The RPMessage_getRemoteEndPtToken() function is used for looking up published end-points. If the function is invoked before any end-point is published, a taskWaiter element is used and added to a global queue that the RPMessage_ctrlMsgTask uses in the RPMessage_processAnnounceMsg() function to wake up the waiting thread.

The taskWaiter element is actually from the calling thread stack, and being added to a global queue using the stack variables as is. pOsalPrms->lockHIsrGate(module.gateSwi) used to disable interrupts is not protecting against SVC instructions, and causing a stack corruption.