On Wed, 29 Dec 2021 12:34:00 +0100 Andrea Merello <andrea.merello@xxxxxxxxx> wrote: > Please ignore my previous report in this thread: I got a mail failure > from the commit author address and this made me suspicious; I > discovered that I rebased on an apparently stale branch (master branch > from iio tree). I just rebased on a more recent one, and the Oops is > gone. > > Sorry for the extra noise :( I should have checked this better.. My apologies.. > > BTW, Jonathan, on which tree/branch do you want IIO patches to be rebased onto? Typically the togreg branch (which merges through Greg KH's char-misc these days). Note that is sometimes a week behind what I've said I've applied (more during merge windows) as I push out first as testing to let 0-day run it's build tests against the tree. I'm rather lax at remembering to push out master so it gets stale as you've discovered (sorry about that!). In theory it would be -rc1 or char-misc-next depending on where we are in the cycle. If there isn't much going on around a given driver or core code, then rc1 of the current cycle is a good base as well (that's what I use for the tree for the first pull request to Greg each cycle - second one gets rebased onto his tree after he's taken that first pull request to pick up any merge conflict resolution Greg has had to do. Jonathan > > Andrea > > Il giorno mer 29 dic 2021 alle ore 10:51 Andrea Merello > <andrea.merello@xxxxxxxxx> ha scritto: > > > > Hi! > > > > After rebasing my tree on latest iio git tree I got an Oops [0] on > > rmmod of my wip driver, then I reproduced it also with iio-dummy > > driver; this has been bisected to f73f7f4da5818 (iio: buffer: add > > ioctl() to support opening extra buffers for IIO device). > > > > To reproduce, you need CONFIG_IIO_SIMPLE_DUMMY_BUFFER=y > > > > Then: > > root@localhost:/home/ubuntu# insmod iio_dummy.ko > > root@localhost:/home/ubuntu# mkdir /sys/kernel/config/iio/devices/dummy/mydummy > > root@localhost:/home/ubuntu# rmdir /sys/kernel/config/iio/devices/dummy/mydummy > > Segmentation fault > > > > I'm not familiar with IIO internals design, so I've gathered some > > clues (right below) and I'm just reporting this :) > > > > My suspect is about a doubled list_del() on the buffer ioctl handler: > > iio_device_unregister() loops on iio_dev_opaque->ioctl_handlers and > > deletes all elements, then it calls also > > iio_buffers_free_sysfs_and_mask() which in turn tries to unregister > > the buffer ioctl handler causing list_del() to be invoked again. Here > > the element being deleted has LIST_POISON1 and LIST_POISON2 as its > > next and prev ptrs. > > > > Commenting out any of the two list deletions avoids the Oops and makes > > things apparently work again. > > > > Thanks, > > Andrea > > > > [0] > > [ 234.343644] 8<--- cut here --- > > [ 234.346832] Unable to handle kernel NULL pointer dereference at > > virtual address 00000104 > > [ 234.355016] pgd = (ptrval) > > [ 234.357763] [00000104] *pgd=3bc6c831 > > [ 234.361302] Internal error: Oops: 817 [#1] SMP ARM > > [ 234.366131] Modules linked in: iio_dummy industrialio_sw_device > > [last unloaded: iio_dummy] > > [ 234.374425] CPU: 0 PID: 410 Comm: rmdir Not tainted 5.13.0-rc1+ #25 > > [ 234.380692] Hardware name: Xilinx Zynq Platform > > [ 234.385153] PC is at iio_device_ioctl_handler_unregister+0x24/0x38 > > [ 234.391401] LR is at iio_buffers_free_sysfs_and_mask+0x2c/0x78 > > [ 234.397226] pc : [<c08c5ec8>] lr : [<c08cac38>] psr: 20070013 > > [ 234.403419] sp : c3283e10 ip : 00000100 fp : c3283e1c > > [ 234.408636] r10: 00000000 r9 : c283bc00 r8 : c2d8abb0 > > [ 234.413907] r7 : 00000100 r6 : c28d1800 r5 : c28d1800 r4 : c28d1a10 > > [ 234.420451] r3 : 00000122 r2 : 00000100 r1 : 00000122 r0 : c2311e80 > > [ 234.426976] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none > > [ 234.434127] Control: 18c5387d Table: 0328404a DAC: 00000051 > > [ 234.439860] Register r0 information: slab kmalloc-64 start c2311e80 > > pointer offset 0 size 64 > > [ 234.448338] Register r1 information: non-paged memory > > [ 234.453389] Register r2 information: non-paged memory > > [ 234.458439] Register r3 information: non-paged memory > > [ 234.463490] Register r4 information: slab kmalloc-1k start c28d1800 > > pointer offset 528 size 1024 > > [ 234.472319] Register r5 information: slab kmalloc-1k start c28d1800 > > pointer offset 0 size 1024 > > [ 234.480963] Register r6 information: slab kmalloc-1k start