* [PATCH] wifi: mt76: mt7921: fix null pointer access in mt792x_mac_link_bss_remove
@ 2024-07-18 23:46 sean.wang
2024-07-19 11:26 ` Bert Karwatzki
2024-07-24 9:36 ` Linux regression tracking (Thorsten Leemhuis)
0 siblings, 2 replies; 16+ messages in thread
From: sean.wang @ 2024-07-18 23:46 UTC (permalink / raw)
To: nbd, lorenzo.bianconi
Cc: sean.wang, deren.wu, mingyen.hsieh, linux-wireless,
linux-mediatek, Bert Karwatzki
From: Sean Wang <sean.wang@mediatek.com>
Fix null pointer access in mt792x_mac_link_bss_remove.
To prevent null pointer access, we should assign the vif to bss_conf in
mt7921_add_interface. This ensures that subsequent operations on the BSS
can properly reference the correct vif.
[ T843] Call Trace:
[ T843] <TASK>
[ T843] ? __die+0x1e/0x60
[ T843] ? page_fault_oops+0x157/0x450
[ T843] ? srso_alias_return_thunk+0x5/0xfbef5
[ T843] ? srso_alias_return_thunk+0x5/0xfbef5
[ T843] ? search_bpf_extables+0x5a/0x80
[ T843] ? srso_alias_return_thunk+0x5/0xfbef5
[ T843] ? exc_page_fault+0x2bb/0x670
[ T843] ? srso_alias_return_thunk+0x5/0xfbef5
[ T843] ? lock_timer_base+0x71/0x90
[ T843] ? asm_exc_page_fault+0x26/0x30
[ T843] ? mt792x_mac_link_bss_remove+0x24/0x110 [mt792x_lib]
[ T843] ? mt792x_remove_interface+0x6e/0x90 [mt792x_lib]
[ T843] ? ieee80211_do_stop+0x507/0x7e0 [mac80211]
[ T843] ? ieee80211_stop+0x53/0x190 [mac80211]
[ T843] ? __dev_close_many+0xa5/0x120
[ T843] ? __dev_change_flags+0x18c/0x220
[ T843] ? dev_change_flags+0x21/0x60
[ T843] ? do_setlink+0xdf9/0x11d0
[ T843] ? srso_alias_return_thunk+0x5/0xfbef5
[ T843] ? srso_alias_return_thunk+0x5/0xfbef5
[ T843] ? security_sock_rcv_skb+0x33/0x50
[ T843] ? srso_alias_return_thunk+0x5/0xfbef5
[ T843] ? srso_alias_return_thunk+0x5/0xfbef5
[ T843] ? __nla_validate_parse+0x61/0xd10
[ T843] ? srso_alias_return_thunk+0x5/0xfbef5
[ T843] ? genl_done+0x53/0x80
[ T843] ? srso_alias_return_thunk+0x5/0xfbef5
[ T843] ? netlink_dump+0x357/0x410
[ T843] ? __rtnl_newlink+0x5d6/0x980
[ T843] ? srso_alias_return_thunk+0x5/0xfbef5
[ T843] ? genl_family_rcv_msg_dumpit+0xdf/0xf0
[ T843] ? srso_alias_return_thunk+0x5/0xfbef5
[ T843] ? __kmalloc_cache_noprof+0x44/0x210
[ T843] ? rtnl_newlink+0x42/0x60
[ T843] ? rtnetlink_rcv_msg+0x152/0x3f0
[ T843] ? mptcp_pm_nl_dump_addr+0x180/0x180
[ T843] ? rtnl_calcit.isra.0+0x130/0x130
[ T843] ? netlink_rcv_skb+0x56/0x100
[ T843] ? netlink_unicast+0x199/0x290
[ T843] ? netlink_sendmsg+0x21d/0x490
[ T843] ? __sock_sendmsg+0x78/0x80
[ T843] ? ____sys_sendmsg+0x23f/0x2e0
[ T843] ? srso_alias_return_thunk+0x5/0xfbef5
[ T843] ? copy_msghdr_from_user+0x68/0xa0
[ T843] ? ___sys_sendmsg+0x81/0xd0
[ T843] ? srso_alias_return_thunk+0x5/0xfbef5
[ T843] ? crng_fast_key_erasure+0xbc/0xf0
[ T843] ? srso_alias_return_thunk+0x5/0xfbef5
[ T843] ? get_random_bytes_user+0x126/0x140
[ T843] ? srso_alias_return_thunk+0x5/0xfbef5
[ T843] ? __fdget+0xb1/0xe0
[ T843] ? __sys_sendmsg+0x56/0xa0
[ T843] ? srso_alias_return_thunk+0x5/0xfbef5
[ T843] ? do_syscall_64+0x5f/0x170
[ T843] ? entry_SYSCALL_64_after_hwframe+0x55/0x5d
[ T843] </TASK>
Fixes: 1541d63c5fe2 ("wifi: mt76: mt7925: add mt7925_mac_link_bss_remove to remove per-link BSS")
Reported-by: Bert Karwatzki <spasswolf@web.de>
Closes: https://lore.kernel.org/linux-wireless/2fee61f8c903d02a900ca3188c3742c7effd102e.camel@web.de/#b
Signed-off-by: Sean Wang <sean.wang@mediatek.com>
---
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/main.c b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
index 2e6268cb06c0..1bab93d049df 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7921/main.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
@@ -303,6 +303,7 @@ mt7921_add_interface(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
mvif->bss_conf.mt76.omac_idx = mvif->bss_conf.mt76.idx;
mvif->phy = phy;
+ mvif->bss_conf.vif = mvif;
mvif->bss_conf.mt76.band_idx = 0;
mvif->bss_conf.mt76.wmm_idx = mvif->bss_conf.mt76.idx % MT76_CONNAC_MAX_WMM_SETS;
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: [PATCH] wifi: mt76: mt7921: fix null pointer access in mt792x_mac_link_bss_remove
2024-07-18 23:46 [PATCH] wifi: mt76: mt7921: fix null pointer access in mt792x_mac_link_bss_remove sean.wang
@ 2024-07-19 11:26 ` Bert Karwatzki
2024-07-24 9:36 ` Linux regression tracking (Thorsten Leemhuis)
1 sibling, 0 replies; 16+ messages in thread
From: Bert Karwatzki @ 2024-07-19 11:26 UTC (permalink / raw)
To: sean.wang, nbd, lorenzo.bianconi
Cc: sean.wang, deren.wu, mingyen.hsieh, linux-wireless,
linux-mediatek, spasswolf
Am Donnerstag, dem 18.07.2024 um 16:46 -0700 schrieb sean.wang@kernel.org:
> From: Sean Wang <sean.wang@mediatek.com>
>
> Fix null pointer access in mt792x_mac_link_bss_remove.
>
> To prevent null pointer access, we should assign the vif to bss_conf in
> mt7921_add_interface. This ensures that subsequent operations on the BSS
> can properly reference the correct vif.
>
> [ T843] Call Trace:
> [ T843] <TASK>
> [ T843] ? __die+0x1e/0x60
> [ T843] ? page_fault_oops+0x157/0x450
> [ T843] ? srso_alias_return_thunk+0x5/0xfbef5
> [ T843] ? srso_alias_return_thunk+0x5/0xfbef5
> [ T843] ? search_bpf_extables+0x5a/0x80
> [ T843] ? srso_alias_return_thunk+0x5/0xfbef5
> [ T843] ? exc_page_fault+0x2bb/0x670
> [ T843] ? srso_alias_return_thunk+0x5/0xfbef5
> [ T843] ? lock_timer_base+0x71/0x90
> [ T843] ? asm_exc_page_fault+0x26/0x30
> [ T843] ? mt792x_mac_link_bss_remove+0x24/0x110 [mt792x_lib]
> [ T843] ? mt792x_remove_interface+0x6e/0x90 [mt792x_lib]
> [ T843] ? ieee80211_do_stop+0x507/0x7e0 [mac80211]
> [ T843] ? ieee80211_stop+0x53/0x190 [mac80211]
> [ T843] ? __dev_close_many+0xa5/0x120
> [ T843] ? __dev_change_flags+0x18c/0x220
> [ T843] ? dev_change_flags+0x21/0x60
> [ T843] ? do_setlink+0xdf9/0x11d0
> [ T843] ? srso_alias_return_thunk+0x5/0xfbef5
> [ T843] ? srso_alias_return_thunk+0x5/0xfbef5
> [ T843] ? security_sock_rcv_skb+0x33/0x50
> [ T843] ? srso_alias_return_thunk+0x5/0xfbef5
> [ T843] ? srso_alias_return_thunk+0x5/0xfbef5
> [ T843] ? __nla_validate_parse+0x61/0xd10
> [ T843] ? srso_alias_return_thunk+0x5/0xfbef5
> [ T843] ? genl_done+0x53/0x80
> [ T843] ? srso_alias_return_thunk+0x5/0xfbef5
> [ T843] ? netlink_dump+0x357/0x410
> [ T843] ? __rtnl_newlink+0x5d6/0x980
> [ T843] ? srso_alias_return_thunk+0x5/0xfbef5
> [ T843] ? genl_family_rcv_msg_dumpit+0xdf/0xf0
> [ T843] ? srso_alias_return_thunk+0x5/0xfbef5
> [ T843] ? __kmalloc_cache_noprof+0x44/0x210
> [ T843] ? rtnl_newlink+0x42/0x60
> [ T843] ? rtnetlink_rcv_msg+0x152/0x3f0
> [ T843] ? mptcp_pm_nl_dump_addr+0x180/0x180
> [ T843] ? rtnl_calcit.isra.0+0x130/0x130
> [ T843] ? netlink_rcv_skb+0x56/0x100
> [ T843] ? netlink_unicast+0x199/0x290
> [ T843] ? netlink_sendmsg+0x21d/0x490
> [ T843] ? __sock_sendmsg+0x78/0x80
> [ T843] ? ____sys_sendmsg+0x23f/0x2e0
> [ T843] ? srso_alias_return_thunk+0x5/0xfbef5
> [ T843] ? copy_msghdr_from_user+0x68/0xa0
> [ T843] ? ___sys_sendmsg+0x81/0xd0
> [ T843] ? srso_alias_return_thunk+0x5/0xfbef5
> [ T843] ? crng_fast_key_erasure+0xbc/0xf0
> [ T843] ? srso_alias_return_thunk+0x5/0xfbef5
> [ T843] ? get_random_bytes_user+0x126/0x140
> [ T843] ? srso_alias_return_thunk+0x5/0xfbef5
> [ T843] ? __fdget+0xb1/0xe0
> [ T843] ? __sys_sendmsg+0x56/0xa0
> [ T843] ? srso_alias_return_thunk+0x5/0xfbef5
> [ T843] ? do_syscall_64+0x5f/0x170
> [ T843] ? entry_SYSCALL_64_after_hwframe+0x55/0x5d
> [ T843] </TASK>
>
> Fixes: 1541d63c5fe2 ("wifi: mt76: mt7925: add mt7925_mac_link_bss_remove to remove per-link BSS")
> Reported-by: Bert Karwatzki <spasswolf@web.de>
> Closes: https://lore.kernel.org/linux-wireless/2fee61f8c903d02a900ca3188c3742c7effd102e.camel@web.de/#b
> Signed-off-by: Sean Wang <sean.wang@mediatek.com>
> ---
> drivers/net/wireless/mediatek/mt76/mt7921/main.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/main.c b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
> index 2e6268cb06c0..1bab93d049df 100644
> --- a/drivers/net/wireless/mediatek/mt76/mt7921/main.c
> +++ b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
> @@ -303,6 +303,7 @@ mt7921_add_interface(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
>
> mvif->bss_conf.mt76.omac_idx = mvif->bss_conf.mt76.idx;
> mvif->phy = phy;
> + mvif->bss_conf.vif = mvif;
> mvif->bss_conf.mt76.band_idx = 0;
> mvif->bss_conf.mt76.wmm_idx = mvif->bss_conf.mt76.idx % MT76_CONNAC_MAX_WMM_SETS;
>
I've been testing this since you suggested it on 11.7.2024 and it works fine.
Tested-by: Bert Karwatzki <spasswolf@web.de>
Bert Karwatzki
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] wifi: mt76: mt7921: fix null pointer access in mt792x_mac_link_bss_remove
2024-07-18 23:46 [PATCH] wifi: mt76: mt7921: fix null pointer access in mt792x_mac_link_bss_remove sean.wang
2024-07-19 11:26 ` Bert Karwatzki
@ 2024-07-24 9:36 ` Linux regression tracking (Thorsten Leemhuis)
2024-07-29 10:51 ` Bert Karwatzki
2024-08-01 12:38 ` Mike Lothian
1 sibling, 2 replies; 16+ messages in thread
From: Linux regression tracking (Thorsten Leemhuis) @ 2024-07-24 9:36 UTC (permalink / raw)
To: sean.wang, nbd, lorenzo.bianconi
Cc: sean.wang, deren.wu, mingyen.hsieh, linux-wireless,
linux-mediatek, Bert Karwatzki, Mike Lothian,
Linux kernel regressions list
On 19.07.24 01:46, sean.wang@kernel.org wrote:
> From: Sean Wang <sean.wang@mediatek.com>
>
> Fix null pointer access in mt792x_mac_link_bss_remove.
>
> To prevent null pointer access, we should assign the vif to bss_conf in
> mt7921_add_interface. This ensures that subsequent operations on the BSS
> can properly reference the correct vif.
>
> [...]
>> Fixes: 1541d63c5fe2 ("wifi: mt76: mt7925: add
mt7925_mac_link_bss_remove to remove per-link BSS")
> Reported-by: Bert Karwatzki <spasswolf@web.de>
> Closes: https://lore.kernel.org/linux-wireless/2fee61f8c903d02a900ca3188c3742c7effd102e.camel@web.de/#b
> Signed-off-by: Sean Wang <sean.wang@mediatek.com>
TWIMC, Mike (now CCed) ran into the problem and on bugzilla confirmed
that this fixes the problem:
https://bugzilla.kernel.org/show_bug.cgi?id=219084
https://lore.kernel.org/all/CAHbf0-HOS-jdRGvJOBmEgaaox3PDbDSTgnnZkZF9pz37Bmh2iw@mail.gmail.com/
Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)
--
Everything you wanna know about Linux kernel regression tracking:
https://linux-regtracking.leemhuis.info/about/#tldr
If I did something stupid, please tell me, as explained on that page.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] wifi: mt76: mt7921: fix null pointer access in mt792x_mac_link_bss_remove
2024-07-24 9:36 ` Linux regression tracking (Thorsten Leemhuis)
@ 2024-07-29 10:51 ` Bert Karwatzki
2024-07-29 13:49 ` Linux regression tracking (Thorsten Leemhuis)
2024-08-01 12:38 ` Mike Lothian
1 sibling, 1 reply; 16+ messages in thread
From: Bert Karwatzki @ 2024-07-29 10:51 UTC (permalink / raw)
To: Linux regressions mailing list, sean.wang, nbd, lorenzo.bianconi
Cc: sean.wang, deren.wu, mingyen.hsieh, linux-wireless,
linux-mediatek, Mike Lothian, spasswolf
Am Mittwoch, dem 24.07.2024 um 11:36 +0200 schrieb Linux regression tracking
(Thorsten Leemhuis):
>
> On 19.07.24 01:46, sean.wang@kernel.org wrote:
> > From: Sean Wang <sean.wang@mediatek.com>
> >
> > Fix null pointer access in mt792x_mac_link_bss_remove.
> >
> > To prevent null pointer access, we should assign the vif to bss_conf in
> > mt7921_add_interface. This ensures that subsequent operations on the BSS
> > can properly reference the correct vif.
> >
> > [...]
> > > Fixes: 1541d63c5fe2 ("wifi: mt76: mt7925: add
> mt7925_mac_link_bss_remove to remove per-link BSS")
> > Reported-by: Bert Karwatzki <spasswolf@web.de>
> > Closes: https://lore.kernel.org/linux-wireless/2fee61f8c903d02a900ca3188c3742c7effd102e.camel@web.de/#b
> > Signed-off-by: Sean Wang <sean.wang@mediatek.com>
>
> TWIMC, Mike (now CCed) ran into the problem and on bugzilla confirmed
> that this fixes the problem:
>
> https://bugzilla.kernel.org/show_bug.cgi?id=219084
> https://lore.kernel.org/all/CAHbf0-HOS-jdRGvJOBmEgaaox3PDbDSTgnnZkZF9pz37Bmh2iw@mail.gmail.com/
>
> Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)
> --
> Everything you wanna know about Linux kernel regression tracking:
> https://linux-regtracking.leemhuis.info/about/#tldr
> If I did something stupid, please tell me, as explained on that page.
Unfortunately this NULL pointer dereference made it into linux-6.11-rc1.
Bert Karwatzki
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] wifi: mt76: mt7921: fix null pointer access in mt792x_mac_link_bss_remove
2024-07-29 10:51 ` Bert Karwatzki
@ 2024-07-29 13:49 ` Linux regression tracking (Thorsten Leemhuis)
0 siblings, 0 replies; 16+ messages in thread
From: Linux regression tracking (Thorsten Leemhuis) @ 2024-07-29 13:49 UTC (permalink / raw)
To: Bert Karwatzki, Linux regressions mailing list, sean.wang, nbd,
lorenzo.bianconi
Cc: sean.wang, deren.wu, mingyen.hsieh, linux-wireless,
linux-mediatek, Mike Lothian
On 29.07.24 12:51, Bert Karwatzki wrote:
> Am Mittwoch, dem 24.07.2024 um 11:36 +0200 schrieb Linux regression tracking
> (Thorsten Leemhuis):
>>
>> On 19.07.24 01:46, sean.wang@kernel.org wrote:
>>> From: Sean Wang <sean.wang@mediatek.com>
>>>
>>> Fix null pointer access in mt792x_mac_link_bss_remove.
>>>
>>> To prevent null pointer access, we should assign the vif to bss_conf in
>>> mt7921_add_interface. This ensures that subsequent operations on the BSS
>>> can properly reference the correct vif.
>>>
>>> [...]
>>>> Fixes: 1541d63c5fe2 ("wifi: mt76: mt7925: add
>> mt7925_mac_link_bss_remove to remove per-link BSS")
>>> Reported-by: Bert Karwatzki <spasswolf@web.de>
>>> Closes: https://lore.kernel.org/linux-wireless/2fee61f8c903d02a900ca3188c3742c7effd102e.camel@web.de/#b
>>> Signed-off-by: Sean Wang <sean.wang@mediatek.com>
>>
>> TWIMC, Mike (now CCed) ran into the problem and on bugzilla confirmed
>> that this fixes the problem:
>>
>> https://bugzilla.kernel.org/show_bug.cgi?id=219084
>> https://lore.kernel.org/all/CAHbf0-HOS-jdRGvJOBmEgaaox3PDbDSTgnnZkZF9pz37Bmh2iw@mail.gmail.com/
>
> Unfortunately this NULL pointer dereference made it into linux-6.11-rc1.
Thx for letting us known. Seems this happened due to unlucky timing. But
the fix afaics will be part of this weeks -net pull , so it should be
fixed by -rc2 unless something odd happens. Ciao, Thorsten
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] wifi: mt76: mt7921: fix null pointer access in mt792x_mac_link_bss_remove
2024-07-24 9:36 ` Linux regression tracking (Thorsten Leemhuis)
2024-07-29 10:51 ` Bert Karwatzki
@ 2024-08-01 12:38 ` Mike Lothian
2024-08-01 16:57 ` Bert Karwatzki
1 sibling, 1 reply; 16+ messages in thread
From: Mike Lothian @ 2024-08-01 12:38 UTC (permalink / raw)
To: Linux regressions mailing list
Cc: sean.wang, nbd, lorenzo.bianconi, sean.wang, deren.wu,
mingyen.hsieh, linux-wireless, linux-mediatek, Bert Karwatzki
I also saw the following after I restarted my router on two machines -
they both have this fix applied already:
Aug 01 08:59:33 quark kernel: BUG: kernel NULL pointer dereference,
address: 0000000000000008
Aug 01 08:59:33 quark kernel: #PF: supervisor read access in kernel mode
Aug 01 08:59:33 quark kernel: #PF: error_code(0x0000) - not-present page
Aug 01 08:59:33 quark kernel: PGD 0 P4D 0
Aug 01 08:59:33 quark kernel: Oops: Oops: 0000 [#1] PREEMPT SMP
Aug 01 08:59:33 quark kernel: CPU: 13 UID: 0 PID: 468 Comm:
NetworkManager Not tainted 6.11.0-rc1-tip+ #3200
9c927d6f3c59d826d15d8e39c195392d1d16b8a8
Aug 01 08:59:33 quark kernel: Hardware name: Micro Computer (HK) Tech
Limited EliteMini Series/HPBSD, BIOS 1.02 03/28/2024
Aug 01 08:59:33 quark kernel: RIP: 0010:mt7921_ipv6_addr_change
Aug 01 08:59:33 quark kernel: Code: 41 57 41 56 41 54 53 48 83 e4 f0
48 83 ec 50 48 8b 86 70 09 00 00 0f b6 8e 90 04 00 00 4c 8d ba 68 02
00 00 49 89 d6 4c 89 ff <48> 8b 58 08 88 4c 24 04 66 c7 44 24 05 00 00
c6 44 24 07 00 66 c7
Aug 01 08:59:33 quark kernel: RSP: 0018:ffffc900069373b0 EFLAGS: 00010282
Aug 01 08:59:33 quark kernel: RAX: 0000000000000000 RBX:
ffff888106740920 RCX: 0000000000000000
Aug 01 08:59:33 quark kernel: RDX: ffff888106854800 RSI:
ffff88810bb35ca0 RDI: ffff888106854a68
Aug 01 08:59:33 quark kernel: RBP: ffffc90006937420 R08:
0000000000000000 R09: ffff888104c98200
Aug 01 08:59:33 quark kernel: R10: ffffffff7fff0000 R11:
0000000000000020 R12: 0000000000000002
Aug 01 08:59:33 quark kernel: R13: 0000000000000000 R14:
ffff888106854800 R15: ffff888106854a68
Aug 01 08:59:33 quark kernel: FS: 00007f4265049400(0000)
GS:ffff888c2df40000(0000) knlGS:0000000000000000
Aug 01 08:59:33 quark kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Aug 01 08:59:33 quark kernel: CR2: 0000000000000008 CR3:
0000000117250000 CR4: 0000000000350ef0
Aug 01 08:59:33 quark kernel: Call Trace:
Aug 01 08:59:33 quark kernel: <TASK>
Aug 01 08:59:33 quark kernel: ? __die_body+0x66/0xb0
Aug 01 08:59:33 quark kernel: ? page_fault_oops+0x39a/0x410
Aug 01 08:59:33 quark kernel: ? exc_page_fault+0x59/0xa0
Aug 01 08:59:33 quark kernel: ? asm_exc_page_fault+0x22/0x30
Aug 01 08:59:33 quark kernel: ? mt7921_ipv6_addr_change
Aug 01 08:59:33 quark kernel: ? __try_to_del_timer_sync
Aug 01 08:59:33 quark kernel: ieee80211_ifa6_changed+0x68/0x120
Aug 01 08:59:33 quark kernel: atomic_notifier_call_chain+0x45/0xc0
Aug 01 08:59:33 quark kernel: addrconf_ifdown+0x521/0x7d0
Aug 01 08:59:33 quark kernel: addrconf_notify+0x1ed/0x4a0
Aug 01 08:59:33 quark kernel: raw_notifier_call_chain+0x45/0xb0
Aug 01 08:59:33 quark kernel: __dev_notify_flags+0xf4/0x200
Aug 01 08:59:33 quark kernel: dev_change_flags+0x49/0x50
Aug 01 08:59:33 quark kernel: do_setlink+0x49b/0x1300
Aug 01 08:59:33 quark kernel: ? terminate_walk+0x6b/0x100
Aug 01 08:59:33 quark kernel: ? __nla_validate_parse
Aug 01 08:59:33 quark kernel: ? filename_lookup+0xc7/0x1b0
Aug 01 08:59:33 quark kernel: rtnl_newlink+0xb6a/0xde0
Aug 01 08:59:33 quark kernel: ? __wake_up_sync_key+0x51/0x80
Aug 01 08:59:33 quark kernel: ? scm_destroy+0xc/0x30
Aug 01 08:59:33 quark kernel: ? security_capable+0x38/0x50
Aug 01 08:59:33 quark kernel: rtnetlink_rcv_msg+0x2dd/0x330
Aug 01 08:59:33 quark kernel: ? select_task_rq_fair
Aug 01 08:59:33 quark kernel: ? rtnetlink_bind+0x30/0x30
Aug 01 08:59:33 quark kernel: netlink_rcv_skb+0xb5/0xf0
Aug 01 08:59:33 quark kernel: netlink_unicast+0x230/0x330
Aug 01 08:59:33 quark kernel: netlink_sendmsg+0x3b1/0x460
Aug 01 08:59:33 quark kernel: ____sys_sendmsg
Aug 01 08:59:33 quark kernel: ? chacha_block_generic+0x6a/0x130
Aug 01 08:59:33 quark kernel: ___sys_sendmsg+0x282/0x2a0
Aug 01 08:59:33 quark kernel: ? __fget_files+0x95/0xb0
Aug 01 08:59:33 quark kernel: __se_sys_sendmsg+0xf4/0x120
Aug 01 08:59:33 quark kernel: do_syscall_64+0x7e/0x130
Aug 01 08:59:33 quark kernel: ? pollwake+0x52/0x60
Aug 01 08:59:33 quark kernel: ? do_task_dead+0x50/0x50
Aug 01 08:59:33 quark kernel: ? __wake_up_locked_key+0x48/0x70
Aug 01 08:59:33 quark kernel: ? eventfd_write+0x193/0x1b0
Aug 01 08:59:33 quark kernel: ? syscall_exit_to_user_mode+0x93/0xc0
Aug 01 08:59:33 quark kernel: ? vfs_write+0xfa/0x3d0
Aug 01 08:59:33 quark kernel: ? __fget_files+0x95/0xb0
Aug 01 08:59:33 quark kernel: ? __fget_files+0x95/0xb0
Aug 01 08:59:33 quark kernel: ? ksys_write+0x8f/0xb0
Aug 01 08:59:33 quark kernel: ? arch_exit_to_user_mode_prepare+0x11/0x50
Aug 01 08:59:33 quark kernel: ? syscall_exit_to_user_mode+0x93/0xc0
Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
Aug 01 08:59:33 quark kernel: ? syscall_exit_to_user_mode+0x93/0xc0
Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
Aug 01 08:59:33 quark kernel: ? arch_exit_to_user_mode_prepare+0x11/0x50
Aug 01 08:59:33 quark kernel: entry_SYSCALL_64_after_hwframe+0x4b/0x53
Aug 01 08:59:33 quark kernel: RIP: 0033:0x7f4264d31fae
Aug 01 08:59:33 quark kernel: Code: 20 89 54 24 1c 48 89 74 24 10 89
7c 24 08 e8 a9 75 f7 ff 41 89 c0 8b 54 24 1c 48 8b 74 24 10 b8 2e 00
00 00 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 3a 44 89 c7 48 89 44 24
08 e8 fd 75 f7 ff 48
Aug 01 08:59:33 quark kernel: RSP: 002b:00007ffff4b1afa0 EFLAGS:
00000293 ORIG_RAX: 000000000000002e
Aug 01 08:59:33 quark kernel: RAX: ffffffffffffffda RBX:
000055c35260c570 RCX: 00007f4264d31fae
Aug 01 08:59:33 quark kernel: RDX: 0000000000000000 RSI:
00007ffff4b1afe0 RDI: 000000000000000d
Aug 01 08:59:33 quark kernel: RBP: 00007ffff4b1b050 R08:
0000000000000000 R09: 0000000000000000
Aug 01 08:59:33 quark kernel: R10: 000000000000009d R11:
0000000000000293 R12: 0000000000000004
Aug 01 08:59:33 quark kernel: R13: 0000000000000000 R14:
0000000000000000 R15: 0000000000000000
Aug 01 08:59:33 quark kernel: </TASK>
Aug 01 08:59:33 quark kernel: Modules linked in:
Aug 01 08:59:33 quark kernel: CR2: 0000000000000008
Aug 01 08:59:33 quark kernel: ---[ end trace 0000000000000000 ]---
Aug 01 08:59:33 quark kernel: RIP: 0010:mt7921_ipv6_addr_change
Aug 01 08:59:33 quark kernel: Code: 41 57 41 56 41 54 53 48 83 e4 f0
48 83 ec 50 48 8b 86 70 09 00 00 0f b6 8e 90 04 00 00 4c 8d ba 68 02
00 00 49 89 d6 4c 89 ff <48> 8b 58 08 88 4c 24 04 66 c7 44 24 05 00 00
c6 44 24 07 00 66 c7
Aug 01 08:59:33 quark kernel: RSP: 0018:ffffc900069373b0 EFLAGS: 00010282
Aug 01 08:59:33 quark kernel: RAX: 0000000000000000 RBX:
ffff888106740920 RCX: 0000000000000000
Aug 01 08:59:33 quark kernel: RDX: ffff888106854800 RSI:
ffff88810bb35ca0 RDI: ffff888106854a68
Aug 01 08:59:33 quark kernel: RBP: ffffc90006937420 R08:
0000000000000000 R09: ffff888104c98200
Aug 01 08:59:33 quark kernel: R10: ffffffff7fff0000 R11:
0000000000000020 R12: 0000000000000002
Aug 01 08:59:33 quark kernel: R13: 0000000000000000 R14:
ffff888106854800 R15: ffff888106854a68
Aug 01 08:59:33 quark kernel: FS: 00007f4265049400(0000)
GS:ffff888c2df40000(0000) knlGS:0000000000000000
Aug 01 08:59:33 quark kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Aug 01 08:59:33 quark kernel: CR2: 0000000000000008 CR3:
0000000117250000 CR4: 0000000000350ef0
On Wed, 24 Jul 2024 at 10:36, Linux regression tracking (Thorsten
Leemhuis) <regressions@leemhuis.info> wrote:
>
>
>
> On 19.07.24 01:46, sean.wang@kernel.org wrote:
> > From: Sean Wang <sean.wang@mediatek.com>
> >
> > Fix null pointer access in mt792x_mac_link_bss_remove.
> >
> > To prevent null pointer access, we should assign the vif to bss_conf in
> > mt7921_add_interface. This ensures that subsequent operations on the BSS
> > can properly reference the correct vif.
> >
> > [...]
> >> Fixes: 1541d63c5fe2 ("wifi: mt76: mt7925: add
> mt7925_mac_link_bss_remove to remove per-link BSS")
> > Reported-by: Bert Karwatzki <spasswolf@web.de>
> > Closes: https://lore.kernel.org/linux-wireless/2fee61f8c903d02a900ca3188c3742c7effd102e.camel@web.de/#b
> > Signed-off-by: Sean Wang <sean.wang@mediatek.com>
>
> TWIMC, Mike (now CCed) ran into the problem and on bugzilla confirmed
> that this fixes the problem:
>
> https://bugzilla.kernel.org/show_bug.cgi?id=219084
> https://lore.kernel.org/all/CAHbf0-HOS-jdRGvJOBmEgaaox3PDbDSTgnnZkZF9pz37Bmh2iw@mail.gmail.com/
>
> Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)
> --
> Everything you wanna know about Linux kernel regression tracking:
> https://linux-regtracking.leemhuis.info/about/#tldr
> If I did something stupid, please tell me, as explained on that page.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] wifi: mt76: mt7921: fix null pointer access in mt792x_mac_link_bss_remove
2024-08-01 12:38 ` Mike Lothian
@ 2024-08-01 16:57 ` Bert Karwatzki
2024-08-27 16:30 ` Mike Lothian
0 siblings, 1 reply; 16+ messages in thread
From: Bert Karwatzki @ 2024-08-01 16:57 UTC (permalink / raw)
To: Mike Lothian, Linux regressions mailing list
Cc: sean.wang, nbd, lorenzo.bianconi, sean.wang, deren.wu,
mingyen.hsieh, linux-wireless, linux-mediatek, spasswolf
Am Donnerstag, dem 01.08.2024 um 13:38 +0100 schrieb Mike Lothian:
> I also saw the following after I restarted my router on two machines -
> they both have this fix applied already:
>
> Aug 01 08:59:33 quark kernel: BUG: kernel NULL pointer dereference,
> address: 0000000000000008
> Aug 01 08:59:33 quark kernel: #PF: supervisor read access in kernel mode
> Aug 01 08:59:33 quark kernel: #PF: error_code(0x0000) - not-present page
> Aug 01 08:59:33 quark kernel: PGD 0 P4D 0
> Aug 01 08:59:33 quark kernel: Oops: Oops: 0000 [#1] PREEMPT SMP
> Aug 01 08:59:33 quark kernel: CPU: 13 UID: 0 PID: 468 Comm:
> NetworkManager Not tainted 6.11.0-rc1-tip+ #3200
> 9c927d6f3c59d826d15d8e39c195392d1d16b8a8
> Aug 01 08:59:33 quark kernel: Hardware name: Micro Computer (HK) Tech
> Limited EliteMini Series/HPBSD, BIOS 1.02 03/28/2024
> Aug 01 08:59:33 quark kernel: RIP: 0010:mt7921_ipv6_addr_change
> Aug 01 08:59:33 quark kernel: Code: 41 57 41 56 41 54 53 48 83 e4 f0
> 48 83 ec 50 48 8b 86 70 09 00 00 0f b6 8e 90 04 00 00 4c 8d ba 68 02
> 00 00 49 89 d6 4c 89 ff <48> 8b 58 08 88 4c 24 04 66 c7 44 24 05 00 00
> c6 44 24 07 00 66 c7
> Aug 01 08:59:33 quark kernel: RSP: 0018:ffffc900069373b0 EFLAGS: 00010282
> Aug 01 08:59:33 quark kernel: RAX: 0000000000000000 RBX:
> ffff888106740920 RCX: 0000000000000000
> Aug 01 08:59:33 quark kernel: RDX: ffff888106854800 RSI:
> ffff88810bb35ca0 RDI: ffff888106854a68
> Aug 01 08:59:33 quark kernel: RBP: ffffc90006937420 R08:
> 0000000000000000 R09: ffff888104c98200
> Aug 01 08:59:33 quark kernel: R10: ffffffff7fff0000 R11:
> 0000000000000020 R12: 0000000000000002
> Aug 01 08:59:33 quark kernel: R13: 0000000000000000 R14:
> ffff888106854800 R15: ffff888106854a68
> Aug 01 08:59:33 quark kernel: FS: 00007f4265049400(0000)
> GS:ffff888c2df40000(0000) knlGS:0000000000000000
> Aug 01 08:59:33 quark kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> Aug 01 08:59:33 quark kernel: CR2: 0000000000000008 CR3:
> 0000000117250000 CR4: 0000000000350ef0
> Aug 01 08:59:33 quark kernel: Call Trace:
> Aug 01 08:59:33 quark kernel: <TASK>
> Aug 01 08:59:33 quark kernel: ? __die_body+0x66/0xb0
> Aug 01 08:59:33 quark kernel: ? page_fault_oops+0x39a/0x410
> Aug 01 08:59:33 quark kernel: ? exc_page_fault+0x59/0xa0
> Aug 01 08:59:33 quark kernel: ? asm_exc_page_fault+0x22/0x30
> Aug 01 08:59:33 quark kernel: ? mt7921_ipv6_addr_change
> Aug 01 08:59:33 quark kernel: ? __try_to_del_timer_sync
> Aug 01 08:59:33 quark kernel: ieee80211_ifa6_changed+0x68/0x120
> Aug 01 08:59:33 quark kernel: atomic_notifier_call_chain+0x45/0xc0
> Aug 01 08:59:33 quark kernel: addrconf_ifdown+0x521/0x7d0
> Aug 01 08:59:33 quark kernel: addrconf_notify+0x1ed/0x4a0
> Aug 01 08:59:33 quark kernel: raw_notifier_call_chain+0x45/0xb0
> Aug 01 08:59:33 quark kernel: __dev_notify_flags+0xf4/0x200
> Aug 01 08:59:33 quark kernel: dev_change_flags+0x49/0x50
> Aug 01 08:59:33 quark kernel: do_setlink+0x49b/0x1300
> Aug 01 08:59:33 quark kernel: ? terminate_walk+0x6b/0x100
> Aug 01 08:59:33 quark kernel: ? __nla_validate_parse
> Aug 01 08:59:33 quark kernel: ? filename_lookup+0xc7/0x1b0
> Aug 01 08:59:33 quark kernel: rtnl_newlink+0xb6a/0xde0
> Aug 01 08:59:33 quark kernel: ? __wake_up_sync_key+0x51/0x80
> Aug 01 08:59:33 quark kernel: ? scm_destroy+0xc/0x30
> Aug 01 08:59:33 quark kernel: ? security_capable+0x38/0x50
> Aug 01 08:59:33 quark kernel: rtnetlink_rcv_msg+0x2dd/0x330
> Aug 01 08:59:33 quark kernel: ? select_task_rq_fair
> Aug 01 08:59:33 quark kernel: ? rtnetlink_bind+0x30/0x30
> Aug 01 08:59:33 quark kernel: netlink_rcv_skb+0xb5/0xf0
> Aug 01 08:59:33 quark kernel: netlink_unicast+0x230/0x330
> Aug 01 08:59:33 quark kernel: netlink_sendmsg+0x3b1/0x460
> Aug 01 08:59:33 quark kernel: ____sys_sendmsg
> Aug 01 08:59:33 quark kernel: ? chacha_block_generic+0x6a/0x130
> Aug 01 08:59:33 quark kernel: ___sys_sendmsg+0x282/0x2a0
> Aug 01 08:59:33 quark kernel: ? __fget_files+0x95/0xb0
> Aug 01 08:59:33 quark kernel: __se_sys_sendmsg+0xf4/0x120
> Aug 01 08:59:33 quark kernel: do_syscall_64+0x7e/0x130
> Aug 01 08:59:33 quark kernel: ? pollwake+0x52/0x60
> Aug 01 08:59:33 quark kernel: ? do_task_dead+0x50/0x50
> Aug 01 08:59:33 quark kernel: ? __wake_up_locked_key+0x48/0x70
> Aug 01 08:59:33 quark kernel: ? eventfd_write+0x193/0x1b0
> Aug 01 08:59:33 quark kernel: ? syscall_exit_to_user_mode+0x93/0xc0
> Aug 01 08:59:33 quark kernel: ? vfs_write+0xfa/0x3d0
> Aug 01 08:59:33 quark kernel: ? __fget_files+0x95/0xb0
> Aug 01 08:59:33 quark kernel: ? __fget_files+0x95/0xb0
> Aug 01 08:59:33 quark kernel: ? ksys_write+0x8f/0xb0
> Aug 01 08:59:33 quark kernel: ? arch_exit_to_user_mode_prepare+0x11/0x50
> Aug 01 08:59:33 quark kernel: ? syscall_exit_to_user_mode+0x93/0xc0
> Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
> Aug 01 08:59:33 quark kernel: ? syscall_exit_to_user_mode+0x93/0xc0
> Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
> Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
> Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
> Aug 01 08:59:33 quark kernel: ? arch_exit_to_user_mode_prepare+0x11/0x50
> Aug 01 08:59:33 quark kernel: entry_SYSCALL_64_after_hwframe+0x4b/0x53
> Aug 01 08:59:33 quark kernel: RIP: 0033:0x7f4264d31fae
> Aug 01 08:59:33 quark kernel: Code: 20 89 54 24 1c 48 89 74 24 10 89
> 7c 24 08 e8 a9 75 f7 ff 41 89 c0 8b 54 24 1c 48 8b 74 24 10 b8 2e 00
> 00 00 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 3a 44 89 c7 48 89 44 24
> 08 e8 fd 75 f7 ff 48
> Aug 01 08:59:33 quark kernel: RSP: 002b:00007ffff4b1afa0 EFLAGS:
> 00000293 ORIG_RAX: 000000000000002e
> Aug 01 08:59:33 quark kernel: RAX: ffffffffffffffda RBX:
> 000055c35260c570 RCX: 00007f4264d31fae
> Aug 01 08:59:33 quark kernel: RDX: 0000000000000000 RSI:
> 00007ffff4b1afe0 RDI: 000000000000000d
> Aug 01 08:59:33 quark kernel: RBP: 00007ffff4b1b050 R08:
> 0000000000000000 R09: 0000000000000000
> Aug 01 08:59:33 quark kernel: R10: 000000000000009d R11:
> 0000000000000293 R12: 0000000000000004
> Aug 01 08:59:33 quark kernel: R13: 0000000000000000 R14:
> 0000000000000000 R15: 0000000000000000
> Aug 01 08:59:33 quark kernel: </TASK>
> Aug 01 08:59:33 quark kernel: Modules linked in:
> Aug 01 08:59:33 quark kernel: CR2: 0000000000000008
> Aug 01 08:59:33 quark kernel: ---[ end trace 0000000000000000 ]---
> Aug 01 08:59:33 quark kernel: RIP: 0010:mt7921_ipv6_addr_change
> Aug 01 08:59:33 quark kernel: Code: 41 57 41 56 41 54 53 48 83 e4 f0
> 48 83 ec 50 48 8b 86 70 09 00 00 0f b6 8e 90 04 00 00 4c 8d ba 68 02
> 00 00 49 89 d6 4c 89 ff <48> 8b 58 08 88 4c 24 04 66 c7 44 24 05 00 00
> c6 44 24 07 00 66 c7
> Aug 01 08:59:33 quark kernel: RSP: 0018:ffffc900069373b0 EFLAGS: 00010282
> Aug 01 08:59:33 quark kernel: RAX: 0000000000000000 RBX:
> ffff888106740920 RCX: 0000000000000000
> Aug 01 08:59:33 quark kernel: RDX: ffff888106854800 RSI:
> ffff88810bb35ca0 RDI: ffff888106854a68
> Aug 01 08:59:33 quark kernel: RBP: ffffc90006937420 R08:
> 0000000000000000 R09: ffff888104c98200
> Aug 01 08:59:33 quark kernel: R10: ffffffff7fff0000 R11:
> 0000000000000020 R12: 0000000000000002
> Aug 01 08:59:33 quark kernel: R13: 0000000000000000 R14:
> ffff888106854800 R15: ffff888106854a68
> Aug 01 08:59:33 quark kernel: FS: 00007f4265049400(0000)
> GS:ffff888c2df40000(0000) knlGS:0000000000000000
> Aug 01 08:59:33 quark kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> Aug 01 08:59:33 quark kernel: CR2: 0000000000000008 CR3:
> 0000000117250000 CR4: 0000000000350ef0
>
> On Wed, 24 Jul 2024 at 10:36, Linux regression tracking (Thorsten
> Leemhuis) <regressions@leemhuis.info> wrote:
> >
> >
> >
> > On 19.07.24 01:46, sean.wang@kernel.org wrote:
> > > From: Sean Wang <sean.wang@mediatek.com>
> > >
> > > Fix null pointer access in mt792x_mac_link_bss_remove.
> > >
> > > To prevent null pointer access, we should assign the vif to bss_conf in
> > > mt7921_add_interface. This ensures that subsequent operations on the BSS
> > > can properly reference the correct vif.
> > >
> > > [...]
> > > > Fixes: 1541d63c5fe2 ("wifi: mt76: mt7925: add
> > mt7925_mac_link_bss_remove to remove per-link BSS")
> > > Reported-by: Bert Karwatzki <spasswolf@web.de>
> > > Closes: https://lore.kernel.org/linux-wireless/2fee61f8c903d02a900ca3188c3742c7effd102e.camel@web.de/#b
> > > Signed-off-by: Sean Wang <sean.wang@mediatek.com>
> >
> > TWIMC, Mike (now CCed) ran into the problem and on bugzilla confirmed
> > that this fixes the problem:
> >
> > https://bugzilla.kernel.org/show_bug.cgi?id=219084
> > https://lore.kernel.org/all/CAHbf0-HOS-jdRGvJOBmEgaaox3PDbDSTgnnZkZF9pz37Bmh2iw@mail.gmail.com/
> >
> > Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)
> > --
> > Everything you wanna know about Linux kernel regression tracking:d
> > https://linux-regtracking.leemhuis.info/about/#tldr
> > If I did something stupid, please tell me, as explained on that page.
The fix to this issue has been posted here by Felix Fietkau:
> Am Mittwoch, dem 17.07.2024 um 17:25 +0200 schrieb Felix Fietkau:
>
> This change should fix it: https://nbd.name/p/0747f54f
> Please test.
>
> Thanks,
>
> - Felix
Bert Karwatzki
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] wifi: mt76: mt7921: fix null pointer access in mt792x_mac_link_bss_remove
2024-08-01 16:57 ` Bert Karwatzki
@ 2024-08-27 16:30 ` Mike Lothian
2024-08-27 21:13 ` Bert Karwatzki
0 siblings, 1 reply; 16+ messages in thread
From: Mike Lothian @ 2024-08-27 16:30 UTC (permalink / raw)
To: Bert Karwatzki
Cc: Linux regressions mailing list, sean.wang, nbd, lorenzo.bianconi,
sean.wang, deren.wu, mingyen.hsieh, linux-wireless,
linux-mediatek
Hi
This fix hasn't made it upstream yet, has it fallen through the cracks?
Cheers
Mike
On Thu, 1 Aug 2024 at 17:58, Bert Karwatzki <spasswolf@web.de> wrote:
>
> Am Donnerstag, dem 01.08.2024 um 13:38 +0100 schrieb Mike Lothian:
> > I also saw the following after I restarted my router on two machines -
> > they both have this fix applied already:
> >
> > Aug 01 08:59:33 quark kernel: BUG: kernel NULL pointer dereference,
> > address: 0000000000000008
> > Aug 01 08:59:33 quark kernel: #PF: supervisor read access in kernel mode
> > Aug 01 08:59:33 quark kernel: #PF: error_code(0x0000) - not-present page
> > Aug 01 08:59:33 quark kernel: PGD 0 P4D 0
> > Aug 01 08:59:33 quark kernel: Oops: Oops: 0000 [#1] PREEMPT SMP
> > Aug 01 08:59:33 quark kernel: CPU: 13 UID: 0 PID: 468 Comm:
> > NetworkManager Not tainted 6.11.0-rc1-tip+ #3200
> > 9c927d6f3c59d826d15d8e39c195392d1d16b8a8
> > Aug 01 08:59:33 quark kernel: Hardware name: Micro Computer (HK) Tech
> > Limited EliteMini Series/HPBSD, BIOS 1.02 03/28/2024
> > Aug 01 08:59:33 quark kernel: RIP: 0010:mt7921_ipv6_addr_change
> > Aug 01 08:59:33 quark kernel: Code: 41 57 41 56 41 54 53 48 83 e4 f0
> > 48 83 ec 50 48 8b 86 70 09 00 00 0f b6 8e 90 04 00 00 4c 8d ba 68 02
> > 00 00 49 89 d6 4c 89 ff <48> 8b 58 08 88 4c 24 04 66 c7 44 24 05 00 00
> > c6 44 24 07 00 66 c7
> > Aug 01 08:59:33 quark kernel: RSP: 0018:ffffc900069373b0 EFLAGS: 00010282
> > Aug 01 08:59:33 quark kernel: RAX: 0000000000000000 RBX:
> > ffff888106740920 RCX: 0000000000000000
> > Aug 01 08:59:33 quark kernel: RDX: ffff888106854800 RSI:
> > ffff88810bb35ca0 RDI: ffff888106854a68
> > Aug 01 08:59:33 quark kernel: RBP: ffffc90006937420 R08:
> > 0000000000000000 R09: ffff888104c98200
> > Aug 01 08:59:33 quark kernel: R10: ffffffff7fff0000 R11:
> > 0000000000000020 R12: 0000000000000002
> > Aug 01 08:59:33 quark kernel: R13: 0000000000000000 R14:
> > ffff888106854800 R15: ffff888106854a68
> > Aug 01 08:59:33 quark kernel: FS: 00007f4265049400(0000)
> > GS:ffff888c2df40000(0000) knlGS:0000000000000000
> > Aug 01 08:59:33 quark kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > Aug 01 08:59:33 quark kernel: CR2: 0000000000000008 CR3:
> > 0000000117250000 CR4: 0000000000350ef0
> > Aug 01 08:59:33 quark kernel: Call Trace:
> > Aug 01 08:59:33 quark kernel: <TASK>
> > Aug 01 08:59:33 quark kernel: ? __die_body+0x66/0xb0
> > Aug 01 08:59:33 quark kernel: ? page_fault_oops+0x39a/0x410
> > Aug 01 08:59:33 quark kernel: ? exc_page_fault+0x59/0xa0
> > Aug 01 08:59:33 quark kernel: ? asm_exc_page_fault+0x22/0x30
> > Aug 01 08:59:33 quark kernel: ? mt7921_ipv6_addr_change
> > Aug 01 08:59:33 quark kernel: ? __try_to_del_timer_sync
> > Aug 01 08:59:33 quark kernel: ieee80211_ifa6_changed+0x68/0x120
> > Aug 01 08:59:33 quark kernel: atomic_notifier_call_chain+0x45/0xc0
> > Aug 01 08:59:33 quark kernel: addrconf_ifdown+0x521/0x7d0
> > Aug 01 08:59:33 quark kernel: addrconf_notify+0x1ed/0x4a0
> > Aug 01 08:59:33 quark kernel: raw_notifier_call_chain+0x45/0xb0
> > Aug 01 08:59:33 quark kernel: __dev_notify_flags+0xf4/0x200
> > Aug 01 08:59:33 quark kernel: dev_change_flags+0x49/0x50
> > Aug 01 08:59:33 quark kernel: do_setlink+0x49b/0x1300
> > Aug 01 08:59:33 quark kernel: ? terminate_walk+0x6b/0x100
> > Aug 01 08:59:33 quark kernel: ? __nla_validate_parse
> > Aug 01 08:59:33 quark kernel: ? filename_lookup+0xc7/0x1b0
> > Aug 01 08:59:33 quark kernel: rtnl_newlink+0xb6a/0xde0
> > Aug 01 08:59:33 quark kernel: ? __wake_up_sync_key+0x51/0x80
> > Aug 01 08:59:33 quark kernel: ? scm_destroy+0xc/0x30
> > Aug 01 08:59:33 quark kernel: ? security_capable+0x38/0x50
> > Aug 01 08:59:33 quark kernel: rtnetlink_rcv_msg+0x2dd/0x330
> > Aug 01 08:59:33 quark kernel: ? select_task_rq_fair
> > Aug 01 08:59:33 quark kernel: ? rtnetlink_bind+0x30/0x30
> > Aug 01 08:59:33 quark kernel: netlink_rcv_skb+0xb5/0xf0
> > Aug 01 08:59:33 quark kernel: netlink_unicast+0x230/0x330
> > Aug 01 08:59:33 quark kernel: netlink_sendmsg+0x3b1/0x460
> > Aug 01 08:59:33 quark kernel: ____sys_sendmsg
> > Aug 01 08:59:33 quark kernel: ? chacha_block_generic+0x6a/0x130
> > Aug 01 08:59:33 quark kernel: ___sys_sendmsg+0x282/0x2a0
> > Aug 01 08:59:33 quark kernel: ? __fget_files+0x95/0xb0
> > Aug 01 08:59:33 quark kernel: __se_sys_sendmsg+0xf4/0x120
> > Aug 01 08:59:33 quark kernel: do_syscall_64+0x7e/0x130
> > Aug 01 08:59:33 quark kernel: ? pollwake+0x52/0x60
> > Aug 01 08:59:33 quark kernel: ? do_task_dead+0x50/0x50
> > Aug 01 08:59:33 quark kernel: ? __wake_up_locked_key+0x48/0x70
> > Aug 01 08:59:33 quark kernel: ? eventfd_write+0x193/0x1b0
> > Aug 01 08:59:33 quark kernel: ? syscall_exit_to_user_mode+0x93/0xc0
> > Aug 01 08:59:33 quark kernel: ? vfs_write+0xfa/0x3d0
> > Aug 01 08:59:33 quark kernel: ? __fget_files+0x95/0xb0
> > Aug 01 08:59:33 quark kernel: ? __fget_files+0x95/0xb0
> > Aug 01 08:59:33 quark kernel: ? ksys_write+0x8f/0xb0
> > Aug 01 08:59:33 quark kernel: ? arch_exit_to_user_mode_prepare+0x11/0x50
> > Aug 01 08:59:33 quark kernel: ? syscall_exit_to_user_mode+0x93/0xc0
> > Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
> > Aug 01 08:59:33 quark kernel: ? syscall_exit_to_user_mode+0x93/0xc0
> > Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
> > Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
> > Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
> > Aug 01 08:59:33 quark kernel: ? arch_exit_to_user_mode_prepare+0x11/0x50
> > Aug 01 08:59:33 quark kernel: entry_SYSCALL_64_after_hwframe+0x4b/0x53
> > Aug 01 08:59:33 quark kernel: RIP: 0033:0x7f4264d31fae
> > Aug 01 08:59:33 quark kernel: Code: 20 89 54 24 1c 48 89 74 24 10 89
> > 7c 24 08 e8 a9 75 f7 ff 41 89 c0 8b 54 24 1c 48 8b 74 24 10 b8 2e 00
> > 00 00 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 3a 44 89 c7 48 89 44 24
> > 08 e8 fd 75 f7 ff 48
> > Aug 01 08:59:33 quark kernel: RSP: 002b:00007ffff4b1afa0 EFLAGS:
> > 00000293 ORIG_RAX: 000000000000002e
> > Aug 01 08:59:33 quark kernel: RAX: ffffffffffffffda RBX:
> > 000055c35260c570 RCX: 00007f4264d31fae
> > Aug 01 08:59:33 quark kernel: RDX: 0000000000000000 RSI:
> > 00007ffff4b1afe0 RDI: 000000000000000d
> > Aug 01 08:59:33 quark kernel: RBP: 00007ffff4b1b050 R08:
> > 0000000000000000 R09: 0000000000000000
> > Aug 01 08:59:33 quark kernel: R10: 000000000000009d R11:
> > 0000000000000293 R12: 0000000000000004
> > Aug 01 08:59:33 quark kernel: R13: 0000000000000000 R14:
> > 0000000000000000 R15: 0000000000000000
> > Aug 01 08:59:33 quark kernel: </TASK>
> > Aug 01 08:59:33 quark kernel: Modules linked in:
> > Aug 01 08:59:33 quark kernel: CR2: 0000000000000008
> > Aug 01 08:59:33 quark kernel: ---[ end trace 0000000000000000 ]---
> > Aug 01 08:59:33 quark kernel: RIP: 0010:mt7921_ipv6_addr_change
> > Aug 01 08:59:33 quark kernel: Code: 41 57 41 56 41 54 53 48 83 e4 f0
> > 48 83 ec 50 48 8b 86 70 09 00 00 0f b6 8e 90 04 00 00 4c 8d ba 68 02
> > 00 00 49 89 d6 4c 89 ff <48> 8b 58 08 88 4c 24 04 66 c7 44 24 05 00 00
> > c6 44 24 07 00 66 c7
> > Aug 01 08:59:33 quark kernel: RSP: 0018:ffffc900069373b0 EFLAGS: 00010282
> > Aug 01 08:59:33 quark kernel: RAX: 0000000000000000 RBX:
> > ffff888106740920 RCX: 0000000000000000
> > Aug 01 08:59:33 quark kernel: RDX: ffff888106854800 RSI:
> > ffff88810bb35ca0 RDI: ffff888106854a68
> > Aug 01 08:59:33 quark kernel: RBP: ffffc90006937420 R08:
> > 0000000000000000 R09: ffff888104c98200
> > Aug 01 08:59:33 quark kernel: R10: ffffffff7fff0000 R11:
> > 0000000000000020 R12: 0000000000000002
> > Aug 01 08:59:33 quark kernel: R13: 0000000000000000 R14:
> > ffff888106854800 R15: ffff888106854a68
> > Aug 01 08:59:33 quark kernel: FS: 00007f4265049400(0000)
> > GS:ffff888c2df40000(0000) knlGS:0000000000000000
> > Aug 01 08:59:33 quark kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > Aug 01 08:59:33 quark kernel: CR2: 0000000000000008 CR3:
> > 0000000117250000 CR4: 0000000000350ef0
> >
> > On Wed, 24 Jul 2024 at 10:36, Linux regression tracking (Thorsten
> > Leemhuis) <regressions@leemhuis.info> wrote:
> > >
> > >
> > >
> > > On 19.07.24 01:46, sean.wang@kernel.org wrote:
> > > > From: Sean Wang <sean.wang@mediatek.com>
> > > >
> > > > Fix null pointer access in mt792x_mac_link_bss_remove.
> > > >
> > > > To prevent null pointer access, we should assign the vif to bss_conf in
> > > > mt7921_add_interface. This ensures that subsequent operations on the BSS
> > > > can properly reference the correct vif.
> > > >
> > > > [...]
> > > > > Fixes: 1541d63c5fe2 ("wifi: mt76: mt7925: add
> > > mt7925_mac_link_bss_remove to remove per-link BSS")
> > > > Reported-by: Bert Karwatzki <spasswolf@web.de>
> > > > Closes: https://lore.kernel.org/linux-wireless/2fee61f8c903d02a900ca3188c3742c7effd102e.camel@web.de/#b
> > > > Signed-off-by: Sean Wang <sean.wang@mediatek.com>
> > >
> > > TWIMC, Mike (now CCed) ran into the problem and on bugzilla confirmed
> > > that this fixes the problem:
> > >
> > > https://bugzilla.kernel.org/show_bug.cgi?id=219084
> > > https://lore.kernel.org/all/CAHbf0-HOS-jdRGvJOBmEgaaox3PDbDSTgnnZkZF9pz37Bmh2iw@mail.gmail.com/
> > >
> > > Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)
> > > --
> > > Everything you wanna know about Linux kernel regression tracking:d
> > > https://linux-regtracking.leemhuis.info/about/#tldr
> > > If I did something stupid, please tell me, as explained on that page.
>
> The fix to this issue has been posted here by Felix Fietkau:
> > Am Mittwoch, dem 17.07.2024 um 17:25 +0200 schrieb Felix Fietkau:
> >
> > This change should fix it: https://nbd.name/p/0747f54f
> > Please test.
> >
> > Thanks,
> >
> > - Felix
>
> Bert Karwatzki
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] wifi: mt76: mt7921: fix null pointer access in mt792x_mac_link_bss_remove
2024-08-27 16:30 ` Mike Lothian
@ 2024-08-27 21:13 ` Bert Karwatzki
2024-08-27 23:38 ` Mike Lothian
0 siblings, 1 reply; 16+ messages in thread
From: Bert Karwatzki @ 2024-08-27 21:13 UTC (permalink / raw)
To: Mike Lothian
Cc: Linux regressions mailing list, sean.wang, nbd, lorenzo.bianconi,
sean.wang, deren.wu, mingyen.hsieh, linux-wireless,
linux-mediatek, spasswolf
Am Dienstag, dem 27.08.2024 um 17:30 +0100 schrieb Mike Lothian:
> Hi
>
> This fix hasn't made it upstream yet, has it fallen through the cracks?
>
> Cheers
>
> Mike
>
> On Thu, 1 Aug 2024 at 17:58, Bert Karwatzki <spasswolf@web.de> wrote:
> >
> > Am Donnerstag, dem 01.08.2024 um 13:38 +0100 schrieb Mike Lothian:
> > > I also saw the following after I restarted my router on two machines -
> > > they both have this fix applied already:
> > >
> > > Aug 01 08:59:33 quark kernel: BUG: kernel NULL pointer dereference,
> > > address: 0000000000000008
> > > Aug 01 08:59:33 quark kernel: #PF: supervisor read access in kernel mode
> > > Aug 01 08:59:33 quark kernel: #PF: error_code(0x0000) - not-present page
> > > Aug 01 08:59:33 quark kernel: PGD 0 P4D 0
> > > Aug 01 08:59:33 quark kernel: Oops: Oops: 0000 [#1] PREEMPT SMP
> > > Aug 01 08:59:33 quark kernel: CPU: 13 UID: 0 PID: 468 Comm:
> > > NetworkManager Not tainted 6.11.0-rc1-tip+ #3200
> > > 9c927d6f3c59d826d15d8e39c195392d1d16b8a8
> > > Aug 01 08:59:33 quark kernel: Hardware name: Micro Computer (HK) Tech
> > > Limited EliteMini Series/HPBSD, BIOS 1.02 03/28/2024
> > > Aug 01 08:59:33 quark kernel: RIP: 0010:mt7921_ipv6_addr_change
> > > Aug 01 08:59:33 quark kernel: Code: 41 57 41 56 41 54 53 48 83 e4 f0
> > > 48 83 ec 50 48 8b 86 70 09 00 00 0f b6 8e 90 04 00 00 4c 8d ba 68 02
> > > 00 00 49 89 d6 4c 89 ff <48> 8b 58 08 88 4c 24 04 66 c7 44 24 05 00 00
> > > c6 44 24 07 00 66 c7
> > > Aug 01 08:59:33 quark kernel: RSP: 0018:ffffc900069373b0 EFLAGS: 00010282
> > > Aug 01 08:59:33 quark kernel: RAX: 0000000000000000 RBX:
> > > ffff888106740920 RCX: 0000000000000000
> > > Aug 01 08:59:33 quark kernel: RDX: ffff888106854800 RSI:
> > > ffff88810bb35ca0 RDI: ffff888106854a68
> > > Aug 01 08:59:33 quark kernel: RBP: ffffc90006937420 R08:
> > > 0000000000000000 R09: ffff888104c98200
> > > Aug 01 08:59:33 quark kernel: R10: ffffffff7fff0000 R11:
> > > 0000000000000020 R12: 0000000000000002
> > > Aug 01 08:59:33 quark kernel: R13: 0000000000000000 R14:
> > > ffff888106854800 R15: ffff888106854a68
> > > Aug 01 08:59:33 quark kernel: FS: 00007f4265049400(0000)
> > > GS:ffff888c2df40000(0000) knlGS:0000000000000000
> > > Aug 01 08:59:33 quark kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > > Aug 01 08:59:33 quark kernel: CR2: 0000000000000008 CR3:
> > > 0000000117250000 CR4: 0000000000350ef0
> > > Aug 01 08:59:33 quark kernel: Call Trace:
> > > Aug 01 08:59:33 quark kernel: <TASK>
> > > Aug 01 08:59:33 quark kernel: ? __die_body+0x66/0xb0
> > > Aug 01 08:59:33 quark kernel: ? page_fault_oops+0x39a/0x410
> > > Aug 01 08:59:33 quark kernel: ? exc_page_fault+0x59/0xa0
> > > Aug 01 08:59:33 quark kernel: ? asm_exc_page_fault+0x22/0x30
> > > Aug 01 08:59:33 quark kernel: ? mt7921_ipv6_addr_change
> > > Aug 01 08:59:33 quark kernel: ? __try_to_del_timer_sync
> > > Aug 01 08:59:33 quark kernel: ieee80211_ifa6_changed+0x68/0x120
> > > Aug 01 08:59:33 quark kernel: atomic_notifier_call_chain+0x45/0xc0
> > > Aug 01 08:59:33 quark kernel: addrconf_ifdown+0x521/0x7d0
> > > Aug 01 08:59:33 quark kernel: addrconf_notify+0x1ed/0x4a0
> > > Aug 01 08:59:33 quark kernel: raw_notifier_call_chain+0x45/0xb0
> > > Aug 01 08:59:33 quark kernel: __dev_notify_flags+0xf4/0x200
> > > Aug 01 08:59:33 quark kernel: dev_change_flags+0x49/0x50
> > > Aug 01 08:59:33 quark kernel: do_setlink+0x49b/0x1300
> > > Aug 01 08:59:33 quark kernel: ? terminate_walk+0x6b/0x100
> > > Aug 01 08:59:33 quark kernel: ? __nla_validate_parse
> > > Aug 01 08:59:33 quark kernel: ? filename_lookup+0xc7/0x1b0
> > > Aug 01 08:59:33 quark kernel: rtnl_newlink+0xb6a/0xde0
> > > Aug 01 08:59:33 quark kernel: ? __wake_up_sync_key+0x51/0x80
> > > Aug 01 08:59:33 quark kernel: ? scm_destroy+0xc/0x30
> > > Aug 01 08:59:33 quark kernel: ? security_capable+0x38/0x50
> > > Aug 01 08:59:33 quark kernel: rtnetlink_rcv_msg+0x2dd/0x330
> > > Aug 01 08:59:33 quark kernel: ? select_task_rq_fair
> > > Aug 01 08:59:33 quark kernel: ? rtnetlink_bind+0x30/0x30
> > > Aug 01 08:59:33 quark kernel: netlink_rcv_skb+0xb5/0xf0
> > > Aug 01 08:59:33 quark kernel: netlink_unicast+0x230/0x330
> > > Aug 01 08:59:33 quark kernel: netlink_sendmsg+0x3b1/0x460
> > > Aug 01 08:59:33 quark kernel: ____sys_sendmsg
> > > Aug 01 08:59:33 quark kernel: ? chacha_block_generic+0x6a/0x130
> > > Aug 01 08:59:33 quark kernel: ___sys_sendmsg+0x282/0x2a0
> > > Aug 01 08:59:33 quark kernel: ? __fget_files+0x95/0xb0
> > > Aug 01 08:59:33 quark kernel: __se_sys_sendmsg+0xf4/0x120
> > > Aug 01 08:59:33 quark kernel: do_syscall_64+0x7e/0x130
> > > Aug 01 08:59:33 quark kernel: ? pollwake+0x52/0x60
> > > Aug 01 08:59:33 quark kernel: ? do_task_dead+0x50/0x50
> > > Aug 01 08:59:33 quark kernel: ? __wake_up_locked_key+0x48/0x70
> > > Aug 01 08:59:33 quark kernel: ? eventfd_write+0x193/0x1b0
> > > Aug 01 08:59:33 quark kernel: ? syscall_exit_to_user_mode+0x93/0xc0
> > > Aug 01 08:59:33 quark kernel: ? vfs_write+0xfa/0x3d0
> > > Aug 01 08:59:33 quark kernel: ? __fget_files+0x95/0xb0
> > > Aug 01 08:59:33 quark kernel: ? __fget_files+0x95/0xb0
> > > Aug 01 08:59:33 quark kernel: ? ksys_write+0x8f/0xb0
> > > Aug 01 08:59:33 quark kernel: ? arch_exit_to_user_mode_prepare+0x11/0x50
> > > Aug 01 08:59:33 quark kernel: ? syscall_exit_to_user_mode+0x93/0xc0
> > > Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
> > > Aug 01 08:59:33 quark kernel: ? syscall_exit_to_user_mode+0x93/0xc0
> > > Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
> > > Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
> > > Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
> > > Aug 01 08:59:33 quark kernel: ? arch_exit_to_user_mode_prepare+0x11/0x50
> > > Aug 01 08:59:33 quark kernel: entry_SYSCALL_64_after_hwframe+0x4b/0x53
> > > Aug 01 08:59:33 quark kernel: RIP: 0033:0x7f4264d31fae
> > > Aug 01 08:59:33 quark kernel: Code: 20 89 54 24 1c 48 89 74 24 10 89
> > > 7c 24 08 e8 a9 75 f7 ff 41 89 c0 8b 54 24 1c 48 8b 74 24 10 b8 2e 00
> > > 00 00 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 3a 44 89 c7 48 89 44 24
> > > 08 e8 fd 75 f7 ff 48
> > > Aug 01 08:59:33 quark kernel: RSP: 002b:00007ffff4b1afa0 EFLAGS:
> > > 00000293 ORIG_RAX: 000000000000002e
> > > Aug 01 08:59:33 quark kernel: RAX: ffffffffffffffda RBX:
> > > 000055c35260c570 RCX: 00007f4264d31fae
> > > Aug 01 08:59:33 quark kernel: RDX: 0000000000000000 RSI:
> > > 00007ffff4b1afe0 RDI: 000000000000000d
> > > Aug 01 08:59:33 quark kernel: RBP: 00007ffff4b1b050 R08:
> > > 0000000000000000 R09: 0000000000000000
> > > Aug 01 08:59:33 quark kernel: R10: 000000000000009d R11:
> > > 0000000000000293 R12: 0000000000000004
> > > Aug 01 08:59:33 quark kernel: R13: 0000000000000000 R14:
> > > 0000000000000000 R15: 0000000000000000
> > > Aug 01 08:59:33 quark kernel: </TASK>
> > > Aug 01 08:59:33 quark kernel: Modules linked in:
> > > Aug 01 08:59:33 quark kernel: CR2: 0000000000000008
> > > Aug 01 08:59:33 quark kernel: ---[ end trace 0000000000000000 ]---
> > > Aug 01 08:59:33 quark kernel: RIP: 0010:mt7921_ipv6_addr_change
> > > Aug 01 08:59:33 quark kernel: Code: 41 57 41 56 41 54 53 48 83 e4 f0
> > > 48 83 ec 50 48 8b 86 70 09 00 00 0f b6 8e 90 04 00 00 4c 8d ba 68 02
> > > 00 00 49 89 d6 4c 89 ff <48> 8b 58 08 88 4c 24 04 66 c7 44 24 05 00 00
> > > c6 44 24 07 00 66 c7
> > > Aug 01 08:59:33 quark kernel: RSP: 0018:ffffc900069373b0 EFLAGS: 00010282
> > > Aug 01 08:59:33 quark kernel: RAX: 0000000000000000 RBX:
> > > ffff888106740920 RCX: 0000000000000000
> > > Aug 01 08:59:33 quark kernel: RDX: ffff888106854800 RSI:
> > > ffff88810bb35ca0 RDI: ffff888106854a68
> > > Aug 01 08:59:33 quark kernel: RBP: ffffc90006937420 R08:
> > > 0000000000000000 R09: ffff888104c98200
> > > Aug 01 08:59:33 quark kernel: R10: ffffffff7fff0000 R11:
> > > 0000000000000020 R12: 0000000000000002
> > > Aug 01 08:59:33 quark kernel: R13: 0000000000000000 R14:
> > > ffff888106854800 R15: ffff888106854a68
> > > Aug 01 08:59:33 quark kernel: FS: 00007f4265049400(0000)
> > > GS:ffff888c2df40000(0000) knlGS:0000000000000000
> > > Aug 01 08:59:33 quark kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > > Aug 01 08:59:33 quark kernel: CR2: 0000000000000008 CR3:
> > > 0000000117250000 CR4: 0000000000350ef0
> > >
> > > On Wed, 24 Jul 2024 at 10:36, Linux regression tracking (Thorsten
> > > Leemhuis) <regressions@leemhuis.info> wrote:
> > > >
> > > >
> > > >
> > > > On 19.07.24 01:46, sean.wang@kernel.org wrote:
> > > > > From: Sean Wang <sean.wang@mediatek.com>
> > > > >
> > > > > Fix null pointer access in mt792x_mac_link_bss_remove.
> > > > >
> > > > > To prevent null pointer access, we should assign the vif to bss_conf in
> > > > > mt7921_add_interface. This ensures that subsequent operations on the BSS
> > > > > can properly reference the correct vif.
> > > > >
> > > > > [...]
> > > > > > Fixes: 1541d63c5fe2 ("wifi: mt76: mt7925: add
> > > > mt7925_mac_link_bss_remove to remove per-link BSS")
> > > > > Reported-by: Bert Karwatzki <spasswolf@web.de>
> > > > > Closes: https://lore.kernel.org/linux-wireless/2fee61f8c903d02a900ca3188c3742c7effd102e.camel@web.de/#b
> > > > > Signed-off-by: Sean Wang <sean.wang@mediatek.com>
> > > >
> > > > TWIMC, Mike (now CCed) ran into the problem and on bugzilla confirmed
> > > > that this fixes the problem:
> > > >
> > > > https://bugzilla.kernel.org/show_bug.cgi?id=219084
> > > > https://lore.kernel.org/all/CAHbf0-HOS-jdRGvJOBmEgaaox3PDbDSTgnnZkZF9pz37Bmh2iw@mail.gmail.com/
> > > >
> > > > Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)
> > > > --
> > > > Everything you wanna know about Linux kernel regression tracking:d
> > > > https://linux-regtracking.leemhuis.info/about/#tldr
> > > > If I did something stupid, please tell me, as explained on that page.
> >
> > The fix to this issue has been posted here by Felix Fietkau:
> > > Am Mittwoch, dem 17.07.2024 um 17:25 +0200 schrieb Felix Fietkau:
> > >
> > > This change should fix it: https://nbd.name/p/0747f54f
> > > Please test.
> > >
> > > Thanks,
> > >
> > > - Felix
> >
> > Bert Karwatzki
It's in linux-6.11-rc4 and later:
commit 479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3
Author: Bert Karwatzki <spasswolf@web.de>
Date: Mon Aug 12 12:45:41 2024 +0200
wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change
When disabling wifi mt7921_ipv6_addr_change() is called as a notifier.
At this point mvif->phy is already NULL so we cannot use it here.
