forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/drivers
History
Brad Love 6496b9636f media: au0828: cannot kfree dev before usb disconnect 
[ Upstream commit 4add710491 ]

If au0828_analog_register fails, the dev is kfree'd and then flow
jumps to done, which can call au0828_usb_disconnect. Since all USB
error codes are negative, au0828_usb_disconnect will be called. The
problem is au0828_usb_disconnect uses dev, if dev is NULL then there
is immediate oops encountered.

[    7.454307] au0828: au0828_usb_probe() au0282_dev_register failed to register on V4L2
[    7.454323] BUG: unable to handle kernel NULL pointer dereference at 0000000000000050
[    7.454421] PGD 0 P4D 0
[    7.454457] Oops: 0002 [#1] SMP PTI
[    7.454500] CPU: 1 PID: 262 Comm: systemd-udevd Tainted: P           O      4.18.3 #1
[    7.454584] Hardware name: Google Panther/Panther, BIOS MattDevo 04/27/2015
[    7.454670] RIP: 0010:_raw_spin_lock_irqsave+0x2c/0x50
[    7.454725] Code: 44 00 00 55 48 89 e5 41 54 53 48 89 fb 9c 58 0f 1f 44 00 00 49 89 c4 fa 66 0f 1f 44 00 00 e8 db 23 1b ff 31 c0 ba 01 00 00 00 <f0> 0f b1 13 85 c0 75 08 4c 89 e0 5b 41 5c 5d c3 89 c6 48 89 df e8
[    7.455004] RSP: 0018:ffff9130f53ef988 EFLAGS: 00010046
[    7.455063] RAX: 0000000000000000 RBX: 0000000000000050 RCX: 0000000000000000
[    7.455139] RDX: 0000000000000001 RSI: 0000000000000003 RDI: 0000000000000050
[    7.455216] RBP: ffff9130f53ef998 R08: 0000000000000018 R09: 0000000000000090
[    7.455292] R10: ffffed4cc53cb000 R11: ffffed4cc53cb108 R12: 0000000000000082
[    7.455369] R13: ffff9130cf2c6188 R14: 0000000000000000 R15: 0000000000000018
[    7.455447] FS:  00007f2ff8514cc0(0000) GS:ffff9130fcb00000(0000) knlGS:0000000000000000
[    7.455535] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    7.455597] CR2: 0000000000000050 CR3: 00000001753f0002 CR4: 00000000000606a0
[    7.455675] Call Trace:
[    7.455713]  __wake_up_common_lock+0x65/0xc0
[    7.455764]  __wake_up+0x13/0x20
[    7.455808]  ir_lirc_unregister+0x57/0xe0 [rc_core]
[    7.455865]  rc_unregister_device+0xa0/0xc0 [rc_core]
[    7.455935]  au0828_rc_unregister+0x25/0x40 [au0828]
[    7.455999]  au0828_usb_disconnect+0x33/0x80 [au0828]
[    7.456064]  au0828_usb_probe.cold.16+0x8d/0x2aa [au0828]
[    7.456130]  usb_probe_interface+0xf1/0x300
[    7.456184]  driver_probe_device+0x2e3/0x460
[    7.456235]  __driver_attach+0xe4/0x110
[    7.456282]  ? driver_probe_device+0x460/0x460
[    7.456335]  bus_for_each_dev+0x74/0xb0
[    7.456385]  ? kmem_cache_alloc_trace+0x15d/0x1d0
[    7.456441]  driver_attach+0x1e/0x20
[    7.456485]  bus_add_driver+0x159/0x230
[    7.456532]  driver_register+0x70/0xc0
[    7.456578]  usb_register_driver+0x7f/0x140
[    7.456626]  ? 0xffffffffc0474000
[    7.456674]  au0828_init+0xbc/0x1000 [au0828]
[    7.456725]  do_one_initcall+0x4a/0x1c9
[    7.456771]  ? _cond_resched+0x19/0x30
[    7.456817]  ? kmem_cache_alloc_trace+0x15d/0x1d0
[    7.456873]  do_init_module+0x60/0x210
[    7.456918]  load_module+0x221b/0x2710
[    7.456966]  ? vfs_read+0xf5/0x120
[    7.457010]  __do_sys_finit_module+0xbd/0x120
[    7.457061]  ? __do_sys_finit_module+0xbd/0x120
[    7.457115]  __x64_sys_finit_module+0x1a/0x20
[    7.457166]  do_syscall_64+0x5b/0x110
[    7.457210]  entry_SYSCALL_64_after_hwframe+0x49/0xbe

Signed-off-by: Brad Love <brad@nextdimension.cc>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2019-04-20 09:16:01 +02:00
..
accessibility
acpi ACPI / utils: Drop reference in test for device presence 2019-04-20 09:15:58 +02:00
amba
android binder: fix race that allows malicious free of live buffer 2018-12-05 19:32:11 +01:00
ata libata: Add NOLPM quirk for SAMSUNG MZ7TE512HMHP-000L1 SSD 2019-02-15 08:10:10 +01:00
atm atm: he: fix sign-extension overflow on large shift 2019-02-27 10:08:57 +01:00
auxdisplay auxdisplay: hd44780: Fix memory leak on ->remove() 2019-04-20 09:15:55 +02:00
base PM / Domains: Avoid a potential deadlock 2019-04-20 09:15:58 +02:00
bcma
block loop: set GENHD_FL_NO_PART_SCAN after blkdev_reread_part() 2019-04-05 22:33:03 +02:00
bluetooth Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() 2019-03-27 14:14:42 +09:00
bus
cdrom cdrom: Fix race condition in cdrom_sysctl_register 2019-04-05 22:33:10 +02:00
char tty: mark Siemens R3964 line discipline as BROKEN 2019-04-17 08:38:47 +02:00
clk Revert "clk: meson: clean-up clock registration" 2019-04-17 08:38:46 +02:00
clocksource clocksource/drivers/arch_timer: Workaround for Allwinner A64 timer instability 2019-03-23 20:09:58 +01:00
connector connector: fix unsafe usage of ->real_parent 2019-03-19 13:12:38 +01:00
cpufreq cpufreq: acpi-cpufreq: Report if CPU doesn't support boost technologies 2019-04-05 22:33:03 +02:00
cpuidle cpuidle: big.LITTLE: fix refcount leak 2019-02-12 19:47:08 +01:00
crypto crypto: cavium/zip - fix collision with generic cra_driver_name 2019-04-05 22:33:01 +02:00
dax mm, devm_memremap_pages: fix shutdown handling 2019-01-13 09:51:04 +01:00
dca
devfreq
dio
dma dmaengine: tegra: avoid overflow of byte tracking 2019-04-05 22:33:16 +02:00
dma-buf
edac EDAC, skx_edac: Fix logical channel intermediate decoding 2018-11-13 11:08:44 -08:00
eisa
extcon
firewire
firmware efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted 2019-04-05 22:33:12 +02:00
fmc
fpga fpga: altera-cvp: fix 'bad IO access' on x86_64 2019-02-12 19:46:59 +01:00
fsi fsi: master-ast-cf: select GENERIC_ALLOCATOR 2018-12-17 09:24:35 +01:00
gnss gnss: sirf: fix premature wakeup interrupt enable 2019-03-10 07:17:21 +01:00
gpio gpio: pxa: handle corner case of unprobed device 2019-04-20 09:16:00 +02:00
gpu drm/cirrus: Use drm_framebuffer_put to avoid kernel oops in clean-up 2019-04-20 09:16:00 +02:00
hid HID: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit 2019-04-05 22:33:14 +02:00
hsi
hv Drivers: hv: vmbus: Check for ring when getting debug info 2019-01-31 08:14:36 +01:00
hwmon hwmon: (w83773g) Select REGMAP_I2C to fix build error 2019-04-17 08:38:47 +02:00
hwspinlock
hwtracing perf/aux: Make perf_event accessible to setup_aux() 2019-04-05 22:33:11 +02:00
i2c i2c: of: Try to find an I2C adapter matching the parent 2019-04-05 22:33:11 +02:00
ide ide: fix a typo in the settings proc file name 2019-01-31 08:14:42 +01:00
idle
iio iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver 2019-04-05 22:32:57 +02:00
infiniband i40iw: Avoid panic when handling the inetdev event 2019-04-20 09:15:55 +02:00
input Input: soc_button_array - fix mapping of the 5th GPIO in a PNP0C40 device 2019-04-05 22:33:16 +02:00
iommu iommu/vt-d: Check capability before disabling protected memory 2019-04-20 09:15:59 +02:00
ipack
irqchip irqchip/mbigen: Don't clear eventid when freeing an MSI 2019-04-20 09:15:59 +02:00
isdn mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S 2019-04-03 06:26:16 +02:00
leds leds: lp55xx: fix null deref on firmware load failure 2019-04-05 22:33:07 +02:00
lightnvm lightnvm: pblk: add lock protection to list operations 2019-02-12 19:47:08 +01:00
macintosh
mailbox mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue 2019-03-23 20:09:49 +01:00
mcb
md dm integrity: fix deadlock with overlapping I/O 2019-04-17 08:38:54 +02:00
media media: au0828: cannot kfree dev before usb disconnect 2019-04-20 09:16:01 +02:00
memory
memstick memstick: Prevent memstick host from getting runtime suspended during card detection 2019-02-12 19:47:10 +01:00
message
mfd mfd: sm501: Fix potential NULL pointer dereference 2019-03-23 20:10:09 +01:00
misc cxl: Wrap iterations over afu slices inside 'afu_list_lock' 2019-03-23 20:10:03 +01:00
mmc mmc: davinci: remove extraneous __init annotation 2019-04-20 09:15:55 +02:00
mtd mtd: rawnand: gpmi: fix MX28 bus master lockup problem 2019-02-15 08:10:10 +01:00
mux mux: adgs1408: use the correct MODULE_LICENSE 2018-10-12 17:36:39 +02:00
net rsi: improve kernel thread handling to fix kernel panic 2019-04-20 09:16:00 +02:00
nfc NFC: nfcmrvl_uart: fix OF child-node lookup 2018-11-13 11:08:48 -08:00
ntb
nubus
nvdimm libnvdimm: Fix altmap reservation size calculation 2019-03-23 20:09:53 +01:00
nvme nvme-pci: add missing unlock for reset error 2019-03-13 14:02:38 -07:00
nvmem nvmem: check the return value of nvmem_add_cells() 2018-11-13 11:08:35 -08:00
of of: overlay: do not duplicate properties from overlay for new nodes 2019-02-06 17:30:16 +01:00
opp OPP: Use opp_table->regulators to verify no regulator case 2019-02-12 19:47:08 +01:00
oprofile
parisc
parport parport_pc: fix find_superio io compare code, should use equal test. 2019-03-23 20:10:05 +01:00
pci PCI: pciehp: Ignore Link State Changes after powering off a slot 2019-04-17 08:38:54 +02:00
pcmcia pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges 2018-11-13 11:08:17 -08:00
perf perf/aux: Make perf_event accessible to setup_aux() 2019-04-05 22:33:11 +02:00
phy phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs 2019-04-03 06:26:27 +02:00
pinctrl pinctrl: meson: meson8b: add the eth_rxd2 and eth_rxd3 pins 2019-04-05 22:33:15 +02:00
platform platform/x86: intel-hid: Missing power button release on some Dell models 2019-04-05 22:33:14 +02:00
pnp
power power: supply: charger-manager: Fix incorrect return value 2019-03-27 14:14:43 +09:00
powercap
pps
ps3
ptp ptp: Fix pass zero to ERR_PTR() in ptp_clock_register 2019-02-12 19:47:01 +01:00
pwm
rapidio
ras
regulator regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting 2019-04-05 22:33:15 +02:00
remoteproc remoteproc: qcom: q6v5: Propagate EPROBE_DEFER 2018-11-13 11:08:52 -08:00
reset
rpmsg rpmsg: smd: fix memory leak on channel create 2018-11-13 11:08:55 -08:00
rtc rtc: m41t80: Correct alarm month range with RTC reads 2019-01-09 17:38:48 +01:00
s390 s390/ism: ignore some errors during deregistration 2019-04-05 22:33:04 +02:00
sbus drivers/sbus/char: add of_node_put() 2018-12-21 14:15:17 +01:00
scsi scsi: iscsi: flush running unbind operations when removing a session 2019-04-20 09:15:56 +02:00
sfi
sh
siox
slimbus slimbus: ngd: mark PM functions as __maybe_unused 2018-12-19 19:19:49 +01:00
sn
soc soc/tegra: fuse: Fix illegal free of IO base address 2019-04-05 22:33:14 +02:00
soundwire
spi spi: pxa2xx: Setup maximum supported DMA transfer length 2019-03-23 20:09:57 +01:00
spmi
ssb
staging staging: spi: mt7621: Add return code check on device_reset() 2019-04-05 22:33:11 +02:00
target scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock 2019-03-23 20:09:59 +01:00
tc TC: Set DMA masks for devices 2018-11-13 11:08:51 -08:00
tee tee: optee: avoid possible double list_del() 2019-02-12 19:47:08 +01:00
thermal thermal/intel_powerclamp: fix truncated kthread name 2019-04-20 09:15:56 +02:00
thunderbolt thunderbolt: Prevent root port runtime suspend during NVM upgrade 2018-12-17 09:24:36 +01:00
tty serial: uartps: console_setup() can't be placed to init section 2019-04-20 09:16:01 +02:00
uio uio: Fix an Oops on load 2018-11-27 16:13:09 +01:00
usb usb: dwc3: gadget: Fix OTG events when gadget driver isn't loaded 2019-04-05 22:33:13 +02:00
uwb
vfio vfio/type1: Fix unmap overflow off-by-one 2019-01-16 22:04:34 +01:00
vhost vhost/vsock: fix vhost vsock cid hashing inconsistent 2019-03-19 13:12:42 +01:00
video backlight: pwm_bl: Use gpiod_get_value_cansleep() to get initial state 2019-04-05 22:33:13 +02:00
virt vbox: fix link error with 'gcc -Og' 2019-02-12 19:46:59 +01:00
virtio virtio: Honour 'may_reduce_num' in vring_create_virtqueue 2019-04-17 08:38:52 +02:00
visorbus
vlynq
vme
w1 w1: omap-hdq: fix missing bus unregister at removal 2018-11-13 11:08:48 -08:00
watchdog watchdog: mt7621_wdt/rt2880_wdt: Fix compilation problem 2019-02-27 10:08:52 +01:00
xen xen/gntdev: Do not destroy context while dma-bufs are in use 2019-04-05 22:33:06 +02:00
zorro
Kconfig
Makefile