Hello,
We ran into this linux kernel crash during mounting yaffs2 partition
(please find full Oops file attached below)
and from the trace-back and register analysis I conclude that:
The trace-back function call chain:
get_sb_bdev ->
yaffs_internal_read_super ->
yaffs_GutsInitialise ->
yaffs_CheckpointRestore ->
yaffs_ReadCheckpointData ->
yaffs_ReadCheckpointObjects ->
yaffs_ReadCheckpointTnodes ->
yaffs_AddOrFindLevel0Tnode -> memcpy
>From the looking into yaffs_AddOrFindLevel0Tnode code it's pretty clear
that the only reason for memcpy
(at the end of yaffs_AddOrFindLevel0Tnode) to crash is having both
fStruct->topLevel = 0 and fStruct->top = 0.
Looks like this problem is not reproducible easily - we saw it only ones
so far and I suspect
the root cause of it (as well as few others odd problems we run into
from time to time - see, for example,
http://aleph1.co.uk/lurker/message/20060914.181435.951c1454.en.html) is
a flash file system corruption.
Questions:
---------------
1) Can you imagine what could be the reason (other than flash fs
corruption) for this Oops crash ?
2) I see that currently in our yaffs code we have defined:
#define CONFIG_YAFFS_DISABLE_CHUNK_ERASED_CHECK
means that erasure check of NAND chunks is NOT performed before
write, but I know for sure that from time to time we do encounter
not erased chunks as result of power-off during block erasure.
What could be the consequences of using not erased chunks for
yaffs_WriteChunkWithTagsToNAND ? Could it cause fs corruptions ?
problems like
http://aleph1.co.uk/lurker/message/20060914.181435.951c1454.en.html ??
or this current crash ???
Thank you for any hint you can provide.
Gennady Dagman.
Gennady Dagman.
Unable to handle kernel NULL pointer dereference at virtual address 00000000
pgd = c3ee4000
[00000000] *pgd=a3eec001, *pmd = a3eec001, *pte = 00000000, *ppte = 00000000
Internal error: Oops: 807
CPU: 0
pc : [<c0144eac>] lr : [<c007bab8>] Not tainted
sp : c3eebd40 ip : 00000000 fp : c3eebd64
r10: c3e9b000 r9 : 00000000 r8 : 00000000
r7 : 00000000 r6 : 00000000 r5 : 00000000 r4 : 00000000
r3 : 00000000 r2 : ffffffa3 r1 : c3e7e6bc r0 : 00000000
Flags: NzCv IRQs on FIQs on Mode SVC_32 Segment user
Control: 397F Table: A3EE4000 DAC: 00000015
Process mount (pid: 16, stack limit = 0xc3eea368)
Stack: (0xc3eebd40 to 0xc3eec000)
bd40: 00000000 00000000 00000000 c3e90424 00000000 c3e7e69c c3eebd90 c3eebd68
bd60: c007bab8 c0144e0c c3e7e69c c3e9b000 c3eebd94 c3e90424 00000000 00000000
bd80: 00000000 c3eebdb4 c3eebd94 c007f734 c007b96c 00000000 00000001 c3e903cc
bda0: c3e9b000 c3eebdb8 c3eebdf8 c3eebdb8 c007f960 c007f648 0000001c 00000305
bdc0: 00000003 0003527b 00010139 00000002 00000a10 00000001 c3e9b000 c01c78a0
bde0: 00000118 0000000a 00000000 c3eebe10 c3eebdfc c007fab0 c007f87c c3e9b000
be00: c3e9b000 c3eebe2c c3eebe14 c007fbd0 c007fa38 c3e990fc c3e9b000 c01c78a0
be20: c3eebe54 c3eebe30 c0082d38 c007fbb4 c02d6a00 c3e9c000 c01c78a0 00000000
be40: c3e9b000 00000000 c3eebe84 c3eebe58 c007a468 c008298c c3eebe64 c0176f90
be60: fffffff0 00000000 c01784e4 c0176f90 c3e9c000 c3e9e000 c3eebed4 c3eebe88
be80: c00517ac c007a204 00001f04 c03a7160 c3ea75a0 c029a2a0 c3e9f000 0000000f
bea0: 00000000 00000009 00000001 c029a2e0 c01784e4 c3e9f000 fffffff4 00000000
bec0: c3e9d000 c3e9e000 c3eebefc c3eebed8 c0051b24 c0051654 c3e9d000 c3eea000
bee0: c3eebf2c 00000000 00000000 c3e9e000 c3eebf20 c3eebf00 c0064f40 c0051a04
bf00: 00000000 c03bd000 00000000 c3e9f000 00000000 c3eebf70 c3eebf24 c0065230
bf20: c0064ed0 c3e9f000 c3e9e000 c3ea7520 c029a2a0 c3e9e000 00001000 00001000
bf40: 00000009 00000001 00000000 00000000 00148808 c0ed0000 c03bd000 c3eea000
bf60: 0014b9a0 c3eebfa4 c3eebf74 c00656ac c0065104 c3e9e000 c3e9e000 c3e9f000
bf80: c3e9d000 001487f8 00148808 c0ed0000 00000015 c001b6c4 00000000 c3eebfa8
bfa0: c001b520 c0065614 001487f8 c00212c8 00148808 00149810 0014b9a0 c0ed0000
bfc0: 001487f8 00148808 c0ed0000 00000000 00149810 00000000 0014b9a0 001487f8
bfe0: 00077bd8 bffffc88 00051cdc 4019569c 80000010 00148808 00000000 20210000
Backtrace:
Function entered at [<c0144e00>] from [<c007bab8>] memcpy
r9 = C3E7E69C r8 = 00000000 r7 = C3E90424 r6 = 00000000
r5 = 00000000 r4 = 00000000
Function entered at [<c007b960>] from [<c007f734>] yaffs_AddOrFindLevel0Tnode
Function entered at [<c007f63c>] from [<c007f960>] yaffs_ReadCheckpointTnodes
r7 = C3EEBDB8 r6 = C3E9B000 r5 = C3E903CC r4 = 00000001
Function entered at [<c007f870>] from [<c007fab0>] yaffs_ReadCheckpointObjects
Function entered at [<c007fa2c>] from [<c007fbd0>] yaffs_ReadCheckpointData
r5 = C3E9B000 r4 = C3E9B000
Function entered at [<c007fba8>] from [<c0082d38>] yaffs_CheckpointRestore
r6 = C01C78A0 r5 = C3E9B000 r4 = C3E990FC
Function entered at [<c0082980>] from [<c007a468>] yaffs_GutsInitialise
Function entered at [<c007a1f8>] from [<c00517ac>] yaffs_internal_read_super
Function entered at [<c0051648>] from [<c0051b24>] get_sb_bdev
Function entered at [<c00519f8>] from [<c0064f40>]
Function entered at [<c0064ec4>] from [<c0065230>]
r8 = 00000000 r7 = C3E9F000 r6 = 00000000 r5 = C03BD000
r4 = 00000000
Function entered at [<c00650f8>] from [<c00656ac>]
Function entered at [<c0065608>] from [<c001b520>]
r8 = C001B6C4 r7 = 00000015 r6 = C0ED0000 r5 = 00148808
r4 = 001487F8
Code: c4805004 f5d1f060 e8b113f8 e2522020 (e8a013f8)
(text/plain)