Bug 218422

Summary: iwl_trans_txq_send_hcmd: NULL pointer dereference when debugfs=off
Product: Drivers Reporter: simon-b
Component: network-wireless-intelAssignee: Default virtual assignee for network-wireless-intel (drivers_network-wireless-intel)
Status: CLOSED PATCH_ALREADY_AVAILABLE    
Severity: normal    
Priority: P3    
Hardware: Intel   
OS: Linux   
Kernel Version: 6.7.5 Subsystem:
Regression: Yes Bisected commit-id:
Attachments: dmesg, when reproducing the deref
another dmesg, when reproducing the deref
patch to fix this
patch to fix this

Description simon-b 2024-01-25 11:47:37 UTC
When starting the network (systemd-networkd), I get the following null pointer dereference. After that, network is broken, e.g. `ip a` hangs forever.
Comment 1 simon-b 2024-01-25 11:48:15 UTC
Created attachment 305777 [details]
dmesg, when reproducing the deref
Comment 2 simon-b 2024-01-25 11:48:37 UTC
Created attachment 305778 [details]
another dmesg, when reproducing the deref
Comment 3 simon-b 2024-01-28 23:10:54 UTC
This is still reproducible with 6.7.2, 6.6.14 is not affected.
Comment 4 simon-b 2024-02-23 01:05:49 UTC
6.7.5 still affected
Comment 5 simon-b 2024-03-12 13:04:11 UTC
It also happens on 6.7.9, when debugfs=off
Comment 6 Johannes Berg 2024-03-13 08:59:59 UTC
Created attachment 305984 [details]
patch to fix this
Comment 7 Johannes Berg 2024-03-13 09:13:14 UTC
Created attachment 305985 [details]
patch to fix this

sorry, that patch had a small bug wrt. buffer sizes
Comment 8 simon-b 2024-03-19 23:18:36 UTC
Great, thank you very very much!