
symptom:

crash in openfirmware after call from OF_write()

Address of stack is truncated from 64-bit to 32-bit causing a TLB miss due to the invalid address

............

3107290858000  0xf0209e20       lduw   [%g5 + 0x0], %l0     MemRead    D=0x0000000000038e20 A=0xf02704e4    
3107290858500  0xf0209e24       jmpl   %l0, %g2, %pstate, %g0   IntAlu    D=0x00000000f0209e24    
3107290859000  0xf0209e28       add   %g5, 0x4, %g5         IntAlu    D=0x00000000f02704e8    

3107290859500  0xf0238e20       sra   %g4, %g0, %g4         IntAlu    D=0x000000000200589f    

3107290860000  0xf0238e24       ldx   [%g7 + 0x0], %l0      MemRead    D=0x00000000020058a0 A=0xf0081798    
3107290860500  0xf0238e28       sra   %l0, %g0, %l0         IntAlu    D=0x00000000020058a0    
3107290861000  0xf0238e2c       stx   %l0, [%g7 + 0x0]      MemWrite    D=0x00000000020058a0 A=0xf0081798    
3107290861500  0xf0238e30       lduw   [%g5 + 0x0], %l0     MemRead    D=0x0000000000008224 A=0xf02704e8    
3107290862000  0xf0238e34       jmpl   %l0, %g2, %pstate, %g0   IntAlu    D=0x00000000f0238e34    

...
3107290876500  0xf0208278       add   %g5, 0x4, %g5         IntAlu    D=0x00000000f02704f8    
3107290877000  0xf02396ac       srl   %g4, %g0, %g4         IntAlu    D=0x000000000200589f    

3107290877500  0xf02396b0       ldub   [%g4 + 0x0], %g4     MemRead    D=0x000000000000000a A=0x200589f    

3107290878000  0xf02396b4       lduw   [%g5 + 0x0], %l0     MemRead    D=0x000000000007004c A=0xf02704f8    
3107290878500  0xf02396b8       jmpl   %l0, %g2, %pstate, %g0   IntAlu    D=0x00000000f02396b8    
3107290879000  0xf02396bc       add   %g5, 0x4, %g5         IntAlu    D=0x00000000f02704fc    
3107290879500  0xf027004c       call   0xf0208014           IntAlu    D=0x00000000f027004c    
3107290880000  0xf0270050       sub   %g6, 0x8, %g6         IntAlu    D=0x00000000f00825d8    
3107290880500  0xf0208014       stx   %g5, [%g6]            MemWrite    D=0x00000000f02704fc A=0xf00825d8    
...


3107293888500  0x1010a44        softreset    %g0, 0x0, or %g0   IntAlu       
3107293889000  0x100c080        softreset    %g0, 0x0, or %g0   IntAlu       
3107293889500  0x100c080        softreset    %g0, 0x0, or %g0   IntAlu       
3107293890000  0x100c080        softreset    %g0, 0x0, or %g0   IntAlu       
3107293890500  0x100c080        softreset    %g0, 0x0, or %g0   IntAlu       
3107293891000  0xfff00000a0             ba,a   0xfff000025c         IntAlu       
3107293891500  0xfff000025c             tcci    %g0, 0x1, or %g1    IntAlu       
3107293892000  0xfff00000a0             ba,a   0xfff000025c         IntAlu       
3107293892500  0xfff000025c             tcci    %g0, 0x1, or %g1    IntAlu       
3107293893000  0xfff00000a0             ba,a   0xfff000025c         IntAlu       
3107293893500  0xfff000025c             tcci    %g0, 0x1, or %g1    IntAlu       
3107293894000  0xfff00000a0             ba,a   0xfff000025c         IntAlu       
3107293894500  0xfff000025c             tcci    %g0, 0x1, or %g1    IntAlu       
3107293895000  0xfff00000a0             ba,a   0xfff000025c         IntAlu       






