2010-10-21 13:27:04     Kernel OOPS: NULL pointer access in bfin_mac.c

Document created by Aaronwu Employee on Aug 23, 2013
Version 1Show Document
  • View in full screen mode

2010-10-21 13:27:04     Kernel OOPS: NULL pointer access in bfin_mac.c

Andreas Schallenberg (GERMANY)

Message: 94814   

 

Background: I'm working on support for the DNP/5370 board

with the 2.6.28.10-ADI-2009R1.1 kernel.

 

For some reason I managed to cause a kernel OOPS during boot:

 

...

NULL pointer access

Kernel OOPS in progress

Deferred Exception context

CURRENT PROCESS:

COMM=swapper PID=1

CPU = 0

invalid mm

return address: [0x00199846]; contents of:

0x00199820:  e140  0014  e100  6b6c  e3f3  9904  6b6d  2141

0x00199830:  e12a  0380  5bd4  e50a  0032  e149  ffc0  e109

0x00199840:  0008  e73a  001d [bd94] 9508  4870  141f  950b

0x00199850:  4a73  9508  0803  181a  0032  e14a  ffc0  e10a

 

ADSP-BF537-0.3 600(MHz CCLK) 120(MHz SCLK) (mpu off)

Linux version 2.6.28.10-ADI-2009R1.1ASc-svn1213

Built with gcc version 4.1.2 (ADI svn)

 

SEQUENCER STATUS:               Not tainted

SEQSTAT: 00000027  IPEND: 8030  SYSCFG: 0006

  EXCAUSE   : 0x27

  interrupts disabled

  physical IVG5 asserted : <0xffa00bd4> { _evt_ivhw + 0x0 }

  physical IVG15 asserted : <0xffa00d24> { _evt_system_call + 0x0 }

  logical irq   6 mapped  : <0xffa00390> { _timer_interrupt + 0x0 }

RETE: <0x00000000> /* Maybe null pointer? */

RETN: <0x001edd54> /* kernel dynamic memory */

RETX: <0x00000480> /* Maybe fixed code section */

RETS: <0x00199716> { _bfin_mac_probe + 0x12 }

PC  : <0x00199846> { _bfin_mac_probe + 0x142 }

DCPLB_FAULT_ADDR: <0x00000018> /* Maybe null pointer? */

ICPLB_FAULT_ADDR: <0x00199846> { _bfin_mac_probe + 0x142 }

 

PROCESSOR STATE:

R0 : 21ad0802    R1 : 00003136    R2 : 00000031    R3 : 01a58176

R4 : 00000000    R5 : 00183054    R6 : 000000ac    R7 : 0017ced4

P0 : 01a58176    P1 : ffc00008    P2 : 00000000    P3 : 0017cedc

P4 : 01a58020    P5 : 01a58150    FP : 01a583a0    SP : 001edc78

LB0: ffa01308    LT0: ffa01308    LC0: 00000000

LB1: 00000000    LT1: 00000000    LC1: 00000000

B0 : 00000000    L0 : 00000000    M0 : 00000000    I0 : 00000000

B1 : 00000000    L1 : 00000000    M1 : 00000000    I1 : 01a57e74

B2 : 00000000    L2 : 00000000    M2 : 00000000    I2 : 00000000

B3 : 00000000    L3 : 00000000    M3 : 00000000    I3 : 00000000

A0.w: 00000000   A0.x: 00000000   A1.w: 00000000   A1.x: 00000000

USP : 00000000  ASTAT: 00001004

 

Hardware Trace:

   0 Target : <0x00004890> { _trap_c + 0x0 }

     Source : <0xffa00638> { _exception_to_level5 + 0xa4 } CALL pcrel

   1 Target : <0xffa00594> { _exception_to_level5 + 0x0 }

     Source : <0xffa00468> { _bfin_return_from_exception + 0x18 } RTX

   2 Target : <0xffa00450> { _bfin_return_from_exception + 0x0 }

     Source : <0xffa004f8> { _ex_trap_c + 0x6c } JUMP.S

   3 Target : <0xffa0048c> { _ex_trap_c + 0x0 }

     Source : <0xffa00704> { _trap + 0x58 } JUMP (P4)

