[#5162] Linphone: Data access misaligned address
Submitted By: Barry Song
Open Date
2009-05-26 00:28:33
Priority:
Medium Assignee:
Barry Song
Status:
Open Fixed In Release:
N/A
Found In Release:
N/A Release:
Category:
N/A Board:
Processor:
BF537 Silicon Revision:
Is this bug repeatable?:
Yes Resolution:
Not reproducible
Uboot version or rev.:
Toolchain version or rev.:
2009R1_RC6
App binary format:
Summary: Linphone: Data access misaligned address
Details:
Sometimes, while linphonec on target board answers the call from remote, system will crash due to misaligned address access. The log is like
linphonec> Data access misaligned address violation
- Attempted misaligned data memory or data cache access.
Deferred Exception context
CURRENT PROCESS:
COMM=linphonec PID=215
CPU = 0
TEXT = 0x00880000-0x008b71c0 DATA = 0x021281c0-0x0212cd90
BSS = 0x0212cd90-0x008c0000 USER-STACK = 0x008dfeb0
return address: [0x0030353e]; contents of:
0x00303510: 3210 6409 080f 9950 4f48 4380 9208 17f4
0x00303520: 640b 081c 6c25 50b2 6c20 17c9 2fe3 0000
0x00303530: 05e4 e800 0017 af38 b238 600c b279 [a040]
0x00303540: 9106 bbc0 a0c0 4084 3006 a101 40e0 4f08
SEQUENCER STATUS: Not tainted
SEQSTAT: 00060024 IPEND: 0030 SYSCFG: 0006
EXCAUSE : 0x24
interrupts disabled
physical IVG5 asserted : <0xffa00ba4> { _evt_ivhw + 0x0 }
RETE: <0x00000000> { _do_one_initcall + 0xfffff000 }
RETN: <0x00372000> [ linphonec + 0x0 ]
RETX: <0x00000480> /* Maybe fixed code section */
RETS: <0x00303e98> [ /usr/lib/libspeex.so.1 + 0x3e98 ]
PC : <0x0030353e> [ /usr/lib/libspeex.so.1 + 0x353e ]
DCPLB_FAULT_ADDR: <0x00346178> [ linphonec + 0x178 ]
ICPLB_FAULT_ADDR: <0x0030353e> [ /usr/lib/libspeex.so.1 + 0x353e ]
PROCESSOR STATE:
R0 : 0037a674 R1 : 0037a6c8 R2 : 0037a770 R3 : 00000080
R4 : 00000001 R5 : 00000000 R6 : 00000001 R7 : 00001000
P0 : 00346175 P1 : 0037ac28 P2 : 00000000 P3 : 003473f8
P4 : 002dc0cc P5 : 0037ac28 FP : 0037a2c8 SP : 00371f24
LB0: 00304be9 LT0: 00304be8 LC0: 00000000
LB1: 00308fad LT1: 00308f74 LC1: 00000000
B0 : 00000026 L0 : 00000000 M0 : 00000030 I0 : 0037a254
B1 : 0037a6c8 L1 : 00000000 M1 : 000623fc I1 : 0037a2a8
B2 : 0000000a L2 : 00000000 M2 : 0005e246 I2 : 00379f2c
B3 : 0037a6c8 L3 : 00000000 M3 : 0037a450 I3 : 00379f32
A0.w: 00000001 A0.x: 00000000 A1.w: 00000001 A1.x: 00000000
USP : 0037a26c ASTAT: 02003065
Hardware Trace:
0 Target : <0x00004a64> { _trap_c + 0x0 }
Source : <0xffa0062a> { _exception_to_level5 + 0x9e } CALL pcrel
1 Target : <0xffa0058c> { _exception_to_level5 + 0x0 }
Source : <0xffa0045a> { _bfin_return_from_exception + 0xe } RTX
2 Target : <0xffa0044c> { _bfin_return_from_exception + 0x0 }
Source : <0xffa004e2> { _ex_trap_c + 0x66 } JUMP.S
3 Target : <0xffa0047c> { _ex_trap_c + 0x0 }
Source : <0xffa006c4> { _trap + 0x38 } JUMP (P4)
4 Target : <0xffa006aa> { _trap + 0x1e }
Source : <0xffa006a6> { _trap + 0x1a } IF !CC JUMP
5 Target : <0xffa0068c> { _trap + 0x0 }
Source : <0x0030353c> [ /usr/lib/libspeex.so.1 + 0x353c ] 0xb279
6 Target : <0x00303530> [ /usr/lib/libspeex.so.1 + 0x3530 ]
Source : <0x00303e94> [ /usr/lib/libspeex.so.1 + 0x3e94 ] CALL pcrel
7 Target : <0x00303e60> [ /usr/lib/libspeex.so.1 + 0x3e60 ]
Source : <0x00303868> [ /usr/lib/libspeex.so.1 + 0x3868 ] JUMP.S
8 Target : <0x00303864> [ /usr/lib/libspeex.so.1 + 0x3864 ]
Source : <0x00303860> [ /usr/lib/libspeex.so.1 + 0x3860 ] IF CC JUMP
9 Target : <0x00303838> [ /usr/lib/libspeex.so.1 + 0x3838 ]
Source : <0x00303834> [ /usr/lib/libspeex.so.1 + 0x3834 ] IF !CC JUMP
10 Target : <0x0030381c> [ /usr/lib/libspeex.so.1 + 0x381c ]
Source : <0x0030bcd2> [ /usr/lib/libspeex.so.1 + 0xbcd2 ] CALL (P1)
11 Target : <0x0030bc94> [ /usr/lib/libspeex.so.1 + 0xbc94 ]
Source : <0x0030bc90> [ /usr/lib/libspeex.so.1 + 0xbc90 ] IF CC JUMP
12 Target : <0x0030bc80> [ /usr/lib/libspeex.so.1 + 0xbc80 ]
Source : <0x00304c18> [ /usr/lib/libspeex.so.1 + 0x4c18 ] RTS
13 Target : <0x00304bfc> [ /usr/lib/libspeex.so.1 + 0x4bfc ]
Source : <0x00304c12> [ /usr/lib/libspeex.so.1 + 0x4c12 ] IF CC JUMP
14 Target : <0x00304bfc> [ /usr/lib/libspeex.so.1 + 0x4bfc ]
15 Target : <0x00304bfc> [ /usr/lib/libspeex.so.1 + 0x4bfc ]
Userspace Stack
Stack info:
SP: [0x0037a26c] <0x0037a26c> [ linphonec + 0x226c ]
FP: (0x0037a2c8)
Memory from 0x0037a260 to 0037b000
0037a260: 00220017 0013001c 0001000a [0005000b] 00030006 00040002 00010000 fffe0000
0037a280: fffffffe fffcfffd fffbfffa fff8fff9 fffdfffa fffbfffc fffafffc fffbfffb
0037a2a0: fffafff9 fff9fff9 00000037 0000a580 0000c100 <00013d00> 00007600 0000e480
0037a2c0: 00015280 00010500 (0037a394)<00303e98> 0037ac28 002dc0cc 00001000 00000001
0037a2e0: 00000000 003473f8 0037a674 0037a6c8 <0000c580> 0037a758 00346175 0000000a
0037a300: 00000028 0037a5d0 0037a484 0037ac28 00000000 00000000 0000d000 00008200
0037a320: 0000d180 0037a2e8 <0000c580> 0000fc00 0000e300 0000d880 00012c80 0000f000
0037a340: 0000f600 0000e300 0000d880 002f0102 00000037 00000038 002f0102 003473f8
0037a360: 0037a310 0037a204 0037a2ac 000000a0 0037a258 00000038 00000010 00000037
0037a380: 00312b91 00000020 00000000 00000003 <00304ee2>(0037a874)<0030bcd4> 0037ac28
0037a3a0: 002dc0cc 00001000 00000028 00000000 003473f8 0037a674 0037a6c8 0037a770
0037a3c0: 0037a758 00346175 0000000a 00000028 0037a5d0 0037a484 0037ac28 00000000
0037a3e0: 00000002 00000000 00000000 002dc2d4 0037a484 00000002 00000000 00000002
0037a400: 002dc0f0 ffe5aaf3 fffc30a9 00032d39 0004c36b 00056a85 <000425d6> 0001c4f4
0037a420: 0000104e fffece2d fffe14a6 000a0102 fff7fffe 000d0000 000e0012 fffe0004
0037a440: fff4fff0 0002fffc 00010001 ffff0001 00010000 0000ffff 00000002 00000001
0037a460: 00010001 0000ffff 00000003 00010000 0000ffff fffe0000 ffffffff 00000000
0037a480: 00000000 2ac24000 268e26c4 2a41255d 2ad028b8 1ff323d2 202f229e 1a2f1ded
0037a4a0: 143016ce 0f881166 08440bdb 030f05a9 fe3b00c3 f9b5fbe0 f67af7d8 f3dcf519
0037a4c0: f22bf2e2 f17ef1bf f180f16d f238f1c1 f386f2d1 00000000 003b0043 00370039
0037a4e0: 00110027 00060008 00070009 ffecfff4 ffebffea ffe5ffea ffdeffe1 ffe1ffdf
0037a500: ffdfffe0 ffe1ffdf ffe5ffe3 ffe9ffe8 ffeeffeb fff3fff1 fff8fff6 fffdfffa
0037a520: 0001ffff 00050002 40fa7422 0000a580 0000c100 <00013d00> 00007600 0000e480
0037a540: 00015280 00010500 00003b00 0000f280 00005400 00015c00 0000a680 0000b880
0037a560: 0000b880 0000cb80 0000fc00 0000e300 <0000c580> 0000fc00 0000d000 00009500
0037a580: 0000ef00 <0000c580> 0000e900 0000b280 0000cb80 0000fc00 0000d000 00008200
0037a5a0: 0000d180 0000e900 <0000c580> 0000fc00 0000e300 0000d880 00012c80 0000f000
0037a5c0: 0000f600 0000e300 0000d880 00000002 00000000 00000000 00000000 00000000
0037a5e0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037a600: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037a620: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037a640: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037a660: 00000000 00000000 00000000 00000000 80000000 ffcdffe5 0017ffe1 0075004e
0037a680: 005e0069 0010001f 001b0014 000c0017 00000008 0004fffc fff8fff8 fff40004
0037a6a0: fff4fff8 fff4fff8 fff0fff0 00000000 fffcfff8 fff8fff4 fff0fffc fff0fff0
0037a6c0: fff4fff8 00810081 f7e1e225 00bcfd91 058effb8 060a01de fa5f00f2 00810081
0037a6e0: f6b0e3bc fefafdb7 0484022f 02ed0393 fa8601dd 00810081 04dc030e 20c80ee8
0037a700: 3424281c 47ea3cc6 59d45140 00810081 05b402ba 20db0f47 342728eb 480e3cd8
0037a720: 5b135115 00810081 07d004d0 1de013b0 334027e0 46a03cc0 59b050e0 00810081
0037a740: 09d70391 1e181421 325a2858 467f3c92 5aa750a2 00810081 fca6ef0a ffdeff82
0037a760: 0036002b 000d001a fff80005 00810081 f875e690 ff54fe56 0266014a 014201b6
0037a780: fe1700b9 00810081 ff18e0d8 fff90092 fff60090 001f005a 008e0007 00810081
0037a7a0: 00041502 00000000 00311e3c 00000000 00311e14 409d48dc 002dc784 0037a750
0037a7c0: 0037a404 0037a430 0037a484 0037a4d8 0037a52c 0037a5d0 0037a674 0037a518
0037a7e0: 0037a710 0037a740 0037a758 0037a770 0037a788 0037a728 0037a6f8 0037a6e0
0037a800: 0037a6c8 0037a678 00000000 00000000 00000018 feb90020 0005a6ef 00000000
0037a820: 00000004 3f6a46e0 00000000 002dc53c 002dc2d4 3dc502f6 0000000a 002dc2d4
0037a840: 00000000 0005cae3 00000018 00000082 00000067 0000006a 0000007e 0000007f
0037a860: 00000020 0000001a 001b001a ffe7004b 00000004 (0037a96c)<0030e0c0> 0037aad8
0037a880: 0037a998 00000000 0212a160 0037ac28 002d1a40 002dc0cc 0037a998 0037ac28
0037a8a0: 00000000 ffd00010 001c0000 0037aad8 00000140 00000040 002dc81c 00000000
0037a8c0: 002fc218 00000214 0037a8fc <003264da> 00338898 00338f70 0037a8a0 <003260f0>
0037a8e0: 00338898 00338cb0 00338cb0 00338898 00338f70 0037a918 <003260f0> 0037a930
0037a900: 0037a8c8 003473f8 00346e8c 00338cb0 0037a934 <003260f0> 0037a94c <003b2fec>
0037a920: 002ccb48 0037a92c 0037a930 000007d4 0037a95c 00000000 00370102 002c0000
0037a940: 000007d0 00000001 00338f70 00000280 00000280 002d8e84 002ccb94 0037a97c
0037a960:<00308da4> 003473f8 0212a160 (0037ac4c)<00895a92> 002d8e84 002ccb4c 00000000
0037a980: 0212a160 0037ac28 00000280 ba2adc91 0037a998 0037ac28 00000000 00000000
0037a9a0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037a9c0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037a9e0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037aa00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037aa20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037aa40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037aa60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037aa80: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037aaa0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037aac0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037aae0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037ab00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037ab20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037ab40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037ab60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037ab80: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037aba0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037abc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037abe0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037ac00: 00000000 00000000 00000000 00000000 00000000 00000000 0000020c 0037ac10
0037ac20: 0037a998 00000001 002fc6c4 00000029 00000005 00000001 00000001 00000000
0037ac40: 000007d0 <0089439c> 002ccc24 (0037ac80)<008aaa9e> 00000000 0212a160 002d8e2c
0037ac60: 00000000 002dc074 0037ace4 002d8e2c 0000007f 00000100 00000200 00000000
0037ac80:(0037acb4)<008aab16> 00000000 0212a160 002d8d54 00000000 002dc074 0037ace4
0037aca0: 002d8d54 00330c60 0033363c 00000000 00000000 (0037ace8)<008aab54> 002d1a30
0037acc0: 0212a160 00000000 0212a160 0037ace4 002dc074 00000004 00000000 00000002
0037ace0: 00000000 00000000 (0037ad1c)<008aabc4> 002dc074 00000000 00000004 00000000
0037ad00: 00000004 00000002 0037ad1c <0038f404> 00000000 00000000 007a1200 (0037ade4)
0037ad20:<003256e6> 00331388 0037ae24 0037ae24 00000030 00331388 00345808 0102a100
0037ad40: 01024e00 0102f300 01024200 0102f400 01021400 0102ef00 01026000 0102f300
0037ad60: 01027200 0102f500 01025500 0102eb00 01023500 01029b00 01027500 0102d500
0037ad80: 01025f00 01029e00 01025700 01030c00 01021700 0102ef00 01025000 0102b000
0037ada0: 01025900 0102b400 01027a00 01030300 01025b00 0037addc <0032855a> 0037ae24
0037adc0: 003336a0 00000001 00331388 0102a200 01024000 0102e800 01026800 0037ae08
0037ade0:<00325756>(0037ae08)<00325766> 00331388 0037ae24 00003000 00000030 0102a100
0037ae00: 01025500 01033200 (00000000)<0038cb80> 0037ae24 008dfaf8 01021a00 0102bc00
0037ae20: 0102ac00 <00aebe24> 00330a80 00000000 00000000 00000c03 000000d7 00000000
0037ae40: 003336a0 00000020 00000000 00000000 00000000 00000000 00000000 00000000
0037ae60: 00000000 00000000 0037ae6c 0000000b 0037ae74 00000000 00000000 00000000
0037ae80: 00345808 002dc074 80000000 00000000 00000000 00000000 00000000 00000000
0037aea0: 00000000 00000000 00000000 008dfabc <0215f41e> c0000000 0000003c 00000000
0037aec0: 008dfab0 <003264da> 00338898 00338f70 008dfab0 <003260f0> 00338898 00338cb0
0037aee0:<003260f0> 00338898 008dfad8 <003264da> 008dfae0 008dfae4 <003b2fec> 002dc038
