We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Just trying to unload the module when the underlying SPI device has disappeared will cause a kernel oops.
Unable to handle kernel paging request at virtual address 003a312d312f315c Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004 CM = 0, WnR = 0 [003a312d312f315c] address between user and kernel address ranges Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP Modules linked in: spi_ft232h(O) nrc(O-) vc4 snd_soc_hdmi_codec brcmfmac drm_display_helper cec snd_soc_core brcmutil snd_compress snd_pcm_dmaengine raspberrypi_hwmon bcm2835_codec(C) i2c_bcm2835 v4l2_mem2mem bcm2835_isp(C) videobuf2_dma_contig bcm2835_v4l2(C) bcm2835_mmal_vchiq(C) snd_bcm2835(C) videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 snd_pcm videobuf2_common videodev snd_timer spi_bcm2835 snd mc vc_sm_cma(C) uio_pdrv_genirq uio mac80211 libarc4 cfg80211 rfkill beepy_kbd(O) sharp(O) drm_dma_helper drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops i2c_dev drm fuse drm_panel_orientation_quirks backlight ip_tables x_tables ipv6 [last unloaded: spi_ft232h(O)] CPU: 1 PID: 1434 Comm: rmmod Tainted: G C O 6.1.21-v8+ #1642 Hardware name: Raspberry Pi Zero 2 W Rev 1.0 (DT) pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __mutex_lock.isra.17+0x80/0xa78 lr : __mutex_lock.isra.17+0x44/0xa78 sp : ffffffc008be3c10 x29: ffffffc008be3c10 x28: ffffff8001ef1ec0 x27: 0000000000000000 x26: 0000000000000000 x25: 0000000000000000 x24: 4f49544341003170 x23: 0000000000000002 x22: ffffffd5a54ad858 x21: ffffffd5a54ad858 x20: ffffff8006cc0080 x19: ffffff8006cc0080 x18: 0000000000000000 x17: 0000000000000000 x16: ffffffd5a4dd88d8 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: fefefefefefefeff x10: 0000007ffffffff8 x9 : ffffffd5a5169d5c x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefefefefefeff x5 : ffffff8001ef1ec0 x4 : 313a312d312f3128 x3 : 313a312d312f312d x2 : ffffff8001ef1ec0 x1 : ffffffd5a5170c38 x0 : 313a312d312f3128 Call trace: __mutex_lock.isra.17+0x80/0xa78 __mutex_lock_slowpath+0x1c/0x28 mutex_lock+0x3c/0x68 device_del+0x4c/0x3b8 spi_unregister_device+0x50/0xa0 nrc_cspi_exit+0x1c/0x1940 [nrc] __arm64_sys_delete_module+0x1b4/0x278 invoke_syscall+0x4c/0x110 el0_svc_common.constprop.3+0xfc/0x120 do_el0_svc+0x34/0xd0 el0_svc+0x30/0x88 el0t_64_sync_handler+0x98/0xc0 el0t_64_sync+0x18c/0x190 Code: 54001281 f9400260 f27df000 54000080 (b9403401) ---[ end trace 0000000000000000 ]---
I tried to validate the g_spi_dev pointer before spi_unregister_device is called, but it still ends up with a NULL pointer dereference error.
spi_unregister_device
if (g_spi_dev != NULL && !g_spi_dev->dev.of_node && !g_spi_dev->dev.fwnode) { spi_unregister_device(g_spi_dev); }
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Mem abort info: ESR = 0x0000000096000005 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x05: level 1 translation fault Data abort info: ISV = 0, ISS = 0x00000005 CM = 0, WnR = 0 user pgtable: 4k pages, 39-bit VAs, pgdp=00000000079b2000 [0000000000000008] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000 Internal error: Oops: 0000000096000005 [#3] PREEMPT SMP Modules linked in: spi_ft232h(O) nrc(O-) vc4 brcmfmac snd_soc_hdmi_codec drm_display_helper cec snd_soc_core brcmutil bcm2835_codec(C) snd_compress raspberrypi_hwmon bcm2835_v4l2(C) snd_pcm_dmaengine bcm2835_isp(C) bcm2835_mmal_vchiq(C) v4l2_mem2mem videobuf2_vmalloc videobuf2_dma_contig videobuf2_memops videobuf2_v4l2 videobuf2_common i2c_bcm2835 snd_bcm2835(C) videodev snd_pcm spi_bcm2835 snd_timer snd mc vc_sm_cma(C) uio_pdrv_genirq uio mac80211 libarc4 cfg80211 rfkill beepy_kbd(O) sharp(O) drm_dma_helper drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops i2c_dev drm fuse drm_panel_orientation_quirks backlight ip_tables x_tables ipv6 [last unloaded: spi_ft232h(O)] CPU: 3 PID: 853 Comm: rmmod Tainted: G D C O 6.1.21-v8+ #1642 Hardware name: Raspberry Pi Zero 2 W Rev 1.0 (DT) pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : kernfs_find_and_get_ns+0x28/0x80 lr : sysfs_unmerge_group+0x2c/0x70 sp : ffffffc008be3c60 x29: ffffffc008be3c60 x28: ffffff80070b5c40 x27: 0000000000000000 x26: 0000000000000000 x25: 0000000000000000 x24: ffffff8007aa0000 x23: 0000000000000000 x22: 0000000000000000 x21: ffffffebdec2cd18 x20: 0000000000000000 x19: ffffffebdec2cca0 x18: 0000000000000000 x17: 0000000000000000 x16: ffffffebde7d88d8 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: fefefefefefefeff x10: 0000007ffffffff8 x9 : ffffffebde3b94fc x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefefefefefeff x5 : 0000000000000063 x4 : 0000000000000000 x3 : ffffff8002f7a880 x2 : 0000000000000000 x1 : ffffffebdec2cd18 x0 : 0000000000000000 Call trace: kernfs_find_and_get_ns+0x28/0x80 sysfs_unmerge_group+0x2c/0x70 dpm_sysfs_remove+0x38/0x78 device_del+0xb4/0x3b8 spi_unregister_device+0x50/0xa0 nrc_cspi_exit+0x2c/0x1960 [nrc] __arm64_sys_delete_module+0x1b4/0x278 invoke_syscall+0x4c/0x110 el0_svc_common.constprop.3+0xfc/0x120 do_el0_svc+0x34/0xd0 el0_svc+0x30/0x88 el0t_64_sync_handler+0x98/0xc0 el0t_64_sync+0x18c/0x190 Code: aa0003f4 a9025bf5 aa0103f5 aa0203f6 (f9400400) ---[ end trace 0000000000000000 ]---
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Just trying to unload the module when the underlying SPI device has disappeared will cause a kernel oops.
I tried to validate the g_spi_dev pointer before
spi_unregister_device
is called, but it still ends up with a NULL pointer dereference error.The text was updated successfully, but these errors were encountered: