FAQ:[#5949] Sometimes kernel panics when transfer data between gadget serial and host pc(2010)

Document created by Aaronwu Employee on Sep 10, 2013
Version 1Show Document
  • View in full screen mode

[#5949] Sometimes kernel panics when transfer data between gadget serial and host pc

Submitted By: Vivi Li

Open Date

2010-03-05 06:17:31    

Priority:

Medium     Assignee:

Bob Liu

Status:

Open     Fixed In Release:

N/A

Found In Release:

2010R1     Release:

Category:

N/A     Board:

N/A

Processor:

BF526     Silicon Revision:

Is this bug repeatable?:

Yes     Resolution:

Assigned (Not Start)

Uboot version or rev.:

    Toolchain version or rev.:

gcc4.3-2010_Jan_22

App binary format:

N/A     

Summary: Sometimes kernel panics when transfer data between gadget serial and host pc

Details:

 

Sometimes kernel panics when transfer data between gadget serial and host pc.

 

On target:

--

root:/> modprobe g_serial use_acm=1

g_serial gadget: Gadget Serial v2.4

g_serial gadget: g_serial ready

g_serial gadget: high speed config #2: CDC ACM config

root:/> dmesg|tail

dma_alloc_init: dma_page @ 0x02520000 - 512 pages at 0x03e00000

IP-Config: Complete:

     device=eth0, addr=10.100.4.50, mask=255.255.255.0, gw=10.100.4.174,

     host=bf526-ezbrd, domain=, nis-domain=(none),

     bootserver=10.100.4.174, rootserver=10.100.4.174, rootpath=

Freeing unused kernel memory: 3464k freed

PHY: 0:01 - Link is Up - 100/Full

g_serial gadget: Gadget Serial v2.4

g_serial gadget: g_serial ready

g_serial gadget: high speed config #2: CDC ACM config

root:/>

--

 

On host:

--

uclinux63-527-usbdev:..testsuites/usbdev # stty -F /dev/ttyACM0 -icrnl

uclinux63-527-usbdev:..testsuites/usbdev # cat /dev/ttyACM0 > host_file

--

 

On target:

--

ls /dev/tty*

/dev/tty   /dev/ttyBF1   /dev/ttyGS0

root:/> cat /proc/kallsyms > test_file

root:/> cat test_file > /dev/ttyGS0

NULL pointer access

Kernel OOPS in progress

Deferred Exception context

CURRENT PROCESS:

COMM=events/0 PID=5 CPU=0

invalid mm

return address: [0x020781ca]; contents of:

0x020781a0:  0010  ad9a  6c66  3006  b057  bdaa  b1ed  b19f

0x020781b0:  9077  0127  05a3  0010  3210  0578  0167  6fa6

0x020781c0:  e512  0041  0037  61f8  0040 [9110] 0c00  1822

0x020781d0:  0000  0000  0000  e411  0011  e410  0013  5008

 

ADSP-BF526-0.2 400(MHz CCLK) 80(MHz SCLK) (mpu off)

Linux version 2.6.32.9-ADI-2010R1-pre-svn8361 (test@uclinux63-527-usbdev) (gcc version 4.3.4 (ADI-trunk/svn-3815) ) #347 Thu Mar 4 13:14:51 CST 2010

 