c28d1800 > > pointer offset 0 size 1024 > > [ 234.489608] Register r7 information: non-paged memory > > [ 234.494677] Register r8 information: slab dentry start c2d8abb0 > > pointer offset 0 size 36 > > [ 234.502805] Register r9 information: slab kmalloc-128 start > > c283bc00 pointer offset 0 size 128 > > [ 234.511450] Register r10 information: NULL pointer > > [ 234.516169] Register r11 information: non-slab/vmalloc memory > > [ 234.521901] Register r12 information: non-paged memory > > [ 234.527025] Process rmdir (pid: 410, stack limit = 0x(ptrval)) > > [ 234.532924] Stack: (0xc3283e10 to 0xc3284000) > > [ 234.537292] 3e00: c3283e3c > > c3283e20 c08cac38 c08c5eb0 > > [ 234.545476] 3e20: c28d1a10 c28d1800 00000122 00000100 c3283e5c > > c3283e40 c08c4a08 c08cac18 > > [ 234.553678] 3e40: c28d1800 bf002040 c11fec04 c2318bc0 c3283e74 > > c3283e60 bf000020 c08c4964 > > [ 234.561862] 3e60: bf002000 bf002040 c3283e8c c3283e78 bf008024 > > bf00000c c283be08 bf002040 > > [ 234.570064] 3e80: c3283ea4 c3283e90 bf008050 bf00800c c283be08 > > bf002040 c3283eb4 c3283ea8 > > [ 234.578248] 3ea0: c0387de0 bf00803c c3283efc c3283eb8 c0388a34 > > c0387dac c2c26178 00000000 > > [ 234.586451] 3ec0: c1104ec8 c11febb4 c3283efc 6e9cda98 c02ec2c8 > > c2d8abb0 c2c27be8 00000000 > > [ 234.594634] 3ee0: c3283f50 ffffff9c c1104ec8 c3283f44 c3283f2c > > c3283f00 c02ed64c c038882c > > [ 234.602763] 3f00: c02ed30c c02ed278 c15d6000 00000000 00000000 > > c15d6000 00000000 00000000 > > [ 234.611002] 3f20: c3283f94 c3283f30 c02f18a4 c02ed5dc c3283f50 > > c3283f44 fffffe30 c2d8abb0 > > [ 234.619186] 3f40: c1105584 00000000 c2430250 c2d8acc0 da1a2e65 > > 00000007 c15d6035 b6f09000 > > [ 234.627388] 3f60: c02f03a8 6e9cda98 00000001 00014d40 00026179 > > beecf7d9 00000028 c0100244 > > [ 234.635572] 3f80: c3282000 00000028 c3283fa4 c3283f98 c02f1900 > > c02f1720 00000000 c3283fa8 > > [ 234.643775] 3fa0: c0100060 c02f18e0 00014d40 00026179 beecf7d9 > > beecf694 00000000 00000001 > > [ 234.651885] 3fc0: 00014d40 00026179 beecf7d9 00000028 00026168 > > 0001497c 00014d54 00026174 > > [ 234.660124] 3fe0: b6f11401 beecf4fc 00011183 b6f11406 00070030 > > beecf7d9 00000000 00000000 > > [ 234.668308] Backtrace: > > [ 234.670759] [<c08c5ea4>] (iio_device_ioctl_handler_unregister) from > > [<c08cac38>] (iio_buffers_free_sysfs_and_mask+0x2c/0x78) > > [ 234.682021] [<c08cac0c>] (iio_buffers_free_sysfs_and_mask) from > > [<c08c4a08>] (iio_device_unregister+0xb0/0xb4) > > [ 234.692048] r7:00000100 r6:00000122 r5:c28d1800 r4:c28d1a10 > > [ 234.697707] [<c08c4958>] (iio_device_unregister) from [<bf000020>] > > (iio_dummy_remove+0x20/0x40 [iio_dummy]) > > [ 234.707421] r7:c2318bc0 r6:c11fec04 r5:bf002040 r4:c28d1800 > > [ 234.713135] [<bf000000>] (iio_dummy_remove [iio_dummy]) from > > [<bf008024>] (iio_sw_device_destroy+0x24/0x30 > > [industrialio_sw_device]) > > [ 234.725097] r5:bf002040 r4:bf002000 > > [ 234.728581] [<bf008000>] (iio_sw_device_destroy > > [industrialio_sw_device]) from [<bf008050>] > > (device_drop_group+0x20/0x2c [industrialio_sw_device]) > > [ 234.741705] r5:bf002040 r4:c283be08 > > [ 234.745336] [<bf008030>] (device_drop_group > > [industrialio_sw_device]) from [<c0387de0>] > > (client_drop_item+0x40/0x54) > > [ 234.755897] r5:bf002040 r4:c283be08 > > [ 234.759473] [<c0387da0>] (client_drop_item) from [<c0388a34>] > > (configfs_rmdir+0x214/0x300) > > [ 234.767768] [<c0388820>] (configfs_rmdir) from [<c02ed64c>] > > (vfs_rmdir+0x7c/0x1b4) > > [ 234.775380] r10:c3283f44 r9:c1104ec8 r8:ffffff9c r7:c3283f50 > > r6:00000000 r5:c2c27be8 > > [ 234.783140] r4:c2d8abb0 > > [ 234.785721] [<c02ed5d0>] (vfs_rmdir) from [<c02f18a4>] (do_rmdir+0x190/0x1c0) > > [ 234.792872] r6:00000000 r5:00000000 r4:c15d6000 > > [ 234.797499] [<c02f1714>] (do_rmdir) from [<c02f1900>] (sys_rmdir+0x2c/0x30) > > [ 234.804411] r10:00000028 r9:c3282000 r8:c0100244 r7:00000028 > > r6:beecf7d9 r5:00026179 > > [ 234.812300] r4:00014d40 > > [ 234.814825] [<c02f18d4>] (sys_rmdir) from [<c0100060>] > > (ret_fast_syscall+0x0/0x2c) > > [ 234.822419] Exception stack(0xc3283fa8 to 0xc3283ff0) > > [ 234.827488] 3fa0: 00014d40 00026179 beecf7d9 > > beecf694 00000000 00000001 > > [ 234.835598] 3fc0: 00014d40 00026179 beecf7d9 00000028 00026168 > > 0001497c 00014d54 00026174 > > [ 234.843837] 3fe0: b6f11401 beecf4fc 00011183 b6f11406 > > [ 234.848888] Code: e5903004 e5902000 e3a0cc01 e3001122 (e5823004) > > [ 234.855062] ---[ end trace 0d5ead677fab1719 ]---
