From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from vsmx012.vodafonemail.xion.oxcs.net ([153.92.174.90]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k8jWi-0004vI-4l for barebox@lists.infradead.org; Thu, 20 Aug 2020 12:18:41 +0000 Received: from vsmx004.vodafonemail.xion.oxcs.net (unknown [192.168.75.198]) by mta-8-out.mta.xion.oxcs.net (Postfix) with ESMTP id 2777FF34DBB for ; Thu, 20 Aug 2020 12:18:34 +0000 (UTC) Received: from app-41.app.xion.oxcs.net (app-41.app.xion.oxcs.net [10.10.1.41]) by mta-8-out.mta.xion.oxcs.net (Postfix) with ESMTPA id 13AEB19AE99 for ; Thu, 20 Aug 2020 12:18:31 +0000 (UTC) Date: Thu, 20 Aug 2020 14:18:27 +0200 (CEST) From: Giorgio Dal Molin Message-ID: <1196968959.8187.1597925911899@mail.vodafone.de> MIME-Version: 1.0 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "barebox" Errors-To: barebox-bounces+u.kleine-koenig=pengutronix.de@lists.infradead.org Subject: NULL pointer deref crash on barebox 2020.08.0 To: barebox@lists.infradead.org Hi, I've tried the current barebox v2020.08.0 on my imx7d module and it crashes while executing the command: imx7d: / cp /mnt/boot/kernel.img /dev/mmc1.fw_update unable to handle NULL pointer dereference at address 0x00000000 pc : [] lr : [] sp : fffefcd0 ip : fffefcd0 fp : c00f8850 r10: ffe981ef r9 : 00000000 r8 : ffe981ef r7 : ffe98dcb r6 : ffea60a8 r5 : ffe98dbd r4 : c00ef1e8 r3 : 00000000 r2 : bfefb8e0 r1 : ffe98dbd r0 : 00028888 Flags: nZCv IRQs off FIQs off Mode SVC_32 no stack data available I could track the problem down to a call to list_del(&inode->i_sb_list); in fs/fs.c:iput(struct inode *inode): void iput(struct inode *inode) { if (!inode) return; inode->i_count--; if (!inode->i_count) { list_del(&inode->i_sb_list); <== this call segfaults destroy_inode(inode); } } I've checked that the struct list_head inode->i_sb_list has its .prev pointer NULL and that's the immediate reason why I get a segfault (at WRITE_ONCE(prev->next, next) in __list_del(prev, next); what I don't know is whether a NULL .prev is OK and the error is a missing test in __list_del() or if a NULL .prev is already wrong. giorgio _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox