Re: epc register reported zero

All of lore.kernel.org
 help / color / mirror / Atom feed

From: David Daney <ddaney.cavm@gmail.com>
To: Lin Ming <minggr@gmail.com>
Cc: linux-mips@linux-mips.org
Subject: Re: epc register reported zero
Date: Wed, 27 Aug 2014 18:15:58 -0700	[thread overview]
Message-ID: <53FE82CE.1090707@gmail.com> (raw)
In-Reply-To: <CAF1ivSYeUL_UgS3Pn8Uif10wf4ibCh4aeS9NHMKo=S3wQtfduQ@mail.gmail.com>

On 08/27/2014 05:45 PM, Lin Ming wrote:
> Hi list,
>
> Board: Broadcom 963268
> CPU model: Broadcom BMIPS4350 V8.0
> Kernel: 2.6.30
> Toolchain: uclibc-crosstools-gcc-4.4.2-1
>
> I encountered an userspace application crash with epc reported zero.
> I don't understand how epc register could be zero.
>
> Any help is appreciated.
>
> wps_monitor/1699: potentially unexpected fatal signal 11.
>
> Cpu 1
> $ 0   : 00000000 10008d00 00000004 0000000a
> $ 4   : 0000000a 7f88a55c 00000000 00000001
> $ 8   : 00000000 00000000 00000001 00000000
> $12   : 00000001 00000000 00000008 12182430
> $16   : 00438968 00000001 00409620 00000000
> $20   : 00000000 00000000 00000000 00406404
> $24   : 00000002 2aaecc00
> $28   : 2ab39a70 7f88a4c0 7f88a4f0 0041a838

Disassemble the surrounding the address in $31

I am guessing that at 0x41a830, you have an indirect jump (JR 
instruction) and that 'rs' contains a value of zero.  So the EPC when 
you get the SIGSEGV will be ... zero.

This is called a call through a NULL function pointer.


> Hi    : 00000000
> Lo    : 00000000
> epc   : 00000000 (null)
>      Tainted: P
> ra    : 0041a838 0x41a838
> Status: 00008d13    USER EXL IE
> Cause : 00000008
> BadVA : 00000000
> PrId  : 0002a080 (Broadcom4350)
>
> mips-linux-addr2line -e wps_monitor 0041a838
> This shows "ra" address mapped to below line 328.
>
> 322         if (max_fd == -1) {
> 323                 TUTRACE((TUTRACE_ERR, "wpsm_readData: no fd set!\n"));
> 324                 return NULL;
> 325         }
> 326
> 327         /* Do select */
> 328         n = select(max_fd + 1, &fdvar, NULL, NULL, &timeout);
> 329         if (n <= 0) {
> 330                 /*
> 331                  * to avoid the select operation interferenced by
> led lighting timer.
> 332                  * this will be removed after led lighting timer
> is replaced by wireless driver
> 333                  */
> 334                 if (n < 0 && errno != EINTR) {
> 335                         TUTRACE((TUTRACE_ERR, "wpsm_readData:
> select recv failed\n"));
> 336                 }
> 337                 goto out;
> 338         }
>
>
> 0000eac0 <__libc_select>:
>      eac0:       3c1c0006        lui     gp,0x6
>      eac4:       279c1aa0        addiu   gp,gp,6816
>      eac8:       0399e021        addu    gp,gp,t9
>      eacc:       27bdffd8        addiu   sp,sp,-40
>      ead0:       afbe0020        sw      s8,32(sp)
>      ead4:       03a0f021        move    s8,sp
>      ead8:       afbf0024        sw      ra,36(sp)
>      eadc:       afb0001c        sw      s0,28(sp)
>      eae0:       afbc0010        sw      gp,16(sp)
>      eae4:       27bdfff0        addiu   sp,sp,-16
>      eae8:       8fc20038        lw      v0,56(s8)
>      eaec:       27bdffe0        addiu   sp,sp,-32
>      eaf0:       afa20010        sw      v0,16(sp)
>      eaf4:       2402102e        li      v0,4142
>      eaf8:       0000000c        syscall
>      eafc:       27bd0020        addiu   sp,sp,32
>      eb00:       10e00006        beqz    a3,eb1c <__libc_select+0x5c>
>      eb04:       00408021        move    s0,v0
>      eb08:       8f9988d0        lw      t9,-30512(gp)
>      eb0c:       0320f809        jalr    t9
>      eb10:       00000000        nop
>      eb14:       ac500000        sw      s0,0(v0)
>      eb18:       2402ffff        li      v0,-1
>      eb1c:       03c0e821        move    sp,s8
>      eb20:       8fbf0024        lw      ra,36(sp)
>      eb24:       8fbe0020        lw      s8,32(sp)
>      eb28:       8fb0001c        lw      s0,28(sp)
>      eb2c:       03e00008        jr      ra
>      eb30:       27bd0028        addiu   sp,sp,40
>
> Regards,
> Ming
>
>
>

next prev parent reply	other threads:[~2014-08-28  1:16 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-08-28  0:45 epc register reported zero Lin Ming
2014-08-28  1:15 ` David Daney [this message]
2014-08-28  1:33   ` Lin Ming

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=53FE82CE.1090707@gmail.com \
    --to=ddaney.cavm@gmail.com \
    --cc=linux-mips@linux-mips.org \
    --cc=minggr@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.