EPICS Home EPICS Controls Argonne National Laboratory

Experimental Physics and
Industrial Control System

Format page
for printing


Search Tech-talk
1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  <20182019  2020  2021  2022  2023  2024  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  <20182019  2020  2021  2022  2023  2024 
<== Date ==> <== Thread ==>
Subject: Weird crash in seq record
From: Dirk Zimoch <[email protected]>
To: EPICS <[email protected]>
Date: Tue, 16 Oct 2018 15:56:25 +0200 
Hi folks,
Sometimes I get a strange segmentation fault in the cbLow thread in seqRecord function processCallback(). My EPICS base version is 3.14.12.7. 

#0  processCallback (arg=<optimized out>) at ../seqRecord.c:373

The line is:

  dbGetLink(&(pcb->plinks[pcb->index]->dol), DBR_DOUBLE,
	&(pcb->plinks[pcb->index]->dov),0,0);

(gdb) print *pcb
$2 = {callback = {callback = 0xff97a24 <processCallback>, priority = 0, user = 0xaffbdbe0, timer = 0x0}, pseqRecord = 0xb121a958, plinks = {0xb121aae8, 0xb121ab38, 0xb121ab88, 0xb121abd8, 0xb121ac28, 0xb121ac78, 0xb121acc8, 0xb121ad18, 0x0, 0x0, 0x0}, index = 8}
As you can see, index = 8, but plinks has only 8 valid entries. (This is consistent with the record having 8 links.) Thus pcb->plinks[pcb->index] == NULL, causing the crash. 

I cannot see how this could possibly happen.
processCallback() is triggered by processNextLink(), but only if pcb->plinks[pcb->index] != NULL.
It looks like something changes pcb->index after callbackRequest() but before the callback runs. But the only code that modifies pcb->index is the callback function processCallback() itself and the process() function. Both while holding the dbScanLock semaphore. Also processNextLink is only called while holding the dbScanLock semaphore. 

The record looks like this:
record(seq, "$(DEV)$(SYS)$(CH)-CALC-AVG-RMS") {
   field(LNK1, "$(DEV)$(SYS)$(CH)-MIN PP")
   field(LNK2, "$(DEV)$(SYS)$(CH)-MAX PP")
   field(LNK3, "$(DEV)$(SYS)$(CH)-PEAK-PEAK PP")
   field(LNK4, "$(DEV)$(SYS)$(CH)-AVG PP")
   field(LNK5, "$(DEV)$(SYS)$(CH)-RMS PP")
   field(LNK6, "$(DEV)$(SYS)$(CH)-RMS-AVG PP")
   field(LNK7, "$(DEV)$(SYS)$(CH)-AVG2 PP")
   field(LNK8, "$(DEV)$(SYS)$(CH)-AVG-RMS PP")
}
It is FLNK'ed from a record which is scanned "I/O Intr" and which may receive very quick "double triggers". So I suspect a race condition but I cannot find it. 

Any ideas?

Dirk
Navigate by Date:
Prev: Re: EPICS Application Package Jeong Han Lee
Next: EPICS support for SR 844 and SR 850 Bommannavar, Arun S.
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  <20182019  2020  2021  2022  2023  2024 
Navigate by Thread:
Prev: Re: Camera Recommendations [SEC=UNCLASSIFIED] Pearson, Matthew R. via Tech-talk
Next: EPICS support for SR 844 and SR 850 Bommannavar, Arun S.
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  <20182019  2020  2021  2022  2023  2024 
ANJ, 17 Oct 2018 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·