site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com Godfrey van der Linden writes:

I'd like to see the assembly that this kernel is running at 0x2CAE8. I'd be willing to bet an offset from a NULL pointer is being taken and that is why you are panicing.

I think the 'r1' panic is a red herring, the first exception state is 'PC=0x0002CAE8; MSR=0x00001030; DAR=0x000000D4; DSISR=0x40000000; LR=0x0002 CAD8; R1=0x0CC33DB0; XCP=0x0000000C (0x300 - Data access)' Indicates that the r1 is valid at the time that the panic is taken. Do you have a symbolled kernel for the version that is taking the panic. If you can find out what routine was passed a NULL pointer you may have a suspect.

Unfortunately, the kernel is long gone, as I upgraded to 10.3.7 (crash was with a 10.3.4 kernel). Are you saying that R1 (0x0CC33DB0) might be the text address of the routine which triggered the panic?

Finally when you see this sort of crash, that is a crash in the kernel but none of your code is in the backtrace, then I'd suspect a teardown race of some sort. You or somebody else may be zero-ing a pointer early, or perhaps you are using a freed data structure. When this happens you often trash the data that is being resused by someother parts of the system.

Hope this helps.

Yes, it does. But I'm still waiting for the panic to re-occur with better debugging infastructure in place.. Thanks, Drew _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... This email sent to site_archiver@lists.apple.com