0037af00: 00338cb0 <003260f0> 00000000 00000000 00000000 00000000 00000000 00000000
0037af20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037af40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037af60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037af80: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037afa0: 00000000 00000000 00000000 00000000 00000000 00000000 0037ae24 00000003
0037afc0: 00000001 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037afe0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0037b000: 00000000
Return addresses in stack:
address : <0x00013d00> { _do_softirq + 0x4c }
frame 1 : <0x00303e98> [ /usr/lib/libspeex.so.1 + 0x3e98 ]
address : <0x0000c580> { _sched_setaffinity + 0x9c }
address : <0x00304ee2> [ /usr/lib/libspeex.so.1 + 0x4ee2 ]
frame 2 : <0x0030bcd4> [ /usr/lib/libspeex.so.1 + 0xbcd4 ]
address : <0x000425d6> { _do_execve + 0x116 }
frame 3 : <0x0030e0c0> [ /usr/lib/libspeex.so.1 + 0xe0c0 ]
address : <0x003264da> [ /lib/libpthread.so.0 + 0x64da ]
address : <0x003260f0> [ /lib/libpthread.so.0 + 0x60f0 ]
address : <0x003b2fec> [ /lib/libc.so.0 + 0x32fec ]
address : <0x00308da4> [ /usr/lib/libspeex.so.1 + 0x8da4 ]
frame 4 : <0x00895a92> [ /usr/bin/linphonec + 0x15a92 ]
address : <0x0089439c> [ /usr/bin/linphonec + 0x1439c ]
frame 5 : <0x008aaa9e> [ /usr/bin/linphonec + 0x2aa9e ]
frame 6 : <0x008aab16> [ /usr/bin/linphonec + 0x2ab16 ]
frame 7 : <0x008aab54> [ /usr/bin/linphonec + 0x2ab54 ]
frame 8 : <0x008aabc4> [ /usr/bin/linphonec + 0x2abc4 ]
address : <0x0038f404> [ /lib/libc.so.0 + 0xf404 ]
frame 9 : <0x003256e6> [ /lib/libpthread.so.0 + 0x56e6 ]
address : <0x0032855a> [ /lib/libpthread.so.0 + 0x855a ]
address : <0x00325756> [ /lib/libpthread.so.0 + 0x5756 ]
frame 10 : <0x00325766> [ /lib/libpthread.so.0 + 0x5766 ]
frame 11 : <0x0038cb80> [ /lib/libc.so.0 + 0xcb80 ]
address : <0x00aebe24> [ linphonec + 0x3e24 ]
address : <0x0215f41e> [ /lib/libm.so.0 + 0xf41e ]
The backtrace in GDB is
0x0030353e in ?? () from /home/bhsong/develop/svn/uclinux-dist/romfs/usr/lib/libspeex.so.1
(gdb) bt
#0 0x0030353e in ?? () from /home/bhsong/develop/svn/uclinux-dist/romfs/usr/lib/libspeex.so.1
#1 0x00303e98 in split_cb_search_shape_sign () from /home/bhsong/develop/svn/uclinux-dist/romfs/usr/lib/libspeex.so.1
#2 0x00303e98 in split_cb_search_shape_sign () from /home/bhsong/develop/svn/uclinux-dist/romfs/usr/lib/libspeex.so.1
#3 0x0030bcd4 in nb_encode () from /home/bhsong/develop/svn/uclinux-dist/romfs/usr/lib/libspeex.so.1
#4 0x0030e0c0 in sb_encode () from /home/bhsong/develop/svn/uclinux-dist/romfs/usr/lib/libspeex.so.1
#5 0x00895a92 in enc_process (f=0x2d8e2c) at ../../../linphone-3.0.0/mediastreamer2/src/msspeex.c:239
#6 0x008aaa9e in run_graph (f=0x2d8e2c, s=0x2dc074, unschedulable=0x37ace4, force_schedule=0 '\0') at ../../../linphone-3.0.0/mediastreamer2/src/msticker.c:194
#7 0x008aab16 in run_graph (f=0x2d8d54, s=0x2dc074, unschedulable=0x37ace4, force_schedule=0 '\0') at ../../../linphone-3.0.0/mediastreamer2/src/msticker.c:212
#8 0x008aab54 in run_graphs (s=0x2dc074, execution_list=<value optimized out>, force_schedule=<value optimized out>) at ../../../linphone-3.0.0/mediastreamer2/src/msticker.c:226
#9 0x008aabc4 in ms_ticker_run (arg=0x2dc074) at ../../../linphone-3.0.0/mediastreamer2/src/msticker.c:340
#10 0x003256e6 in pthread_start_thread (arg=0x37ae24) at libpthread/linuxthreads.old/manager.c:327
#11 0x00325766 in pthread_start_thread_event (arg=0x37ae24) at libpthread/linuxthreads.old/manager.c:357
#12 0x0038cb80 in clone (fn=<error reading variable>, child_stack=0x37a6c8, flags=3647092, arg=0x37ac28) at libc/sysdeps/linux/bfin/clone.c:21
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
And use objdump to get the asm codes near 0x0030353e:
./libspeex.so.1
3530: e4 05 [--SP] = (R7:4, P5:4);
3532: 00 e8 17 00 LINK 0x5c; /* (92) */
3536: 38 af P0 = [FP + 0x30];
3538: 38 b2 [FP + 0x20] = R0;
353a: 0c 60 R4 = 0x1 (X); /* R4=0x1( 1) */
353c: 79 b2 [FP + 0x24] = R1;
353e: 40 a0 R0 = [P0 + 0x4];
P0 is odd, so make the misaligned address .
