Hi,
I'm trying to track down a bug happening on my Intel NUC with a Fedora `5.14.13`
kernel.
The trace looks something like:
```
[345514.404223] BUG: kernel NULL pointer dereference, address: 000000000000016c
[345514.409853] #PF: supervisor read access in kernel mode
[345514.415323] #PF: error_code(0x0000) - not-present page
[345514.420718] PGD 0 P4D 0
[345514.425995] Oops: 0000 [#1] SMP NOPTI
[345514.431240] CPU: 2 PID: 774 Comm: irq/48-iwlwifi Kdump: loaded Tainted: G W 5.14.13-300.fc35.x86_64 #1
[345514.436529] Hardware name: /NUC5i3RYB, BIOS RYBDWi35.86A.0350.2015.0812.1722 08/12/2015
[345514.441734] RIP: 0010:iwl_mvm_get_tx_rate+0xd3/0x100 [iwlmvm]
[345514.446884] Code: 08 74 09 80 3d db 25 05 00 00 74 19 0f be 5d 08 83 fb 0b 0f 87 5e ff ff ff 0f b6 45 04 eb a2 0f 0b 31 db eb f4 44 0f be 4d 08 <45> 8b 85 6c 01 00 00 0f b7 f2 0f b7 c9 48 c7 c7 38 a0 e2 c0 c6 05
[345514.452177] RSP: 0018:ffffbe7fc0128cb8 EFLAGS: 00010246
[345514.457251] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000050
[345514.462313] RDX: 000000000000049b RSI: ffffbe7fc0128d88 RDI: ffff9e2c91a4a008
[345514.467293] RBP: ffffbe7fc0128d88 R08: 0000000000000050 R09: 00000000ffffffed
[345514.472227] R10: 0000000000000000 R11: 0000000000000050 R12: ffff9e2c91a4a008
[345514.477112] R13: 0000000000000000 R14: ffffbe7fc0128d88 R15: ffff9e2ca78aa484
[345514.481906] FS: 0000000000000000(0000) GS:ffff9e33b6d00000(0000) knlGS:0000000000000000
[345514.486673] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[345514.491327] CR2: 000000000000016c CR3: 00000001cde10005 CR4: 00000000003706e0
[345514.495957] Call Trace:
[345514.500447] <IRQ>
[345514.504856] iwl_mvm_set_tx_cmd_rate+0x66/0x140 [iwlmvm]
[345514.509279] iwl_mvm_set_tx_params+0x1a5/0x580 [iwlmvm]
[345514.513627] iwl_mvm_tx_skb_non_sta+0x16a/0x350 [iwlmvm]
[345514.517898] iwl_mvm_tx_skb+0x23/0x40 [iwlmvm]
[345514.522081] ieee80211_tx_frags+0x15c/0x220 [mac80211]
[345514.526254] __ieee80211_tx+0x76/0x140 [mac80211]
[345514.530342] ieee80211_tx+0xc7/0x110 [mac80211]
[345514.534361] ieee80211_tx_pending+0x9c/0x270 [mac80211]
[345514.538316] ? net_rx_action+0x223/0x2e0
[345514.542147] tasklet_action_common.constprop.0+0xbc/0x120
[345514.545940] __do_softirq+0xcd/0x282
[345514.549643] do_softirq+0x76/0x90
[345514.553270] </IRQ>
[345514.556800] __local_bh_enable_ip+0x4b/0x50
[345514.560301] iwl_pcie_irq_handler+0x493/0xad0 [iwlwifi]
[345514.563751] ? irq_thread_dtor+0xb0/0xb0
[345514.567101] irq_thread_fn+0x1d/0x60
[345514.570380] irq_thread+0xb9/0x150
[345514.573574] ? irq_finalize_oneshot.part.0+0xf0/0xf0
[345514.576732] ? irq_thread_check_affinity+0xc0/0xc0
[345514.579822] kthread+0x124/0x150
[345514.582821] ? set_kthread_struct+0x40/0x40
[345514.585764] ret_from_fork+0x1f/0x30
[345514.588623] Modules linked in: tun overlay bridge stp llc intel_rapl_msr snd_hda_codec_hdmi intel_rapl_common iwlmvm x86_pkg_temp_thermal intel_powerclamp mac80211 i915 coretemp snd_usb_audio snd_hda_codec_realtek kvm_intel snd_hda_codec_generic libarc4 ledtrig_audio snd_hda_intel kvm snd_usbmidi_lib snd_intel_dspcfg snd_intel_sdw_acpi iwlwifi btusb snd_hda_codec snd_rawmidi mei_hdcp at24 btrtl iTCO_wdt intel_pmc_bxt btbcm iTCO_vendor_support btintel snd_seq_device snd_hda_core irqbypass mc bluetooth rapl intel_cstate snd_hwdep snd_pcm cfg80211 intel_uncore i2c_algo_bit ttm i2c_i801 mei_me snd_timer i2c_smbus lpc_ich drm_kms_helper ecdh_generic mei joydev rfkill snd ir_rc6_decoder cec soundcore rc_rc6_mce nuvoton_cir acpi_pad drm zram ip_tables xfs dm_multipath crct10dif_pclmul crc32_pclmul crc32c_intel e1000e ghash_clmulni_intel hid_microsoft ff_memless video fuse
[345514.601061] CR2: 000000000000016c
```
I set up kdump and got a vmcore in /var/crash so we might be able to analyze that to find more
information. I'm available on IRC (dustymabe on libera.chat) if anyone would like to dig in
to the crashdump for more information.
Thanks!
Dusty Mabe
On 11/4/21 2:26 PM, Dusty Mabe wrote:
> Hi,
>
> I'm trying to track down a bug happening on my Intel NUC with a Fedora `5.14.13`
> kernel.
>
> The trace looks something like:
>
> ```
> [345514.404223] BUG: kernel NULL pointer dereference, address: 000000000000016c
> [345514.409853] #PF: supervisor read access in kernel mode
> [345514.415323] #PF: error_code(0x0000) - not-present page
> [345514.420718] PGD 0 P4D 0
> [345514.425995] Oops: 0000 [#1] SMP NOPTI
> [345514.431240] CPU: 2 PID: 774 Comm: irq/48-iwlwifi Kdump: loaded Tainted: G W 5.14.13-300.fc35.x86_64 #1
> [345514.436529] Hardware name: /NUC5i3RYB, BIOS RYBDWi35.86A.0350.2015.0812.1722 08/12/2015
> [345514.441734] RIP: 0010:iwl_mvm_get_tx_rate+0xd3/0x100 [iwlmvm]
> [345514.446884] Code: 08 74 09 80 3d db 25 05 00 00 74 19 0f be 5d 08 83 fb 0b 0f 87 5e ff ff ff 0f b6 45 04 eb a2 0f 0b 31 db eb f4 44 0f be 4d 08 <45> 8b 85 6c 01 00 00 0f b7 f2 0f b7 c9 48 c7 c7 38 a0 e2 c0 c6 05
> [345514.452177] RSP: 0018:ffffbe7fc0128cb8 EFLAGS: 00010246
> [345514.457251] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000050
> [345514.462313] RDX: 000000000000049b RSI: ffffbe7fc0128d88 RDI: ffff9e2c91a4a008
> [345514.467293] RBP: ffffbe7fc0128d88 R08: 0000000000000050 R09: 00000000ffffffed
> [345514.472227] R10: 0000000000000000 R11: 0000000000000050 R12: ffff9e2c91a4a008
> [345514.477112] R13: 0000000000000000 R14: ffffbe7fc0128d88 R15: ffff9e2ca78aa484
> [345514.481906] FS: 0000000000000000(0000) GS:ffff9e33b6d00000(0000) knlGS:0000000000000000
> [345514.486673] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [345514.491327] CR2: 000000000000016c CR3: 00000001cde10005 CR4: 00000000003706e0
> [345514.495957] Call Trace:
> [345514.500447] <IRQ>
> [345514.504856] iwl_mvm_set_tx_cmd_rate+0x66/0x140 [iwlmvm]
> [345514.509279] iwl_mvm_set_tx_params+0x1a5/0x580 [iwlmvm]
> [345514.513627] iwl_mvm_tx_skb_non_sta+0x16a/0x350 [iwlmvm]
> [345514.517898] iwl_mvm_tx_skb+0x23/0x40 [iwlmvm]
> [345514.522081] ieee80211_tx_frags+0x15c/0x220 [mac80211]
> [345514.526254] __ieee80211_tx+0x76/0x140 [mac80211]
> [345514.530342] ieee80211_tx+0xc7/0x110 [mac80211]
> [345514.534361] ieee80211_tx_pending+0x9c/0x270 [mac80211]
> [345514.538316] ? net_rx_action+0x223/0x2e0
> [345514.542147] tasklet_action_common.constprop.0+0xbc/0x120
> [345514.545940] __do_softirq+0xcd/0x282
> [345514.549643] do_softirq+0x76/0x90
> [345514.553270] </IRQ>
> [345514.556800] __local_bh_enable_ip+0x4b/0x50
> [345514.560301] iwl_pcie_irq_handler+0x493/0xad0 [iwlwifi]
> [345514.563751] ? irq_thread_dtor+0xb0/0xb0
> [345514.567101] irq_thread_fn+0x1d/0x60
> [345514.570380] irq_thread+0xb9/0x150
> [345514.573574] ? irq_finalize_oneshot.part.0+0xf0/0xf0
> [345514.576732] ? irq_thread_check_affinity+0xc0/0xc0
> [345514.579822] kthread+0x124/0x150
> [345514.582821] ? set_kthread_struct+0x40/0x40
> [345514.585764] ret_from_fork+0x1f/0x30
> [345514.588623] Modules linked in: tun overlay bridge stp llc intel_rapl_msr snd_hda_codec_hdmi intel_rapl_common iwlmvm x86_pkg_temp_thermal intel_powerclamp mac80211 i915 coretemp snd_usb_audio snd_hda_codec_realtek kvm_intel snd_hda_codec_generic libarc4 ledtrig_audio snd_hda_intel kvm snd_usbmidi_lib snd_intel_dspcfg snd_intel_sdw_acpi iwlwifi btusb snd_hda_codec snd_rawmidi mei_hdcp at24 btrtl iTCO_wdt intel_pmc_bxt btbcm iTCO_vendor_support btintel snd_seq_device snd_hda_core irqbypass mc bluetooth rapl intel_cstate snd_hwdep snd_pcm cfg80211 intel_uncore i2c_algo_bit ttm i2c_i801 mei_me snd_timer i2c_smbus lpc_ich drm_kms_helper ecdh_generic mei joydev rfkill snd ir_rc6_decoder cec soundcore rc_rc6_mce nuvoton_cir acpi_pad drm zram ip_tables xfs dm_multipath crct10dif_pclmul crc32_pclmul crc32c_intel e1000e ghash_clmulni_intel hid_microsoft ff_memless video fuse
> [345514.601061] CR2: 000000000000016c
> ```
>
> I set up kdump and got a vmcore in /var/crash so we might be able to analyze that to find more
> information. I'm available on IRC (dustymabe on libera.chat) if anyone would like to dig in
> to the crashdump for more information.
Bump - anybody interested in more information to see if we can track this one down.
Since I have a vmcore from a kdump it might be a little easier to diagnose things.
Dusty