[#6844] Remove bfin_mac module will make kernel crash when binary format is FDPIC
Submitted By: Vivi Li
Open Date
2011-10-25 04:24:37
Priority:
Low Assignee:
Nobody
Status:
Open Fixed In Release:
N/A
Found In Release:
2011R1 Release:
Category:
N/A Board:
N/A
Processor:
BF537 Silicon Revision:
Is this bug repeatable?:
Yes Resolution:
Assigned (Not Start)
Uboot version or rev.:
Toolchain version or rev.:
gcc4.3-2011R1-RC2
App binary format:
FDPIC
Summary: Remove bfin_mac module will make kernel crash when binary format is FDPIC
Details:
Remove bfin_mac module will make kernel crash when binary format is FDPIC.
No such problem when binary format is flat.
--
Linux version 3.0.0-ADI-2011R1-pre-svn10098 (test@uclinux72-kernel-elf-ad1938) (gcc version 4.3.5 (ADI-2011R1-RC2) ) #93 Sat Oct1
register early platform devices
bootconsole [early_shadow0] enabled
bootconsole [early_BFuart0] enabled
early printk enabled on early_BFuart0
Limiting kernel memory to 56MB due to anomaly 05000263
Board Memory: 64MB
Kernel Managed Memory: 64MB
Memory map:
fixedcode = 0x00000400-0x00000490
text = 0x00001000-0x00126390
rodata = 0x00126390-0x00186234
bss = 0x00187000-0x00196ae8
data = 0x00196ae8-0x001aa000
stack = 0x001a8000-0x001aa000
init = 0x001aa000-0x007ec000
available = 0x007ec000-0x03800000
DMA Zone = 0x03f00000-0x04000000
Hardware Trace active and enabled
Boot Mode: 0
Reset caused by Software reset
Blackfin support (C) 2004-2010 Analog Devices, Inc.
Compiled for ADSP-BF537 Rev 0.2
Blackfin Linux support by http://blackfin.uclinux.org/
Processor Speed: 500 MHz core clock and 125 MHz System Clock
NOMPU: setting up cplb tables
Instruction Cache Enabled for CPU0
External memory: cacheable in instruction cache
Data Cache Enabled for CPU0
External memory: cacheable (write-back) in data cache
Built 1 zonelists in Zone order, mobility grouping off. Total pages: 14224
Kernel command line: root=/dev/mtdblock0 rw clkin_hz=25000000 earlyprintk=serial,uart0,57600 console=ttyBF0,57600 ip=10.100.4.50f
PID hash table entries: 256 (order: -2, 1024 bytes)
Dentry cache hash table entries: 8192 (order: 3, 32768 bytes)
Inode-cache hash table entries: 4096 (order: 2, 16384 bytes)
Memory available: 48624k/65536k RAM, (6408k init code, 1172k kernel code, 528k data, 1024k dma, 7780k reserved)
NR_IRQS:146
Configuring Blackfin Priority Driven Interrupts
console [ttyBF0] enabled, bootconsole disabled
console [ttyBF0] enabled, bootconsole disabled
Calibrating delay loop... 995.32 BogoMIPS (lpj=1990656)
pid_max: default: 32768 minimum: 301
Mount-cache hash table entries: 512
Blackfin Scratchpad data SRAM: 4 KB
Blackfin L1 Data A SRAM: 16 KB (16 KB free)
Blackfin L1 Data B SRAM: 16 KB (16 KB free)
Blackfin L1 Instruction SRAM: 48 KB (35 KB free)
NET: Registered protocol family 16
Blackfin DMA Controller
stamp_init(): registering device resources
bio: create slab <bio-0> at 0
bfin-spi bfin-spi.0: Blackfin on-chip SPI Controller Driver, Version 1.0, regs@ffc00500, dma channel@7
Switching to clocksource bfin_cs_cycles
NET: Registered protocol family 2
IP route cache hash table entries: 1024 (order: 0, 4096 bytes)
TCP established hash table entries: 2048 (order: 2, 16384 bytes)
TCP bind hash table entries: 2048 (order: 1, 8192 bytes)
TCP: Hash tables configured (established 2048 bind 2048)
TCP reno registered
UDP hash table entries: 256 (order: 0, 4096 bytes)
UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
NET: Registered protocol family 1
debug-mmrs: setting up Blackfin MMR debugfs
msgmni has been set to 94
io scheduler noop registered (default)
bfin-uart: Blackfin serial driver
bfin-uart.0: ttyBF0 at MMIO 0xffc00400 (irq = 18) is a BFIN-UART
brd: module loaded
rtc-bfin rtc-bfin: rtc core: registered rtc-bfin as rtc0
bfin-wdt: initialized: timeout=20 sec (nowayout=0)
TCP cubic registered
NET: Registered protocol family 17
"dma_alloc_init: dma_page @ 0x02855000 - 256 pages at 0x03f00000TC (316762)
Freeing unused kernel memory: 6408k freed
_____________________________________
a8888b. / Welcome to the uClinux distribution \
d888888b. / _ _ \
8P"YP"Y88 / | | |_| __ __ (TM) |
8|o||o|88 _____/ | | _ ____ _ _ \ \/ / |
8' .88 \ | | | | _ \| | | | \ / |
8`._.' Y8. \ | |__ | | | | | |_| | / \ |
d/ `8b. \ \____||_|_| |_|\____|/_/\_\ |
dP . Y8b. \ For embedded processors including |
d8:' " `::88b \ the Analog Devices Blackfin /
d8" 'Y88b \___________________________________/
:8P ' :888
8a. : _a88P For further information, check out:
._/"Yaa_: .| 88P| - http://blackfin.uclinux.org/
\ YP" `| 8P `. - http://docs.blackfin.uclinux.org/
/ \.___.d| .' - http://www.uclinux.org/
`--..__)8888P`._.' jgs/a:f - http://www.analog.com/blackfin
Have a lot of fun...
BusyBox v1.18.4 (2011-10-21 22:37:10 CST) hush - the humble shell
root:/> modprobe bfin_mac
ELF FDPIC interpreter with invalid DYNAMIC section (inode=178)
Unable to load interpreter
bfin_mii_bus: probed
bfin_mac: attached PHY driver [SMSC LAN83C185] (mii_bus:phy_addr=0:01, irq=-1, mdc_clk=2500000Hz(mdc_div=24)@sclk=125MHz)
bfin_mac bfin_mac.0: eth0: Blackfin on-chip Ethernet MAC driver, Version 1.1
root:/> modprobe -r bfin_mac
Illegal use of supervisor resource
<5> - Attempted to use a Supervisor register or instruction from User mode.
<5> Supervisor resources are registers and instructions that are reserved
<5> for Supervisor use: Supervisor only registers, all MMRs, and Supervisor
<5> only instructions.
Kernel OOPS in progress
Deferred Exception context
CURRENT PROCESS:
COMM=modprobe PID=170 CPU=0
TEXT = 0x02900000-0x02956e28 DATA = 0x02b20e28-0x02b24b18
BSS = 0x02b24b18-0x02b00000 USER-STACK = 0x02b1fea0
return address: [0x000af1ee]; contents of:
0x000af1c0: 002b 0208 0200 0010 3211 6fc2 e511 0010
0x000af1d0: 0c41 1803 9108 0010 e512 002b 0c42 1803
0x000af1e0: 9110 0010 6000 0010 0000 3210 ae52 [a310]
0x000af1f0: 0010 0000 0000 0000 0000 0000 0010 0000
ADSP-BF537-0.2 500(MHz CCLK) 125(MHz SCLK) (mpu off)
Linux version 3.0.0-ADI-2011R1-pre-svn10098 (test@uclinux72-kernel-elf-ad1938) (gcc version 4.3.5 (ADI-2011R1-RC2) ) #93 Sat Oct1
SEQUENCER STATUS: Not tainted
SEQSTAT: 0000202e IPEND: 8008 IMASK: ffff SYSCFG: 0006
EXCAUSE : 0x2e
physical IVG3 asserted : <0xffa007ac> { _trap + 0x0 }
physical IVG15 asserted : <0xffa01090> { _evt_system_call + 0x0 }
logical irq 6 mapped : <0xffa003c0> { _bfin_coretmr_interrupt + 0x0 }
logical irq 10 mapped : <0x000c5efc> { _bfin_rtc_interrupt + 0x0 }
logical irq 18 mapped : <0x000ad4ac> { _bfin_serial_dma_rx_int + 0x0 }
logical irq 19 mapped : <0x000ad204> { _bfin_serial_dma_tx_int + 0x0 }
RETE: <0x00000000> /* Maybe null pointer? */
RETN: <0x02bb7da0> /* kernel dynamic memory (maybe user-space) */
RETX: <0x00000480> /* Maybe fixed code section */
RETS: <0x00094a72> { _kobject_uevent_env + 0x28a }
PC : <0x000af1ee> { _class_dir_child_ns_type + 0x6 }
DCPLB_FAULT_ADDR: <0xffffffe0> /* core mmrs */
ICPLB_FAULT_ADDR: <0x000af1ee> { _class_dir_child_ns_type + 0x6 }
PROCESSOR STATE:
R0 : 028545e0 R1 : ffffffc0 R2 : 00000001 R3 : 00000000
R4 : 00166fcc R5 : 001641d8 R6 : fffffffd R7 : 00000004
P0 : 02003d40 P1 : 028545e0 P2 : ffffffb0 P3 : 0299b244
P4 : 001a01b4 P5 : 02b28010 FP : 001a02dc SP : 02bb7cc4
LB0: ffa0177c LT0: ffa0177a LC0: 00000000
LB1: 000985e8 LT1: 000985dc LC1: 00000000
B0 : 00000000 L0 : 00000000 M0 : 00000020 I0 : 0205e560
B1 : 00000000 L1 : 00000000 M1 : 00000000 I1 : 025880b4
B2 : 00000000 L2 : 00000000 M2 : 00000000 I2 : 00000000
B3 : 00000000 L3 : 00000000 M3 : 00000000 I3 : 00000000
A0.w: 00000001 A0.x: 00000000 A1.w: 00000001 A1.x: 00000000
USP : 02b1fa38 ASTAT: 02003004
Hardware Trace:
0 Target : <0x00003fb8> { _trap_c + 0x0 }
Source : <0xffa00740> { _exception_to_level5 + 0xa4 } JUMP.L
1 Target : <0xffa0069c> { _exception_to_level5 + 0x0 }
Source : <0xffa00550> { _bfin_return_from_exception + 0x20 } RTX
2 Target : <0xffa00530> { _bfin_return_from_exception + 0x0 }
Source : <0xffa005f4> { _ex_trap_c + 0x74 } JUMP.S
3 Target : <0xffa00580> { _ex_trap_c + 0x0 }
Source : <0xffa00814> { _trap + 0x68 } JUMP (P4)
4 Target : <0xffa007ca> { _trap + 0x1e }
Source : <0xffa007c6> { _trap + 0x1a } IF CC JUMP pcrel
5 Target : <0xffa007ac> { _trap + 0x0 }
FAULT : <0x000af1ee> { _class_dir_child_ns_type + 0x6 } P0 = W[P2 + 12]
Source : <0x000af1ec> { _class_dir_child_ns_type + 0x4 } R2 = W[P2 + 9](X)
6 Target : <0x000af1e8> { _class_dir_child_ns_type + 0x0 }
Source : <0x00093d28> { _kobj_child_ns_ops + 0x14 } JUMP (P2)
7 Target : <0x00093d1e> { _kobj_child_ns_ops + 0xa }
Source : <0x00093d18> { _kobj_child_ns_ops + 0x4 } IF !CC JUMP pcrel
8 Target : <0x00093d14> { _kobj_child_ns_ops + 0x0 }
Source : <0x00093d30> { _kobj_ns_ops + 0x4 } CALL pcrel
9 Target : <0x00093d2c> { _kobj_ns_ops + 0x0 }
Source : <0x00094a6e> { _kobject_uevent_env + 0x286 } CALL pcrel
10 Target : <0x00094a6c> { _kobject_uevent_env + 0x284 }
Source : <0x00094a66> { _kobject_uevent_env + 0x27e } IF !CC JUMP pcrel
11 Target : <0x00094a5e> { _kobject_uevent_env + 0x276 }
