I am running a Lenovo T14s AND Gen 6 laptop. dmesg reports the WiFi card as: Hardware name: wcn7850 hw2. Randomly when the laptop enters a sleep state, while the WiFi is disconnecting, I gets a NULL pointer deference in the kernel and it crashes. This applies to 6.13.12, all versions of 6.4.x and the rawhide version of 6.15-rc7 which I just built on my machine. 4. Can you reproduce this issue? If so, please provide the steps to reproduce the issue below: Boot machine. Open and close the cover and it will sooner or later crash and hang. Often fairly frequently. 6. Are you running any modules that not shipped with directly Fedora's kernel?: No. 7. Please attach the kernel logs. You can get the complete kernel log for a boot with ``journalctl --no-hostname -k > dmesg.txt``. If the issue occurred on a previous boot, use the journalctl ``-b`` flag. Here is the crash on 6.14.7: May 20 15:05:06 kernel: BUG: kernel NULL pointer dereference, address: 0000000000000000 May 20 15:05:06 kernel: #PF: supervisor read access in kernel mode May 20 15:05:06 kernel: #PF: error_code(0x0000) - not-present page May 20 15:05:06 kernel: PGD 271923067 P4D 271923067 PUD 415791067 PMD 0 May 20 15:05:06 kernel: Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI May 20 15:05:06 kernel: CPU: 8 UID: 0 PID: 135707 Comm: kworker/u65:36 Tainted: G W 6.14.7-301.crpalmer.fc42.x86_64 #1 May 20 15:05:06 kernel: Tainted: [W]=WARN May 20 15:05:06 kernel: Hardware name: LENOVO 21M1001WUS/21M1001WUS, BIOS R2NET36W (1.10 ) 11/22/2024 May 20 15:05:06 kernel: Workqueue: events_unbound cfg80211_wiphy_work [cfg80211] May 20 15:05:06 kernel: RIP: 0010:ath12k_mac_remove_link_interface.isra.0+0x26/0x70 [ath12k] May 20 15:05:06 kernel: Code: 90 90 90 90 0f 1f 44 00 00 41 54 55 53 4c 8b a7 b8 02 00 00 48 89 fb 48 81 c7 d8 01 00 00 48 8b af 40 fe ff ff e8 0a ca c3 e0 <41> 83 3c 24 01 74 0f 48 89 de 48 89 ef 5b 5d 41 5c e9 a4 fc ff ff May 20 15:05:06 kernel: RSP: 0018:ffffb386eba97de0 EFLAGS: 00010292 May 20 15:05:06 kernel: RAX: 0000000000000000 RBX: ffff8dfeb19ca1a0 RCX: 0000000000000000 May 20 15:05:06 kernel: RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8dfeb19ca378 May 20 15:05:06 kernel: RBP: 0000000000000000 R08: 8080808080808080 R09: ffff8e00f1b92980 May 20 15:05:06 kernel: R10: ffff8dfe80212ac0 R11: fefefefefefefeff R12: 0000000000000000 May 20 15:05:06 kernel: R13: ffff8dfe803bce05 R14: 0000000000000000 R15: ffff8dfeb2d48378 May 20 15:05:06 kernel: FS: 0000000000000000(0000) GS:ffff8e05be600000(0000) knlGS:0000000000000000 May 20 15:05:06 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 May 20 15:05:06 kernel: CR2: 0000000000000000 CR3: 0000000450dac000 CR4: 0000000000f50ef0 May 20 15:05:06 kernel: PKRU: 55555554 May 20 15:05:06 kernel: Call Trace: May 20 15:05:06 kernel: <TASK> May 20 15:05:06 kernel: ath12k_scan_vdev_clean_work+0x8b/0xd0 [ath12k] May 20 15:05:06 kernel: cfg80211_wiphy_work+0x11b/0x190 [cfg80211] May 20 15:05:06 kernel: process_one_work+0x17b/0x340 May 20 15:05:06 kernel: worker_thread+0x255/0x390 May 20 15:05:06 kernel: ? __pfx_worker_thread+0x10/0x10 May 20 15:05:06 kernel: kthread+0xec/0x230 May 20 15:05:06 kernel: ? __pfx_kthread+0x10/0x10 May 20 15:05:06 kernel: ret_from_fork+0x31/0x50 May 20 15:05:06 kernel: ? __pfx_kthread+0x10/0x10 May 20 15:05:06 kernel: ret_from_fork_asm+0x1a/0x30 May 20 15:05:06 kernel: </TASK> May 20 15:05:06 kernel: Modules linked in: overlay uinput rfcomm snd_seq_dummy snd_hrtimer michael_mic nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables bnep sunrpc binfmt_misc qrtr_mhi vfat fat snd_acp_legacy_mach snd_acp_mach snd_soc_nau8821 snd_acp3x_rn snd_acp70 snd_acp_i2s snd_acp_pdm snd_acp_pcm