Kernel Crash with 2 Channel CAN BUS FD Shield

kuemme · November 8, 2024, 5:54am

Hi there, I had a Raspberry V with Debian Bookworm successfully running with 2 Channel CAN BUS FD Shield for a couple of weeks, very nice indeed, but then some day after not enabling the can0 interface and doing other stuff (WiFi Direct configuration), I get now a kernel crash when calling

ip link set can0 up type can bitrate 1000000 dbitrate 8000000 restart-ms 1000 berr-reporting on fd on

dmesg gives me:

…
[ 56.962625] systemd[892]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[ 165.753499] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
[ 165.762343] Mem abort info:
[ 165.765140] ESR = 0x0000000096000005
[ 165.768928] EC = 0x25: DABT (current EL), IL = 32 bits
[ 165.774278] SET = 0, FnV = 0
[ 165.777341] EA = 0, S1PTW = 0
[ 165.780488] FSC = 0x05: level 1 translation fault
[ 165.785385] Data abort info:
[ 165.788270] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
[ 165.793775] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 165.798844] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 165.804177] user pgtable: 16k pages, 47-bit VAs, pgdp=0000000104ef4000
[ 165.810731] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000
[ 165.819472] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
[ 165.825762] Modules linked in: algif_hash algif_skcipher af_alg bnep vc4 snd_soc_hdmi_codec drm_display_helper cec drm_dma_helper drm_kms_helper aes_ce_blk aes_ce_cipher ghash_ce gf128mul brcmfmac_wcc binfmt_misc sha2_ce sha256_arm64 sha1_ce snd_soc_core hci_uart brcmfmac mcp251xfd btbcm rpivid_hevc(C) snd_compress bluetooth pisp_be raspberrypi_hwmon brcmutil snd_pcm_dmaengine v4l2_mem2mem cfg80211 can_dev videobuf2_dma_contig snd_pcm ecdh_generic ecc videobuf2_memops videobuf2_v4l2 snd_timer videodev rfkill libaes snd v3d videobuf2_common mc gpu_sched drm_shmem_helper rp1_adc raspberrypi_gpiomem nvmem_rmem uio_pdrv_genirq uio i2c_dev drm fuse drm_panel_orientation_quirks backlight dm_mod ip_tables x_tables ipv6 spidev rtc_pcf85063 regmap_i2c spi_bcm2835 i2c_brcmstb gpio_keys spi_dw_mmio i2c_designware_platform i2c_designware_core spi_dw
[ 165.900387] CPU: 1 PID: 932 Comm: ip Tainted: G C 6.6.51+rpt-rpi-2712 #1 Debian 1:6.6.51-1+rpt3
[ 165.910605] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)
[ 165.916456] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=–)
[ 165.923443] pc : timecounter_read+0x20/0x80
[ 165.927640] lr : mcp251xfd_ring_init+0x1a0/0x500 [mcp251xfd]
[ 165.933324] sp : ffffc0008335b420
[ 165.936643] x29: ffffc0008335b420 x28: ffff8001018ce000 x27: 0000000000000001
[ 165.943806] x26: 0000000000000000 x25: ffff8001018ce040 x24: ffff8001064e2940
[ 165.950968] x23: 0000000000000000 x22: 0000000000000430 x21: 0000000000000001
[ 165.958130] x20: ffff8001064e0940 x19: ffff8001064e38b0 x18: 0000000000000000
[ 165.965292] x17: 0000000000000000 x16: ffffd00084153bc8 x15: 0000000000000000
[ 165.972454] x14: 0000000000000001 x13: 0000000000000000 x12: 0000000000000000
[ 165.979616] x11: 0000000000000342 x10: 0000000000000001 x9 : ffffd000291f0980
[ 165.986778] x8 : 0000000000000001 x7 : 0000000000000000 x6 : 000000000000000a
[ 165.993940] x5 : 0000000000000001 x4 : ffffd000292009c8 x3 : 0000000000000000
[ 166.001102] x2 : 000000000000005c x1 : 0000000000002f70 x0 : 0000000000000000
[ 166.008264] Call trace:
[ 166.010712] timecounter_read+0x20/0x80
[ 166.014556] mcp251xfd_ring_init+0x1a0/0x500 [mcp251xfd]
[ 166.019888] mcp251xfd_chip_start+0x234/0x2a0 [mcp251xfd]
[ 166.025307] mcp251xfd_open+0x94/0x2a8 [mcp251xfd]
[ 166.030115] __dev_open+0x120/0x218
[ 166.033612] __dev_change_flags+0x194/0x218
[ 166.037805] dev_change_flags+0x2c/0x80
[ 166.041649] do_setlink+0x28c/0xef8
[ 166.045145] __rtnl_newlink+0x520/0x898
[ 166.048990] rtnl_newlink+0x58/0x90
[ 166.052486] rtnetlink_rcv_msg+0x134/0x390
[ 166.056592] netlink_rcv_skb+0x64/0x138
[ 166.060437] rtnetlink_rcv+0x20/0x38
[ 166.064020] netlink_unicast+0x2fc/0x370
[ 166.067951] netlink_sendmsg+0x1c8/0x450
[ 166.071883] __sock_sendmsg+0x64/0xc0
[ 166.075554] ____sys_sendmsg+0x260/0x298
[ 166.079486] ___sys_sendmsg+0xb4/0x110
[ 166.083244] __sys_sendmsg+0x8c/0xf0
[ 166.086827] __arm64_sys_sendmsg+0x2c/0x40
[ 166.090934] invoke_syscall+0x50/0x128
[ 166.094693] el0_svc_common.constprop.0+0x48/0xf0
[ 166.099411] do_el0_svc+0x24/0x38
[ 166.102732] el0_svc+0x40/0xe8
[ 166.105793] el0t_64_sync_handler+0x100/0x130
[ 166.110161] el0t_64_sync+0x190/0x198
[ 166.113832] Code: 910003fd f9000bf3 aa0003f3 f9400000 (f9400001)
[ 166.119946] —[ end trace 0000000000000000 ]—

Kernel version is

Linux cube 6.6.51+rpt-rpi-2712 #1 SMP PREEMPT Debian 1:6.6.51-1+rpt3 (2024-10-08) aarch64 GNU/Linux

liaifat85 · November 8, 2024, 1:50pm

The crash is occurring in the mcp251xfd module, which handles communication with the MCP251XFD series of CAN FD transceivers. This may be due to a compatibility issue between the kernel version (6.6.51) and the driver.

kuemme · November 8, 2024, 3:41pm

Thank you for the fast response. So I have to wait for an updated mcp251xfd kernel module? btw, how is this distributed, I mean how does it get into the Raspberry Pi update server?

kuemme · November 9, 2024, 8:32pm

Found this bug report: https://github.com/raspberrypi/linux/issues/6406. There it is suggested to execute a rpi-update. That fixed the problem.