[#5949] Sometimes kernel panics when transfer data between gadget serial and host pc
Submitted By: Vivi Li
Open Date
2010-03-05 06:17:31
Priority:
Medium Assignee:
Bob Liu
Status:
Open Fixed In Release:
N/A
Found In Release:
2010R1 Release:
Category:
N/A Board:
N/A
Processor:
BF526 Silicon Revision:
Is this bug repeatable?:
Yes Resolution:
Assigned (Not Start)
Uboot version or rev.:
Toolchain version or rev.:
gcc4.3-2010_Jan_22
App binary format:
N/A
Summary: Sometimes kernel panics when transfer data between gadget serial and host pc
Details:
Sometimes kernel panics when transfer data between gadget serial and host pc.
On target:
--
root:/> modprobe g_serial use_acm=1
g_serial gadget: Gadget Serial v2.4
g_serial gadget: g_serial ready
g_serial gadget: high speed config #2: CDC ACM config
root:/> dmesg|tail
dma_alloc_init: dma_page @ 0x02520000 - 512 pages at 0x03e00000
IP-Config: Complete:
device=eth0, addr=10.100.4.50, mask=255.255.255.0, gw=10.100.4.174,
host=bf526-ezbrd, domain=, nis-domain=(none),
bootserver=10.100.4.174, rootserver=10.100.4.174, rootpath=
Freeing unused kernel memory: 3464k freed
PHY: 0:01 - Link is Up - 100/Full
g_serial gadget: Gadget Serial v2.4
g_serial gadget: g_serial ready
g_serial gadget: high speed config #2: CDC ACM config
root:/>
--
On host:
--
uclinux63-527-usbdev:..testsuites/usbdev # stty -F /dev/ttyACM0 -icrnl
uclinux63-527-usbdev:..testsuites/usbdev # cat /dev/ttyACM0 > host_file
--
On target:
--
ls /dev/tty*
/dev/tty /dev/ttyBF1 /dev/ttyGS0
root:/> cat /proc/kallsyms > test_file
root:/> cat test_file > /dev/ttyGS0
NULL pointer access
Kernel OOPS in progress
Deferred Exception context
CURRENT PROCESS:
COMM=events/0 PID=5 CPU=0
invalid mm
return address: [0x020781ca]; contents of:
0x020781a0: 0010 ad9a 6c66 3006 b057 bdaa b1ed b19f
0x020781b0: 9077 0127 05a3 0010 3210 0578 0167 6fa6
0x020781c0: e512 0041 0037 61f8 0040 [9110] 0c00 1822
0x020781d0: 0000 0000 0000 e411 0011 e410 0013 5008
ADSP-BF526-0.2 400(MHz CCLK) 80(MHz SCLK) (mpu off)
Linux version 2.6.32.9-ADI-2010R1-pre-svn8361 (test@uclinux63-527-usbdev) (gcc version 4.3.4 (ADI-trunk/svn-3815) ) #347 Thu Mar 4 13:14:51 CST 2010
SEQUENCER STATUS: Not tainted
SEQSTAT: 00002027 IPEND: 8008 IMASK: 003f SYSCFG: 0006
Peripheral interrupts masked off
Kernel interrupts masked off
EXCAUSE : 0x27
physical IVG3 asserted : <0xffa006c0> { _trap + 0x0 }
physical IVG15 asserted : <0xffa00efc> { _evt_system_call + 0x0 }
logical irq 6 mapped : <0xffa00358> { _bfin_coretmr_interrupt + 0x0 }
logical irq 21 mapped : <0x000d8280> { _bfin_rtc_interrupt + 0x0 }
logical irq 27 mapped : <0x000da488> { _bfin_twi_interrupt_entry + 0x0 }
logical irq 31 mapped : <0x0009fd40> { _bfin_serial_dma_rx_int + 0x0 }
logical irq 32 mapped : <0x0009fab4> { _bfin_serial_dma_tx_int + 0x0 }
logical irq 35 mapped : <0x000bff48> { _bfin_mac_interrupt + 0x0 }
logical irq 59 mapped : <0x000d3e00> { _blackfin_interrupt + 0x0 }
RETE: <0x00000000> /* Maybe null pointer? */
RETN: <0x02027dd8> /* kernel dynamic memory (maybe user-space) */
RETX: <0x00000480> /* Maybe fixed code section */
RETS: <0x000979b4> { _process_echoes + 0x40 }
PC : <0x020781ca> { :g_serial:_usb_function_activate + 0x16e }
DCPLB_FAULT_ADDR: <0x00000000> /* Maybe null pointer? */
ICPLB_FAULT_ADDR: <0x020781ca> { :g_serial:_usb_function_activate + 0x16e }
PROCESSOR STATE:
R0 : 0000003f R1 : ffffffc0 R2 : 00000000 R3 : 00000000
R4 : 00000000 R5 : 0000005e R6 : 00000000 R7 : 0000ffff
P0 : ffa00928 P1 : 02832c00 P2 : 00000000 P3 : 0283e4f5
P4 : 02832c00 P5 : 0283e5f6 FP : 02027e04 SP : 02027cfc
LB0: 0008c9e8 LT0: 0008c9e6 LC0: 00000000
LB1: 00008dc6 LT1: 00008dc6 LC1: 00000000
B0 : 00000001 L0 : 00000000 M0 : 00000004 I0 : 001a19a8
B1 : 00000000 L1 : 00000000 M1 : 00000001 I1 : 00000000
B2 : 025e26e3 L2 : 00000000 M2 : 00000000 I2 : 027e2ea4
B3 : 00000000 L3 : 00000000 M3 : 00000000 I3 : 00000000
A0.w: 00000004 A0.x: 00000000 A1.w: 00000004 A1.x: 00000000
USP : 00000000 ASTAT: 02003005
Hardware Trace:
0 Target : <0x0000517c> { _trap_c + 0x0 }
Source : <0xffa00654> { _exception_to_level5 + 0xa4 } CALL pcrel
1 Target : <0xffa005b0> { _exception_to_level5 + 0x0 }
Source : <0xffa00464> { _bfin_return_from_exception + 0x18 } RTX
2 Target : <0xffa0044c> { _bfin_return_from_exception + 0x0 }
Source : <0xffa00508> { _ex_trap_c + 0x74 } JUMP.S
3 Target : <0xffa00494> { _ex_trap_c + 0x0 }
Source : <0xffa0071a> { _trap + 0x5a } JUMP (P4)
4 Target : <0xffa006c0> { _trap + 0x0 }
Source : <0x020781c8> { :g_serial:_usb_function_activate + 0x16c } STI R0
5 Target : <0x020781b8> { :g_serial:_usb_function_activate + 0x15c }
Source : <0x00099766> { _tty_write_room + 0xa } JUMP (P2)
6 Target : <0x0009975c> { _tty_write_room + 0x0 }
Source : <0x000979b0> { _process_echoes + 0x3c } CALL pcrel
7 Target : <0x000979ae> { _process_echoes + 0x3a }
Source : <0x0012a9fe> { _mutex_lock + 0x36 } RTS
8 Target : <0x0012a9d4> { _mutex_lock + 0xc }
Source : <0x0012a0e0> { __cond_resched + 0x20 } RTS
9 Target : <0x0012a0da> { __cond_resched + 0x1a }
Source : <0x0012a0d2> { __cond_resched + 0x12 } IF CC JUMP
10 Target : <0x0012a0c0> { __cond_resched + 0x0 }
Source : <0x0012a9d0> { _mutex_lock + 0x8 } CALL pcrel
11 Target : <0x0012a9c8> { _mutex_lock + 0x0 }
Source : <0x000979aa> { _process_echoes + 0x36 } CALL pcrel
12 Target : <0x0009799e> { _process_echoes + 0x2a }
Source : <0x0012a9fe> { _mutex_lock + 0x36 } RTS
13 Target : <0x0012a9d4> { _mutex_lock + 0xc }
Source : <0x0012a0e0> { __cond_resched + 0x20 } RTS
14 Target : <0x0012a0da> { __cond_resched + 0x1a }
Source : <0x0012a0d2> { __cond_resched + 0x12 } IF CC JUMP
15 Target : <0x0012a0c0> { __cond_resched + 0x0 }
Source : <0x0012a9d0> { _mutex_lock + 0x8 } CALL pcrel
Kernel Stack
Stack info:
SP: [0x02027d64] <0x02027d64> /* kernel dynamic memory (maybe user-space) */
FP: (0x02027f74)
Memory from 0x02027d60 to 02028000
02027d60: 00000000 [00000000] 00000000 00000000 00000000 00000001 00000004 00000000
02027d80: 027e2ea4 00000000 001a19a8 00000000 02027e04 0283e5f6 02832c00 0283e4f5
02027da0: 00000000 02832c00 ffa00928 0000ffff 00000000 0000005e 00000000 00000000
02027dc0: 00000000 ffffffc0 0000003f 0000003f ffa00928 00000006 <0012a0e6> 02832f8c
02027de0: 0000005e <000979b4> 00000001 ffffffc0 02832ce8 <0012a9d4> 02832f80 02832f8c
02027e00: 02832c00 02832ce8 <00098ff4> 0283e5f6 02832c00 0283e4f5 00000001 00000000
02027e20: 0000005e 00000000 02058000 02783606 0009b344 <0009b18c> 00000006 02832ca0
02027e40: 02832d50 02832c84 02832d20 0008cadc 00000000 00000000 00000004 00000000
02027e60: 00000004 00000000 00000000 025e26e3 00000000 00000001 00000000 00000000
02027e80: 00000000 00000000 00000000 00000000 00000001 00000004 00000000 027e2ea4
02027ea0: 0283538c 001a19a8 00000000 001a19a8 02832c00 02832c84 02527c80 0283e400
02027ec0: 02527c80 0283e5f6 0283e51c 0000ffff 001a19a8 <0009b352> 02832c00 02832c84
02027ee0: 02527c80 0283e51c 0000ffff 0000003f ffffffc0 00000001 00000000 02838c00
02027f00: 00000001 02507558 <0207965a> 001a19a8 02507540 02832c00 00000001 02507560
02027f20: 00000000 00000001 0000ffff 0000ffff ffa00928 00000006 02832c84 02018100
02027f40: 001a19a8 <0001c794> 0250756c 02001a60 020794f0 02026000 00000000 0000003f
02027f60: ffffffc0 0250756c 02026008 02026000 02026000 (00000000)<0001c842> 02001a60
02027f80: 0001c808 00000000 02001a68 02027fa4 00000000 00000000 02026008 02026000
02027fa0: 02026000 00000000 02018040 0001f62c 02027fb0 02027fb0 <0001f2ae> 0201bf3c
02027fc0: 02001a60 00000000 00000000 0001f254 00001500 00000000 00000000 02027fdc
02027fe0: 02027fdc <00001506> 00000000 00000000 00000000 00000000 ffffffff 00000006
Return addresses in stack:
address : <0x0012a0e6> { __cond_resched + 0x26 }
address : <0x000979b4> { _process_echoes + 0x40 }
address : <0x0012a9d4> { _mutex_lock + 0xc }
address : <0x00098ff4> { _n_tty_receive_buf + 0x280 }
address : <0x0009b18c> { _flush_to_ldisc + 0x14 }
address : <0x0009b352> { _flush_to_ldisc + 0x1da }
address : <0x0207965a> { :g_serial:_gserial_connect + 0x5a6 }
address : <0x0001c794> { _run_workqueue + 0x90 }
frame 1 : <0x0001c842> { _worker_thread + 0x3a }
address : <0x0001f2ae> { _kthread + 0x5a }
address : <0x00001506> { _kernel_thread_helper + 0x6 }
Modules linked in: g_serial
Kernel panic - not syncing: Kernel exception
...
--
Follow-ups
--- Vivi Li 2010-04-22 00:32:46
Also it may fail like this:
On host:
--
uclinux63-527-usbdev:..testsuites/usbdev # stty -F /dev/ttyUSB0 -icrnl
uclinux63-527-usbdev:..testsuites/usbdev # cat /dev/ttyUSB0 > host_file
--
On target:
--
root:/> cat /proc/kallsyms > test_file
cat test_file > /dev/ttyGS0^M
irq 85: nobody cared (try booting with the "irqpoll" option)^M
Hardware Trace:^M
0 Target : <0x0019d800> { _dump_stack + 0x0 }^M
Source : <0x0002f5d4> { ___report_bad_irq + 0x1c } CALL pcrel^M
1 Target : <0x0002f5d4> { ___report_bad_irq + 0x1c }^M
Source : <0x0002f630> { ___report_bad_irq + 0x78 } JUMP.S^M
2 Target : <0x0002f630> { ___report_bad_irq + 0x78 }^M
Source : <0x0019d98c> { _printk + 0x14 } RTS^M
3 Target : <0x0019d988> { _printk + 0x10 }^M
Source : <0x00010fae> { _vprintk + 0x16a } RTS^M
4 Target : <0x00010fa2> { _vprintk + 0x15e }^M
Source : <0x00010f94> { _vprintk + 0x150 } IF CC JUMP pcrel ^M
5 Target : <0x00010f8c> { _vprintk + 0x148 }^M
Source : <0x000110d2> { _vprintk + 0x28e } JUMP.S^M
6 Target : <0x000110d2> { _vprintk + 0x28e }^M
Source : <0x00010bc6> { _release_console_sem + 0x1be } RTS^M
7 Target : <0x00010ba0> { _release_console_sem + 0x198 }^M
Source : <0x00010b92> { _release_console_sem + 0x18a } IF CC JUMP
pcrel (BP)^M
8 Target : <0x00010b8a> { _release_console_sem + 0x182 }^M
Source : <0x000232fa> { _up + 0x3e } RTS^M
9 Target : <0x000232f4> { _up + 0x38 }^M
Source : <0x000232e6> { _up + 0x2a } IF CC JUMP pcrel (BP)^M
10 Target : <0x000232bc> { _up + 0x0 }^M
Source : <0x00010b86> { _release_console_sem + 0x17e } CALL pcrel^M
11 Target : <0x00010b72> { _release_console_sem + 0x16a }^M
Source : <0x00010a6a> { _release_console_sem + 0x62 } IF CC JUMP
pcrel ^M
12 Target : <0x00010a4a> { _release_console_sem + 0x42 }^M
Source : <0x00010a9c> { _release_console_sem + 0x94 } IF CC JUMP
pcrel (BP)^M
13 Target : <0x00010a92> { _release_console_sem + 0x8a }^M
Source : <0x000105fe> { __call_console_drivers + 0x62 } RTS^M
14 Target : <0x000105f8> { __call_console_drivers + 0x5c }^M
Source : <0x000105d2> { __call_console_drivers + 0x36 } IF CC JUMP
pcrel ^M
15 Target : <0x000105c2> { __call_console_drivers + 0x26 }^M
Source : <0x000105b2> { __call_console_drivers + 0x16 } IF !CC JUMP
pcrel (BP)^M
Stack info:^M
SP: [0x02027c7c] <0x02027c7c> /* kernel dynamic memory */^M
Memory from 0x02027c70 to 02028000^M
02027c70: 02027e4c 02027c7c 00000055 [00241fc8] 0002f5d8 002513a4 00000055
0024c508 ^M
02027c90: 00000055 00000000 0002f740 002513a4 00017c10 00017bf2 0000000b
0002febc ^M
02027cb0: 002513a4 020540c0 02026000 00000055 02027e4c 00000000 0000000a
00241fc8 ^M
02027cd0: 00014ade 02063018 <ffa00372> 0025787c 00000055 00000200
00000000 00000000 ^M
02027cf0: ffa00be4 0025787c 00000202 00000000 000001d4 00000000 00000000
00014b70 ^M
02027d10: 0000c810 00002000 00000000 02d22000 02d836c2 00014b70 ffa00358
0000000b ^M
02027d30: 02002000 0000e710 000aa0bc 0000e6fa 000aa0ba 00000000 00000000
00000007 ^M
02027d50: 00000000 00000026 00000000 ffffffff 02ae8773 3d08ffab 00000000
00000000 ^M
02027d70: 00000000 00000000 00000000 00000000 00000000 ffffffff 00000000
00000000 ^M
02027d90: 00000000 00000000 00000000 00000000 00241fc8 0025787c 020540c0
02026000 ^M
02027db0: 0024c508 02026000 00000000 00000202 00000000 00000000 0000000a
02027e24 ^M
02027dd0: 00000100 02026000 0000ffff 0000ffff 00000000 00000006 020540fc
0002febc ^M
02027df0: 0024faf4 020540c0 02bf6000 00000006 020540d8 ffa00358 0025787c
020540c0 ^M
02027e10: 02bf6000 00000006 00000000 00000000 00000001 00000200 00000000
00000000 ^M
02027e30: ffa00be4 0024c508 00000001 020540e0 02bf6150 02bf6084 02bf6120
02bfd636 ^M
02027e50: 00008050 00002000 00000000 02d22000 02d836c2 02bfd636
<02bfd632> 00000006 ^M
02027e70: 02003025 000092f6 000aa0bc 000092f6 000aa0ba 00000000 00000000
00000004 ^M
02027e90: 00000000 00000004 00000000 00000000 02ae8773 00000000 00000001
00000000 ^M
02027eb0: 00000000 00000000 00000000 00000000 00000000 00000001 00000004
00000000 ^M
02027ed0: 02de8ea4 02bc4384 00000001 00000000 020540d8 0024c508 020540c0
02bf6000 ^M
02027ef0: ffc04024 02063040 00113c74 00000001 020540e0 00000000 00000001
00000069 ^M
02027f10: ffc04034 00000000 0000ffff 0000ffff 00113c74 00000006 0000be36
0024d90c ^M
02027f30: 02018040 00000000 02bf6084 02018100 0024c508 <0001d140>
020540ec 02001a60 ^M
02027f50: 02bfd500 02026000 00000000 0000003f ffffffc0 020540ec 02026008
02026000 ^M
02027f70: 02026000 00000000 0001d1ee 02001a60 0001d1b4 00000000 02001a68
02027fa4 ^M
02027f90: 00000000 00000000 02026008 02026000 02026000 00000000 02018040
0001ffac ^M
02027fb0: 02027fb0 02027fb0 <0001fc2e> 0201bf3c 02001a60 00000000
00000000 0001fbd4 ^M
02027fd0: 00001500 00000000 00000000 02027fdc 02027fdc <00001506>
00000000 00000000 ^M
02027ff0: 00000000 00000000 ffffffff 00000006 ^M
Return addresses in stack:^M
address : <0xffa00372> { _asm_do_IRQ + 0x72 }^M
address : <0x02bfd632> { :g_serial:_gserial_connect + 0x572 }^M
address : <0x0001d140> { _run_workqueue + 0x90 }^M
address : <0x0001fc2e> { _kthread + 0x5a }^M
address : <0x00001506> { _kernel_thread_helper + 0x6 }^M
handlers:^M
[<00113d3c>] (_dma_controller_irq+0x0/0x174)^M
Disabling IRQ #85^M
--
--- Bob Liu 2010-09-01 23:14:50
I can't repeat it on the latest svn trunk.
--- Vivi Li 2010-09-02 06:10:46
The last time I saw this crash on bf527-ezkit is on Aug 30th with following
version info:
--
kernel: Linux release 2.6.34.6-ADI-2010R1-pre-svn9115, build #290 Mon Aug 30
18:31:54 CST 2010
toolchain: bfin-uclinux-gcc release gcc version 4.3.5 (ADI-trunk/svn-4747)
user-dist: release svn-9801, build #853 Mon Aug 30 18:29:42 CST 2010
--
--- Vivi Li 2010-11-08 22:52:44
I think you can try it on bf527-ezkit with dma mode. I can still see similar
crash in 2010r1 branch.
On bf548-ezkit, I haven't seen this since end of Jun.
Files
Changes
Commits
Dependencies
Duplicates
Associations
Tags
File Name File Type File Size Posted By
No Files Were Found