From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Zheyu Ma <zheyuma97@gmail.com>,
"David S . Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>,
netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 5.4 10/31] isdn: mISDN: netjet: Fix crash in nj_probe:
Date: Thu, 3 Jun 2021 13:08:58 -0400 [thread overview]
Message-ID: <20210603170919.3169112-10-sashal@kernel.org> (raw)
In-Reply-To: <20210603170919.3169112-1-sashal@kernel.org>
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit 9f6f852550d0e1b7735651228116ae9d300f69b3 ]
'nj_setup' in netjet.c might fail with -EIO and in this case
'card->irq' is initialized and is bigger than zero. A subsequent call to
'nj_release' will free the irq that has not been requested.
Fix this bug by deleting the previous assignment to 'card->irq' and just
keep the assignment before 'request_irq'.
The KASAN's log reveals it:
[ 3.354615 ] WARNING: CPU: 0 PID: 1 at kernel/irq/manage.c:1826
free_irq+0x100/0x480
[ 3.355112 ] Modules linked in:
[ 3.355310 ] CPU: 0 PID: 1 Comm: swapper/0 Not tainted
5.13.0-rc1-00144-g25a1298726e #13
[ 3.355816 ] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
[ 3.356552 ] RIP: 0010:free_irq+0x100/0x480
[ 3.356820 ] Code: 6e 08 74 6f 4d 89 f4 e8 5e ac 09 00 4d 8b 74 24 18
4d 85 f6 75 e3 e8 4f ac 09 00 8b 75 c8 48 c7 c7 78 c1 2e 85 e8 e0 cf f5
ff <0f> 0b 48 8b 75 c0 4c 89 ff e8 72 33 0b 03 48 8b 43 40 4c 8b a0 80
[ 3.358012 ] RSP: 0000:ffffc90000017b48 EFLAGS: 00010082
[ 3.358357 ] RAX: 0000000000000000 RBX: ffff888104dc8000 RCX:
0000000000000000
[ 3.358814 ] RDX: ffff8881003c8000 RSI: ffffffff8124a9e6 RDI:
00000000ffffffff
[ 3.359272 ] RBP: ffffc90000017b88 R08: 0000000000000000 R09:
0000000000000000
[ 3.359732 ] R10: ffffc900000179f0 R11: 0000000000001d04 R12:
0000000000000000
[ 3.360195 ] R13: ffff888107dc6000 R14: ffff888107dc6928 R15:
ffff888104dc80a8
[ 3.360652 ] FS: 0000000000000000(0000) GS:ffff88817bc00000(0000)
knlGS:0000000000000000
[ 3.361170 ] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3.361538 ] CR2: 0000000000000000 CR3: 000000000582e000 CR4:
00000000000006f0
[ 3.362003 ] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 3.362175 ] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[ 3.362175 ] Call Trace:
[ 3.362175 ] nj_release+0x51/0x1e0
[ 3.362175 ] nj_probe+0x450/0x950
[ 3.362175 ] ? pci_device_remove+0x110/0x110
[ 3.362175 ] local_pci_probe+0x45/0xa0
[ 3.362175 ] pci_device_probe+0x12b/0x1d0
[ 3.362175 ] really_probe+0x2a9/0x610
[ 3.362175 ] driver_probe_device+0x90/0x1d0
[ 3.362175 ] ? mutex_lock_nested+0x1b/0x20
[ 3.362175 ] device_driver_attach+0x68/0x70
[ 3.362175 ] __driver_attach+0x124/0x1b0
[ 3.362175 ] ? device_driver_attach+0x70/0x70
[ 3.362175 ] bus_for_each_dev+0xbb/0x110
[ 3.362175 ] ? rdinit_setup+0x45/0x45
[ 3.362175 ] driver_attach+0x27/0x30
[ 3.362175 ] bus_add_driver+0x1eb/0x2a0
[ 3.362175 ] driver_register+0xa9/0x180
[ 3.362175 ] __pci_register_driver+0x82/0x90
[ 3.362175 ] ? w6692_init+0x38/0x38
[ 3.362175 ] nj_init+0x36/0x38
[ 3.362175 ] do_one_initcall+0x7f/0x3d0
[ 3.362175 ] ? rdinit_setup+0x45/0x45
[ 3.362175 ] ? rcu_read_lock_sched_held+0x4f/0x80
[ 3.362175 ] kernel_init_freeable+0x2aa/0x301
[ 3.362175 ] ? rest_init+0x2c0/0x2c0
[ 3.362175 ] kernel_init+0x18/0x190
[ 3.362175 ] ? rest_init+0x2c0/0x2c0
[ 3.362175 ] ? rest_init+0x2c0/0x2c0
[ 3.362175 ] ret_from_fork+0x1f/0x30
[ 3.362175 ] Kernel panic - not syncing: panic_on_warn set ...
[ 3.362175 ] CPU: 0 PID: 1 Comm: swapper/0 Not tainted
5.13.0-rc1-00144-g25a1298726e #13
[ 3.362175 ] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
[ 3.362175 ] Call Trace:
[ 3.362175 ] dump_stack+0xba/0xf5
[ 3.362175 ] ? free_irq+0x100/0x480
[ 3.362175 ] panic+0x15a/0x3f2
[ 3.362175 ] ? __warn+0xf2/0x150
[ 3.362175 ] ? free_irq+0x100/0x480
[ 3.362175 ] __warn+0x108/0x150
[ 3.362175 ] ? free_irq+0x100/0x480
[ 3.362175 ] report_bug+0x119/0x1c0
[ 3.362175 ] handle_bug+0x3b/0x80
[ 3.362175 ] exc_invalid_op+0x18/0x70
[ 3.362175 ] asm_exc_invalid_op+0x12/0x20
[ 3.362175 ] RIP: 0010:free_irq+0x100/0x480
[ 3.362175 ] Code: 6e 08 74 6f 4d 89 f4 e8 5e ac 09 00 4d 8b 74 24 18
4d 85 f6 75 e3 e8 4f ac 09 00 8b 75 c8 48 c7 c7 78 c1 2e 85 e8 e0 cf f5
ff <0f> 0b 48 8b 75 c0 4c 89 ff e8 72 33 0b 03 48 8b 43 40 4c 8b a0 80
[ 3.362175 ] RSP: 0000:ffffc90000017b48 EFLAGS: 00010082
[ 3.362175 ] RAX: 0000000000000000 RBX: ffff888104dc8000 RCX:
0000000000000000
[ 3.362175 ] RDX: ffff8881003c8000 RSI: ffffffff8124a9e6 RDI:
00000000ffffffff
[ 3.362175 ] RBP: ffffc90000017b88 R08: 0000000000000000 R09:
0000000000000000
[ 3.362175 ] R10: ffffc900000179f0 R11: 0000000000001d04 R12:
0000000000000000
[ 3.362175 ] R13: ffff888107dc6000 R14: ffff888107dc6928 R15:
ffff888104dc80a8
[ 3.362175 ] ? vprintk+0x76/0x150
[ 3.362175 ] ? free_irq+0x100/0x480
[ 3.362175 ] nj_release+0x51/0x1e0
[ 3.362175 ] nj_probe+0x450/0x950
[ 3.362175 ] ? pci_device_remove+0x110/0x110
[ 3.362175 ] local_pci_probe+0x45/0xa0
[ 3.362175 ] pci_device_probe+0x12b/0x1d0
[ 3.362175 ] really_probe+0x2a9/0x610
[ 3.362175 ] driver_probe_device+0x90/0x1d0
[ 3.362175 ] ? mutex_lock_nested+0x1b/0x20
[ 3.362175 ] device_driver_attach+0x68/0x70
[ 3.362175 ] __driver_attach+0x124/0x1b0
[ 3.362175 ] ? device_driver_attach+0x70/0x70
[ 3.362175 ] bus_for_each_dev+0xbb/0x110
[ 3.362175 ] ? rdinit_setup+0x45/0x45
[ 3.362175 ] driver_attach+0x27/0x30
[ 3.362175 ] bus_add_driver+0x1eb/0x2a0
[ 3.362175 ] driver_register+0xa9/0x180
[ 3.362175 ] __pci_register_driver+0x82/0x90
[ 3.362175 ] ? w6692_init+0x38/0x38
[ 3.362175 ] nj_init+0x36/0x38
[ 3.362175 ] do_one_initcall+0x7f/0x3d0
[ 3.362175 ] ? rdinit_setup+0x45/0x45
[ 3.362175 ] ? rcu_read_lock_sched_held+0x4f/0x80
[ 3.362175 ] kernel_init_freeable+0x2aa/0x301
[ 3.362175 ] ? rest_init+0x2c0/0x2c0
[ 3.362175 ] kernel_init+0x18/0x190
[ 3.362175 ] ? rest_init+0x2c0/0x2c0
[ 3.362175 ] ? rest_init+0x2c0/0x2c0
[ 3.362175 ] ret_from_fork+0x1f/0x30
[ 3.362175 ] Dumping ftrace buffer:
[ 3.362175 ] (ftrace buffer empty)
[ 3.362175 ] Kernel Offset: disabled
[ 3.362175 ] Rebooting in 1 seconds..
Reported-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/isdn/hardware/mISDN/netjet.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/isdn/hardware/mISDN/netjet.c b/drivers/isdn/hardware/mISDN/netjet.c
index 61caa7e50b9a..9e6aab04f9d6 100644
--- a/drivers/isdn/hardware/mISDN/netjet.c
+++ b/drivers/isdn/hardware/mISDN/netjet.c
@@ -1100,7 +1100,6 @@ nj_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
card->typ = NETJET_S_TJ300;
card->base = pci_resource_start(pdev, 0);
- card->irq = pdev->irq;
pci_set_drvdata(pdev, card);
err = setup_instance(card);
if (err)
--
2.30.2
next prev parent reply other threads:[~2021-06-03 17:13 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-03 17:08 [PATCH AUTOSEL 5.4 01/31] ASoC: max98088: fix ni clock divider calculation Sasha Levin
2021-06-03 17:08 ` Sasha Levin
2021-06-03 17:08 ` [PATCH AUTOSEL 5.4 02/31] spi: Fix spi device unregister flow Sasha Levin
2021-06-03 17:08 ` [PATCH AUTOSEL 5.4 03/31] net/nfc/rawsock.c: fix a permission check bug Sasha Levin
2021-06-03 17:08 ` [PATCH AUTOSEL 5.4 04/31] usb: cdns3: Fix runtime PM imbalance on error Sasha Levin
2021-06-03 17:08 ` [PATCH AUTOSEL 5.4 05/31] ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet Sasha Levin
2021-06-03 17:08 ` Sasha Levin
2021-06-03 17:08 ` [PATCH AUTOSEL 5.4 06/31] ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet Sasha Levin
2021-06-03 17:08 ` Sasha Levin
2021-06-03 17:08 ` [PATCH AUTOSEL 5.4 07/31] vfio-ccw: Serialize FSM IDLE state with I/O completion Sasha Levin
2021-06-03 17:08 ` [PATCH AUTOSEL 5.4 08/31] ASoC: sti-sas: add missing MODULE_DEVICE_TABLE Sasha Levin
2021-06-03 17:08 ` Sasha Levin
2021-06-03 17:08 ` [PATCH AUTOSEL 5.4 09/31] spi: sprd: Add " Sasha Levin
2021-06-03 17:08 ` Sasha Levin [this message]
2021-06-03 17:08 ` [PATCH AUTOSEL 5.4 11/31] bonding: init notify_work earlier to avoid uninitialized use Sasha Levin
2021-06-03 17:09 ` [PATCH AUTOSEL 5.4 12/31] netlink: disable IRQs for netlink_lock_table() Sasha Levin
2021-06-03 17:09 ` [PATCH AUTOSEL 5.4 13/31] net: mdiobus: get rid of a BUG_ON() Sasha Levin
2021-06-03 17:09 ` [PATCH AUTOSEL 5.4 14/31] cgroup: disable controllers at parse time Sasha Levin
2021-06-03 17:09 ` [PATCH AUTOSEL 5.4 15/31] wq: handle VM suspension in stall detection Sasha Levin
2021-06-03 17:09 ` [PATCH AUTOSEL 5.4 16/31] net/qla3xxx: fix schedule while atomic in ql_sem_spinlock Sasha Levin
2021-06-03 17:09 ` [PATCH AUTOSEL 5.4 17/31] RDS tcp loopback connection can hang Sasha Levin
2021-06-03 17:09 ` [PATCH AUTOSEL 5.4 18/31] scsi: bnx2fc: Return failure if io_req is already in ABTS processing Sasha Levin
2021-06-03 17:09 ` [PATCH AUTOSEL 5.4 19/31] scsi: vmw_pvscsi: Set correct residual data length Sasha Levin
2021-06-03 17:09 ` [PATCH AUTOSEL 5.4 20/31] scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq Sasha Levin
2021-06-03 17:09 ` [PATCH AUTOSEL 5.4 21/31] scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal Sasha Levin
2021-06-03 17:09 ` [PATCH AUTOSEL 5.4 22/31] net: macb: ensure the device is available before accessing GEMGXL control registers Sasha Levin
2021-06-03 17:09 ` [PATCH AUTOSEL 5.4 23/31] net: appletalk: cops: Fix data race in cops_probe1 Sasha Levin
2021-06-03 17:09 ` [PATCH AUTOSEL 5.4 24/31] net: dsa: microchip: enable phy errata workaround on 9567 Sasha Levin
2021-06-03 17:09 ` [PATCH AUTOSEL 5.4 25/31] nvme-fabrics: decode host pathing error for connect Sasha Levin
2021-06-03 17:09 ` Sasha Levin
2021-06-03 17:09 ` [PATCH AUTOSEL 5.4 26/31] MIPS: Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER Sasha Levin
2021-06-03 17:09 ` [PATCH AUTOSEL 5.4 27/31] dm verity: fix require_signatures module_param permissions Sasha Levin
2021-06-03 17:09 ` [dm-devel] " Sasha Levin
2021-06-03 17:09 ` [PATCH AUTOSEL 5.4 28/31] bnx2x: Fix missing error code in bnx2x_iov_init_one() Sasha Levin
2021-06-03 17:09 ` [PATCH AUTOSEL 5.4 29/31] nvme-tcp: remove incorrect Kconfig dep in BLK_DEV_NVME Sasha Levin
2021-06-03 17:09 ` Sasha Levin
2021-06-03 17:09 ` [PATCH AUTOSEL 5.4 30/31] powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P2041 i2c controllers Sasha Levin
2021-06-03 17:09 ` [PATCH AUTOSEL 5.4 30/31] powerpc/fsl: set fsl, i2c-erratum-a004447 " Sasha Levin
2021-06-03 17:09 ` [PATCH AUTOSEL 5.4 31/31] powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P1010 " Sasha Levin
2021-06-03 17:09 ` [PATCH AUTOSEL 5.4 31/31] powerpc/fsl: set fsl, i2c-erratum-a004447 " Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210603170919.3169112-10-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=zheyuma97@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.