Search Linux Wireless

Re: iwlwifi: null pointer dereference RIP: 0010:iwl_mvm_get_tx_rate+0xd3/0x100 [iwlmvm]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 11/4/21 2:26 PM, Dusty Mabe wrote:
> Hi,
> 
> I'm trying to track down a bug happening on my Intel NUC with a Fedora `5.14.13`
> kernel.
> 
> The trace looks something like:
> 
> ```
> [345514.404223] BUG: kernel NULL pointer dereference, address: 000000000000016c
> [345514.409853] #PF: supervisor read access in kernel mode
> [345514.415323] #PF: error_code(0x0000) - not-present page
> [345514.420718] PGD 0 P4D 0
> [345514.425995] Oops: 0000 [#1] SMP NOPTI
> [345514.431240] CPU: 2 PID: 774 Comm: irq/48-iwlwifi Kdump: loaded Tainted: G        W         5.14.13-300.fc35.x86_64 #1
> [345514.436529] Hardware name:  /NUC5i3RYB, BIOS RYBDWi35.86A.0350.2015.0812.1722 08/12/2015
> [345514.441734] RIP: 0010:iwl_mvm_get_tx_rate+0xd3/0x100 [iwlmvm]
> [345514.446884] Code: 08 74 09 80 3d db 25 05 00 00 74 19 0f be 5d 08 83 fb 0b 0f 87 5e ff ff ff 0f b6 45 04 eb a2 0f 0b 31 db eb f4 44 0f be 4d 08 <45> 8b 85 6c 01 00 00 0f b7 f2 0f b7 c9 48 c7 c7 38 a0 e2 c0 c6 05
> [345514.452177] RSP: 0018:ffffbe7fc0128cb8 EFLAGS: 00010246
> [345514.457251] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000050
> [345514.462313] RDX: 000000000000049b RSI: ffffbe7fc0128d88 RDI: ffff9e2c91a4a008
> [345514.467293] RBP: ffffbe7fc0128d88 R08: 0000000000000050 R09: 00000000ffffffed
> [345514.472227] R10: 0000000000000000 R11: 0000000000000050 R12: ffff9e2c91a4a008
> [345514.477112] R13: 0000000000000000 R14: ffffbe7fc0128d88 R15: ffff9e2ca78aa484
> [345514.481906] FS:  0000000000000000(0000) GS:ffff9e33b6d00000(0000) knlGS:0000000000000000
> [345514.486673] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [345514.491327] CR2: 000000000000016c CR3: 00000001cde10005 CR4: 00000000003706e0
> [345514.495957] Call Trace:
> [345514.500447]  <IRQ>
> [345514.504856]  iwl_mvm_set_tx_cmd_rate+0x66/0x140 [iwlmvm]
> [345514.509279]  iwl_mvm_set_tx_params+0x1a5/0x580 [iwlmvm]
> [345514.513627]  iwl_mvm_tx_skb_non_sta+0x16a/0x350 [iwlmvm]
> [345514.517898]  iwl_mvm_tx_skb+0x23/0x40 [iwlmvm]
> [345514.522081]  ieee80211_tx_frags+0x15c/0x220 [mac80211]
> [345514.526254]  __ieee80211_tx+0x76/0x140 [mac80211]
> [345514.530342]  ieee80211_tx+0xc7/0x110 [mac80211]
> [345514.534361]  ieee80211_tx_pending+0x9c/0x270 [mac80211]
> [345514.538316]  ? net_rx_action+0x223/0x2e0
> [345514.542147]  tasklet_action_common.constprop.0+0xbc/0x120
> [345514.545940]  __do_softirq+0xcd/0x282
> [345514.549643]  do_softirq+0x76/0x90
> [345514.553270]  </IRQ>
> [345514.556800]  __local_bh_enable_ip+0x4b/0x50
> [345514.560301]  iwl_pcie_irq_handler+0x493/0xad0 [iwlwifi]
> [345514.563751]  ? irq_thread_dtor+0xb0/0xb0
> [345514.567101]  irq_thread_fn+0x1d/0x60
> [345514.570380]  irq_thread+0xb9/0x150
> [345514.573574]  ? irq_finalize_oneshot.part.0+0xf0/0xf0
> [345514.576732]  ? irq_thread_check_affinity+0xc0/0xc0
> [345514.579822]  kthread+0x124/0x150
> [345514.582821]  ? set_kthread_struct+0x40/0x40
> [345514.585764]  ret_from_fork+0x1f/0x30
> [345514.588623] Modules linked in: tun overlay bridge stp llc intel_rapl_msr snd_hda_codec_hdmi intel_rapl_common iwlmvm x86_pkg_temp_thermal intel_powerclamp mac80211 i915 coretemp snd_usb_audio snd_hda_codec_realtek kvm_intel snd_hda_codec_generic libarc4 ledtrig_audio snd_hda_intel kvm snd_usbmidi_lib snd_intel_dspcfg snd_intel_sdw_acpi iwlwifi btusb snd_hda_codec snd_rawmidi mei_hdcp at24 btrtl iTCO_wdt intel_pmc_bxt btbcm iTCO_vendor_support btintel snd_seq_device snd_hda_core irqbypass mc bluetooth rapl intel_cstate snd_hwdep snd_pcm cfg80211 intel_uncore i2c_algo_bit ttm i2c_i801 mei_me snd_timer i2c_smbus lpc_ich drm_kms_helper ecdh_generic mei joydev rfkill snd ir_rc6_decoder cec soundcore rc_rc6_mce nuvoton_cir acpi_pad drm zram ip_tables xfs dm_multipath crct10dif_pclmul crc32_pclmul crc32c_intel e1000e ghash_clmulni_intel hid_microsoft ff_memless video fuse
> [345514.601061] CR2: 000000000000016c
> ```
> 
> I set up kdump and got a vmcore in /var/crash so we might be able to analyze that to find more
> information. I'm available on IRC (dustymabe on libera.chat) if anyone would like to dig in
> to the crashdump for more information.


Bump - anybody interested in more information to see if we can track this one down.

Since I have a vmcore from a kdump it might be a little easier to diagnose things.

Dusty
[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Wireless Regulations]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux