[#4022] Kernel will crash when execute "hcitool scan" sometimes

Document created by Aaronwu Employee on Aug 28, 2013
Version 1Show Document
  • View in full screen mode

[#4022] Kernel will crash when execute "hcitool scan" sometimes

Submitted By: Vivi Li

Open Date

2008-04-11 02:28:06     Close Date

2008-05-14 03:17:56

Priority:

Medium     Assignee:

Michael Hennerich

Status:

Closed     Fixed In Release:

N/A

Found In Release:

N/A     Release:

Category:

N/A     Board:

N/A

Processor:

N/A     Silicon Revision:

Is this bug repeatable?:

Yes     Resolution:

Fixed

Uboot version or rev.:

    Toolchain version or rev.:

08r1-rc8

App binary format:

N/A     

Summary: Kernel will crash when execute "hcitool scan" sometimes

Details:

 

Kernel will crash when execute "hcitool scan" sometimes, especially execute this command for two times.

 

Bellow is the log:

--

Linux version 2.6.24.4-ADI-2008R2-pre-svn4569 (test@Linux165-ViviLi) (gcc version 4.1.2 (ADI svn)) 8

Warning: limiting memory to 56MB due to hardware anomaly 05000263

Board Memory: 64MB

Kernel Managed Memory: 64MB

Memory map:

  fixedcode = 0x00000400-0x00000490

  text      = 0x00001000-0x001288a0

  rodata    = 0x001289e0-0x0017f790

  bss       = 0x0017f7a0-0x0018d684

  data      = 0x0018d684-0x001a2000

    stack   = 0x001a0000-0x001a2000

  init      = 0x001a2000-0x0052a000

  available = 0x0052a000-0x037ff000

  DMA Zone  = 0x03f00000-0x04000000

Hardware Trace Active and Enabled

Reset caused by Software reset

Blackfin support (C) 2004-2008 Analog Devices, Inc.

Compiled for ADSP-BF537 Rev 0.2

Blackfin Linux support by   blackfin.uclinux.org/

Processor Speed: 500 MHz core clock and 50 MHz System Clock

NOMPU: setting up cplb tables for global access

Instruction Cache Enabled

Data Cache Enabled (write-through)

Built 1 zonelists in Zone order, mobility grouping off.  Total pages: 14224

Kernel command line: root=/dev/mtdblock0 rw console=ttyBF0,57600 ip=10.100.4.50:10.100.4.174:10.100f

Configuring Blackfin Priority Driven Interrupts

PID hash table entries: 256 (order: 8, 1024 bytes)

console [ttyBF0] enabled

Dentry cache hash table entries: 8192 (order: 3, 32768 bytes)

Inode-cache hash table entries: 4096 (order: 2, 16384 bytes)

Memory available: 51472k/65536k RAM, (3616k init code, 1182k kernel code, 486k data, 1024k dma, 775)

Blackfin Scratchpad data SRAM: 4 KB

Blackfin Data A SRAM: 16 KB (15 KB free)

Blackfin Data B SRAM: 16 KB (16 KB free)

Blackfin Instruction SRAM: 48 KB (41 KB free)

Security Framework initialized

Mount-cache hash table entries: 512

net_namespace: 64 bytes

NET: Registered protocol family 16

Blackfin GPIO Controller

Blackfin DMA Controller

stamp_init(): registering device resources

usbcore: registered new interface driver usbfs

usbcore: registered new interface driver hub

usbcore: registered new device driver usb

Bluetooth: Core ver 2.11

NET: Registered protocol family 31

Bluetooth: HCI device and connection manager initialized

Bluetooth: HCI socket layer initialized

NET: Registered protocol family 2

IP route cache hash table entries: 1024 (order: 0, 4096 bytes)

TCP established hash table entries: 2048 (order: 2, 16384 bytes)

TCP bind hash table entries: 2048 (order: 1, 8192 bytes)

TCP: Hash tables configured (established 2048 bind 2048)

TCP reno registered

io scheduler noop registered

io scheduler anticipatory registered (default)

io scheduler cfq registered

Serial: Blackfin serial driver

bfin-uart.1: ttyBF0 at MMIO 0xffc00400 (irq = 18) is a BFIN-UART

RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize

bfin_mac_mdio: probed

bfin_mac: attached PHY driver [SMSC LAN83C185] (mii_bus:phy_addr=0:01, irq=-1, mdc_clk=2500000Hz(md)

bfin_mac bfin_mac.0: Blackfin on-chip Ethernet MAC driver, Version 1.1

bfin-spi bfin-spi.0: Blackfin BF5xx on-chip SPI Controller Driver, Version 1.0, regs_base@ffc00500,7

driver isp1362-hcd, 2005-04-04

isp1362-hcd isp1362-hcd.0: ISP1362 Host Controller

isp1362-hcd isp1362-hcd.0: new USB bus registered, assigned bus number 1

isp1362_hc_reset:

isp1362-hcd isp1362-hcd.0: irq 53, io mem 0x20360000

isp1362_hc_start:

isp1362-hcd isp1362-hcd.0: ISP1362 Memory usage:

isp1362-hcd isp1362-hcd.0:   ISTL:    2 *  256:      512 @ $0000:$0100

isp1362-hcd isp1362-hcd.0:   INTL:   16 * ( 64+8):  1152 @ $0200

isp1362-hcd isp1362-hcd.0:   ATL :   32 * ( 64+8):  2304 @ $0680

isp1362-hcd isp1362-hcd.0:   USED/FREE:   3968       128

usb usb1: configuration #1 chosen from 1 choice

hub 1-0:1.0: USB hub found

hub 1-0:1.0: 2 ports detected

ISP1362 Host Controller, irq 53

sl811: driver sl811-hcd, 19 May 2005

rtc-bfin rtc-bfin: rtc core: registered rtc-bfin as rtc0

bfin-wdt: initialized: timeout=20 sec (nowayout=0)

