drivers/interconnect/debugfs-client.c | 5 +++++ 1 file changed, 5 insertions(+)
From: Georgi Djakov <djakov@kernel.org>
The debugfs_create_str() API assumes that the string pointer is either NULL
or points to valid kmalloc() memory. Leaving the pointer uninitialized can
cause problems.
Initialize src_node and dst_node to empty strings before creating the
debugfs entries to guarantee that reads and writes are safe.
Fixes: 770c69f037c1 ("interconnect: Add debugfs test client")
Signed-off-by: Georgi Djakov <djakov@kernel.org>
---
drivers/interconnect/debugfs-client.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/interconnect/debugfs-client.c b/drivers/interconnect/debugfs-client.c
index 778deeb4a7e8..24d7b5a57794 100644
--- a/drivers/interconnect/debugfs-client.c
+++ b/drivers/interconnect/debugfs-client.c
@@ -150,6 +150,11 @@ int icc_debugfs_client_init(struct dentry *icc_dir)
return ret;
}
+ src_node = devm_kstrdup(&pdev->dev, "", GFP_KERNEL);
+ dst_node = devm_kstrdup(&pdev->dev, "", GFP_KERNEL);
+ if (!src_node || !dst_node)
+ return -ENOMEM;
+
client_dir = debugfs_create_dir("test_client", icc_dir);
debugfs_create_str("src_node", 0600, client_dir, &src_node);Hi Georgi,
On Fri, Jan 09, 2026 at 02:25:23PM +0200, djakov@kernel.org wrote:
> From: Georgi Djakov <djakov@kernel.org>
>
> The debugfs_create_str() API assumes that the string pointer is either NULL
> or points to valid kmalloc() memory. Leaving the pointer uninitialized can
> cause problems.
>
> Initialize src_node and dst_node to empty strings before creating the
> debugfs entries to guarantee that reads and writes are safe.
>
> Fixes: 770c69f037c1 ("interconnect: Add debugfs test client")
> Signed-off-by: Georgi Djakov <djakov@kernel.org>
I verified this patch on qemu.
Without this patch, reading the debugfs node triggers a NULL pointer
dereference [1].
# cat /sys/kernel/debug/interconnect/test_client/src_node
The patch resolves this issue. Thanks!
Reviewed-by: Kuan-Wei Chiu <visitorckw@gmail.com>
Tested-by: Kuan-Wei Chiu <visitorckw@gmail.com>
Regards,
Kuan-Wei
[1]:
[ 53.134642] traps: skippy[737] trap invalid opcode ip:7f125b62e967 sp:7fff26f593c0 error:0 in ld-2.27.so[25967,7f125b609000+2b000]
[ 53.171664] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 53.172274] #PF: supervisor read access in kernel mode
[ 53.172556] #PF: error_code(0x0000) - not-present page
[ 53.173103] PGD 0 P4D 0
[ 53.173433] Oops: Oops: 0000 [#1] SMP NOPTI
[ 53.176057] CPU: 51 UID: 0 PID: 738 Comm: cat Tainted: G N 6.19.0-rc4-virtme #2 PREEMPT(voluntary)
[ 53.176747] Tainted: [N]=TEST
[ 53.176964] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 53.177493] RIP: 0010:strlen+0x4/0x30
[ 53.178437] Code: f7 75 ec 31 c0 c3 cc cc cc cc 48 89 f8 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa <80> 3f 00 74 18 48 89 f8 0f 1f 40 00 48 83 c0 01 80 38 00 75 f7 48
[ 53.179507] RSP: 0018:ffffb279018ffe10 EFLAGS: 00010246
[ 53.179831] RAX: ffffffffba33cde0 RBX: 0000000000000000 RCX: 0000000000000002
[ 53.180215] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000000
[ 53.180563] RBP: 0000000000000001 R08: ffffffffb9061ec0 R09: 0000000000000000
[ 53.181030] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000040000
[ 53.181366] R13: ffffb279018ffee8 R14: ffff8dcec5c30540 R15: 0000000000000000
[ 53.181803] FS: 00007f54fc097740(0000) GS:ffff8dcf4145f000(0000) knlGS:0000000000000000
[ 53.182251] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 53.182541] CR2: 0000000000000000 CR3: 000000000838d000 CR4: 00000000000006f0
[ 53.183078] Call Trace:
[ 53.184925] <TASK>
[ 53.185202] debugfs_read_file_str+0x49/0xf0
[ 53.185961] vfs_read+0xc2/0x3a0
[ 53.186195] ? __hrtimer_run_queues+0x160/0x2a0
[ 53.186442] ? __pfx_read_tsc+0x10/0x10
[ 53.186634] ? ktime_get+0x3b/0xd0
[ 53.186974] ? lapic_next_event+0x15/0x20
[ 53.187147] ? clockevents_program_event+0x99/0xf0
[ 53.187374] ksys_read+0x6b/0xe0
[ 53.187563] do_syscall_64+0xa4/0xf80
[ 53.187867] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 53.188365] RIP: 0033:0x7f54fc129687
[ 53.189177] Code: 48 89 fa 4c 89 df e8 58 b3 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 53.190393] RSP: 002b:00007ffde7e25960 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
[ 53.190900] RAX: ffffffffffffffda RBX: 00007f54fc097740 RCX: 00007f54fc129687
[ 53.191488] RDX: 0000000000040000 RSI: 00007f54fc056000 RDI: 0000000000000003
[ 53.191963] RBP: 0000000000040000 R08: 0000000000000000 R09: 0000000000000000
[ 53.192351] R10: 0000000000000000 R11: 0000000000000202 R12: 00007f54fc056000
[ 53.192776] R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000040000
[ 53.193345] </TASK>
[ 53.193572] Modules linked in:
[ 53.194157] CR2: 0000000000000000
[ 53.195723] ---[ end trace 0000000000000000 ]---
[ 53.196335] RIP: 0010:strlen+0x4/0x30
[ 53.196556] Code: f7 75 ec 31 c0 c3 cc cc cc cc 48 89 f8 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa <80> 3f 00 74 18 48 89 f8 0f 1f 40 00 48 83 c0 01 80 38 00 75 f7 48
[ 53.197634] RSP: 0018:ffffb279018ffe10 EFLAGS: 00010246
[ 53.198037] RAX: ffffffffba33cde0 RBX: 0000000000000000 RCX: 0000000000000002
[ 53.198388] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000000
[ 53.198793] RBP: 0000000000000001 R08: ffffffffb9061ec0 R09: 0000000000000000
[ 53.199193] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000040000
[ 53.199544] R13: ffffb279018ffee8 R14: ffff8dcec5c30540 R15: 0000000000000000
[ 53.199959] FS: 00007f54fc097740(0000) GS:ffff8dcf4145f000(0000) knlGS:0000000000000000
[ 53.200322] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 53.200615] CR2: 0000000000000000 CR3: 000000000838d000 CR4: 00000000000006f0
Killed cat src_node
© 2016 - 2026 Red Hat, Inc.