1160730 – rtw88 driver in kernel 5.4.7 dereferences NULL pointer

Bug 1160730 - rtw88 driver in kernel 5.4.7 dereferences NULL pointer

Summary: rtw88 driver in kernel 5.4.7 dereferences NULL pointer

Status:	RESOLVED FIXED

Alias:	None

Product:	openSUSE Tumbleweed
Classification:	openSUSE
Component:	Kernel (show other bugs)
Version:	Current
Hardware:	x86-64 Other

Priority:	P5 - None Severity: Major with 5 votes (vote)
Target Milestone:	---
Assignee:	Takashi Iwai
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2020-01-12 17:02 UTC by Jarek Cora
Modified:	2023-04-26 13:48 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jarek Cora 2020-01-12 17:02:09 UTC

After kernel in Tumbleweed was updated to 5.4.7, systems with RTL8822BE wireless controller crash due to the driver de-referincing NULL pointer.

The relevant log:

kernel: rtw_pci 0000:03:00.0: start vif ec:5c:68:c5:45:49 on port 0
kernel: BUG: kernel NULL pointer dereference, address: 0000000000000070
kernel: #PF: supervisor read access in kernel mode
kernel: #PF: error_code(0x0000) - not-present page
kernel: PGD 0 P4D 0 
kernel: Oops: 0000 [#1] SMP NOPTI
kernel: CPU: 5 PID: 694 Comm: irq/142-rtwpci Not tainted 5.4.7-1-default #1 openSUSE Tumblewee>
kernel: Hardware name: HP HP Pavilion Laptop 15-cs2xxx/84C1, BIOS F.17 05/15/2019
kernel: RIP: 0010:rtw_pci_tx_isr+0x96/0x230 [rtwpci]
kernel: Code: 10 01 00 00 48 8b 44 24 08 44 0f b6 6c 24 13 48 c1 e0 06 49 83 c5 01 48 89 04 24>
kernel: RSP: 0018:ffffba6640bc7e08 EFLAGS: 00010002
kernel: RAX: 0000000000000000 RBX: ffff9f165a6fdad8 RCX: 0000000000000002
kernel: RDX: 0000000000000001 RSI: 0000000000000086 RDI: 0000000000000086
kernel: RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
kernel: R10: 0000000000000000 R11: ffff9f165e36bb00 R12: ffff9f165a6f9e40
kernel: R13: ffff9f165a6fdcd8 R14: 0000000000000007 R15: ffff9f165a6f87a0
kernel: FS:  0000000000000000(0000) GS:ffff9f165e340000(0000) knlGS:0000000000000000
kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kernel: CR2: 0000000000000070 CR3: 0000000357e0a003 CR4: 00000000003606e0
kernel: Call Trace:
kernel:  rtw_pci_interrupt_threadfn+0x1ee/0x210 [rtwpci]
kernel:  ? irq_finalize_oneshot.part.0+0x110/0x110
kernel:  irq_thread_fn+0x20/0x60
kernel:  irq_thread+0xdc/0x170
kernel:  ? irq_forced_thread_fn+0x80/0x80
kernel:  kthread+0xf9/0x130
kernel:  ? irq_thread_check_affinity+0xd0/0xd0
kernel:  ? kthread_park+0x90/0x90


The bug in the driver was confirmed here:
https://linuxlists.cc/l/9/linux-wireless/t/3416700/

Comment 1 Takashi Iwai 2020-01-15 11:47:19 UTC

Thanks for the report.

I'm building a test kernel with the suggested patch in OBS home:tiwai:bsc1160730 repo.  It'll take some time (for an hour or so) until the build finishes.
The test package will appear at
  download.opensuse.org/repositories/home:/tiwai:/bsc1160730/standard/

Note that secure boot won't work with this kernel as it's not signed with an official key.

Comment 2 Jarek Cora 2020-01-15 13:53:32 UTC

Thank you. I see the build succeeded and the repo has been published. I will test it tonight and post the result here.

Comment 3 Jarek Cora 2020-01-15 16:52:26 UTC

I confirm the problem was solved in the kernel provided above. 

HP Pavilion laptop with RTL8822BE wireless controller was hard freezing soon after boot with kernel 5.4.7. The same hardware works fine with kernel 5.4.12-1.g9b01f9b-default provided by Takashi.

Excellent job, sir. Thank you.

Comment 4 Takashi Iwai 2020-01-15 18:59:34 UTC

OK, good to hear.  Now I pushed the fix to stable branch.

The fix isn't merged yet to the tree and the upstream might have another fix, then I'll update accordingly later.

Maybe this was missing in the next kernel update but should be included after that.