Content originally posted in LPCWare by repu1sion on Wed Nov 05 09:57:48 MST 2014
Having MPU fault at 0x00000000 where actually access address was a001cff4.
Described below.
/ # /opt/zpm_thread
00032 : pthread_initialize: initial thread stack bounds: bos=0x1, tos=0xffffffff
00032 : __pthread_initialize_manager: manager stack: size=8160, bos=0xa02fc008, tos=0xa02fdfe8
00032 : __pthread_initialize_manager: send REQ_DEBUG to manager thread
00032 : pthread_create: write REQ_CREATE to manager thread
00032 : pthread_create: before suspend(self)
00033 : __pthread_manager: before poll
00033 : __pthread_manager: after poll
00033 : __pthread_manager: before read
00033 : __pthread_manager: after read, n=28
00033 : __pthread_manager: got REQ_CREATE
[ 13.100000]
[ 13.100000] zpm_thread: unhandled MPU fault (0x08) at 0x00000000 [pc=0xa0088e4a,sp=0xa02fde08]
[ 13.100000]
[ 13.100000] [fp=0x00000000]
[ 13.100000]
[ 13.100000]
[ 13.100000] Pid: 33, comm: zpm_thread
[ 13.100000] CPU: 0 Not tainted (2.6.33-arm1 #2)
[ 13.100000] pc : [<a0088e4a>] lr : [<a0088f8f>] psr: 21000000
[ 13.100000] sp : a02fde08 ip : a00980d8 fp : 00000000
[ 13.100000] Code dump at pc [a0088e4a]:
[ 13.100000] 68f8601a 683a6979 f7ff6a3b 697bffc8
[ 13.100000] r10: a0095bf0 r9 : 00000000 r8 : 00000000
[ 13.100000] r7 : a02fde28 r6 : a02fdf9c r5 : 00000020 r4 : a0097fb0
[ 13.100000] r3 : a001cff4 r2 : 00005000 r1 : a0018000 r0 : a009c5d0
[ 13.100000] Flags: nzCv IRQs on FIQs on Mode USER_26 ISA unknown Segment user
[ 13.100000] Backtrace: no frame pointer
00008dec <__heap_add_free_area>:
free-area. */
struct heap_free_area *
__heap_add_free_area (struct heap_free_area **heap, void *mem, size_t size,
struct heap_free_area *prev,
struct heap_free_area *next)
{
8dec: b580 push {r7, lr}
8dee: b086 sub sp, #24
8df0: af00 add r7, sp, #0
8df2: 60f8 str r0, [r7, #12]
8df4: 60b9 str r1, [r7, #8]
8df6: 607a str r2, [r7, #4]
8df8: 603b str r3, [r7, #0]
struct heap_free_area *fa = (struct heap_free_area *)
8dfa: 68ba ldr r2, [r7, #8]
8dfc: 687b ldr r3, [r7, #4]
8dfe: f1a3 030c sub.w r3, r3, #12
((char *)mem + size - sizeof (struct heap_free_area));
8e02: 4413 add r3, r2
8e04: 617b str r3, [r7, #20]
fa->size = size;
8e06: 697b ldr r3, [r7, #20]<-- store to r3 value from r7+20 ( we have valid pointer - OK)
8e08: 687a ldr r2, [r7, #4]<-- store to r2 0x5000 - OK
8e0a: 601a str r2, [r3, #0] <-- FAIL HERE. (save 0x5000 to address a001cff4 (r3) - seems valid)
__heap_link_free_area (heap, fa, prev, next);
8e0c: 68f8 ldr r0, [r7, #12]
8e0e: 6979 ldr r1, [r7, #20]
8e10: 683a ldr r2, [r7, #0]
8e12: 6a3b ldr r3, [r7, #32]
8e14: f7ff ffc8 bl 8da8 <__heap_link_free_area>
return fa;
8e18: 697b ldr r3, [r7, #20]
}
8e1a: 4618 mov r0, r3
8e1c: f107 0718 add.w r7, r7, #24
8e20: 46bd mov sp, r7
8e22: bd80 pop {r7, pc}
(gdb) x/100x 0xa02fde28
0xa02fde28:0x000000000x000050000xa00180000xa009c5d0
0xa02fde38:0x040000210xa001cff40xa02fde500xa0088f8f
0xa02fde48:0xa009c5c40xa0097fb00x000000200x00005000
0xa02fde58:0xa00180000xa009c5d00x000000000xa009c5c4
0xa02fde68:0x000000000xa001d0000x000050000xa00a0834
0xa02fde78:0xa02fde880xa00886b90x000000000x00000000
0xa02fde88:0x000000000xa00a08340xa009c5d00x00004008
0xa02fde98:0x000000000xa00180000x000050000x00000000
0xa02fdea8:0x000000000x000000000xa02fdeb80xa0088851
0xa02fdeb8:0x000000000x000040000x000000000x00000000
0xa02fdec8:0xa02fded00xa0082b970xa02fdf3c0x00001000
0xa02fded8:0xffffbea10x000000000x000000000x00000000
0xa02fdee8:0x000000000x000000000x000040000xa02fdf88
0xa02fdef8:0x0000001c0x000000030x726f66650x00000002
0xa02fdf08:0xa02fdf200xa0082d250xa02fdf380xa02fdf34
0xa02fdf18:0xa02fdf300x000000030x000000000xa00800a5
0xa02fdf28:0x000000000xa0097fe00x000000000x00000000
0xa02fdf38:0x000000000x000000000x000000020xa0098110
0xa02fdf48:0xa02fdf500x0000002a0x000010000x00000000
0xa02fdf58:0xa02fdf800xa00828410xa0095efc0xa0097fb0
0xa02fdf68:0xa02fdf800xa00828810xa02fdf9c0x00000020
0xa02fdf78:0x000000000xa00980d80x000000000x00000003
0xa02fdf88:0xa0097fb00x000000000x000000000xa00800a5
0xa02fdf98:0x000000000x800000000x000000000xffffffef
0xa02fdfa8:0xfffffffe0x000000030x000100010x00000003
(gdb) x/100x 0xa001cff4
0xa001cff4:0x000000000x000000000x000000000x1d03d003
0xa001d004:0x280068400x6841d1f80xf00660190x4620fa3d
0xa001d014:0x490d46320xfe74f0040xe74c20010x4b091c58
0xa001d024:0x990290000xb9ab681b0xbf00e75e0x64790100
0xa001d034:0x707901000x807901000x907901000xa0790100
0xa001d044:0x507901000xb4a901000x587901000x2b00685b
0xa001d054:0xaf4af43f0x4291681a0x4668d1f80xf7ffa901
0xa001d064:0x4680fc490xf47f28000x9f00af3f0xc000f897
0xa001d074:0x0f2cf1bc0xaf38f47f0x19a61c7d0x95001b76
0xa001d084:0xf7ff46300x2e00f9010xdd3846050xe001f897
0xa001d094:0x36011e710xf1be46420xf0010f7d0xbf1c0101
0xa001d0a4:0xe000f8800x0801f04f0x2302d04b0xd02342b3
0xa001d0b4:0x5cf9b1590x297db9b20xf805bf1a0xf1081008
0xa001d0c4:0x220108010x42b333010x5cf9d0160xf081b352
0xa001d0d4:0x220000200x0008f8050x0801f1080x5cf93301
0xa001d0e4:0xd0e82a000x220033010xf08142b30xf8050c20
0xa001d0f4:0xf108c0080xd1e808010xf47f2a000x4642aef5
0xa001d104:0x462998020xf0049b010xf1b0fb130xd01a3fff
0xa001d114:0x491746020xf00446200x4628fdf30xf9b4f006
0xa001d124:0xe6c820010xbf1a297d0x1008f8050x0801f108
0xa001d134:0xe7d322010xf7ff46200x2001fd110x4b0de6bb
0xa001d144:0x2201e7610x4620e7b10xfd08f7ff0xf0064628
0xa001d154:0x2001f99b0x4620e6af0x4631462b0xfd9af7ff
0xa001d164:0xf7ffe7160x4630fcfb0xf98ef0060xe6a22001
0xa001d174:0x587901000xb4a901000xe92d4b760x681a01f0
[ 0.000000] Virtual kernel memory layout:
[ 0.000000] vector : 0x00000000 - 0x00001000 ( 4 kB)
[ 0.000000] fixmap : 0xfff00000 - 0xfffe0000 ( 896 kB)
[ 0.000000] vmalloc : 0x00000000 - 0xffffffff (4095 MB)
[ 0.000000] lowmem : 0xa0000000 - 0xa0800000 ( 8 MB)
[ 0.000000] modules : 0xa0000000 - 0x01000000 (1552 MB)
[ 0.000000] .init : 0xa0008000 - 0xa00e4000 ( 880 kB)
[ 0.000000] .text : 0xa00e4000 - 0xa0197000 ( 716 kB)
[ 0.000000] .data : 0xa0198000 - 0xa01a7c80 ( 64 kB)
[ 4.700000] Freeing init memory: 880K
Any suggestions are welcome.