snd_soc_dmic snd_sof_amd_acp70 snd_sof_amd_acp63 snd_sof_amd_vangogh snd_sof_amd_rembrandt snd_sof_amd_renoir snd_sof_amd_acp snd_sof_pci amd_atl snd_sof_xtensa_dsp intel_rapl_msr intel_rapl_common snd_sof qrtr snd_sof_utils snd_pci_ps ath12k edac_mce_amd snd_soc_acpi_amd_match snd_amd_sdw_acpi soundwire_amd kvm_amd soundwire_generic_allocation soundwire_bus snd_hda_codec_realtek snd_hda_codec_generic qmi_helpers snd_soc_sdca snd_hda_scodec_component snd_hda_codec_hdmi btusb kvm snd_soc_core uvcvideo btrtl mac80211 btintel snd_hda_intel uvc May 20 15:05:06 kernel: videobuf2_vmalloc btbcm videobuf2_memops snd_intel_dspcfg videobuf2_v4l2 snd_compress btmtk snd_intel_sdw_acpi ac97_bus spd5118 snd_hda_codec videobuf2_common snd_pcm_dmaengine videodev bluetooth snd_rpl_pci_acp6x irqbypass libarc4 snd_hda_core snd_acp_pci snd_ctl_led rapl mc pcspkr snd_acp_legacy_common snd_hwdep snd_pci_acp6x think_lmi cfg80211 snd_seq snd_seq_device snd_pci_acp5x thinkpad_acpi firmware_attributes_class wmi_bmof snd_rn_pci_acp3x snd_pcm snd_acp_config sparse_keymap snd_timer rfkill snd_soc_acpi thunderbolt mhi snd i2c_piix4 snd_pci_acp3x soundcore k10temp i2c_smbus amd_pmf amdtee amd_sfh tee platform_profile joydev amd_pmc loop nfnetlink zram lz4hc_compress lz4_compress amdgpu amdxcp i2c_algo_bit drm_ttm_helper ttm drm_exec drm_suballoc_helper nvme nvme_core drm_panel_backlight_quirks drm_buddy polyval_clmulni drm_display_helper polyval_generic ghash_clmulni_intel amdxdna sha512_ssse3 video hid_multitouch ucsi_acpi sha256_ssse3 sha1_ssse3 typec_ucsi cec gpu_sched sp5100_tco typec May 20 15:05:06 kernel: nvme_auth i2c_hid_acpi wmi i2c_hid serio_raw fuse May 20 15:05:06 kernel: CR2: 0000000000000000 May 20 15:05:06 kernel: ---[ end trace 0000000000000000 ]--- May 20 15:05:06 kernel: RIP: 0010:ath12k_mac_remove_link_interface.isra.0+0x26/0x70 [ath12k] May 20 15:05:06 kernel: Code: 90 90 90 90 0f 1f 44 00 00 41 54 55 53 4c 8b a7 b8 02 00 00 48 89 fb 48 81 c7 d8 01 00 00 48 8b af 40 fe ff ff e8 0a ca c3 e0 <41> 83 3c 24 01 74 0f 48 89 de 48 89 ef 5b 5d 41 5c e9 a4 fc ff ff May 20 15:05:06 kernel: RSP: 0018:ffffb386eba97de0 EFLAGS: 00010292 May 20 15:05:06 kernel: RAX: 0000000000000000 RBX: ffff8dfeb19ca1a0 RCX: 0000000000000000 May 20 15:05:06 kernel: RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8dfeb19ca378 May 20 15:05:06 kernel: RBP: 0000000000000000 R08: 8080808080808080 R09: ffff8e00f1b92980 May 20 15:05:06 kernel: R10: ffff8dfe80212ac0 R11: fefefefefefefeff R12: 0000000000000000 May 20 15:05:06 kernel: R13: ffff8dfe803bce05 R14: 0000000000000000 R15: ffff8dfeb2d48378 May 20 15:05:06 kernel: FS: 0000000000000000(0000) GS:ffff8e05be600000(0000) knlGS:0000000000000000 May 20 15:05:06 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 May 20 15:05:06 kernel: CR2: 0000000000000000 CR3: 0000000450dac000 CR4: 0000000000f50ef0 May 20 15:05:06 kernel: PKRU: 55555554 May 20 15:05:06 kernel: note: kworker/u65:36[135707] exited with irqs disabled May 20 15:06:11 kernel: PM: suspend entry (s2idle) May 20 15:06:11 kernel: Filesystems sync: 0.011 seconds May 20 15:06:32 kernel: Freezing user space processes May 20 15:06:32 kernel: Freezing user space processes failed after 20.002 seconds (3 tasks refusing to freeze, wq_busy=0): May 20 15:06:32 kernel: task:wpa_supplicant state:D stack:0 pid:1322 tgid:1322 ppid:1 task_flags:0x400100 flags:0x00000006 Reproducible: Always
Created attachment 2090954 [details] Full dmesg.txt from the the 6.14.7 crash, all crashes look similar
Created attachment 2090955 [details] dmesg ffrom 6.14.6 In case anyone thinks its a regression in 6.14.7, here's the dmesg from a 6.14.6 officially released kernel.
Actually, I'm having a hard time reproducing it with 6.15-rc7. I had something bad happen on the first boot and I (stupidly) assumed it was the same problem and didn't look at the journalctl. Now I've been trying to reproduce it and haven't been able to.
(In reply to Christopher R. Palmer from comment #3) > Actually, I'm having a hard time reproducing it with 6.15-rc7. I had > something bad happen on the first boot and I (stupidly) assumed it was the > same problem and didn't look at the journalctl. Now I've been trying to > reproduce it and haven't been able to. Hi Chris, thanks for posting this and letting me know that you are not having these issues with 6.15rc7. I had the same issue for a while now, recently firmware received an update that completely broke the ath12k driver. Downgrading brings me back to this crashing problem that you describe, and upgrading removes Wi-Fi completely, which is actually better that dealing with all these crashes, just using a wifi usb dongle for now. I'm wondering how do you exactly upgrade to 6.15rc7 on fedora (probably dumb question, but I'm no expert) can't seem to find a straightforward guide or documentation on this.
FWIW, I did have some problems with 6.15 last night which I didn't look into at all, instead just turning off the laptop and calling it day. To build the kernel, I followed this set of instructions https://docs.fedoraproject.org/en-US/quick-docs/kernel-build-custom/ Specifically, I used the section "Building a Kernel from the Fedora dist-git" and ran "git switch rawhide" to switch to the rawhide (6.15-rc7) branch.
Mark Pearson, you linked this commit in another bug and I thought it might apply to this bug. Here's an update on my testing with this commit. The testing is looking promising. The commit is: https://web.git.kernel.org/pub/scm/linux/kernel/git/ath/ath.git/commit/?id=1ab2e9046b4f3b298274ad4cc08ff456d3e4274e I booted the official fc42 6.14.6 and ran sudo iw wlp194s0 scan and then within a second or so I closed the lid of my laptop which caused a NULL pointer exception in: May 22 19:17:49 lambtop kernel: Call Trace: May 22 19:17:49 lambtop kernel: <TASK> May 22 19:17:49 lambtop kernel: cancel_delayed_work_sync+0x5e/0x80 May 22 19:17:49 lambtop kernel: ath12k_mac_remove_link_interface.isra.0+0x26/0x70 [ath12k] May 22 19:17:49 lambtop kernel: ath12k_scan_vdev_clean_work+0x8b/0xd0 [ath12k] May 22 19:17:49 lambtop kernel: cfg80211_wiphy_work+0x11b/0x190 [cfg80211] May 22 19:17:49 lambtop kernel: process_one_work+0x17b/0x340 May 22 19:17:49 lambtop kernel: worker_thread+0x255/0x390 May 22 19:17:49 lambtop kernel: ? __pfx_worker_thread+0x10/0x10 May 22 19:17:49 lambtop kernel: kthread+0xec/0x230 May 22 19:17:49 lambtop kernel: ? __pfx_kthread+0x10/0x10 May 22 19:17:49 lambtop kernel: ret_from_fork+0x31/0x50 May 22 19:17:49 lambtop kernel: ? __pfx_kthread+0x10/0x10 May 22 19:17:49 lambtop kernel: ret_from_fork_asm+0x1a/0x30 May 22 19:17:49 lambtop kernel: </TASK> With my source built 6.14.7 and this commit, I performed the same test (run the command and then within a second or a few I closed the lid of my laptop) and this succeeded 10 times. Each time I was able to wake up the laptop and the WiFi was functional. Previously, I'm not sure I could just close the lid 10 times without encountering a crash and a failure to wake up let alone trying to trigger it with an intentional scan operation.
Thanks for the update - reviewing with the Qualcomm engineers.
This message is a reminder that Fedora Linux 42 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of '42'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, change the 'version' to a later Fedora Linux version. Note that the version field may be hidden. Click the "Show advanced fields" button if you do not see it. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora Linux 42 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora Linux, you are encouraged to change the 'version' to a later version prior to this bug being closed.