3107293815000  0xf0208018       add   %o7, 0x8, %g5         IntAlu    D=0x00000000f02704dc
3107293815500  0xf020801c       lduw   [%g5 + 0x0], %l0     MemRead    D=0x00000000000089a4 A=0xf02704dc
3107293816000  0xf0208020       jmpl   %l0, %g2, %pstate, %g0   IntAlu    D=0x00000000f0208020
3107293816500  0xf0208024       add   %g5, 0x4, %g5         IntAlu    D=0x00000000f02704e0
3107293817000  0xf02089a4       ldx   [%g7 + 0x0], %l0      MemRead    D=0x00000001414d3a4f A=0xf00817a0
3107293817500  0xf02089a8       sub   %g7, 0x8, %g7         IntAlu    D=0x00000000f0081798
3107293818000  0xf02089ac       stx   %l0, [%g7]            MemWrite    D=0x00000001414d3a4f A=0xf0081798
3107293818500  0xf02089b0       stx   %g4, [%g7 + 0x8]      MemWrite    D=0x0000000000000001 A=0xf00817a0
3107293819000  0xf02089b4       lduw   [%g5 + 0x0], %l0     MemRead    D=0x0000000000009e04 A=0xf02704e0
3107293819500  0xf02089b8       jmpl   %l0, %g2, %pstate, %g0   IntAlu    D=0x00000000f02089b8
3107293820000  0xf02089bc       add   %g5, 0x4, %g5         IntAlu    D=0x00000000f02704e4
3107293820500  0xf0209e04       add   %g0, %g4, %l0         IntAlu    D=0x0000000000000001
3107293821000  0xf0209e08       ldx   [%g7 + 0x0], %l1      MemRead    D=0x00000001414d3a4f A=0xf0081798
3107293821500  0xf0209e0c       add   %g7, 0x8, %g7         IntAlu    D=0x00000000f00817a0
3107293822000  0xf0209e10       add   %l1, %g4, %l2         IntAlu    D=0x00000001414d3a50
3107293822500  0xf0209e14       sub   %g7, 0x8, %g7         IntAlu    D=0x00000000f0081798
3107293823000  0xf0209e18       stx   %l2, [%g7]            MemWrite    D=0x00000001414d3a50 A=0xf0081798
3107293823500  0xf0209e1c       add   %g0, %l1, %g4         IntAlu    D=0x00000001414d3a4f
3107293824000  0xf0209e20       lduw   [%g5 + 0x0], %l0     MemRead    D=0x0000000000038e20 A=0xf02704e4
3107293824500  0xf0209e24       jmpl   %l0, %g2, %pstate, %g0   IntAlu    D=0x00000000f0209e24
3107293825000  0xf0209e28       add   %g5, 0x4, %g5         IntAlu    D=0x00000000f02704e8
***********************
3107293825500  0xf0238e20       sra   %g4, %g0, %g4         IntAlu    D=0x00000000414d3a4f
***********************
3107293826000  0xf0238e24       ldx   [%g7 + 0x0], %l0      MemRead    D=0x00000001414d3a50 A=0xf0081798
3107293826500  0xf0238e28       sra   %l0, %g0, %l0         IntAlu    D=0x00000000414d3a50
3107293827000  0xf0238e2c       stx   %l0, [%g7 + 0x0]      MemWrite    D=0x00000000414d3a50 A=0xf0081798
3107293827500  0xf0238e30       lduw   [%g5 + 0x0], %l0     MemRead    D=0x0000000000008224 A=0xf02704e8
3107293828000  0xf0238e34       jmpl   %l0, %g2, %pstate, %g0   IntAlu    D=0x00000000f0238e34
3107293828500  0xf0238e38       add   %g5, 0x4, %g5         IntAlu    D=0x00000000f02704ec
3107293829000  0xf0208224       add   %g0, %g4, %l1         IntAlu    D=0x00000000414d3a4f
3107293829500  0xf0208228       ldx   [%g7 + 0x0], %l0      MemRead    D=0x00000000414d3a50 A=0xf0081798
3107293830000  0xf020822c       ldx   [%g7 + 0x8], %g4      MemRead    D=0x0000000000000001 A=0xf00817a0
3107293830500  0xf0208230       subcc   %g0, %l1, %l0, %g0   IntAlu    D=0x0000000000000099
3107293831000  0xf0208234       bpccx   0xf02081ec          IntAlu   
3107293831500  0xf0208238       add   %g7, 0x10, %g7        IntAlu    D=0x00000000f00817a8
3107293832000  0xf02081ec       sub   %g6, 0x8, %g6         IntAlu    D=0x00000000f00825f0
3107293832500  0xf02081f0       stx   %g5, [%g6]            MemWrite    D=0x00000000f02704ec A=0xf00825f0
3107293833000  0xf02081f4       add   %g5, 0x4, %g5         IntAlu    D=0x00000000f02704f0



mi_switch() newl->l_pcb 0x1414d0000
mi_switch() newl->l_pcb->pcb_sp 1414d3621
mi_switch() newl->l_pcb->pcb_pc 1012018


414d2000


3107292014500  0x10117fc        andcc   %g0, %sp, 0x1, %g0   IntAlu    D=0x0000000000000000

%sp == ...............0 ????????


start<openfirmware>
10117f8

0000000001045840 <OF_write>:


stack ...1414d3970.....

