[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MMU Bus fault



Hi

I've installed version 1.19.2.8 of the usb host controller driver.

I still experience the panic. I hope the following can provide some insight.

When switching on #defineUSB_DEBUG_BULK,  the device seem to hang with the
following extract being
repeated on the console permantly. I can not see the oops. Can someone
please explain the meaning of "DMA channel not running in add".


usb-host.c: (BULK) DMA channel not running in add
usb-host.c: (BULK) DMA is at 0xc01ce91c
usb-host.c: (BULK) Completing bulk urb 0xc0fa72c0 for epid 2
usb-host.c: (BULK) Adding bulk IN urb 0xc0fa72c0 to empty list, epid 2
usb-host.c: (BULK) etrax_usb_add_to_bulk_sb_list, urb 0xc0fa72c0
usb-host.c: (BULK) Grabbing bulk IN, urb 0xc0fa72c0, epid 2
usb-host.c: (BULK) Enabling bulk EP for urb 0xc0fa72c0, epid 2
usb-host.c: (BULK) DMA channel not running in add
usb-host.c: (BULK) DMA is at 0xc01ce91c
usb-host.c: (BULK) Completing bulk urb 0xc0fa72c0 for epid 2
usb-host.c: (BULK) Adding bulk IN urb 0xc0fa72c0 to empty list, epid 2
usb-host.c: (BULK) etrax_usb_add_to_bulk_sb_list, urb 0xc0fa72c0
usb-host.c: (BULK) Grabbing bulk IN, urb 0xc0fa72c0, epid 2
usb-host.c: (BULK) Enabling bulk EP for urb 0xc0fa72c0, epid 2
usb-host.c: (BULK) DMA channel not running in add
usb-host.c: (BULK) DMA is at 0xc01ce91c
usb-host.c: (BULK) Completing bulk urb 0xc0fa72c0 for epid 2
usb-host.c: (BULK) Adding bulk IN urb 0xc0fa72c0 to empty list, epid 2
usb-host.c: (BULK) etrax_usb_add_to_bulk_sb_list, urb 0xc0fa72c0
usb-host.c: (BULK) Grabbing bulk IN, urb 0xc0fa72c0, epid 2


============================================================
When switching on  #define USB_DEBUG_CTRL I can see the oops(s), followed by
the kernel panic as follows:

# echo "hello" > /dev/ttyUSB0
echo "hello" > /dev/ttyUSB0
usb-host.c: (CTRL) Adding ctrl urb 0xc0cb97a0 to empty list, epid 2
usb-host.c: (CTRL) Transfer for epid 2 is OUT
usb-host.c: (CTRL) This OUT transfer has an extra data stage
usb-host.c: (CTRL) dma8_sub1_descr (CTRL) intr.
usb-host.c: (CTRL) Completing ctrl epid 2, urb 0xc0cb97a0
usb-host.c: (CTRL) No ctrl for epid 2
usb-host.c: (CTRL) Adding ctrl urb 0xc0cb97a0 to empty list, epid 2
usb-host.c: (CTRL) Transfer for epid 2 is OUT
usb-host.c: (CTRL) This OUT transfer has an extra data stage
usb-host.c: (CTRL) Completing ctrl epid 2, urb 0xc0cb97a0
usb-host.c: (CTRL) No ctrl for epid 2
usb-host.c: (CTRL) dma8_sub1_descr (CTRL) intr.
usb-host.c: (CTRL) Adding ctrl urb 0xc0cb97a0 to empty list, epid 2
usb-host.c: (CTRL) Transfer for epid 2 is OUT
usb-host.c: (CTRL) This OUT transfer has an extra data stage
usb-host.c: Got epid_attn for INVALID_EPID (31).
usb-host.c: R_USB_EPT_DATA = 0x80000800
usb-host.c: R_USB_STATUS = 0x17
usb-host.c: (CTRL) dma8_sub1_descr (CTRL) intr.
usb-host.c: (CTRL) Completing ctrl epid 2, urb 0xc0cb97a0
usb-host.c: (CTRL) No ctrl for epid 2
usb-host.c: (CTRL) Adding ctrl urb 0xc0cb97a0 to empty list, epid 2
usb-host.c: (CTRL) Transfer for epid 2 is OUT
usb-host.c: (CTRL) This OUT transfer has an extra data stage
usb-host.c: (CTRL) dma8_sub1_descr (CTRL) intr.
usb-host.c: (CTRL) Completing ctrl epid 2, urb 0xc0cb97a0
usb-host.c: (CTRL) No ctrl for epid 2
usb-host.c: (CTRL) Adding ctrl urb 0xc0cb97a0 to empty list, epid 2
usb-host.c: (CTRL) Transfer for epid 2 is OUT
usb-host.c: (CTRL) This OUT transfer has an extra data stage
usb-host.c: (CTRL) dma8_sub1_descr (CTRL) intr.
usb-host.c: (CTRL) Completing ctrl epid 2, urb 0xc0cb97a0
usb-host.c: (CTRL) No ctrl for epid 2
usb-host.c: (CTRL) Adding ctrl urb 0xc0cb97a0 to empty list, epid 2
usb-host.c: (CTRL) Transfer for epid 2 is OUT
usb-host.c: (CTRL) This OUT transfer has an extra data stage
usb-host.c: (CTRL) dma8_sub1_descr (CTRL) intr.
usb-host.c: (CTRL) Completing ctrl epid 2, urb 0xc0cb97a0
usb-host.c: (CTRL) No ctrl for epid 2
usb-host.c: (CTRL) Adding ctrl urb 0xc0cb97a0 to empty list, epid 4
usb-host.c: (CTRL) Transfer for epid 4 is OUT
usb-host.c: (CTRL) This OUT transfer has an extra data stage
usb-host.c: (CTRL) dma8_sub1_descr (CTRL) intr.
usb-host.c: (CTRL) Completing ctrl epid 4, urb 0xc0cb97a0
usb-host.c: (CTRL) No ctrl for epid 4
Unable to handle kernel access at virtual address 95baa000
Oops: 0000
IRP: c00196bc SRP: c00191a2 DCCR: 00000488 USP: 9ffff1d8 MOF: 00000035
 r0: 228890a0  r1: c01d42f0   r2: 000001f0  r3: c03efb1d
 r4: c0cf8000  r5: 00000000   r6: 00000041  r7: c03ef8b4
 r8: 00000000  r9: 95babcc0  r10: c01d05a8 r11: c0316000
r12: c0316014 r13: 35625730 oR10: c01d05a8
R_MMU_CAUSE: 95bab00b
Process klogd (pid: 129, stackpage=c0cf8000)

Stack from 9ffff1d8:
       00000000 00000000 00082fe0 000865a8 00000099 00083744 00000004
00085f6c
       000861b8 39e767c6 676f6c6b 73252064 2c73252e 676f6c20 75007325
20656372
       7325203d 61747320 64657472 0000002e 00000000 00000000 00000000
00000000
Call Trace:
Stack from c0cf9d34:
       c00085a6 c0cf9e7c c005bf0a c005c068 c0316000 00000035 c0cf9e7c
c0cf8000
       c00edd7c 00000000 c0cf9e38 c005c12e 95baa000 c0cf9e38 c00085a6
c005e476
       00000000 c03ef8b4 00000041 00000000 c0cf8000 c03efb1d c0cfc254
c0cf9e38
Call Trace: [<c00085a6>] [<c005bf0a>] [<c005c068>] [<c005c12e>] [<c00085a6>]
[<c005e476>] [<c008ccde>]
       [<c005e250>] [<c005bd22>] [<c00191a2>] [<c00196bc>] [<d3e3767d>]
[<c00191a2>] [<c0090d14>] [<c0090426>]
       [<c0090574>] [<c00cdbec>] [<c008e4ae>] [<c008e650>] [<c0020280>]
[<c005bc26>]
Code: 0c b1 20 0a 6b 96 29 d5 18 91 69 9a (ff) 92 1c 20 ec 9b 04 b1 6c de 6b
9a
usb-host.c: (CTRL) Adding ctrl urb 0xc0cb97a0 to empty list, epid 2
usb-host.c: (CTRL) Transfer for epid 2 is OUT
usb-host.c: (CTRL) This OUT transfer has an extra data stage
usb-host.c: Got epid_attn for INVALID_EPID (31).
usb-host.c: R_USB_EPT_DATA = 0x80000800
usb-host.c: R_USB_STATUS = 0x17
usb-host.c: (CTRL) dma8_sub1_descr (CTRL) intr.
usb-host.c: (CTRL) Completing ctrl epid 2, urb 0xc0cb97a0
usb-host.c: (CTRL) No ctrl for epid 2
usb-host.c: (CTRL) Adding ctrl urb 0xc0cb97a0 to empty list, epid 2
usb-host.c: (CTRL) Transfer for epid 2 is OUT
usb-host.c: (CTRL) This OUT transfer has an extra data stage
usb-host.c: (CTRL) dma8_sub1_descr (CTRL) intr.
usb-host.c: (CTRL) Completing ctrl epid 2, urb 0xc0cb97a0
usb-host.c: (CTRL) No ctrl for epid 2
# Unable to handle kernel access at virtual address 95baa000
Oops: 0000
IRP: c00196bc SRP: c00191a2 DCCR: 00000488 USP: 9ffff960 MOF: 00000035
 r0: 228890a0  r1: c01d42f0   r2: 00000020  r3: c014c2bc
 r4: 00000062  r5: c014c2bc   r6: 00000000  r7: 00010000
 r8: 56902387  r9: 95babcc0  r10: c01d00a8 r11: c0316000
r12: c0316014 r13: 35625730 oR10: c01d00a8
R_MMU_CAUSE: 95bab001
Process swapper (pid: 0, stackpage=c011c000)

