kernel NULL pointer dereference in iwlmvm when debugfs=off
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-hwe-5.11 (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
linux-hwe-5.13 (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
When booting 5.13.0-30-generic, dmesg shows:
ieee80211 phy0: Selected rate control algorithm 'iwl-mvm-rs'
BUG: kernel NULL pointer dereference, address: 0000000000000017
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] SMP PTI
CPU: 1 PID: 921 Comm: modprobe Tainted: P U O 5.13.0-30-generic #33~20.04.1-Ubuntu
Hardware name: System76 Lemur/Lemur, BIOS 1.05.25RSA2-1 04/17/2018
RIP: 0010:iwl_
Code: 29 c1 be 80 01 00 00 48 c7 c7 35 f8 29 c1 e8 27 b9 20 cd 48 8b 83 60 18 00 00 48 c7 c2 39 f8 29 c1 be 64 00 00 00 48 8d 7d 8c <48> 8b 48 18 e8 f7 07 36 cd 48 8b 43 28 48 8d 55 8c 48 c7 c7 44 f8
RSP: 0018:ffff9e37c0
RAX: ffffffffffffffff RBX: ffff8b3fcb5e1f48 RCX: ffff8b3fcb5e1f48
RDX: ffffffffc129f839 RSI: 0000000000000064 RDI: ffff9e37c072bb0c
RBP: ffff9e37c072bb80 R08: ffffffff8f26c920 R09: ffffffffc1298ae0
R10: 0000000000000100 R11: 0000000000000021 R12: 0000000000000000
R13: 0000000fffffffe0 R14: ffff8b3fcb5e1f48 R15: ffff8b3fcb5e1f40
FS: 00007f9084e1954
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000017 CR3: 00000001048c8006 CR4: 00000000003706e0
Call Trace:
<TASK>
? iwl_mvm_
? iwl_mvm_
iwl_op_
_iwl_op_
iwl_opmode_
? 0xffffffffc0a0c000
iwl_mvm_
? 0xffffffffc0a0c000
do_one_
? __cond_
? kmem_cache_
do_init_
load_module+
__do_sys_
? __do_sys_
__x64_
do_syscall_
entry_
RIP: 0033:0x7f9084f5e89d
Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c3 f5 0c 00 f7 d8 64 89 01 48
RSP: 002b:00007ffcb4
RAX: ffffffffffffffda RBX: 000055aa54753d20 RCX: 00007f9084f5e89d
RDX: 0000000000000000 RSI: 000055aa52f0d358 RDI: 0000000000000002
RBP: 0000000000040000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000002 R11: 0000000000000246 R12: 000055aa52f0d358
R13: 0000000000000000 R14: 000055aa54753e50 R15: 000055aa54753d20
</TASK>
Modules linked in: snd_soc_acpi snd_soc_core snd_compress ac97_bus snd_pcm_dmaengine snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi zfs(PO+) snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi zunicode(PO) snd_seq_midi_event zzstd(O) snd_rawmidi zlua(O) intel_rapl_m>
usbhid hid_generic hid i915 i2c_algo_bit drm_kms_helper aesni_intel syscopyarea sysfillrect sysimgblt fb_sys_fops crypto_simd cec cryptd rc_core drm nvme psmouse nvme_core xhci_pci xhci_pci_renesas wmi video mac_hid
CR2: 0000000000000017
---[ end trace cae0adb6dc5e38f3 ]---
iwlwifi 0000:02:00.0 wlp2s0: renamed from wlan0
RIP: 0010:iwl_
Code: 29 c1 be 80 01 00 00 48 c7 c7 35 f8 29 c1 e8 27 b9 20 cd 48 8b 83 60 18 00 00 48 c7 c2 39 f8 29 c1 be 64 00 00 00 48 8d 7d 8c <48> 8b 48 18 e8 f7 07 36 cd 48 8b 43 28 48 8d 55 8c 48 c7 c7 44 f8
RSP: 0018:ffff9e37c0
RAX: ffffffffffffffff RBX: ffff8b3fcb5e1f48 RCX: ffff8b3fcb5e1f48
RDX: ffffffffc129f839 RSI: 0000000000000064 RDI: ffff9e37c072bb0c
RBP: ffff9e37c072bb80 R08: ffffffff8f26c920 R09: ffffffffc1298ae0
R10: 0000000000000100 R11: 0000000000000021 R12: 0000000000000000
R13: 0000000fffffffe0 R14: ffff8b3fcb5e1f48 R15: ffff8b3fcb5e1f40
FS: 00007f9084e1954
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000017 CR3: 00000001048c8006 CR4: 00000000003706e0
When booting 5.11.0-38-generic:
ieee80211 phy0: Selected rate control algorithm 'iwl-mvm-rs'
thermal thermal_zone3: failed to read out thermal zone (-61)
BUG: kernel NULL pointer dereference, address: 0000000000000017
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] SMP PTI
CPU: 1 PID: 912 Comm: modprobe Tainted: P O 5.11.0-38-generic #42~20.04.1-Ubuntu
Hardware name: System76 Lemur/Lemur, BIOS 1.05.25RSA2-1 04/17/2018