Bluetooth: HCI USB driver ver 2.9

usb 1-2: new full speed USB device using isp1362-hcd and address 2

usb 1-2: configuration #1 chosen from 1 choice

usbcore: registered new interface driver hci_usb

usbcore: registered new interface driver usbhid

drivers/hid/usbhid/hid-core.c: v2.6:USB HID core driver

TCP cubic registered

NET: Registered protocol family 1

NET: Registered protocol family 17

Bluetooth: L2CAP ver 2.9

Bluetooth: L2CAP socket layer initialized

Bluetooth: SCO (Voice Link) ver 0.5

Bluetooth: SCO socket layer initialized

Bluetooth: RFCOMM socket layer initialized

Bluetooth: RFCOMM TTY layer initialized

Bluetooth: RFCOMM ver 1.8

Bluetooth: BNEP (Ethernet Emulation) ver 1.2

Bluetooth: BNEP filters: protocol multicast

Bluetooth: HIDP (Human Interface Emulation) ver 1.2

rtc-bfin rtc-bfin: setting system clock to 1970-01-01 00:08:42 UTC (522)

IP-Config: Complete:

      device=eth0, addr=10.100.4.50, mask=255.255.255.0, gw=10.100.4.174,

     host=BF537, domain=, nis-domain=(none),

     bootserver=10.100.4.174, rootserver=10.100.4.174, rootpath=

Freeing unused kernel memory: 3616k freed

dma_alloc_init: dma_page @ 0x00527000 - 256 pages at 0x03f00000

                           _____________________________________

        a8888b.           / Welcome to the uClinux distribution \

       d888888b.         /       _     _                         \

       8P"YP"Y88        /       | |   |_|            __  __ (TM)  |

       8|o||o|88  _____/        | |    _ ____  _   _ \ \/ /       |

       8'    .88       \        | |   | |  _ \| | | | \  /        |

       8`._.' Y8.       \       | |__ | | | | | |_| | /  \        |

      d/      `8b.       \      \____||_|_| |_|\____|/_/\_\       |

     dP   .    Y8b.       \   For embedded processors including   |

    d8:'  "  `::88b        \    the Analog Devices Blackfin      /

   d8"         'Y88b        \___________________________________/

  :8P    '      :888

   8a.   :     _a88P         For further information, check out:

._/"Yaa_:   .| 88P|            -   blackfin.uclinux.org/

\    YP"    `| 8P  `.          -   docs.blackfin.uclinux.org/

/     \.___.d|    .'           -   www.uclinux.org/

`--..__)8888P`._.'  jgs/a:f    -   www.analog.com/blackfin

 

Have a lot of fun...

 

 

BusyBox v1.10.0 (2008-04-10 18:02:15 CST) built-in shell (msh)

Enter 'help' for a list of built-in commands.

 

root:/> PHY: 0:01 - Link is Up - 100/Full

hciconfig hci0 up

root:/> hciconfig

hci0:   Type: USB

        BD Address: 00:10:60:D0:8C:41 ACL MTU: 384:8 SCO MTU: 64:8

        UP RUNNING PSCAN ISCAN

        RX bytes:354 acl:0 sco:0 events:12 errors:0

        TX bytes:39 acl:0 sco:0 commands:11 errors:0

 

root:/>

root:/> hcitool scan

Scanning ...

        00:1D:28:26:3C:A1       W580c

        00:0F:DE:89:88:0B       P910c

        11:11:11:11:11:11       VLI-L01

root:/> hcitool scan

Scanning ...BUG: scheduling while atomic: hcitool/171/0x04010000

 

SEQUENCER STATUS:               Not tainted

SEQSTAT: 00000000  IPEND: 0002  SYSCFG: 0006

  HWERRCAUSE: 0x0

  EXCAUSE   : 0x0

RETE: <0x00000000> /* Maybe null pointer? */

RETN: <0x002c4000> /* unknown address */

RETX: <0x033ce924> [ /lib/libuClibc-0.9.29.so + 0xe924 ]

RETS: <0x0003bf58> { _do_readv_writev + 0xe4 }

PC  : <0x0005e9b8> { _inotify_inode_queue_event + 0x18 }

 

PROCESSOR STATE:

R0 : 00000000    R1 : 00000002    R2 : 00000000    R3 : 0051f96c

R4 : 00000003    R5 : 00000002    R6 : 00000001    R7 : 00000002

P0 : 00000000    P1 : 0051f914    P2 : 000000f0    P3 : 00301bd8

P4 : 00000092    P5 : 00291be4    FP : 00291cd4    SP : 002c3d34

LB0: ffa01856    LT0: ffa01856    LC0: 00000000

LB1: 000c408e    LT1: 000c408a    LC1: 00000000

B0 : 00000000    L0 : 00000000    M0 : 00000000    I0 : 00000002

B1 : 00000000    L1 : 00000000    M1 : 00000000    I1 : 00000000

B2 : 00000000    L2 : 00000000    M2 : 00000000    I2 : 00000000

B3 : 00000000    L3 : 00000000    M3 : 00000000    I3 : 00000000

A0.w: 0001f1a9   A0.x: 00000000   A1.w: 0000062d   A1.x: 00000000

USP : 002fe860  ASTAT: 02002020

 

 

NULL pointer access (probably)

Kernel OOPS in progress

Deferred Exception context

 

Double Fault

Kernel OOPS in progress

Deferred Exception context

 

No Valid process in current context

return address: [0x00003a7e]; contents of:

0x00003a50:  61f9  a0a8  5408  0808  186d  e140  0015  e100

0x00003a60:  4ed4  e300  51a1  3046  c682  0f98  4f6f  320f

0x00003a70:  6018  9109  5401  0c00  1007  0000  3211 [e410]

0x00003a80:  0030  0c00  1021  6d06  0127  e140  0015  e100

 