Source : <0xffa0272a> { _mutex_unlock + 0x26 } RTS
12 Target : <0xffa02704> { _mutex_unlock + 0x0 }
Source : <0x00094a5a> { _kobject_uevent_env + 0x272 } JUMP.L
13 Target : <0x00094a34> { _kobject_uevent_env + 0x24c }
Source : <0x000ec134> { _netlink_broadcast_filtered + 0x300 } RTS
14 Target : <0x000ec12a> { _netlink_broadcast_filtered + 0x2f6 }
Source : <0x000ec112> { _netlink_broadcast_filtered + 0x2de } IF CC JUMP pcrel
15 Target : <0x000ec10e> { _netlink_broadcast_filtered + 0x2da }
Source : <0x000d4690> { _consume_skb + 0x44 } RTS
Kernel Stack
Stack info:
SP: [0x02bb7cd4] <0x02bb7cd4> /* kernel dynamic memory (maybe user-space) */
FP: (0x02bb7ef4)
Memory from 0x02bb7cd0 to 02bb8000
02bb7cd0: 00000000 [02bb7da0] 00000480 000af1ee 00094a72 028545e0 02003004 000985e8
02bb7cf0: ffa0177c 000985dc ffa0177a 00000000 00000000 00000001 00000000 00000001
02bb7d10: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
02bb7d30: 00000000 00000000 00000000 00000000 00000020 00000000 00000000 025880b4
02bb7d50: 0205e560 02b1fa38 001a02dc 02b28010 001a01b4 0299b244 ffffffb0 028545e0
02bb7d70: 02003d40 00000004 fffffffd <001641d8> 00166fcc 00000000 00000001 ffffffc0
02bb7d90: 028545e0 028545e0 02003d40 00000006 0203a600 02bb7da0 00000000 00000001
02bb7db0: 000000d0 000947a4 0299b244 028544e0 02b28000 02030330 0299b23c 001a0c4c
02bb7dd0: 02b1fa44 000b00d8 02030330 0299b23c 001a0c4c 001984f4 0299b244 001984f4
02bb7df0: 00000000 00124f02 00000000 02bb7dfc 000c02de 0299b200 00198b1c 001984f4
02bb7e10: 00000080 00000020 020134b4 02bb7e34 00162320 <02aed158> 0299b200 001984f4
02bb7e30: 00000080 00000020 00000000 000b1a70 <000b1a9a> 001984f4 02aedea4 00198528
02bb7e50: ffa02a04 02b2b160 00000000 000b1b42 001984f4 02aedea4 00200200 02a41e74
02bb7e70: 020472e0 000b0fd4 02aedee0 02aedea4 02b2b160 <02aed10c><02aed10c> 024bf1d0
02bb7e90:<00034a74> 02aedee0 00000081 02bb9808 00000100 00000010 0225bbc8 6e696662
02bb7eb0: 63616d5f 00000000 00000000 00000000 00000000 00000000 00000000 00000000
02bb7ed0: 00000000 00000000 00000000 00000000 00000000 00040000 00000000 0225bbc0
02bb7ef0: ffffe000 (00000000)<ffa0094e> 000348b4 00000081 00000000 ffffe000 0024764e
02bb7f10: 02b1fa5c 0000fffe 0000dae8 00000000 00000020 028cdaf4 00008000 00002000
02bb7f30: 00000000 02bb8000 028cdaf4 028cdaf4 02907cec ffa010f4 02001004 0285bfc5
02bb7f50: 0285c59f 0285bfc2 0285c59e 00000000 00000000 00000000 00000000 00000000
02bb7f70: 00000000 00000000 7ffff000 02b2b160 00000137 00000000 00000000 00000000
02bb7f90: 00000000 0000005b 00001802 00000001 00000001 00000001 00000001 00000000
02bb7fb0: 02b2b29c 02b1fa38 02b1fa44 02bba2ac 02b2b144 02bb9808 02bb5158 028cdae8
02bb7fd0: 00000081 00000000 00000000 00000020 00000000 0000dae8 00000000 00000080
02bb7ff0: 02b2b160 02b2b160 00000081 00000006
Return addresses in stack:
address : <0x001641d8> /* kernel dynamic memory (maybe user-space) */
address : <0x02aed158> { :bfin_mac:_cleanup_module + 0x64 }
address : <0x000b1a9a> { ___device_release_driver + 0x56 }
address : <0x02aed10c> { :bfin_mac:_cleanup_module + 0x18 }
address : <0x02aed10c> { :bfin_mac:_cleanup_module + 0x18 }
address : <0x00034a74> { _sys_delete_module + 0x1c0 }
frame 1 : <0xffa0094e> { _system_call + 0x6a }
Modules linked in: bfin_mac(-)
Kernel panic - not syncing: Kernel exception
Hardware Trace:
Stack info:
SP: [0x02bb7bcc] <0x02bb7bcc> /* kernel dynamic memory (maybe user-space) */
FP: (0x02bb7c6c)
Memory from 0x02bb7bc0 to 02bb8000
02bb7bc0: 00000004 02bb7bcc 00000013 [00157bdc] 001261d8 02bb7cc4 00157bdc 0018c3cb
02bb7be0: 0018c3cb 0018c3cb 02bb7c14 001a02dc 00004474 02bb7cc4 ffe02014 0299b244
02bb7c00: 00008008 00000004 0000002e 00000013 02bb7cc4 0000003f ffffffff 0019b248
02bb7c20: 02bb6000 00030005 001919fc 001917fc 001915fc 02bb7c34 02bb7c34 0000000a
02bb7c40:<00015cf8> 00190cd0 00000004 02bb6000 00000001 00000004 00015d04 00000001
02bb7c60: 02037620 0299b244 00000006 (00000000)<001641d8> 00166fcc 02001c80 ffa00386
02bb7c80: 001a0188 02037620 0299b244 00000006 00000000 <001641d8> 00166fcc 00000080
02bb7ca0: ffa00744 00189000 00008008 0000202e <001641d8> 00166fcc 00bb7ce0 00000000
02bb7cc0: 00000480 00000480 00008008 0000202e 00000000 02bb7da0 00000480 000af1ee
02bb7ce0: 00094a72 028545e0 02003004 000985e8 ffa0177c 000985dc ffa0177a 00000000
02bb7d00: 00000000 00000001 00000000 00000001 00000000 00000000 00000000 00000000
02bb7d20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
02bb7d40: 00000020 00000000 00000000 025880b4 0205e560 02b1fa38 001a02dc 02b28010
02bb7d60: 001a01b4 0299b244 ffffffb0 028545e0 02003d40 00000004 fffffffd <001641d8>
02bb7d80: 00166fcc 00000000 00000001 ffffffc0 028545e0 028545e0 02003d40 00000006
02bb7da0: 0203a600 02bb7da0 00000000 00000001 000000d0 000947a4 0299b244 028544e0
02bb7dc0: 02b28000 02030330 0299b23c 001a0c4c 02b1fa44 000b00d8 02030330 0299b23c
02bb7de0: 001a0c4c 001984f4 0299b244 001984f4 00000000 00124f02 00000000 02bb7dfc
02bb7e00: 000c02de 0299b200 00198b1c 001984f4 00000080 00000020 020134b4 02bb7e34
02bb7e20: 00162320 <02aed158> 0299b200 001984f4 00000080 00000020 00000000 000b1a70
02bb7e40:<000b1a9a> 001984f4 02aedea4 00198528 ffa02a04 02b2b160 00000000 000b1b42
02bb7e60: 001984f4 02aedea4 00200200 02a41e74 020472e0 000b0fd4 02aedee0 02aedea4
02bb7e80: 02b2b160 <02aed10c><02aed10c> 024bf1d0 <00034a74> 02aedee0 00000081 02bb9808
02bb7ea0: 00000100 00000010 0225bbc8 6e696662 63616d5f 00000000 00000000 00000000
02bb7ec0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
02bb7ee0: 00000000 00040000 00000000 0225bbc0 ffffe000 00000000 <ffa0094e> 000348b4
02bb7f00: 00000081 00000000 ffffe000 0024764e 02b1fa5c 0000fffe 0000dae8 00000000
02bb7f20: 00000020 028cdaf4 00008000 00002000 00000000 02bb8000 028cdaf4 028cdaf4
02bb7f40: 02907cec ffa010f4 02001004 0285bfc5 0285c59f 0285bfc2 0285c59e 00000000
02bb7f60: 00000000 00000000 00000000 00000000 00000000 00000000 7ffff000 02b2b160
02bb7f80: 00000137 00000000 00000000 00000000 00000000 0000005b 00001802 00000001