   4 Target : <0xffa006ac> { _trap + 0x0 }

     Source : <0x00199842> { _bfin_mac_probe + 0x13e } 0xe73a

   5 Target : <0x00199830> { _bfin_mac_probe + 0x12c }

     Source : <0x0019980e> { _bfin_mac_probe + 0x10a } IF CC JUMP

   6 Target : <0x0019979e> { _bfin_mac_probe + 0x9a }

     Source : <0x00199782> { _bfin_mac_probe + 0x7e } IF !CC JUMP

   7 Target : <0x00199740> { _bfin_mac_probe + 0x3c }

     Source : <0x0019971e> { _bfin_mac_probe + 0x1a } IF CC JUMP

   8 Target : <0x00199716> { _bfin_mac_probe + 0x12 }

     Source : <0x000db876> { _alloc_etherdev_mq + 0x1e } RTS

   9 Target : <0x000db872> { _alloc_etherdev_mq + 0x1a }

     Source : <0x000d14ae> { _alloc_netdev_mq + 0x12a } RTS

  10 Target : <0x000d149e> { _alloc_netdev_mq + 0x11a }

     Source : <0x000d14a4> { _alloc_netdev_mq + 0x120 } IF CC JUMP

  11 Target : <0x000d149e> { _alloc_netdev_mq + 0x11a }

     Source : <0x000d14a4> { _alloc_netdev_mq + 0x120 } IF CC JUMP

  12 Target : <0x000d149e> { _alloc_netdev_mq + 0x11a }

     Source : <0x000d14a4> { _alloc_netdev_mq + 0x120 } IF CC JUMP

  13 Target : <0x000d149e> { _alloc_netdev_mq + 0x11a }

     Source : <0x000d14a4> { _alloc_netdev_mq + 0x120 } IF CC JUMP

  14 Target : <0x000d149e> { _alloc_netdev_mq + 0x11a }

     Source : <0x000d14a4> { _alloc_netdev_mq + 0x120 } IF CC JUMP

  15 Target : <0x000d149c> { _alloc_netdev_mq + 0x118 }

     Source : <0xffa0130a> { _memset + 0x42 } RTS

 

Kernel Stack

Stack info:

SP: [0x001edd50] <0x001edd50> /* kernel dynamic memory */

FP: (0x001edd74)

Memory from 0x001edd50 to 001ee000

001edd50:[00000006]<0006501c> 0017cedc  00183054  00000000  0017cf44  00183054  000010a9

001edd70: 001ede54 (001ede54)<000a690a> 0017cedc  00183054  001793cc  0017cf88  000000ac

001edd90: 00183054  00000000  00000000  00000000  00000001 <0010b8c0><000a69d4> 0017cedc

001eddb0: 00183054  00183054  0017cf88 <000a60c8> 000a698c  00182bcc <000a6198> 000a698c

001eddd0: 00182bcc  00000000  001edde8  01a57ee8 <0008eb20> 01a57ee8  01be2644  0017cf24

001eddf0:<000a6782> 01a57ee8  00000000  00000000  00000000  001ede28  001ede28 <000a6498>

001ede10: 000a698c <000a64b0> 00138bdc <000a6b42> 00161024  00135a38  00138b88 <000a6b42>

001ede30: 00161024  00196414  00183054  00000000  00000000  00000000 <00196424> 00161024

001ede50: 00196414 (00000000)<0000104a> 00161024  00196414  00000000  00000000  00000000

001ede70: 801edfa3  ffffffff  001edecc <0002c24c> 001eabc0  001887e8  00000000  00000065

001ede90: 000000d0  0000ffff  00000004  000200d0  00000000 <00033a66><00033a66> 00000001

001edeb0: 00000044  000080d0 <00033df0> 001a6f80  00180ac0  00180ac0  00000094  00000000

001eded0: 00000000  00000004  00000004 <00033c64> 00000000  ffffffff  001edf6c <0008df56>

001edef0:<0008e040> 01be1994  01be1998  0016e36c  00000000  000000d2  00000000  00000000

001edf10: 00000000  001edf18  01be18fc  00000000  0016e36c  000000d0  00000061  00000000

001edf30: 00008124  00000000 <0005fef6> 001fc0cc  001fc06c  00000000  001fc0cc  00004000

001edf50: 00000000  00000000  00000000 <0013b050><000600e0> 0018069c  0016d89c  000000d2

001edf70:<000600ee> 0018069c  0016d89c  0016d89c  001edfa4  7fffff00  00000001 <000272d2>

001edf90: 001edfa4  00000061  0019dd60  0000000e  001fc06c  00003739  00000000  00190000

001edfb0:<00027322> 0019dd60  0019dd60  00000061  0018069c <0018c384> 00000000  0019df2c

001edfd0: 0019dd60  00000000  00000000  00000000  00000000  00000000 <00001426> 00000000

001edff0: 00000000  00000000  ffffffff  00000006

Return addresses in stack:

    address : <0x0006501c> { _sysfs_create_link + 0xc }

   frame  1 : <0x000a690a> { _driver_probe_device + 0xc6 }

    address : <0x0010b8c0> { _klist_next + 0x2c }

    address : <0x000a69d4> { ___driver_attach + 0x48 }

    address : <0x000a60c8> { _next_device + 0x8 }

    address : <0x000a6198> { _bus_for_each_dev + 0x38 }

    address : <0x0008eb20> { _kobject_init_and_add + 0x20 }

    address : <0x000a6782> { _driver_attach + 0x1a }

    address : <0x000a6498> { _bus_add_driver + 0x64 }

    address : <0x000a64b0> { _bus_add_driver + 0x7c }

    address : <0x000a6b42> { _driver_register + 0x6a }

    address : <0x000a6b42> { _driver_register + 0x6a }

    address : <0x00196424> { _bfin_mac_init + 0x10 }

   frame  2 : <0x0000104a> { __stext + 0x4a }

    address : <0x0002c24c> { ___alloc_pages_internal + 0x80 }

    address : <0x00033a66> { _slob_page_alloc + 0x106 }

    address : <0x00033a66> { _slob_page_alloc + 0x106 }

    address : <0x00033df0> { _slob_alloc + 0x5c }

    address : <0x00033c64> { _slob_free + 0x128 }

    address : <0x0008df56> { _ida_get_new_above + 0x42 }

    address : <0x0008e040> { _ida_get_new_above + 0x12c }

    address : <0x0005fef6> { _proc_register + 0x2e }

    address : <0x0013b050> /* kernel dynamic memory */

    address : <0x000600e0> { _create_proc_entry + 0x5c }

    address : <0x000600ee> { _create_proc_entry + 0x6a }

    address : <0x000272d2> { _register_irq_proc + 0x66 }

    address : <0x00027322> { _init_irq_proc + 0x36 }

    address : <0x0018c384> { _kernel_init + 0x68 }

    address : <0x00001426> { _kernel_thread_helper + 0x6 }

Modules linked in:

Kernel panic - not syncing: Kernel exception

 

The access is done in bfin_mac.c, bfin_mac_probe() function:

 

...

lp->mii_bus->priv = ndev;

...

 

The following patch avoids the crash but does not solve the reason for it:

 

Index: linux-2.6.x/drivers/net/bfin_mac.c

===================================================================

--- linux-2.6.x/drivers/net/bfin_mac.c  (revision 1213)

+++ linux-2.6.x/drivers/net/bfin_mac.c  (working copy)

@@ -1061,6 +1061,12 @@

        }

        pd = pdev->dev.platform_data;

        lp->mii_bus = platform_get_drvdata(pd);

+

+        if (!lp->mii_bus) {

+               dev_err(&pdev->dev, "Cannot get mii_bus drv_data!\n");

+               rc = -ENODEV;

+               goto out_err_probe_mac;

+        }

        lp->mii_bus->priv = ndev;

 

        rc = mii_probe(ndev);

 

I assume that this is a mistake in my board configuration file. Here are some

parts of it (which I assume to be relevant).

 

#if defined(CONFIG_BFIN_MAC) || defined(CONFIG_BFIN_MAC_MODULE)

static struct platform_device bfin_mii_bus = {

    .name = "bfin_mii_bus",

};

 

static struct platform_device bfin_mac_device = {

    .name = "bfin_mac",

    .dev.platform_data = &bfin_mii_bus,

};

#endif

 

... skipped ...

 

#if defined(CONFIG_MTD_PHYSMAP) || defined(CONFIG_MTD_PHYSMAP_MODULE)

static struct mtd_partition nor_partitions[] = {

        {

                .name       = "bootloader(nor)",

                .size       = 0x30000,

                .offset     = 0,

        }, {

                .name       = "linux kernel and rootfs(nor)",

                .size       = 0x300000 - 0x30000 - 0x10000,

                .offset     = MTDPART_OFS_APPEND,

        }, {

                .name       = "MAC address(nor)",

                .size       = 0x10000,

                .offset     = MTDPART_OFS_APPEND,

                .mask_flags = MTD_WRITEABLE,

        }

};

 

static struct physmap_flash_data nor_flash_data = {

        .width      = 1,

        .parts      = nor_partitions,

        .nr_parts   = ARRAY_SIZE(nor_partitions),

};

 

static struct resource nor_flash_resource = {

        .start = 0x20000000,

        .end   = 0x202fffff,

        .flags = IORESOURCE_MEM,

};

 

static struct platform_device nor_flash_device = {

        .name          = "physmap-flash",

        .id            = 0,

        .dev = {

                .platform_data = &nor_flash_data,

        },

        .num_resources = 1,

        .resource      = &nor_flash_resource,

};

#endif

 

... skipped ...

 

static struct platform_device *dnp5370_devices[] __initdata = {

...skipped...

#if defined(CONFIG_BFIN_MAC) || defined(CONFIG_BFIN_MAC_MODULE)

        &bfin_mac_device,

#endif

...skipped...

#if defined(CONFIG_MTD_PHYSMAP) || defined(CONFIG_MTD_PHYSMAP_MODULE)

        &nor_flash_device,

#endif

...skipped...

 

static int __init dnp5370_init(void)

{

        printk(KERN_INFO "DNP/5370: registering device resources\n");

        platform_add_devices(dnp5370_devices, ARRAY_SIZE(dnp5370_devices));

#if defined(CONFIG_SPI_BFIN) || defined(CONFIG_SPI_BFIN_MODULE)

        spi_register_board_info(bfin_spi_board_info,ARRAY_SIZE(bfin_spi_board_info));

#endif

        {

            unsigned int mac[6];

            mac[0] = (*((const char*)(FLASH_MAC+0))) & 0xff;

            mac[1] = (*((const char*)(FLASH_MAC+1))) & 0xff;

            mac[2] = (*((const char*)(FLASH_MAC+2))) & 0xff;

            mac[3] = (*((const char*)(FLASH_MAC+3))) & 0xff;

            mac[4] = (*((const char*)(FLASH_MAC+4))) & 0xff;

            mac[5] = (*((const char*)(FLASH_MAC+5))) & 0xff;

            printk(KERN_INFO "DNP/5370: MAC %02x:%02x:%02x:%02x:%02x:%02x\n",

                 mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]);

        }

        return 0;

}

 

... skipped...

 

/*

* Currently the MAC address is saved in Flash by U-Boot

*/

void bfin_get_ether_addr(char *addr)

{

    *(u32 *)(&(addr[0])) = bfin_read32(FLASH_MAC);

    *(u16 *)(&(addr[4])) = bfin_read16(FLASH_MAC + 4);

}

EXPORT_SYMBOL(bfin_get_ether_addr);

 

Am I correct that there is some information about the MII missing?

 

Note, that the dnp5370_init() function is able to print the correct

MAC address on the console. The MAC address is stored in the NOR flash.

TranslateQuoteReplyEditDelete

 

 

2010-10-21 14:54:57     Re: Kernel OOPS: NULL pointer access in bfin_mac.c

Mike Frysinger (UNITED STATES)

Message: 94817   

 

you need proper platform resources declared in your boards file.  consult the bf537-stamp board as an example.

QuoteReplyEditDelete

 

 

2010-10-22 03:54:58     Re: Kernel OOPS: NULL pointer access in bfin_mac.c (solved)

Andreas Schallenberg (GERMANY)

Message: 94866   

 

Thank you, one line in the dnp5370.c was missing:

 

static struct platform_device *dnp5370_devices[] __initdata = {

#if defined(CONFIG_BFIN_CFPCMCIA) || defined(CONFIG_BFIN_CFPCMCIA_MODULE)

        &bfin_pcmcia_cf_device,

#endif

 

#if defined(CONFIG_BFIN_MAC) || defined(CONFIG_BFIN_MAC_MODULE)

        &bfin_mii_bus,  // <------- here

        &bfin_mac_device,

#endif

...

Attachments

    Outcomes