Bug 218422 - iwl_trans_txq_send_hcmd: NULL pointer dereference when debugfs=off
Summary: iwl_trans_txq_send_hcmd: NULL pointer dereference when debugfs=off
Status: CLOSED PATCH_ALREADY_AVAILABLE
Alias: None
Product: Drivers
Classification: Unclassified
Component: network-wireless-intel (show other bugs)
Hardware: Intel Linux
: P3 normal
Assignee: Default virtual assignee for network-wireless-intel
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-01-25 11:47 UTC by simon-b
Modified: 2024-03-20 11:04 UTC (History)
0 users

See Also:
Kernel Version: 6.7.5
Subsystem:
Regression: Yes
Bisected commit-id:

Attachments
dmesg, when reproducing the deref (8.63 KB, text/plain)
2024-01-25 11:48 UTC, simon-b 		Details
another dmesg, when reproducing the deref (8.37 KB, text/plain)
2024-01-25 11:48 UTC, simon-b 		Details
patch to fix this (2.01 KB, patch)
2024-03-13 08:59 UTC, Johannes Berg 		Details | Diff
patch to fix this (2.20 KB, patch)
2024-03-13 09:13 UTC, Johannes Berg 		Details | Diff
Show Obsolete (1) Add an attachment (proposed patch, testcase, etc.)

Description simon-b 2024-01-25 11:47:37 UTC 
When starting the network (systemd-networkd), I get the following null pointer dereference. After that, network is broken, e.g. `ip a` hangs forever.
Comment 1 simon-b 2024-01-25 11:48:15 UTC 
Created attachment 305777 [details]
dmesg, when reproducing the deref
Comment 2 simon-b 2024-01-25 11:48:37 UTC 
Created attachment 305778 [details]
another dmesg, when reproducing the deref
Comment 3 simon-b 2024-01-28 23:10:54 UTC 
This is still reproducible with 6.7.2, 6.6.14 is not affected.
Comment 4 simon-b 2024-02-23 01:05:49 UTC 
6.7.5 still affected
Comment 5 simon-b 2024-03-12 13:04:11 UTC 
It also happens on 6.7.9, when debugfs=off
Comment 6 Johannes Berg 2024-03-13 08:59:59 UTC 
Created attachment 305984 [details]
patch to fix this
Comment 7 Johannes Berg 2024-03-13 09:13:14 UTC 
Created attachment 305985 [details]
patch to fix this

sorry, that patch had a small bug wrt. buffer sizes
Comment 8 simon-b 2024-03-19 23:18:36 UTC 
Great, thank you very very much!
Note You need to log in before you can comment on or make changes to this bug.