linux-wireless.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Dusty Mabe <dusty@dustymabe.com>
To: linux-wireless@vger.kernel.org
Cc: jforbes@fedoraproject.org
Subject: iwlwifi: null pointer dereference RIP: 0010:iwl_mvm_get_tx_rate+0xd3/0x100 [iwlmvm]
Date: Thu, 4 Nov 2021 14:26:49 -0400	[thread overview]
Message-ID: <685581b8-3a0e-d794-ec57-5cfdee7a9e71@dustymabe.com> (raw)

Hi,

I'm trying to track down a bug happening on my Intel NUC with a Fedora `5.14.13`
kernel.

The trace looks something like:

```
[345514.404223] BUG: kernel NULL pointer dereference, address: 000000000000016c
[345514.409853] #PF: supervisor read access in kernel mode
[345514.415323] #PF: error_code(0x0000) - not-present page
[345514.420718] PGD 0 P4D 0
[345514.425995] Oops: 0000 [#1] SMP NOPTI
[345514.431240] CPU: 2 PID: 774 Comm: irq/48-iwlwifi Kdump: loaded Tainted: G        W         5.14.13-300.fc35.x86_64 #1
[345514.436529] Hardware name:  /NUC5i3RYB, BIOS RYBDWi35.86A.0350.2015.0812.1722 08/12/2015
[345514.441734] RIP: 0010:iwl_mvm_get_tx_rate+0xd3/0x100 [iwlmvm]
[345514.446884] Code: 08 74 09 80 3d db 25 05 00 00 74 19 0f be 5d 08 83 fb 0b 0f 87 5e ff ff ff 0f b6 45 04 eb a2 0f 0b 31 db eb f4 44 0f be 4d 08 <45> 8b 85 6c 01 00 00 0f b7 f2 0f b7 c9 48 c7 c7 38 a0 e2 c0 c6 05
[345514.452177] RSP: 0018:ffffbe7fc0128cb8 EFLAGS: 00010246
[345514.457251] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000050
[345514.462313] RDX: 000000000000049b RSI: ffffbe7fc0128d88 RDI: ffff9e2c91a4a008
[345514.467293] RBP: ffffbe7fc0128d88 R08: 0000000000000050 R09: 00000000ffffffed
[345514.472227] R10: 0000000000000000 R11: 0000000000000050 R12: ffff9e2c91a4a008
[345514.477112] R13: 0000000000000000 R14: ffffbe7fc0128d88 R15: ffff9e2ca78aa484
[345514.481906] FS:  0000000000000000(0000) GS:ffff9e33b6d00000(0000) knlGS:0000000000000000
[345514.486673] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[345514.491327] CR2: 000000000000016c CR3: 00000001cde10005 CR4: 00000000003706e0
[345514.495957] Call Trace:
[345514.500447]  <IRQ>
[345514.504856]  iwl_mvm_set_tx_cmd_rate+0x66/0x140 [iwlmvm]
[345514.509279]  iwl_mvm_set_tx_params+0x1a5/0x580 [iwlmvm]
[345514.513627]  iwl_mvm_tx_skb_non_sta+0x16a/0x350 [iwlmvm]
[345514.517898]  iwl_mvm_tx_skb+0x23/0x40 [iwlmvm]
[345514.522081]  ieee80211_tx_frags+0x15c/0x220 [mac80211]
[345514.526254]  __ieee80211_tx+0x76/0x140 [mac80211]
[345514.530342]  ieee80211_tx+0xc7/0x110 [mac80211]
[345514.534361]  ieee80211_tx_pending+0x9c/0x270 [mac80211]
[345514.538316]  ? net_rx_action+0x223/0x2e0
[345514.542147]  tasklet_action_common.constprop.0+0xbc/0x120
[345514.545940]  __do_softirq+0xcd/0x282
[345514.549643]  do_softirq+0x76/0x90
[345514.553270]  </IRQ>
[345514.556800]  __local_bh_enable_ip+0x4b/0x50
[345514.560301]  iwl_pcie_irq_handler+0x493/0xad0 [iwlwifi]
[345514.563751]  ? irq_thread_dtor+0xb0/0xb0
[345514.567101]  irq_thread_fn+0x1d/0x60
[345514.570380]  irq_thread+0xb9/0x150
[345514.573574]  ? irq_finalize_oneshot.part.0+0xf0/0xf0
[345514.576732]  ? irq_thread_check_affinity+0xc0/0xc0
[345514.579822]  kthread+0x124/0x150
[345514.582821]  ? set_kthread_struct+0x40/0x40
[345514.585764]  ret_from_fork+0x1f/0x30
[345514.588623] Modules linked in: tun overlay bridge stp llc intel_rapl_msr snd_hda_codec_hdmi intel_rapl_common iwlmvm x86_pkg_temp_thermal intel_powerclamp mac80211 i915 coretemp snd_usb_audio snd_hda_codec_realtek kvm_intel snd_hda_codec_generic libarc4 ledtrig_audio snd_hda_intel kvm snd_usbmidi_lib snd_intel_dspcfg snd_intel_sdw_acpi iwlwifi btusb snd_hda_codec snd_rawmidi mei_hdcp at24 btrtl iTCO_wdt intel_pmc_bxt btbcm iTCO_vendor_support btintel snd_seq_device snd_hda_core irqbypass mc bluetooth rapl intel_cstate snd_hwdep snd_pcm cfg80211 intel_uncore i2c_algo_bit ttm i2c_i801 mei_me snd_timer i2c_smbus lpc_ich drm_kms_helper ecdh_generic mei joydev rfkill snd ir_rc6_decoder cec soundcore rc_rc6_mce nuvoton_cir acpi_pad drm zram ip_tables xfs dm_multipath crct10dif_pclmul crc32_pclmul crc32c_intel e1000e ghash_clmulni_intel hid_microsoft ff_memless video fuse
[345514.601061] CR2: 000000000000016c
```

I set up kdump and got a vmcore in /var/crash so we might be able to analyze that to find more
information. I'm available on IRC (dustymabe on libera.chat) if anyone would like to dig in
to the crashdump for more information.

Thanks!
Dusty Mabe

             reply	other threads:[~2021-11-04 18:26 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-11-04 18:26 Dusty Mabe [this message]
2021-11-10  4:37 ` iwlwifi: null pointer dereference RIP: 0010:iwl_mvm_get_tx_rate+0xd3/0x100 [iwlmvm] Dusty Mabe

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=685581b8-3a0e-d794-ec57-5cfdee7a9e71@dustymabe.com \
    --to=dusty@dustymabe.com \
    --cc=jforbes@fedoraproject.org \
    --cc=linux-wireless@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).