SEQUENCER STATUS:               Not tainted

SEQSTAT: 00002027  IPEND: 8008  IMASK: 003f  SYSCFG: 0006

  Peripheral interrupts masked off

  Kernel interrupts masked off

  EXCAUSE   : 0x27

  physical IVG3 asserted : <0xffa006c0> { _trap + 0x0 }

  physical IVG15 asserted : <0xffa00efc> { _evt_system_call + 0x0 }

  logical irq   6 mapped  : <0xffa00358> { _bfin_coretmr_interrupt + 0x0 }

  logical irq  21 mapped  : <0x000d8280> { _bfin_rtc_interrupt + 0x0 }

  logical irq  27 mapped  : <0x000da488> { _bfin_twi_interrupt_entry + 0x0 }

  logical irq  31 mapped  : <0x0009fd40> { _bfin_serial_dma_rx_int + 0x0 }

  logical irq  32 mapped  : <0x0009fab4> { _bfin_serial_dma_tx_int + 0x0 }

  logical irq  35 mapped  : <0x000bff48> { _bfin_mac_interrupt + 0x0 }

  logical irq  59 mapped  : <0x000d3e00> { _blackfin_interrupt + 0x0 }

RETE: <0x00000000> /* Maybe null pointer? */

RETN: <0x02027dd8> /* kernel dynamic memory (maybe user-space) */

RETX: <0x00000480> /* Maybe fixed code section */

RETS: <0x000979b4> { _process_echoes + 0x40 }

PC  : <0x020781ca> { :g_serial:_usb_function_activate + 0x16e }

DCPLB_FAULT_ADDR: <0x00000000> /* Maybe null pointer? */

ICPLB_FAULT_ADDR: <0x020781ca> { :g_serial:_usb_function_activate + 0x16e }

PROCESSOR STATE:

R0 : 0000003f    R1 : ffffffc0    R2 : 00000000    R3 : 00000000

R4 : 00000000    R5 : 0000005e    R6 : 00000000    R7 : 0000ffff

P0 : ffa00928    P1 : 02832c00    P2 : 00000000    P3 : 0283e4f5

P4 : 02832c00    P5 : 0283e5f6    FP : 02027e04    SP : 02027cfc

LB0: 0008c9e8    LT0: 0008c9e6    LC0: 00000000

LB1: 00008dc6    LT1: 00008dc6    LC1: 00000000

B0 : 00000001    L0 : 00000000    M0 : 00000004    I0 : 001a19a8

B1 : 00000000    L1 : 00000000    M1 : 00000001    I1 : 00000000

B2 : 025e26e3    L2 : 00000000    M2 : 00000000    I2 : 027e2ea4

B3 : 00000000    L3 : 00000000    M3 : 00000000    I3 : 00000000

A0.w: 00000004   A0.x: 00000000   A1.w: 00000004   A1.x: 00000000

USP : 00000000  ASTAT: 02003005

Hardware Trace:

   0 Target : <0x0000517c> { _trap_c + 0x0 }

     Source : <0xffa00654> { _exception_to_level5 + 0xa4 } CALL pcrel

   1 Target : <0xffa005b0> { _exception_to_level5 + 0x0 }

     Source : <0xffa00464> { _bfin_return_from_exception + 0x18 } RTX

   2 Target : <0xffa0044c> { _bfin_return_from_exception + 0x0 }

     Source : <0xffa00508> { _ex_trap_c + 0x74 } JUMP.S

   3 Target : <0xffa00494> { _ex_trap_c + 0x0 }

     Source : <0xffa0071a> { _trap + 0x5a } JUMP (P4)

   4 Target : <0xffa006c0> { _trap + 0x0 }

     Source : <0x020781c8> { :g_serial:_usb_function_activate + 0x16c } STI R0

   5 Target : <0x020781b8> { :g_serial:_usb_function_activate + 0x15c }

     Source : <0x00099766> { _tty_write_room + 0xa } JUMP (P2)

   6 Target : <0x0009975c> { _tty_write_room + 0x0 }

     Source : <0x000979b0> { _process_echoes + 0x3c } CALL pcrel

   7 Target : <0x000979ae> { _process_echoes + 0x3a }

     Source : <0x0012a9fe> { _mutex_lock + 0x36 } RTS

   8 Target : <0x0012a9d4> { _mutex_lock + 0xc }

     Source : <0x0012a0e0> { __cond_resched + 0x20 } RTS

   9 Target : <0x0012a0da> { __cond_resched + 0x1a }

     Source : <0x0012a0d2> { __cond_resched + 0x12 } IF CC JUMP

  10 Target : <0x0012a0c0> { __cond_resched + 0x0 }

     Source : <0x0012a9d0> { _mutex_lock + 0x8 } CALL pcrel

  11 Target : <0x0012a9c8> { _mutex_lock + 0x0 }

     Source : <0x000979aa> { _process_echoes + 0x36 } CALL pcrel

  12 Target : <0x0009799e> { _process_echoes + 0x2a }

     Source : <0x0012a9fe> { _mutex_lock + 0x36 } RTS

  13 Target : <0x0012a9d4> { _mutex_lock + 0xc }

     Source : <0x0012a0e0> { __cond_resched + 0x20 } RTS

  14 Target : <0x0012a0da> { __cond_resched + 0x1a }

     Source : <0x0012a0d2> { __cond_resched + 0x12 } IF CC JUMP

  15 Target : <0x0012a0c0> { __cond_resched + 0x0 }

     Source : <0x0012a9d0> { _mutex_lock + 0x8 } CALL pcrel

Kernel Stack

Stack info:

SP: [0x02027d64] <0x02027d64> /* kernel dynamic memory (maybe user-space) */

FP: (0x02027f74)

Memory from 0x02027d60 to 02028000

02027d60: 00000000 [00000000] 00000000  00000000  00000000  00000001  00000004  00000000

02027d80: 027e2ea4  00000000  001a19a8  00000000  02027e04  0283e5f6  02832c00  0283e4f5

02027da0: 00000000  02832c00  ffa00928  0000ffff  00000000  0000005e  00000000  00000000

02027dc0: 00000000  ffffffc0  0000003f  0000003f  ffa00928  00000006 <0012a0e6> 02832f8c

02027de0: 0000005e <000979b4> 00000001  ffffffc0  02832ce8 <0012a9d4> 02832f80  02832f8c

02027e00: 02832c00  02832ce8 <00098ff4> 0283e5f6  02832c00  0283e4f5  00000001  00000000

02027e20: 0000005e  00000000  02058000  02783606  0009b344 <0009b18c> 00000006  02832ca0

02027e40: 02832d50  02832c84  02832d20  0008cadc  00000000  00000000  00000004  00000000

02027e60: 00000004  00000000  00000000  025e26e3  00000000  00000001  00000000  00000000

02027e80: 00000000  00000000  00000000  00000000  00000001  00000004  00000000  027e2ea4

02027ea0: 0283538c  001a19a8  00000000  001a19a8  02832c00  02832c84  02527c80  0283e400

02027ec0: 02527c80  0283e5f6  0283e51c  0000ffff  001a19a8 <0009b352> 02832c00  02832c84

02027ee0: 02527c80  0283e51c  0000ffff  0000003f  ffffffc0  00000001  00000000  02838c00

02027f00: 00000001  02507558 <0207965a> 001a19a8  02507540  02832c00  00000001  02507560

02027f20: 00000000  00000001  0000ffff  0000ffff  ffa00928  00000006  02832c84  02018100

02027f40: 001a19a8 <0001c794> 0250756c  02001a60  020794f0  02026000  00000000  0000003f

02027f60: ffffffc0  0250756c  02026008  02026000  02026000 (00000000)<0001c842> 02001a60

02027f80: 0001c808  00000000  02001a68  02027fa4  00000000  00000000  02026008  02026000

02027fa0: 02026000  00000000  02018040  0001f62c  02027fb0  02027fb0 <0001f2ae> 0201bf3c

02027fc0: 02001a60  00000000  00000000  0001f254  00001500  00000000  00000000  02027fdc

02027fe0: 02027fdc <00001506> 00000000  00000000  00000000  00000000  ffffffff  00000006

Return addresses in stack:

    address : <0x0012a0e6> { __cond_resched + 0x26 }

    address : <0x000979b4> { _process_echoes + 0x40 }

    address : <0x0012a9d4> { _mutex_lock + 0xc }

    address : <0x00098ff4> { _n_tty_receive_buf + 0x280 }

    address : <0x0009b18c> { _flush_to_ldisc + 0x14 }

    address : <0x0009b352> { _flush_to_ldisc + 0x1da }

    address : <0x0207965a> { :g_serial:_gserial_connect + 0x5a6 }

    address : <0x0001c794> { _run_workqueue + 0x90 }

   frame  1 : <0x0001c842> { _worker_thread + 0x3a }

    address : <0x0001f2ae> { _kthread + 0x5a }

    address : <0x00001506> { _kernel_thread_helper + 0x6 }

Modules linked in: g_serial

Kernel panic - not syncing: Kernel exception

...

