usb: gadget: f_uac1: access freed memory at f_audio_free_inst
At f_audio_free_inst, it tries to access struct gaudio *card which is
freed at f_audio_free, it causes below oops if the audio device is not
there (do unload module may trigger the same problem). The gaudio_cleanup
is related to function, so it is better move to f_audio_free.
root@freescale ~$ modprobe g_audio
[ 751.968931] g_audio gadget: unable to open sound control device file: /dev/snd/controlC0
[ 751.977134] g_audio gadget: we need at least one control device
[ 751.988633] Unable to handle kernel paging request at virtual address
455f448e
[ 751.995963] pgd =
bd42c000
[ 751.998681] [
455f448e] *pgd=
00000000
[ 752.002383] Internal error: Oops: 5 [#1] SMP ARM
[ 752.007008] Modules linked in: usb_f_uac1 g_audio(+) usb_f_mass_storage libcomposite configfs [last unloaded: g_mass_storage]
[ 752.018427] CPU: 0 PID: 692 Comm: modprobe Not tainted
3.18.0-rc4-00345-g842f57b #10
[ 752.026176] task:
bdb3ba80 ti:
bd41a000 task.ti:
bd41a000
[ 752.031590] PC is at filp_close+0xc/0x84
[ 752.035530] LR is at gaudio_cleanup+0x28/0x54 [usb_f_uac1]
[ 752.041023] pc : [<
800ec94c>] lr : [<
7f03c63c>] psr:
20000013
[ 752.041023] sp :
bd41bcc8 ip :
bd41bce8 fp :
bd41bce4
[ 752.052504] r10:
7f036234 r9 :
7f036220 r8 :
7f036500
[ 752.057732] r7 :
bd456480 r6 :
7f036500 r5 :
7f03626c r4 :
bd441000
[ 752.064264] r3 :
7f03b3dc r2 :
7f03cab0 r1 :
00000000 r0 :
455f4456
[ 752.070798] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
[ 752.077938] Control:
10c5387d Table:
bd42c04a DAC:
00000015
[ 752.083688] Process modprobe (pid: 692, stack limit = 0xbd41a240)
[ 752.089786] Stack: (0xbd41bcc8 to 0xbd41c000)
[ 752.094152] bcc0:
7f03b3dc bd441000 7f03626c 7f036500 bd41bcfc bd41bce8
[ 752.102337] bce0:
7f03c63c 800ec94c 7f03b3dc bdaa6b00 bd41bd14 bd41bd00 7f03b3f4 7f03c620
[ 752.110521] bd00:
7f03b3dc 7f03cbd4 bd41bd2c bd41bd18 7f00f88c 7f03b3e8 00000000 fffffffe
[ 752.118705] bd20:
bd41bd5c bd41bd30 7f0380d8 7f00f874 7f038000 bd456480 7f036364 be392240
[ 752.126889] bd40:
00000000 7f00f620 7f00f638 bd41a008 bd41bd94 bd41bd60 7f00f6d4 7f03800c
[ 752.135073] bd60:
00000001 00000000 8047438c be3a4000 7f036364 7f036364 7f00db28 7f00f620
[ 752.143257] bd80:
7f00f638 bd41a008 bd41bdb4 bd41bd98 804742ac 7f00f644 00000000 809adde0
[ 752.151442] bda0:
7f036364 7f036364 bd41bdcc bd41bdb8 804743c8 80474284 7f03633c 7f036200
[ 752.159626] bdc0:
bd41bdf4 bd41bdd0 7f00d5b4 8047435c bd41a000 80974060 7f038158 00000000
[ 752.167811] bde0:
80974060 bdaa9940 bd41be04 bd41bdf8 7f03816c 7f00d518 bd41be8c bd41be08
[ 752.175995] be00:
80008a5c 7f038164 be001f00 7f0363c4 bd41bf48 00000000 bd41be54 bd41be28
[ 752.184179] be20:
800e9498 800e8e74 00000002 00000003 bd4129c0 c0a07000 00000001 7f0363c4
[ 752.192363] be40:
bd41bf48 00000000 bd41be74 bd41be58 800de780 800e9320 bd41a000 7f0363d0
[ 752.200547] be60:
00000000 bd41a000 7f0363d0 00000000 bd41beec 7f0363c4 bd41bf48 00000000
[ 752.208731] be80:
bd41bf44 bd41be90 80093e54 800089e0 ffff8000 00007fff 80091390 0000065f
[ 752.216915] bea0:
00000000 c0a0834c bd41bf7c 00000086 bd41bf50 00000000 7f03651c 00000086
[ 752.225099] bec0:
bd41a010 00c28758 800ddcc4 800ddae0 000000d2 bd412a00 bd41bf24 00000000
[ 752.233283] bee0:
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 752.241467] bf00:
