Created By: zhaorong wu (4/8/2014 6:25 PM)
Hi xiansong:
thanks for your help, i will try to do it as you said.
Created By: Xiansong Shen (4/8/2014 12:59 AM)
Steps for loading dump manually,
system.cpu HEXAGONV5
system.up
cd dump path
do load.cmm
cd elf folder
d.load.elf M8x10BAAAANTZQ203007.elf /nocode /noclear
cd the floder of qurt_model.t32(\modem_proc\core\kernel\qurt\install\modemv5\debugger\T32)
menu.reset
task.config qurt_model.t32
menu.reprogram qurt_model.men
v.v %HEX (int)QURTK_flush_cache_status (int)QURT_system_state %OPEN.1 coredump QURT_error_info %OPEN.off %STRING qxdm_dbg_msg
Created By: Xiansong Shen (4/8/2014 12:36 AM)
We use internal tool, what's the error?
Created By: zhaorong wu (4/8/2014 12:23 AM)
Hi xiansong:
i follow this documents, but i can not load dump.
can you capture your whole process for me? many thanks!
Created By: Xiansong Shen (4/8/2014 12:10 AM)
Refer to 80-NC839-6 for modem dump loading. Thanks
Created By: Xiansong Shen (4/7/2014 10:18 PM)
As we talked, let put this stack corruption issue to monitor. Thanks
Created By: zhaorong wu (4/7/2014 6:23 PM)
Hi xiansong:
what's the next steps?
Created By: zhaorong wu (4/4/2014 1:46 AM)
Hi xiansong:
we just modify a little code at modem side, and i check more and more, i don't think the code we modify will case system crash.
Created By: zhaorong wu (4/3/2014 11:46 PM)
Hi xiansong:
for more dump. you can follow case:01492219.
Created By: Xiansong Shen (4/3/2014 11:24 PM)
0755 33960735
Created By: zhaorong wu (4/3/2014 10:54 PM)
Hi siqing and xiansong:
can you leave your phone number for more discussing?
Created By: zhaorong wu (4/3/2014 9:03 PM)
Hi xiansong:
i upload the file file we modify at wms module, you can search string "CONFIG_CALD01" for it.
we just modify for one file, please check.
my phone is 13480613219, any question you can call me.
Created By: Xiansong Shen (4/3/2014 8:22 PM)
For the "port_379 dump ", looks like the stack corrupt in the task "mc".
So, please review the code you added recently, doubt it has wild pointer.
Created By: Xiansong Shen (4/3/2014 8:08 PM)
Dear customer
Here is the issue, the stack of the pd_comms_wms_task was corrpted.
What did you added into this task? We can review related code.
Can you reproduce this issue? Maybe we can debug by set writable breakpoint.
qxdm_dbg_msg = "ExIPC: Exception recieved tid=6e inst=98008b0"
09F434A0 0B42C720 0000006E A8 0 SUSPENDED pdcommwms
018F001E Precise, Unrecoverable Program counter values that are not properly aligned.
SP 0B3780F8
FP 0B378148
LR 3 /// crash because LR is 3, not valid PC address
ELR 098008B0
SSR 018F001E
0B378128 09800370 time_get
0B378138 093E3058 msg_get_time
0B3781B8 097F6E88 diag_f3_trace_buffer_init
0B3781E8 093E3244 qsr_v3_int_msg_send_3
0B378298 08B1C8D8 pd_comms_wms_task /// didn't invoke the qsr_v3_int_msg_send_3, it invoke the os_DogHeartbeatReport
0B378348 097B9CEC TASK_ENTRY
0B378358 097C137C rex_os_thread_entry_func
Thanks
Created By: zhaorong wu (4/3/2014 7:54 PM)
Hi siqing:
i have uploaded about.xml and rex_signals.c files, please check, thanks!
Created By: Siqing Zhang (4/2/2014 11:55 PM)
what the modem project version do you use ? please give me the about.xml have a check
could you give me the rex_signals.c have a check
Created By: zhaorong wu (4/2/2014 11:19 PM)
这个我们不会动
Created By: Siqing Zhang (4/2/2014 11:07 PM)
hi
the call stack is
-000|time_genoff_get_pointer(
| ?)
| _xx_fmt = (0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x
| xx_msg_const = (desc = (line = 0x0, ss_id = 0x0, ss_mask = 0x0), fmt = 0x
-001|rex_os_set_sigs(
| ?,
| ?,
| p_ret_sigs = 0x3 = __assert_sink__+0x2 -> 0x0,
| sigs_array_limit = 0x1)
| _xx_fmt = (0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x
| xx_msg_const = (desc = (line = 0x0, ss_id = 0x0, ss_mask = 0x0), fmt = 0x
| _xx_fmt = (0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x
| xx_msg_const = (desc = (line = 0x0, ss_id = 0x0, ss_mask = 0x0), fmt = 0x
| _xx_fmt = (0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x
| xx_msg_const = (desc = (line = 0x0, ss_id = 0x0, ss_mask = 0x0), fmt = 0x
-002|rex_set_sigs(
| ?,
| set_sigs = 0x00010000)
| prev_sigs = 0x0
| _xx_fmt = (0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x
| xx_msg_const = (desc = (line = 0x0, ss_id = 0x0, ss_mask = 0x0), fmt = 0x
| _xx_fmt = (0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x
| xx_msg_const = (desc = (line = 0x0, ss_id = 0x0, ss_mask = 0x0), fmt = 0x
---|end of frame
i also can't find which function is called the time_genoff_get_pointer in the rex_os_set_sigs, do you chang somgthing in the rex_os_set_sigs
Created By: zhaorong wu (4/2/2014 8:54 PM)
but from the dump we can find the base is 0xAD02EE0 so it is wrong.
i will give you a attachment you can check.
any question you can tell me
-----这个还有上级的调用栈呢? 从哪个函数调入的,
请麻烦告之。谢谢。
Created By: zhaorong wu (4/1/2014 2:41 AM)
Hi Siqing:
i check the attachment, as you point out, if the value is wrong, i think maybe memory overflow can cause that.
but how to get the root case to fix it?
Created By: Siqing Zhang (3/31/2014 7:57 PM)
hi customer
about the dump Port_COM483,the result is the base is wrong ,you can check the function
time_genoff_ptr time_genoff_get_pointer
(
/* Time bases whose pointer needs to be returned */
time_bases_type base
)
{
/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
ASSERT( base < ATS_MAX ); ////// i suspect the base is wrong
return &(ats_bases[base]) ;
}
the base is time_bases_type ,and from the
typedef enum time_bases
{
ATS_RTC = 0, /**< Real time clock timebase.*/
ATS_TOD, /**< Proxy base for number of bases.*/
ATS_USER, /**< User timebase. */
ATS_SECURE, /**< Secure timebase. */
ATS_DRM, /**< Digital rights management timebase. */
ATS_USER_UTC, /**< Universal Time Coordinated user timebase. */
ATS_USER_TZ_DL, /**< Global time zone user timebase. */
ATS_GPS, /**< Base for GPS time. \n
@note1hang When ATS_GSTK is modified, changes are also
reflected on ATS_TOD. */
ATS_1X, /**< Base for 1X time. \n
@note1hang When ATS_1X is modified, changes are also
reflected on ATS_TOD. */
ATS_HDR, /**< Base for HDR time. \n
@note1hang When ATS_HDR is modified, changes are also
reflected on ATS_TOD. */
ATS_WCDMA, /**< Base for WCDMA time. \n
@note1hang When ATS_WCDMA is modified, changes are also
reflected on ATS_TOD. */
ATS_MFLO, /**< Base for MediaFLO time. \n
@note1hang When ATS_MFLO is modified, changes are also
reflected on ATS_TOD. */
ATS_3GPP, /**< LTE timebase. */
ATS_LTE_HR, /**< Base for storing LTE SIB16 Time. SIB16 has the same
granularity as 1x. It will also have TOD as a proxy base*/
ATS_PRIVATE = 0x1000000, /**< Holder for Private Bases that are declared
outside of generic time framework */
ATS_INVALID = 0x10000000
} time_bases_type;
#define ATS_MAX ( ATS_LTE_HR + 1 )
the ATS_LTE_HR=14 so ATS_MAX=15
but from the dump we can find the base is 0xAD02EE0 so it is wrong.
i will give you a attachment you can check.
any question you can tell me
thanks
Created By: zhaorong wu (3/30/2014 11:33 PM)
HI siqing:
for Port_COM483 dump, we donen't do anything, just open wifi hot function.
Created By: Siqing Zhang (3/30/2014 7:36 PM)
Hi customer
in the case 01490261 i find the dump 483 is add the debug information,please deleate this and have a try you can check below function ,i suspect the base is wrong
time_genoff_ptr time_genoff_get_pointer
(
/* Time bases whose pointer needs to be returned */
time_bases_type base
)
{
/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
ASSERT( base < ATS_MAX ); ////// i suspect the base is wrong
return &(ats_bases[base]) ;
}
Created By: Siqing Zhang (3/30/2014 7:28 PM)
Hi customer
about the Port_COM483 dump ,what do you do when it is crash ?
and how often this happend?
thanks
Created By: Siqing Zhang (3/30/2014 7:03 PM)
Hi customer
from the dump it is not the modem bsp issue .
you can work together with the case 01492219 owner to solve it
thanks
Created By: zhaorong wu (3/30/2014 6:35 PM)
Hi siqing:
if that, how to fix it?
Created By: Siqing Zhang (3/28/2014 1:38 AM)
Hi customer
in the port_379 dump
in the rlp_tx_get_next_frame
(
byte **frame_ptr, /* address of ptr for the TX frame */
boolean primary_frame, /* Primary channel yes/no indicator */
rlp_rate_enum_type allowed_rate /* required rate (for sig/sec. chans) */
)
the primary_frame is boolean only can be true or False ,but from the call stack it is 0x22
rlp_tx_get_next_frame(frame_ptr = 0x03E8 = EIPSIZE+0x28, primary_frame = 0x22, ?)
maybe it is the root cause
thanks
Created By: Siqing Zhang (3/28/2014 1:15 AM)
hi customer
these two dump are not the same
for port_379 dump
09F417E0 0B433640 00000057 9E 0 SUSPENDED mc /////// died in this task
died in this file mdrrlp.c in the rlp_tx_get_next_frame function
call stack is
rlp_tx_get_next_frame(frame_ptr = 0x03E8 = EIPSIZE+0x28, primary_frame = 0x22, ?)
send_handoff_complete_msg()
mcctcho_post_process_handoff()
tc_trans_done_rpt()
tc_tc()
cdma_tc()
mcc_subtask(?)
mc_cdma_prot_activate(?)
mc_process_cmd()
mc_task(?)
TASK_ENTRY(argv = 0x0B0E4BC8)
rex_get_errno_addr()
pthread_stub(?)
qurt_root_setup(?, stack_size = 0x0)
end of frame
seems it is a modem data issue
for Port_COM483 dump
tcbptrr______UGP_________threadID_______priority____ASID_____TNUM____state______Task_Name
09F434A0 0B42C720 0000006E A8 0 SUSPENDED pdcommwms //////this task
call stack
-000|time_genoff_get_pointer(
| ?)
| _xx_fmt = (0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x
| xx_msg_const = (desc = (line = 0x0, ss_id = 0x0, ss_mask = 0x0), fmt = 0x
-001|rex_os_set_sigs(
| ?,
| ?,
| p_ret_sigs = 0x3 = __assert_sink__+0x2 -> 0x0,
| sigs_array_limit = 0x1)
| _xx_fmt = (0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x
| xx_msg_const = (desc = (line = 0x0, ss_id = 0x0, ss_mask = 0x0), fmt = 0x
| _xx_fmt = (0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x
| xx_msg_const = (desc = (line = 0x0, ss_id = 0x0, ss_mask = 0x0), fmt = 0x
| _xx_fmt = (0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x
| xx_msg_const = (desc = (line = 0x0, ss_id = 0x0, ss_mask = 0x0), fmt = 0x
-002|rex_set_sigs(
| ?,
| set_sigs = 0x00010000)
| prev_sigs = 0x0
| _xx_fmt = (0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x
| xx_msg_const = (desc = (line = 0x0, ss_id = 0x0, ss_mask = 0x0), fmt = 0x
| _xx_fmt = (0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x
| xx_msg_const = (desc = (line = 0x0, ss_id = 0x0, ss_mask = 0x0), fmt = 0x
---|end of frame
died in the time_genoff.c in time_genoff_get_pointer function
Created By: Siqing Zhang (3/27/2014 10:29 PM)
hi customer
i will download the dump and analyse ,please wait a moment
thanks
////////////////////////////////////////////////////////////
debug trace32 cmm common/tools/cmm/common/msm8916/std_loadsim.cmm
Hi xiansong:
thanks for your help, i will try to do it as you said.
Created By: Xiansong Shen (4/8/2014 12:59 AM)
Steps for loading dump manually,
system.cpu HEXAGONV5
system.up
cd dump path
do load.cmm
cd elf folder
d.load.elf M8x10BAAAANTZQ203007.elf /nocode /noclear
cd the floder of qurt_model.t32(\modem_proc\core\kernel\qurt\install\modemv5\debugger\T32)
menu.reset
task.config qurt_model.t32
menu.reprogram qurt_model.men
v.v %HEX (int)QURTK_flush_cache_status (int)QURT_system_state %OPEN.1 coredump QURT_error_info %OPEN.off %STRING qxdm_dbg_msg
Created By: Xiansong Shen (4/8/2014 12:36 AM)
We use internal tool, what's the error?
Created By: zhaorong wu (4/8/2014 12:23 AM)
Hi xiansong:
i follow this documents, but i can not load dump.
can you capture your whole process for me? many thanks!
Created By: Xiansong Shen (4/8/2014 12:10 AM)
Refer to 80-NC839-6 for modem dump loading. Thanks
Created By: Xiansong Shen (4/7/2014 10:18 PM)
As we talked, let put this stack corruption issue to monitor. Thanks
Created By: zhaorong wu (4/7/2014 6:23 PM)
Hi xiansong:
what's the next steps?
Created By: zhaorong wu (4/4/2014 1:46 AM)
Hi xiansong:
we just modify a little code at modem side, and i check more and more, i don't think the code we modify will case system crash.
Created By: zhaorong wu (4/3/2014 11:46 PM)
Hi xiansong:
for more dump. you can follow case:01492219.
Created By: Xiansong Shen (4/3/2014 11:24 PM)
0755 33960735
Created By: zhaorong wu (4/3/2014 10:54 PM)
Hi siqing and xiansong:
can you leave your phone number for more discussing?
Created By: zhaorong wu (4/3/2014 9:03 PM)
Hi xiansong:
i upload the file file we modify at wms module, you can search string "CONFIG_CALD01" for it.
we just modify for one file, please check.
my phone is 13480613219, any question you can call me.
Created By: Xiansong Shen (4/3/2014 8:22 PM)
For the "port_379 dump ", looks like the stack corrupt in the task "mc".
So, please review the code you added recently, doubt it has wild pointer.
Created By: Xiansong Shen (4/3/2014 8:08 PM)
Dear customer
Here is the issue, the stack of the pd_comms_wms_task was corrpted.
What did you added into this task? We can review related code.
Can you reproduce this issue? Maybe we can debug by set writable breakpoint.
qxdm_dbg_msg = "ExIPC: Exception recieved tid=6e inst=98008b0"
09F434A0 0B42C720 0000006E A8 0 SUSPENDED pdcommwms
018F001E Precise, Unrecoverable Program counter values that are not properly aligned.
SP 0B3780F8
FP 0B378148
LR 3 /// crash because LR is 3, not valid PC address
ELR 098008B0
SSR 018F001E
0B378128 09800370 time_get
0B378138 093E3058 msg_get_time
0B3781B8 097F6E88 diag_f3_trace_buffer_init
0B3781E8 093E3244 qsr_v3_int_msg_send_3
0B378298 08B1C8D8 pd_comms_wms_task /// didn't invoke the qsr_v3_int_msg_send_3, it invoke the os_DogHeartbeatReport
0B378348 097B9CEC TASK_ENTRY
0B378358 097C137C rex_os_thread_entry_func
Thanks
Created By: zhaorong wu (4/3/2014 7:54 PM)
Hi siqing:
i have uploaded about.xml and rex_signals.c files, please check, thanks!
Created By: Siqing Zhang (4/2/2014 11:55 PM)
what the modem project version do you use ? please give me the about.xml have a check
could you give me the rex_signals.c have a check
Created By: zhaorong wu (4/2/2014 11:19 PM)
这个我们不会动
Created By: Siqing Zhang (4/2/2014 11:07 PM)
hi
the call stack is
-000|time_genoff_get_pointer(
| ?)
| _xx_fmt = (0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x
| xx_msg_const = (desc = (line = 0x0, ss_id = 0x0, ss_mask = 0x0), fmt = 0x
-001|rex_os_set_sigs(
| ?,
| ?,
| p_ret_sigs = 0x3 = __assert_sink__+0x2 -> 0x0,
| sigs_array_limit = 0x1)
| _xx_fmt = (0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x
| xx_msg_const = (desc = (line = 0x0, ss_id = 0x0, ss_mask = 0x0), fmt = 0x
| _xx_fmt = (0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x
| xx_msg_const = (desc = (line = 0x0, ss_id = 0x0, ss_mask = 0x0), fmt = 0x
| _xx_fmt = (0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x
| xx_msg_const = (desc = (line = 0x0, ss_id = 0x0, ss_mask = 0x0), fmt = 0x
-002|rex_set_sigs(
| ?,
| set_sigs = 0x00010000)
| prev_sigs = 0x0
| _xx_fmt = (0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x
| xx_msg_const = (desc = (line = 0x0, ss_id = 0x0, ss_mask = 0x0), fmt = 0x
| _xx_fmt = (0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x
| xx_msg_const = (desc = (line = 0x0, ss_id = 0x0, ss_mask = 0x0), fmt = 0x
---|end of frame
i also can't find which function is called the time_genoff_get_pointer in the rex_os_set_sigs, do you chang somgthing in the rex_os_set_sigs
Created By: zhaorong wu (4/2/2014 8:54 PM)
but from the dump we can find the base is 0xAD02EE0 so it is wrong.
i will give you a attachment you can check.
any question you can tell me
-----这个还有上级的调用栈呢? 从哪个函数调入的,
请麻烦告之。谢谢。
Created By: zhaorong wu (4/1/2014 2:41 AM)
Hi Siqing:
i check the attachment, as you point out, if the value is wrong, i think maybe memory overflow can cause that.
but how to get the root case to fix it?
Created By: Siqing Zhang (3/31/2014 7:57 PM)
hi customer
about the dump Port_COM483,the result is the base is wrong ,you can check the function
time_genoff_ptr time_genoff_get_pointer
(
/* Time bases whose pointer needs to be returned */
time_bases_type base
)
{
/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
ASSERT( base < ATS_MAX ); ////// i suspect the base is wrong
return &(ats_bases[base]) ;
}
the base is time_bases_type ,and from the
typedef enum time_bases
{
ATS_RTC = 0, /**< Real time clock timebase.*/
ATS_TOD, /**< Proxy base for number of bases.*/
ATS_USER, /**< User timebase. */
ATS_SECURE, /**< Secure timebase. */
ATS_DRM, /**< Digital rights management timebase. */
ATS_USER_UTC, /**< Universal Time Coordinated user timebase. */
ATS_USER_TZ_DL, /**< Global time zone user timebase. */
ATS_GPS, /**< Base for GPS time. \n
@note1hang When ATS_GSTK is modified, changes are also
reflected on ATS_TOD. */
ATS_1X, /**< Base for 1X time. \n
@note1hang When ATS_1X is modified, changes are also
reflected on ATS_TOD. */
ATS_HDR, /**< Base for HDR time. \n
@note1hang When ATS_HDR is modified, changes are also
reflected on ATS_TOD. */
ATS_WCDMA, /**< Base for WCDMA time. \n
@note1hang When ATS_WCDMA is modified, changes are also
reflected on ATS_TOD. */
ATS_MFLO, /**< Base for MediaFLO time. \n
@note1hang When ATS_MFLO is modified, changes are also
reflected on ATS_TOD. */
ATS_3GPP, /**< LTE timebase. */
ATS_LTE_HR, /**< Base for storing LTE SIB16 Time. SIB16 has the same
granularity as 1x. It will also have TOD as a proxy base*/
ATS_PRIVATE = 0x1000000, /**< Holder for Private Bases that are declared
outside of generic time framework */
ATS_INVALID = 0x10000000
} time_bases_type;
#define ATS_MAX ( ATS_LTE_HR + 1 )
the ATS_LTE_HR=14 so ATS_MAX=15
but from the dump we can find the base is 0xAD02EE0 so it is wrong.
i will give you a attachment you can check.
any question you can tell me
thanks
Created By: zhaorong wu (3/30/2014 11:33 PM)
HI siqing:
for Port_COM483 dump, we donen't do anything, just open wifi hot function.
Created By: Siqing Zhang (3/30/2014 7:36 PM)
Hi customer
in the case 01490261 i find the dump 483 is add the debug information,please deleate this and have a try you can check below function ,i suspect the base is wrong
time_genoff_ptr time_genoff_get_pointer
(
/* Time bases whose pointer needs to be returned */
time_bases_type base
)
{
/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
ASSERT( base < ATS_MAX ); ////// i suspect the base is wrong
return &(ats_bases[base]) ;
}
Created By: Siqing Zhang (3/30/2014 7:28 PM)
Hi customer
about the Port_COM483 dump ,what do you do when it is crash ?
and how often this happend?
thanks
Created By: Siqing Zhang (3/30/2014 7:03 PM)
Hi customer
from the dump it is not the modem bsp issue .
you can work together with the case 01492219 owner to solve it
thanks
Created By: zhaorong wu (3/30/2014 6:35 PM)
Hi siqing:
if that, how to fix it?
Created By: Siqing Zhang (3/28/2014 1:38 AM)
Hi customer
in the port_379 dump
in the rlp_tx_get_next_frame
(
byte **frame_ptr, /* address of ptr for the TX frame */
boolean primary_frame, /* Primary channel yes/no indicator */
rlp_rate_enum_type allowed_rate /* required rate (for sig/sec. chans) */
)
the primary_frame is boolean only can be true or False ,but from the call stack it is 0x22
rlp_tx_get_next_frame(frame_ptr = 0x03E8 = EIPSIZE+0x28, primary_frame = 0x22, ?)
maybe it is the root cause
thanks
Created By: Siqing Zhang (3/28/2014 1:15 AM)
hi customer
these two dump are not the same
for port_379 dump
09F417E0 0B433640 00000057 9E 0 SUSPENDED mc /////// died in this task
died in this file mdrrlp.c in the rlp_tx_get_next_frame function
call stack is
rlp_tx_get_next_frame(frame_ptr = 0x03E8 = EIPSIZE+0x28, primary_frame = 0x22, ?)
send_handoff_complete_msg()
mcctcho_post_process_handoff()
tc_trans_done_rpt()
tc_tc()
cdma_tc()
mcc_subtask(?)
mc_cdma_prot_activate(?)
mc_process_cmd()
mc_task(?)
TASK_ENTRY(argv = 0x0B0E4BC8)
rex_get_errno_addr()
pthread_stub(?)
qurt_root_setup(?, stack_size = 0x0)
end of frame
seems it is a modem data issue
for Port_COM483 dump
tcbptrr______UGP_________threadID_______priority____ASID_____TNUM____state______Task_Name
09F434A0 0B42C720 0000006E A8 0 SUSPENDED pdcommwms //////this task
call stack
-000|time_genoff_get_pointer(
| ?)
| _xx_fmt = (0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x
| xx_msg_const = (desc = (line = 0x0, ss_id = 0x0, ss_mask = 0x0), fmt = 0x
-001|rex_os_set_sigs(
| ?,
| ?,
| p_ret_sigs = 0x3 = __assert_sink__+0x2 -> 0x0,
| sigs_array_limit = 0x1)
| _xx_fmt = (0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x
| xx_msg_const = (desc = (line = 0x0, ss_id = 0x0, ss_mask = 0x0), fmt = 0x
| _xx_fmt = (0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x
| xx_msg_const = (desc = (line = 0x0, ss_id = 0x0, ss_mask = 0x0), fmt = 0x
| _xx_fmt = (0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x
| xx_msg_const = (desc = (line = 0x0, ss_id = 0x0, ss_mask = 0x0), fmt = 0x
-002|rex_set_sigs(
| ?,
| set_sigs = 0x00010000)
| prev_sigs = 0x0
| _xx_fmt = (0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x
| xx_msg_const = (desc = (line = 0x0, ss_id = 0x0, ss_mask = 0x0), fmt = 0x
| _xx_fmt = (0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x
| xx_msg_const = (desc = (line = 0x0, ss_id = 0x0, ss_mask = 0x0), fmt = 0x
---|end of frame
died in the time_genoff.c in time_genoff_get_pointer function
Created By: Siqing Zhang (3/27/2014 10:29 PM)
hi customer
i will download the dump and analyse ,please wait a moment
thanks
////////////////////////////////////////////////////////////
debug trace32 cmm common/tools/cmm/common/msm8916/std_loadsim.cmm