--

 

Follow-ups

 

--- Vivi Li                                                  2010-04-22 00:32:46

Also it may fail like this:

 

On host:

--

uclinux63-527-usbdev:..testsuites/usbdev # stty -F /dev/ttyUSB0 -icrnl

uclinux63-527-usbdev:..testsuites/usbdev # cat /dev/ttyUSB0 > host_file

--

 

On target:

--

root:/> cat /proc/kallsyms > test_file

cat test_file > /dev/ttyGS0^M

irq 85: nobody cared (try booting with the "irqpoll" option)^M

Hardware Trace:^M

   0 Target : <0x0019d800> { _dump_stack + 0x0 }^M

     Source : <0x0002f5d4> { ___report_bad_irq + 0x1c } CALL pcrel^M

   1 Target : <0x0002f5d4> { ___report_bad_irq + 0x1c }^M

     Source : <0x0002f630> { ___report_bad_irq + 0x78 } JUMP.S^M

   2 Target : <0x0002f630> { ___report_bad_irq + 0x78 }^M

     Source : <0x0019d98c> { _printk + 0x14 } RTS^M

   3 Target : <0x0019d988> { _printk + 0x10 }^M

     Source : <0x00010fae> { _vprintk + 0x16a } RTS^M

   4 Target : <0x00010fa2> { _vprintk + 0x15e }^M

     Source : <0x00010f94> { _vprintk + 0x150 } IF CC JUMP pcrel ^M

   5 Target : <0x00010f8c> { _vprintk + 0x148 }^M

     Source : <0x000110d2> { _vprintk + 0x28e } JUMP.S^M

   6 Target : <0x000110d2> { _vprintk + 0x28e }^M

     Source : <0x00010bc6> { _release_console_sem + 0x1be } RTS^M

   7 Target : <0x00010ba0> { _release_console_sem + 0x198 }^M

     Source : <0x00010b92> { _release_console_sem + 0x18a } IF CC JUMP

pcrel (BP)^M

   8 Target : <0x00010b8a> { _release_console_sem + 0x182 }^M

     Source : <0x000232fa> { _up + 0x3e } RTS^M

   9 Target : <0x000232f4> { _up + 0x38 }^M

     Source : <0x000232e6> { _up + 0x2a } IF CC JUMP pcrel (BP)^M

  10 Target : <0x000232bc> { _up + 0x0 }^M

     Source : <0x00010b86> { _release_console_sem + 0x17e } CALL pcrel^M

  11 Target : <0x00010b72> { _release_console_sem + 0x16a }^M

     Source : <0x00010a6a> { _release_console_sem + 0x62 } IF CC JUMP

pcrel ^M

  12 Target : <0x00010a4a> { _release_console_sem + 0x42 }^M

     Source : <0x00010a9c> { _release_console_sem + 0x94 } IF CC JUMP

pcrel (BP)^M

  13 Target : <0x00010a92> { _release_console_sem + 0x8a }^M

     Source : <0x000105fe> { __call_console_drivers + 0x62 } RTS^M

  14 Target : <0x000105f8> { __call_console_drivers + 0x5c }^M

     Source : <0x000105d2> { __call_console_drivers + 0x36 } IF CC JUMP

pcrel ^M

  15 Target : <0x000105c2> { __call_console_drivers + 0x26 }^M

     Source : <0x000105b2> { __call_console_drivers + 0x16 } IF !CC JUMP

pcrel (BP)^M

Stack info:^M

SP: [0x02027c7c] <0x02027c7c> /* kernel dynamic memory */^M

Memory from 0x02027c70 to 02028000^M

02027c70: 02027e4c  02027c7c  00000055 [00241fc8] 0002f5d8  002513a4  00000055

0024c508 ^M

02027c90: 00000055  00000000  0002f740  002513a4  00017c10  00017bf2  0000000b

0002febc ^M

02027cb0: 002513a4  020540c0  02026000  00000055  02027e4c  00000000  0000000a

00241fc8 ^M

02027cd0: 00014ade  02063018 <ffa00372> 0025787c  00000055  00000200

00000000  00000000 ^M

02027cf0: ffa00be4  0025787c  00000202  00000000  000001d4  00000000  00000000

00014b70 ^M

02027d10: 0000c810  00002000  00000000  02d22000  02d836c2  00014b70  ffa00358

0000000b ^M

02027d30: 02002000  0000e710  000aa0bc  0000e6fa  000aa0ba  00000000  00000000

00000007 ^M

02027d50: 00000000  00000026  00000000  ffffffff  02ae8773  3d08ffab  00000000

00000000 ^M

02027d70: 00000000  00000000  00000000  00000000  00000000  ffffffff  00000000

00000000 ^M

02027d90: 00000000  00000000  00000000  00000000  00241fc8  0025787c  020540c0

02026000 ^M

02027db0: 0024c508  02026000  00000000  00000202  00000000  00000000  0000000a

02027e24 ^M

02027dd0: 00000100  02026000  0000ffff  0000ffff  00000000  00000006  020540fc

0002febc ^M

02027df0: 0024faf4  020540c0  02bf6000  00000006  020540d8  ffa00358  0025787c

020540c0 ^M

02027e10: 02bf6000  00000006  00000000  00000000  00000001  00000200  00000000

00000000 ^M

02027e30: ffa00be4  0024c508  00000001  020540e0  02bf6150  02bf6084  02bf6120

02bfd636 ^M

02027e50: 00008050  00002000  00000000  02d22000  02d836c2  02bfd636

<02bfd632> 00000006 ^M

02027e70: 02003025  000092f6  000aa0bc  000092f6  000aa0ba  00000000  00000000

00000004 ^M

02027e90: 00000000  00000004  00000000  00000000  02ae8773  00000000  00000001

00000000 ^M

02027eb0: 00000000  00000000  00000000  00000000  00000000  00000001  00000004

00000000 ^M

02027ed0: 02de8ea4  02bc4384  00000001  00000000  020540d8  0024c508  020540c0

02bf6000 ^M

02027ef0: ffc04024  02063040  00113c74  00000001  020540e0  00000000  00000001

00000069 ^M

02027f10: ffc04034  00000000  0000ffff  0000ffff  00113c74  00000006  0000be36

0024d90c ^M

02027f30: 02018040  00000000  02bf6084  02018100  0024c508 <0001d140>

020540ec  02001a60 ^M

02027f50: 02bfd500  02026000  00000000  0000003f  ffffffc0  020540ec  02026008

02026000 ^M

02027f70: 02026000  00000000  0001d1ee  02001a60  0001d1b4  00000000  02001a68

02027fa4 ^M

02027f90: 00000000  00000000  02026008  02026000  02026000  00000000  02018040

0001ffac ^M

02027fb0: 02027fb0  02027fb0 <0001fc2e> 0201bf3c  02001a60  00000000

00000000  0001fbd4 ^M

02027fd0: 00001500  00000000  00000000  02027fdc  02027fdc <00001506>

00000000  00000000 ^M

02027ff0: 00000000  00000000  ffffffff  00000006 ^M

Return addresses in stack:^M

    address : <0xffa00372> { _asm_do_IRQ + 0x72 }^M

    address : <0x02bfd632> { :g_serial:_gserial_connect + 0x572 }^M

    address : <0x0001d140> { _run_workqueue + 0x90 }^M

    address : <0x0001fc2e> { _kthread + 0x5a }^M

    address : <0x00001506> { _kernel_thread_helper + 0x6 }^M

handlers:^M

[<00113d3c>] (_dma_controller_irq+0x0/0x174)^M

Disabling IRQ #85^M

--

 

--- Bob Liu                                                  2010-09-01 23:14:50

I can't repeat it on the latest svn trunk.

 

--- Vivi Li                                                  2010-09-02 06:10:46

The last time I saw this crash on bf527-ezkit is on Aug 30th with following

version info:

--

kernel:    Linux release 2.6.34.6-ADI-2010R1-pre-svn9115, build #290 Mon Aug 30

18:31:54 CST 2010

toolchain: bfin-uclinux-gcc release gcc version 4.3.5 (ADI-trunk/svn-4747)

user-dist: release svn-9801, build #853 Mon Aug 30 18:29:42 CST 2010

--

 

--- Vivi Li                                                  2010-11-08 22:52:44

I think you can try it on bf527-ezkit with dma mode. I can still see similar

crash in 2010r1 branch.

 

On bf548-ezkit, I haven't seen this since end of Jun.

 

 

 

    Files

    Changes

    Commits

    Dependencies

    Duplicates

    Associations

    Tags

 

File Name     File Type     File Size     Posted By

No Files Were Found

Attachments

    Outcomes