00000000 00000000 00000000 00000000 00000000 00000000 bd41bf44 000025b0
[ 752.249651] bf20:
00c28a08 00c28758 00000080 8000edc4 bd41a000 00000000 bd41bfa4 bd41bf48
[ 752.257835] bf40:
800943e4 800932ec c0a07000 000025b0 c0a07f8c c0a07ea4 c0a08e5c 0000051c
[ 752.266019] bf60:
0000088c 00000000 00000000 00000000 00000018 00000019 00000010 0000000b
[ 752.274203] bf80:
00000009 00000000 00000000 000025b0 00000000 00c28758 00000000 bd41bfa8
[ 752.282387] bfa0:
8000ec00 8009430c 000025b0 00000000 00c28a08 000025b0 00c28758 00c28980
[ 752.290571] bfc0:
000025b0 00000000 00c28758 00000080 000a6a78 00000007 00c28718 00c28980
[ 752.298756] bfe0:
7ebc1af0 7ebc1ae0 0001a32c 76e9c490 60000010 00c28a08 22013510 ecebffff
[ 752.306933] Backtrace:
[ 752.309414] [<
800ec940>] (filp_close) from [<
7f03c63c>] (gaudio_cleanup+0x28/0x54 [usb_f_uac1])
[ 752.318115] r6:
7f036500 r5:
7f03626c r4:
bd441000 r3:
7f03b3dc
[ 752.323851] [<
7f03c614>] (gaudio_cleanup [usb_f_uac1]) from [<
7f03b3f4>] (f_audio_free_inst+0x18/0x68 [usb_f_uac1])
[ 752.334288] r4:
bdaa6b00 r3:
7f03b3dc
[ 752.337931] [<
7f03b3dc>] (f_audio_free_inst [usb_f_uac1]) from [<
7f00f88c>] (usb_put_function_instance+0x24/0x30 [libcomposite])
[ 752.349498] r4:
7f03cbd4 r3:
7f03b3dc
[ 752.353127] [<
7f00f868>] (usb_put_function_instance [libcomposite]) from [<
7f0380d8>] (audio_bind+0xd8/0xfc [g_audio])
[ 752.363824] r4:
fffffffe r3:
00000000
[ 752.367456] [<
7f038000>] (audio_bind [g_audio]) from [<
7f00f6d4>] (composite_bind+0x9c/0x1e8 [libcomposite])
[ 752.377284] r10:
bd41a008 r9:
7f00f638 r8:
7f00f620 r7:
00000000 r6:
be392240 r5:
7f036364
[ 752.385193] r4:
bd456480 r3:
7f038000
[ 752.388825] [<
7f00f638>] (composite_bind [libcomposite]) from [<
804742ac>] (udc_bind_to_driver+0x34/0xd8)
[ 752.398394] r10:
bd41a008 r9:
7f00f638 r8:
7f00f620 r7:
7f00db28 r6:
7f036364 r5:
7f036364
[ 752.406302] r4:
be3a4000
[ 752.408860] [<
80474278>] (udc_bind_to_driver) from [<
804743c8>] (usb_gadget_probe_driver+0x78/0xa8)
[ 752.417908] r6:
7f036364 r5:
7f036364 r4:
809adde0 r3:
00000000
[ 752.423649] [<
80474350>] (usb_gadget_probe_driver) from [<
7f00d5b4>] (usb_composite_probe+0xa8/0xd4 [libcomposite])
[ 752.434086] r5:
7f036200 r4:
7f03633c
[ 752.437713] [<
7f00d50c>] (usb_composite_probe [libcomposite]) from [<
7f03816c>] (audio_driver_init+0x14/0x1c [g_audio])
[ 752.448498] r9:
bdaa9940 r8:
80974060 r7:
00000000 r6:
7f038158 r5:
80974060 r4:
bd41a000
[ 752.456330] [<
7f038158>] (audio_driver_init [g_audio]) from [<
80008a5c>] (do_one_initcall+0x88/0x1d4)
[ 752.465564] [<
800089d4>] (do_one_initcall) from [<
80093e54>] (load_module+0xb74/0x1020)
[ 752.473571] r10:
00000000 r9:
bd41bf48 r8:
7f0363c4 r7:
bd41beec r6:
00000000 r5:
7f0363d0
[ 752.481478] r4:
bd41a000
[ 752.484037] [<
800932e0>] (load_module) from [<
800943e4>] (SyS_init_module+0xe4/0xf8)
[ 752.491781] r10:
00000000 r9:
bd41a000 r8:
8000edc4 r7:
00000080 r6:
00c28758 r5:
00c28a08
[ 752.499689] r4:
000025b0
[ 752.502252] [<
80094300>] (SyS_init_module) from [<
8000ec00>] (ret_fast_syscall+0x0/0x48)
[ 752.510345] r6:
00c28758 r5:
00000000 r4:
000025b0
[ 752.515013] Code:
808475b4 e1a0c00d e92dd878 e24cb004 (
e5904038)
[ 752.521223] ---[ end trace
70babe34de4ab99b ]---
Segmentation fault
Signed-off-by: Peter Chen <peter.chen@freescale.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>