SEQUENCER STATUS:               Not tainted

SEQSTAT: 00060027  IPEND: ffa00856  SYSCFG: 0006

  HWERRCAUSE: 0x18

  EXCAUSE   : 0x27

  physical IVG6 asserted : <0xffa00d4c> { _evt_timer + 0x0 }

  physical IVG11 asserted : <0xffa00d94> { _evt_evt11 + 0x0 }

  logical irq   6 mapped  : <0xffa00364> { _timer_interrupt + 0x0 }

  logical irq  18 mapped  : <0x000953b0> { _bfin_serial_dma_rx_int + 0x0 }

  logical irq  19 mapped  : <0x00094ee8> { _bfin_serial_dma_tx_int + 0x0 }

  logical irq  24 mapped  : <0x0009e138> { _bfin_mac_interrupt + 0x0 }

  logical irq  53 mapped  : <0x000a6dd4> { _usb_hcd_irq + 0x0 }

RETE: <0x00000000> /* Maybe null pointer? */

RETN: <0x002bf418> [ klogd + 0x1f418 ]

RETX: <0x00003a7e> { _dump_bfin_process + 0x52 }

RETS: <0x00003a66> { _dump_bfin_process + 0x3a }

PC  : <0xffa00856> { _system_call + 0x22 }

DCPLB_FAULT_ADDR: <0x000000c0> /* Maybe null pointer? */

ICPLB_FAULT_ADDR: <0x00003a7e> { _dump_bfin_process + 0x52 }

 

PROCESSOR STATE:

R0 : 00000000    R1 : 00000000    R2 : 0000001f    R3 : 0000001f

R4 : 00299bd8    R5 : 0000100d    R6 : 00000003    R7 : 002be000

P0 : 0000000a    P1 : 002be000    P2 : 00000000    P3 : 00299bd8

P4 : ffe02014    P5 : 002bf4f4    FP : 002bf6b8    SP : 002bf33c

LB0: 033def0a    LT0: 033def0a    LC0: 00000000

LB1: 033dcf7b    LT1: 033dcf7a    LC1: 00000000

B0 : 00000000    L0 : 00000000    M0 : 00000000    I0 : 002bfd40

B1 : 00000000    L1 : 00000000    M1 : 00000000    I1 : 033f5918

B2 : 00000000    L2 : 00000000    M2 : 00000000    I2 : 00000000

B3 : 00000000    L3 : 00000000    M3 : 00000000    I3 : 00000000

A0.w: 00000000   A0.x: 00000000   A1.w: 00000000   A1.x: 00000000

USP : 002bfd7c  ASTAT: 02003025

 

Kernel panic - not syncing: Double Fault - unrecoverable event

 

--

 

Follow-ups

 

--- Mike Frysinger                                           2008-04-21 04:55:55

i dont really know anything about bluetooth, and this is a crash in kernel space

 

--- Robin Getz                                               2008-04-21 10:42:11

Before Michael takes a look at the hcitool issue, I need to fix the double

fault.

 

Vivi:

 

The 2nd fault (which causes the double fault), is a EXCAUSE == 27, which is a

double DCPLB fault (read or write from 0).

 

Can you run "addr2line -f -e ./vmlinux 0x3a7e" this should tell me

which line of C code is causing the read of 0?

 

Thanks

-Robin

 

--- Robin Getz                                               2008-04-21 10:51:50

I think I saw it, and added a new check on trunk (which I will put in the branch

as soon as Vivi lets me know it gets rid of the double fault problem).

 

-Robin

 

--- Vivi Li                                                  2008-04-22 02:21:21

Still gets double fault problem, bellow is the log:

 

--

root:/> hcitool scan

Scanning ...

BUG: scheduling while atomic: hcitool/169/0x04010000

 

SEQUENCER STATUS:               Not tainted

SEQSTAT: 00000000  IPEND: 0002  SYSCFG: 0006

  HWERRCAUSE: 0x0

  EXCAUSE   : 0x0

RETE: <0x00000000> /* Maybe null pointer? */

RETN: <0x037c8000> /* unknown address */

RETX: <0x00226dd4> [ hcitool + 0x6d94 ]

RETS: <0x0003c1a0> { _do_readv_writev + 0xe4 }

PC  : <0x0005ee80> { _inotify_inode_queue_event + 0xc }

 

PROCESSOR STATE:

R0 : 00000000    R1 : 00000002    R2 : 00000000    R3 : 033db474

R4 : 00000003    R5 : 0000000e    R6 : 00000001    R7 : 00000002

P0 : 00000000    P1 : 033db41c    P2 : 033db41c    P3 : 00231b2c

P4 : 00000092    P5 : 001f50a4    FP : 037c7e34    SP : 037c7d34

LB0: ffa01856    LT0: ffa01856    LC0: 00000000

LB1: 000c481a    LT1: 000c4816    LC1: 00000000

B0 : 00000000    L0 : 00000000    M0 : 00000000    I0 : 00000002

B1 : 00000000    L1 : 00000000    M1 : 00000000    I1 : 00000000

B2 : 00000000    L2 : 00000000    M2 : 00000000    I2 : 00000000

B3 : 00000000    L3 : 00000000    M3 : 00000000    I3 : 00000000

A0.w: 0001f1a9   A0.x: 00000000   A1.w: 0000062d   A1.x: 00000000

USP : 002319b8  ASTAT: 02002020

 

NULL pointer access (probably)

Kernel OOPS in progress

Deferred Exception context

 

No Valid process in current context

return address: [0xffa00856]; contents of:

0xffa00830:  0000  0010  e10a  2108  e14a  ffe0  0023  9110

0xffa00840:  b070  3107  b230  307e  e106  e000  e146  ffff

0xffa00850:  55f7  3217  9152 [e716] 0076  e127  0166  3070

0xffa00860:  08be  1382  307e  e106  e000  e146  ffff  55f7

 

SEQUENCER STATUS:               Not tainted

SEQSTAT: 00000027  IPEND: 8030  SYSCFG: 0006

  HWERRCAUSE: 0x0

  EXCAUSE   : 0x27

  physical IVG15 asserted : <0xffa00db8> { _evt_system_call + 0x0 }

  logical irq   6 mapped  : <0xffa00364> { _timer_interrupt + 0x0 }

  logical irq  18 mapped  : <0x00095a74> { _bfin_serial_dma_rx_int + 0x0

}

  logical irq  19 mapped  : <0x000955a8> { _bfin_serial_dma_tx_int + 0x0

}

  logical irq  24 mapped  : <0x0009e814> { _bfin_mac_interrupt + 0x0 }

  logical irq  53 mapped  : <0x000a74d4> { _usb_hcd_irq + 0x0 }

RETE: <0x00000000> /* Maybe null pointer? */

 

