[#6148] USB detection will cause kernel crashing at mm/slab.c

Document created by Aaronwu Employee on Sep 11, 2013
Version 1Show Document
  • View in full screen mode

[#6148] USB detection will cause kernel crashing at mm/slab.c

Submitted By: Vivi Li

Open Date

2010-08-03 04:09:33     Close Date

2010-08-11 05:27:40

Priority:

Medium     Assignee:

Bob Liu

Status:

Closed     Fixed In Release:

N/A

Found In Release:

2010R1     Release:

Category:

N/A     Board:

N/A

Processor:

BF537     Silicon Revision:

Is this bug repeatable?:

Yes     Resolution:

Out of Date

Uboot version or rev.:

    Toolchain version or rev.:

gcc4.3-2010_Apr_07

App binary format:

N/A     

Summary: USB detection will cause kernel crashing at mm/slab.c

Details:

 

USB detection will cause kernel crashing at mm/slab.c after kernel upgraded to 2.6.34.1.

 

Last passed version:

--

kernel:    Linux release 2.6.34-ADI-2010R1-pre-svn8970, build #56 Tue Jul 6 03:28:24 CST 2010

toolchain: bfin-uclinux-gcc release gcc version 4.3.4 (ADI-trunk/svn-3951)

user-dist: release svn-9715, build #998 Tue Jul 6 03:27:29 CST 2010

--

 

First failed version:

--

kernel:    Linux release 2.6.34.1-ADI-2010R1-pre-svn8977, build #60 Wed Jul 7 11:22:15 CST 2010

toolchain: bfin-uclinux-gcc release gcc version 4.3.4 (ADI-trunk/svn-3951)

user-dist: release svn-9715, build #1071 Wed Jul 7 11:21:19 CST 2010

--

 

Bellow is the log for usb isp176x:

--

root:/> modprobe isp1760

isp1760 isp1760.0: NXP ISP1760 USB Host Controller

isp1760 isp1760.0: new USB bus registered, assigned bus number 1

isp1760 isp1760.0: bus width: 16, oc: digital

isp1760 isp1760.0: irq 57, io mem 0x203c0000

isp1760 isp1760.0: USB ISP 1761 HW rev. 1 started

hub 1-0:1.0: USB hub found

hub 1-0:1.0: 1 port detected

ISP1760 USB device initialised

root:/> port 1 high speed

usb 1-1: new high speed USB device using isp1760 and address 2

port 1 high speed

usb 1-1: invalid descriptor for config index 0: type = 0xD2, length = 64

usb 1-1: can't read configurations, error -22

------------[ cut here ]------------

kernel BUG at mm/slab.c:521!

Kernel panic - not syncing: BUG()

Hardware Trace:

   0 Target : <0x00003ef0> { _trap_c + 0x0 }

     Source : <0xffa00770> { _exception_to_level5 + 0xa4 } CALL pcrel

   1 Target : <0xffa006cc> { _exception_to_level5 + 0x0 }

     Source : <0xffa00580> { _bfin_return_from_exception + 0x20 } RTX

   2 Target : <0xffa00560> { _bfin_return_from_exception + 0x0 }

     Source : <0xffa00624> { _ex_trap_c + 0x74 } JUMP.S

   3 Target : <0xffa005b0> { _ex_trap_c + 0x0 }

     Source : <0xffa00844> { _trap + 0x68 } JUMP (P4)

   4 Target : <0xffa007fa> { _trap + 0x1e }

     Source : <0xffa007f6> { _trap + 0x1a } IF CC JUMP pcrel

   5 Target : <0xffa007dc> { _trap + 0x0 }

      FAULT : <0x00044004> { _kfree + 0x44 } BUG

     Source : <0x00044002> { _kfree + 0x42 } IF !CC JUMP pcrel (BP)

   6 Target : <0x00043ffc> { _kfree + 0x3c }

     Source : <0x00043ff8> { _kfree + 0x38 } IF CC JUMP pcrel (BP)

   7 Target : <0x00043ff2> { _kfree + 0x32 }

     Source : <0x00043fee> { _kfree + 0x2e } IF CC JUMP pcrel (BP)

   8 Target : <0x00043fc0> { _kfree + 0x0 }

     Source : <0x000df81a> { _usb_destroy_configuration + 0x3a } CALL pcrel

   9 Target : <0x000df816> { _usb_destroy_configuration + 0x36 }

     Source : <0x000df80e> { _usb_destroy_configuration + 0x2e } JUMP.S

  10 Target : <0x000df7e0> { _usb_destroy_configuration + 0x0 }

     Source : <0x000d5b22> { _usb_release_dev + 0x12 } JUMP.L

  11 Target : <0x000d5b10> { _usb_release_dev + 0x0 }

     Source : <0x000b9946> { _device_release + 0x16 } CALL (P1)

  12 Target : <0x000b9944> { _device_release + 0x14 }

     Source : <0x000b995e> { _device_release + 0x2e } IF !CC JUMP pcrel (BP)

  13 Target : <0x000b9954> { _device_release + 0x24 }

     Source : <0x000b9942> { _device_release + 0x12 } IF CC JUMP pcrel

  14 Target : <0x000b9930> { _device_release + 0x0 }

     Source : <0x000a00bc> { _kobject_release + 0x30 } CALL (P2)

  15 Target : <0x000a008c> { _kobject_release + 0x0 }

     Source : <0x000a0b2e> { _kref_put + 0x4a } CALL (P2)

Stack info:

SP: [0x02077c34] <0x02077c34> /* kernel dynamic memory (maybe user-space) */

FP: (0x02077fa8)

Memory from 0x02077c30 to 02078000

02077c30: 00000013 [0017c570] 00145f0e  02077d10  0017c570  001bc3ce  001bc3ce  001bc3ce

02077c50: 02077c64  000042e2  02077d10  00008008  001ca530  0000003f  ffffffff  001c0cc0

02077c70: 000349d0  00000009  001c0cec  02076000  00000001  00000024  00000100  00000101

02077c90: 00000004  00000100 <00015b9a> 00000000  000336d0  001cc2e4  02ad4da0  001c08d9

02077cb0: 00000006  001ca530  ffa00386  001d0cd0  02ad4da0  001c08d9  00000006  00000000

02077cd0: 02077d08  0000c1ac  028db640  028db640  022af000  0000001f  00000000  ffa00774

02077cf0: 001b9000  00008008  00002021  0000ffff  00010123  00000000  00000000  00000480

02077d10: 00000480  00008008  00002021  00000000  02077dec  00000480  00044004  000df81e

02077d30: 00000400  02002020  02a0bab5  ffa01834  02a0bab4  ffa01834  00000000  00000000

02077d50: 00000242  00000000  00007a42  00000000  00000000  00000000  00000000  00000000

02077d70: 00000000  00000000  00000000  00000000  00000000  00000000  00000000  00000004

02077d90: 00000000  02a6aeb0  00000000  02aa6128  00000000  02077e24  00000000  001d1520

02077db0: 02a92000  008de200  000d5b10  02a92000  022af000  00000000  0000ffff  00010123

02077dd0: 000a008c  00000004  008de200  00000400  00000400  02a92000  00000006  000003e8

02077df0: 00000001  00000000  02077e10  000df81e  00000000  001d1520  022af000  00000000

02077e10: 02aa7ddc  00000001  02077e14  000dc92c  0204d240  02aa7c00  000d5b26  02a92000

02077e30: 001d1520  001c9130  022af000  00000000  02aa7ddc  00000001  02aa7c00  000da602

02077e50: 0208142c <000b9948> 02a9206c  00000000  02a92038  02ad4da0  00000001  02aa7c00

02077e70:<000a00be> 02065e20  02ad4da0  00000000  02a92000 <000a0b30> 02a92000  02ad4da0

02077e90: ffffffea  ffffffea  00000000  000d8d1a  000d8d1a  02ad4da0  00000004  00000001

02077eb0: 00000000  02ad4da0  000003e8  00000001  00000000  00000001  02ad4e10  0100cdfc

02077ed0: 00000501  022af000  00000009  02ad4e30  02ad4ebc  00000000  00000000  000003e8

02077ef0: 02ad4db8  02077f58  000d9474  02aa7c00  02ad4da0  02aa7c00  02077f94  00000001

02077f10: 00000001  02ad4ddc  02068980  02018bc0  02077f58  00000000  02068980  02068b00

02077f30: 02018bc0  02077f64  ffa01eda  02ad4dd4  001c9130  02ad4da8  02ad4dd8  02ad4ebc

02077f50: 02aa7c98  001c0000  02070501  02076000  02076000  001d291c  000d9620  001d291c

02077f70: 02076000  02076000  02077f94  02076000  02076000  00000000  0000c1ac  0201bf34

02077f90: 000d95ec  00000000  02068980  000214b4  02077fa0  02077fa0 (00000000)<0002112a>

02077fb0: 0201bf34  000d95ec  00000000  00000000  00000000  00000000  00000000  000210d0

02077fd0: 000014a8  00000000  00000000  02077fdc  02077fdc <000014ae> 00000000  00000000

02077ff0: 00000000  00000000  ffffffff  00000006

Return addresses in stack:

    address : <0x00015b9a> { ___do_softirq + 0x76 }

    address : <0x000b9948> { _device_release + 0x18 }

    address : <0x000a00be> { _kobject_release + 0x32 }

    address : <0x000a0b30> { _kref_put + 0x4c }

   frame  1 : <0x0002112a> { _kthread + 0x5a }

    address : <0x000014ae> { _kernel_thread_helper + 0x6 }

--

 

Bellow is the log for usb isp1362 and sl811:

--

Linux version 2.6.34.1-ADI-2010R1-pre-svn8971 (test@uclinux54-adv7393-ad1981-usb1362) (gcc version 4.3.4 (ADI-trunk/svn-3951) ) #199 Wed Jul 7 04:02:19 CST 2010

register early platform devices

bootconsole [early_shadow0] enabled

bootconsole [early_BFuart0] enabled

early printk enabled on early_BFuart0

Limiting kernel memory to 56MB due to anomaly 05000263

Board Memory: 64MB

Kernel Managed Memory: 64MB

Memory map:

  fixedcode = 0x00000400-0x00000490

  text      = 0x00001000-0x0014b8c8

  rodata    = 0x0014b8c8-0x001bcf84

  bss       = 0x001bd000-0x001cdc04

  data      = 0x001cdc04-0x001e4000

    stack   = 0x001e2000-0x001e4000

  init      = 0x001e4000-0x008de000

  available = 0x008de000-0x03800000

  DMA Zone  = 0x03f00000-0x04000000

Hardware Trace Active and Enabled

Boot Mode: 0

Reset caused by Software reset

Blackfin support (C) 2004-2010 Analog Devices, Inc.

Compiled for ADSP-BF537 Rev 0.2

Blackfin Linux support by http://blackfin.uclinux.org/

Processor Speed: 500 MHz core clock and 125 MHz System Clock

NOMPU: setting up cplb tables

Instruction Cache Enabled for CPU0

  External memory: cacheable in instruction cache

Data Cache Enabled for CPU0

  External memory: cacheable (write-back) in data cache

Built 1 zonelists in Zone order, mobility grouping off.  Total pages: 14224

Kernel command line: root=/dev/mtdblock0 rw ip=10.100.4.50 earlyprintk=serial,uart0,57600 console=ttyBF0,57600 ip=10.100.4.50:10.100.4.174:10.100.4.174:255.255.255.0:bf537-stamp:eth0:off

PID hash table entries: 256 (order: -2, 1024 bytes)

Dentry cache hash table entries: 8192 (order: 3, 32768 bytes)

Inode-cache hash table entries: 4096 (order: 2, 16384 bytes)

Memory available: 47696k/65536k RAM, (7144k init code, 1322k kernel code, 610k data, 1024k dma, 7740k reserved)

Hierarchical RCU implementation.

NR_IRQS:138

Configuring Blackfin Priority Driven Interrupts

console [ttyBF0] enabled, bootconsole disabled

console [ttyBF0] enabled, bootconsole disabled

Calibrating delay loop... 995.32 BogoMIPS (lpj=1990656)

Security Framework initialized

Mount-cache hash table entries: 512

Blackfin Scratchpad data SRAM: 4 KB

Blackfin L1 Data A SRAM: 16 KB (16 KB free)

Blackfin L1 Data B SRAM: 16 KB (16 KB free)

Blackfin L1 Instruction SRAM: 48 KB (35 KB free)

NET: Registered protocol family 16

Blackfin DMA Controller

stamp_init(): registering device resources

bio: create slab <bio-0> at 0

SCSI subsystem initialized

bfin-spi bfin-spi.0: Blackfin on-chip SPI Controller Driver, Version 1.0, regs_base@ffc00500, dma channel@7

usbcore: registered new interface driver usbfs

usbcore: registered new interface driver hub

usbcore: registered new device driver usb

Switching to clocksource bfin_cs_cycles

NET: Registered protocol family 2

IP route cache hash table entries: 1024 (order: 0, 4096 bytes)

TCP established hash table entries: 2048 (order: 2, 16384 bytes)

TCP bind hash table entries: 2048 (order: 1, 8192 bytes)

TCP: Hash tables configured (established 2048 bind 2048)

TCP reno registered

UDP hash table entries: 256 (order: 0, 4096 bytes)

UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)

NET: Registered protocol family 1

msgmni has been set to 93

io scheduler noop registered

io scheduler cfq registered (default)

bfin-uart: Blackfin serial driver

bfin-uart.0: ttyBF0 at MMIO 0xffc00400 (irq = 18) is a BFIN-UART

brd: module loaded

bfin_mii_bus: probed

bfin_mii_bus: Can't get IRQ 65535 (PHY)

bfin_mac: attached PHY driver [SMSC LAN83C185] (mii_bus:phy_addr=0:01, irq=-1, mdc_clk=2500000Hz(mdc_div=24)@sclk=125MHz)

bfin_mac bfin_mac.0: Blackfin on-chip Ethernet MAC driver, Version 1.1

driver isp1362-hcd, 2005-04-04

isp1362-hcd isp1362-hcd.0: ISP1362 Host Controller

isp1362-hcd isp1362-hcd.0: new USB bus registered, assigned bus number 1

isp1362_hc_reset:

isp1362-hcd isp1362-hcd.0: irq 53, io mem 0x20360000

isp1362_hc_start:

isp1362-hcd isp1362-hcd.0: ISP1362 Memory usage:

isp1362-hcd isp1362-hcd.0:   ISTL:    2 *  256:      512 @ $0000:$0100

isp1362-hcd isp1362-hcd.0:   INTL:   16 * ( 64+8):  1152 @ $0200

isp1362-hcd isp1362-hcd.0:   ATL :   32 * ( 64+8):  2304 @ $0680

isp1362-hcd isp1362-hcd.0:   USED/FREE:   3968       128

hub 1-0:1.0: USB hub found

hub 1-0:1.0: 2 ports detected

ISP1362 Host Controller, irq 53

sl811: driver sl811-hcd, 19 May 2005

sl811-hcd sl811-hcd.0: SL811HS v1.5

sl811-hcd sl811-hcd.0: new USB bus registered, assigned bus number 2

sl811-hcd sl811-hcd.0: irq 54, io mem 0x20340000

hub 2-0:1.0: USB hub found

hub 2-0:1.0: 1 port detected

Initializing USB Mass Storage driver...

usbcore: registered new interface driver usb-storage

USB Mass Storage support registered.

rtc-bfin rtc-bfin: rtc core: registered rtc-bfin as rtc0

bfin-wdt: initialized: timeout=20 sec (nowayout=0)

usbcore: registered new interface driver usbhid

usbhid: USB HID core driver

TCP cubic registered

NET: Registered protocol family 17

rtc-bfin rtc-bfin: setting system clock to 1970-10-21 23:08:03 UTC (25398483)

usb 1-2: new full speed USB device using isp1362-hcd and address 2

usb 1-2: invalid descriptor for config index 0: type = 0xAF, length = 128

usb 1-2: can't read configurations, error -22

------------[ cut here ]------------

kernel BUG at mm/slab.c:521!

Kernel panic - not syncing: BUG()

Hardware Trace:

   0 Target : <0x00003ef0> { _trap_c + 0x0 }

     Source : <0xffa00770> { _exception_to_level5 + 0xa4 } CALL pcrel

   1 Target : <0xffa006cc> { _exception_to_level5 + 0x0 }

     Source : <0xffa00580> { _bfin_return_from_exception + 0x20 } RTX

   2 Target : <0xffa00560> { _bfin_return_from_exception + 0x0 }

     Source : <0xffa00624> { _ex_trap_c + 0x74 } JUMP.S

   3 Target : <0xffa005b0> { _ex_trap_c + 0x0 }

     Source : <0xffa00844> { _trap + 0x68 } JUMP (P4)

   4 Target : <0xffa007fa> { _trap + 0x1e }

     Source : <0xffa007f6> { _trap + 0x1a } IF CC JUMP pcrel

   5 Target : <0xffa007dc> { _trap + 0x0 }

      FAULT : <0x00044004> { _kfree + 0x44 } BUG

     Source : <0x00044002> { _kfree + 0x42 } IF !CC JUMP pcrel (BP)

   6 Target : <0x00043ffc> { _kfree + 0x3c }

     Source : <0x00043ff8> { _kfree + 0x38 } IF CC JUMP pcrel (BP)

   7 Target : <0x00043ff2> { _kfree + 0x32 }

     Source : <0x00043fee> { _kfree + 0x2e } IF CC JUMP pcrel (BP)

   8 Target : <0x00043fc0> { _kfree + 0x0 }

     Source : <0x000df822> { _usb_destroy_configuration + 0x3a } CALL pcrel

   9 Target : <0x000df81e> { _usb_destroy_configuration + 0x36 }

     Source : <0x000df816> { _usb_destroy_configuration + 0x2e } JUMP.S

  10 Target : <0x000df7e8> { _usb_destroy_configuration + 0x0 }

     Source : <0x000d5b2a> { _usb_release_dev + 0x12 } JUMP.L

  11 Target : <0x000d5b18> { _usb_release_dev + 0x0 }

     Source : <0x000b9946> { _device_release + 0x16 } CALL (P1)

  12 Target : <0x000b9944> { _device_release + 0x14 }

     Source : <0x000b995e> { _device_release + 0x2e } IF !CC JUMP pcrel (BP)

  13 Target : <0x000b9954> { _device_release + 0x24 }

     Source : <0x000b9942> { _device_release + 0x12 } IF CC JUMP pcrel

  14 Target : <0x000b9930> { _device_release + 0x0 }

     Source : <0x000a00bc> { _kobject_release + 0x30 } CALL (P2)

  15 Target : <0x000a008c> { _kobject_release + 0x0 }

     Source : <0x000a0b2e> { _kref_put + 0x4a } CALL (P2)

Stack info:

SP: [0x02045c34] <0x02045c34> /* kernel dynamic memory (maybe user-space) */

FP: (0x02045fa8)

Memory from 0x02045c30 to 02046000

02045c30: 00000013 [0018242c] 0014b7c2  02045d10  0018242c  001c23ce  001c23ce  001c23ce

02045c50: 02045c64  000042e2  02045d10  00008008  0000001f  0000003f  ffffffff  00000000

02045c70: 0000ffff  001587dc  0000001f  0000001b  00000000  00000000  00000000  00000000

02045c90: 00000000  00000007  00000001  ffffffff  0000000f  00000000  00156ec8  00000000

02045cb0: 00000000  02045d0c  20000000  029090c8  00000001  001cf150  00000001  028d7bc0

02045cd0: 02045d08  0000c1ac  028d7bc0  028d7bc0  02909000  0000001f  00000000  ffa00774

02045cf0: 001bf000  00008008  00000021  0000ffff  00010123  00000000  00000000  00000480

02045d10: 00000480  00008008  00000021  00000000  02045dec  00000480  00044004  000df826

02045d30: 00000400  02002020  000a43ce  000e4254  000a43c4  000e4254  00000000  00000000

02045d50: 0000001f  00000000  0000001f  00000000  0000ffff  001587dc  0000001f  0000001b

02045d70: 00000000  00000000  00000000  00000000  00000000  00000007  00000001  ffffffff

02045d90: 0000000f  00000000  00156ec8  00000000  00000000  02045e24  00000000  001d77f4

02045db0: 028f0800  008e0200  000d5b18  028f0800  02909000  00000000  0000ffff  00010123

02045dd0: 000a008c  00000004  008e0200  00000400  00000400  028f0800  00000006  000003e8

02045df0: 00000002  00000000  02045e10  000df826  00000000  001d77f4  02909000  00000000

02045e10: 028f0de0  00000002  02045e14  000dc934  02900f80  028f0c00  000d5b2e  028f0800

02045e30: 001d77f4  001cf150  02909000  00000000  028f0de0  00000002  028f0c00  000da60a

02045e50: 028f0c00 <000b9948> 028f086c  00000000  028f0838  0206d080  00000001  028f0800

02045e70:<000a00be> 02908f40  00000023  00000000  028f0800 <000a0b30> 028f0800  0206d080

02045e90: ffffffea  ffffffea  00000000  000d8d22  000d8d22  0206d080  00000004  00000002

02045eb0: 00000000  0206d080  000003e8  00000002  00000000  00000002  0206d0f1  0100cdfc

02045ed0: 00000101  02909000  0000000a  0206d110  0206d19c  00000000  00000001  000003e8

02045ef0: 0206d098  02045f58  000d947c  028f0c04  0206d080  028f0c00  02045f94  00000002

02045f10: 00000001  0206d0bc  02029060  02018bc0  02045f58  00000000  02029060  020291e0

02045f30: 02018bc0  02045f64  ffa01eda  0206d0b4  001cf150  0206d088  0206d0b8  0206d19c

02045f50: 028f0c98  001d0000  02040101  02044000  02044000  001d8bf0  000d9628  001d8bf0

02045f70: 02044000  02044000  02045f94  02044000  02044000  00000000  0000c1ac  0201bf34

02045f90: 000d95f4  00000000  02029060  000214b4  02045fa0  02045fa0 (00000000)<0002112a>

02045fb0: 0201bf34  000d95f4  00000000  00000000  00000000  00000000  00000000  000210d0

02045fd0: 000014a8  00000000  00000000  02045fdc  02045fdc <000014ae> 00000000  00000000

02045ff0: 00000000  00000000  ffffffff  00000006

Return addresses in stack:

    address : <0x000b9948> { _device_release + 0x18 }

    address : <0x000a00be> { _kobject_release + 0x32 }

    address : <0x000a0b30> { _kref_put + 0x4c }

   frame  1 : <0x0002112a> { _kthread + 0x5a }

    address : <0x000014ae> { _kernel_thread_helper + 0x6 }

--

 

Follow-ups

 

--- Vivi Li                                                  2010-08-11 05:27:40

Out of date now.

Close it.

 

--- Michael Hennerich                                        2010-08-11 06:00:56

This was a duplicate of: [#6147] kernel crash with none dma usb host hci

 

 

 

 

    Files

    Changes

    Commits

    Dependencies

    Duplicates

    Associations

    Tags

 

File Name     File Type     File Size     Posted By

config.linux.usbhost_176x    application/octet-stream    42869    Vivi Li

config.linux.usbhost_1362    application/octet-stream    43064    Vivi Li

Outcomes