Hi all,
I've drilled down further. After an async command has run the channel
list is kfree'd in do_become_nonbusy. The pointer is not NULL but I
guess that's been kfree'd already somewhere else and there is no need to
do it here?
The comedi_command_test is actually OK. Ignore the report here last
night. That was actually proper behaviour of comedilib. The channellist
was 20 channels long in the demo program but the usbduxsigma only
supports 16 channels. In the old version of comedilib that was ignored
but now properly checked. Now it is. So, not a bug but a feature!
/Bernd
[ 85.208807] do_become_nonbusy: freeing chanlist
[ 85.208830] BUG: unable to handle kernel paging request at
ffffea0001ffffc0
[ 85.208891] IP: [<ffffffff8119e4c6>] kfree+0x56/0x130
[ 85.208933] PGD 5f684067 PUD 5f683067 PMD 0
[ 85.208971] Oops: 0000 [#1] SMP
[ 85.209001] Modules linked in: radeon bnep snd_hda_codec_idt
rc_hauppauge ir_kbd_i2c snd_hda_intel rfcomm snd_hda_codec tuner msp3400
snd_hwdep snd_bt87x bluetooth usbduxsigma(O) hid_generic comedi_fc(O)
comedi(O) usbhid pcmcia snd_pcm hid bttv pcmcia_core snd_page_alloc
parport_pc snd_seq_midi snd_seq_midi_event snd_rawmidi ppdev snd_seq ttm
btcx_risc snd_seq_device tveeprom drm_kms_helper gpio_ich snd_timer
videobuf_dma_sg drm rc_core snd dcdbas v4l2_common videobuf_core psmouse
videodev soundcore serio_raw microcode i2c_algo_bit lpc_ich mac_hid lp
parport ahci libahci e100 mii
[ 85.209493] CPU: 0 PID: 1984 Comm: cmd Tainted: G O
3.13.0-rc3+ #1
[ 85.209539] Hardware name: Dell Inc. Dimension 9100
/0X8582, BIOS A01 05/25/2005
[ 85.209603] task: ffff88005bc8b000 ti: ffff88005b334000 task.ti:
ffff88005b334000
[ 85.209652] RIP: 0010:[<ffffffff8119e4c6>] [<ffffffff8119e4c6>]
kfree+0x56/0x130
[ 85.209703] RSP: 0018:ffff88005b335dd8 EFLAGS: 00010286
[ 85.209739] RAX: 0000000001ffffc0 RBX: fffffffffffffff2 RCX:
0000000000000006
[ 85.209784] RDX: 0000000000000000 RSI: 0000000059a259a0 RDI:
fffffffffffffff2
[ 85.209829] RBP: ffff88005b335df0 R08: 0000000000000082 R09:
00000000000003c4
[ 85.209875] R10: ffffea0001ffffc0 R11: 6c6e61686320676e R12:
ffff88003bf7ad00
[ 85.209921] R13: ffffffffa020995b R14: 00007fffe7305770 R15:
ffff88005b335e48
[ 85.209968] FS: 00007fa60b5af740(0000) GS:ffff88005fc00000(0000)
knlGS:0000000000000000
[ 85.210020] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 85.210058] CR2: ffffea0001ffffc0 CR3: 000000005b905000 CR4:
00000000000007f0
[ 85.210104] Stack:
[ 85.210118] ffff8800415cfc00 ffff88003bf7ad00 fffffffffffffff2
ffff88005b335e18
[ 85.210176] ffffffffa020995b ffff88005be4ff00 ffff88003c981900
fffffffffffffff2
[ 85.210231] ffff88005b335ec0 ffffffffa020ac6d ffff88003bf7ad00
ffff8800415cfc00
[ 85.210287] Call Trace:
[ 85.210317] [<ffffffffa020995b>] do_become_nonbusy.isra.10+0xbb/0xd0
[comedi]
[ 85.210372] [<ffffffffa020ac6d>] comedi_unlocked_ioctl+0xb4d/0x1280
[comedi]
[ 85.210424] [<ffffffff811ca5a0>] do_vfs_ioctl+0x2e0/0x4c0
[ 85.210465] [<ffffffff8109af84>] ? vtime_account_user+0x54/0x60
[ 85.210510] [<ffffffff811ca801>] SyS_ioctl+0x81/0xa0
[ 85.210546] [<ffffffff81731fff>] tracesys+0xe1/0xe6
[ 85.210579] Code: 00 00 00 80 ff 77 00 00 49 ba 00 00 00 00 00 ea ff
ff 48 01 d8 48 0f 42 15 58 6b a7 00 48 01 d0 48 c1 e8 0c 48 c1 e0 06 49
01 c2 <49> 8b 02 f6 c4 80 0f 85 be 00 00 00 49 8b 02 a8 80 0f 84 92 00
[ 85.210923] RIP [<ffffffff8119e4c6>] kfree+0x56/0x130
[ 85.210960] RSP <ffff88005b335dd8>
[ 85.210983] CR2: ffffea0001ffffc0
[ 85.214342] ---[ end trace efb568732351eb56 ]---
[ 210.336281] audit_printk_skb: 135 callbacks suppressed
[ 210.336289] type=1006 audit(1386754824.943:72): pid=2083 uid=0 old
auid=4294967295 new auid=1000 old ses=4294967295 new ses=1 res=1
static void do_become_nonbusy(struct comedi_device *dev,
struct comedi_subdevice *s)
{
struct comedi_async *async;
if (s == NULL)
{
printk("do_become_nonbusy: s=NULL\n");
return;
}
async = s->async;
if (async == NULL)
{
printk("do_become_nonbusy: s->async is NULL\n");
}
comedi_set_subdevice_runflags(s, SRF_RUNNING, 0);
if (async) {
comedi_buf_reset(async);
async->inttrig = NULL;
if (async->cmd.chanlist) {
printk("do_become_nonbusy: freeing chanlist\n");
kfree(async->cmd.chanlist);
async->cmd.chanlist = NULL;
}
} else {
dev_err(dev->class_dev,
"BUG: (?) do_become_nonbusy called with
async=NULL\n");
}
s->busy = NULL;
}
Ian Abbott wrote:
On 2013-12-10 21:07, Bernd Porr wrote:
Hi all,
here is the patch to fix the original bug. That was easier than I
expected. That's against the latest RC kernel.
However there are a couple other issues now.
There seems to be an issue with comedi generic timed and the commands
correcting the TRIG bit. It ANDs the right bit values first in the
"comedi_get_cmd_generic_timed" but then "comedi_command_test" gets just
0 and then cmd fails:
[ 9525.967397] usbcore: registered new interface driver usbduxsigma
[ 9539.981072] cfc_check_trigger_src: orig_src=ffffffff, *src=82
[ 9539.981079] TRIG_NOW | TRIG_INT err=-22, cmd->start_src=82
[ 9539.981082] cfc_check_trigger_src: orig_src=ffffffff, *src=10
[ 9539.981085] TRIG_TIMER err=-22, cmd->scan_begin_src=10
[ 9539.981088] cfc_check_trigger_src: orig_src=ffffffff, *src=2
[ 9539.981091] TRIG_NOW err=-22, cmd->convert_src=2
[ 9539.981094] cfc_check_trigger_src: orig_src=ffffffff, *src=20
[ 9539.981096] TRIG_COUNT err=-22, cmd->scan_end_src=20
[ 9539.981099] cfc_check_trigger_src: orig_src=ffffffff, *src=21
[ 9539.981102] TRIG_COUNT | TRIG_NONE err=-22, cmd->stop_src=21
[ 9539.981104] Wrong TRIG source
[ 9539.981167] cfc_check_trigger_src: orig_src=0, *src=0
[ 9539.981171] TRIG_NOW | TRIG_INT err=-22, cmd->start_src=0
[ 9539.981173] cfc_check_trigger_src: orig_src=0, *src=0
[ 9539.981176] TRIG_TIMER err=-22, cmd->scan_begin_src=0
