Hi Dmitry Thank you for reporting > I'm observing a NULL dereference on NVIDIA Tegra20/30 once PulseAudio is > loaded. > > The offending patch is: > > ASoC: soc-pcm: call snd_soc_component_open/close() once > > Please fix, thanks in advance. > > [ 61.860826] 8<--- cut here --- > [ 61.860965] Unable to handle kernel NULL pointer dereference at > virtual address 00000000 > [ 61.861037] pgd = ef2eab54 > [ 61.861155] [00000000] *pgd=00000000 > [ 61.861228] Internal error: Oops: 5 [#1] SMP THUMB2 > [ 61.861298] Modules linked in: > [ 61.861427] CPU: 2 PID: 599 Comm: pulseaudio Not tainted > 5.6.0-rc2-next-20200218-00168-g1e584fed87b9 #1275 > [ 61.861546] Hardware name: NVIDIA Tegra SoC (Flattened Device Tree) > [ 61.861626] PC is at snd_dmaengine_pcm_close+0x1c/0x3c > [ 61.861756] LR is at snd_soc_component_close+0x1d/0x3c > [ 61.861823] pc : [<c072a36c>] lr : [<c0751b51>] psr: 60000033 > [ 61.861944] sp : dc01bc88 ip : 00000000 fp : ffffffea > [ 61.862013] r10: 00000010 r9 : dd81a840 r8 : de318e00 > [ 61.862080] r7 : dd81adfc r6 : 00000000 r5 : 00000003 r4 : 00000000 > [ 61.862199] r3 : dc19f800 r2 : 00000000 r1 : 00000447 r0 : c0e2f438 > [ 61.862322] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA Thumb > Segment none > [ 61.862390] Control: 50c5387d Table: 9db0c04a DAC: 00000051 > [ 61.862510] Process pulseaudio (pid: 599, stack limit = 0xcfc4cd60) > [ 61.862576] Stack: (0xdc01bc88 to 0xdc01c000) > [ 61.862700] bc80: c0756611 de31b60c 00000003 > c0751b51 de31b60c c07525ff > ... > [ 61.865643] bfe0: 00000142 beb9b7e8 b6c35f0d b6bbcd56 00000030 > ffffff9c 00000000 00000000 > [ 61.865773] [<c072a36c>] (snd_dmaengine_pcm_close) from [<c0751b51>] > (snd_soc_component_close+0x1d/0x3c) > [ 61.865920] [<c0751b51>] (snd_soc_component_close) from [<c07525ff>] > (soc_pcm_components_close+0x27/0x54) > [ 61.865993] [<c07525ff>] (soc_pcm_components_close) from [<c0752c27>] > (soc_pcm_close+0x73/0xf0) But, hmm... This is strange... I checked this patch and your Oops trace. This patch protects kernel from "duplicate close" or "close without open", and your Oops happen in snd_dmaengine_pcm_close(). This means it is really opened, and was closed correctly, if my understanding was correct. I guess the NULL is on substream or substream_to_prtd(substream) in snd_dmaengine_pcm_close(). I guess it has same issue without this patch ? Can you debug that this component .close() was called twice or more ? # but, I don't think so... I think "component->name" can help you ? int snd_soc_component_close(struct snd_soc_component *component, struct snd_pcm_substream *substream) { - if (component->driver->close) - return component->driver->close(component, substream); - return 0; + int ret = 0; + + if (component->opened && + component->driver->close) + ret = component->driver->close(component, substream); + + component->opened = 0; + + return ret; } Thank you for your help !! Best regards --- Kuninori Morimoto