02bb7fa0: 00000001 00000001 00000001 00000000 02b2b29c 02b1fa38 02b1fa44 02bba2ac
02bb7fc0: 02b2b144 02bb9808 02bb5158 028cdae8 00000081 00000000 00000000 00000020
02bb7fe0: 00000000 0000dae8 00000000 00000080 02b2b160 02b2b160 00000081 00000006
Return addresses in stack:
address : <0x00015cf8> { ___do_softirq + 0x7c }
frame 1 : <0x001641d8> /* kernel dynamic memory (maybe user-space) */
address : <0x001641d8> /* kernel dynamic memory (maybe user-space) */
address : <0x001641d8> /* kernel dynamic memory (maybe user-space) */
address : <0x001641d8> /* kernel dynamic memory (maybe user-space) */
address : <0x02aed158> { :bfin_mac:_cleanup_module + 0x64 }
address : <0x000b1a9a> { ___device_release_driver + 0x56 }
address : <0x02aed10c> { :bfin_mac:_cleanup_module + 0x18 }
address : <0x02aed10c> { :bfin_mac:_cleanup_module + 0x18 }
address : <0x00034a74> { _sys_delete_module + 0x1c0 }
address : <0xffa0094e> { _system_call + 0x6a }
--
Follow-ups
--- Sonic Zhang 2011-10-26 03:06:29
This is a bug in FDPIC modprobe. If you remove the driver by rmmod, no crash.
--- Sonic Zhang 2011-10-26 03:14:57
Ignore last comments.
I can't replicate now. The difference is I don't see following output in my
run.
ELF FDPIC interpreter with invalid DYNAMIC section (inode=178)
Unable to load interpreter
--- Sonic Zhang 2011-10-26 03:23:39
I can replicate sometimes by the same uImage. But, don't know the exact steps.
It is a bit ramdom.
ELF FDPIC interpreter with invalid DYNAMIC section (inode=178)
Unable to load interpreter
If this warning is printed when running modprobe, crash happens when removing
mac driver.
--- Sonic Zhang 2011-10-26 04:03:26
root:/> modprobe bfin_mac
name: /bin/modprobe
name: /bin/mdev
ELF FDPIC interpreter with invalid DYNAMIC section (inode=272)
Unable to load interpreter
name: /bin/mdev
name: /sbin/modprobe
name: /bin/mdev
bfin_mii_bus: probed
name: /bin/mdev
bfin_mac: attached PHY driver [SMSC LAN83C185] (mii_bus:phy_addr=0:01, irq=-1,
mdc_clk=2500000Hz(mdc_div=24)@sclk=125MHz)
name: /bin/mdev
bfin_mac bfin_mac.0: eth0: Blackfin on-chip Ethernet MAC driver, Version 1.1
--- Sonic Zhang 2011-10-26 04:06:11
In fs/binfmt_elf_fdpic.c, fail to load the /bin/mdev FDPIC executable file. mdev
is a link to modprobe.
printk("name: %s\n", bprm->filename);
/* load the executable and interpreter into memory */
retval = elf_fdpic_map_file(&exec_params, bprm->file,
current->mm,
"executable");
--- Vivi Li 2011-11-02 04:45:27
This bug disappear in kernel 3.1.0 but exists in kernel 3.0.0 and 2011r1 branch.
--- Vivi Li 2012-09-05 23:34:07
I can still see this bug in latest trunk with kernel 3.5.0.
Use "modprobe" to install module, then it crashes with
"rmmod" to remove module. But it doesn't crash with "modprobe
-r" to remove module.
Files
Changes
Commits
Dependencies
Duplicates
Associations
Tags
File Name File Type File Size Posted By
config.user application/octet-stream 51368 Vivi Li
config.kernel application/octet-stream 36508 Vivi Li