[ 9539.981178] cfc_check_trigger_src: orig_src=0, *src=0
[ 9539.981181] TRIG_NOW err=-22, cmd->convert_src=0
[ 9539.981183] cfc_check_trigger_src: orig_src=0, *src=0
[ 9539.981185] TRIG_COUNT err=-22, cmd->scan_end_src=0
[ 9539.981187] cfc_check_trigger_src: orig_src=0, *src=0
[ 9539.981190] TRIG_COUNT | TRIG_NONE err=-22, cmd->stop_src=0
[ 9539.981192] Wrong TRIG source
[ 9539.981196] cfc_check_trigger_src: orig_src=0, *src=0
[ 9539.981199] TRIG_NOW | TRIG_INT err=-22, cmd->start_src=0
[ 9539.981201] cfc_check_trigger_src: orig_src=0, *src=0
[ 9539.981203] TRIG_TIMER err=-22, cmd->scan_begin_src=0
[ 9539.981205] cfc_check_trigger_src: orig_src=0, *src=0
[ 9539.981208] TRIG_NOW err=-22, cmd->convert_src=0
[ 9539.981210] cfc_check_trigger_src: orig_src=0, *src=0
[ 9539.981212] TRIG_COUNT err=-22, cmd->scan_end_src=0
[ 9539.981214] cfc_check_trigger_src: orig_src=0, *src=0
[ 9539.981216] TRIG_COUNT | TRIG_NONE err=-22, cmd->stop_src=0
[ 9539.981218] Wrong TRIG source
Userspace program (cmd.c):
ret = comedi_command_test(dev, cmd);
if(ret < 0){
comedi_perror("comedi_command_test");
if(errno == EIO){
fprintf(stderr,"Ummm... this subdevice doesn't
support commands\n");
}
exit(1);
}
ret = comedi_command_test(dev, cmd);
if(ret < 0){
comedi_perror("comedi_command_test");
exit(1);
}
fprintf(stderr,"second test returned %d (%s)\n", ret,
cmdtest_messages[ret]);
^^^^^^ stops here
hacked cfc_check_trigger_src:
-----------------------------
static inline int cfc_check_trigger_src(unsigned int *src, unsigned int
flags)
{
unsigned int orig_src = *src;
*src = orig_src & flags;
printk("cfc_check_trigger_src: orig_src=%x, *src=%x
\n",orig_src,*src );
if (*src == TRIG_INVALID || *src != orig_src)
return -EINVAL;
return 0;
}
Any ideas?
I don't know off-hand, but I'll take a look when I get the chance.
There is another issue which has to the with the subdevices. This
happens when I unplug the DUX board (all boards cause this):
[ 4972.978379] ------------[ cut here ]------------
[ 4972.978386] WARNING: CPU: 0 PID: 33 at fs/sysfs/group.c:214
sysfs_remove_group+0xc6/0xd0()
[ 4972.978389] sysfs group ffffffff81caa2e0 not found for kobject
'comedi0_subd1'
[ 4972.978392] Modules linked in: usbdux(O) usbduxsigma(O) comedi_fc(O)
comedi(O) radeon bnep rfcomm bluetooth snd_hda_codec_idt snd_hda_intel
snd_hda_codec parport_pc ppdev rc_hauppauge snd_bt87x ir_kbd_i2c
snd_hwdep tuner snd_pcm msp3400 snd_page_alloc snd_seq_midi bttv
snd_seq_midi_event snd_rawmidi pcmcia hid_generic snd_seq pcmcia_core
ttm usbhid hid drm_kms_helper snd_seq_device drm btcx_risc snd_timer
tveeprom videobuf_dma_sg rc_core snd v4l2_common psmouse videobuf_core
gpio_ich videodev dcdbas microcode serio_raw lpc_ich i2c_algo_bit
soundcore mac_hid lp parport e100 ahci mii libahci [last unloaded:
comedi]
[ 4972.978454] CPU: 0 PID: 33 Comm: khubd Tainted: G WC O
3.13.0-rc3+ #1
[ 4972.978457] Hardware name: Dell Inc. Dimension 9100
/0X8582, BIOS A01 05/25/2005
[ 4972.978460] 0000000000000009 ffff88005c801a38 ffffffff81721083
ffff88005c801a80
[ 4972.978466] ffff88005c801a70 ffffffff810645fd 0000000000000000
ffffffff81caa2e0
[ 4972.978472] ffff8800560ed810 ffff88005a615000 0000000000000000
ffff88005c801ad0
[ 4972.978478] Call Trace:
[ 4972.978484] [<ffffffff81721083>] dump_stack+0x45/0x56
[ 4972.978489] [<ffffffff810645fd>] warn_slowpath_common+0x7d/0xa0
[ 4972.978494] [<ffffffff8106466c>] warn_slowpath_fmt+0x4c/0x50
[ 4972.978499] [<ffffffff8122fb7e>] ? sysfs_get_dirent_ns+0x4e/0x70
[ 4972.978504] [<ffffffff81230e56>] sysfs_remove_group+0xc6/0xd0
[ 4972.978509] [<ffffffff814a5793>] dpm_sysfs_remove+0x43/0x50
[ 4972.978513] [<ffffffff8149b1c5>] device_del+0x45/0x1c0
[ 4972.978518] [<ffffffff8149b35e>] device_unregister+0x1e/0x60
[ 4972.978522] [<ffffffff8149b41c>] device_destroy+0x3c/0x50
[ 4972.978530] [<ffffffffa0221525>]
comedi_free_subdevice_minor+0x75/0xa0 [comedi]
[ 4972.978539] [<ffffffffa0221f68>] comedi_device_detach+0x48/0x160
[comedi]
[ 4972.978546] [<ffffffffa021e2b3>] comedi_device_cleanup+0x33/0x90
[comedi]
[ 4972.978552] [<ffffffffa021e346>] comedi_free_board_dev+0x36/0x50
[comedi]
[ 4972.978558] [<ffffffffa02213b0>]
comedi_release_hardware_device+0x80/0x90 [comedi]
[ 4972.978565] [<ffffffffa0221a63>] comedi_auto_unconfig+0x13/0x20
[comedi]
[ 4972.978572] [<ffffffffa0223172>] comedi_usb_auto_unconfig+0x12/0x20
[comedi]
[ 4972.978578] [<ffffffff815520f4>] usb_unbind_interface+0x64/0x1c0
[ 4972.978583] [<ffffffff8149eedf>] __device_release_driver+0x7f/0xf0
[ 4972.978587] [<ffffffff8149ef73>] device_release_driver+0x23/0x30
[ 4972.978592] [<ffffffff8149e7f8>] bus_remove_device+0x108/0x180
[ 4972.978596] [<ffffffff8149b2a9>] device_del+0x129/0x1c0
[ 4972.978601] [<ffffffff8154faa0>] usb_disable_device+0xb0/0x290
[ 4972.978605] [<ffffffff815442bd>] usb_disconnect+0xad/0x200
[ 4972.978609] [<ffffffff8154763d>] hub_thread+0x70d/0x1750
[ 4972.978614] [<ffffffff8109a4c8>] ? sched_clock_cpu+0xa8/0x100
[ 4972.978619] [<ffffffff810a88c0>] ? prepare_to_wait_event+0x100/0x100
[ 4972.978623] [<ffffffff81546f30>] ? usb_reset_device+0x1d0/0x1d0
[ 4972.978627] [<ffffffff81088152>] kthread+0xd2/0xf0
[ 4972.978632] [<ffffffff81088080>] ? kthread_create_on_node+0x190/0x190
[ 4972.978637] [<ffffffff81731d3c>] ret_from_fork+0x7c/0xb0
[ 4972.978641] [<ffffffff81088080>] ? kthread_create_on_node+0x190/0x190
[ 4972.978644] ---[ end trace 69c2b5c4559cdf1b ]---
I guess that subdevice no longer exists at this point?
/Bernd
I'm hoping that will be fixed by other changes I made to the comedi core
recently that aren't in the RC kernel yet.
--
http://www.berndporr.me.uk
http://www.linux-usb-daq.co.uk
http://www.imdb.com/name/nm3293421/
+44 (0)7840 340069
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
