lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <s5h7fun92ag.wl-tiwai@suse.de>
Date:	Wed, 11 Mar 2015 12:55:19 +0100
From:	Takashi Iwai <tiwai@...e.de>
To:	Fengguang Wu <fengguang.wu@...el.com>
Cc:	LKP <lkp@...org>, alsa-devel@...a-project.org,
	linux-kernel@...r.kernel.org
Subject: Re: [ALSA/seq] BUG: unable to handle kernel NULL pointer dereference at 00000050

At Wed, 11 Mar 2015 18:37:48 +0800,
Fengguang Wu wrote:
 
> Greetings,
> 
> 0day kernel testing robot got the below dmesg and the first bad commit is
> 
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
> 
> commit 7c37ae5c625aaa4836466cfaea829a3199dfc571
> Author:     Takashi Iwai <tiwai@...e.de>
> AuthorDate: Thu Feb 12 10:51:59 2015 +0100
> Commit:     Takashi Iwai <tiwai@...e.de>
> CommitDate: Thu Feb 12 11:35:11 2015 +0100
> 
>     ALSA: seq: Rewrite sequencer device binding with standard bus
>     
>     We've used the old house-made code for binding the sequencer device
>     and driver.  This can be far better implemented with the standard
>     bus nowadays.
>     
>     This patch refactors the whole sequencer binding code with the bus
>     /sys/bus/snd_seq.  The devices appear as id-card-device on this bus
>     and are bound with the drivers corresponding to the given id like the
>     former implementation.  The module autoload is also kept like before.
>     
>     There is no change in API functions by this patch, and almost all
>     transitions are kept inside seq_device.c.  The proc file output will
>     change slightly but kept compatible as much as possible.
>     
>     Further integration works will follow in later patches.
>     
>     Signed-off-by: Takashi Iwai <tiwai@...e.de>
> 
> +------------------------------------------+------------+------------+-----------------+
> |                                          | 72496edcf8 | 7c37ae5c62 | v4.0-rc3_031010 |
> +------------------------------------------+------------+------------+-----------------+
> | boot_successes                           | 79         | 0          | 0               |
> | boot_failures                            | 1          | 20         | 14              |
> | BUG:kernel_boot_crashed                  | 1          |            |                 |
> | BUG:unable_to_handle_kernel              | 0          | 20         | 14              |
> | Oops                                     | 0          | 20         | 14              |
> | EIP_is_at_bus_add_device                 | 0          | 20         | 14              |
> | Kernel_panic-not_syncing:Fatal_exception | 0          | 20         | 14              |
> | backtrace:usb_composite_probe            | 0          | 20         | 14              |
> | backtrace:midi_driver_init               | 0          | 20         | 14              |
> | backtrace:kernel_init_freeable           | 0          | 20         | 14              |
> +------------------------------------------+------------+------------+-----------------+
> 
> [    1.178531] udc dummy_udc.0: registering UDC driver [MIDI Gadget]
> [    1.179260] MIDI Gadget gadget: adding config #1 'MIDI Gadget'/c1f006c0
> [    1.184102] MIDI Gadget gadget: adding 'gmidi function'/d1fab310 to config 'MIDI Gadget'/c1f006c0
> [    1.186606] BUG: unable to handle kernel NULL pointer dereference at 00000050
> [    1.187008] IP: [<c1590786>] bus_add_device+0xd6/0x160
> [    1.187008] *pde = 00000000 
> [    1.187008] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
> [    1.187008] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.19.0-03415-g7c37ae5 #24
> [    1.187008] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
> [    1.187008] task: d3480000 ti: d346a000 task.ti: d346a000
> [    1.187008] EIP: 0060:[<c1590786>] EFLAGS: 00010246 CPU: 0
> [    1.187008] EIP is at bus_add_device+0xd6/0x160
> [    1.187008] EAX: 00000000 EBX: 00000000 ECX: d1fb7cc0 EDX: d1fa90bc
> [    1.187008] ESI: d1fa90bc EDI: c1f4f800 EBP: d346bb44 ESP: d346bb30
> [    1.187008]  DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
> [    1.187008] CR0: 80050033 CR2: 00000050 CR3: 02023000 CR4: 000406d0
> [    1.187008] Stack:
> [    1.187008]  c1291226 d1fa90b4 d1fa90bc d1f78c7c 00000000 d346bb84 c158e80a d1fa90bc
> [    1.187008]  d1f78c84 00000000 00000002 00000000 00000000 d1fa90b4 d1fa9048 2e056fb7
> [    1.187008]  00000002 ffffffff d1fb6dd0 00000000 d238b024 d346bb8c c18c26f0 d346bb98
> [    1.187008] Call Trace:
> [    1.187008]  [<c1291226>] ? acpi_platform_notify+0x19/0x78
> [    1.187008]  [<c158e80a>] device_add+0x33a/0x530
> [    1.187008]  [<c18c26f0>] snd_seq_device_dev_register+0x10/0x20
> [    1.187008]  [<c18a13b6>] snd_device_register+0x46/0x80
> [    1.187008]  [<c18b181d>] snd_rawmidi_dev_register+0x1cd/0x2d0
> [    1.187008]  [<c189e70a>] ? snd_ctl_dev_register+0x2a/0x30
> [    1.187008]  [<c18a1432>] snd_device_register_all+0x42/0x70
> [    1.187008]  [<c189e10d>] snd_card_register+0x3d/0x150
> [    1.187008]  [<c16c284a>] f_midi_bind+0x16a/0x6c0
> [    1.187008]  [<c104de70>] ? irq_exit+0x30/0x60
> [    1.187008]  [<c10881ef>] ? console_unlock+0x38f/0x520
> [    1.187008]  [<c108860a>] ? vprintk_emit+0x28a/0x5f0
> [    1.187008]  [<c158f8df>] ? dev_vprintk_emit+0x14f/0x280
> [    1.187008]  [<c1109c9b>] ? alloc_debug_processing+0xcb/0x150
> [    1.187008]  [<c16c2e32>] ? f_midi_alloc+0x92/0x1a0
> [    1.187008]  [<c16c2e32>] ? f_midi_alloc+0x92/0x1a0
> [    1.187008]  [<c16c2e32>] ? f_midi_alloc+0x92/0x1a0
> [    1.187008]  [<c1faabc0>] ? midi_bind+0xd2/0xd2
> [    1.187008]  [<c158fa2a>] ? dev_printk_emit+0x1a/0x20
> [    1.187008]  [<c158fa76>] ? __dev_printk+0x46/0x90
> [    1.187008]  [<c158fae6>] ? dev_printk+0x26/0x30
> [    1.187008]  [<c16971b9>] usb_add_function+0x79/0x140
> [    1.187008]  [<c1faabc0>] ? midi_bind+0xd2/0xd2
> [    1.187008]  [<c1faabe5>] midi_bind_config+0x25/0x3c
> [    1.187008]  [<c169753c>] usb_add_config+0x9c/0x240
> [    1.187008]  [<c1a1ee48>] ? mutex_unlock+0x8/0x10
> [    1.187008]  [<c1faab86>] midi_bind+0x98/0xd2
> [    1.187008]  [<c1697d28>] composite_bind+0x88/0x1a0
> [    1.187008]  [<c169a92f>] udc_bind_to_driver+0x4f/0xf0
> [    1.187008]  [<c169b15d>] usb_gadget_probe_driver+0x6d/0xb0
> [    1.187008]  [<c1f7cb5e>] ? do_one_initcall+0x77/0x151
> [    1.187008]  [<c1697eb8>] usb_composite_probe+0x78/0xa0
> [    1.187008]  [<c1faaadf>] ? midimod_init+0xf/0xf
> [    1.187008]  [<c1faaaec>] midi_driver_init+0xd/0xf
> [    1.187008]  [<c1f7cbb4>] do_one_initcall+0xcd/0x151
> [    1.187008]  [<c1f7c424>] ? do_early_param+0x73/0x73
> [    1.187008]  [<c1060c00>] ? parse_args+0x1f0/0x430
> [    1.187008]  [<c1f7cd1b>] kernel_init_freeable+0xe3/0x15b
> [    1.187008]  [<c1a1411b>] kernel_init+0xb/0xe0
> [    1.187008]  [<c1a22201>] ret_from_kernel_thread+0x21/0x30
> [    1.187008]  [<c1a14110>] ? rest_init+0xb0/0xb0
> [    1.187008] Code: b6 00 00 00 00 8b 57 14 8b 45 f0 e8 25 d9 ff ff 85 c0 89 c3 75 69 8b 45 f0 8b 48 2c 85 c9 74 6c 8b 45 f0 8d 70 08 8b 47 48 89 f2 <8b> 40 50 83 c0 28 e8 6f 34 bc ff 85 c0 89 c3 74 0d 8b 55 f0 8d
> [    1.187008] EIP: [<c1590786>] bus_add_device+0xd6/0x160 SS:ESP 0068:d346bb30
> [    1.187008] CR2: 0000000000000050
> [    1.187008] ---[ end trace 7c40b21b66beeff8 ]---
> [    1.187008] Kernel panic - not syncing: Fatal exception

This is yet another init order problem.  Fixed by the patch below.


Thanks!

Takashi

-- 8< --
From: Takashi Iwai <tiwai@...e.de>
Subject: [PATCH] ALSA: seq: Fix init order of snd_seq_device stuff

When the sequencer driver is built in kernel, it may panic at boot
because of the uninitialized snd_seq_bus_type.  Initialize it properly
via subsys_initcall() instead of module_init() to assure that the bus
is registered beforehand.

Reported-by: Fengguang Wu <fengguang.wu@...el.com>
Fixes: 7c37ae5c625a ('ALSA: seq: Rewrite sequencer device binding with standard bus')
Signed-off-by: Takashi Iwai <tiwai@...e.de>
---
 sound/core/seq/seq_device.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sound/core/seq/seq_device.c b/sound/core/seq/seq_device.c
index 355b34269bd1..d99f99d61983 100644
--- a/sound/core/seq/seq_device.c
+++ b/sound/core/seq/seq_device.c
@@ -311,5 +311,5 @@ static void __exit alsa_seq_device_exit(void)
 	bus_unregister(&snd_seq_bus_type);
 }
 
-module_init(alsa_seq_device_init)
+subsys_initcall(alsa_seq_device_init)
 module_exit(alsa_seq_device_exit)
-- 
2.3.2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