreply@qnx.com] 
>> Sent: Thursday, April 30, 2009 4:27 PM
>> To: ostech-core_os
>> Subject: RE: Looking for docs on decoding kernel panic dump
>>
>> Thanks guys.
>>
>> Any idea if the memory addresses being referred to are 
>> physical addresses or virtual?
>>
>> -----Original Message-----
>> From: Joel Pilon [mailto:community-noreply@qnx.com]
>> Sent: Thursday, April 30, 2009 4:19 PM
>> To: ostech-core_os
>> Subject: Re: Looking for docs on decoding kernel panic dump
>>
>> This is a good place to start:
>>
>> http://www.qnx.com/developers/docs/6.4.0/neutrino/technotes/pr
>> oc_dump.ht
>> ml
>>
>> _______________________________________________
>> OSTech
>> http://community.qnx.com/sf/go/post28480
>>
>>
>> _______________________________________________
>> OSTech
>> http://community.qnx.com/sf/go/post28481
>>
>>
> 
> _______________________________________________
> OSTech
> http://community.qnx.com/sf/go/post28483
> 

-- 
cburgess@qnx.com

>> 3) In a subsequent posting, you did the following:
>> 
>> ntoppc-ld -T $QNX_TARGET/ppcbe/lib/nto.link -Ttext 0x46000 -o
>> procnto-400.sym $QNX_TARGET/ppcbe/boot/sys/procnto-400
>> 
>> What exactly were you trying to do here? Was this how YOU were able
to
>> determine that the failure was in strcpy() - the above relinks the
>> kernel to my relocation address and then you used the .sym to reverse
>> engineer the instruction address?

>The procnto-400 binary we ship is actually an object file.  When you
run  >mkifs (try it with -vv) it
>actually runs a linker to relocate the startup and the procnto to the
>appropriate addresses for your
>image.

Last question\comment on this topic to save sacrificing any more mice :)

So just for fun I tried re-running the mkifs with -vv as you suggested
and looked at the output and see the following:

  Offset   Size    Entry   Ramoff Target=Host
   30000    100     ----      --- Startup-header
   30100  10008    30200      --- startup-ppc.sym
   40108     5c     ----      --- Image-header
   40164   42f8     ----      --- Image-directory
...
   45000  61000    6d8cc      --- proc/boot/procnto-400=procnto-400.sym

I was expecting the offset for procnto to be 0x46000 as you had
calculated and used in your link command above and not 0x45000 as
reported by mkifs. Why the discrepancy? 

qsymoops -f ./dump.txt -s $QNX_TARGET/ppcbe/boot/sys/procnto-400

with procnto I get this:
=========================================
ppcbe context[03ff5d3c]:
 Platform:ppc        endian:big
=========================================
QNX Version 6.3.2 Release 2006/03/16-14:18:11
 QNX Version:6.3.2 Release timestamp:2006/03/16-14:18:11EST.
=========================================
Shutdown[0,0]
 Shutdown run on cpu 0, kernel cpu:0
=========================================
S/C/F=11/1/11
 Signal    :11  SIGSEGV   	segmentation violation
 Code      :1   SEGV_MAPERR	Address not mapped
 Fault code:11  FLTPAGE   	Recoverable page fault (no associated sig)
=========================================
C/D=0004b954/000a474c
 Location of the kernel's code(main):0x4b954   	data(actives[]):0xa474c
=========================================
state(d0)= now lock exit
state(d0)= now lock exit
  Explanation of state of the kernel:
   * now -- in the kernel
   * lock -- nonpreemptible
   * exit -- leaving kernel
   * specret -- special return processing
   * any number -- the interrupt nesting level.
 =========================================
 P/T FL=00019001/04020000 "proc/boot/procnto-400"


  Process flags:0x19001.
   0x00000001: _NTO_PF_NOCLDSTOP 
   0x00001000: _NTO_PF_CHECK_INTR Only set by interrupt_attach_*
   0x00008000: _NTO_PF_RING0 Ring0 access(only process manager process)
   0x00010000: _NTO_PF_SLEADER 
    +========
   0x00019001
  Thread flags :0x04020000.
   0x00020000: _NTO_TF_DETACHED 
   0x04000000: _NTO_TF_ALLOCED_STACK 
    +========
   0x04020000
  Process      :proc/boot/procnto-400".
=========================================
PF=00000000 "proc/boot/ps"
 The process "proc/boot/ps"" 
 Flags: 0x0 for the ASPACE PID, its address space was active.
   +========
  0x00000000
=========================================
ppcbe context[03ff5d3c]:
 Platform:ppcbe     	 Stored register map address:3ff5d3c
    r0:0x00000040     r1:0x03fbdcd0     r2:0x000a9ba8     r3:0x03fe57dc 
    r4:0x7c005a14     r5:0x03fe57dc     r6:0x00000000     r7:0x00000002 
    r8:0x00000000     r9:0x00000040    r10:0x0006d000    r11:0x00000004 
   r12:0x24000000    r13:0x000ab610    r14:0x00000000    r15:0x00000000 
   r16:0x00000000    r17:0x00000000    r18:0x00000000    r19:0x00000000 
   r20:0x00000000    r21:0x00000000    r22:0x03fffc60    r23:0x00000000 
   r24:0x03fffa98    r25:0x00000000    r26:0x00000000    r27:0xfe36d000 
   r28:0x03cc7bd8    r29:0x03fe57d4    r30:0x03fe57dc    r31:0x03e9b760 
   ctr:0x00000000     lr:0x00066728    msr:0x00029030     pc:0x0009840c 
    cr:0x44000000    xer:0x00000000    ear:0x00000000  usprg0:0x00000000 
 vrsave:0x00000000 
=========================================
instruction[0009840c]:
 Current instruction address(pc):0x0009840c and machine code:
 89 24 00 00 38 84 00 01 7d 20 07 74 2c 00 00 00 99 23 00 00 39 63 00 01 4d 82

 Current ip(0x9840c) in image is address (0x5240c), it is in function: strcpy(0x5240c) [strcpy+0x0]

   523e4:	8d 23 00 01 	lbzu	r9,1(r3)
   523e8:	8c 04 00 01 	lbzu	r0,1(r4)
   523ec:	7c 09 00 00 	cmpw	r9,r0
   523f0:	41 82 ff e4 	beq+	523d4 <strcmp+0x10>
   523f4:	88 63 00 00 	lbz	r3,0(r3)
   523f8:	88 04 00 00 	lbz	r0,0(r4)
   523fc:	7c 60 18 10 	subfc	r3,r0,r3
   52400:	7c 63 19 10 	subfe	r3,r3,r3
   52404:	60 63 00 01 	ori	r3,r3,1
   52408:	4e 80 00 20 	blr

0005240c <strcpy>:
   5240c:	89 24 00 00 	lbz	r9,0(r4)
   52410:	38 84 00 01 	addi	r4,r4,1
   52414:	7d 20 07 74 	extsb	r0,r9
   52418:	2c 00 00 00 	cmpwi	r0,0
   5241c:	99 23 00 00 	stb	r9,0(r3)
   52420:	39 63 00 01 	addi	r11,r3,1
   52424:	4d 82 00 20 	beqlr	
   52428:	89 24 00 00 	lbz	r9,0(r4)
   5242c:	38 84 00 01 	addi	r4,r4,1
   52430:	7d 20 07 74 	extsb	r0,r9
   52434:	2c 00 00 00 	cmpwi	r0,0
   52438:	99 2b 00 00 	stb	r9,0(r11)
=========================================
stack[03fbdcd0]:
 Current stack...