On August 20, 2020 at 2:21 PM Ahmad Fatoum [off-list ref] wrote:


Hello Giorgio,

On 8/20/20 2:18 PM, Giorgio Dal Molin wrote:

quoted

Hi,

I've tried the current barebox v2020.08.0 on my imx7d module and it crashes
while executing the command:

imx7d: / cp /mnt/boot/kernel.img /dev/mmc1.fw_update
unable to handle NULL pointer dereference at address 0x00000000
pc : [<ffe6c2dc>]    lr : [<ffe6c2c0>]
sp : fffefcd0  ip : fffefcd0  fp : c00f8850
r10: ffe981ef  r9 : 00000000  r8 : ffe981ef
r7 : ffe98dcb  r6 : ffea60a8  r5 : ffe98dbd  r4 : c00ef1e8
r3 : 00000000  r2 : bfefb8e0  r1 : ffe98dbd  r0 : 00028888
Flags: nZCv  IRQs off  FIQs off  Mode SVC_32

no stack data available


I could track the problem down to a call to list_del(&inode->i_sb_list); in
fs/fs.c:iput(struct inode *inode):

void iput(struct inode *inode)
{
	if (!inode)
		return;

	inode->i_count--;

	if (!inode->i_count) {
		list_del(&inode->i_sb_list);        <== this call segfaults
		destroy_inode(inode);
	}
}

I've checked that the struct list_head inode->i_sb_list has its .prev pointer NULL
and that's the immediate reason why I get a segfault (at WRITE_ONCE(prev->next, next)
in __list_del(prev, next); what I don't know is whether a NULL .prev is OK and the error
is a missing test in __list_del() or if a NULL .prev is already wrong.

What kind of file system is mounted at /mnt/boot?

Hi

it's a squashfs:

imx7d: / mount 
none on / type ramfs
none on /dev type devfs
/dev/mmc1.userland on /mnt/userland type squashfs
/dev/mmc1.boot on /mnt/boot type squashfs

giorgio

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox