Re: b276527539 ("staging: most: move core files out of the staging .."): [ 12.247349] BUG: kernel NULL pointer dereference, address: 00000000
From: Christian.Gromm
Date: Tue Mar 31 2020 - 15:30:26 EST
On Sun, 2020-03-29 at 21:39 +0800, kernel test robot wrote:
> EXTERNAL EMAIL: Do not click links or open attachments unless you
> know the content is safe
>
> Greetings,
>
> 0day kernel testing robot got the below dmesg and the first bad
> commit is
>
> https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git
> staging-next
>
> commit b276527539188f1f61c082ebef27803db93e536d
> Author: Christian Gromm <christian.gromm@xxxxxxxxxxxxx>
> AuthorDate: Tue Mar 10 14:02:40 2020 +0100
> Commit: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
> CommitDate: Tue Mar 24 13:42:44 2020 +0100
>
> staging: most: move core files out of the staging area
>
> This patch moves the core module to the /drivers/most directory
> and makes all necessary changes in order to not break the build.
>
> Signed-off-by: Christian Gromm <christian.gromm@xxxxxxxxxxxxx>
> Link:
> https://lore.kernel.org/r/1583845362-26707-2-git-send-email-christian.gromm@xxxxxxxxxxxxx
> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
>
> 22dd4acc80 Staging: speakup: Add identifier name to function
> declaration arguments.
> b276527539 staging: most: move core files out of the staging area
> e681bb287f staging: vt6656: Use DIV_ROUND_UP macro instead of
> specific code
> +-------------------------------------------------------+----------
> --+------------+------------+
> > | 22dd4acc80
> > | b276527539 | e681bb287f |
> +-------------------------------------------------------+----------
> --+------------+------------+
> > boot_successes |
> > 26 | 0 | 0 |
> > boot_failures |
> > 8 | 11 | 11 |
> > WARNING:possible_circular_locking_dependency_detected |
> > 8 | | |
> > BUG:kernel_NULL_pointer_dereference,address |
> > 0 | 11 | 11 |
> > Oops:#[##] |
> > 0 | 11 | 11 |
> > EIP:__list_add_valid |
> > 0 | 11 | 11 |
> > Kernel_panic-not_syncing:Fatal_exception |
> > 0 | 11 | 11 |
> +-------------------------------------------------------+----------
> --+------------+------------+
>
> If you fix the issue, kindly add following tag
> Reported-by: kernel test robot <lkp@xxxxxxxxx>
>
> [ 12.242090] no options.
> [ 12.245364] FPGA DOWNLOAD --->
> [ 12.245723] FPGA image file name: xlinx_fpga_firmware.bit
> [ 12.246548] GPIO INIT FAIL!!
> [ 12.246995] most_sound: init()
> [ 12.247349] BUG: kernel NULL pointer dereference, address:
> 00000000
> [ 12.248032] #PF: supervisor read access in kernel mode
> [ 12.248322] #PF: error_code(0x0000) - not-present page
> [ 12.248322] *pdpt = 0000000000000000 *pde = f000ff53f000ff53
> [ 12.248322] Oops: 0000 [#1] PREEMPT SMP
> [ 12.248322] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.6.0-rc7-
> 00376-gb276527539188 #1
> [ 12.248322] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
> BIOS 1.12.0-1 04/01/2014
> [ 12.248322] EIP: __list_add_valid+0x29/0x77
> [ 12.248322] Code: c3 55 89 e5 56 53 83 ec 10 8b 59 04 39 d3 74 1a
> 89 4c 24 0c 89 5c 24 08 89 54 24 04 c7 04 24 00 cc bd c2 e8 84 9e b4
> ff 0f 0b <8b> 33 39 ce 74 1a 89 5c 24 0c 89 74 24 08 89 4c 24 04 c7
> 04 24 7c
> [ 12.248322] EAX: c2f45800 EBX: 00000000 ECX: c3e8df50 EDX:
> 00000000
> [ 12.248322] ESI: 00000000 EDI: ec4a7f68 EBP: ec4a7ee8 ESP:
> ec4a7ed0
> [ 12.248322] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS:
> 00010246
> [ 12.248322] CR0: 80050033 CR2: 00000000 CR3: 03256000 CR4:
> 001406b0
> [ 12.248322] Call Trace:
> [ 12.248322] ? vprintk_func+0x9d/0xa7
> [ 12.248322] most_register_component+0x33/0x53
This function does a NULL check on the passed argument
struct most_component, berfore it calls list_add_tail().
So the dereferenced pointer must be the struct list_head
comp_list of the core.
> [ 12.248322] ? wilc_spi_driver_init+0x11/0x11
> [ 12.248322] audio_init+0x2c/0x76
> [ 12.248322] do_one_initcall+0xf0/0x284
> [ 12.248322] ? __might_sleep+0x70/0x77
> [ 12.262064] kernel_init_freeable+0x141/0x1a5
> [ 12.262064] ? rest_init+0x205/0x205
> [ 12.262064] kernel_init+0xb/0xea
> [ 12.262064] ? schedule_tail_wrapper+0x9/0xc
> [ 12.262064] ret_from_fork+0x2e/0x38
> [ 12.262064] Modules linked in:
> [ 12.262064] CR2: 0000000000000000
> [ 12.262064] ---[ end trace 7c7a2cb6d11f9c5d ]---
> [ 12.262064] EIP: __list_add_valid+0x29/0x77
which is weird, as the list_head used here is not dynamically
allocated and INIT_LIST_HEAD is definitely being called in the
__init function most_init() of the core module before its first
usage.
I've never seen the code failing at this point, nor has this
being reported by anyone yet.
Need to investigate.
thanks,
Chris