Hand analysis of packets up to 1st exception.... ================================================ Raw Packets(0): Idx:56; ID:1; [0x04 ]; I_TRACE_ON : Trace On. Idx:57; ID:1; [0x85 0x7c 0x01 0x40 0x00 0x00 0x00 0x00 0x00 0x30 ]; I_ADDR_CTXT_L_64IS0 : Address & Context, Long, 64 bit, IS0.; Addr=0x00000000004003F0; Ctxt: AArch64,EL0, NS; Idx:68; ID:1; [0xf7 ]; I_ATOM_F1 : Atom format 1.; E Decode(0): Idx:56; ID:1; OCSD_GEN_TRC_ELEM_TRACE_ON( [begin or filter]) Idx:57; ID:1; OCSD_GEN_TRC_ELEM_PE_CONTEXT((ISA=Unk) EL0N; 64-bit; ) Idx:68; ID:1; OCSD_GEN_TRC_ELEM_INSTR_RANGE(exec range=0x4003f0:[0x400418] num_i(10) last_sz(4) (ISA=A64) E BR b+link ) Disassembly(0): 00000000004003f0 <_start>: 4003f0: d280001d mov x29, #0x0 // #0 4003f4: d280001e mov x30, #0x0 // #0 4003f8: aa0003e5 mov x5, x0 4003fc: f94003e1 ldr x1, [sp] 400400: 910023e2 add x2, sp, #0x8 400404: 910003e6 mov x6, sp 400408: 580000c0 ldr x0, 400420 <_start+0x30> 40040c: 580000e3 ldr x3, 400428 <_start+0x38> 400410: 58000104 ldr x4, 400430 <_start+0x40> 400414: 940066f5 bl 419fe8 <__libc_start_main> 400418: Raw Packets(1): Idx:69; ID:1; [0x0f ]; I_CCNT_F1 : Cycle Count format 1.; Count=0x0 Idx:70; ID:1; [0x03 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x00 0x01 ]; I_TIMESTAMP : Timestamp.; Updated val = 0x0; CC=0x1 Idx:82; ID:1; [0xdb ]; I_ATOM_F2 : Atom format 2.; EE Decode(1.1): Idx:69; ID:1; OCSD_GEN_TRC_ELEM_CYCLE_COUNT( [CC=0]; ) Idx:70; ID:1; OCSD_GEN_TRC_ELEM_TIMESTAMP( [ TS=0x000000000000]; [CC=1]; ) Idx:82; ID:1; OCSD_GEN_TRC_ELEM_INSTR_RANGE(exec range=0x419fe8:[0x41a01c] num_i(13) last_sz(4) (ISA=A64) E BR ) Disassembly(1.1): 0000000000419fe8 <__libc_start_main>: 419fe8: a9ab7bfd stp x29, x30, [sp,#-336]! 419fec: 910003fd mov x29, sp 419ff0: 58001547 ldr x7, 41a298 <__libc_start_main+0x2b0> 419ff4: a9025bf5 stp x21, x22, [sp,#32] 419ff8: aa0303f5 mov x21, x3 419ffc: a90363f7 stp x23, x24, [sp,#48] 41a000: aa0403f6 mov x22, x4 41a004: a90153f3 stp x19, x20, [sp,#16] 41a008: aa0503f7 mov x23, x5 41a00c: a9058ba0 stp x0, x2, [x29,#88] 41a010: b9006fa1 str w1, [x29,#108] 41a014: f90023f9 str x25, [sp,#64] 41a018: b4000a07 cbz x7, 41a158 <__libc_start_main+0x170> 41a01c: Decode(1.2): Idx:82; ID:1; OCSD_GEN_TRC_ELEM_INSTR_RANGE(exec range=0x41a158:[0x41a160] num_i(2) last_sz(4) (ISA=A64) E BR ) Disassembly(1.2): 41a158: 52800002 mov w2, #0x0 // #0 41a15c: 17ffffb3 b 41a028 <__libc_start_main+0x40> 41a160: Raw Packets(2) Idx:83; ID:1; [0x0e 0x6d ]; I_CCNT_F1 : Cycle Count format 1.; Count=0x16d Idx:85; ID:1; [0x06 0x19 ]; I_EXCEPT : Exception.; Data Fault; Ret Addr Follows; Idx:87; ID:1; [0x9d 0x0c 0x03 0x40 0x00 0x00 0x00 0x00 0x00 ]; I_ADDR_L_64IS0 : Address, Long, 64 bit, IS0.; Addr=0x0000000000400630; Decode(2) Idx:83; ID:1; OCSD_GEN_TRC_ELEM_CYCLE_COUNT( [CC=365]; ) Idx:85; ID:1; OCSD_GEN_TRC_ELEM_INSTR_RANGE(exec range=0x41a028:[0x50d2f8] num_i(249012) last_sz(4) (ISA=A64) E --- ) Idx:85; ID:1; OCSD_GEN_TRC_ELEM_ADDR_NACC( 0x50d2f8 ) Idx:85; ID:1; OCSD_GEN_TRC_ELEM_EXCEPTION(pref ret addr:0x400630; excep num (0x3ccb4) ) Disassembly(2.1) - prev branch target - where we should be? 41a028: 90000521 adrp x1, 4be000 41a02c: b9406fa0 ldr w0, [x29,#108] 41a030: f94033a4 ldr x4, [x29,#96] 41a034: d0000523 adrp x3, 4c0000 41a038: b9098022 str w2, [x1,#2432] 41a03c: d0000501 adrp x1, 4bc000 <__FRAME_END__+0x104a8> 41a040: 8b20cc80 add x0, x4, w0, sxtw #3 41a044: 91002000 add x0, x0, #0x8 41a048: f9072826 str x6, [x1,#3664] 41a04c: f906e460 str x0, [x3,#3528] 41a050: f8408401 ldr x1, [x0],#8 41a054: b5ffffe1 cbnz x1, 41a050 <__libc_start_main+0x68> 41a058: 9400b7d8 bl 447fb8 <_dl_aux_init> Disassembly(2.2) - code @ pref return address - why is this a pref return, no code here has run to cause data fault? 40062c: 52800000 mov w0, #0x0 // #0 400630: 12000000 and w0, w0, #0x1 400634: 53001c00 uxtb w0, w0 400638: 14000002 b 400640