[alsa-devel] [BUG] NULL pointer dereference in patch_sigmatel.c

Fri Aug 7 11:33:43 CEST 2009

Takashi Iwai wrote On 06-08-2009 17:13:
> At Thu, 06 Aug 2009 16:41:27 +0300,
> Ozan Çağlayan wrote:
>   
>> Takashi Iwai wrote On 17-07-2009 12:45:
>>     
>>> At Fri, 17 Jul 2009 11:33:08 +0200,
>>> I wrote:
>>>   
>>>       
>>>> At Thu, 16 Jul 2009 22:51:50 +0300,
>>>> Ozan Çağlayan wrote:
>>>>     
>>>>         
>>>>> Hi,
>>>>>
>>>>> One of our users is having a NULL ptr dereference upon loading the
>>>>> snd_hda_intel module with 20090624's snapshot. There's only one commit
>>>>> after that date in patch_sigmatel.c so I didn't tell him to try with the
>>>>> latest snapshot but if you think that the bug may be related to another
>>>>> part of the ALSA codebase, I can make him try the latest snapshot.
>>>>>       
>>>>>           
>>>> I suppose you are using unstable tree, right?
>>>>     
>>>>         
>>> Looking through the stack trace, it's not...
>>>   
>>>       
>> Okay I've founded the problem. Here's the relevant code portion that
>> I've got from gdb:
>>
>> (gdb) list *cxt5051_init+0x90
>> 0xdf4 is in cxt5051_init
>> (/var/pisi/alsa-driver-1.0.20_20090805-41/work/alsa-driver/pci/hda/../../alsa-kernel/pci/hda/patch_conexant.c:384).
>> 379             jack->type = type;
>> 380
>> 381             err = snd_jack_new(codec->bus->card, name, type,
>> &jack->jack);
>> 382             if (err < 0)
>> 383                     return err;
>> 384             jack->jack->private_data = jack;
>> 385             jack->jack->private_free = conexant_free_jack_priv;
>> 386             return 0;
>> 387     }
>> 388
>>     
>
> So, either jack or jack->jack is a wrong value, likely NULL.  Could
> you add a debug print to verify that?
>   

Added the following lines:

printk(KERN_INFO "0x%p\n", jack);
printk(KERN_INFO "0x%p\n", jack->jack);
printk(KERN_INFO "0x%p\n", jack->jack->private_data);

dmesg:

NVRM: loading NVIDIA UNIX x86 Kernel Module  180.51  Thu Apr 16 19:02:15
PDT 2009
ACPI: PCI Interrupt 0000:00:1b.0[A] -> GSI 22 (level, low) -> IRQ 22
PCI: Setting latency timer of device 0000:00:1b.0 to 64
0xf777a614
0x00000000
BUG: unable to handle kernel NULL pointer dereference at 00000074
IP: [<f93f2d97>] :snd_hda_codec_conexant:conexant_add_jack+0x57/0x81
*pde = 00000000·
Oops: 0000 [#1] SMP