Hi Dmitry
Thank you for reporting
I'm observing a NULL dereference on NVIDIA Tegra20/30 once PulseAudio is loaded.
The offending patch is:
ASoC: soc-pcm: call snd_soc_component_open/close() once
Please fix, thanks in advance.
[ 61.860826] 8<--- cut here --- [ 61.860965] Unable to handle kernel NULL pointer dereference at virtual address 00000000 [ 61.861037] pgd = ef2eab54 [ 61.861155] [00000000] *pgd=00000000 [ 61.861228] Internal error: Oops: 5 [#1] SMP THUMB2 [ 61.861298] Modules linked in: [ 61.861427] CPU: 2 PID: 599 Comm: pulseaudio Not tainted 5.6.0-rc2-next-20200218-00168-g1e584fed87b9 #1275 [ 61.861546] Hardware name: NVIDIA Tegra SoC (Flattened Device Tree) [ 61.861626] PC is at snd_dmaengine_pcm_close+0x1c/0x3c [ 61.861756] LR is at snd_soc_component_close+0x1d/0x3c [ 61.861823] pc : [<c072a36c>] lr : [<c0751b51>] psr: 60000033 [ 61.861944] sp : dc01bc88 ip : 00000000 fp : ffffffea [ 61.862013] r10: 00000010 r9 : dd81a840 r8 : de318e00 [ 61.862080] r7 : dd81adfc r6 : 00000000 r5 : 00000003 r4 : 00000000 [ 61.862199] r3 : dc19f800 r2 : 00000000 r1 : 00000447 r0 : c0e2f438 [ 61.862322] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA Thumb Segment none [ 61.862390] Control: 50c5387d Table: 9db0c04a DAC: 00000051 [ 61.862510] Process pulseaudio (pid: 599, stack limit = 0xcfc4cd60) [ 61.862576] Stack: (0xdc01bc88 to 0xdc01c000) [ 61.862700] bc80: c0756611 de31b60c 00000003 c0751b51 de31b60c c07525ff ... [ 61.865643] bfe0: 00000142 beb9b7e8 b6c35f0d b6bbcd56 00000030 ffffff9c 00000000 00000000 [ 61.865773] [<c072a36c>] (snd_dmaengine_pcm_close) from [<c0751b51>] (snd_soc_component_close+0x1d/0x3c) [ 61.865920] [<c0751b51>] (snd_soc_component_close) from [<c07525ff>] (soc_pcm_components_close+0x27/0x54) [ 61.865993] [<c07525ff>] (soc_pcm_components_close) from [<c0752c27>] (soc_pcm_close+0x73/0xf0)
But, hmm... This is strange...
I checked this patch and your Oops trace.
This patch protects kernel from "duplicate close" or "close without open", and your Oops happen in snd_dmaengine_pcm_close(). This means it is really opened, and was closed correctly, if my understanding was correct.
I guess the NULL is on substream or substream_to_prtd(substream) in snd_dmaengine_pcm_close(). I guess it has same issue without this patch ?
Can you debug that this component .close() was called twice or more ? # but, I don't think so... I think "component->name" can help you ?
int snd_soc_component_close(struct snd_soc_component *component, struct snd_pcm_substream *substream) { - if (component->driver->close) - return component->driver->close(component, substream); - return 0; + int ret = 0; + + if (component->opened && + component->driver->close) + ret = component->driver->close(component, substream); + + component->opened = 0; + + return ret; }
Thank you for your help !! Best regards --- Kuninori Morimoto