panic from iwl_mvm_vif_dbgfs_register with 5.0
From: Laura Abbott
Date: Thu Mar 21 2019 - 14:19:37 EST
Hi,
Fedora got a bug report of a panic with kernels > 5.0:
Mar 20 10:52:38 kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000043
Mar 20 10:52:38 kernel: #PF error: [normal kernel read fault]
Mar 20 10:52:38 kernel: PGD 80000003de1d7067 P4D 80000003de1d7067 PUD 3de1db067 PMD 0
Mar 20 10:52:38 kernel: Oops: 0000 [#1] SMP PTI
Mar 20 10:52:38 kernel: CPU: 0 PID: 2071 Comm: hostapd Not tainted 5.1.0-0.rc0.git9.1.fc31.x86_64 #1
Mar 20 10:52:38 kernel: Hardware name: LENOVO 10A8S08P00/SHARKBAY, BIOS FBKT56AUS 11/18/2013
Mar 20 10:52:38 kernel: RIP: 0010:dentry_name+0x9e/0x210
Mar 20 10:52:38 kernel: Code: 6b ff 5a 85 c0 74 0d 80 3d 73 60 e2 00 00 0f 84 04 01 00 00 45 85 ff 0f 8e 5d 01 00 00 31 ff eb 09 48 83 c7 01 41 39 ff 7e 2f <48> 8b 43 50 48 89 da 89 fe 48 89 c3 48 8b 42 60 48 89 04 fc 48 39
Mar 20 10:52:38 kernel: RSP: 0018:ffffa78d82f07920 EFLAGS: 00010246
Mar 20 10:52:38 kernel: RAX: 0000000000000001 RBX: fffffffffffffff3 RCX: 00000000f20b42fd
Mar 20 10:52:38 kernel: RDX: ffffffffa8ac3b70 RSI: ffff98e572c28d60 RDI: 0000000000000000
Mar 20 10:52:38 kernel: RBP: ffffa78d82f07a75 R08: 00000033dcd044f0 R09: 0000000000000000
Mar 20 10:52:38 kernel: R10: 0000000000000001 R11: 0000000000000002 R12: ffff0a00ffffff05
Mar 20 10:52:38 kernel: R13: ffffffffffffffff R14: ffffa78d82f07ad0 R15: 0000000000000003
Mar 20 10:52:38 kernel: FS: 00007f8b47f4c740(0000) GS:ffff98e58e600000(0000) knlGS:0000000000000000
Mar 20 10:52:38 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Mar 20 10:52:38 kernel: CR2: 0000000000000043 CR3: 00000003de26e005 CR4: 00000000001606f0
Mar 20 10:52:38 kernel: Call Trace:
Mar 20 10:52:38 kernel: ? __lock_acquire+0x252/0x1060
Mar 20 10:52:38 kernel: pointer+0x14e/0x370
Mar 20 10:52:38 kernel: vsnprintf+0x1ff/0x520
Mar 20 10:52:38 kernel: snprintf+0x49/0x60
Mar 20 10:52:38 kernel: ? __debugfs_create_file+0x3a/0x130
Mar 20 10:52:38 kernel: iwl_mvm_vif_dbgfs_register+0x231/0x310 [iwlmvm]
Mar 20 10:52:38 kernel: ? iwl_mvm_find_free_sta_id+0x87/0x100 [iwlmvm]
Mar 20 10:52:38 kernel: iwl_mvm_mac_add_interface+0x221/0x2a0 [iwlmvm]
Mar 20 10:52:38 kernel: drv_add_interface+0x77/0x230 [mac80211]
Mar 20 10:52:38 kernel: ieee80211_do_open+0x13e/0x910 [mac80211]
Mar 20 10:52:38 kernel: ? ieee80211_check_concurrent_iface+0x151/0x1c0 [mac80211]
Mar 20 10:52:38 kernel: __dev_open+0xd4/0x170
Mar 20 10:52:38 kernel: __dev_change_flags+0x1a7/0x200
Mar 20 10:52:38 kernel: dev_change_flags+0x21/0x60
Mar 20 10:52:38 kernel: devinet_ioctl+0x644/0x7c0
Mar 20 10:52:38 kernel: inet_ioctl+0x15a/0x220
