[#6394] Read PPI_FRAME via debugfs mmrs will cause kernel crash on bf537-stamp
Submitted By: Vivi Li
Open Date
2010-12-03 03:11:08 Close Date
2011-05-30 05:05:35
Priority:
Medium Assignee:
Mike Frysinger
Status:
Closed Fixed In Release:
N/A
Found In Release:
2011R1 Release:
Category:
Tests Board:
N/A
Processor:
ALL Silicon Revision:
Is this bug repeatable?:
Yes Resolution:
Fixed
Uboot version or rev.:
Toolchain version or rev.:
latest trunk
App binary format:
N/A
Summary: Read PPI_FRAME via debugfs mmrs will cause kernel crash on bf537-stamp
Details:
Read PPI_FRAME via debugfs mmrs will cause kernel crash.
Last passed version:
--
kernel: Linux release 2.6.34.7-ADI-2011R1-pre-svn9205, build #4 Wed Oct 20 00:19:51 GMT 2010
toolchain: bfin-uclinux-gcc release gcc version 4.3.5 (ADI-trunk/svn-4957)
user-dist: release svn-9855, build #46 Wed Oct 20 00:17:39 GMT 2010
--
Bellow is the log on bf537-stamp:
--
root:/> find /sys/kernel/debug/blackfin/ -type f -print -exec cat '{}' \;
(...)
/sys/kernel/debug/blackfin/ppi/PPI_FRAME
System MMR Error
<5> - An error occurred due to an invalid access to an System MMR location
<5> Possible reason: a 32-bit register is accessed with a 16-bit instruction
<5> or a 16-bit register is accessed with a 32-bit instruction.
Kernel OOPS in progress
HW Error context
CURRENT PROCESS:
COMM=cat PID=330 CPU=0
TEXT = 0x02c00040-0x02c50fa0 DATA = 0x02c50fc0-0x02c64d00
BSS = 0x02c64d00-0x02c666d0 USER-STACK = 0x02c6ff58
return address: [0x0007ec38]; contents of:
0x0007ec10: 6001 9308 b049 6000 0010 0000 0000 3210
0x0007ec20: 6000 9711 0010 0000 3210 3209 9510 42c0
0x0007ec30: 6001 9308 b049 6000 [0010] 0000 0000 3210
0x0007ec40: 6000 9311 0010 0000 3210 3209 9110 9308
ADSP-BF537-0.2 500(MHz CCLK) 125(MHz SCLK) (mpu off)
Linux version 2.6.36.1-ADI-2011R1-pre-svn9514 (test@uclinux59-kernel-perf) (gcc version 4.3.5 (ADI-trunk/svn-5013) ) #28 Mon Nov 29 10:45:33 GMT 2010
SEQUENCER STATUS: Not tainted
SEQSTAT: 0000a03f IPEND: 8030 IMASK: 0000 SYSCFG: 0006
Global Interrupts Disabled (IPEND[4])
Peripheral interrupts masked off
Kernel interrupts masked off
HWERRCAUSE: 0x2
EXCAUSE : 0x3f
interrupts disabled
physical IVG5 asserted : <0xffa00d3c> { _evt_ivhw + 0x0 }
physical IVG15 asserted : <0xffa010b8> { _evt_system_call + 0x0 }
logical irq 6 mapped : <0xffa003ec> { _bfin_coretmr_interrupt + 0x0 }
logical irq 10 mapped : <0x000bcffc> { _bfin_rtc_interrupt + 0x0 }
logical irq 18 mapped : <0x000a7d64> { _bfin_serial_dma_rx_int + 0x0 }
logical irq 19 mapped : <0x000a7abc> { _bfin_serial_dma_tx_int + 0x0 }
logical irq 24 mapped : <0x000b82bc> { _bfin_mac_interrupt + 0x0 }
RETE: <0x00000000> /* Maybe null pointer? */
RETN: <0x02ade000> /* kernel dynamic memory (maybe user-space) */
RETX: <0x02c03146> /* kernel dynamic memory (maybe user-space) */
RETS: <0x0005d6de> { _simple_attr_read + 0x7e }
PC : <0x0007ec38> { _debugfs_u16_get + 0x10 }
PROCESSOR STATE:
