Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 821865 - >=sys-kernel/gentoo-sources-5.14: kernel NULL pointer dereference in snd_pcm_mmap_data for RME HDSP audio interfaces
Summary: >=sys-kernel/gentoo-sources-5.14: kernel NULL pointer dereference in snd_pcm_...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: AMD64 Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Bug Wranglers and Kernel Maintainers
URL: https://git.kernel.org/pub/scm/linux/...
Whiteboard: 5.15.3
Keywords: InVCS
Depends on:
Blocks:
 
Reported: 2021-11-04 22:54 UTC by Till Schäfer
Modified: 2021-11-18 20:11 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
alsa-info.txt (alsa-info.txt.PRoLreS8Ew,20.97 KB, text/plain)
2021-11-04 23:01 UTC, Till Schäfer 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Till Schäfer 2021-11-04 22:54:38 UTC 
After upgrading to kernel 5.14, I get the following kernel crash. This seems to be related to the RME HDSPe Multiface II audio interface. Other people are also reporting this bug for RME audio interfaces. 


Arch Bug: https://bugs.archlinux.org/task/72059
Another report: https://githubmemory.com/repo/DeaDBeeF-Player/deadbeef/issues/2674



Nov  4 23:30:47 wgw-till kernel: BUG: kernel NULL pointer dereference, address: 0000000000000000
Nov  4 23:30:47 wgw-till kernel: #PF: supervisor read access in kernel mode
Nov  4 23:30:47 wgw-till kernel: #PF: error_code(0x0000) - not-present page
Nov  4 23:30:47 wgw-till kernel: PGD 0 P4D 0 
Nov  4 23:30:47 wgw-till kernel: Oops: 0000 [#1] SMP PTI
Nov  4 23:30:47 wgw-till kernel: CPU: 3 PID: 3381 Comm: pulseaudio Tainted: P           O      5.14.16-gentoo #1
Nov  4 23:30:47 wgw-till kernel: Hardware name: Gigabyte Technology Co., Ltd. Z97X-UD5H/Z97X-UD5H, BIOS F8 06/17/2014
Nov  4 23:30:47 wgw-till kernel: RIP: 0010:snd_dma_buffer_mmap+0x0/0x30
Nov  4 23:30:47 wgw-till kernel: Code: 83 fa 06 77 1c 48 8b 04 c5 20 e8 30 a1 48 85 c0 74 0e 48 8b 40 08 48 85 c0 74 05 e9 4a 53 63 00 c3 0f 0b c3 66 0f 1f 44 00 00 <48> 63 07 8d 50 ff 83 fa 06 77 1b 48 8b 04 c5 20 e8 30 a1 48 85 c0
Nov  4 23:30:47 wgw-till kernel: RSP: 0018:ffff9adac1f7fd10 EFLAGS: 00010246
Nov  4 23:30:47 wgw-till kernel: RAX: ffff899576149400 RBX: ffff899542951400 RCX: 0000000000000000
Nov  4 23:30:47 wgw-till kernel: RDX: 00000000001af000 RSI: ffff89957fead0c0 RDI: 0000000000000000
Nov  4 23:30:47 wgw-till kernel: RBP: 00007fd1fb506000 R08: 00000000040400fb R09: 0000000000001000
Nov  4 23:30:47 wgw-till kernel: R10: 00007fd1fb507000 R11: 00007fd1fb6b2000 R12: ffff89957fead930
Nov  4 23:30:47 wgw-till kernel: R13: ffff899540958cc0 R14: ffff89957fead0c0 R15: ffff89957cb1e9c0
Nov  4 23:30:47 wgw-till kernel: FS:  00007fd1fac31740(0000) GS:ffff899a46cc0000(0000) knlGS:0000000000000000
Nov  4 23:30:47 wgw-till kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Nov  4 23:30:47 wgw-till kernel: CR2: 0000000000000000 CR3: 000000010a02c005 CR4: 00000000001706e0
Nov  4 23:30:47 wgw-till kernel: Call Trace:
Nov  4 23:30:47 wgw-till kernel: snd_pcm_mmap_data+0x122/0x140
Nov  4 23:30:47 wgw-till kernel: mmap_region+0x3e5/0x680
Nov  4 23:30:47 wgw-till kernel: do_mmap+0x343/0x530
Nov  4 23:30:47 wgw-till kernel: ? _copy_to_user+0x1c/0x30
Nov  4 23:30:47 wgw-till kernel: ? snd_pcm_common_ioctl+0x29d/0x1350
Nov  4 23:30:47 wgw-till kernel: vm_mmap_pgoff+0xaf/0x150
Nov  4 23:30:47 wgw-till kernel: ksys_mmap_pgoff+0x1d0/0x230