Basically, the issue is because userspace access a non-aligned address. I will give more analysis to find the root reason.
Follow-ups
--- Barry Song 2009-06-22 02:57:03
The PC pointers that programs die are keeping changing. By one trace today, I
got some new threads.
Check the trace while panic:
linphonec> answer
Connected.
linphonec> linphonec> Data access misaligned address violation
TEXT = 0x00440000-0x004771f0 DATA = 0x008381f0-0x0083cdc0
BSS = 0x0083cdc0-0x00980000 USER-STACK = 0x0099feb0
return address: [0x00549200]; contents of:
0x005491e0: 9310 a0f8 bbf0 b9f0 e801 0000 0010 0000
0x005491f0: 04c5 e800 0007 bbcb b0f8 b139 ad3a 6000
0x00549200: [9310] a0f8 0c00 1004 63f0 bbd0 205d 3047
0x00549210: 67c0 b9cb e3ff f2e9 bbf0 b9f0 0c00 1804
ADSP-BF537-0.2 500(MHz CCLK) 125(MHz SCLK) (mpu off)
Linux version 2.6.28.10-ADI-2009R1-svn6779
Built with gcc version 4.1.2 (ADI svn)
physical IVG5 asserted : <0xffa00c1c> { _evt_ivhw + 0x0 }
RETE: <0x00000000> /* Maybe null pointer? */
RETN: <0x0060e000> /* kernel dynamic memory */
RETS: <0x00507510> [ /lib/libm.so.0 + 0x7510 ]
PC : <0x00549200> [ /usr/lib/libosipparser2.so.4 + 0x9200 ]
DCPLB_FAULT_ADDR: <0x3fa66fa0> /* kernel dynamic memory */
ICPLB_FAULT_ADDR: <0x00549200> [ /usr/lib/libosipparser2.so.4 + 0x9200 ]
R0 : 00000000 R1 : 3fa66fa3 R2 : 00000000 R3 : 8d7ee000
R4 : 3fe77000 R5 : 00077000 R6 : 1dddfd7a R7 : 3fa66fa3
P0 : 00000002 P1 : 005491f0 P2 : 3fa66fa3 P3 : 009a8dc8
P4 : 0040d0c8 P5 : ffff5bd7 FP : 00512540 SP : 0060df24
LB0: 0046b44f LT0: 0046b3fe LC0: 00000000
LB1: 004e478d LT1: 004e478c LC1: 00000000
B0 : 00512338 L0 : 00000000 M0 : 00000000 I0 : 00000000
B1 : 005125f0 L1 : 00000000 M1 : 000623fc I1 : 00000000
B2 : 0000000a L2 : 00000000 M2 : 0005e246 I2 : 00000000
B3 : 005126e0 L3 : 00000000 M3 : 00512450 I3 : 8d7ee000
A0.w: 0005e246 A0.x: 00000000 A1.w: 00000000 A1.x: 00000000
USP : 00512524 ASTAT: 02003044
0 Target : <0x00004c90> { _trap_c + 0x0 }
Source : <0xffa00662> { _exception_to_level5 + 0x9e } CALL pcrel
1 Target : <0xffa005c4> { _exception_to_level5 + 0x0 }
Source : <0xffa004a4> { _bfin_return_from_exception + 0x20 } RTX
2 Target : <0xffa00484> { _bfin_return_from_exception + 0x0 }
Source : <0xffa0051a> { _ex_trap_c + 0x46 } JUMP.S
3 Target : <0xffa004d4> { _ex_trap_c + 0x0 }
Source : <0xffa0073a> { _trap + 0x66 } JUMP (P4)
4 Target : <0xffa006f4> { _trap + 0x20 }
Source : <0xffa006f0> { _trap + 0x1c } IF !CC JUMP
5 Target : <0xffa006d4> { _trap + 0x0 }
Source : <0x005491fe> [ /usr/lib/libosipparser2.so.4 + 0x91fe ]
0x6000
6 Target : <0x005491f0> [ /usr/lib/libosipparser2.so.4 + 0x91f0 ]
Source : <0x00501a7e> [ /lib/libm.so.0 + 0x1a7e ] JUMP (P1)
7 Target : <0x00501a76> [ /lib/libm.so.0 + 0x1a76 ]
Source : <0x0050750c> [ /lib/libm.so.0 + 0x750c ] CALL pcrel
8 Target : <0x00507504> [ /lib/libm.so.0 + 0x7504 ]
Source : <0x0046b1ca> [ /usr/bin/linphonec + 0x2b1ca ] RTS
9 Target : <0x0046b186> [ /usr/bin/linphonec + 0x2b186 ]
Source : <0x0046b150> [ /usr/bin/linphonec + 0x2b150 ] IF !CC JUMP
10 Target : <0x0046b124> [ /usr/bin/linphonec + 0x2b124 ]
Source : <0x0046b100> [ /usr/bin/linphonec + 0x2b100 ] JUMP.S
11 Target : <0x0046b0c6> [ /usr/bin/linphonec + 0x2b0c6 ]
Source : <0x0046b0b4> [ /usr/bin/linphonec + 0x2b0b4 ] IF !CC JUMP
12 Target : <0x0046b090> [ /usr/bin/linphonec + 0x2b090 ]
Source : <0x0046b072> [ /usr/bin/linphonec + 0x2b072 ] IF !CC JUMP
13 Target : <0x0046b02c> [ /usr/bin/linphonec + 0x2b02c ]
Source : <0x00501ac4> [ /lib/libm.so.0 + 0x1ac4 ] JUMP (P1)
14 Target : <0x00501abc> [ /lib/libm.so.0 + 0x1abc ]
Source : <0x00507500> [ /lib/libm.so.0 + 0x7500 ] CALL pcrel
15 Target : <0x005074f6> [ /lib/libm.so.0 + 0x74f6 ]
Source : <0x0046bb1e> [ /usr/bin/linphonec + 0x2bb1e ] RTS
SP: [0x00512524] <0x00512524> [ linphonec + 0x2524 ]
FP: (0x00512540)
Memory from 0x00512520 to 00513000
00512520: 00000000 [00000000] 00000000 00000000 009a8dc8 4f147dd5 dcca0781
3fa66fa3
00512540:(005125b8)<00507510> ffff5bd7 088eeb1f 3fa66fa3 00000000
bfd12000 6f160000
00512560: 40220596 00000000 00000000 79ac8a2d 3f2dd8ba 4de589bd 3f986da7
<0050f394>
00512580: 00512ad8 00831420 005125b4 005125dc <0050f39a> 00000000
bfd12000 75773282
005125a0: bfc3c51f 00000000 402a0000 00000000 00000000 0000000d
(005125e4)<0050ee4e>
005125c0: 00512ad8 00831420 0040d0c8 00000050 000000a0 00512998 00000000
00512658
005125e0:<004e7c98>(00512658)<004e7c9e> 00000050 10000000
00000000 10000000 00000000
00512600: 00000000 00000000 00000000 00512634 <004f0b46> 40000000
ffffffff 00000000
