> Subject: BUG: kernel NULL pointer dereference, address: 0000000000000070 > > Hi folks. > My friend today launched stress-ng multiple times and he could twice > time reproduce the odd bug, which looks like a bug in the wifi driver. > > lspci detects this device as: > Network controller: Realtek Semiconductor Co., Ltd. RTL8822BE > 802.11a/b/g/n/ac WiFi adapter > > I decided to report here because every time after this bug happens the > system became fully unresponsive. Which is really very annoying. > > stress-ng-iomix (147381): drop_caches: 3 > stress-ng-iomix (147417): drop_caches: 3 > stress-ng-iomix (147415): drop_caches: 3 > rtw_pci 0000:04:00.0: stop vif ea:01:4e:ce:99:c5 on port 0 > rtw_pci 0000:04:00.0: start vif 06:72:1e:97:fc:83 on port 0 > BUG: kernel NULL pointer dereference, address: 0000000000000070 > #PF: supervisor read access in kernel mode > #PF: error_code(0x0000) - not-present page > PGD 0 P4D 0 > Oops: 0000 [#1] SMP NOPTI > CPU: 1 PID: 819 Comm: irq/76-rtwpci Not tainted > 5.5.0-0.rc4.git0.1.fc32.x86_64 #1 > Hardware name: System manufacturer System Product Name/ROG STRIX > X470-I GAMING, BIOS 3004 12/16/2019 > RIP: 0010:rtw_pci_tx_isr+0x96/0x230 [rtwpci] > Code: 0e 01 00 00 48 8b 44 24 08 44 0f b6 64 24 13 48 c1 e0 06 49 83 > c4 01 48 89 04 24 49 c1 e4 06 49 01 dc 4c 89 e7 e8 8a d1 96 ce <8b> 50 > 70 48 8b 70 48 49 89 c6 48 8b 03 48 8d b8 b0 00 00 00 48 8b > RSP: 0018:ffffad9f00d6fe08 EFLAGS: 00010086 > RAX: 0000000000000000 RBX: ffff9b66766e5d68 RCX: 0000000000000000 > RDX: 0000000000000001 RSI: 0000000000000086 RDI: 0000000000000086 > RBP: 000000000000006a R08: 0000000000000000 R09: 0000000000000059 > R10: 0000000000000000 R11: ffff9b667da6ae38 R12: ffff9b66766e5ee8 > R13: ffff9b66766e1e80 R14: 0000000000000005 R15: ffff9b66766e07c0 > FS: 0000000000000000(0000) GS:ffff9b667da40000(0000) > knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 0000000000000070 CR3: 0000000333690000 CR4: 00000000003406e0 > Call Trace: > rtw_pci_interrupt_threadfn+0x15b/0x210 [rtwpci] > ? irq_finalize_oneshot.part.0+0xf0/0xf0 > irq_thread_fn+0x20/0x60 > irq_thread+0xdc/0x170 > ? irq_forced_thread_fn+0x80/0x80 > kthread+0xf9/0x130 > ? irq_thread_check_affinity+0xf0/0xf0 > ? kthread_park+0x90/0x90 > ret_from_fork+0x22/0x40 > Modules linked in: salsa20_generic camellia_generic > camellia_aesni_avx2 camellia_aesni_avx_x86_64 camellia_x86_64 > cast6_avx_x86_64 cast6_generic cast_common serpent_avx2 > serpent_avx_x86_64 serpent_sse2_x86_64 serpent_generic twofish_generic > twofish_avx_x86_64 twofish_x86_64_3way twofish_x86_64 > twofish_common > ofb tgr192 wp512 rmd320 rmd256 rmd160 rmd128 md4 uinput rfcomm > xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_nat_tftp > nf_conntrack_tftp tun bridge stp llc nft_objref > nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet > nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 > nf_reject_ipv6 nft_reject nft_ct nf_tables_set nft_chain_nat nf_tables > ebtable_nat ebtable_broute ip6table_nat ip6table_mangle ip6table_raw > ip6table_security iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 > nf_defrag_ipv4 libcrc32c iptable_mangle iptable_raw iptable_security > ip_set nfnetlink ebtable_filter ebtables ip6table_filter ip6_tables > iptable_filter cmac bnep sunrpc > snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio rtwpci > snd_hda_codec_hdmi rtw88 snd_hda_intel snd_intel_dspcfg edac_mce_amd > snd_usb_audio uvcvideo videobuf2_vmalloc videobuf2_memops > snd_hda_codec snd_usbmidi_lib videobuf2_v4l2 snd_hda_core > videobuf2_common mac80211 btusb snd_rawmidi kvm snd_hwdep btrtl > videodev snd_seq btbcm btintel snd_seq_device irqbypass bluetooth > cfg80211 snd_pcm eeepc_wmi mc joydev crct10dif_pclmul snd_timer > crc32_pclmul asus_wmi ecdh_generic snd sparse_keymap rfkill sp5100_tco > ccp ecc video soundcore libarc4 wmi_bmof pcspkr i2c_piix4 > ghash_clmulni_intel k10temp gpio_amdpt gpio_generic acpi_cpufreq > binfmt_misc ip_tables amdgpu amd_iommu_v2 gpu_sched ttm > drm_kms_helper > drm igb crc32c_intel uas dca i2c_algo_bit usb_storage wmi pinctrl_amd > fuse > CR2: 0000000000000070 > ---[ end trace 5e058b15ff4e55d6 ]--- > > > # /usr/src/kernels/`uname -r`/scripts/faddr2line > /lib/debug/lib/modules/`uname > -r`/kernel/drivers/net/wireless/realtek/rtw88/rtwpci.ko.debug > rtw_pci_tx_isr+0x96 > rtw_pci_tx_isr+0x96/0x230: > rtw_pci_tx_isr at > /usr/src/debug/kernel-5.4.fc32/linux-5.5.0-0.rc4.git0.1.fc32.x86_64/drivers/ > net/wireless/realtek/rtw88/pci.c:836 > > # eu-addr2line -e /lib/debug/lib/modules/`uname > -r`/kernel/drivers/net/wireless/realtek/rtw88/rtwpci.ko.debug > rtw_pci_tx_isr+0x96 > drivers/net/wireless/realtek/rtw88/pci.c:836:3 > > $ uname -r > 5.5.0-0.rc4.git0.1.fc32.x86_64 > > -- > Best Regards, > Mike Gavrilov. > I think the driver is dereferencing a NULL skb. And I've sent a patch for it. https://patchwork.kernel.org/patch/11320567/ Yan-Hsuan
