Regression in backport MEMREAD ioctl ? [Was: Re: mt7622: belkin-rt3200: r22602-42eeb22450: Kernel panic: kernel stack overflow]

[Michał Kępień]

Hi Petr,

> > Since the crash happens right after snand driver initialization, I think the
> > most likely candidate is this one:
> > fa4dc86e9808 kernel: backport MEMREAD ioctl
> > 
> > Maybe there are still some stack declarations of struct mtd_oob_ops left
> > that aren't fully initialized.
> 
> thanks for looking into that Felix, Michał any idea what might be wrong here?

I remember looking for uninitialized fields in all existing instances of
struct mtd_oob_ops in version 5.15.98 of the Linux kernel source tree
while preparing the MEMREAD backports.  However, it did not occur to me
to check OpenWRT-specific patches in the same way (sorry!) - and a naïve
search uncovers these two locations:

    $ git grep -E 'struct mtd_oob_ops [^=*{}]+;' -- ':!target/linux/generic/backport-5.15/'
    package/boot/uboot-mediatek/patches/100-07-mtd-nmbm-add-support-for-mtd.patch:+ struct mtd_oob_ops ops;
    package/boot/uboot-mediatek/patches/100-07-mtd-nmbm-add-support-for-mtd.patch:+ struct mtd_oob_ops ops;
    package/boot/uboot-mediatek/patches/100-11-env-add-support-for-NMBM-upper-MTD-layer.patch:+     struct mtd_oob_ops ops;

Both structures in the first patch are zeroed out using memset() after
they are declared, so that's fine, but the one in the second patch
isn't.

Given that MediaTek hardware is involved here, this sounds like a solid
lead.  Updating 100-11-env-add-support-for-NMBM-upper-MTD-layer.patch so
that the line quoted above says this instead:

    struct mtd_oob_ops ops = {};

would be my first suggestion.

Since the panic message includes mentions of a stack overflow, another
idea would be to backport this upstream patch as well:

    https://lore.kernel.org/linux-mtd/20230417205654.1982368-1-arnd@kernel.org/

This patch has been reviewed, but it has not yet been merged anywhere.

Hope this helps,

-- 
Best regards,
Michał Kępień