Re: [REGRESSION] rust midir MIDI library causes kernel oops

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 15 Sep 2023 18:04:35 +0200,
Mark Hills wrote:
> 
> On Mon, 4 Sep 2023, Takashi Iwai wrote:
> 
> > On Mon, 04 Sep 2023 20:10:45 +0200,
> > Ash Holland wrote:
> 
> > > I upgraded to Linux 6.5 and found that my MIDI-input application no longer
> > > works, and causes an oops when I launch it.
> [...]
> > > I bisected this to:
> > > 
> > > commit f80e6d60d677be1d4dbbcdbf97379b8fbcf97ff0
> > > Author: Takashi Iwai <tiwai@xxxxxxx>
> > > Date:   2023-05-23 09:53:38 +0200
> > > 
> > >     ALSA: seq: Clear padded bytes at expanding events
> > > 
> > >     There can be a small memory hole that may not be cleared at expanding
> > >     an event with the variable length type.  Make sure to clear it.
> > > 
> > >     Reviewed-by: Jaroslav Kysela <perex@xxxxxxxx>
> > >     Link: https://lore.kernel.org/r/20230523075358.9672-18-tiwai@xxxxxxx
> > >     Signed-off-by: Takashi Iwai <tiwai@xxxxxxx>
> > > 
> > > #regzbot introduced: f80e6d60d677be1d4dbbcdbf97379b8fbcf97ff0
> > > 
> > > I guess the problematic part is the `memset(buf + len, 0, newlen - len)`, which
> > > tries to memset a buffer that can be allocated in userspace.
> > 
> > Yes, that was a bad change.  Could you try the fix below?
> 
> I think this problem is recurring -- page_fault_oops triggered via MIDI. 
> But with the new fix.
> 
> I upgraded from 6.1.0 to 6.5.3 and Reaper now crashes or hangs on startup 
> with the trace below in dmesg.
> 
> The newer kernel already includes a fix very similar to below, so I think 
> an issue remains.
> 
> I did not dig deeper than capturing information and finding this related 
> thread.
(snip)
> [   72.601440] BUG: kernel NULL pointer dereference, address: 0000000000000020
(snip)
> [   72.601455] RIP: 0010:snd_rawmidi_proc_info_read+0x35/0x220 [snd_rawmidi]
(snip)
> [   72.601477] Call Trace:
> [   72.601478]  <TASK>
> [   72.601479]  ? __die+0x1b/0x60
> [   72.601482]  ? page_fault_oops+0x154/0x420
> [   72.601485]  ? mas_update_gap.part.0+0xac/0x1f0
> [   72.601488]  ? sched_clock_cpu+0xb/0x190
> [   72.601491]  ? __smp_call_single_queue+0x2f/0x50
> [   72.601493]  ? exc_page_fault+0x37a/0x560
> [   72.601495]  ? seq_open+0x4b/0x70
> [   72.601497]  ? asm_exc_page_fault+0x22/0x30
> [   72.601501]  ? snd_rawmidi_proc_info_read+0x35/0x220 [snd_rawmidi]
> [   72.601505]  snd_info_seq_show+0x21/0x40 [snd]
> [   72.601511]  seq_read_iter+0x105/0x4a0
> [   72.601514]  seq_read+0x9e/0xd0
> [   72.601516]  proc_reg_read+0x50/0xa0
> [   72.601518]  vfs_read+0xa4/0x300
> [   72.601521]  ? __do_sys_newfstatat+0x35/0x60
> [   72.601524]  ksys_read+0x5a/0xe0
> [   72.601526]  do_syscall_64+0x38/0x90
> [   72.601528]  entry_SYSCALL_64_after_hwframe+0x6e/0xd8

It must be a completely different bug.  It comes from the proc fs
read, not the read over sequencer device itself.


Takashi



[Index of Archives]     [ALSA User]     [Linux Audio Users]     [Pulse Audio]     [Kernel Archive]     [Asterisk PBX]     [Photo Sharing]     [Linux Sound]     [Video 4 Linux]     [Gimp]     [Yosemite News]

  Powered by Linux