00512620: 10000000 00000003 00000000 ffffffff 40000000 00512668 00000000
00000000
00512640: 00000000 00000000 40000000 00000003 00000000 ffffffff
(00512874)<004ec2c2>
00512660: 00512754 0035866c 00000018 00000090 000000a0 00831420 00358ad4
00000011
00512680: 00000090 00000018 3f000000 003587d4 00000000 00000000 00000000
005126a0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
005126c0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
005126e0: ffd6fffa 0014fffe fff70000 fffbfff9 00240000 00000000 00000000
00512700: 00000000 00000000 00000000 00000000 12410921 247c1b67 36d02db8
491f4008
00512720: 5b645247 00000000 00000000 00000000 00000000 00000000 00000000
00512740: 12410921 247c1b67 36d02db8 491f4008 5b645247 00000000 fff1fffc
00030000
00512760: 00000000 00000000 00000000 00000000 ffdefffb 000dffff fffb0000
fffefffd
00512780: 000d0000 00000000 00000000 00000000 00000000 00000000 00000000
005127a0: 00000000 00000000 00000000 00000000 00000000 00000000 00358ad4
00512750
005127c0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00512518
005127e0: 00512710 00512740 00512758 00512770 00512788 00512728 005126f8
005126e0
00512800: 005126c8 00512678 004bffe7 ff7e0023 00000018 feb90020 00000000
00512820: 03bc007c fae5fee5 06f4021f f65dfc33 0e3106c5 00000000 0000000a
236375c9
00512840: f2f5e6f7 06c50e31 00000018 00000017 00000019 00000016 0000001a
00000015
00512860: 001b0020 0016001b 00120016 ffe7004b 000fffd9
(0051296c)<004ee0e4> 00512ad8
00512880: 00512998 00000000 0083a190 00512c28 00343a34 0035866c 00512998
00512c28
005128a0: 00000000 <0000c000> 005128dc 00512ad8 00000140 00000040
00358d78 00000000
005128c0: 0042ad60 00000214 005128fc <003864da> 004008f0 00400fc8
005128a0 <003860f0>
005128e0: 004008f0 00400d08 00400d08 004008f0 00400fc8 00512918
<003860f0> 00512930
00512900: 005128c8 00831420 00830eb8 00400d08 00512934 <003860f0>
0051294c <00933038>
00512920: 00393958 0051292c 00512930 000007d4 0051295c 00000000 00510000
00390000
00512940: 000007d0 00000001 00400fc8 00000280 00000280 00358434 0083a190
0051297c
00512960:<004e8db8> 00831420 0083a190 (00512c4c)<00455a9e>
00358434 0039395c 00000000
00512980: 0083a190 00512c28 00000280 ffff0000 00512998 00512c28 00000000
005129a0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
005129c0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
005129e0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00512a00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00512a20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00512a40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00512a60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00512a80: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00512aa0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00512ac0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00512ae0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00512b00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00512b20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00512b40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00512b60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00512b80: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00512ba0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00512bc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00512be0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00512c00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00512c10
00512c20: 00512998 00000001 005135f8 00000000 00000000 00000000 00000001
00512c40: 000007d0 <004543a8> 003938cc (00512c80)<0046aaca>
00000000 0083a190 003583dc
00512c60: 00000000 00358614 00512ce4 003583dc 0000007f 00000100 00000200
00512c80:(00512cb4)<0046ab46> 00000000 0083a190 00358304 00000000
00358614 00512ce4
00512ca0: 00358304 009a0c60 009a363c 00000000 00000000
(00512ce8)<0046ab84> 00343a24
00512cc0: 0083a190 00000000 0083a190 00512ce4 00358614 00000004 00000000
00000006
00512ce0: 00000000 00000000 (00512d1c)<0046abf4> 00358614 00000000
00000004 00000000
00512d00: 00000004 00000006 00512d1c <0090f404> 00000000 00000000
003d0900 (00512de4)
00512d20:<003856e6> 009a1388 00512e24 00512e24 00000030 009a1388
003b8808 0001fffb
00512d40: ffff0000 00000001 fffefffc fffd0000 fffd0005 fffbfffe fffe0001
fffbfffe
00512d60: 0000fffb fffefffb fffefffe 0001fffe 00030002 fffdfffe
<0000fffe> fffbfffd
00512d80: fffd0000 fffefffe fffefffc 0001fffe fffe0002 fffcfffd fffefffd
fffb0000
00512da0: 0001fffe 0004ffff fffe0002 fffdfffd fffbfffb 00512ddc
<00388556> 00512e24
00512dc0: 009a36a0 00000001 009a1388 0000fffb 00000000 ffff0002 0003ffff
00512e08
00512de0:<00385756>(00512e08)<00385766> 009a1388 00512e24
00003000 00000030 fffa0003
00512e00: 0004fffe fffa0000 (00000000)<0090cb80> 00512e24 0099faf8
fffe0000 ffff0003
00512e20: fffefffe 0084be24 009a0a80 00000000 00000000 00004003 000000d7
00512e40: 009a36a0 00000020 00000000 00000000 00000000 00000000 00000000
00512e60: 00000000 00000000 00512e6c 0000000b 00512e74 00000000 00000000
00512e80: 003b8808 00358614 80000000 00000000 00000000 00000000 00000000
00512ea0: 00000000 00000000 00000000 0099fabc <0050f422> c0000000
0000003c 00000000
00512ec0: 0099fab0 <003864da> 004008f0 00400fc8 0099fab0
<003860f0> 004008f0 00400d08
00512ee0:<003860f0> 004008f0 0099fad8 <003864da> 0099fae0
0099fae4 <00933038> 003585d8
00512f00: 00400d08 <003860f0> 00000000 00000000 00000000 00000000
00000000 00000000
00512f20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00512f40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00512f60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00512f80: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00512fa0: 00000000 00000000 00000000 00000000 00000000 00000000 00512e24
00000003
00512fc0: 00000001 00000000 00000000 00000000 00000000 00000000 00000000
00512fe0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00513000: 00000000
frame 1 : <0x00507510> [ /lib/libm.so.0 + 0x7510 ]
address : <0x0050f394> [ /lib/libm.so.0 + 0xf394 ]
address : <0x0050f39a> [ /lib/libm.so.0 + 0xf39a ]
frame 2 : <0x0050ee4e> [ /lib/libm.so.0 + 0xee4e ]
address : <0x004e7c98> [ /usr/lib/libspeex.so.1 + 0x7c98 ]
frame 3 : <0x004e7c9e> [ /usr/lib/libspeex.so.1 + 0x7c9e ]
address : <0x004f0b46> [ /usr/lib/libspeex.so.1 + 0x10b46 ]
frame 4 : <0x004ec2c2> [ /usr/lib/libspeex.so.1 + 0xc2c2 ]
frame 5 : <0x004ee0e4> [ /usr/lib/libspeex.so.1 + 0xe0e4 ]
address : <0x0000c000> { _sched_debug_show + 0x5b8 }
address : <0x003864da> [ /lib/libpthread.so.0 + 0x64da ]
address : <0x003860f0> [ /lib/libpthread.so.0 + 0x60f0 ]
address : <0x00933038> [ /lib/libc.so.0 + 0x33038 ]
address : <0x004e8db8> [ /usr/lib/libspeex.so.1 + 0x8db8 ]
frame 6 : <0x00455a9e> [ /usr/bin/linphonec + 0x15a9e ]
address : <0x004543a8> [ /usr/bin/linphonec + 0x143a8 ]
frame 7 : <0x0046aaca> [ /usr/bin/linphonec + 0x2aaca ]
frame 8 : <0x0046ab46> [ /usr/bin/linphonec + 0x2ab46 ]
frame 9 : <0x0046ab84> [ /usr/bin/linphonec + 0x2ab84 ]
frame 10 : <0x0046abf4> [ /usr/bin/linphonec + 0x2abf4 ]
address : <0x0090f404> [ /lib/libc.so.0 + 0xf404 ]
frame 11 : <0x003856e6> [ /lib/libpthread.so.0 + 0x56e6 ]
address : <0x0000fffe> { _panic + 0xb2 }
address : <0x00388556> [ /lib/libpthread.so.0 + 0x8556 ]
address : <0x00385756> [ /lib/libpthread.so.0 + 0x5756 ]
frame 12 : <0x00385766> [ /lib/libpthread.so.0 + 0x5766 ]
frame 13 : <0x0090cb80> [ /lib/libc.so.0 + 0xcb80 ]
address : <0x0050f422> [ /lib/libm.so.0 + 0xf422 ]
#0 0x00549200 in osip_from_clone () from
/home/bhsong/develop/svn/uclinux-dist-2009R1/debug_lib/libosipparser2.so.4
#1 0x00507510 in __ieee754_log (x=<value optimized out>) at
libm/e_log.c:145
#2 0x0050ee4e in logf (x=<value optimized out>) at
libm/float_wrappers.c:405
#3 0x004e7c9e in vbr_analysis () from
/home/bhsong/develop/svn/uclinux-dist-2009R1/debug_lib/libspeex.so.1
#4 0x004ec2c2 in nb_encode () from
#5 0x004ee0e4 in sb_encode () from
#6 0x00455a9e in enc_process (f=0x3583dc) at
../../../linphone-3.0.0/mediastreamer2/src/msspeex.c:239
#7 0x0046aaca in run_graph (f=0x3583dc, s=0x358614, unschedulable=0x512ce4,
force_schedule=0 '\0') at
../../../linphone-3.0.0/mediastreamer2/src/msticker.c:194
#8 0x0046ab46 in run_graph (f=0x358304, s=0x358614, unschedulable=0x512ce4,
../../../linphone-3.0.0/mediastreamer2/src/msticker.c:212
#9 0x0046ab84 in run_graphs (s=0x358614, execution_list=<value optimized
out>, force_schedule=<value optimized out>) at
../../../linphone-3.0.0/mediastreamer2/src/msticker.c:226
#10 0x0046abf4 in ms_ticker_run (arg=0x358614) at
../../../linphone-3.0.0/mediastreamer2/src/msticker.c:340
#11 0x003856e6 in pthread_start_thread (arg=0x512e24) at
libpthread/linuxthreads.old/manager.c:327
#12 0x00385766 in pthread_start_thread_event (arg=0x512e24) at
libpthread/linuxthreads.old/manager.c:357
#13 0x0090cb80 in clone (fn=<error reading variable>,
child_stack=0x3fa66fa3, flags=0, arg=0x5491f0) at
libc/sysdeps/linux/bfin/clone.c:21
(gdb)
In fact, the error comes from the following codes:
int from_2char_without_params(osip_from_t *from,char **str)
{
osip_from_t *tmpfrom=NULL;
osip_from_clone(from,&tmpfrom);
...