3107292008500  0x104587c        stx   %g1, [%fp + 0x7df]    MemWrite    D=0x00000000fff571b8 A=0x1414d3970
3107292009000  0x1045880        clr   %i4                   IntAlu    D=0x0000000000000000
3107292009500  0x1045884        bpa   0x10d154              IntAlu   
3107292010000  0x1045888        sethi   %hi(0x2000), %i5    IntAlu    D=0x0000000000002000
3107292010500  0x10458a4        mov   %i5, %g1              IntAlu    D=0x0000000000002000
3107292011000  0x10458a8        subcc   %g0, %i2, %i5, %g0   IntAlu    D=0x0000000000000099
3107292011500  0x10458ac        movcci   %g1, %i2, %u2, %g1   IntAlu    D=0x0000000000000001
3107292012000  0x10458b0        add   %fp, 0x7c7, %o0       IntAlu    D=0x00000001414d3958
3107292012500  0x10458b4        sra   %g1, %g0, %g1         IntAlu    D=0x0000000000000001
3107292013000  0x10458b8        call   0x10117f8            IntAlu    D=0x00000000010458b8
3107292013500  0x10458bc        stx   %g1, [%fp + 0x7ef]    MemWrite    D=0x0000000000000001 A=0x1414d3980
3107292014000  0x10117f8        sethi   %hi(0x1c00000), %o4   IntAlu    D=0x0000000001c00000
3107292014500  0x10117fc        andcc   %g0, %sp, 0x1, %g0   IntAlu    D=0x0000000000000000
3107292015000  0x1011800        bpcci   0x1011878           IntAlu   
3107292015500  0x1011804        ldx   [%o4 + 0x0], %o4      MemRead    D=0x00000000f025496c A=0x1c00000
3107292016000  0x1011808        save   %sp, %cwp, %u3, %u4, %u5, %u6, %u7, 0xffffffffffffff50, %g7   IntAlu   
3107292016500  0x1009300        andcc   %g0, %sp, 0x1, %g0   IntAlu    D=0x0000000000000000
3107292017000  0x1009304        bpccx   0x1009204           IntAlu   
3107292017500  0x1009308        wr    0x4, %asi             IntAlu    D=0x0000000000000004
3107292018000  0x1009204        stxa   %l0, [%sp + 0x7ff]   MemWrite    D=0x0000000001c8b2c0 A=0x1414d3d70
3107292018500  0x1009208        stxa   %l1, [%sp + 0x807]   MemWrite    D=0x00000001414d0000 A=0x1414d3d78
3107292019000  0x100920c        stxa   %l2, [%sp + 0x80f]   MemWrite    D=0x00000001003fb208 A=0x1414d3d80
3107292019500  0x1009210        stxa   %l3, [%sp + 0x817]   MemWrite    D=0x00000001414d3ed0 A=0x1414d3d88
3107292020000  0x1009214        stxa   %l4, [%sp + 0x81f]   MemWrite    D=0x0000000001c8b7d8 A=0x1414d3d90
3107292020500  0x1009218        stxa   %l5, [%sp + 0x827]   MemWrite    D=0x0000000002002000 A=0x1414d3d98
3107292021000  0x100921c        stxa   %l6, [%sp + 0x82f]   MemWrite    D=0x00000000e0048000 A=0x1414d3da0
3107292021500  0x1009220        stxa   %l7, [%sp + 0x837]   MemWrite    D=0x00000000018d2800 A=0x1414d3da8
3107292022000  0x1009224        stxa   %i0, [%sp + 0x83f]   MemWrite    D=0x00000001003ca420 A=0x1414d3db0
3107292022500  0x1009228        stxa   %i1, [%sp + 0x847]   MemWrite    D=0x00000001003ca420 A=0x1414d3db8
3107292023000  0x100922c        stxa   %i2, [%sp + 0x84f]   MemWrite    D=0x0000000000000000 A=0x1414d3dc0
3107292023500  0x1009230        stxa   %i3, [%sp + 0x857]   MemWrite    D=0x00000001003ce0c8 A=0x1414d3dc8
3107292024000  0x1009234        stxa   %i4, [%sp + 0x

.....................