Double Fault

Kernel OOPS in progress

Deferred Exception context

 

No Valid process in current context

return address: [0x00003d08]; contents of:

0x00003ce0:  0012  e120  01bc  304c  5081  0c42  180c  0000

0x00003cf0:  e122  0100  a0d0  a091  b0f2  3056  6522  e302

0x00003d00:  38b3  3010  320c  914a [e512] 0027  0c42  1807

0x00003d10:  0000  0000  e411  001e  0a0f  142b  a069  e428

 

SEQUENCER STATUS:               Not tainted

SEQSTAT: 00060027  IPEND: ffa00856  SYSCFG: 0006

  HWERRCAUSE: 0x18

  EXCAUSE   : 0x27

  physical IVG6 asserted : <0xffa00d4c> { _evt_timer + 0x0 }

  physical IVG11 asserted : <0xffa00d94> { _evt_evt11 + 0x0 }

  logical irq   6 mapped  : <0xffa00364> { _timer_interrupt + 0x0 }

  logical irq  18 mapped  : <0x00095a74> { _bfin_serial_dma_rx_int + 0x0

}

  logical irq  19 mapped  : <0x000955a8> { _bfin_serial_dma_tx_int + 0x0

}

  logical irq  24 mapped  : <0x0009e814> { _bfin_mac_interrupt + 0x0 }

  logical irq  53 mapped  : <0x000a74d4> { _usb_hcd_irq + 0x0 }

RETE: <0x00000000> /* Maybe null pointer? */

RETN: <0x004e52f8> [ klogd + 0x652f8 ]

RETX: <0x00003d08> { _decode_address + 0x158 }

RETS: <0x00003bfe> { _decode_address + 0x4e }

PC  : <0xffa00856> { _system_call + 0x22 }

DCPLB_FAULT_ADDR: <0x0000009c> /* Maybe null pointer? */

ICPLB_FAULT_ADDR: <0x00003d08> { _decode_address + 0x158 }

 

PROCESSOR STATE:

R0 : 000001bc    R1 : 037d8080    R2 : 037d823c    R3 : 0000ffff

R4 : 004e4000    R5 : 0000100d    R6 : 00000001    R7 : 004e5720

P0 : 00196b50    P1 : 004e4000    P2 : 00000000    P3 : 005a2660

P4 : 037d8080    P5 : 0349e180    FP : 0018f154    SP : 004e521c

LB0: 0048c5e6    LT0: 0048c5e6    LC0: 00000000

LB1: 00084d4c    LT1: 00084d42    LC1: 00000000

B0 : 00000000    L0 : 00000000    M0 : 00000000    I0 : 004e54a0

B1 : 00000000    L1 : 00000000    M1 : 00000000    I1 : 00000000

B2 : 00000000    L2 : 00000000    M2 : 00000000    I2 : 0000001b

B3 : 00000000    L3 : 00000000    M3 : 00000000    I3 : 00000000

A0.w: 00000000   A0.x: 00000000   A1.w: 00000000   A1.x: 00000000

USP : 004e5eb8  ASTAT: 02002020

 

Kernel panic - not syncing: Double Fault - unrecoverable event

--

 

The result of run "addr2line -f -e ./vmlinux 0x3d08" is:

decode_address

/home/test/work/cruise/checkouts/uclinux-dist/linux-2.6.x/arch/blackfin/kernel/traps.c:142

 

 

--- Robin Getz                                               2008-04-22 10:15:08

Vivi - thanks.

 

Providing the addr2line of the kernel's ICPLB_FAULT_ADDR/RETX helps track down

the exact problem of the issue in minutes, and makes fixing it pretty painless.

We should try to do this in most of the bug kernel bug reports - I think it

would help alot.

 

I fixed the problem you found - Can you try it again and let me know where the

next problem is I'm sure there might be one or two more, as we don't really

run into problems where current is null very often, so we should take the time

to fix things while we have a reproducible test case.

 

Thanks again

 

Thanks.

 

--- Vivi Li                                                  2008-04-22 23:52:00

Yeah, this addr2line tool is quite convenient to use. And I can see no double

fault now.

 

Bellow is the log:

--

root:/> hciconfig hci0 up

root:/> hcitool scan

Scanning ...

BUG: scheduling while atomic: hcitool/169/0x04010000

 

SEQUENCER STATUS:               Not tainted

SEQSTAT: 00002000  IPEND: 0000  SYSCFG: 0006

  HWERRCAUSE: 0x0

  EXCAUSE   : 0x0

RETE: <0x00000000> /* Maybe null pointer? */

RETN: <0x00638000> /* unknown address */

RETX: <0x00a66dd4> [ hcitool + 0x6d94 ]

RETS: <0xffa008ba> { _system_call + 0x9a }

PC  : <0xffa013f0> { _schedule + 0x0 }

 

PROCESSOR STATE:

R0 : 00a66dd4    R1 : 00000000    R2 : 00000000    R3 : 001af7d8

R4 : 0000fffe    R5 : 00000003    R6 : ffffe000    R7 : 00000004

P0 : 00000000    P1 : 001af780    P2 : 000000f0    P3 : 00a71b2c

P4 : 00000092    P5 : 00636000    FP : 00a719c4    SP : 00637e3c

LB0: ffa01826    LT0: ffa01826    LC0: 00000000

LB1: 000c485a    LT1: 000c4856    LC1: 00000000

B0 : 00000000    L0 : 00000000    M0 : 00000000    I0 : 00000002

B1 : 00000000    L1 : 00000000    M1 : 00000000    I1 : 00000000

B2 : 00000000    L2 : 00000000    M2 : 00000000    I2 : 00000000

B3 : 00000000    L3 : 00000000    M3 : 00000000    I3 : 00000000

A0.w: 0001f1a9   A0.x: 00000000   A1.w: 0000062d   A1.x: 00000000

USP : 00a719b8  ASTAT: 02002020

 