Signed-off-by: Bert Karwatzki <spasswolf@web.de>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://patch.msgid.link/20240812104542.80760-1-spasswolf@web.de
Bert Karwatzki
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] wifi: mt76: mt7921: fix null pointer access in mt792x_mac_link_bss_remove
2024-08-27 21:13 ` Bert Karwatzki
@ 2024-08-27 23:38 ` Mike Lothian
2024-08-28 8:17 ` Bert Karwatzki
0 siblings, 1 reply; 16+ messages in thread
From: Mike Lothian @ 2024-08-27 23:38 UTC (permalink / raw)
To: Bert Karwatzki
Cc: Linux regressions mailing list, sean.wang, nbd, lorenzo.bianconi,
sean.wang, deren.wu, mingyen.hsieh, linux-wireless,
linux-mediatek
But not the follow on fix which fixes suspend...
diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/main.c
b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
index 2e6268cb06c0..a85c19da77e5 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7921/main.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
@@ -1182,7 +1182,7 @@ static void mt7921_ipv6_addr_change(struct
ieee80211_hw *hw,
struct inet6_dev *idev)
{
struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
- struct mt792x_dev *dev = mvif->phy->dev;
+ struct mt792x_dev *dev = mt792x_hw_dev(hw);
struct inet6_ifaddr *ifa;
struct in6_addr ns_addrs[IEEE80211_BSS_ARP_ADDR_LIST_LEN];
struct sk_buff *skb;
@@ -1205,6 +1205,9 @@ static void mt7921_ipv6_addr_change(struct
ieee80211_hw *hw,
},
};
+ if (!mvif->phy)
+ return;
+
read_lock_bh(&idev->lock);
list_for_each_entry(ifa, &idev->addr_list, if_list) {
if (ifa->flags & IFA_F_TENTATIVE)
On Tue, 27 Aug 2024 at 22:13, Bert Karwatzki <spasswolf@web.de> wrote:
>
> Am Dienstag, dem 27.08.2024 um 17:30 +0100 schrieb Mike Lothian:
> > Hi
> >
> > This fix hasn't made it upstream yet, has it fallen through the cracks?
> >
> > Cheers
> >
> > Mike
> >
> > On Thu, 1 Aug 2024 at 17:58, Bert Karwatzki <spasswolf@web.de> wrote:
> > >
> > > Am Donnerstag, dem 01.08.2024 um 13:38 +0100 schrieb Mike Lothian:
> > > > I also saw the following after I restarted my router on two machines -
> > > > they both have this fix applied already:
> > > >
> > > > Aug 01 08:59:33 quark kernel: BUG: kernel NULL pointer dereference,
> > > > address: 0000000000000008
> > > > Aug 01 08:59:33 quark kernel: #PF: supervisor read access in kernel mode
> > > > Aug 01 08:59:33 quark kernel: #PF: error_code(0x0000) - not-present page
> > > > Aug 01 08:59:33 quark kernel: PGD 0 P4D 0
> > > > Aug 01 08:59:33 quark kernel: Oops: Oops: 0000 [#1] PREEMPT SMP
> > > > Aug 01 08:59:33 quark kernel: CPU: 13 UID: 0 PID: 468 Comm:
> > > > NetworkManager Not tainted 6.11.0-rc1-tip+ #3200
> > > > 9c927d6f3c59d826d15d8e39c195392d1d16b8a8
> > > > Aug 01 08:59:33 quark kernel: Hardware name: Micro Computer (HK) Tech
> > > > Limited EliteMini Series/HPBSD, BIOS 1.02 03/28/2024
> > > > Aug 01 08:59:33 quark kernel: RIP: 0010:mt7921_ipv6_addr_change
> > > > Aug 01 08:59:33 quark kernel: Code: 41 57 41 56 41 54 53 48 83 e4 f0
> > > > 48 83 ec 50 48 8b 86 70 09 00 00 0f b6 8e 90 04 00 00 4c 8d ba 68 02
> > > > 00 00 49 89 d6 4c 89 ff <48> 8b 58 08 88 4c 24 04 66 c7 44 24 05 00 00
> > > > c6 44 24 07 00 66 c7
> > > > Aug 01 08:59:33 quark kernel: RSP: 0018:ffffc900069373b0 EFLAGS: 00010282
> > > > Aug 01 08:59:33 quark kernel: RAX: 0000000000000000 RBX:
> > > > ffff888106740920 RCX: 0000000000000000
> > > > Aug 01 08:59:33 quark kernel: RDX: ffff888106854800 RSI:
> > > > ffff88810bb35ca0 RDI: ffff888106854a68
> > > > Aug 01 08:59:33 quark kernel: RBP: ffffc90006937420 R08:
> > > > 0000000000000000 R09: ffff888104c98200
> > > > Aug 01 08:59:33 quark kernel: R10: ffffffff7fff0000 R11:
> > > > 0000000000000020 R12: 0000000000000002
> > > > Aug 01 08:59:33 quark kernel: R13: 0000000000000000 R14:
> > > > ffff888106854800 R15: ffff888106854a68
> > > > Aug 01 08:59:33 quark kernel: FS: 00007f4265049400(0000)
> > > > GS:ffff888c2df40000(0000) knlGS:0000000000000000
> > > > Aug 01 08:59:33 quark kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > > > Aug 01 08:59:33 quark kernel: CR2: 0000000000000008 CR3:
> > > > 0000000117250000 CR4: 0000000000350ef0
> > > > Aug 01 08:59:33 quark kernel: Call Trace:
> > > > Aug 01 08:59:33 quark kernel: <TASK>
> > > > Aug 01 08:59:33 quark kernel: ? __die_body+0x66/0xb0
> > > > Aug 01 08:59:33 quark kernel: ? page_fault_oops+0x39a/0x410
> > > > Aug 01 08:59:33 quark kernel: ? exc_page_fault+0x59/0xa0
> > > > Aug 01 08:59:33 quark kernel: ? asm_exc_page_fault+0x22/0x30
> > > > Aug 01 08:59:33 quark kernel: ? mt7921_ipv6_addr_change
> > > > Aug 01 08:59:33 quark kernel: ? __try_to_del_timer_sync
> > > > Aug 01 08:59:33 quark kernel: ieee80211_ifa6_changed+0x68/0x120
> > > > Aug 01 08:59:33 quark kernel: atomic_notifier_call_chain+0x45/0xc0
> > > > Aug 01 08:59:33 quark kernel: addrconf_ifdown+0x521/0x7d0
> > > > Aug 01 08:59:33 quark kernel: addrconf_notify+0x1ed/0x4a0
> > > > Aug 01 08:59:33 quark kernel: raw_notifier_call_chain+0x45/0xb0
> > > > Aug 01 08:59:33 quark kernel: __dev_notify_flags+0xf4/0x200
> > > > Aug 01 08:59:33 quark kernel: dev_change_flags+0x49/0x50
> > > > Aug 01 08:59:33 quark kernel: do_setlink+0x49b/0x1300
> > > > Aug 01 08:59:33 quark kernel: ? terminate_walk+0x6b/0x100
> > > > Aug 01 08:59:33 quark kernel: ? __nla_validate_parse
> > > > Aug 01 08:59:33 quark kernel: ? filename_lookup+0xc7/0x1b0
> > > > Aug 01 08:59:33 quark kernel: rtnl_newlink+0xb6a/0xde0
> > > > Aug 01 08:59:33 quark kernel: ? __wake_up_sync_key+0x51/0x80
> > > > Aug 01 08:59:33 quark kernel: ? scm_destroy+0xc/0x30
> > > > Aug 01 08:59:33 quark kernel: ? security_capable+0x38/0x50
> > > > Aug 01 08:59:33 quark kernel: rtnetlink_rcv_msg+0x2dd/0x330
> > > > Aug 01 08:59:33 quark kernel: ? select_task_rq_fair
> > > > Aug 01 08:59:33 quark kernel: ? rtnetlink_bind+0x30/0x30
> > > > Aug 01 08:59:33 quark kernel: netlink_rcv_skb+0xb5/0xf0
> > > > Aug 01 08:59:33 quark kernel: netlink_unicast+0x230/0x330
> > > > Aug 01 08:59:33 quark kernel: netlink_sendmsg+0x3b1/0x460
> > > > Aug 01 08:59:33 quark kernel: ____sys_sendmsg
> > > > Aug 01 08:59:33 quark kernel: ? chacha_block_generic+0x6a/0x130
> > > > Aug 01 08:59:33 quark kernel: ___sys_sendmsg+0x282/0x2a0
> > > > Aug 01 08:59:33 quark kernel: ? __fget_files+0x95/0xb0
> > > > Aug 01 08:59:33 quark kernel: __se_sys_sendmsg+0xf4/0x120
> > > > Aug 01 08:59:33 quark kernel: do_syscall_64+0x7e/0x130
> > > > Aug 01 08:59:33 quark kernel: ? pollwake+0x52/0x60
> > > > Aug 01 08:59:33 quark kernel: ? do_task_dead+0x50/0x50
> > > > Aug 01 08:59:33 quark kernel: ? __wake_up_locked_key+0x48/0x70
> > > > Aug 01 08:59:33 quark kernel: ? eventfd_write+0x193/0x1b0
> > > > Aug 01 08:59:33 quark kernel: ? syscall_exit_to_user_mode+0x93/0xc0
> > > > Aug 01 08:59:33 quark kernel: ? vfs_write+0xfa/0x3d0
> > > > Aug 01 08:59:33 quark kernel: ? __fget_files+0x95/0xb0
> > > > Aug 01 08:59:33 quark kernel: ? __fget_files+0x95/0xb0
> > > > Aug 01 08:59:33 quark kernel: ? ksys_write+0x8f/0xb0
> > > > Aug 01 08:59:33 quark kernel: ? arch_exit_to_user_mode_prepare+0x11/0x50
> > > > Aug 01 08:59:33 quark kernel: ? syscall_exit_to_user_mode+0x93/0xc0
> > > > Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
> > > > Aug 01 08:59:33 quark kernel: ? syscall_exit_to_user_mode+0x93/0xc0
> > > > Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
> > > > Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
> > > > Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
> > > > Aug 01 08:59:33 quark kernel: ? arch_exit_to_user_mode_prepare+0x11/0x50
> > > > Aug 01 08:59:33 quark kernel: entry_SYSCALL_64_after_hwframe+0x4b/0x53
> > > > Aug 01 08:59:33 quark kernel: RIP: 0033:0x7f4264d31fae
> > > > Aug 01 08:59:33 quark kernel: Code: 20 89 54 24 1c 48 89 74 24 10 89
> > > > 7c 24 08 e8 a9 75 f7 ff 41 89 c0 8b 54 24 1c 48 8b 74 24 10 b8 2e 00
> > > > 00 00 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 3a 44 89 c7 48 89 44 24
> > > > 08 e8 fd 75 f7 ff 48
> > > > Aug 01 08:59:33 quark kernel: RSP: 002b:00007ffff4b1afa0 EFLAGS:
> > > > 00000293 ORIG_RAX: 000000000000002e
> > > > Aug 01 08:59:33 quark kernel: RAX: ffffffffffffffda RBX:
> > > > 000055c35260c570 RCX: 00007f4264d31fae
> > > > Aug 01 08:59:33 quark kernel: RDX: 0000000000000000 RSI:
> > > > 00007ffff4b1afe0 RDI: 000000000000000d
> > > > Aug 01 08:59:33 quark kernel: RBP: 00007ffff4b1b050 R08:
> > > > 0000000000000000 R09: 0000000000000000
> > > > Aug 01 08:59:33 quark kernel: R10: 000000000000009d R11:
> > > > 0000000000000293 R12: 0000000000000004
> > > > Aug 01 08:59:33 quark kernel: R13: 0000000000000000 R14:
> > > > 0000000000000000 R15: 0000000000000000
> > > > Aug 01 08:59:33 quark kernel: </TASK>
> > > > Aug 01 08:59:33 quark kernel: Modules linked in:
> > > > Aug 01 08:59:33 quark kernel: CR2: 0000000000000008
> > > > Aug 01 08:59:33 quark kernel: ---[ end trace 0000000000000000 ]---
> > > > Aug 01 08:59:33 quark kernel: RIP: 0010:mt7921_ipv6_addr_change
> > > > Aug 01 08:59:33 quark kernel: Code: 41 57 41 56 41 54 53 48 83 e4 f0
> > > > 48 83 ec 50 48 8b 86 70 09 00 00 0f b6 8e 90 04 00 00 4c 8d ba 68 02
> > > > 00 00 49 89 d6 4c 89 ff <48> 8b 58 08 88 4c 24 04 66 c7 44 24 05 00 00
> > > > c6 44 24 07 00 66 c7
> > > > Aug 01 08:59:33 quark kernel: RSP: 0018:ffffc900069373b0 EFLAGS: 00010282
> > > > Aug 01 08:59:33 quark kernel: RAX: 0000000000000000 RBX:
> > > > ffff888106740920 RCX: 0000000000000000
> > > > Aug 01 08:59:33 quark kernel: RDX: ffff888106854800 RSI:
> > > > ffff88810bb35ca0 RDI: ffff888106854a68
> > > > Aug 01 08:59:33 quark kernel: RBP: ffffc90006937420 R08:
> > > > 0000000000000000 R09: ffff888104c98200
> > > > Aug 01 08:59:33 quark kernel: R10: ffffffff7fff0000 R11:
> > > > 0000000000000020 R12: 0000000000000002
> > > > Aug 01 08:59:33 quark kernel: R13: 0000000000000000 R14:
> > > > ffff888106854800 R15: ffff888106854a68
> > > > Aug 01 08:59:33 quark kernel: FS: 00007f4265049400(0000)
> > > > GS:ffff888c2df40000(0000) knlGS:0000000000000000
> > > > Aug 01 08:59:33 quark kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > > > Aug 01 08:59:33 quark kernel: CR2: 0000000000000008 CR3:
> > > > 0000000117250000 CR4: 0000000000350ef0
> > > >
> > > > On Wed, 24 Jul 2024 at 10:36, Linux regression tracking (Thorsten
> > > > Leemhuis) <regressions@leemhuis.info> wrote:
> > > > >
> > > > >
> > > > >
> > > > > On 19.07.24 01:46, sean.wang@kernel.org wrote:
> > > > > > From: Sean Wang <sean.wang@mediatek.com>
> > > > > >
> > > > > > Fix null pointer access in mt792x_mac_link_bss_remove.
> > > > > >
> > > > > > To prevent null pointer access, we should assign the vif to bss_conf in
> > > > > > mt7921_add_interface. This ensures that subsequent operations on the BSS
> > > > > > can properly reference the correct vif.
> > > > > >
> > > > > > [...]