Mar 20 10:52:38 kernel: ? avc_has_extended_perms+0x252/0x5c0
Mar 20 10:52:38 kernel: sock_do_ioctl+0x47/0x140
Mar 20 10:52:38 kernel: sock_ioctl+0x1c5/0x360
Mar 20 10:52:38 kernel: do_vfs_ioctl+0x408/0x750
Mar 20 10:52:38 kernel: ksys_ioctl+0x5e/0x90
Mar 20 10:52:38 kernel: __x64_sys_ioctl+0x16/0x20
Mar 20 10:52:38 kernel: do_syscall_64+0x5c/0xa0
Mar 20 10:52:38 kernel: entry_SYSCALL_64_after_hwframe+0x49/0xbe
Mar 20 10:52:38 kernel: RIP: 0033:0x7f8b4808709b
Mar 20 10:52:38 kernel: Code: 0f 1e fa 48 8b 05 ed bd 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d bd bd 0c 00 f7 d8 64 89 01 48
Mar 20 10:52:38 kernel: RSP: 002b:00007ffd44090bb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
Mar 20 10:52:38 kernel: RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8b4808709b
Mar 20 10:52:38 kernel: RDX: 00007ffd44090bc0 RSI: 0000000000008914 RDI: 0000000000000008
Mar 20 10:52:38 kernel: RBP: 0000000000000008 R08: 00007ffd44090bcf R09: 0000000000000007
Mar 20 10:52:38 kernel: R10: 00000000014920b0 R11: 0000000000000246 R12: 00007ffd44090bc0
Mar 20 10:52:38 kernel: R13: 0000000001490d90 R14: 0000000000000001 R15: 0000000000000000
Mar 20 10:52:38 kernel: Modules linked in: ebtable_filter ebtables ip6table_filter ip6_tables bridge stp llc nf_nat_ftp nf_conntrack_ftp nf_nat_tftp nf_conntrack_tftp xt_pkttype xt_state xt_conntrack xt_nat iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c nf_log_ipv4 nf_log_common xt_dscp xt_multiport xt_LOG xt_set xt_length xt_mark iptable_mangle ip_set_hash_net ip_set_bitmap_port ip_set_hash_ip ip_set_hash_netport ip_set nfnetlink sunrpc vfat fat mei_wdt mei_hdcp intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp arc4 kvm_intel kvm irqbypass iwlmvm mac80211 crct10dif_pclmul crc32_pclmul ghash_clmulni_intel intel_cstate intel_uncore intel_rapl_perf iTCO_wdt snd_hda_codec_realtek iTCO_vendor_support snd_hda_codec_generic snd_hda_codec_hdmi ledtrig_audio iwlwifi snd_hda_intel joydev snd_hda_codec wmi_bmof snd_hda_core snd_hwdep snd_seq cfg80211 i2c_i801 snd_seq_device snd_pcm rfkill snd_timer snd soundcore mei_me pcc_cpufreq lpc_ich mei raid1 i915 crc32c_intel i2c_algo_bit
Mar 20 10:52:38 kernel: drm_kms_helper drm ums_realtek uas r8169 usb_storage e1000e wmi video
Mar 20 10:52:38 kernel: CR2: 0000000000000043
Mar 20 10:52:38 kernel: ---[ end trace c15be4d5bdbb1004 ]---
This particular trace is from f261c4e529dac5608a604d3dd3ae1cd2adf23c89 snapshot but it
was reported on a 5.0.x stable series as well. This looks like the snprintf
from iwl_mvm_vif_dbgfs_register but I can give full line information if it's useful.
Thanks,
Laura