[Letux-kernel] omap-gpmc gta04 regression 4.7-rc1

Roger Quadros rogerq at ti.com
Tue Jun 7 09:50:39 CEST 2016


+Linus W

On 07/06/16 10:32, Belisko Marek wrote:
> On Tue, Jun 7, 2016 at 9:21 AM, Roger Quadros <rogerq at ti.com> wrote:
>> On 07/06/16 10:18, Roger Quadros wrote:
>>> Hi Marek,
>>>
>>> On 07/06/16 09:06, Tony Lindgren wrote:
>>>> Hi,
>>>>
>>>> * Belisko Marek <marek.belisko at gmail.com> [160605 02:50]:
>>>>> Hi Tony,
>>>>>
>>>>> we're experiencing crash on gta04 after updating to 4.7-rc1. Crash is:
>>>>>
>>>>> [    4.045166] Unable to handle kernel NULL pointer dereference at
>>>>> virtual address 0000006c
>>>>> [    4.053619] pgd = c0004000
>>>>> [    4.056457] [0000006c] *pgd=00000000
>>>>> [    4.060211] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
>>>>> [    4.065795] Modules linked in:
>>>>> [    4.069000] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.7.0-rc1-letux+ #351
>>>>> [    4.076263] Hardware name: Generic OMAP36xx (Flattened Device Tree)
>>>>> [    4.082824] task: dd8b6d80 ti: dd8b8000 task.ti: dd8b8000
>>>>> [    4.088470] PC is at of_gpiochip_find_and_xlate+0x4/0x70
>>>>> [    4.094024] LR is at gpiochip_find+0x3c/0x70
>>>>> [    4.098510] pc : [<c0423570>]    lr : [<c041f348>]    psr: 20000093
>>>>> [    4.098510] sp : dd8b9d50  ip : df9adc20  fp : 00000000
>>>>> [    4.110504] r10: c0a50858  r9 : 00000007  r8 : c042356c
>>>>> [    4.115936] r7 : dd8b9d80  r6 : 60000013  r5 : c0b5efb8  r4 : dda44800
>>>>> [    4.122772] r3 : dda44abc  r2 : 00000000  r1 : dd8b9d80  r0 : 00000000
>>>>> [    4.129608] Flags: nzCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM
>>>>> Segment none
>>>>> [    4.137145] Control: 10c5387d  Table: 80004019  DAC: 00000051
>>>>> [    4.143157] Process swapper/0 (pid: 1, stack limit = 0xdd8b8218)
>>>>> [    4.149444] Stack: (0xdd8b9d50 to 0xdd8ba000)
>>>>> [    4.153991] 9d40:                                     dda44abc
>>>>> dda44800 c0b5efb8 c041f348
>>>>> [    4.162536] 9d60: dd8b9df4 00000000 dd8b9df8 df9c2940 00000000
>>>>> c04236ac dd8b9d84 dd8b9dfe
>>>>> [    4.171112] 9d80: dd8b9df4 df9b2cd4 00000002 00000000 00000001
>>>>> 00000000 00000000 00000000
>>>>> [    4.179656] 9da0: 00000000 00000000 00000000 00000000 00000000
>>>>> 00000000 00000000 00000000
>>>>> [    4.188201] 9dc0: 00000000 00000000 00000000 fffffdfb dd8b9df8
>>>>> 00000000 c0730f08 dda61c10
>>>>> [    4.196746] 9de0: c088c0f6 c0422958 c08e8f80 c0b9b533 ddd75440
>>>>> 00000000 65736572 70672d74
>>>>> [    4.205291] 9e00: 00736f69 70672d74 00736f69 c0246c14 dd8b6d80
>>>>> 00000007 00000001 ddd75440
>>>>> [    4.213867] 9e20: 00000001 dda61c10 dda61c10 c088c0f6 00000007
>>>>> c0422bd0 ffffffff 00000007
>>>>> [    4.222412] 9e40: ddd75490 dda61c10 c088c0f6 c1364aa4 00000000
>>>>> c041ecac ddd75480 ddd754d0
>>>>> [    4.230957] 9e60: dda61c10 dda61c00 c0b7dfcc c0593324 c05932d0
>>>>> dda61c10 c0b7dfcc c0481c08
>>>>> [    4.239501] 9e80: dda61c10 c1364a9c 00000000 c047fce8 00000000
>>>>> dda61c10 dda61c44 c0b7dfcc
>>>>> [    4.248046] 9ea0: c0b67c60 c0b9e4c0 c0b9e4c0 c047fed8 00000000
>>>>> c0b7dfcc c047fe50 c047e3b8
>>>>> [    4.256622] 9ec0: dd899aa4 dda3a1d0 c0b7dfcc 00000000 ddd72180
>>>>> c047f398 c08e2ef2 dd8b7310
>>>>> [    4.265167] 9ee0: 00000000 c0b7dfcc c0a3b71c 00000000 c0a6a668
>>>>> c0480e28 c04816e0 00000006
>>>>> [    4.273712] 9f00: c0a3b71c c010192c 00000073 dd8b9f28 c0150f40
>>>>> c03f3694 60000000 ffffffff
>>>>> [    4.282257] 9f20: 00000051 c0b9e4c0 000000b0 df97c1ae 00000000
>>>>> c01510d4 c0934738 00000006
>>>>> [    4.290802] 9f40: 00000006 c093550c 000000b0 c093550c c0a50834
>>>>> 00000006 c0a5084c 00000006
>>>>> [    4.299377] 9f60: c0a50850 000000b1 c0a6a668 c0b9e4c0 c0b9e4c0
>>>>> c0a00d78 00000006 00000006
>>>>> [    4.307922] 9f80: 00000000 c0a00598 00000000 c06ced10 00000000
>>>>> 00000000 00000000 00000000
>>>>> [    4.316467] 9fa0: 00000000 c06ced18 00000000 c01070d0 00000000
>>>>> 00000000 00000000 00000000
>>>>> [    4.325012] 9fc0: 00000000 00000000 00000000 00000000 00000000
>>>>> 00000000 00000000 00000000
>>>>> [    4.333557] 9fe0: 00000000 00000000 00000000 00000000 00000013
>>>>> 00000000 01000000 00040040
>>>>> [    4.342132] [<c0423570>] (of_gpiochip_find_and_xlate) from
>>>>> [<c041f348>] (gpiochip_find+0x3c/0x70)
>>>>> [    4.351409] [<c041f348>] (gpiochip_find) from [<c04236ac>]
>>>>> (of_get_named_gpiod_flags+0x70/0x8c)
>>>>> [    4.360504] [<c04236ac>] (of_get_named_gpiod_flags) from
>>>>> [<c0422958>] (gpiod_get_index+0x80/0x22c)
>>>>> [    4.369873] [<c0422958>] (gpiod_get_index) from [<c0422bd0>]
>>>>> (gpiod_get_array+0x60/0xa8)
>>>>> [    4.378326] [<c0422bd0>] (gpiod_get_array) from [<c041ecac>]
>>>>> (devm_gpiod_get_array+0x3c/0x7c)
>>>>> [    4.387237] [<c041ecac>] (devm_gpiod_get_array) from [<c0593324>]
>>>>> (mmc_pwrseq_simple_probe+0x54/0xa8)
>>>>> [    4.396881] [<c0593324>] (mmc_pwrseq_simple_probe) from
>>>
>>> Why is mmc_pwrseq_simple_probe being called? I don't see compatible
>>> "mmc-pwrseq-simple" in omap3-gta04.dtsi.
>>>
>>> Or am I looking at the wrong DT file?
>>>
>>>
>>>>> [<c0481c08>] (platform_drv_probe+0x50/0xa0)
>>>>> [    4.406372] [<c0481c08>] (platform_drv_probe) from [<c047fce8>]
>>>>> (driver_probe_device+0x134/0x29c)
>>>>> [    4.415649] [<c047fce8>] (driver_probe_device) from [<c047fed8>]
>>>>> (__driver_attach+0x88/0xac)
>>>>> [    4.424468] [<c047fed8>] (__driver_attach) from [<c047e3b8>]
>>>>> (bus_for_each_dev+0x6c/0x90)
>>>>> [    4.433013] [<c047e3b8>] (bus_for_each_dev) from [<c047f398>]
>>>>> (bus_add_driver+0xcc/0x1e8)
>>>>> [    4.441589] [<c047f398>] (bus_add_driver) from [<c0480e28>]
>>>>> (driver_register+0xac/0xf4)
>>>>> [    4.449951] [<c0480e28>] (driver_register) from [<c010192c>]
>>>>> (do_one_initcall+0xac/0x154)
>>>>> [    4.458526] [<c010192c>] (do_one_initcall) from [<c0a00d78>]
>>>>> (kernel_init_freeable+0x120/0x1ec)
>>>>> [    4.467620] [<c0a00d78>] (kernel_init_freeable) from [<c06ced18>]
>>>>> (kernel_init+0x8/0x110)
>>>>> [    4.476196] [<c06ced18>] (kernel_init) from [<c01070d0>]
>>>>> (ret_from_fork+0x14/0x24)
>>>>> [    4.484100] Code: e5940000 e8bd4010 eaf892e1 e92d4038 (e590c06c)
>>>>> [    4.490539] ---[ end trace ad1af1376ad53c79 ]---
>>>>> [    4.495361] note: swapper/0[1] exited with preempt_count 1
>>>>> [    4.503417] Kernel panic - not syncing: Attempted to kill init!
>>>>> exitcode=0x0000000b
>>>>>
>>>>> during trying to lookup for gpio in pwrseq_simple node.
>>>>>
>>>>> I did some investigation and some lines above I can see:
>>>>>
>>>>> [    0.820983] omap-gpmc 6e000000.gpmc: GPMC revision 5.0
>>>>> [    0.821319] gpmc_mem_init: disabling cs 0 mapped at 0x0-0x1000000
>>>>> [    0.821411] gpiochip_find_base: found new base at 508
>>>>> [    0.821441] gpio gpiochip6: gpiodev_add_to_list adding: omap-gpmc
>>>>> [    0.821502] gpio gpiochip6: (omap-gpmc): added GPIO chardev (254:6)
>>>>> [    0.825042] gpiochip_setup_dev: registered GPIOs 508 to 511 on
>>>>> device: gpiochip6 (omap-gpmc)
>>>>> [    0.825286] omap-gpmc 6e000000.gpmc: cannot request GPMC CS 0
>>>>> [    0.825317] omap-gpmc 6e000000.gpmc: failed to probe DT children
>>>>> [    0.829620] omap-gpmc: probe of 6e000000.gpmc failed with error -16
>>>>>
>>>>> negative return code comes from: allocated_resource (in gpmc_cs_request)
>>>>>
>>>>> I add some debug functions to gpiolib and it turns out that omap-gpmc
>>>>> gpio's are added to list of gpio chips but because probe of gpmc
>>>>> failed then pointer to dt node is null and then it fails in
>>>>> of_gpiochip_find_and_xlate with null pointer access. Any idea what can
>>>>> cause this or do you have other report that booting doesn't work? Many
>>>>> thanks.
>>>>
>>>> Roger, any ideas about this one?
>>>
>>> OK. Looks like we're missing a clean up of the gpio_chip when
>>> gpmc_probe_dt_children() fails. I'll send out a patch for that and this should
>>> fix the NULL pointer issue.
>>
>> Actually, we are calling gpmc_gpio_exit() if gpmc_probe_dt_children() fails.
>> and in gpmc_gpio_exit() we do a gpiochip_remove().
>>
>> So I don't see why mmc-pwrseq-simple gpio failing is related to GPMC.
> It's related because GPMC register gpio chip which is then used by
> gpiolib when looking for pins
> but pointer to dt node is then null as probing of gpmc fails.
> Could be some kind of race that searching will be done and afterwards
> omap-gpmc gpio chip should be removed
> but gpiolib will crash. But that's just guess. Maybe moving omap-gpmc
> gpiochip at the end of probe function will help.

That would probably fix the current issue but hide the real problem.

Linus, any idea why of_gpiochip_find_and_xlate() would do a NULL pointer dereference?
We have a case here where the GPMC driver registers a gpiochip but after a while
unregisters it due to some other orthogonal resource not being available.
Is this registering and unregistering considered acceptable from gpiochip point of view?

Marek,
Can you please test on plain v4.7-rc1 without your local changes?
I'd also like to know what changes you did so could you please post the diff here?
Thanks.

cheers,
-roger
---


More information about the Letux-kernel mailing list