R0 : 00000000 R1 : 00000000 R2 : 00000000 R3 : 00000000
R4 : 00001000 R5 : 02c6ee64 R6 : 02aad940 R7 : 00000000
P0 : 028d3240 P1 : 02adde88 P2 : ffc01014 P3 : 00000001
P4 : 02addef0 P5 : 02aad900 FP : 02c6ee2c SP : 02addd98
LB0: 02c0cb93 LT0: 02c0cb8a LC0: 0000000e
LB1: 02b8ce01 LT1: 02b8cdb6 LC1: 00000000
B0 : 00000000 L0 : 00000000 M0 : 00000004 I0 : 02c6ffed
B1 : 00000000 L1 : 00000000 M1 : 00000000 I1 : 02c5f7e0
B2 : 00000000 L2 : 00000000 M2 : 00000000 I2 : 02c6fe9c
B3 : 00000000 L3 : 00000000 M3 : 00000000 I3 : 00000000
A0.w: 0000147a A0.x: 00000000 A1.w: 0000147a A1.x: 00000000
USP : 02c6ee20 ASTAT: 02000060
Hardware Trace:
0 Target : <0x00003ef4> { _trap_c + 0x0 }
Source : <0xffa00df4> { _evt_ivhw + 0xb8 } JUMP.L
1 Target : <0xffa00dd6> { _evt_ivhw + 0x9a }
Source : <0xffa00dc8> { _evt_ivhw + 0x8c } IF !CC JUMP pcrel
2 Target : <0xffa00db8> { _evt_ivhw + 0x7c }
Source : <0xffa00db4> { _evt_ivhw + 0x78 } IF CC JUMP pcrel
3 Target : <0xffa00d3c> { _evt_ivhw + 0x0 }
FAULT : <0x0007ec36> { _debugfs_u16_get + 0xe } 0x6000
4 Target : <0x0007ec28> { _debugfs_u16_get + 0x0 }
Source : <0x0005d6dc> { _simple_attr_read + 0x7c } CALL (P2)
5 Target : <0x0005d6d4> { _simple_attr_read + 0x74 }
Source : <0x0005d69c> { _simple_attr_read + 0x3c } IF CC JUMP pcrel (BP)
6 Target : <0x0005d688> { _simple_attr_read + 0x28 }
Source : <0xffa02980> { _mutex_lock_interruptible + 0x38 } RTS
7 Target : <0xffa02954> { _mutex_lock_interruptible + 0xc }
Source : <0xffa0208c> { __cond_resched + 0x20 } RTS
8 Target : <0xffa02086> { __cond_resched + 0x1a }
Source : <0xffa0207e> { __cond_resched + 0x12 } IF CC JUMP pcrel (BP)
9 Target : <0xffa0206c> { __cond_resched + 0x0 }
Source : <0xffa02950> { _mutex_lock_interruptible + 0x8 } CALL pcrel
10 Target : <0xffa02948> { _mutex_lock_interruptible + 0x0 }
Source : <0x0005d684> { _simple_attr_read + 0x24 } CALL pcrel
11 Target : <0x0005d660> { _simple_attr_read + 0x0 }
Source : <0x000495ae> { _vfs_read + 0x66 } CALL (P2)
12 Target : <0x0004958e> { _vfs_read + 0x46 }
Source : <0x00048d3c> { _rw_verify_area + 0x50 } RTS
13 Target : <0x00048cec> { _rw_verify_area + 0x0 }
Source : <0x0004958a> { _vfs_read + 0x42 } CALL pcrel
14 Target : <0x0004957e> { _vfs_read + 0x36 }
Source : <0xffa001b6> { __access_ok + 0x5e } RTS
15 Target : <0xffa001ae> { __access_ok + 0x56 }
Source : <0xffa001c8> { __access_ok + 0x70 } JUMP.S
Kernel Stack
Stack info:
SP: [0x02addf24] <0x02addf24> /* kernel dynamic memory (maybe user-space) */
Memory from 0x02addf20 to 02ade000
02addf20: 00000003 [02c03146] 00008000 00002000 00000000 02ade000 02c03146 02c03146
02addf40: 02c1a0d0 ffa0111c 02001044 02b8ce01 02c0cb93 02b8cdb6 02c0cb8a 00000000
02addf60: 0000000e 0000147a 00000000 0000147a 00000000 00000000 00000000 00000000
02addf80: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
02addfa0: 00000004 00000000 02c6fe9c 02c5f7e0 02c6ffed 02c6ee20 02c6ee2c 02c65c88
02addfc0: 00000000 00000001 02c661b8 <02c6ff82> 00000003 00001000 02c6ee64 00000003
02addfe0: 00000001 00000000 00001000 02c6ee64 00000003 00000003 00000003 00000006
Return addresses in stack:
address : <0x02c6ff82> /* kernel dynamic memory (maybe user-space) */
Modules linked in:
Kernel panic - not syncing: Kernel exception
Hardware Trace:
Stack info:
SP: [0x02addca4] <0x02addca4> /* kernel dynamic memory (maybe user-space) */
FP: (0x02adde8c)
Memory from 0x02addca0 to 02ade000
02addca0: 00000013 [00147120] 00117354 02addd98 00147120 001793cf 001793cf 001793cf
02addcc0: 02addcec 02c6ee2c 0000432c 02addd98 02addef0 00000001 00000000 00000007
02addce0: 0000003f 00000013 02addd98 0000ffff 0000003f 000b71ee ffa017a6 00030001
02addd00: 00000000 000004d4 00000000 000034d4 00000000 00000000 00000000 00000000
02addd20: 028d4e54 00046b96 00000000 00200200 00000000 0005d73a 02a99940 0007ec28
02addd40: 0007ec1c 00152250 00000000 00000000 00192e24 0007f1cc 02a99940 028d3240
02addd60: 0007f1a8 00000000 0200dee0 00000000 02adddc4 ffa00df8 ffc00014 00000000
02addd80: 02aad940 02c6ee64 00001000 ffffff9c 00000024 00000001 02c03146 00008030
02addda0: 0000a03f 00000000 02ade000 02c03146 0007ec38 <0005d6de> 00000000 02000060
02adddc0: 02b8ce01 02c0cb93 02b8cdb6 02c0cb8a 00000000 0000000e 0000147a 00000000
02addde0: 0000147a 00000000 00000000 00000000 00000000 00000000 00000000 00000000
02adde00: 00000000 00000000 00000000 00000000 00000000 00000004 00000000 02c6fe9c
02adde20: 02c5f7e0 02c6ffed 02c6ee20 02c6ee2c 02aad900 02addef0 00000001 ffc01014
02adde40: 02adde88 028d3240 00000000 02aad940 02c6ee64 00001000 00000000 00000000
02adde60: 00000000 00000000 00000000 028d3240 00000006 00046b96 020777a0 00000001
02adde80: 00000000 02a99940 00000040 (00000000)<000495b0> 02a99940 00000003 02addef0
02addea0: 00001000 02c6ee64 00000001 00000000 02a99948 00000020 02addef0 ffffff9c
02addec0: 02adc000 000496c8 02a99940 00000003 02c6ee64 00001000 00000003 00000001
02addee0: 00000008 00000000 ffffe000 02addef0 00000000 00000000 00000000 <ffa00976>
02addf00: 00049698 00000000 ffffe000 ffffe000 02beffba 0000fffe 00000000 00000001
02addf20: 00000003 02c03146 00008000 00002000 00000000 02ade000 02c03146 02c03146
02addf40: 02c1a0d0 ffa0111c 02001044 02b8ce01 02c0cb93 02b8cdb6 02c0cb8a 00000000
02addf60: 0000000e 0000147a 00000000 0000147a 00000000 00000000 00000000 00000000
02addf80: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
02addfa0: 00000004 00000000 02c6fe9c 02c5f7e0 02c6ffed 02c6ee20 02c6ee2c 02c65c88
02addfc0: 00000000 00000001 02c661b8 <02c6ff82> 00000003 00001000 02c6ee64 00000003
02addfe0: 00000001 00000000 00001000 02c6ee64 00000003 00000003 00000003 00000006
Return addresses in stack:
address : <0x0005d6de> { _simple_attr_read + 0x7e }
frame 1 : <0x000495b0> { _vfs_read + 0x68 }
address : <0xffa00976> { _system_call + 0x6a }
address : <0x02c6ff82> /* kernel dynamic memory (maybe user-space) */
...
--
Follow-ups
--- Mike Frysinger 2011-05-01 23:53:08
hmm, is this still an issue ? ffc01014 isnt a valid address on BF537 systems,
and i cant see the current trunk making that available ...
--- Vivi Li 2011-05-19 01:36:34
I can still see this bug on bf537.
--- Vivi Li 2011-05-19 01:46:31
Bellow the latest log. Old toolchain is still using on regression machine, will
that be a problem?
--
/sys/kernel/debug/blackfin/ppi/PPI_FRAME
System MMR Error
<5> - An error occurred due to an invalid access to an System MMR
location
<5> Possible reason: a 32-bit register is accessed with a 16-bit
instruction
<5> or a 16-bit register is accessed with a 32-bit instruction.
Kernel OOPS in progress
HW Error context
CURRENT PROCESS:
COMM=cat PID=330 CPU=0
TEXT = 0x02c00040-0x02c54380 DATA = 0x02c543a0-0x02c68ca8
BSS = 0x02c68ca8-0x02c6a660 USER-STACK = 0x02c73f58
return address: [0x000829b0]; contents of:
0x00082990: 0010 0000 0000 3210 6000 9711 0010 0000
0x000829a0: 3210 3209 9510 42c0 6001 9308 b049 6000
0x000829b0: [0010] 0000 0000 3210 6000 9311 0010 0000
0x000829c0: 3210 3209 9110 9308 6000 b048 0010 0000
ADSP-BF537-0.2 500(MHz CCLK) 125(MHz SCLK) (mpu off)
Linux version 2.6.39-rc7-ADI-2011R1-pre-svn9885 (test@54-7393-1362-sl811-jtag)
(gcc version 4.3.5 (ADI-trunk/svn-5013) ) #444 Wed May 18 13:29:01 CST 2011
SEQUENCER STATUS: Not tainted
SEQSTAT: 0000a03f IPEND: 8030 IMASK: 0000 SYSCFG: 0006
Global Interrupts Disabled (IPEND[4])
Peripheral interrupts masked off
Kernel interrupts masked off
HWERRCAUSE: 0x2
EXCAUSE : 0x3f
interrupts disabled
physical IVG5 asserted : <0xffa00d20> { _evt_ivhw + 0x0 }
physical IVG15 asserted : <0xffa0109c> { _evt_system_call + 0x0 }
logical irq 6 mapped : <0xffa003cc> { _bfin_coretmr_interrupt + 0x0
}
logical irq 10 mapped : <0x000c56a0> { _bfin_rtc_interrupt + 0x0 }
logical irq 18 mapped : <0x000abaac> { _bfin_serial_dma_rx_int + 0x0
}
logical irq 19 mapped : <0x000ab804> { _bfin_serial_dma_tx_int + 0x0
}
logical irq 106 mapped : <0x000bfd3c> { _bfin_mac_interrupt + 0x0 }
RETE: <0x00000000> /* Maybe null pointer? */
RETN: <0x02068000> /* kernel dynamic memory (maybe user-space) */
RETX: <0x02c0330e> /* kernel dynamic memory (maybe user-space) */
RETS: <0x000615ce> { _simple_attr_read + 0x7e }
PC : <0x000829b0> { _debugfs_u16_get + 0x10 }
PROCESSOR STATE:
R0 : 00000000 R1 : 00000000 R2 : 00000000 R3 : 00000000
R4 : 00001000 R5 : 02c72e6c R6 : 028b0700 R7 : 00000000
P0 : 0288188c P1 : 02067e88 P2 : ffc01014 P3 : 00000001
P4 : 02067ef0 P5 : 028b06c0 FP : 02c72e34 SP : 02067d98
LB0: 02c0cd5b LT0: 02c0cd52 LC0: 0000000e
LB1: 02b0cfc9 LT1: 02b0cf7e LC1: 00000000
B0 : 00000000 L0 : 00000000 M0 : 00000004 I0 : 02c73fed
B1 : 00000000 L1 : 00000000 M1 : 00000000 I1 : 02c632cc
B2 : 00000000 L2 : 00000000 M2 : 00000000 I2 : 02c73ea4
B3 : 00000000 L3 : 00000000 M3 : 00000000 I3 : 00000000
A0.w: 0000147a A0.x: 00000000 A1.w: 0000147a A1.x: 00000000
USP : 02c72e28 ASTAT: 02000061
Hardware Trace:
0 Target : <0x00003fbc> { _trap_c + 0x0 }
Source : <0xffa00dd8> { _evt_ivhw + 0xb8 } JUMP.L
1 Target : <0xffa00dba> { _evt_ivhw + 0x9a }
Source : <0xffa00dac> { _evt_ivhw + 0x8c } IF !CC JUMP pcrel
2 Target : <0xffa00d9c> { _evt_ivhw + 0x7c }
Source : <0xffa00d98> { _evt_ivhw + 0x78 } IF CC JUMP pcrel
3 Target : <0xffa00d20> { _evt_ivhw + 0x0 }
FAULT : <0x000829ae> { _debugfs_u16_get + 0xe } 0x6000
4 Target : <0x000829a0> { _debugfs_u16_get + 0x0 }
Source : <0x000615cc> { _simple_attr_read + 0x7c } CALL (P2)
5 Target : <0x000615c4> { _simple_attr_read + 0x74 }
Source : <0x0006158c> { _simple_attr_read + 0x3c } IF CC JUMP pcrel
(BP)
6 Target : <0x00061578> { _simple_attr_read + 0x28 }
Source : <0xffa02a28> { _mutex_lock_interruptible + 0x38 } RTS
7 Target : <0xffa029fc> { _mutex_lock_interruptible + 0xc }
Source : <0xffa02148> { __cond_resched + 0x20 } RTS
8 Target : <0xffa02142> { __cond_resched + 0x1a }
Source : <0xffa0213a> { __cond_resched + 0x12 } IF CC JUMP pcrel
(BP)
9 Target : <0xffa02128> { __cond_resched + 0x0 }
Source : <0xffa029f8> { _mutex_lock_interruptible + 0x8 } CALL
pcrel
10 Target : <0xffa029f0> { _mutex_lock_interruptible + 0x0 }
Source : <0x00061574> { _simple_attr_read + 0x24 } JUMP.L
11 Target : <0x00061550> { _simple_attr_read + 0x0 }
Source : <0x0004bf1a> { _vfs_read + 0x66 } CALL (P2)
12 Target : <0x0004befa> { _vfs_read + 0x46 }
Source : <0x0004b688> { _rw_verify_area + 0x50 } RTS
13 Target : <0x0004b638> { _rw_verify_area + 0x0 }
Source : <0x0004bef6> { _vfs_read + 0x42 } CALL pcrel
14 Target : <0x0004beea> { _vfs_read + 0x36 }
Source : <0xffa001b6> { __access_ok + 0x5e } RTS
15 Target : <0xffa001ae> { __access_ok + 0x56 }
Source : <0xffa001c8> { __access_ok + 0x70 } JUMP.S
Kernel Stack
Stack info:
SP: [0x02067f24] <0x02067f24> /* kernel dynamic memory (maybe
user-space) */
Memory from 0x02067f20 to 02068000
02067f20: 00000003 [02c0330e] 00008000 00002000 00000000 02068000 02c0330e
02c0330e
02067f40: 02c50b48 ffa01100 02001044 02b0cfc9 02c0cd5b 02b0cf7e 02c0cd52
00000000
02067f60: 0000000e 0000147a 00000000 0000147a 00000000 00000000 00000000
00000000
02067f80: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000
02067fa0: 00000004 00000000 02c73ea4 02c632cc 02c73fed 02c72e28 02c72e34
02c69c30
02067fc0: 00000000 00000001 02c6a148 <02c73f82> 00000003 00001000
02c72e6c 00000003
02067fe0: 00000001 00000000 00001000 02c72e6c 00000003 00000003 00000003
00000006
Return addresses in stack:
address : <0x02c73f82> /* kernel dynamic memory (maybe user-space)
*/
Modules linked in:
Kernel panic - not syncing: Kernel exception
Hardware Trace:
Stack info:
SP: [0x02067ca0] <0x02067ca0> /* kernel dynamic memory (maybe
user-space) */
FP: (0x02067e8c)
Memory from 0x02067ca0 to 02068000
02067ca0:[001546b4] 001235d4 02067d98 001546b4 001883cb 001883cb 001883cb
02067ce8
02067cc0: 02c72e34 00004478 02067d98 02067ef0 00000001 00000000 00000007
0000003f
02067ce0: 00000013 02067d98 0000ffff ffffffff 02597b20 000829a0 00030001
0015f798
02067d00: 00000000 024fc554 00052652 00082f44 02597b20 0288188c 00082f20
00000000
02067d20: 0200eee0 02067df0 00001051 0287f714 00052652 00082994 0015f798
<0004a4e8>
02067d40: 00000001 00051dc4 0288188c 02067ec4 0004a6b8 02597b20 02067ec4
00052192
02067d60: 02067e34 02067e34 00000000 00000000 00000000 ffa00ddc ffc00014
00000000
02067d80: 028b0700 02c72e6c 00001000 00000000 0237d01f 028cb400 02c0330e
00008030
02067da0: 0000a03f 00000000 02068000 02c0330e 000829b0 <000615ce>
00000000 02000061
02067dc0: 02b0cfc9 02c0cd5b 02b0cf7e 02c0cd52 00000000 0000000e 0000147a
00000000
02067de0: 0000147a 00000000 00000000 00000000 00000000 00000000 00000000
00000000
02067e00: 00000000 00000000 00000000 00000000 00000000 00000004 00000000
02c73ea4
02067e20: 02c632cc 02c73fed 02c72e28 02c72e34 028b06c0 02067ef0 00000001
ffc01014
02067e40: 02067e88 0288188c 00000000 028b0700 02c72e6c 00001000 00000000
00000000
02067e60: 00000000 00000000 00000000 0288188c 00000006 0201cd44 00000003
00000000
02067e80: 00000000 00000000 00000000 (00000000)<0004bf1c> 02597b20
00000003 02067ef0
02067ea0: 00001000 02c72e6c 00000001 02b73b74 00000020 02597b28 02067ef0
00000000
02067ec0: 00000000 0004c034 02597b20 00000003 02c72e6c 00001000 00000003
00000001
02067ee0: 02c68a5c 00000000 ffffe000 02067ef0 00000000 00000000 00000000
<ffa0095a>
02067f00: 0004c004 00000000 ffffe000 029f8ff6 02047040 0205c2e0 00000000
00000001
02067f20: 00000003 02c0330e 00008000 00002000 00000000 02068000 02c0330e
02c0330e
02067f40: 02c50b48 ffa01100 02001044 02b0cfc9 02c0cd5b 02b0cf7e 02c0cd52
00000000
02067f60: 0000000e 0000147a 00000000 0000147a 00000000 00000000 00000000
00000000
02067f80: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000
02067fa0: 00000004 00000000 02c73ea4 02c632cc 02c73fed 02c72e28 02c72e34
02c69c30
02067fc0: 00000000 00000001 02c6a148 <02c73f82> 00000003 00001000
02c72e6c 00000003
02067fe0: 00000001 00000000 00001000 02c72e6c 00000003 00000003 00000003
00000006
Return addresses in stack:
address : <0x0004a4e8> { ___dentry_open + 0xcc }
address : <0x000615ce> { _simple_attr_read + 0x7e }
frame 1 : <0x0004bf1c> { _vfs_read + 0x68 }
address : <0xffa0095a> { _system_call + 0x6a }
address : <0x02c73f82> /* kernel dynamic memory (maybe user-space)
*/
--
--- Mike Frysinger 2011-05-26 17:30:38
issue is that debug-mmrs is using PPI_STATUS as the base instead of PPI_CONTROL.
i typoed this because EPPI is based on EPPI_STATUS instead of EPPI_CONTROL.
so should be fixed now by using PPI_CONTROL.
i also fixed a few other issues on the BF537, and now i can `grep -r .
/sys/kernel/debug/blackfin` again.
--- Vivi Li 2011-05-30 05:13:59
Yes, OK now. Close it.
Thanks!
Files
Changes
Commits
Dependencies
Duplicates
Associations
Tags
File Name File Type File Size Posted By
config.linux.debug_mmrs application/octet-stream 37597 Vivi Li