Nov  4 23:30:47 wgw-till kernel: ? snd_pcm_ioctl+0x1e/0x30
Nov  4 23:30:47 wgw-till kernel: do_syscall_64+0x64/0x90
Nov  4 23:30:47 wgw-till kernel: ? syscall_exit_to_user_mode+0x12/0x40
Nov  4 23:30:47 wgw-till kernel: ? do_syscall_64+0x71/0x90
Nov  4 23:30:47 wgw-till kernel: ? syscall_exit_to_user_mode+0x12/0x40
Nov  4 23:30:47 wgw-till kernel: ? do_syscall_64+0x71/0x90
Nov  4 23:30:47 wgw-till kernel: ? exc_page_fault+0x65/0x110
Nov  4 23:30:47 wgw-till kernel: entry_SYSCALL_64_after_hwframe+0x44/0xae
Nov  4 23:30:47 wgw-till kernel: RIP: 0033:0x7fd1fb37cd92
Nov  4 23:30:47 wgw-till kernel: Code: e4 e8 b2 44 01 00 66 90 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 8b 05 a9 10 0c 00 64
Nov  4 23:30:47 wgw-till kernel: RSP: 002b:00007ffff15e95d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
Nov  4 23:30:47 wgw-till kernel: RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fd1fb37cd92
Nov  4 23:30:47 wgw-till kernel: RDX: 0000000000000003 RSI: 0000000000001000 RDI: 0000000000000000
Nov  4 23:30:47 wgw-till kernel: RBP: 0000000000000000 R08: 0000000000000013 R09: 0000000000000000
Nov  4 23:30:47 wgw-till kernel: R10: 0000000000000001 R11: 0000000000000246 R12: 0000559ae0582010
Nov  4 23:30:47 wgw-till kernel: R13: 0000000000000001 R14: 0000000000000000 R15: 00007fd1f9e351a0
Nov  4 23:30:47 wgw-till kernel: Modules linked in: nvidia_drm(PO) nvidia_modeset(PO) nvidia(PO) intel_rapl_msr intel_rapl_common iosf_mbi x86_pkg_temp_thermal snd_hdsp
Nov  4 23:30:47 wgw-till kernel: CR2: 0000000000000000
Nov  4 23:30:47 wgw-till kernel: ---[ end trace 70cfc0f62f7178eb ]---
Nov  4 23:30:47 wgw-till kernel: RIP: 0010:snd_dma_buffer_mmap+0x0/0x30
Nov  4 23:30:47 wgw-till kernel: Code: 83 fa 06 77 1c 48 8b 04 c5 20 e8 30 a1 48 85 c0 74 0e 48 8b 40 08 48 85 c0 74 05 e9 4a 53 63 00 c3 0f 0b c3 66 0f 1f 44 00 00 <48> 63 07 8d 50 ff 83 fa 06 77 1b 48 8b 04 c5 20 e8 30 a1 48 85 c0
Nov  4 23:30:47 wgw-till kernel: RSP: 0018:ffff9adac1f7fd10 EFLAGS: 00010246
Nov  4 23:30:47 wgw-till kernel: RAX: ffff899576149400 RBX: ffff899542951400 RCX: 0000000000000000
Nov  4 23:30:47 wgw-till kernel: RDX: 00000000001af000 RSI: ffff89957fead0c0 RDI: 0000000000000000
Nov  4 23:30:47 wgw-till kernel: RBP: 00007fd1fb506000 R08: 00000000040400fb R09: 0000000000001000
Nov  4 23:30:47 wgw-till kernel: R10: 00007fd1fb507000 R11: 00007fd1fb6b2000 R12: ffff89957fead930
Nov  4 23:30:47 wgw-till kernel: R13: ffff899540958cc0 R14: ffff89957fead0c0 R15: ffff89957cb1e9c0
Nov  4 23:30:47 wgw-till kernel: FS:  00007fd1fac31740(0000) GS:ffff899a46cc0000(0000) knlGS:0000000000000000
Nov  4 23:30:47 wgw-till kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Nov  4 23:30:47 wgw-till kernel: CR2: 0000000000000000 CR3: 000000010a02c005 CR4: 00000000001706e0

Reproducible: Always




# emerge --info
Portage 3.0.28 (python 3.9.7-final-0, default/linux/amd64/17.1/desktop/plasma, gcc-11.2.0, glibc-2.33-r7, 5.13.19-gentoo x86_64)
=================================================================
System uname: Linux-5.13.19-gentoo-x86_64-Intel-R-_Core-TM-_i7-4790K_CPU_@_4.00GHz-with-glibc2.33
KiB Mem:    24533876 total,  19947572 free
KiB Swap:          0 total,         0 free
Timestamp of repository gentoo: Tue, 02 Nov 2021 21:51:33 +0000
Head commit of repository gentoo: a9215ace7ab2d5c1255a51fa78bf03cd10e7c678

Timestamp of repository audio-overlay: Sun, 31 Oct 2021 19:53:24 +0000
Head commit of repository audio-overlay: 1a95312d72d5fe09a7753981037848f758aa733d

Timestamp of repository kde: Tue, 02 Nov 2021 14:21:06 +0000
Head commit of repository kde: f1949c88c6fb67373cdf79e3cd7ac7a76711206d

Timestamp of repository steam-overlay: Sun, 31 Oct 2021 19:53:14 +0000
Head commit of repository steam-overlay: 89b2827ea35ef220c165a9adfb5b5187c2f3da9d

sh bash 5.1_p8
ld GNU ld (Gentoo 2.37_p1 p0) 2.37
app-shells/bash:          5.1_p8::gentoo
dev-java/java-config:     2.3.1::gentoo
dev-lang/perl:            5.34.0-r3::gentoo
dev-lang/python:          2.7.18_p13::gentoo, 3.9.7_p1::gentoo
dev-lang/rust:            1.53.0::gentoo
dev-util/cmake:           3.20.5::gentoo
sys-apps/baselayout:      2.7::gentoo
sys-apps/openrc:          0.44.7::gentoo
sys-apps/sandbox:         2.25::gentoo
sys-devel/autoconf:       2.13-r1::gentoo, 2.71-r1::gentoo
sys-devel/automake:       1.13.4-r2::gentoo, 1.16.4::gentoo
sys-devel/binutils:       2.37_p1::gentoo
sys-devel/gcc:            11.2.0::gentoo
sys-devel/gcc-config:     2.4::gentoo
sys-devel/libtool:        2.4.6-r6::gentoo
sys-devel/make:           4.3::gentoo
sys-kernel/linux-headers: 5.10::gentoo (virtual/os-headers)
sys-libs/glibc:           2.33-r7::gentoo
Repositories:

gentoo
    location: /var/db/repos/gentoo
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/gentoo.git
    priority: -1000
    sync-git-verify-commit-signature: true

audio-overlay
    location: /var/db/repos/audio-overlay
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/audio-overlay.git
    masters: gentoo

kde
    location: /var/db/repos/kde
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/kde.git
    masters: gentoo

steam-overlay
    location: /var/db/repos/steam-overlay
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/steam-overlay.git
    masters: gentoo

shared_overlay
    location: /opt/conf/common/var/db/repos/shared_overlay
    masters: gentoo
    priority: 100

local_overlay
    location: /var/db/repos/local_overlay
    masters: gentoo
    priority: 200

Installed sets: @system
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=native -O2 -pipe -ftree-vectorize -ggdb"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/maven-bin-3.8/conf"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/portage/package.accept_keywords/99-autounmask /etc/portage/package.unmask/99-autounmask /etc/portage/package.use/99-autounmask /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-march=native -O2 -pipe -ftree-vectorize -ggdb"
DISTDIR="/var/cache/distfiles"
EMERGE_DEFAULT_OPTS="--with-bdeps=y --autounmask=y --autounmask-write --autounmask-continue --jobs=2 --load-average=8 --backtrack=100 --alert"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs compressdebug config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch parallel-install pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms sign splitdebug strict strict-keepdir unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="en_US.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j8"
PKGDIR="/var/cache/binpkgs"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
RUSTFLAGS="-C target-cpu=native -O -g"
USE="X a52 aac acl acpi activities aes alsa amd64 apng avif avx avx2 bash-completion bluetooth branding brotli bzip2 cairo cdaudio cdda cddb cdparanoia cdr chm cli crypt cups dbus declarative djvu dnssec dri dts dvd dvdr elogind emboss encode eps epub evdev exif f16c ffmpeg flac fma3 fortran gdbm gif glib gpg gpm gstreamer gtk gui gzip iconv icu id3tag idn ieee1394 imagemagick inotify ipv6 irc jpeg jpeg2k kde kipi kwallet lame lcms libglvnd libnotify libsamplerate libtirpc lvm lzma mad matroska mmx mmxext mng mp3 mp4 mpeg mplayer mpris mtp multilib musicbrainz ncurses nls nptl ntp ogg opengl openmp opus otr pam pango pclmul pcre pdf phonon plasma png policykit popcnt ppds pulseaudio qml qt5 quicktime rar raw rdrand readline real rss rtc sdl seccomp semantic-desktop spell split-usr sse sse2 sse3 sse4_1 sse4_2 ssl ssse3 startup-notification svg taglib tcpd theora threads thumbnail tiff truetype twolame udev udisks unicode upower usb v4l v4l2 vaapi vcd vdpau vim-syntax visualization vorbis vpx wavpack webp widgets wma wmf wxwidgets x264 x265 xattr xcb xinerama xml xv xvid xvidv xvmc xz zlib zstd" ABI_X86="64" ADA_TARGET="gnat_2019" ALSA_CARDS="hdsp hdspm" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt rdrand sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-3 php7-4" POSTGRES_TARGETS="postgres12 postgres13" PYTHON_SINGLE_TARGET="python3_9" PYTHON_TARGETS="python3_9" RUBY_TARGETS="ruby26 ruby27" USERLAND="GNU" VIDEO_CARDS="nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 Till Schäfer 2021-11-04 23:01:40 UTC 
Created attachment 748713 [details]
alsa-info.txt
Comment 2 Mike Pagano gentoo-dev 2021-11-04 23:31:38 UTC 
Can you try this patch against the latest 5.14.X kernel which is 5.14.16 as of this writing

