Re: Kernel Oops in CVS with NI PCI-6052E from Eran Tromer on 2004-07-20 (gmane.linux.comedi)

From: Eran Tromer <comedi2eran_at_tromer.org>
Date: Tue, 20 Jul 2004 15:08:47 +0300
On 2004/07/18 20:30, Frank Mori Hess wrote:
> You might insert some printk's to see if the arguments passed to 
> ni_ai_munge() are sane.  

Well, they're not sane. The "if(s==dev->read_subdev)" branch of
do_bufinfo_ioctl() calls comedi_buf_munge() with a negative num_bytes.
Here the printk-augmented kernel output of a cmd.c after hacking the
latter to call comedi_get_buffer_contents() before every read():

# Entering ni_at_reset()
# Exiting ni_at_reset()
# Entering ni_ai_cmd()
# Exiting ni_ai_cmd()
# do_bufinfo_ioctl: calling comedi_buf_munge. bi.buf_int_count=0,
async->munge_count=0
# Entering comedi_buf_munge(330350592, 54216312, 0)
# Exiting comedi_buf_munge
# Entering comedi_buf_munge(330350592, 54216312, 22)
# Entering ni_ai_munge(330350592, 54216312, 378368000, 22, 0)
# Exiting ni_ai_munge
# Exiting comedi_buf_munge
# do_bufinfo_ioctl: calling comedi_buf_munge. bi.buf_int_count=4112,
async->munge_count=22
# Entering comedi_buf_munge(330350592, 54216312, 4090)
# Entering ni_ai_munge(330350592, 54216312, 378368022, 4090, 0)
# Exiting ni_ai_munge
# Exiting comedi_buf_munge
# Entering comedi_buf_munge(330350592, 54216312, 4090)
# Entering ni_ai_munge(330350592, 54216312, 378372112, 4090, 0)
# Exiting ni_ai_munge
# Exiting comedi_buf_munge
# do_bufinfo_ioctl: calling comedi_buf_munge. bi.buf_int_count=4112,
async->munge_count=8202
# Entering comedi_buf_munge(330350592, 54216312, -4090)
# Entering ni_ai_munge(330350592, 54216312, 378376202, -4090, 0)
Unable to handle kernel paging request at virtual address 168e7000
 printing eip:
16906997
*pde = 013b3067
Oops: 0000 [#1]
Modules linked in: ni_pcimio comedi_fc mite 8255 comedi ext3 jbd dm_mod
uhci_hcd
CPU:    0
EIP:    0060:[<16906997>]    Not tainted
EFLAGS: 00010283   (2.6.6-1.435.2.3)
EIP is at ni_ai_munge+0x57/0x90 [ni_pcimio]
eax: 13b0c000   ebx: 00000000   ecx: 00006ffb   edx: 135c0000
esi: 168d900a   edi: 15fcd238   ebp: 7ffff803   esp: 15cf4ee4
ds: 007b   es: 007b   ss: 0068
Process tragedi (pid: 766, threadinfo=15cf4000 task=15622c30)
Stack: 1690ca28 13b0c000 033b4678 168d900a fffff006 00000000 13b0c000
fffff006
       033b4678 15fcd238 fffff006 168ce1d1 fffff006 00000000 033b4678
fffff006
       ffffdc82 16906940 00000000 13b0c000 15fcd238 033b4678 13b0c000
feee6c60
Call Trace:
 [<168ce1d1>] comedi_buf_munge+0xb1/0x130 [comedi]
 [<16906940>] ni_ai_munge+0x0/0x90 [ni_pcimio]
 [<168cb9d7>] do_bufinfo_ioctl+0x117/0x1e0 [comedi]
 [<0214f7f6>] sys_ioctl+0x1f2/0x224
 [<02142236>] sys_write+0x2c/0x42

Code: 0f b7 04 4e 0f b7 94 5a 36 01 00 00 43 01 d0 66 89 04 4e 31


> Also, compiling your kernel with the various
> debugging options under the 'kernel hacking' section turned on might be 
> helpful.  

Tried that, didn't get anything of interest.

BTW, I should mention that every oops trashes the state of comedi driver
(the device can't be opened again without a reboot), so it's rather
cumbersome to perform these tests...

  Eran
Received on 2004-07-20Z11:08:47