Bug 196397 - Null dereference in rt5677_i2c_probe()
Summary: Null dereference in rt5677_i2c_probe()
Status: RESOLVED PATCH_ALREADY_AVAILABLE
Alias: None
Product: Drivers
Classification: Unclassified
Component: Sound(ALSA) (show other bugs)
Hardware: Intel Linux
: P1 normal
Assignee: Andy Shevchenko
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-07-17 00:25 UTC by zzpyynzjbszkbtipim
Modified: 2017-07-27 22:26 UTC (History)
3 users (show)

See Also:
Kernel Version: v4.13.0-rc1
Subsystem:
Regression: No
Bisected commit-id:

Attachments
Relevant dmesg output and kernel config (115.40 KB, text/plain)
2017-07-17 00:25 UTC, zzpyynzjbszkbtipim 		Details
Test fix patch (881 bytes, patch)
2017-07-27 13:13 UTC, Takashi Iwai 		Details | Diff
Add an attachment (proposed patch, testcase, etc.)

Description zzpyynzjbszkbtipim 2017-07-17 00:25:26 UTC 
Created attachment 257547 [details]
Relevant dmesg output and kernel config

I am getting a Kernel Oops from a NULL pointer dereference in rt5677_i2c_probe() on boot ever since I upgraded to kernel v4.13.0-rc1. Using git-bisect, I found the first offending commit to be a36afb0ab6488eaa2c9672d6c20a966a7c08ef65, which introduces ACPI table for the rt5677 module.

It is unclear to me why the commit results in NULL pointer dereference though. However, I did look at the objdump of rt5677.o and find that the null dereference is happening at the `rt5677->type = id->driver_data;' statement, so it seems perhaps the i2c_device_id is NULL when it is passed to rt5677_i2c_probe() somehow. Anyway of course, the end result is that sound no longer works.

It is reproducible every boot so far. Please let me know if I can provide more information to help. Attached is both the relevant output from dmesg and following that, my kernel config.
Comment 1 The Linux kernel's regression tracker (Thorsten Leemhuis) 2017-07-27 12:55:26 UTC 
FYI: This issues is tracked in the regression reports for Linux 4.13 (http://bit.ly/lnxregrep413 ) with this id:

Linux-Regression-ID: lr#96bd63

Please include this line in the comment section of patches that are supposed to fix the issue. Please also mention the string once in other mailinglist threads or different bug tracking entries if you or someone else start to discuss the issue there. By including that string you make it a whole lot easier to track where an issue gets discussed and how far patches to fix it have made it. More details on this: http://bit.ly/lnxregtrackid

Thx for your help.
Comment 2 The Linux kernel's regression tracker (Thorsten Leemhuis) 2017-07-27 12:56:08 UTC 
(In reply to Genki Sky from comment #0)
>
> I am getting a Kernel Oops from a NULL pointer dereference in
> rt5677_i2c_probe() on boot ever since I upgraded to kernel v4.13.0-rc1.
> Using git-bisect, I found the first offending commit to be
> a36afb0ab6488eaa2c9672d6c20a966a7c08ef65, which introduces ACPI table for
> the rt5677 module.

Any progress on this? Did you try to get in contact with the developers from above commit by mail?
Comment 3 Takashi Iwai 2017-07-27 13:12:46 UTC 
This seems to have fallen out of my radar, sorry.

Yes, the issue looks like a NULL dereference of id->driver_data when the driver is bound via ACPI table.  Putting Andy to Cc.

Meanwhile, could you try the patch below (totally untested)?
Comment 4 Takashi Iwai 2017-07-27 13:13:11 UTC 
Created attachment 257727 [details]
Test fix patch
Comment 5 Andy Shevchenko 2017-07-27 14:41:58 UTC 
Can you try if commit 
ddc9e69b9dc2 ("ASoC: rt5677: Hide platform data in the module sources")
fixes the issue?

P.S. It's in ASoC next tree.
Comment 6 zzpyynzjbszkbtipim 2017-07-27 22:26:09 UTC 
(In reply to Andy Shevchenko from comment #5)
> Can you try if commit 
> ddc9e69b9dc2 ("ASoC: rt5677: Hide platform data in the module sources")
> fixes the issue?
> 
> P.S. It's in ASoC next tree.

Thanks, yes, I just tried it and it resolves the issue.

(In reply to Takashi Iwai from comment #3)
> Putting Andy to Cc.

Thanks for doing so.
Note You need to log in before you can comment on or make changes to this bug.