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cbea6e5a7772b7a5b80baa8f98fd77853487fd2a
Comment 3 Till Schäfer 2021-11-04 23:44:47 UTC 
I was able to fix the problem with these two patches from  https://www.spinics.net/lists/alsa-devel/msg129824.html

  ALSA: pcm: Check mmap capability of runtime dma buffer at first
  ALSA: pci: rme: Set up buffer type properly
Comment 4 Till Schäfer 2021-11-05 00:13:02 UTC 
(In reply to Till Schäfer from comment #3)
> I was able to fix the problem with these two patches from 
> https://www.spinics.net/lists/alsa-devel/msg129824.html
> 
>   ALSA: pcm: Check mmap capability of runtime dma buffer at first
>   ALSA: pci: rme: Set up buffer type properly

Uh, of course on top of 5.14.16
Comment 6 Till Schäfer 2021-11-05 20:34:47 UTC 
(In reply to Mike Pagano from comment #5)
> Can you try this patch?
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/
> ?id=cbea6e5a7772b7a5b80baa8f98fd77853487fd2a

That is the first of the two patches I have mentioned in comment #3, i.e.,   
    ALSA: pcm: Check mmap capability of runtime dma buffer at first
Comment 7 Till Schäfer 2021-11-07 22:24:23 UTC 
upstream has a new patch, see https://bugzilla.kernel.org/show_bug.cgi?id=214947
Comment 8 Mike Pagano gentoo-dev 2021-11-15 23:16:54 UTC 
Is this one patch all we need?
Comment 9 Till Schäfer 2021-11-16 10:54:50 UTC 
(In reply to Mike Pagano from comment #8)
> Is this one patch all we need?
yes, it replaces all other patches
Comment 10 Mike Pagano gentoo-dev 2021-11-16 22:18:43 UTC 
commit 9fd26d963f66eee60bb58df991bc52ae9a6954fd (HEAD -> 5.15, origin/5.15)
Author: Mike Pagano <mpagano@gentoo.org>
Date:   Tue Nov 16 17:17:50 2021 -0500

    ALSA: PCM: Fix NULL dereference at mmap checks
    
    Bug: https://bugs.gentoo.org/821865
    
    Signed-off-by: Mike Pagano <mpagano@gentoo.org>
Comment 11 Larry the Git Cow gentoo-dev 2021-11-18 20:11:32 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df009a8c1044203ed9e2c65f9d3ef9a1e804e7de

commit df009a8c1044203ed9e2c65f9d3ef9a1e804e7de
Author:     Mike Pagano <mpagano@gentoo.org>
AuthorDate: 2021-11-18 20:11:24 +0000
Commit:     Mike Pagano <mpagano@gentoo.org>
CommitDate: 2021-11-18 20:11:24 +0000

    sys-kernel/gentoo-sources: Linux 5.15 and genpatches
    
    Update to the CPU OPT Patch
    Removal of 2700_ALSA-PCM-Fix-NULL-deref-at-mmap-checks.patch
    
    Closes: https://bugs.gentoo.org/821406
    Closes: https://bugs.gentoo.org/821865
    Package-Manager: Portage-3.0.28, Repoman-3.0.3
    Signed-off-by: Mike Pagano <mpagano@gentoo.org>

 sys-kernel/gentoo-sources/Manifest                 |  3 +++
 .../gentoo-sources/gentoo-sources-5.15.3.ebuild    | 28 ++++++++++++++++++++++
 2 files changed, 31 insertions(+)