NULL pointer access (probably)

Kernel OOPS in progress

Deferred Exception context

 

No Valid process in current context

return address: [0x00000480]; contents of:

0x00000460:  9101  5401  9300  0010  0000  0000  0000  0000

0x00000470:  9101  5801  9300  0010  0000  0000  0000  0000

0x00000480: [0000] 0000  0000  0000  00a4  0000  0000  0000

0x00000490:  0000  0000  0000  0000  0000  0000  0000  0000

 

SEQUENCER STATUS:               Not tainted

SEQSTAT: 00062027  IPEND: 8030  SYSCFG: 0006

  HWERRCAUSE: 0x18

  EXCAUSE   : 0x27

  physical IVG15 asserted : <0xffa00d88> { _evt_system_call + 0x0 }

  logical irq   6 mapped  : <0xffa00364> { _timer_interrupt + 0x0 }

  logical irq  18 mapped  : <0x00095ab4> { _bfin_serial_dma_rx_int + 0x0

}

  logical irq  19 mapped  : <0x000955d0> { _bfin_serial_dma_tx_int + 0x0

}

  logical irq  24 mapped  : <0x0009e854> { _bfin_mac_interrupt + 0x0 }

  logical irq  53 mapped  : <0x000a7514> { _usb_hcd_irq + 0x0 }

RETE: <0x00000000> /* Maybe null pointer? */

RETN: <0x00be5720> [ klogd vma:0xb80000-0xbe6000]

RETX: <0x00000480> /* Maybe fixed code section */

RETS: <0xffa00dec> { _evt_system_call + 0x64 }

PC  : <0xffa00842> { _system_call + 0x22 }

DCPLB_FAULT_ADDR: <0x000001d8> /* Maybe null pointer? */

ICPLB_FAULT_ADDR: <0xffa00842> { _system_call + 0x22 }

 

PROCESSOR STATE:

R0 : ffa00dec    R1 : 00be58b0    R2 : 00be5824    R3 : 00000008

R4 : 00b997bc    R5 : 00000002    R6 : ffffe000    R7 : 00be4000

P0 : 000000ae    P1 : 0000001f    P2 : 00000000    P3 : 00be5d68

P4 : 00be5df4    P5 : 00be58b0    FP : 00be5808    SP : 00be5644

LB0: 00b8c5e6    LT0: 00b8c5e6    LC0: 00000000

LB1: 00b8b5e5    LT1: 00b8b5e4    LC1: 00000000

B0 : 00000000    L0 : 00000000    M0 : 00000000    I0 : 00be5e78

B1 : 00000000    L1 : 00000000    M1 : 00000000    I1 : 00bdb228

B2 : 00000000    L2 : 00000000    M2 : 00000000    I2 : 00000000

B3 : 00000000    L3 : 00000000    M3 : 00000000    I3 : 00000000

A0.w: 00000000   A0.x: 00000000   A1.w: 00000000   A1.x: 00000000

USP : 00be5eb8  ASTAT: 02000000

 

Hardware Trace:

   0 Target : <0x000045b4> { _trap_c + 0x0 }

     Source : <0xffa006c6> { _exception_to_level5 + 0x9e }

   1 Target : <0xffa00628> { _exception_to_level5 + 0x0 }

     Source : <0xffa00582> { _ex_trap_c + 0x72 }

   2 Target : <0xffa00510> { _ex_trap_c + 0x0 }

     Source : <0xffa0039a> { _ex_workaround_261 + 0x22 }

   3 Target : <0xffa00378> { _ex_workaround_261 + 0x0 }

     Source : <0xffa00750> { _trap + 0x28 }

   4 Target : <0xffa00728> { _trap + 0x0 }

     Source : <0xffa004b2> { _bfin_return_from_exception + 0xe }

   5 Target : <0xffa004a4> { _bfin_return_from_exception + 0x0 }

     Source : <0xffa0038a> { _ex_workaround_261 + 0x12 }

   6 Target : <0xffa00378> { _ex_workaround_261 + 0x0 }

     Source : <0xffa00750> { _trap + 0x28 }

   7 Target : <0xffa00728> { _trap + 0x0 }

     Source : <0xffa00840> { _system_call + 0x20 }

   8 Target : <0xffa00820> { _system_call + 0x0 }

     Source : <0xffa00de8> { _evt_system_call + 0x60 }

   9 Target : <0xffa00d88> { _evt_system_call + 0x0 }

     Source : <0xffa00464> { _ex_syscall + 0x8 }

  10 Target : <0xffa0045c> { _ex_syscall + 0x0 }

     Source : <0xffa00750> { _trap + 0x28 }

  11 Target : <0xffa00728> { _trap + 0x0 }

     Source : <0x00b94f4c> [ klogd vma:0xb80000-0xbe6000]

  12 Target : <0x00b94f40> [ klogd vma:0xb80000-0xbe6000]

     Source : <0x00b920a4> [ klogd vma:0xb80000-0xbe6000]

  13 Target : <0x00b92080> [ klogd vma:0xb80000-0xbe6000]

     Source : <0x00b8c5f8> [ klogd vma:0xb80000-0xbe6000]

  14 Target : <0x00b8c5c0> [ klogd vma:0xb80000-0xbe6000]

     Source : <0x00b9207c> [ klogd vma:0xb80000-0xbe6000]

  15 Target : <0x00b92054> [ klogd vma:0xb80000-0xbe6000]

     Source : <0x00b88436> [ klogd vma:0xb80000-0xbe6000]

Stack from 00be5624:

        00000000 ffa006ca ffa00c2c 00be4000 0000ffff 00000000 00000000

00000000

        00000480 00008030 00062027 00000000 00be5720 00000480 ffa00842

ffa00dec

        ffa00dec 02000000 00b8b5e5 00b8c5e6 00b8b5e4 00b8c5e6 00000000

00000000

        00000000 00000000 00000000 00000000 00000000 00000000 00000000

00000000

        00000000 00000000 00000000 00000000 00000000 00000000 00000000

00000000

        00000000 00000000 00bdb228 00be5e78 00be5eb8 00be5808 00be58b0

00be5df4

 

Call Trace:

[<00008000>] _l1sram_proc_read+0x84/0x9c

[<00002000>] _get_sclk+0x10/0x58

[<00006666>] _module_frob_arch_sections+0x136/0x298

[<00004000>] _show_regs+0x224/0x368

[<001acaed>] _bfin_init_mmr_debugfs+0x1db1/0x7074

 

Modules linked in:

Kernel panic - not syncing: Kernel exception

--

 

--- Robin Getz                                               2008-04-23 16:30:00

Ok - since no more double faults (which were my fault), reassigning to Michael,

who can have a look at the Bluetooth problem.

 

-Robin

 

--- Michael Hennerich                                        2008-04-30 08:48:58

I can't reproduce this issue on my side.

Please attach config files.

 

-Michael

 

root:/> modprobe pehci

drivers/usb/host/pehcd/hal/hal_pxa.c: pid 8210, vid 8210

 

drivers/usb/host/pehcd/hal/hal_pxa.c: controller address 001ae3c8

 

drivers/usb/host/pehcd/hal/hal_pxa.c: isp1761_register_driver(drv=008fbdf0)

 

isp1761 isp1761.0: PHILIPS ISP1761

isp1761 isp1761.0: new USB bus registered, assigned bus number 1

isp1761 isp1761.0: irq 57, io mem 0x00000000

usb usb1: configuration #1 chosen from 1 choice

hub 1-0:1.0: USB hub found

hub 1-0:1.0: 1 port detected

drivers/usb/host/pehcd/hal/hal_pxa.c: Registered Driver Philips

drivers/usb/host/pehcd/host/pehci.c: Host Driver has been Registered

root:/> usb 1-1: new high speed USB device using isp1761 and address 2

usb 1-1: configuration #1 chosen from 1 choice

hub 1-1:1.0: USB hub found

hub 1-1:1.0: 3 ports detected

usb 1-1.2: new full speed USB device using isp1761 and address 3

usb 1-1.2: configuration #1 chosen from 1 choice

 

 

root:/> hciconfig

hci0:   Type: USB

        BD Address: 00:00:00:00:00:00 ACL MTU: 0:0 SCO MTU: 0:0

        DOWN

        RX bytes:0 acl:0 sco:0 events:0 errors:0

        TX bytes:0 acl:0 sco:0 commands:0 errors:0

 

root:/> hciconfig hcio up

root:/> hciconfig

hci0:   Type: USB

        BD Address: 00:10:60:D0:0E:B4 ACL MTU: 384:8 SCO MTU: 64:8

        UP RUNNING PSCAN ISCAN

        RX bytes:340 acl:0 sco:0 events:11 errors:0

        TX bytes:39 acl:0 sco:0 commands:11 errors:0

 

root:/> hcitool scan

Scanning ...

        00:16:41:09:6C:83       APELLKOF-L02

root:/> hcitool scan

Scanning ...

        00:16:41:09:6C:83       APELLKOF-L02

root:/> hcitool scan

Scanning ...

        00:16:41:09:6C:83       APELLKOF-L02

root:/> hcitool scan

Scanning ...

        00:16:41:09:6C:83       APELLKOF-L02

root:/> hcitool scan

Scanning ...

        00:16:41:09:6C:83       APELLKOF-L02

root:/> hcitool scan

Scanning ...

        00:16:41:09:6C:83       APELLKOF-L02

root:/> hcitool scan

Scanning ...

        00:16:41:09:6C:83       APELLKOF-L02

root:/> hcitool scan

Scanning ...

        00:16:41:09:6C:83       APELLKOF-L02

root:/> hcitool scan

Scanning ...

        00:16:41:09:6C:83       APELLKOF-L02

root:/> hcitool scan

Scanning ...

        00:16:41:09:6C:83       APELLKOF-L02

root:/> hcitool scan

Scanning ...

        00:16:41:09:6C:83       APELLKOF-L02

root:/> hcitool scan

Scanning ...

        00:16:41:09:6C:83       APELLKOF-L02

root:/> hcitool scan

Scanning ...

        00:16:41:09:6C:83       APELLKOF-L02

root:/> hcitool scan

Scanning ...

        00:16:41:09:6C:83       APELLKOF-L02

root:/> hcitool scan

Scanning ...

        00:16:41:09:6C:83       APELLKOF-L02

root:/> hcitool scan

Scanning ...

        00:16:41:09:6C:83       APELLKOF-L02

root:/> hcitool scan

Scanning ...

        00:16:41:09:6C:83       APELLKOF-L02

root:/> version

kernel:    Linux release 2.6.24.5-ADI-2008R2-pre-svn4686, build #6458 Wed Apr

30 14:38:14 CEST 2008

toolchain: bfin-uclinux-gcc release gcc version 4.1.2 (ADI svn)

user-dist: release svn-6612, build #2218 Wed Apr 30 14:37:46 CEST 2008

root:/>

 

--- Vivi Li                                                  2008-05-05 06:03:22

It seems more difficult to reproduce this bug now. I tried several times

myself.

I used isp1362 and BF537-STAMP v.2.1 here.

Kernel config and image is attached. Bellow is my latest test result.

 

--

isp1362-hcd isp1362-hcd.0: ISP1362 Host Controller

isp1362-hcd isp1362-hcd.0: new USB bus registered, assigned bus number 1

isp1362_hc_reset:

isp1362-hcd isp1362-hcd.0: irq 53, io mem 0x20360000

isp1362_hc_start:

isp1362-hcd isp1362-hcd.0: ISP1362 Memory usage:

isp1362-hcd isp1362-hcd.0:   ISTL:    2 *  256:      512 @ $0000:$0100

isp1362-hcd isp1362-hcd.0:   INTL:   16 * ( 64+8):  1152 @ $0200

isp1362-hcd isp1362-hcd.0:   ATL :   32 * ( 64+8):  2304 @ $0680

isp1362-hcd isp1362-hcd.0:   USED/FREE:   3968       128

usb usb1: configuration #1 chosen from 1 choice

hub 1-0:1.0: USB hub found

hub 1-0:1.0: 2 ports detected

ISP1362 Host Controller, irq 53

sl811: driver sl811-hcd, 19 May 2005

rtc-bfin rtc-bfin: rtc core: registered rtc-bfin as rtc0

bfin-wdt: initialized: timeout=20 sec (nowayout=0)

Bluetooth: HCI USB driver ver 2.9

usb 1-2: new full speed USB device using isp1362-hcd and address 2

usb 1-2: configuration #1 chosen from 1 choice

usbcore: registered new interface driver hci_usb

usbcore: registered new interface driver usbhid

drivers/hid/usbhid/hid-core.c: v2.6:USB HID core driver

TCP cubic registered

NET: Registered protocol family 1

NET: Registered protocol family 17

Bluetooth: L2CAP ver 2.9

Bluetooth: L2CAP socket layer initialized

Bluetooth: SCO (Voice Link) ver 0.5

Bluetooth: SCO socket layer initialized

Bluetooth: RFCOMM socket layer initialized

Bluetooth: RFCOMM TTY layer initialized

Bluetooth: RFCOMM ver 1.8

Bluetooth: BNEP (Ethernet Emulation) ver 1.2

Bluetooth: BNEP filters: protocol multicast

Bluetooth: HIDP (Human Interface Emulation) ver 1.2

 

 

root:/> hciconfig hci0

hci0:   Type: USB

        BD Address: 00:00:00:00:00:00 ACL MTU: 0:0 SCO MTU: 0:0

        DOWN

        RX bytes:0 acl:0 sco:0 events:0 errors:0

        TX bytes:0 acl:0 sco:0 commands:0 errors:0

 

root:/> hciconfig hci0 up

root:/> hciconfig hci0

hci0:   Type: USB

        BD Address: 00:10:60:D0:8C:41 ACL MTU: 384:8 SCO MTU: 64:8

        UP RUNNING PSCAN ISCAN

        RX bytes:354 acl:0 sco:0 events:12 errors:0

        TX bytes:39 acl:0 sco:0 commands:11 errors:0

 

root:/> hcitool scan

Scanning ...

        00:1D:98:A1:2B:AB       Nokia N81

root:/> hcitool scan

Scanning ...

        00:1D:98:A1:2B:AB       Nokia N81

root:/> hcitool scan

Scanning ...

        00:1D:98:A1:2B:AB       Nokia N81

root:/> hciconfig hci0

hci0:   Type: USB

        BD Address: 00:10:60:D0:8C:41 ACL MTU: 384:8 SCO MTU: 64:8

        UP RUNNING PSCAN ISCAN

        RX bytes:1195 acl:0 sco:0 events:24 errors:0

        TX bytes:94 acl:0 sco:0 commands:16 errors:0

 

root:/> hcitool scan

Scanning ...

        00:1D:98:A1:2B:AB       Nokia N81

root:/> hcitool scan

Scanning ...

        00:1D:98:A1:2B:AB       Nokia N81

root:/> hcitool scan

Scanning ..BUG: scheduling while atomic: hcitool/178/0x04010000

 

SEQUENCER STATUS:               Not tainted

SEQSTAT: 00000000  IPEND: 0002  SYSCFG: 0006

  HWERRCAUSE: 0x0

  EXCAUSE   : 0x0

RETE: <0x00000000> /* Maybe null pointer? */

RETN: <0x00490000> /* unknown address */

RETX: <0x004a6dd4> [ hcitool + 0x6d94 ]

RETS: <0x0003c1e4> { _do_readv_writev + 0xe4 }

PC  : <0x0005ee6c> { _inotify_inode_queue_event + 0x10 }

 

PROCESSOR STATE:

R0 : 00000000    R1 : 00000002    R2 : 00000000    R3 : 001bb18c

R4 : 00000003    R5 : 0000000e    R6 : 00000001    R7 : 00000002

P0 : 00000000    P1 : 001bb134    P2 : 000000f0    P3 : 004b1b2c

P4 : 00000092    P5 : 00482be4    FP : 0048fe34    SP : 0048fd34

LB0: ffa01836    LT0: ffa01836    LC0: 00000000

LB1: 000c47a6    LT1: 000c47a2    LC1: 00000000

B0 : 00000000    L0 : 00000000    M0 : 00000000    I0 : 00000002

B1 : 00000000    L1 : 00000000    M1 : 00000000    I1 : 00000000

B2 : 00000000    L2 : 00000000    M2 : 00000000    I2 : 00000000

B3 : 00000000    L3 : 00000000    M3 : 00000000    I3 : 00000000

A0.w: 0001f1a9   A0.x: 00000000   A1.w: 0000062d   A1.x: 00000000

USP : 004b19b8  ASTAT: 02002020

 

 

NULL pointer access (probably)

Kernel OOPS in progress

Deferred Exception context

 

No Valid process in current context

return address: [0xffa00852]; contents of:

0xffa00830:  e10a  2108  e14a  ffe0  0023  9110  b070  3107

0xffa00840:  b230  307e  e106  e000  e146  ffff  55f7  3217

0xffa00850:  9152 [e716] 0076  e127  0166  3070  08be  1382

0xffa00860:  307e  e106  e000  e146  ffff  55f7  3217  a097

 

SEQUENCER STATUS:               Not tainted

SEQSTAT: 00060027  IPEND: 8030  SYSCFG: 0006

  HWERRCAUSE: 0x18

  EXCAUSE   : 0x27

  physical IVG15 asserted : <0xffa00d98> { _evt_system_call + 0x0 }

  logical irq   6 mapped  : <0xffa00364> { _timer_interrupt + 0x0 }

  logical irq  18 mapped  : <0x00095648> { _bfin_serial_dma_rx_int + 0x0

}

  logical irq  19 mapped  : <0x000955b4> { _bfin_serial_dma_tx_int + 0x0

}

  logical irq  24 mapped  : <0x0009e790> { _bfin_mac_interrupt + 0x0 }

  logical irq  53 mapped  : <0x000a7450> { _usb_hcd_irq + 0x0 }

RETE: <0x00000000> /* Maybe null pointer? */

RETN: <0x00265720> [ klogd vma:0x200000-0x266000]

