2010-10-21 13:27:04 Kernel OOPS: NULL pointer access in bfin_mac.c
Andreas Schallenberg (GERMANY)
Message: 94814
Background: I'm working on support for the DNP/5370 board
with the 2.6.28.10-ADI-2009R1.1 kernel.
For some reason I managed to cause a kernel OOPS during boot:
...
NULL pointer access
Kernel OOPS in progress
Deferred Exception context
CURRENT PROCESS:
COMM=swapper PID=1
CPU = 0
invalid mm
return address: [0x00199846]; contents of:
0x00199820: e140 0014 e100 6b6c e3f3 9904 6b6d 2141
0x00199830: e12a 0380 5bd4 e50a 0032 e149 ffc0 e109
0x00199840: 0008 e73a 001d [bd94] 9508 4870 141f 950b
0x00199850: 4a73 9508 0803 181a 0032 e14a ffc0 e10a
ADSP-BF537-0.3 600(MHz CCLK) 120(MHz SCLK) (mpu off)
Linux version 2.6.28.10-ADI-2009R1.1ASc-svn1213
Built with gcc version 4.1.2 (ADI svn)
SEQUENCER STATUS: Not tainted
SEQSTAT: 00000027 IPEND: 8030 SYSCFG: 0006
EXCAUSE : 0x27
interrupts disabled
physical IVG5 asserted : <0xffa00bd4> { _evt_ivhw + 0x0 }
physical IVG15 asserted : <0xffa00d24> { _evt_system_call + 0x0 }
logical irq 6 mapped : <0xffa00390> { _timer_interrupt + 0x0 }
RETE: <0x00000000> /* Maybe null pointer? */
RETN: <0x001edd54> /* kernel dynamic memory */
RETX: <0x00000480> /* Maybe fixed code section */
RETS: <0x00199716> { _bfin_mac_probe + 0x12 }
PC : <0x00199846> { _bfin_mac_probe + 0x142 }
DCPLB_FAULT_ADDR: <0x00000018> /* Maybe null pointer? */
ICPLB_FAULT_ADDR: <0x00199846> { _bfin_mac_probe + 0x142 }
PROCESSOR STATE:
R0 : 21ad0802 R1 : 00003136 R2 : 00000031 R3 : 01a58176
R4 : 00000000 R5 : 00183054 R6 : 000000ac R7 : 0017ced4
P0 : 01a58176 P1 : ffc00008 P2 : 00000000 P3 : 0017cedc
P4 : 01a58020 P5 : 01a58150 FP : 01a583a0 SP : 001edc78
LB0: ffa01308 LT0: ffa01308 LC0: 00000000
LB1: 00000000 LT1: 00000000 LC1: 00000000
B0 : 00000000 L0 : 00000000 M0 : 00000000 I0 : 00000000
B1 : 00000000 L1 : 00000000 M1 : 00000000 I1 : 01a57e74
B2 : 00000000 L2 : 00000000 M2 : 00000000 I2 : 00000000
B3 : 00000000 L3 : 00000000 M3 : 00000000 I3 : 00000000
A0.w: 00000000 A0.x: 00000000 A1.w: 00000000 A1.x: 00000000
USP : 00000000 ASTAT: 00001004
Hardware Trace:
0 Target : <0x00004890> { _trap_c + 0x0 }
Source : <0xffa00638> { _exception_to_level5 + 0xa4 } CALL pcrel
1 Target : <0xffa00594> { _exception_to_level5 + 0x0 }
Source : <0xffa00468> { _bfin_return_from_exception + 0x18 } RTX
2 Target : <0xffa00450> { _bfin_return_from_exception + 0x0 }
Source : <0xffa004f8> { _ex_trap_c + 0x6c } JUMP.S
3 Target : <0xffa0048c> { _ex_trap_c + 0x0 }
Source : <0xffa00704> { _trap + 0x58 } JUMP (P4)
4 Target : <0xffa006ac> { _trap + 0x0 }
Source : <0x00199842> { _bfin_mac_probe + 0x13e } 0xe73a
5 Target : <0x00199830> { _bfin_mac_probe + 0x12c }
Source : <0x0019980e> { _bfin_mac_probe + 0x10a } IF CC JUMP
6 Target : <0x0019979e> { _bfin_mac_probe + 0x9a }
Source : <0x00199782> { _bfin_mac_probe + 0x7e } IF !CC JUMP
7 Target : <0x00199740> { _bfin_mac_probe + 0x3c }
Source : <0x0019971e> { _bfin_mac_probe + 0x1a } IF CC JUMP
8 Target : <0x00199716> { _bfin_mac_probe + 0x12 }
Source : <0x000db876> { _alloc_etherdev_mq + 0x1e } RTS
9 Target : <0x000db872> { _alloc_etherdev_mq + 0x1a }
Source : <0x000d14ae> { _alloc_netdev_mq + 0x12a } RTS
10 Target : <0x000d149e> { _alloc_netdev_mq + 0x11a }
Source : <0x000d14a4> { _alloc_netdev_mq + 0x120 } IF CC JUMP
11 Target : <0x000d149e> { _alloc_netdev_mq + 0x11a }
Source : <0x000d14a4> { _alloc_netdev_mq + 0x120 } IF CC JUMP
12 Target : <0x000d149e> { _alloc_netdev_mq + 0x11a }
Source : <0x000d14a4> { _alloc_netdev_mq + 0x120 } IF CC JUMP
13 Target : <0x000d149e> { _alloc_netdev_mq + 0x11a }
Source : <0x000d14a4> { _alloc_netdev_mq + 0x120 } IF CC JUMP
14 Target : <0x000d149e> { _alloc_netdev_mq + 0x11a }
Source : <0x000d14a4> { _alloc_netdev_mq + 0x120 } IF CC JUMP
15 Target : <0x000d149c> { _alloc_netdev_mq + 0x118 }
Source : <0xffa0130a> { _memset + 0x42 } RTS
Kernel Stack
Stack info:
SP: [0x001edd50] <0x001edd50> /* kernel dynamic memory */
FP: (0x001edd74)
Memory from 0x001edd50 to 001ee000
001edd50:[00000006]<0006501c> 0017cedc 00183054 00000000 0017cf44 00183054 000010a9
001edd70: 001ede54 (001ede54)<000a690a> 0017cedc 00183054 001793cc 0017cf88 000000ac
001edd90: 00183054 00000000 00000000 00000000 00000001 <0010b8c0><000a69d4> 0017cedc
001eddb0: 00183054 00183054 0017cf88 <000a60c8> 000a698c 00182bcc <000a6198> 000a698c
001eddd0: 00182bcc 00000000 001edde8 01a57ee8 <0008eb20> 01a57ee8 01be2644 0017cf24
001eddf0:<000a6782> 01a57ee8 00000000 00000000 00000000 001ede28 001ede28 <000a6498>
001ede10: 000a698c <000a64b0> 00138bdc <000a6b42> 00161024 00135a38 00138b88 <000a6b42>
001ede30: 00161024 00196414 00183054 00000000 00000000 00000000 <00196424> 00161024
001ede50: 00196414 (00000000)<0000104a> 00161024 00196414 00000000 00000000 00000000
001ede70: 801edfa3 ffffffff 001edecc <0002c24c> 001eabc0 001887e8 00000000 00000065
001ede90: 000000d0 0000ffff 00000004 000200d0 00000000 <00033a66><00033a66> 00000001
001edeb0: 00000044 000080d0 <00033df0> 001a6f80 00180ac0 00180ac0 00000094 00000000
001eded0: 00000000 00000004 00000004 <00033c64> 00000000 ffffffff 001edf6c <0008df56>
001edef0:<0008e040> 01be1994 01be1998 0016e36c 00000000 000000d2 00000000 00000000
001edf10: 00000000 001edf18 01be18fc 00000000 0016e36c 000000d0 00000061 00000000
001edf30: 00008124 00000000 <0005fef6> 001fc0cc 001fc06c 00000000 001fc0cc 00004000
001edf50: 00000000 00000000 00000000 <0013b050><000600e0> 0018069c 0016d89c 000000d2
001edf70:<000600ee> 0018069c 0016d89c 0016d89c 001edfa4 7fffff00 00000001 <000272d2>
001edf90: 001edfa4 00000061 0019dd60 0000000e 001fc06c 00003739 00000000 00190000
001edfb0:<00027322> 0019dd60 0019dd60 00000061 0018069c <0018c384> 00000000 0019df2c
001edfd0: 0019dd60 00000000 00000000 00000000 00000000 00000000 <00001426> 00000000
001edff0: 00000000 00000000 ffffffff 00000006
Return addresses in stack:
address : <0x0006501c> { _sysfs_create_link + 0xc }
frame 1 : <0x000a690a> { _driver_probe_device + 0xc6 }
address : <0x0010b8c0> { _klist_next + 0x2c }
address : <0x000a69d4> { ___driver_attach + 0x48 }
address : <0x000a60c8> { _next_device + 0x8 }
address : <0x000a6198> { _bus_for_each_dev + 0x38 }
address : <0x0008eb20> { _kobject_init_and_add + 0x20 }
address : <0x000a6782> { _driver_attach + 0x1a }
address : <0x000a6498> { _bus_add_driver + 0x64 }
address : <0x000a64b0> { _bus_add_driver + 0x7c }
address : <0x000a6b42> { _driver_register + 0x6a }
address : <0x000a6b42> { _driver_register + 0x6a }
address : <0x00196424> { _bfin_mac_init + 0x10 }
frame 2 : <0x0000104a> { __stext + 0x4a }
address : <0x0002c24c> { ___alloc_pages_internal + 0x80 }
address : <0x00033a66> { _slob_page_alloc + 0x106 }
address : <0x00033a66> { _slob_page_alloc + 0x106 }
address : <0x00033df0> { _slob_alloc + 0x5c }
address : <0x00033c64> { _slob_free + 0x128 }
address : <0x0008df56> { _ida_get_new_above + 0x42 }
address : <0x0008e040> { _ida_get_new_above + 0x12c }
address : <0x0005fef6> { _proc_register + 0x2e }
address : <0x0013b050> /* kernel dynamic memory */
address : <0x000600e0> { _create_proc_entry + 0x5c }
address : <0x000600ee> { _create_proc_entry + 0x6a }
address : <0x000272d2> { _register_irq_proc + 0x66 }
address : <0x00027322> { _init_irq_proc + 0x36 }
address : <0x0018c384> { _kernel_init + 0x68 }
address : <0x00001426> { _kernel_thread_helper + 0x6 }
Modules linked in:
Kernel panic - not syncing: Kernel exception
The access is done in bfin_mac.c, bfin_mac_probe() function:
...
lp->mii_bus->priv = ndev;
...
The following patch avoids the crash but does not solve the reason for it:
Index: linux-2.6.x/drivers/net/bfin_mac.c
===================================================================
--- linux-2.6.x/drivers/net/bfin_mac.c (revision 1213)
+++ linux-2.6.x/drivers/net/bfin_mac.c (working copy)
@@ -1061,6 +1061,12 @@
}
pd = pdev->dev.platform_data;
lp->mii_bus = platform_get_drvdata(pd);
+
+ if (!lp->mii_bus) {
+ dev_err(&pdev->dev, "Cannot get mii_bus drv_data!\n");
+ rc = -ENODEV;
+ goto out_err_probe_mac;
+ }
lp->mii_bus->priv = ndev;
rc = mii_probe(ndev);
I assume that this is a mistake in my board configuration file. Here are some
parts of it (which I assume to be relevant).
#if defined(CONFIG_BFIN_MAC) || defined(CONFIG_BFIN_MAC_MODULE)
static struct platform_device bfin_mii_bus = {
.name = "bfin_mii_bus",
};
static struct platform_device bfin_mac_device = {
.name = "bfin_mac",
.dev.platform_data = &bfin_mii_bus,
};
#endif
... skipped ...
#if defined(CONFIG_MTD_PHYSMAP) || defined(CONFIG_MTD_PHYSMAP_MODULE)
static struct mtd_partition nor_partitions[] = {
{
.name = "bootloader(nor)",
.size = 0x30000,
.offset = 0,
}, {
.name = "linux kernel and rootfs(nor)",
.size = 0x300000 - 0x30000 - 0x10000,
.offset = MTDPART_OFS_APPEND,
}, {
.name = "MAC address(nor)",
.size = 0x10000,
.offset = MTDPART_OFS_APPEND,
.mask_flags = MTD_WRITEABLE,
}
};
static struct physmap_flash_data nor_flash_data = {
.width = 1,
.parts = nor_partitions,
.nr_parts = ARRAY_SIZE(nor_partitions),
};
static struct resource nor_flash_resource = {
.start = 0x20000000,
.end = 0x202fffff,
.flags = IORESOURCE_MEM,
};
static struct platform_device nor_flash_device = {
.name = "physmap-flash",
.id = 0,
.dev = {
.platform_data = &nor_flash_data,
},
.num_resources = 1,
.resource = &nor_flash_resource,
};
#endif
... skipped ...
static struct platform_device *dnp5370_devices[] __initdata = {
...skipped...
#if defined(CONFIG_BFIN_MAC) || defined(CONFIG_BFIN_MAC_MODULE)
&bfin_mac_device,
#endif
...skipped...
#if defined(CONFIG_MTD_PHYSMAP) || defined(CONFIG_MTD_PHYSMAP_MODULE)
&nor_flash_device,
#endif
...skipped...
static int __init dnp5370_init(void)
{
printk(KERN_INFO "DNP/5370: registering device resources\n");
platform_add_devices(dnp5370_devices, ARRAY_SIZE(dnp5370_devices));
#if defined(CONFIG_SPI_BFIN) || defined(CONFIG_SPI_BFIN_MODULE)
spi_register_board_info(bfin_spi_board_info,ARRAY_SIZE(bfin_spi_board_info));
#endif
{
unsigned int mac[6];
mac[0] = (*((const char*)(FLASH_MAC+0))) & 0xff;
mac[1] = (*((const char*)(FLASH_MAC+1))) & 0xff;
mac[2] = (*((const char*)(FLASH_MAC+2))) & 0xff;
mac[3] = (*((const char*)(FLASH_MAC+3))) & 0xff;
mac[4] = (*((const char*)(FLASH_MAC+4))) & 0xff;
mac[5] = (*((const char*)(FLASH_MAC+5))) & 0xff;
printk(KERN_INFO "DNP/5370: MAC %02x:%02x:%02x:%02x:%02x:%02x\n",
mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]);
}
return 0;
}
... skipped...
/*
* Currently the MAC address is saved in Flash by U-Boot
*/
void bfin_get_ether_addr(char *addr)
{
*(u32 *)(&(addr[0])) = bfin_read32(FLASH_MAC);
*(u16 *)(&(addr[4])) = bfin_read16(FLASH_MAC + 4);
}
EXPORT_SYMBOL(bfin_get_ether_addr);
Am I correct that there is some information about the MII missing?
Note, that the dnp5370_init() function is able to print the correct
MAC address on the console. The MAC address is stored in the NOR flash.
TranslateQuoteReplyEditDelete
2010-10-21 14:54:57 Re: Kernel OOPS: NULL pointer access in bfin_mac.c
Mike Frysinger (UNITED STATES)
Message: 94817
you need proper platform resources declared in your boards file. consult the bf537-stamp board as an example.
QuoteReplyEditDelete
2010-10-22 03:54:58 Re: Kernel OOPS: NULL pointer access in bfin_mac.c (solved)
Andreas Schallenberg (GERMANY)
Message: 94866
Thank you, one line in the dnp5370.c was missing:
static struct platform_device *dnp5370_devices[] __initdata = {
#if defined(CONFIG_BFIN_CFPCMCIA) || defined(CONFIG_BFIN_CFPCMCIA_MODULE)
&bfin_pcmcia_cf_device,
#endif
#if defined(CONFIG_BFIN_MAC) || defined(CONFIG_BFIN_MAC_MODULE)
&bfin_mii_bus, // <------- here
&bfin_mac_device,
#endif
...