On Tue, Aug 28, 2012 at 09:42:51AM +0800, Lin Ming wrote:

Hi list,

I'm working on a board running 2.6.30 kernel.
The panic log is attached in the end.

8002c098:       0c00aeaa        jal     8002baa8 <__remove_hrtimer>
8002c09c:       00003821        move    a3,zero
8002c0a0:       8e220020        lw      v0,32(s1)
8002c0a4:       0040f809        jalr    v0
8002c0a8:       02202021        move    a0,s1
8002c0ac:       02002821        move    a1,s0
------> panic happens here.
But this instruction just move data between registers.
How could it cause memory access panic?

in case of a jal or jalr instruction the return address will point to the
instruction of the jal(r) instruction plus 2 instruction as here.  This
is where in case of a successful return from the subroutine execution
would continue.

But in your case v0 (that's register $2) contains 0 and it's been loaded
from address 32(s1) before, so it would appear that memory at that
address has either been overwritten or not initialized.

  Ralf