Hi Dmitry
Thank you for reporting
> I'm observing a NULL dereference on NVIDIA Tegra20/30 once PulseAudio is
> loaded.
>
> The offending patch is:
>
> ASoC: soc-pcm: call snd_soc_component_open/close() once
>
> Please fix, thanks in advance.
>
> [ 61.860826] 8<--- cut here ---
> [ 61.860965] Unable to handle kernel NULL pointer dereference at
> virtual address 00000000
> [ 61.861037] pgd = ef2eab54
> [ 61.861155] [00000000] *pgd=00000000
> [ 61.861228] Internal error: Oops: 5 [#1] SMP THUMB2
> [ 61.861298] Modules linked in:
> [ 61.861427] CPU: 2 PID: 599 Comm: pulseaudio Not tainted
> 5.6.0-rc2-next-20200218-00168-g1e584fed87b9 #1275
> [ 61.861546] Hardware name: NVIDIA Tegra SoC (Flattened Device Tree)
> [ 61.861626] PC is at snd_dmaengine_pcm_close+0x1c/0x3c
> [ 61.861756] LR is at snd_soc_component_close+0x1d/0x3c
> [ 61.861823] pc : [<c072a36c>] lr : [<c0751b51>] psr: 60000033
> [ 61.861944] sp : dc01bc88 ip : 00000000 fp : ffffffea
> [ 61.862013] r10: 00000010 r9 : dd81a840 r8 : de318e00
> [ 61.862080] r7 : dd81adfc r6 : 00000000 r5 : 00000003 r4 : 00000000
> [ 61.862199] r3 : dc19f800 r2 : 00000000 r1 : 00000447 r0 : c0e2f438
> [ 61.862322] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA Thumb
> Segment none
> [ 61.862390] Control: 50c5387d Table: 9db0c04a DAC: 00000051
> [ 61.862510] Process pulseaudio (pid: 599, stack limit = 0xcfc4cd60)
> [ 61.862576] Stack: (0xdc01bc88 to 0xdc01c000)
> [ 61.862700] bc80: c0756611 de31b60c 00000003
> c0751b51 de31b60c c07525ff
> ...
> [ 61.865643] bfe0: 00000142 beb9b7e8 b6c35f0d b6bbcd56 00000030
> ffffff9c 00000000 00000000
> [ 61.865773] [<c072a36c>] (snd_dmaengine_pcm_close) from [<c0751b51>]
> (snd_soc_component_close+0x1d/0x3c)
> [ 61.865920] [<c0751b51>] (snd_soc_component_close) from [<c07525ff>]
> (soc_pcm_components_close+0x27/0x54)
> [ 61.865993] [<c07525ff>] (soc_pcm_components_close) from [<c0752c27>]
> (soc_pcm_close+0x73/0xf0)
But, hmm... This is strange...
I checked this patch and your Oops trace.
This patch protects kernel from "duplicate close" or "close without open",
and your Oops happen in snd_dmaengine_pcm_close().
This means it is really opened, and was closed correctly,
if my understanding was correct.
I guess the NULL is on substream or substream_to_prtd(substream)
in snd_dmaengine_pcm_close().
I guess it has same issue without this patch ?
Can you debug that this component .close() was called twice or more ?
# but, I don't think so...
I think "component->name" can help you ?
int snd_soc_component_close(struct snd_soc_component *component,
struct snd_pcm_substream *substream)
{
- if (component->driver->close)
- return component->driver->close(component, substream);
- return 0;
+ int ret = 0;
+
+ if (component->opened &&
+ component->driver->close)
+ ret = component->driver->close(component, substream);
+
+ component->opened = 0;
+
+ return ret;
}
Thank you for your help !!
Best regards
---
Kuninori Morimoto