Stack from 9ffff960:
       9ffffa08 355567d8 0b725f23 35556b64 3555c05a 35567238 00000000
35567870
       00000000 00000000 00000001 9ffffabc 9ffffabc 35566b70 355567d8
35566ee4
       35557448 35557444 35566b14 9ffffa08 9ffff974 00000001 00000000
0b725f23
Call Trace:
Stack from c011dd98:
       c00085a6 c011dee0 c005bf0a c005c068 c0316000 00000035 00000062
c011c000
       c00edd7c 00000000 c011de9c c005c12e 95baa000 c011de9c c00085a6
c005e476
       56902387 00010000 00000000 c014c2bc 00000062 c014c2bc c02ac254
c011de9c
Call Trace: [<c00085a6>] [<c005bf0a>] [<c005c068>] [<c005c12e>] [<c00085a6>]
[<c005e476>] [<c00191f8>]
       [<c0090eb8>] [<c0090ecc>] [<c0091020>] [<c00a01c0>] [<c009ffd6>]
[<c005e250>] [<c005bd22>] [<c00191a2>]
       [<c00196bc>] [<c00191a2>] [<c0090d14>] [<c008512c>] [<c0084ed4>]
[<c005cb8e>] [<c005c6da>] [<c005afc0>]
       [<c005afca>] [<c0088daa>] [<c005afca>] [<c005afc0>] [<c005afca>]
[<c005b012>] [<c00085a6>] [<c000407a>]
Code: 0c b1 20 0a 6b 96 29 d5 18 91 69 9a (ff) 92 1c 20 ec 9b 04 b1 6c de 6b
9a
Kernel panic: Aiee, killing interrupt handler!
In interrupt handler - not syncing
 Oops: bitten by watchdog
IRP: c0007fc8 SRP: c0007f7c DCCR: 00000424 USP: 9ffff960 MOF: 00000000
 r0: c01016c4  r1: c00e4a20   r2: c01284c8  r3: c011c000
 r4: 00000062  r5: 00000000   r6: 00000000  r7: 00000000
 r8: 56902387  r9: 00000000  r10: 00000000 r11: 00000000
r12: 00000000 r13: 00000000 oR10: 00000000
R_MMU_CAUSE: 95bab001
Process swapper (pid: 0, stackpage=c011c000)

Stack from 9ffff960:
       9ffffa08 355567d8 0b725f23 35556b64 3555c05a 35567238 00000000
35567870
       00000000 00000000 00000001 9ffffabc 9ffffabc 35566b70 355567d8
35566ee4
       35557448 35557444 35566b14 9ffffa08 9ffff974 00000001 00000000
0b725f23
Call Trace:
Stack from c011dce0:
       c00085a6 c011dd5c c005bf0a c005c068 00000000 00000000 00000062
c011c000
       c01284c8 c00e4a20 c011dd18 c005c0e8 c01016c4 c005bdac 00000000
00000000
       00000000 00000000 00000000 00000000 00000000 56902387 00000000
00000000
Call Trace: [<c00085a6>] [<c005bf0a>] [<c005c068>] [<c005c0e8>] [<c005bdac>]
[<c0007f7c>] [<c0007fc8>]
       [<c00085a6>] [<c0007f7c>] [<c000941a>] [<c005c13c>] [<c00085a6>]
[<c005e476>] [<c00191f8>] [<c0090eb8>]
       [<c0090ecc>] [<c0091020>] [<c00a01c0>] [<c009ffd6>] [<c005e250>]
[<c005bd22>] [<c00191a2>] [<c00196bc>]
       [<c00191a2>] [<c0090d14>] [<c008512c>] [<c0084ed4>] [<c005cb8e>]
[<c005c6da>] [<c005afc0>] [<c005afca>]
       [<c0088daa>] [<c005afca>] [<c005afc0>] [<c005afca>] [<c005b012>]
[<c00085a6>] [<c000407a>]
Code: f1 20 7a 86 3f bd 4c b0 05 c0 b0 25 (ff) e0 0f 05 fc e1 7e be 84 e2 fe
0b






=======================================================================
Notice the three Oopses above. The first oops seem to happen once the epid
changes from 2 to 4. Could someone please explain the meaning of epid. Above
also indicates an event raised due to INVALID_EPID.

The first oops can be described as:
usb-host.c: (CTRL) No ctrl for epid 4
Unable to handle kernel access at virtual address 95baa000
Oops: 0000


Here's the decode(s):


Decoding the first oops:
# ksymoops -v os/linux/vmlinux -K -L -O -m os/linux/System.map
ksymoops 2.4.9 on i586 2.4.20-8.  Options used
     -v os/linux/vmlinux (specified)
     -K (specified)
     -L (specified)
     -O (specified)
     -m os/linux/System.map (specified)

Reading Oops report from the terminal
Oops: 0000
IRP: c00196bc SRP: c00191a2 DCCR: 00000488 USP: 9ffff1d8 MOF: 00000035
 r0: 228890a0  r1: c01d42f0   r2: 000001f0  r3: c03efb1d
 r4: c0cf8000  r5: 00000000   r6: 00000041  r7: c03ef8b4
 r8: 00000000  r9: 95babcc0  r10: c01d05a8 r11: c0316000
r12: c0316014 r13: 35625730 oR10: c01d05a8
R_MMU_CAUSE: 95bab00b
Process klogd (pid: 129, stackpage=c0cf8000)

Stack from 9ffff1d8:
       00000000 00000000 00082fe0 000865a8 00000099 00083744 00000004
00085f6c
       000861b8 39e767c6 676f6c6b 73252064 2c73252e 676f6c20 75007325
20656372
       7325203d 61747320 64657472 0000002e 00000000 00000000 00000000
00000000
Call Trace:
Stack from c0cf9d34:
       c00085a6 c0cf9e7c c005bf0a c005c068 c0316000 00000035 c0cf9e7c
c0cf8000
       c00edd7c 00000000 c0cf9e38 c005c12e 95baa000 c0cf9e38 c00085a6
c005e476
       00000000 c03ef8b4 00000041 00000000 c0cf8000 c03efb1d c0cfc254
c0cf9e38
Call Trace: [<c00085a6>] [<c005bf0a>] [<c005c068>] [<c005c12e>] [<c00085a6>]
[<c005e476>] [<c008ccde>]
       [<c005e250>] [<c005bd22>] [<c00191a2>] [<c00196bc>] [<d3e3767d>]
[<c00191a2>] [<c0090d14>] [<c0090426>]
       [<c0090574>] [<c00cdbec>] [<c008e4ae>] [<c008e650>] [<c0020280>]
[<c005bc26>]
Code: 0c b1 20 0a 6b 96 29 d5 18 91 69 9a (ff) 92 1c 20 ec 9b 04 b1 6c de 6b
9a
Oops: 0000
IRP: c00196bc SRP: c00191a2 DCCR: 00000488 USP: 9ffff1d8 MOF: 00000035
Using defaults from ksymoops -t elf32-i386 -a i386
 r0: 228890a0  r1: c01d42f0   r2: 000001f0  r3: c03efb1d
 r4: c0cf8000  r5: 00000000   r6: 00000041  r7: c03ef8b4
 r8: 00000000  r9: 95babcc0  r10: c01d05a8 r11: c0316000
r12: c0316014 r13: 35625730 oR10: c01d05a8
Process klogd (pid: 129, stackpage=c0cf8000)
Stack from 9ffff1d8:
       00000000 00000000 00082fe0 000865a8 00000099 00083744 00000004
00085f6c
       000861b8 39e767c6 676f6c6b 73252064 2c73252e 676f6c20 75007325
20656372
       7325203d 61747320 64657472 0000002e 00000000 00000000 00000000
00000000
Call Trace:
Stack from c0cf9d34:
       c00085a6 c0cf9e7c c005bf0a c005c068 c0316000 00000035 c0cf9e7c
c0cf8000
       c00edd7c 00000000 c0cf9e38 c005c12e 95baa000 c0cf9e38 c00085a6
c005e476
       00000000 c03ef8b4 00000041 00000000 c0cf8000 c03efb1d c0cfc254
c0cf9e38
Call Trace: [<c00085a6>] [<c005bf0a>] [<c005c068>] [<c005c12e>] [<c00085a6>]
[<c005e476>] [<c008ccde>]
       [<c005e250>] [<c005bd22>] [<c00191a2>] [<c00196bc>] [<d3e3767d>]
[<c00191a2>] [<c0090d14>] [<c0090426>]
       [<c0090574>] [<c00cdbec>] [<c008e4ae>] [<c008e650>] [<c0020280>]
[<c005bc26>]
Code: 0c b1 20 0a 6b 96 29 d5 18 91 69 9a (ff) 92 1c 20 ec 9b 04 b1 6c de 6b
9a


>>EIP; c00196bc <__kmem_cache_alloc+a2/e0>   <=====

>>IRP; c00196bc <__kmem_cache_alloc+a2/e0>
>>SRP; c00191a2 <kmalloc+30/3c>
>>IRP; c00196bc <__kmem_cache_alloc+a2/e0>
>>SRP; c00191a2 <kmalloc+30/3c>
>>r1; c01d42f0 <_end+1710/e2d420>
>>r3; c03efb1d <_end+21cf3d/e2d420>
>>r4; c0cf8000 <_end+b25420/e2d420>
>>r7; c03ef8b4 <_end+21ccd4/e2d420>
>>r10; c01d05a8 <swap_buffer+2f8/2000>
>>r11; c0316000 <_end+143420/e2d420>
>>r12; c0316014 <_end+143434/e2d420>
>>oR10; c01d05a8 <swap_buffer+2f8/2000>

Trace; c00085a6 <printk+0/14e>
Trace; c005bf0a <show_stack+0/8a>
Trace; c005c068 <show_registers+d4/13a>
Trace; c005c12e <die_if_kernel+34/46>
Trace; c00085a6 <printk+0/14e>
Trace; c005e476 <do_page_fault+222/2cc>
Trace; c008ccde <etrax_usb_hc_interrupt_top_half+f2/f6>
Trace; c005e250 <handle_mmu_bus_fault+b0/b4>
Trace; c005bd22 <mmu_bus_fault+28/30>
Trace; c00191a2 <kmalloc+30/3c>
Trace; c00196bc <__kmem_cache_alloc+a2/e0>
Trace; d3e3767d <END_OF_CODE+12e3767d/????>
Trace; c00191a2 <kmalloc+30/3c>
Trace; c0090d14 <alloc_skb+dc/194>
Trace; c0090426 <sock_alloc_send_pskb+64/19e>
Trace; c0090574 <sock_alloc_send_skb+14/18>
Trace; c00cdbec <unix_dgram_sendmsg+c8/344>
Trace; c008e4ae <sock_sendmsg+6e/84>
Trace; c008e650 <sock_write+82/88>
Trace; c0020280 <sys_write+98/fc>
Trace; c005bc26 <system_call+50/58>

Code;  c00196b0 <__kmem_cache_alloc+96/e0>
00000000 <_EIP>:
Code;  c00196b0 <__kmem_cache_alloc+96/e0>
   0:   0c b1                     or     $0xb1,%al
Code;  c00196b2 <__kmem_cache_alloc+98/e0>
   2:   20 0a                     and    %cl,(%edx)
Code;  c00196b4 <__kmem_cache_alloc+9a/e0>
   4:   6b 96 29 d5 18 91 69      imul   $0x69,0x9118d529(%esi),%edx
Code;  c00196bb <__kmem_cache_alloc+a1/e0>   <=====
   b:   9a ff 92 1c 20 ec 9b      lcall  $0x9bec,$0x201c92ff   <=====
Code;  c00196c2 <__kmem_cache_alloc+a8/e0>
  12:   04 b1                     add    $0xb1,%al
Code;  c00196c4 <__kmem_cache_alloc+aa/e0>
  14:   6c                        insb   (%dx),%es:(%edi)
Code;  c00196c5 <__kmem_cache_alloc+ab/e0>
  15:   de 6b 9a                  fisubr 0xffffff9a(%ebx)

===============================================
The second oops seem similar to the first. usb-host.c: (CTRL) No ctrl for
epid 2
# Unable to handle kernel access at virtual address 95baa000
Oops: 0000

Decoding the second oops:
# ksymoops -v os/linux/vmlinux -K -L -O -m os/linux/System.map
ksymoops 2.4.9 on i586 2.4.20-8.  Options used
     -v os/linux/vmlinux (specified)
     -K (specified)
     -L (specified)
     -O (specified)
     -m os/linux/System.map (specified)

Reading Oops report from the terminal
Oops: 0000
IRP: c00196bc SRP: c00191a2 DCCR: 00000488 USP: 9ffff960 MOF: 00000035
 r0: 228890a0  r1: c01d42f0   r2: 00000020  r3: c014c2bc
 r4: 00000062  r5: c014c2bc   r6: 00000000  r7: 00010000
 r8: 56902387  r9: 95babcc0  r10: c01d00a8 r11: c0316000
r12: c0316014 r13: 35625730 oR10: c01d00a8
R_MMU_CAUSE: 95bab001
Process swapper (pid: 0, stackpage=c011c000)

Stack from 9ffff960:
       9ffffa08 355567d8 0b725f23 35556b64 3555c05a 35567238 00000000
35567870
       00000000 00000000 00000001 9ffffabc 9ffffabc 35566b70 355567d8
35566ee4
       35557448 35557444 35566b14 9ffffa08 9ffff974 00000001 00000000
0b725f23
Call Trace:
Stack from c011dd98:
       c00085a6 c011dee0 c005bf0a c005c068 c0316000 00000035 00000062
c011c000
       c00edd7c 00000000 c011de9c c005c12e 95baa000 c011de9c c00085a6
c005e476
       56902387 00010000 00000000 c014c2bc 00000062 c014c2bc c02ac254
c011de9c
Call Trace: [<c00085a6>] [<c005bf0a>] [<c005c068>] [<c005c12e>] [<c00085a6>]
[<c005e476>] [<c00191f8>]
       [<c0090eb8>] [<c0090ecc>] [<c0091020>] [<c00a01c0>] [<c009ffd6>]
[<c005e250>] [<c005bd22>] [<c00191a2>]
       [<c00196bc>] [<c00191a2>] [<c0090d14>] [<c008512c>] [<c0084ed4>]
[<c005cb8e>] [<c005c6da>] [<c005afc0>]
Oops: 0000
       [<c005afca>] [<c0088daa>] [<c005afca>] [<c005afc0>] [<c005afca>]
[<c005b012>] [<c00085a6>] [<c000407a>]
Code: 0c b1 20 0a 6b 96 29 d5 18 91 69 9a (ff) 92 1c 20 ec 9b 04 b1 6c de 6b
9a
IRP: c00196bc SRP: c00191a2 DCCR: 00000488 USP: 9ffff960 MOF: 00000035
Using defaults from ksymoops -t elf32-i386 -a i386
 r0: 228890a0  r1: c01d42f0   r2: 00000020  r3: c014c2bc
 r4: 00000062  r5: c014c2bc   r6: 00000000  r7: 00010000
 r8: 56902387  r9: 95babcc0  r10: c01d00a8 r11: c0316000
r12: c0316014 r13: 35625730 oR10: c01d00a8
Process swapper (pid: 0, stackpage=c011c000)
Stack from 9ffff960:
       9ffffa08 355567d8 0b725f23 35556b64 3555c05a 35567238 00000000
35567870
       00000000 00000000 00000001 9ffffabc 9ffffabc 35566b70 355567d8
35566ee4
       35557448 35557444 35566b14 9ffffa08 9ffff974 00000001 00000000
0b725f23
Call Trace:
Stack from c011dd98:
       c00085a6 c011dee0 c005bf0a c005c068 c0316000 00000035 00000062
c011c000
       c00edd7c 00000000 c011de9c c005c12e 95baa000 c011de9c c00085a6
c005e476
       56902387 00010000 00000000 c014c2bc 00000062 c014c2bc c02ac254
c011de9c
Call Trace: [<c00085a6>] [<c005bf0a>] [<c005c068>] [<c005c12e>] [<c00085a6>]
[<c005e476>] [<c00191f8>]
       [<c0090eb8>] [<c0090ecc>] [<c0091020>] [<c00a01c0>] [<c009ffd6>]
[<c005e250>] [<c005bd22>] [<c00191a2>]
       [<c00196bc>] [<c00191a2>] [<c0090d14>] [<c008512c>] [<c0084ed4>]
[<c005cb8e>] [<c005c6da>] [<c005afc0>]
       [<c005afca>] [<c0088daa>] [<c005afca>] [<c005afc0>] [<c005afca>]
[<c005b012>] [<c00085a6>] [<c000407a>]
Code: 0c b1 20 0a 6b 96 29 d5 18 91 69 9a (ff) 92 1c 20 ec 9b 04 b1 6c de 6b
9a


>>EIP; c00196bc <__kmem_cache_alloc+a2/e0>   <=====

>>IRP; c00196bc <__kmem_cache_alloc+a2/e0>
>>SRP; c00191a2 <kmalloc+30/3c>
>>IRP; c00196bc <__kmem_cache_alloc+a2/e0>
>>SRP; c00191a2 <kmalloc+30/3c>
>>r1; c01d42f0 <_end+1710/e2d420>
>>r3; c014c2bc <dev_etrax_ethernet+0/164>
>>r5; c014c2bc <dev_etrax_ethernet+0/164>
>>r10; c01d00a8 <__icmp_inode+10/1c8>
>>r11; c0316000 <_end+143420/e2d420>
>>r12; c0316014 <_end+143434/e2d420>
>>oR10; c01d00a8 <__icmp_inode+10/1c8>

Trace; c00085a6 <printk+0/14e>
Trace; c005bf0a <show_stack+0/8a>
Trace; c005c068 <show_registers+d4/13a>
Trace; c005c12e <die_if_kernel+34/46>
Trace; c00085a6 <printk+0/14e>
Trace; c005e476 <do_page_fault+222/2cc>
Trace; c00191f8 <kfree+32/38>
Trace; c0090eb8 <skb_release_data+7e/82>
Trace; c0090ecc <kfree_skbmem+10/74>
Trace; c0091020 <__kfree_skb+f0/f4>
Trace; c00a01c0 <ip_rcv_finish+1ea/1f2>
Trace; c009ffd6 <ip_rcv_finish+0/1f2>
Trace; c005e250 <handle_mmu_bus_fault+b0/b4>
Trace; c005bd22 <mmu_bus_fault+28/30>
Trace; c00191a2 <kmalloc+30/3c>
Trace; c00196bc <__kmem_cache_alloc+a2/e0>
Trace; c00191a2 <kmalloc+30/3c>
Trace; c0090d14 <alloc_skb+dc/194>
Trace; c008512c <e100_rx+98/29e>
Trace; c0084ed4 <e100rxtx_interrupt+52/1ba>
Trace; c005cb8e <do_IRQ+54/86>
Trace; c005c6da <sIRQ17_interrupt+18/2e>
Trace; c005afc0 <default_idle+0/c>
Trace; c005afca <default_idle+a/c>
Trace; c0088daa <etrax_gpio_wake_up_check+8/5e>
Trace; c005afca <default_idle+a/c>
Trace; c005afc0 <default_idle+0/c>
Trace; c005afca <default_idle+a/c>
Trace; c005b012 <cpu_idle+46/5c>
Trace; c00085a6 <printk+0/14e>
Trace; c000407a <rest_init+2a/2c>

Code;  c00196b0 <__kmem_cache_alloc+96/e0>
00000000 <_EIP>:
Code;  c00196b0 <__kmem_cache_alloc+96/e0>
   0:   0c b1                     or     $0xb1,%al
Code;  c00196b2 <__kmem_cache_alloc+98/e0>
   2:   20 0a                     and    %cl,(%edx)
Code;  c00196b4 <__kmem_cache_alloc+9a/e0>
   4:   6b 96 29 d5 18 91 69      imul   $0x69,0x9118d529(%esi),%edx
Code;  c00196bb <__kmem_cache_alloc+a1/e0>   <=====
   b:   9a ff 92 1c 20 ec 9b      lcall  $0x9bec,$0x201c92ff   <=====
Code;  c00196c2 <__kmem_cache_alloc+a8/e0>
  12:   04 b1                     add    $0xb1,%al
Code;  c00196c4 <__kmem_cache_alloc+aa/e0>
  14:   6c                        insb   (%dx),%es:(%edi)
Code;  c00196c5 <__kmem_cache_alloc+ab/e0>
  15:   de 6b 9a                  fisubr 0xffffff9a(%ebx)



=================================================================
The third oops is different as it seems as if the kernel is now killing the
interrupt handler.
Kernel panic: Aiee, killing interrupt handler!
In interrupt handler - not syncing
 Oops: bitten by watchdog

# ksymoops -v os/linux/vmlinux -K -L -O -m os/linux/System.map
ksymoops 2.4.9 on i586 2.4.20-8.  Options used
     -v os/linux/vmlinux (specified)
     -K (specified)
     -L (specified)
     -O (specified)
     -m os/linux/System.map (specified)

Reading Oops report from the terminal
 Oops: bitten by watchdog
IRP: c0007fc8 SRP: c0007f7c DCCR: 00000424 USP: 9ffff960 MOF: 00000000
 r0: c01016c4  r1: c00e4a20   r2: c01284c8  r3: c011c000
 r4: 00000062  r5: 00000000   r6: 00000000  r7: 00000000
 r8: 56902387  r9: 00000000  r10: 00000000 r11: 00000000
r12: 00000000 r13: 00000000 oR10: 00000000
R_MMU_CAUSE: 95bab001
Process swapper (pid: 0, stackpage=c011c000)

Stack from 9ffff960:
       9ffffa08 355567d8 0b725f23 35556b64 3555c05a 35567238 00000000
35567870
       00000000 00000000 00000001 9ffffabc 9ffffabc 35566b70 355567d8
35566ee4
 Oops: bitten by watchdog
IRP: c0007fc8 SRP: c0007f7c DCCR: 00000424 USP: 9ffff960 MOF: 00000000
Using defaults from ksymoops -t elf32-i386 -a i386
 r0: c01016c4  r1: c00e4a20   r2: c01284c8  r3: c011c000
 r4: 00000062  r5: 00000000   r6: 00000000  r7: 00000000
 r8: 56902387  r9: 00000000  r10: 00000000 r11: 00000000
r12: 00000000 r13: 00000000 oR10: 00000000
Process swapper (pid: 0, stackpage=c011c000)
Stack from 9ffff960:
       9ffffa08 355567d8 0b725f23 35556b64 3555c05a 35567238 00000000
35567870
       00000000 00000000 00000001 9ffffabc 9ffffabc 35566b70 355567d8
35566ee4
       35557448 35557444 35566b14 9ffffa08 9ffff974 00000001 00000000
0b725f23
       35557448 35557444 35566b14 9ffffa08 9ffff974 00000001 00000000
0b725f23
Call Trace:
Call Trace:
Stack from c011dce0:
Stack from c011dce0:
       c00085a6 c011dd5c c005bf0a c005c068 00000000 00000000 00000062
c011c000
       c00085a6 c011dd5c c005bf0a c005c068 00000000 00000000 00000062
c011c000
       c01284c8 c00e4a20 c011dd18 c005c0e8 c01016c4 c005bdac 00000000
00000000
       c01284c8 c00e4a20 c011dd18 c005c0e8 c01016c4 c005bdac 00000000
00000000
       00000000 00000000 00000000 00000000 00000000 56902387 00000000
00000000
       00000000 00000000 00000000 00000000 00000000 56902387 00000000
00000000
Call Trace: [<c00085a6>] [<c005bf0a>] [<c005c068>] [<c005c0e8>] [<c005bdac>]
[<c0007f7c>] [<c0007fc8>]
Call Trace: [<c00085a6>] [<c005bf0a>] [<c005c068>] [<c005c0e8>] [<c005bdac>]
[<c0007f7c>] [<c0007fc8>]
       [<c00085a6>] [<c0007f7c>] [<c000941a>] [<c005c13c>] [<c00085a6>]
[<c005e476>] [<c00191f8>] [<c0090eb8>]
       [<c00085a6>] [<c0007f7c>] [<c000941a>] [<c005c13c>] [<c00085a6>]
[<c005e476>] [<c00191f8>] [<c0090eb8>]
       [<c0090ecc>] [<c0091020>] [<c00a01c0>] [<c009ffd6>] [<c005e250>]
[<c005bd22>] [<c00191a2>] [<c00196bc>]
       [<c0090ecc>] [<c0091020>] [<c00a01c0>] [<c009ffd6>] [<c005e250>]
[<c005bd22>] [<c00191a2>] [<c00196bc>]
       [<c00191a2>] [<c0090d14>] [<c008512c>] [<c0084ed4>] [<c005cb8e>]
[<c005c6da>] [<c005afc0>] [<c005afca>]
       [<c00191a2>] [<c0090d14>] [<c008512c>] [<c0084ed4>] [<c005cb8e>]
[<c005c6da>] [<c005afc0>] [<c005afca>]
       [<c0088daa>] [<c005afca>] [<c005afc0>] [<c005afca>] [<c005b012>]
[<c00085a6>] [<c000407a>]
       [<c0088daa>] [<c005afca>] [<c005afc0>] [<c005afca>] [<c005b012>]
[<c00085a6>] [<c000407a>]
Code: f1 20 7a 86 3f bd 4c b0 05 c0 b0 25 (ff) e0 0f 05 fc e1 7e be 84 e2 fe
0b
Code: f1 20 7a 86 3f bd 4c b0 05 c0 b0 25 (ff) e0 0f 05 fc e1 7e be 84 e2 fe
0b


>>EIP; c0007fc8 <panic+e8/ec>   <=====

>>IRP; c0007fc8 <panic+e8/ec>
>>SRP; c0007f7c <panic+9c/ec>
>>IRP; c0007fc8 <panic+e8/ec>
>>SRP; c0007f7c <panic+9c/ec>
>>r0; c01016c4 <panic_timeout+0/4>
>>r1; c00e4a20 <bl_order+123c/1a0a4>
>>r2; c01284c8 <buf.0+0/400>
>>r3; c011c000 <init_task_union+0/2000>

Trace; c00085a6 <printk+0/14e>
Trace; c005bf0a <show_stack+0/8a>
Trace; c005c068 <show_registers+d4/13a>
Trace; c005c0e8 <watchdog_bite_hook+1a/1e>
Trace; c005bdac <Watchdog_bite+1a/1c>
Trace; c0007f7c <panic+9c/ec>
Trace; c0007fc8 <panic+e8/ec>
Trace; c00085a6 <printk+0/14e>
Trace; c0007f7c <panic+9c/ec>
Trace; c000941a <do_exit+4e/294>
Trace; c005c13c <die_if_kernel+42/46>
Trace; c00085a6 <printk+0/14e>
Trace; c005e476 <do_page_fault+222/2cc>
Trace; c00191f8 <kfree+32/38>
Trace; c0090eb8 <skb_release_data+7e/82>
Trace; c0090ecc <kfree_skbmem+10/74>
Trace; c0091020 <__kfree_skb+f0/f4>
Trace; c00a01c0 <ip_rcv_finish+1ea/1f2>
Trace; c009ffd6 <ip_rcv_finish+0/1f2>
Trace; c005e250 <handle_mmu_bus_fault+b0/b4>
Trace; c005bd22 <mmu_bus_fault+28/30>
Trace; c00191a2 <kmalloc+30/3c>
Trace; c00196bc <__kmem_cache_alloc+a2/e0>
Trace; c00191a2 <kmalloc+30/3c>
Trace; c0090d14 <alloc_skb+dc/194>
Trace; c008512c <e100_rx+98/29e>
Trace; c0084ed4 <e100rxtx_interrupt+52/1ba>
Trace; c005cb8e <do_IRQ+54/86>
Trace; c005c6da <sIRQ17_interrupt+18/2e>
Trace; c005afc0 <default_idle+0/c>
Trace; c005afca <default_idle+a/c>
Trace; c0088daa <etrax_gpio_wake_up_check+8/5e>
Trace; c005afca <default_idle+a/c>
Trace; c005afc0 <default_idle+0/c>
Trace; c005afca <default_idle+a/c>
Trace; c005b012 <cpu_idle+46/5c>
Trace; c00085a6 <printk+0/14e>
Trace; c000407a <rest_init+2a/2c>

Code;  c0007fbc <panic+dc/ec>
00000000 <_EIP>:
Code;  c0007fbc <panic+dc/ec>
   0:   f1                        (bad)
Code;  c0007fbd <panic+dd/ec>
   1:   20 7a 86                  and    %bh,0xffffff86(%edx)
Code;  c0007fc0 <panic+e0/ec>
   4:   3f                        aas
Code;  c0007fc1 <panic+e1/ec>
   5:   bd 4c b0 05 c0            mov    $0xc005b04c,%ebp
Code;  c0007fc6 <panic+e6/ec>
   a:   b0 25                     mov    $0x25,%al
Code;  c0007fc8 <panic+e8/ec>   <=====
   c:   ff e0                     jmp    *%eax   <=====
Code;  c0007fca <panic+ea/ec>
   e:   0f 05                     syscall
Code;  c0007fcc <print_tainted+0/76>
  10:   fc                        cld
Code;  c0007fcd <print_tainted+1/76>
  11:   e1 7e                     loope  91 <_EIP+0x91>
Code;  c0007fcf <print_tainted+3/76>
  13:   be 84 e2 fe 0b            mov    $0xbfee284,%esi




Again, I don't trust the decode as I don't think I've seen the original
Oops.

Your inputs on how to solve this are appreciated.

I'll send some more info as I gather my throughs and work through various
scenarios.

Regards
Cedric

----- Original Message -----
From: "Orjan Friberg" <orjan.friberg@xxxxxxx.com>
To: "oss" <oss@xxxxxxx.za>
Cc: <cedric.stevens@xxxxxxx.com>
Sent: Tuesday, May 11, 2004 11:21 AM
Subject: Re: MMU Bus fault


> oss wrote:
> > Hi Orjan
> >
> > Thanks for the feedback.
> >
> > I am using the off-the-shelf devboard82_1-91 environment with a devboard
82 device. It's using the linux 2.4.22 kernel with only the standard axis
patches.
> >
> > The usb host controller seem to be version 1.19 as from the bootlog:
> > usb-host.c: ETRAX 100LX USB-HCD $Revision: 1.19 $ (c) 2001-2003 Axis
Communications AB
> >
> > Yes, I'm writing to a usb-serial converter. Booting is fine, but the
system PANICs when you write to the port, for example /dev/ttyUSB0
>
> Would you mind analyzing a couple of more oopses (with ksymoops, just
> like you did last time - I assume you used the options -v
> os/linux/vmlinux -K -L -O -m os/linux/System.map)?  The last stack dump
> looked a bit suspicious, as it seemed like there was an oops inside an
> oops (two occurences of die_if_kernel/show_registers/show_stack).
>
> Also, try defining USB_DEBUG_BULK and USB_DEBUG_CTRL in
> os/linux/arch/cris/drivers/usb-host.c and send the output.  It might
> reveal something.
>
> --
> Orjan Friberg
> Axis Communications
>
>