Re: epc register reported zero

Linux MIPS Architecture development
 help / color / mirror / Atom feed

From: David Daney <ddaney.cavm@gmail.com>
To: Lin Ming <minggr@gmail.com>
Cc: linux-mips@linux-mips.org
Subject: Re: epc register reported zero
Date: Wed, 27 Aug 2014 18:15:58 -0700	[thread overview]
Message-ID: <53FE82CE.1090707@gmail.com> (raw)
In-Reply-To: <CAF1ivSYeUL_UgS3Pn8Uif10wf4ibCh4aeS9NHMKo=S3wQtfduQ@mail.gmail.com>

On 08/27/2014 05:45 PM, Lin Ming wrote:
> Hi list,
>
> Board: Broadcom 963268
> CPU model: Broadcom BMIPS4350 V8.0
> Kernel: 2.6.30
> Toolchain: uclibc-crosstools-gcc-4.4.2-1
>
> I encountered an userspace application crash with epc reported zero.
> I don't understand how epc register could be zero.
>
> Any help is appreciated.
>
> wps_monitor/1699: potentially unexpected fatal signal 11.
>
> Cpu 1
> $ 0   : 00000000 10008d00 00000004 0000000a
> $ 4   : 0000000a 7f88a55c 00000000 00000001
> $ 8   : 00000000 00000000 00000001 00000000
> $12   : 00000001 00000000 00000008 12182430
> $16   : 00438968 00000001 00409620 00000000
> $20   : 00000000 00000000 00000000 00406404
> $24   : 00000002 2aaecc00
> $28   : 2ab39a70 7f88a4c0 7f88a4f0 0041a838

Disassemble the surrounding the address in $31

I am guessing that at 0x41a830, you have an indirect jump (JR 
instruction) and that 'rs' contains a value of zero.  So the EPC when 
you get the SIGSEGV will be ... zero.

This is called a call through a NULL function pointer.


> Hi    : 00000000
> Lo    : 00000000
> epc   : 00000000 (null)
>      Tainted: P
> ra    : 0041a838 0x41a838
> Status: 00008d13    USER EXL IE
> Cause : 00000008
> BadVA : 00000000
> PrId  : 0002a080 (Broadcom4350)
>
> mips-linux-addr2line -e wps_monitor 0041a838
> This shows "ra" address mapped to below line 328.
>
> 322         if (max_fd == -1) {
> 323                 TUTRACE((TUTRACE_ERR, "wpsm_readData: no fd set!\n"));
> 324                 return NULL;
> 325         }
> 326
> 327         /* Do select */
> 328         n = select(max_fd + 1, &fdvar, NULL, NULL, &timeout);
> 329         if (n <= 0) {
> 330                 /*
> 331                  * to avoid the select operation interferenced by
> led lighting timer.
> 332                  * this will be removed after led lighting timer
> is replaced by wireless driver
> 333                  */
> 334                 if (n < 0 && errno != EINTR) {
> 335                         TUTRACE((TUTRACE_ERR, "wpsm_readData:
> select recv failed\n"));
> 336                 }
> 337                 goto out;
> 338         }
>
>
> 0000eac0 <__libc_select>:
>      eac0:       3c1c0006        lui     gp,0x6
>      eac4:       279c1aa0        addiu   gp,gp,6816
>      eac8:       0399e021        addu    gp,gp,t9
>      eacc:       27bdffd8        addiu   sp,sp,-40
>      ead0:       afbe0020        sw      s8,32(sp)
>      ead4:       03a0f021        move    s8,sp
>      ead8:       afbf0024        sw      ra,36(sp)
>      eadc:       afb0001c        sw      s0,28(sp)
>      eae0:       afbc0010        sw      gp,16(sp)
>      eae4:       27bdfff0        addiu   sp,sp,-16
>      eae8:       8fc20038        lw      v0,56(s8)
>      eaec:       27bdffe0        addiu   sp,sp,-32
>      eaf0:       afa20010        sw      v0,16(sp)
>      eaf4:       2402102e        li      v0,4142
>      eaf8:       0000000c        syscall
>      eafc:       27bd0020        addiu   sp,sp,32
>      eb00:       10e00006        beqz    a3,eb1c <__libc_select+0x5c>
>      eb04:       00408021        move    s0,v0
>      eb08:       8f9988d0        lw      t9,-30512(gp)
>      eb0c:       0320f809        jalr    t9
>      eb10:       00000000        nop
>      eb14:       ac500000        sw      s0,0(v0)
>      eb18:       2402ffff        li      v0,-1
>      eb1c:       03c0e821        move    sp,s8
>      eb20:       8fbf0024        lw      ra,36(sp)
>      eb24:       8fbe0020        lw      s8,32(sp)
>      eb28:       8fb0001c        lw      s0,28(sp)
>      eb2c:       03e00008        jr      ra
>      eb30:       27bd0028        addiu   sp,sp,40
>
> Regards,
> Ming
>
>
>

next prev parent reply	other threads:[~2014-08-28  1:16 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-08-28  0:45 epc register reported zero Lin Ming
2014-08-28  1:15 ` David Daney [this message]
2014-08-28  1:33   ` Lin Ming

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=53FE82CE.1090707@gmail.com \
    --to=ddaney.cavm@gmail.com \
    --cc=linux-mips@linux-mips.org \
    --cc=minggr@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox