[alsa-devel] [PATCH v3 0/7] ASoC: soc-pcm cleanup step2

Kuninori Morimoto kuninori.morimoto.gx at renesas.com
Wed Feb 19 02:30:38 CET 2020 

Hi Dmitry

Thank you for reporting

> I'm observing a NULL dereference on NVIDIA Tegra20/30 once PulseAudio is
> loaded.
> 
> The offending patch is:
> 
>   ASoC: soc-pcm: call snd_soc_component_open/close() once
> 
> Please fix, thanks in advance.
> 
> [   61.860826] 8<--- cut here ---
> [   61.860965] Unable to handle kernel NULL pointer dereference at
> virtual address 00000000
> [   61.861037] pgd = ef2eab54
> [   61.861155] [00000000] *pgd=00000000
> [   61.861228] Internal error: Oops: 5 [#1] SMP THUMB2
> [   61.861298] Modules linked in:
> [   61.861427] CPU: 2 PID: 599 Comm: pulseaudio Not tainted
> 5.6.0-rc2-next-20200218-00168-g1e584fed87b9 #1275
> [   61.861546] Hardware name: NVIDIA Tegra SoC (Flattened Device Tree)
> [   61.861626] PC is at snd_dmaengine_pcm_close+0x1c/0x3c
> [   61.861756] LR is at snd_soc_component_close+0x1d/0x3c
> [   61.861823] pc : [<c072a36c>]    lr : [<c0751b51>]    psr: 60000033
> [   61.861944] sp : dc01bc88  ip : 00000000  fp : ffffffea
> [   61.862013] r10: 00000010  r9 : dd81a840  r8 : de318e00
> [   61.862080] r7 : dd81adfc  r6 : 00000000  r5 : 00000003  r4 : 00000000
> [   61.862199] r3 : dc19f800  r2 : 00000000  r1 : 00000447  r0 : c0e2f438
> [   61.862322] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA Thumb
> Segment none
> [   61.862390] Control: 50c5387d  Table: 9db0c04a  DAC: 00000051
> [   61.862510] Process pulseaudio (pid: 599, stack limit = 0xcfc4cd60)
> [   61.862576] Stack: (0xdc01bc88 to 0xdc01c000)
> [   61.862700] bc80:                   c0756611 de31b60c 00000003
> c0751b51 de31b60c c07525ff
> ...
> [   61.865643] bfe0: 00000142 beb9b7e8 b6c35f0d b6bbcd56 00000030
> ffffff9c 00000000 00000000
> [   61.865773] [<c072a36c>] (snd_dmaengine_pcm_close) from [<c0751b51>]
> (snd_soc_component_close+0x1d/0x3c)
> [   61.865920] [<c0751b51>] (snd_soc_component_close) from [<c07525ff>]
> (soc_pcm_components_close+0x27/0x54)
> [   61.865993] [<c07525ff>] (soc_pcm_components_close) from [<c0752c27>]
> (soc_pcm_close+0x73/0xf0)

But, hmm... This is strange...

I checked this patch and your Oops trace.

This patch protects kernel from "duplicate close" or "close without open",
and your Oops happen in snd_dmaengine_pcm_close().
This means it is really opened, and was closed correctly,
if my understanding was correct.

I guess the NULL is on substream or substream_to_prtd(substream)
in snd_dmaengine_pcm_close().
I guess it has same issue without this patch ?

Can you debug that this component .close() was called twice or more ?
# but, I don't think so...
I think "component->name" can help you ?

 int snd_soc_component_close(struct snd_soc_component *component,
 			    struct snd_pcm_substream *substream)
 {
-	if (component->driver->close)
-		return component->driver->close(component, substream);
-	return 0;
+	int ret = 0;
+
+	if (component->opened &&
+	    component->driver->close)
+		ret = component->driver->close(component, substream);
+
+	component->opened = 0;
+
+	return ret;
 }

Thank you for your help !!
Best regards
---
Kuninori Morimoto

More information about the Alsa-devel mailing list