}
int
osip_from_clone (const osip_from_t * from, osip_from_t ** dest)
int i;
osip_from_t *fr;
*dest = NULL;
if (from == NULL)
return -1;
The system just dies at "*dest = NULL;" in osip_from_clone(). It's
really strange since "osip_from_t *tmpfrom=NULL;" can execute
successfully in from_2char_without_params.
Check the asm codes of from_2char_without_params:
41720 00024c24 <_from_2char_without_params>:
41721 24c24: 70 05 [--SP] = (R7:6);
41722 24c26: 00 e8 04 00 LINK 0x10; /* (16) */
41723 24c2a: 31 30 R6 = R1;
41724 24c2c: 01 60 R1 = 0x0 (X); /*
R1=0x0( 0) */
41725 24c2e: f1 bb [FP -0x4] = R1;
41726 24c30: 4f 30 R1 = FP;
41727 24c32: e1 67 R1 += -0x4; /* ( -4) */
41728 24c34: 7b 30 R7 = P3;
41729 24c36: ff e3 b7 3c CALL 0xc5a4 <__init+0x7b8>;
FP -0x4 is the address of osip_from_t *tmpfrom. Then the address is given to
R1.
Check the asm codes of osip_from_clone:
3831 000091f0 <_osip_from_clone>:
3832 91f0: c5 04 [--SP] = (P5:5);
3833 91f2: 00 e8 07 00 LINK 0x1c; /* (28) */
3834 91f6: cb bb [FP -0x10] = P3;
3835 91f8: f8 b0 [FP + 0xc] = R0;
3836 91fa: 39 b1 [FP + 0x10] = R1;
3837 91fc: 3a ad P2 = [FP + 0x10];
3838 91fe: 00 60 R0 = 0x0 (X); /*
R0=0x0( 0) */
3839 9200: 10 93 [P2] = R0;
At the beginning, [FP + 0x10] will be the address of tmpfrom, then P2=the
address of tmpfrom. But [P2]=0 fails!
So it looks like somebody changes R1 from from_2char_without_params to
osip_from_clone! Who is it?
Today, the debug was based on 2009R1 branch codes.
--- Barry Song 2009-06-24 06:36:07
The problem should not be a simple misaligned access. It should come from stack
overflow somewhere since the panic points are random:
sometimes libasound, sometimes libosipparser, sometimes libspeex, sometimes
libc...
And the causes of system panic are multifarious too,like:
"Data access misaligned address" "llegal use of supervisor
resource Attempted to use a Supervisor register or instruction from User
mode." "Data access CPLB miss" "anNULL pointer
access".
And results are not logical according to asm and c codes.
Let me try whether -mstack-check-l1 and -fmudflap -lmudflap can help to locate
the errors.
--- Barry Song 2009-06-25 23:11:51
Change two files to increase stack size, use the auto expect script to let PC
and target communicate by linphone more than 5000 times, there is no panic
again.
Index: oRTP/src/port.c
===================================================================
--- oRTP/src/port.c (revision 8320)
+++ oRTP/src/port.c (working copy)
@@ -170,8 +170,8 @@
if (attr)
my_attr = *attr;
#ifdef ORTP_DEFAULT_THREAD_STACK_SIZE
- if (ORTP_DEFAULT_THREAD_STACK_SIZE!=0)
- pthread_attr_setstacksize(&my_attr, ORTP_DEFAULT_THREAD_STACK_SIZE);
+// if (ORTP_DEFAULT_THREAD_STACK_SIZE!=0)
+ pthread_attr_setstacksize(&my_attr,
/*ORTP_DEFAULT_THREAD_STACK_SIZE*/0xA000);
#endif
return pthread_create(thread, &my_attr, routine, arg);
Index: Makefile
--- Makefile (revision 8320)
+++ Makefile (working copy)
@@ -1,6 +1,6 @@
VER = linphone-3.0.0
-CFLAGS += -fno-strict-aliasing -ffast-math -mfast-fp
+CFLAGS += -fno-strict-aliasing -ffast-math -mfast-fp
-Wl,--defsym,__stacksize=0x40000
CONF_OPTS = \
--enable-portaudio=no \
Files
Changes
Commits
Dependencies
Duplicates
Associations
Tags
File Name File Type File Size Posted By
No Files Were Found