RETX: <0x00000480> /* Maybe fixed code section */

RETS: <0xffa00dfc> { _evt_system_call + 0x64 }

PC  : <0xffa00852> { _system_call + 0x22 }

DCPLB_FAULT_ADDR: <0x000001d8> /* Maybe null pointer? */

ICPLB_FAULT_ADDR: <0xffa00852> { _system_call + 0x22 }

 

PROCESSOR STATE:

R0 : ffa00dfc    R1 : 002658b0    R2 : 00265824    R3 : 00000008

R4 : 002197bc    R5 : 00000002    R6 : ffffe000    R7 : 00264000

P0 : 000000ae    P1 : 0000001f    P2 : 00000000    P3 : 00265d68

P4 : 00265df4    P5 : 002658b0    FP : 00265808    SP : 00265644

LB0: 0020c5e6    LT0: 0020c5e6    LC0: 00000000

LB1: 0020b5e5    LT1: 0020b5e4    LC1: 00000000

B0 : 00000000    L0 : 00000000    M0 : 00000000    I0 : 00265e78

B1 : 00000000    L1 : 00000000    M1 : 00000000    I1 : 0025b330

B2 : 00000000    L2 : 00000000    M2 : 00000000    I2 : 00000000

B3 : 00000000    L3 : 00000000    M3 : 00000000    I3 : 00000000

A0.w: 00000000   A0.x: 00000000   A1.w: 00000000   A1.x: 00000000

USP : 00265eb8  ASTAT: 02000000

 

Hardware Trace:

   0 Target : <0x000045bc> { _trap_c + 0x0 }

     Source : <0xffa006d8> { _exception_to_level5 + 0x9c }

   1 Target : <0xffa0063c> { _exception_to_level5 + 0x0 }

     Source : <0xffa00596> { _ex_trap_c + 0x72 }

   2 Target : <0xffa00524> { _ex_trap_c + 0x0 }

     Source : <0xffa0039a> { _ex_workaround_261 + 0x22 }

   3 Target : <0xffa00378> { _ex_workaround_261 + 0x0 }

     Source : <0xffa00760> { _trap + 0x28 }

   4 Target : <0xffa00738> { _trap + 0x0 }

     Source : <0xffa004c6> { _bfin_return_from_exception + 0xe }

   5 Target : <0xffa004b8> { _bfin_return_from_exception + 0x0 }

     Source : <0xffa0038a> { _ex_workaround_261 + 0x12 }

   6 Target : <0xffa00378> { _ex_workaround_261 + 0x0 }

     Source : <0xffa00760> { _trap + 0x28 }

   7 Target : <0xffa00738> { _trap + 0x0 }

     Source : <0xffa00850> { _system_call + 0x20 }

   8 Target : <0xffa00830> { _system_call + 0x0 }

     Source : <0xffa00df8> { _evt_system_call + 0x60 }

   9 Target : <0xffa00d98> { _evt_system_call + 0x0 }

     Source : <0xffa00464> { _ex_syscall + 0x8 }

  10 Target : <0xffa0045c> { _ex_syscall + 0x0 }

     Source : <0xffa00760> { _trap + 0x28 }

  11 Target : <0xffa00738> { _trap + 0x0 }

     Source : <0x00214f4c> [ klogd vma:0x200000-0x266000]

  12 Target : <0x00214f40> [ klogd vma:0x200000-0x266000]

     Source : <0x002120a4> [ klogd vma:0x200000-0x266000]

  13 Target : <0x00212080> [ klogd vma:0x200000-0x266000]

     Source : <0x0020c5f8> [ klogd vma:0x200000-0x266000]

  14 Target : <0x0020c5c0> [ klogd vma:0x200000-0x266000]

     Source : <0x0021207c> [ klogd vma:0x200000-0x266000]

  15 Target : <0x00212054> [ klogd vma:0x200000-0x266000]

     Source : <0x00208436> [ klogd vma:0x200000-0x266000]

Stack from 00265624:

        00000000 ffa006dc ffa00c3c 00264000 0000ffff 00000000 00000000

00000000

        00000480 00008030 00060027 00000000 00265720 00000480 ffa00852

ffa00dfc

        ffa00dfc 02000000 0020b5e5 0020c5e6 0020b5e4 0020c5e6 00000000

00000000

        00000000 00000000 00000000 00000000 00000000 00000000 00000000

00000000

        00000000 00000000 00000000 00000000 00000000 00000000 00000000

00000000

        00000000 00000000 0025b330 00265e78 00265eb8 00265808 002658b0

00265df4

 

Call Trace:

[<00008000>] _l1sram_proc_read+0x68/0x9c

[<00003830>] _do_signal+0xbe0/0xcbc

[<00004000>] _show_regs+0x20c/0x368

 

Modules linked in:

Kernel panic - not syncing: Kernel exception

 

--

 

root:/> version

kernel:    Linux release 2.6.24.5-ADI-2008R2-pre-svn4691, build #23 Sun May 4

05:26:24 CST 2008

toolchain: bfin-uclinux-gcc release gcc version 4.1.2 (ADI svn)

user-dist: release svn-6639, build #301 Sun May 4 05:25:32 CST 2008

--

 

--- Michael Hennerich                                        2008-05-13 12:28:15

Fixed.

Please try again.

-Michael

 

--- Vivi Li                                                  2008-05-14 03:17:55

I try it several times and it doesn't crash now. So close it.

 

 

 

    Files

    Changes

    Commits

    Dependencies

    Duplicates

    Associations

    Tags

 

File Name     File Type     File Size     Posted By

linux.bluetooth.tar.gz    application/x-gzip-compressed    5244948    Vivi Li

config.bluetooth    text/plain    32165    Vivi Li

Outcomes