RIP: 0010:iwl_
Code: 48 c7 c7 a8 bb 00 c1 e8 83 15 89 cc 48 89 d9 4c 89 e2 be 80 01 00 00 49 c7 c0 00 51 00 c1 48 c7 c7 b0 bb 00 c1 e8 15 0c 89 cc <49> 8b 4c 24 18 48 c7 c2 b4 bb 00 c1 be 64 00 00 00 48 8d 7d 84 e8
RSP: 0018:ffffa59c40
RAX: ffffffffffffffff RBX: ffff8ebbc8f91f28 RCX: ffff8ebbc8f91f28
RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffffffffc100bbb0
RBP: ffffa59c40607b70 R08: ffffffff8e46b100 R09: ffffffffc1005100
R10: 0000000000000100 R11: 0000000000000013 R12: ffffffffffffffff
R13: 0000000fffffffe0 R14: ffff8ebbc8f91f28 R15: ffff8ebbc8f91f20
FS: 00007f6eb9e2154
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000017 CR3: 000000010aba2002 CR4: 00000000003706e0
Call Trace:
? thermal_
? thermal_
? iwl_mvm_
iwl_op_
_iwl_op_
iwl_opmode_
? 0xffffffffc0aa3000
iwl_mvm_
? 0xffffffffc0aa3000
do_one_
? _cond_resched+
? kmem_cache_
? do_init_
do_init_
load_module+
? security_
? security_
__do_sys_
? __do_sys_
__x64_
do_syscall_
entry_
RIP: 0033:0x7f6eb9f6689d
Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c3 f5 0c 00 f7 d8 64 89 01 48
RSP: 002b:00007ffdbd
RAX: ffffffffffffffda RBX: 0000555dbd8f8a40 RCX: 00007f6eb9f6689d
RDX: 0000000000000000 RSI: 0000555dbcc58358 RDI: 0000000000000002
RBP: 0000000000040000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000002 R11: 0000000000000246 R12: 0000555dbcc58358
R13: 0000000000000000 R14: 0000555dbd8f8b70 R15: 0000555dbd8f8a40
Modules linked in: snd_hda_codec_hdmi snd_hda_
intel_pch_thermal libahci intel_xhci_
CR2: 0000000000000017
---[ end trace b471419e1ba88be0 ]---
iwlwifi 0000:02:00.0 wlp2s0: renamed from wlan0
RIP: 0010:iwl_
Code: 48 c7 c7 a8 bb 00 c1 e8 83 15 89 cc 48 89 d9 4c 89 e2 be 80 01 00 00 49 c7 c0 00 51 00 c1 48 c7 c7 b0 bb 00 c1 e8 15 0c 89 cc <49> 8b 4c 24 18 48 c7 c2 b4 bb 00 c1 be 64 00 00 00 48 8d 7d 84 e8
RSP: 0018:ffffa59c40
RAX: ffffffffffffffff RBX: ffff8ebbc8f91f28 RCX: ffff8ebbc8f91f28
RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffffffffc100bbb0
RBP: ffffa59c40607b70 R08: ffffffff8e46b100 R09: ffffffffc1005100
R10: 0000000000000100 R11: 0000000000000013 R12: ffffffffffffffff
R13: 0000000fffffffe0 R14: ffff8ebbc8f91f28 R15: ffff8ebbc8f91f20
FS: 00007f6eb9e2154
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000017 CR3: 000000010aba2002 CR4: 00000000003706e0
ethtool: autonegotiation is unset or enabled, the speed and duplex are not writable.
FYI, debugfs is disabled by booting with debugfs=off in /proc/cmdline.
Additional information:
$ lsb_release -rd
Description: Ubuntu 20.04.3 LTS
Release: 20.04
$ apt-cache policy linux-modules-
linux-modules-
Installed: 5.13.0-
Candidate: 5.13.0-
Version table:
*** 5.13.0-
500 http://
500 http://
100 /var/lib/
$ apt-cache policy linux-image-
linux-image-
Installed: 5.11.0-
Candidate: 5.11.0-
Version table:
*** 5.11.0-
500 http://
500 http://
100 /var/lib/
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: linux-modules-
ProcVersionSign
Uname: Linux 5.11.0-38-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.11-
Architecture: amd64
CasperMD5CheckR
CurrentDesktop: ubuntu:GNOME
Date: Tue Oct 26 10:04:44 2021
InstallationDate: Installed on 2021-05-31 (147 days ago)
InstallationMedia: Ubuntu 20.04.2 LTS "Focal Fossa" - Release amd64 (20210527)
SourcePackage: linux-hwe-5.11
UpgradeStatus: No upgrade log present (probably fresh install)
description: | updated |
This seems to be fixed upstream by https:/ /git.kernel. org/pub/ scm/linux/ kernel/ git/stable/ linux.git/ commit/ ?id=5a6248c0a22 352f09ea041665d 3bd3e18f6f872c which is marked `Cc: stable <email address hidden>`.
I'd expect this commit to eventually percolate to Ubuntu kernels, right? If so, should this bug be kept open until then?