[alsa-devel] [BUG] NULL pointer dereference in patch_sigmatel.c

Ozan Çağlayan ozan at pardus.org.tr
Thu Aug 6 13:38:23 CEST 2009 

Takashi Iwai wrote On 17-07-2009 12:45:
> At Fri, 17 Jul 2009 11:33:08 +0200,
> I wrote:
>   
>> At Thu, 16 Jul 2009 22:51:50 +0300,
>> Ozan Çağlayan wrote:
>>     
>>> Hi,
>>>
>>> One of our users is having a NULL ptr dereference upon loading the
>>> snd_hda_intel module with 20090624's snapshot. There's only one commit
>>> after that date in patch_sigmatel.c so I didn't tell him to try with the
>>> latest snapshot but if you think that the bug may be related to another
>>> part of the ALSA codebase, I can make him try the latest snapshot.
>>>       
>> I suppose you are using unstable tree, right?
>>     
>
> Looking through the stack trace, it's not...
>
> But, I don't see any problem in the current code.  It could be a bug
> in the wrapper for older kernels.  Anyway, checking with the very latest
> snapshot would be helpful.
>   

Hi again.

We've had another NULL ptr deref with the very same 20090624 snapshot on
2.6.25.20. The codecs are not the same, this is a conexant one.

I've now compiled and tried 20090805 snapshot and it's the same. So yes,
I think that there's a problem with the wrapper or anything else but not
the driver code itself because both laptops are very popular models,
there would at least someone except me to notice that.

Seen that I've now have a faulty computer at my hand, I can help
debugging the issue but don't know exactly how. Sending the dmesg output
booted with 20090805 snapshot.

Thanks,

BUG: unable to handle kernel NULL pointer dereference at 00000074
IP: [<f93cbda9>] :snd_hda_codec_conexant:cxt5051_init+0x90/0x1ea
*pde = 00000000·
Oops: 0002 [#1] SMP·
Modules linked in: snd_hda_codec_conexant snd_hda_intel(+) snd_hda_codec
snd_hwdep snd_seq_dummy snd_seq_oss snd_seq_midi_event arc4 snd_seq ecb
snd_seq_device uvcvideo snd_pcm_oss snd_mixer_oss snd_pcm
 compat_ioctl32 iwl3945 rfkill snd_timer thermal nvidia(P) processor snd
soundcore ac rtc_cmos videodev rtc_core sdhci rtc_lib firmware_class wmi
video output snd_page_alloc battery button iTCO_wdt mac8
0211 hci_usb led_class sky2 usbhid mmc_core cfg80211 intel_agp
v4l1_compat joydev iTCO_vendor_support i2c_i801 bluetooth serio_raw
agpgart i2c_core hid ff_memless sg ext3 jbd mbcache sd_mod sr_mod cdrom
 ata_piix uhci_hcd pata_acpi ehci_hcd usbcore ohci1394 ieee1394
ata_generic ahci libata scsi_mod dock

Pid: 278, comm: modprobe Tainted: P         (2.6.25.20-114 #1)
EIP: 0060:[<f93cbda9>] EFLAGS: 00210246 CPU: 1
EIP is at cxt5051_init+0x90/0x1ea [snd_hda_codec_conexant]
EAX: 00000000 EBX: f7b70016 ECX: 00000000 EDX: f7a76a00
ESI: f7b78000 EDI: 00000000 EBP: f7987d4c ESP: f7987d18
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process modprobe (pid: 278, ti=f7986000 task=f7984000 task.ti=f7986000)
Stack: f7944e00 f7a76c00 f78a4194 f78a4134 f93cfa20 00000000 f78a4000
f7b78000·
       00000002 001c0001 f7b78000 f7944e00 f785232c f7987d58 f93b96ec
f7b78000·
       f7987d6c f93ba298 f7852324 f7944e00 00000000 f7987dcc f93ae2e8
00000000·
Call Trace:
 [<f93b96ec>] ? snd_hda_codec_build_controls+0x20/0x3d [snd_hda_codec]
 [<f93ba298>] ? snd_hda_build_controls+0x18/0x67 [snd_hda_codec]
 [<f93ae2e8>] ? azx_probe+0x863/0x8fb [snd_hda_intel]
 [<f93ad91a>] ? azx_send_cmd+0x0/0x126 [snd_hda_intel]
 [<f93ad733>] ? azx_get_response+0x0/0x1e7 [snd_hda_intel]
 [<f93acf50>] ? azx_attach_pcm_stream+0x0/0x15c [snd_hda_intel]
 [<f93acc06>] ? azx_bus_reset+0x0/0x56 [snd_hda_intel]
 [<f93acaae>] ? azx_power_notify+0x0/0x57 [snd_hda_intel]
 [<c01e7a37>] ? pci_device_probe+0x39/0x59
 [<c024395f>] ? driver_probe_device+0xa0/0x136
 [<c0243a50>] ? __driver_attach+0x5b/0x91
 [<c024333c>] ? bus_for_each_dev+0x3b/0x63
 [<c0243804>] ? driver_attach+0x14/0x16
 [<c02439f5>] ? __driver_attach+0x0/0x91
 [<c0242d3a>] ? bus_add_driver+0x9d/0x1ba
 [<c0243bc4>] ? driver_register+0x47/0xa7
 [<c0168681>] ? __vunmap+0x93/0x9b
 [<c01e7bec>] ? __pci_register_driver+0x35/0x61
 [<f8860017>] ? alsa_card_azx_init+0x17/0x19 [snd_hda_intel]
 [<c0141f9c>] ? sys_init_module+0x18ad/0x19ca
 [<c0175bc9>] ? sys_read+0x3b/0x60
 [<c01049b4>] ? sysenter_past_esp+0x6d/0xa5
 =======================
Code: 00 00 c7 80 b4 01 00 00 20 00 00 00 05 a8 01 00 00 e8 6d b6 fe ff
85 c0 89 c2 74 1c 66 89 18 31 ff c7 40 04 01 00 00 00 8b 40 08 <89> 50
74 8b 42 08 c7 40 78 18 b1 3c f9 8b 45 dc 31 db 8b 4e 60·
EIP: [<f93cbda9>] cxt5051_init+0x90/0x1ea [snd_hda_codec_conexant]
SS:ESP 0068:f7987d18
---[ end trace c2899a0d94365408 ]---

More information about the Alsa-devel mailing list