Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp1033589rwb; Thu, 22 Sep 2022 09:15:25 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5zuk2sjkFY35xN3nMf2M86DO9vrHffTv2s8mlKS4NeSGsQuXtqb2JMkez/QUxv4hyJtHQV X-Received: by 2002:a05:6402:35c1:b0:451:e1aa:e66e with SMTP id z1-20020a05640235c100b00451e1aae66emr3961415edc.275.1663863325521; Thu, 22 Sep 2022 09:15:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663863325; cv=none; d=google.com; s=arc-20160816; b=Vkk2LnJHGj0CTWCp/yuxBXXnOYGtrpVwyNJl8RQo7VEPhOoe0vIuTZwshXgtMwLlm2 o0QGglT4XUYoyP0wlnHJbsMFuXIgSe1YFMrKMuIa9My223mTj8UtTkif+962SIrCEIoO nYvWkUXrvwnI4wCKxf2xqZkNB81OfCPvGhgF1NgDFP68xK1StObJuc4LO5RQOXLANYG2 3vVN3kejI7jqLj+GJ/W2D1NuPqjPw6Bru+uE+tYhMfxkUcMdtINKbznNh8/sfBkjw9W1 farNQb0/qXgldQc8RtVYqT9xjc+Iam2hWdmu1O0ADEfXEK5NN8I+SRRv7yOgeGEe2qHn 0Zmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:date:cc:to:from:subject:message-id; bh=Mv5SAQNqVdoWW+zMNe2pPxtse8oWWxHged3Q8jNDpKI=; b=eWuv1ijg4FVeeDacWjvlSkwNJHuKRYmgS6MyhHU2sQi7dTb4R0quwRf3Z27iOkpGFN Dz2iiS0PxRpDlmjE41WwPMH1v0PXO/3PPHl0f6loBgZqf7iQJ263rcc2KOpPrpJVqhwU O4PtKpz67w0KT8ps6RQMMSCr5Mg9kOG3ybD2LQUQxpr91U9EWwwGTi5CHewAqih6+ZWe KUNuP5ZyQd/O38d6RwIIhK149xIVuaoJvFMGCQqEcJyGWnlcKJ4kae1djQ7vGM54HZfb VUfv4oneXSqfPKD4BL0a9s+DRpWdaUMsHr6hNfMKDQqQhpbwCDEDTl17u8uwRMkDk7+Q UJZw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id hq6-20020a1709073f0600b0077a536d4857si6681073ejc.274.2022.09.22.09.14.57; Thu, 22 Sep 2022 09:15:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229970AbiIVQBs (ORCPT + 99 others); Thu, 22 Sep 2022 12:01:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57362 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229554AbiIVQBq (ORCPT ); Thu, 22 Sep 2022 12:01:46 -0400 Received: from metis.ext.pengutronix.de (metis.ext.pengutronix.de [IPv6:2001:67c:670:201:290:27ff:fe1d:cc33]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 89A2BAD9A4 for ; Thu, 22 Sep 2022 09:01:45 -0700 (PDT) Received: from ptz.office.stw.pengutronix.de ([2a0a:edc0:0:900:1d::77] helo=irc.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1obOdx-0004PM-AU; Thu, 22 Sep 2022 18:01:41 +0200 Message-ID: <33059074b78110d4717efe09b887dd28ac77fe7f.camel@pengutronix.de> Subject: PROBLEM: Segfault in kconfig From: Johannes Zink To: masahiroy@kernel.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org Cc: kernel@pengutronix.de Date: Thu, 22 Sep 2022 18:01:40 +0200 Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SA-Exim-Connect-IP: 2a0a:edc0:0:900:1d::77 X-SA-Exim-Mail-From: j.zink@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false X-PTX-Original-Recipient: linux-kernel@vger.kernel.org X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi everyone, [1.] One line summary of the problem: kconfig crashes with segfault under rare circumstances [2.] Full description of the problem/report: Under certain circumstances jump keys are displayed on the search  results even if a symbol is deactivated by one of its  dependencies. Using the jump keys then triggers a segmentation fault due to a NULL dereference. Perform the following steps to  trigger the issue 1.: ARCH=arm64 make defconfig 2.: ARCH=arm64 make menuconfig 3.: press '/' key to search for the string "EFI". Use jump key  (1) to jump to search result. Press 'n' key to deactivate the  entry.  4.: press '/' to seach for the string "ACPI". Use the jump key  (1) to jump to the search result.  Menuconfig then crashes with a segfault. [3.] Keywords (i.e., modules, networking, kernel): kconfig, mconf [4.] Kernel information [4.1.] Kernel version (from /proc/version): v6.0.0-rc6 [4.2.] Kernel .config file: arm64 default defconfig [5.] Most recent kernel version which did not have the bug: v5.15 [6.] Output of Oops.. message (if applicable) with symbolic information resolved (see Documentation/admin-guide/bug-hunting.rst): not applicable [7.] A small shell script or example program which triggers the problem (if possible): not applicable, please see description in [2.] [8.] Environment [8.1.] Software (add the output of the ver_linux script here): not applicable [8.2.] Processor information (from /proc/cpuinfo): not applicable [8.3.] Module information (from /proc/modules): not applicable [8.4.] Loaded driver and hardware information (/proc/ioports, /proc/iomem): not applicable [8.5.] PCI information ('lspci -vvv' as root): not applicable [8.6.] SCSI information (from /proc/scsi/scsi): not applicable [8.7.] Other information that might be relevant to the problem (please look in /proc and include all information that you think to be relevant): not applicable [X.] Other notes, patches, fixes, workarounds: I found that the attached patch is a very hacky workaround to  keep menuconfig from crashing, but I am pretty sure the jump  keys should not have be activated for unaccessable entries in the first place. I found it quite hard to find the corresponding part in mconf, which is why I decided to send this bugreport instead  of sending a patch. Maybe someone on this list either knows mconf  really well and can just fix it, or guide me to where I can dig  around (though in that case I could really use some help on how  to debug menuconfig, since I found it challenging to get it  working with gdb) Best regards Johannes --- scripts/kconfig/mconf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/kconfig/mconf.c b/scripts/kconfig/mconf.c index 9d3cf510562f..60a82f701bd3 100644 --- a/scripts/kconfig/mconf.c +++ b/scripts/kconfig/mconf.c @@ -447,7 +447,8 @@ static void search_conf(void) again = false; for (i = 0; i < JUMP_NB && keys[i]; i++) if (dres == keys[i]) { - conf(targets[i]->parent, targets[i]); + if (targets[i]->parent) + conf(targets[i]->parent, targets[i]); again = true; } str_free(&res); -- Pengutronix e.K. | Johannes Zink | Steuerwalder Str. 21 | https://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686| Fax: +49-5121-206917-5555 |