From: Johannes Berg <johannes@sipsolutions.net>
To: Ping-Ke Shih <pkshih@realtek.com>,
"mathewegeorge@gmail.com" <mathewegeorge@gmail.com>
Cc: "linux-wireless@vger.kernel.org" <linux-wireless@vger.kernel.org>,
"kvalo@kernel.org" <kvalo@kernel.org>,
"linux-pm@vger.kernel.org" <linux-pm@vger.kernel.org>,
Bernie Huang <phhuang@realtek.com>,
"regressions@lists.linux.dev" <regressions@lists.linux.dev>
Subject: Re: [REGRESSION] Freeze on resume from S3 (bisected)
Date: Thu, 20 Jun 2024 13:58:59 +0200 [thread overview]
Message-ID: <b008224f6e7691234e52f8fb9400bbca50160235.camel@sipsolutions.net> (raw)
In-Reply-To: <a60692b7a0ec4caa5db64d369bebf18910102656.camel@realtek.com>
I don't really know any of this here, but ...
+ ret = rtw89_hw_scan_offload(rtwdev, vif, false);
+ if (ret)
+ rtw89_hw_scan_complete(rtwdev, vif, true);
seems strange? You have to say that it was completed here, in the good
case, so maybe that was meant to be !ret?
It _looks_ like the crash is a use-after-free (the wiphy pointer in a
scan request cannot become NULL in normal flows), so maybe try with
KASAN rather than waiting for the crash. According to the logs, it
doesn't happen every time even for the reporter.
There possibly seems to be some issue between cfg80211 and mac80211 in
this code, we see the WARN_ON() in cfg80211_netdev_notifier_call() in
the NETDEV_DOWN case, which calls ___cfg80211_scan_done() which frees
the scan request. But shortly after the HW crashes, and we have
"ieee80211_restart_work called with hardware scan in progress", mac80211
wants to cancel the HW scan but the HW is dead ("wlo1: Failed check-
sdata-in-driver check, flags: 0x0"), and we see again "phy0: resume with
hardware scan still in progress" ... but this time once tasks are
restarted it crashes ...
So I think KASAN, possibly rtw debugs, and perhaps something like
https://p.sipsolutions.net/602684f34abfcf7c.txt will help debug it (yes
it adds a leak)
johannes
next prev parent reply other threads:[~2024-06-20 11:59 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-19 4:39 [REGRESSION] Freeze on resume from S3 (bisected) Forty Five
2024-06-19 6:07 ` Ping-Ke Shih
2024-06-19 14:46 ` Forty Five
2024-06-20 8:16 ` Ping-Ke Shih
2024-06-20 8:56 ` Kalle Valo
2024-06-20 9:06 ` Ping-Ke Shih
2024-06-20 9:18 ` Mathew George
2024-06-20 9:33 ` Ping-Ke Shih
2024-06-20 10:05 ` Mathew George
2024-06-20 11:41 ` Ping-Ke Shih
2024-06-20 11:58 ` Johannes Berg [this message]
2024-06-20 13:05 ` Forty Five
2024-06-20 13:41 ` Forty Five
2024-06-28 3:55 ` Ping-Ke Shih
-- strict thread matches above, loose matches on Subject: below --
2024-06-30 19:11 Forty Five
2024-07-03 7:39 ` Ping-Ke Shih
[not found] <875xtqjli4.fsf@gmail.com>
2024-06-30 19:20 ` Forty Five
2024-07-01 2:46 ` Ping-Ke Shih
2024-07-01 5:36 ` Ping-Ke Shih
2024-07-01 6:15 Forty Five
2024-07-08 15:55 Forty Five
[not found] <draft-87msmrdgkb.fsf@gmail.com>
2024-07-08 16:30 ` Forty Five
2024-07-09 1:26 ` Ping-Ke Shih
2024-07-09 4:10 ` Forty Five
2024-07-09 4:25 ` Ping-Ke Shih
2024-07-09 11:49 ` Forty Five
2024-07-11 7:54 ` Forty Five
2024-07-12 0:59 ` Ping-Ke Shih
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b008224f6e7691234e52f8fb9400bbca50160235.camel@sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=kvalo@kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=mathewegeorge@gmail.com \
--cc=phhuang@realtek.com \
--cc=pkshih@realtek.com \
--cc=regressions@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).