> -----Original Message----- > From: Intel-wired-lan <[email protected]> On Behalf Of Aaron > Ma via Intel-wired-lan > Sent: Tuesday, January 20, 2026 11:51 PM > To: Nguyen, Anthony L <[email protected]>; Kitszel, Przemyslaw > <[email protected]>; [email protected]; [email protected]; > [email protected]; > [email protected]; [email protected]; > [email protected]; [email protected]; > [email protected] > Subject: [Intel-wired-lan] [PATCH] ice: Fix PTP NULL pointer dereference > during VSI rebuild > > Fix race condition where PTP periodic work runs while VSI is being > rebuilt, accessing NULL vsi->rx_rings. > > The sequence was: > 1. ice_ptp_prepare_for_reset() cancels PTP work > 2. ice_ptp_rebuild() immediately queues PTP work > 3. VSI rebuild happens AFTER ice_ptp_rebuild() > 4. PTP work runs and accesses NULL vsi->rx_rings > > Fix: Keep PTP work cancelled during rebuild, only queue it after > VSI rebuild completes in ice_rebuild(). > > Added ice_ptp_queue_work() helper function to encapsulate the logic > for queuing PTP work, ensuring it's only queued when PTP is supported > and the state is ICE_PTP_READY. > > Error log: > [ 121.392544] ice 0000:60:00.1: PTP reset successful > [ 121.392692] BUG: kernel NULL pointer dereference, address: 0000000000000000 > [ 121.392712] #PF: supervisor read access in kernel mode > [ 121.392720] #PF: error_code(0x0000) - not-present page > [ 121.392727] PGD 0 > [ 121.392734] Oops: Oops: 0000 [#1] SMP NOPTI > [ 121.392746] CPU: 8 UID: 0 PID: 1005 Comm: ice-ptp-0000:60 Tainted: G S > 6.19.0-rc6+ #4 PREEMPT(voluntary) > [ 121.392761] Tainted: [S]=CPU_OUT_OF_SPEC > [ 121.392773] RIP: 0010:ice_ptp_update_cached_phctime+0xbf/0x150 [ice] > [ 121.393042] Call Trace: > [ 121.393047] <TASK> > [ 121.393055] ice_ptp_periodic_work+0x69/0x180 [ice] > [ 121.393202] kthread_worker_fn+0xa2/0x260 > [ 121.393216] ? __pfx_ice_ptp_periodic_work+0x10/0x10 [ice] > [ 121.393359] ? __pfx_kthread_worker_fn+0x10/0x10 > [ 121.393371] kthread+0x10d/0x230 > [ 121.393382] ? __pfx_kthread+0x10/0x10 > [ 121.393393] ret_from_fork+0x273/0x2b0 > [ 121.393407] ? __pfx_kthread+0x10/0x10 > [ 121.393417] ret_from_fork_asm+0x1a/0x30 > [ 121.393432] </TASK> > > Fixes: 803bef817807d ("ice: factor out ice_ptp_rebuild_owner()") > Signed-off-by: Aaron Ma <[email protected]> > --- > drivers/net/ethernet/intel/ice/ice_main.c | 3 +++ > drivers/net/ethernet/intel/ice/ice_ptp.c | 26 ++++++++++++++++++----- > drivers/net/ethernet/intel/ice/ice_ptp.h | 5 +++++ > 3 files changed, 29 insertions(+), 5 deletions(-)
Tested-by: Sunitha Mekala <[email protected]> (A Contingent worker at Intel)
