On 9/5/2023 14:10, Dave Hansen wrote:
I'm having some problems booting Linus's current tree. It seems to have
happened in some content between commit 3f86ed6ec0b3 and df0383ffad.
I'm suspecting this commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=df0383ffad64dc09954a60873c1e202b47f08d90
I'm seeing a null pointer oops on this line:
void ucsi_debugfs_unregister(struct ucsi *ucsi)
{
===> debugfs_remove_recursive(ucsi->debugfs->dentry);
kfree(ucsi->debugfs);
}
on this instruction:
66 0f 1f 00 nop WORD PTR [rax]
0f 1f 44 00 00 nop DWORD PTR [rax+rax*1+0x0]
53 push rbx
48 8b 47 38 mov rax,QWORD PTR [rdi+0x38]
48 89 fb mov rbx,rdi
=> 48 8b 78 20 mov rdi,QWORD PTR [rax+0x20]
e8 36 16 26 e1 call 0xffffffffe1261669
48 8b 7b 38 mov rdi,QWORD PTR [rbx+0x38]
5b pop rbx
e9 5c 79 03 e1 jmp 0xffffffffe1037999
That's the second dereference in the function, so I assume this is
trying to dereference 'debugfs' above. It appears that this is some
failure/error path out of ucsi_acpi_probe() that's not handled correctly.
Probably this:
if (ACPI_FAILURE(status)) {
dev_err(&pdev->dev, "failed to install notify handler\n");
ucsi_destroy(ua->ucsi);
return -ENODEV;
}
ret = ucsi_register(ua->ucsi);
where ucsi_destroy() is called before ucsi_register(). Although I do
_not_ see the dev_err() message anywhere.
If your theory is right could it be that the printk handler was racing
and that's why it didn't come up?
In any case I'd think you can add this to ucsi_debugfs_unregister() to
avoid it.
if (!ucsi->debugfs)
return;
Full oops is below.
I'll try putting some hacks in place to avoid the null pointer. Also,
please forgive the lack of a bisect for the moment. This is happening
on my main laptop and it's a mild pain to do bisects on here.
[ 4.903493] BUG: kernel NULL pointer dereference, address: 0000000000000020^M
[ 4.905624] #PF: supervisor read access in kernel mode^M
[ 4.907326] #PF: error_code(0x0000) - not-present page^M
[ 4.908993] PGD 0 P4D 0 ^M
[ 4.910998] Oops: 0000 [#1] PREEMPT SMP NOPTI^M
[ 4.913077] CPU: 6 PID: 150 Comm: systemd-udevd Not tainted 6.5.0-11704-g3f86ed6ec0b3 #138^M
[ 4.915211] Hardware name: Framework Laptop/FRANBMCP0B, BIOS 03.10 07/19/2022^M
[ 4.917355] RIP: 0010:ucsi_debugfs_unregister+0x11/0x30 [typec_ucsi]^M
[ 4.919705] Code: 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 53 48 8b 47 38 48 89 fb <48> 8b 78 20 e8 36 16 26 e1 48 8b 7b 38 5b e9 5c 79 03 e1 66 66 2e^M
[ 4.921982] RSP: 0018:ffffc900007e7bb8 EFLAGS: 00010246^M
[ 4.924227] RAX: 0000000000000000 RBX: ffff888101b2be00 RCX: 0000000000009a06^M
[ 4.926752] RDX: 0000000000000000 RSI: ffff888104491798 RDI: ffff888101b2be00^M
[ 4.929312] RBP: ffff888101b2be00 R08: 0000000000009906 R09: 00000000000333f0^M
[ 4.931887] R10: 0000000000000000 R11: 0000000000000000 R12: 00000000ffffffed^M
[ 4.934451] R13: ffff888102594810 R14: ffff888100653600 R15: ffff888101fa7f78^M
[ 4.937115] FS: 00007f5dd0fb48c0(0000) GS:ffff88906fb80000(0000) knlGS:0000000000000000^M
[ 4.939581] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033^M
[ 4.941308] CR2: 0000000000000020 CR3: 0000000105070005 CR4: 0000000000f70ee0^M
[ 4.943022] PKRU: 55555554^M
[ 4.944731] Call Trace:^M
[ 4.946438] <TASK>^M
[ 4.948167] ? __die+0x24/0x70^M
[ 4.949864] ? page_fault_oops+0x15b/0x440^M
[ 4.951563] ? acpi_evaluate_object+0x190/0x2f0^M
[ 4.953201] ? _raw_spin_lock_irqsave+0x28/0x50^M
[ 4.954841] ? exc_page_fault+0x6e/0x160^M
[ 4.956461] ? asm_exc_page_fault+0x26/0x30^M
[ 4.958067] ? ucsi_debugfs_unregister+0x11/0x30 [typec_ucsi]^M
[ 4.959677] ucsi_destroy+0x12/0x20 [typec_ucsi]^M
[ 4.961298] ucsi_acpi_probe+0x1cc/0x230 [ucsi_acpi]^M
[ 4.962908] platform_probe+0x40/0xb0^M
[ 4.964522] really_probe+0x1a2/0x410^M
[ 4.966110] __driver_probe_device+0x78/0x160^M
[ 4.967735] driver_probe_device+0x1e/0x90^M
[ 4.969306] __driver_attach+0xd6/0x1d0^M
[ 4.970874] ? __pfx___driver_attach+0x10/0x10^M
[ 4.972449] bus_for_each_dev+0x79/0xd0^M
[ 4.974022] bus_add_driver+0x116/0x220^M
[ 4.975600] driver_register+0x60/0x120^M
[ 4.977169] ? __pfx_ucsi_acpi_platform_driver_init+0x10/0x10 [ucsi_acpi]^M
[ 4.978762] do_one_initcall+0x45/0x220^M
[ 4.980367] ? kmalloc_trace+0x29/0x90^M
[ 4.981952] do_init_module+0x90/0x260^M
[ 4.983530] init_module_from_file+0x8b/0xd0^M
[ 4.985087] idempotent_init_module+0x181/0x240^M
[ 4.986639] __x64_sys_finit_module+0x5e/0xb0^M
[ 4.988198] do_syscall_64+0x3c/0x90^M
[ 4.989739] entry_SYSCALL_64_after_hwframe+0x6e/0xd8^M
[ 4.991290] RIP: 0033:0x7f5dd16aaa3d^M
