Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933120AbcKHSmO (ORCPT ); Tue, 8 Nov 2016 13:42:14 -0500 Received: from mail-it0-f67.google.com ([209.85.214.67]:35692 "EHLO mail-it0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933039AbcKHSmG (ORCPT ); Tue, 8 Nov 2016 13:42:06 -0500 MIME-Version: 1.0 In-Reply-To: References: From: Linus Torvalds Date: Tue, 8 Nov 2016 10:42:03 -0800 X-Google-Sender-Auth: Rs7QS8wzvi3qNuSagfI4KwJDCmw Message-ID: Subject: Re: [v4.9-rc4] dvb-usb/cinergyT2 NULL pointer dereference To: =?UTF-8?Q?J=C3=B6rg_Otte?= , Patrick Boettcher , Mauro Carvalho Chehab Cc: Mauro Carvalho Chehab , Linux Kernel Mailing List , Linux Media Mailing List Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.home.local id uA8IgPGF009746 Content-Length: 923 Lines: 24 On Sun, Nov 6, 2016 at 7:40 AM, Jörg Otte wrote: > Since v4.9-rc4 I get following crash in dvb-usb-cinergyT2 module. Looks like it's commit 5ef8ed0e5608f ("[media] cinergyT2-core: don't do DMA on stack"), which movced the DMA data array from the stack to the "private" pointer. In the process it also added serialization in the form of "data_mutex", but and now it oopses on that mutex because the private pointer is NULL. It looks like the "->private" pointer is allocated in dvb_usb_adapter_init() cinergyt2_usb_probe -> dvb_usb_device_init -> dvb_usb_init() -> dvb_usb_adapter_init() but the dvb_usb_init() function calls dvb_usb_device_power_ctrl() (which calls the "power_ctrl" function, which is cinergyt2_power_ctrl() for that drive) *before* it initializes the private field. Mauro, Patrick, could dvb_usb_adapter_init() be called earlier, perhaps? Linus