> > > > > > > Fixes: 1541d63c5fe2 ("wifi: mt76: mt7925: add
> > > > > mt7925_mac_link_bss_remove to remove per-link BSS")
> > > > > > Reported-by: Bert Karwatzki <spasswolf@web.de>
> > > > > > Closes: https://lore.kernel.org/linux-wireless/2fee61f8c903d02a900ca3188c3742c7effd102e.camel@web.de/#b
> > > > > > Signed-off-by: Sean Wang <sean.wang@mediatek.com>
> > > > >
> > > > > TWIMC, Mike (now CCed) ran into the problem and on bugzilla confirmed
> > > > > that this fixes the problem:
> > > > >
> > > > > https://bugzilla.kernel.org/show_bug.cgi?id=219084
> > > > > https://lore.kernel.org/all/CAHbf0-HOS-jdRGvJOBmEgaaox3PDbDSTgnnZkZF9pz37Bmh2iw@mail.gmail.com/
> > > > >
> > > > > Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)
> > > > > --
> > > > > Everything you wanna know about Linux kernel regression tracking:d
> > > > > https://linux-regtracking.leemhuis.info/about/#tldr
> > > > > If I did something stupid, please tell me, as explained on that page.
> > >
> > > The fix to this issue has been posted here by Felix Fietkau:
> > > > Am Mittwoch, dem 17.07.2024 um 17:25 +0200 schrieb Felix Fietkau:
> > > >
> > > > This change should fix it: https://nbd.name/p/0747f54f
> > > > Please test.
> > > >
> > > > Thanks,
> > > >
> > > > - Felix
> > >
> > > Bert Karwatzki
>
> It's in linux-6.11-rc4 and later:
>
> commit 479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3
> Author: Bert Karwatzki <spasswolf@web.de>
> Date: Mon Aug 12 12:45:41 2024 +0200
>
> wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change
>
> When disabling wifi mt7921_ipv6_addr_change() is called as a notifier.
> At this point mvif->phy is already NULL so we cannot use it here.
>
> Signed-off-by: Bert Karwatzki <spasswolf@web.de>
> Signed-off-by: Felix Fietkau <nbd@nbd.name>
> Signed-off-by: Kalle Valo <kvalo@kernel.org>
> Link: https://patch.msgid.link/20240812104542.80760-1-spasswolf@web.de
>
>
> Bert Karwatzki
>
>
^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: [PATCH] wifi: mt76: mt7921: fix null pointer access in mt792x_mac_link_bss_remove
2024-08-27 23:38 ` Mike Lothian
@ 2024-08-28 8:17 ` Bert Karwatzki
2024-08-28 15:20 ` Mike Lothian
0 siblings, 1 reply; 16+ messages in thread
From: Bert Karwatzki @ 2024-08-28 8:17 UTC (permalink / raw)
To: Mike Lothian
Cc: Linux regressions mailing list, sean.wang, nbd, lorenzo.bianconi,
sean.wang, deren.wu, mingyen.hsieh, linux-wireless,
linux-mediatek, spasswolf
Am Mittwoch, dem 28.08.2024 um 00:38 +0100 schrieb Mike Lothian:
> But not the follow on fix which fixes suspend...
>
> diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/main.c
> b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
> index 2e6268cb06c0..a85c19da77e5 100644
> --- a/drivers/net/wireless/mediatek/mt76/mt7921/main.c
> +++ b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
> @@ -1182,7 +1182,7 @@ static void mt7921_ipv6_addr_change(struct
> ieee80211_hw *hw,
> struct inet6_dev *idev)
> {
> struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
> - struct mt792x_dev *dev = mvif->phy->dev;
> + struct mt792x_dev *dev = mt792x_hw_dev(hw);
> struct inet6_ifaddr *ifa;
> struct in6_addr ns_addrs[IEEE80211_BSS_ARP_ADDR_LIST_LEN];
> struct sk_buff *skb;
> @@ -1205,6 +1205,9 @@ static void mt7921_ipv6_addr_change(struct
> ieee80211_hw *hw,
> },
> };
>
> + if (!mvif->phy)
> + return;
> +
> read_lock_bh(&idev->lock);
> list_for_each_entry(ifa, &idev->addr_list, if_list) {
> if (ifa->flags & IFA_F_TENTATIVE)
>
> > > >
> >
That is interesting (or odd) because suspend (s2idle) works for me in next-
20240827 on this hardware:
04:00.0 Network controller [0280]: MEDIATEK Corp. MT7921K (RZ608) Wi-Fi 6E 80MHz
[14c3:0608]
are you using a different model?
[ 272.780054] [ T848] wlp4s0: deauthenticating from 54:67:51:3d:a2:d2 by
local choice (Reason: 3=DEAUTH_LEAVING)
[ 273.067438] [ T3437] PM: suspend entry (s2idle)
[ 273.151140] [ T3437] Filesystems sync: 0.083 seconds
[ 273.157029] [ T3437] Freezing user space processes
Can your the post the backtrace of your error (when commit 479ffee68d59c599f is
applied)?
Bert Karwatzki
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] wifi: mt76: mt7921: fix null pointer access in mt792x_mac_link_bss_remove
2024-08-28 8:17 ` Bert Karwatzki
@ 2024-08-28 15:20 ` Mike Lothian
2024-08-28 17:05 ` Bert Karwatzki
0 siblings, 1 reply; 16+ messages in thread
From: Mike Lothian @ 2024-08-28 15:20 UTC (permalink / raw)
To: Bert Karwatzki
Cc: Linux regressions mailing list, sean.wang, nbd, lorenzo.bianconi,
sean.wang, deren.wu, mingyen.hsieh, linux-wireless,
linux-mediatek
On Wed, 28 Aug 2024 at 09:17, Bert Karwatzki <spasswolf@web.de> wrote:
>
> Am Mittwoch, dem 28.08.2024 um 00:38 +0100 schrieb Mike Lothian:
> > But not the follow on fix which fixes suspend...
> >
> > diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/main.c
> > b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
> > index 2e6268cb06c0..a85c19da77e5 100644
> > --- a/drivers/net/wireless/mediatek/mt76/mt7921/main.c
> > +++ b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
> > @@ -1182,7 +1182,7 @@ static void mt7921_ipv6_addr_change(struct
> > ieee80211_hw *hw,
> > struct inet6_dev *idev)
> > {
> > struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
> > - struct mt792x_dev *dev = mvif->phy->dev;
> > + struct mt792x_dev *dev = mt792x_hw_dev(hw);
> > struct inet6_ifaddr *ifa;
> > struct in6_addr ns_addrs[IEEE80211_BSS_ARP_ADDR_LIST_LEN];
> > struct sk_buff *skb;
> > @@ -1205,6 +1205,9 @@ static void mt7921_ipv6_addr_change(struct
> > ieee80211_hw *hw,
> > },
> > };
> >
> > + if (!mvif->phy)
> > + return;
> > +
> > read_lock_bh(&idev->lock);
> > list_for_each_entry(ifa, &idev->addr_list, if_list) {
> > if (ifa->flags & IFA_F_TENTATIVE)
> >
> > > > >
> > >
>
> That is interesting (or odd) because suspend (s2idle) works for me in next-
> 20240827 on this hardware:
>
> 04:00.0 Network controller [0280]: MEDIATEK Corp. MT7921K (RZ608) Wi-Fi 6E 80MHz
> [14c3:0608]
>
> are you using a different model?
>
> [ 272.780054] [ T848] wlp4s0: deauthenticating from 54:67:51:3d:a2:d2 by
> local choice (Reason: 3=DEAUTH_LEAVING)
> [ 273.067438] [ T3437] PM: suspend entry (s2idle)
> [ 273.151140] [ T3437] Filesystems sync: 0.083 seconds
> [ 273.157029] [ T3437] Freezing user space processes
>
> Can your the post the backtrace of your error (when commit 479ffee68d59c599f is
> applied)?
>
> Bert Karwatzki
Apologies, it wasn't a suspend issue, it was when the router was restarted
The error I saw was previously in this thread and someone pointed me
to the patch that fixed it - but that hasn't made it upstream yet
Aug 01 08:59:33 quark kernel: BUG: kernel NULL pointer dereference,
address: 0000000000000008
Aug 01 08:59:33 quark kernel: #PF: supervisor read access in kernel mode
Aug 01 08:59:33 quark kernel: #PF: error_code(0x0000) - not-present page
Aug 01 08:59:33 quark kernel: PGD 0 P4D 0
Aug 01 08:59:33 quark kernel: Oops: Oops: 0000 [#1] PREEMPT SMP
Aug 01 08:59:33 quark kernel: CPU: 13 UID: 0 PID: 468 Comm:
NetworkManager Not tainted 6.11.0-rc1-tip+ #3200
9c927d6f3c59d826d15d8e39c195392d1d16b8a8
Aug 01 08:59:33 quark kernel: Hardware name: Micro Computer (HK) Tech
Limited EliteMini Series/HPBSD, BIOS 1.02 03/28/2024
Aug 01 08:59:33 quark kernel: RIP: 0010:mt7921_ipv6_addr_change
Aug 01 08:59:33 quark kernel: Code: 41 57 41 56 41 54 53 48 83 e4 f0
48 83 ec 50 48 8b 86 70 09 00 00 0f b6 8e 90 04 00 00 4c 8d ba 68 02
00 00 49 89 d6 4c 89 ff <48> 8b 58 08 88 4c 24 04 66 c7 44 24 05 00 00
c6 44 24 07 00 66 c7
Aug 01 08:59:33 quark kernel: RSP: 0018:ffffc900069373b0 EFLAGS: 00010282
Aug 01 08:59:33 quark kernel: RAX: 0000000000000000 RBX:
ffff888106740920 RCX: 0000000000000000
Aug 01 08:59:33 quark kernel: RDX: ffff888106854800 RSI:
ffff88810bb35ca0 RDI: ffff888106854a68
Aug 01 08:59:33 quark kernel: RBP: ffffc90006937420 R08:
0000000000000000 R09: ffff888104c98200
Aug 01 08:59:33 quark kernel: R10: ffffffff7fff0000 R11:
0000000000000020 R12: 0000000000000002
Aug 01 08:59:33 quark kernel: R13: 0000000000000000 R14:
ffff888106854800 R15: ffff888106854a68
Aug 01 08:59:33 quark kernel: FS: 00007f4265049400(0000)
GS:ffff888c2df40000(0000) knlGS:0000000000000000
Aug 01 08:59:33 quark kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Aug 01 08:59:33 quark kernel: CR2: 0000000000000008 CR3:
0000000117250000 CR4: 0000000000350ef0
Aug 01 08:59:33 quark kernel: Call Trace:
Aug 01 08:59:33 quark kernel: <TASK>
Aug 01 08:59:33 quark kernel: ? __die_body+0x66/0xb0
Aug 01 08:59:33 quark kernel: ? page_fault_oops+0x39a/0x410
Aug 01 08:59:33 quark kernel: ? exc_page_fault+0x59/0xa0
Aug 01 08:59:33 quark kernel: ? asm_exc_page_fault+0x22/0x30
Aug 01 08:59:33 quark kernel: ? mt7921_ipv6_addr_change
Aug 01 08:59:33 quark kernel: ? __try_to_del_timer_sync
Aug 01 08:59:33 quark kernel: ieee80211_ifa6_changed+0x68/0x120
Aug 01 08:59:33 quark kernel: atomic_notifier_call_chain+0x45/0xc0
Aug 01 08:59:33 quark kernel: addrconf_ifdown+0x521/0x7d0
Aug 01 08:59:33 quark kernel: addrconf_notify+0x1ed/0x4a0
Aug 01 08:59:33 quark kernel: raw_notifier_call_chain+0x45/0xb0
Aug 01 08:59:33 quark kernel: __dev_notify_flags+0xf4/0x200
Aug 01 08:59:33 quark kernel: dev_change_flags+0x49/0x50
Aug 01 08:59:33 quark kernel: do_setlink+0x49b/0x1300
Aug 01 08:59:33 quark kernel: ? terminate_walk+0x6b/0x100
Aug 01 08:59:33 quark kernel: ? __nla_validate_parse
Aug 01 08:59:33 quark kernel: ? filename_lookup+0xc7/0x1b0
Aug 01 08:59:33 quark kernel: rtnl_newlink+0xb6a/0xde0
Aug 01 08:59:33 quark kernel: ? __wake_up_sync_key+0x51/0x80
Aug 01 08:59:33 quark kernel: ? scm_destroy+0xc/0x30
Aug 01 08:59:33 quark kernel: ? security_capable+0x38/0x50
Aug 01 08:59:33 quark kernel: rtnetlink_rcv_msg+0x2dd/0x330
Aug 01 08:59:33 quark kernel: ? select_task_rq_fair
Aug 01 08:59:33 quark kernel: ? rtnetlink_bind+0x30/0x30
Aug 01 08:59:33 quark kernel: netlink_rcv_skb+0xb5/0xf0
Aug 01 08:59:33 quark kernel: netlink_unicast+0x230/0x330
Aug 01 08:59:33 quark kernel: netlink_sendmsg+0x3b1/0x460
Aug 01 08:59:33 quark kernel: ____sys_sendmsg
Aug 01 08:59:33 quark kernel: ? chacha_block_generic+0x6a/0x130
Aug 01 08:59:33 quark kernel: ___sys_sendmsg+0x282/0x2a0
Aug 01 08:59:33 quark kernel: ? __fget_files+0x95/0xb0
Aug 01 08:59:33 quark kernel: __se_sys_sendmsg+0xf4/0x120
Aug 01 08:59:33 quark kernel: do_syscall_64+0x7e/0x130
Aug 01 08:59:33 quark kernel: ? pollwake+0x52/0x60
Aug 01 08:59:33 quark kernel: ? do_task_dead+0x50/0x50
Aug 01 08:59:33 quark kernel: ? __wake_up_locked_key+0x48/0x70
Aug 01 08:59:33 quark kernel: ? eventfd_write+0x193/0x1b0
Aug 01 08:59:33 quark kernel: ? syscall_exit_to_user_mode+0x93/0xc0
Aug 01 08:59:33 quark kernel: ? vfs_write+0xfa/0x3d0
Aug 01 08:59:33 quark kernel: ? __fget_files+0x95/0xb0
Aug 01 08:59:33 quark kernel: ? __fget_files+0x95/0xb0
Aug 01 08:59:33 quark kernel: ? ksys_write+0x8f/0xb0
Aug 01 08:59:33 quark kernel: ? arch_exit_to_user_mode_prepare+0x11/0x50
Aug 01 08:59:33 quark kernel: ? syscall_exit_to_user_mode+0x93/0xc0
Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
Aug 01 08:59:33 quark kernel: ? syscall_exit_to_user_mode+0x93/0xc0
Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
Aug 01 08:59:33 quark kernel: ? arch_exit_to_user_mode_prepare+0x11/0x50
Aug 01 08:59:33 quark kernel: entry_SYSCALL_64_after_hwframe+0x4b/0x53
Aug 01 08:59:33 quark kernel: RIP: 0033:0x7f4264d31fae
Aug 01 08:59:33 quark kernel: Code: 20 89 54 24 1c 48 89 74 24 10 89
7c 24 08 e8 a9 75 f7 ff 41 89 c0 8b 54 24 1c 48 8b 74 24 10 b8 2e 00
00 00 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 3a 44 89 c7 48 89 44 24
08 e8 fd 75 f7 ff 48
Aug 01 08:59:33 quark kernel: RSP: 002b:00007ffff4b1afa0 EFLAGS:
00000293 ORIG_RAX: 000000000000002e
Aug 01 08:59:33 quark kernel: RAX: ffffffffffffffda RBX:
000055c35260c570 RCX: 00007f4264d31fae
Aug 01 08:59:33 quark kernel: RDX: 0000000000000000 RSI:
00007ffff4b1afe0 RDI: 000000000000000d
Aug 01 08:59:33 quark kernel: RBP: 00007ffff4b1b050 R08:
0000000000000000 R09: 0000000000000000
Aug 01 08:59:33 quark kernel: R10: 000000000000009d R11:
0000000000000293 R12: 0000000000000004
Aug 01 08:59:33 quark kernel: R13: 0000000000000000 R14:
0000000000000000 R15: 0000000000000000
Aug 01 08:59:33 quark kernel: </TASK>
Aug 01 08:59:33 quark kernel: Modules linked in:
Aug 01 08:59:33 quark kernel: CR2: 0000000000000008
Aug 01 08:59:33 quark kernel: ---[ end trace 0000000000000000 ]---
Aug 01 08:59:33 quark kernel: RIP: 0010:mt7921_ipv6_addr_change
Aug 01 08:59:33 quark kernel: Code: 41 57 41 56 41 54 53 48 83 e4 f0
48 83 ec 50 48 8b 86 70 09 00 00 0f b6 8e 90 04 00 00 4c 8d ba 68 02
00 00 49 89 d6 4c 89 ff <48> 8b 58 08 88 4c 24 04 66 c7 44 24 05 00 00
c6 44 24 07 00 66 c7
Aug 01 08:59:33 quark kernel: RSP: 0018:ffffc900069373b0 EFLAGS: 00010282
Aug 01 08:59:33 quark kernel: RAX: 0000000000000000 RBX:
ffff888106740920 RCX: 0000000000000000
Aug 01 08:59:33 quark kernel: RDX: ffff888106854800 RSI:
ffff88810bb35ca0 RDI: ffff888106854a68
Aug 01 08:59:33 quark kernel: RBP: ffffc90006937420 R08:
0000000000000000 R09: ffff888104c98200
Aug 01 08:59:33 quark kernel: R10: ffffffff7fff0000 R11:
0000000000000020 R12: 0000000000000002
Aug 01 08:59:33 quark kernel: R13: 0000000000000000 R14:
ffff888106854800 R15: ffff888106854a68
Aug 01 08:59:33 quark kernel: FS: 00007f4265049400(0000)
GS:ffff888c2df40000(0000) knlGS:0000000000000000
Aug 01 08:59:33 quark kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Aug 01 08:59:33 quark kernel: CR2: 0000000000000008 CR3:
0000000117250000 CR4: 0000000000350ef0
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] wifi: mt76: mt7921: fix null pointer access in mt792x_mac_link_bss_remove
2024-08-28 15:20 ` Mike Lothian
@ 2024-08-28 17:05 ` Bert Karwatzki
2024-08-29 16:35 ` Mike Lothian
0 siblings, 1 reply; 16+ messages in thread
From: Bert Karwatzki @ 2024-08-28 17:05 UTC (permalink / raw)
To: Mike Lothian
Cc: Linux regressions mailing list, sean.wang, nbd, lorenzo.bianconi,
sean.wang, deren.wu, mingyen.hsieh, linux-wireless,
linux-mediatek, spasswolf
Am Mittwoch, dem 28.08.2024 um 16:20 +0100 schrieb Mike Lothian:
> On Wed, 28 Aug 2024 at 09:17, Bert Karwatzki <spasswolf@web.de> wrote:
> >
> > Am Mittwoch, dem 28.08.2024 um 00:38 +0100 schrieb Mike Lothian:
> > > But not the follow on fix which fixes suspend...
> > >
> > > diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/main.c
> > > b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
> > > index 2e6268cb06c0..a85c19da77e5 100644
> > > --- a/drivers/net/wireless/mediatek/mt76/mt7921/main.c
> > > +++ b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
> > > @@ -1182,7 +1182,7 @@ static void mt7921_ipv6_addr_change(struct
> > > ieee80211_hw *hw,
> > > struct inet6_dev *idev)
> > > {
> > > struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
> > > - struct mt792x_dev *dev = mvif->phy->dev;
> > > + struct mt792x_dev *dev = mt792x_hw_dev(hw);
> > > struct inet6_ifaddr *ifa;
> > > struct in6_addr ns_addrs[IEEE80211_BSS_ARP_ADDR_LIST_LEN];
> > > struct sk_buff *skb;
> > > @@ -1205,6 +1205,9 @@ static void mt7921_ipv6_addr_change(struct
> > > ieee80211_hw *hw,
> > > },
> > > };
> > >
> > > + if (!mvif->phy)
> > > + return;
> > > +
> > > read_lock_bh(&idev->lock);
> > > list_for_each_entry(ifa, &idev->addr_list, if_list) {
> > > if (ifa->flags & IFA_F_TENTATIVE)
> > >
> > > > > >
> > > >
> >
> > That is interesting (or odd) because suspend (s2idle) works for me in next-
> > 20240827 on this hardware:
> >
> > 04:00.0 Network controller [0280]: MEDIATEK Corp. MT7921K (RZ608) Wi-Fi 6E 80MHz
> > [14c3:0608]
> >
> > are you using a different model?
> >
> > [ 272.780054] [ T848] wlp4s0: deauthenticating from 54:67:51:3d:a2:d2 by
> > local choice (Reason: 3=DEAUTH_LEAVING)
> > [ 273.067438] [ T3437] PM: suspend entry (s2idle)
> > [ 273.151140] [ T3437] Filesystems sync: 0.083 seconds
> > [ 273.157029] [ T3437] Freezing user space processes
> >
> > Can your the post the backtrace of your error (when commit 479ffee68d59c599f is
> > applied)?
> >
> > Bert Karwatzki
>
> Apologies, it wasn't a suspend issue, it was when the router was restarted
>
> The error I saw was previously in this thread and someone pointed me
> to the patch that fixed it - but that hasn't made it upstream yet
>
> Aug 01 08:59:33 quark kernel: BUG: kernel NULL pointer dereference,
> address: 0000000000000008
> Aug 01 08:59:33 quark kernel: #PF: supervisor read access in kernel mode
> Aug 01 08:59:33 quark kernel: #PF: error_code(0x0000) - not-present page
> Aug 01 08:59:33 quark kernel: PGD 0 P4D 0
> Aug 01 08:59:33 quark kernel: Oops: Oops: 0000 [#1] PREEMPT SMP
> Aug 01 08:59:33 quark kernel: CPU: 13 UID: 0 PID: 468 Comm:
> NetworkManager Not tainted 6.11.0-rc1-tip+ #3200
> 9c927d6f3c59d826d15d8e39c195392d1d16b8a8
> Aug 01 08:59:33 quark kernel: Hardware name: Micro Computer (HK) Tech
> Limited EliteMini Series/HPBSD, BIOS 1.02 03/28/2024
> Aug 01 08:59:33 quark kernel: RIP: 0010:mt7921_ipv6_addr_change
> Aug 01 08:59:33 quark kernel: Code: 41 57 41 56 41 54 53 48 83 e4 f0
> 48 83 ec 50 48 8b 86 70 09 00 00 0f b6 8e 90 04 00 00 4c 8d ba 68 02
> 00 00 49 89 d6 4c 89 ff <48> 8b 58 08 88 4c 24 04 66 c7 44 24 05 00 00
> c6 44 24 07 00 66 c7
> Aug 01 08:59:33 quark kernel: RSP: 0018:ffffc900069373b0 EFLAGS: 00010282
> Aug 01 08:59:33 quark kernel: RAX: 0000000000000000 RBX:
> ffff888106740920 RCX: 0000000000000000
> Aug 01 08:59:33 quark kernel: RDX: ffff888106854800 RSI:
> ffff88810bb35ca0 RDI: ffff888106854a68
> Aug 01 08:59:33 quark kernel: RBP: ffffc90006937420 R08:
> 0000000000000000 R09: ffff888104c98200
> Aug 01 08:59:33 quark kernel: R10: ffffffff7fff0000 R11:
> 0000000000000020 R12: 0000000000000002
> Aug 01 08:59:33 quark kernel: R13: 0000000000000000 R14:
> ffff888106854800 R15: ffff888106854a68
> Aug 01 08:59:33 quark kernel: FS: 00007f4265049400(0000)
> GS:ffff888c2df40000(0000) knlGS:0000000000000000
> Aug 01 08:59:33 quark kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> Aug 01 08:59:33 quark kernel: CR2: 0000000000000008 CR3:
> 0000000117250000 CR4: 0000000000350ef0
> Aug 01 08:59:33 quark kernel: Call Trace:
> Aug 01 08:59:33 quark kernel: <TASK>
> Aug 01 08:59:33 quark kernel: ? __die_body+0x66/0xb0
> Aug 01 08:59:33 quark kernel: ? page_fault_oops+0x39a/0x410
> Aug 01 08:59:33 quark kernel: ? exc_page_fault+0x59/0xa0
> Aug 01 08:59:33 quark kernel: ? asm_exc_page_fault+0x22/0x30
> Aug 01 08:59:33 quark kernel: ? mt7921_ipv6_addr_change
> Aug 01 08:59:33 quark kernel: ? __try_to_del_timer_sync
> Aug 01 08:59:33 quark kernel: ieee80211_ifa6_changed+0x68/0x120
> Aug 01 08:59:33 quark kernel: atomic_notifier_call_chain+0x45/0xc0
> Aug 01 08:59:33 quark kernel: addrconf_ifdown+0x521/0x7d0
> Aug 01 08:59:33 quark kernel: addrconf_notify+0x1ed/0x4a0
> Aug 01 08:59:33 quark kernel: raw_notifier_call_chain+0x45/0xb0
> Aug 01 08:59:33 quark kernel: __dev_notify_flags+0xf4/0x200
> Aug 01 08:59:33 quark kernel: dev_change_flags+0x49/0x50
> Aug 01 08:59:33 quark kernel: do_setlink+0x49b/0x1300
> Aug 01 08:59:33 quark kernel: ? terminate_walk+0x6b/0x100
> Aug 01 08:59:33 quark kernel: ? __nla_validate_parse
> Aug 01 08:59:33 quark kernel: ? filename_lookup+0xc7/0x1b0
> Aug 01 08:59:33 quark kernel: rtnl_newlink+0xb6a/0xde0
> Aug 01 08:59:33 quark kernel: ? __wake_up_sync_key+0x51/0x80
> Aug 01 08:59:33 quark kernel: ? scm_destroy+0xc/0x30
> Aug 01 08:59:33 quark kernel: ? security_capable+0x38/0x50
> Aug 01 08:59:33 quark kernel: rtnetlink_rcv_msg+0x2dd/0x330
> Aug 01 08:59:33 quark kernel: ? select_task_rq_fair
> Aug 01 08:59:33 quark kernel: ? rtnetlink_bind+0x30/0x30
> Aug 01 08:59:33 quark kernel: netlink_rcv_skb+0xb5/0xf0
> Aug 01 08:59:33 quark kernel: netlink_unicast+0x230/0x330
> Aug 01 08:59:33 quark kernel: netlink_sendmsg+0x3b1/0x460
> Aug 01 08:59:33 quark kernel: ____sys_sendmsg
> Aug 01 08:59:33 quark kernel: ? chacha_block_generic+0x6a/0x130
> Aug 01 08:59:33 quark kernel: ___sys_sendmsg+0x282/0x2a0
> Aug 01 08:59:33 quark kernel: ? __fget_files+0x95/0xb0
> Aug 01 08:59:33 quark kernel: __se_sys_sendmsg+0xf4/0x120
> Aug 01 08:59:33 quark kernel: do_syscall_64+0x7e/0x130
> Aug 01 08:59:33 quark kernel: ? pollwake+0x52/0x60
> Aug 01 08:59:33 quark kernel: ? do_task_dead+0x50/0x50
> Aug 01 08:59:33 quark kernel: ? __wake_up_locked_key+0x48/0x70
> Aug 01 08:59:33 quark kernel: ? eventfd_write+0x193/0x1b0
> Aug 01 08:59:33 quark kernel: ? syscall_exit_to_user_mode+0x93/0xc0
> Aug 01 08:59:33 quark kernel: ? vfs_write+0xfa/0x3d0
> Aug 01 08:59:33 quark kernel: ? __fget_files+0x95/0xb0
> Aug 01 08:59:33 quark kernel: ? __fget_files+0x95/0xb0
> Aug 01 08:59:33 quark kernel: ? ksys_write+0x8f/0xb0
> Aug 01 08:59:33 quark kernel: ? arch_exit_to_user_mode_prepare+0x11/0x50
> Aug 01 08:59:33 quark kernel: ? syscall_exit_to_user_mode+0x93/0xc0
> Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
> Aug 01 08:59:33 quark kernel: ? syscall_exit_to_user_mode+0x93/0xc0
> Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
> Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
> Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
> Aug 01 08:59:33 quark kernel: ? arch_exit_to_user_mode_prepare+0x11/0x50
> Aug 01 08:59:33 quark kernel: entry_SYSCALL_64_after_hwframe+0x4b/0x53
> Aug 01 08:59:33 quark kernel: RIP: 0033:0x7f4264d31fae
> Aug 01 08:59:33 quark kernel: Code: 20 89 54 24 1c 48 89 74 24 10 89
> 7c 24 08 e8 a9 75 f7 ff 41 89 c0 8b 54 24 1c 48 8b 74 24 10 b8 2e 00
> 00 00 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 3a 44 89 c7 48 89 44 24
> 08 e8 fd 75 f7 ff 48
> Aug 01 08:59:33 quark kernel: RSP: 002b:00007ffff4b1afa0 EFLAGS:
> 00000293 ORIG_RAX: 000000000000002e
> Aug 01 08:59:33 quark kernel: RAX: ffffffffffffffda RBX:
> 000055c35260c570 RCX: 00007f4264d31fae
> Aug 01 08:59:33 quark kernel: RDX: 0000000000000000 RSI:
> 00007ffff4b1afe0 RDI: 000000000000000d
> Aug 01 08:59:33 quark kernel: RBP: 00007ffff4b1b050 R08:
> 0000000000000000 R09: 0000000000000000
> Aug 01 08:59:33 quark kernel: R10: 000000000000009d R11:
> 0000000000000293 R12: 0000000000000004
> Aug 01 08:59:33 quark kernel: R13: 0000000000000000 R14:
> 0000000000000000 R15: 0000000000000000
> Aug 01 08:59:33 quark kernel: </TASK>
> Aug 01 08:59:33 quark kernel: Modules linked in:
> Aug 01 08:59:33 quark kernel: CR2: 0000000000000008
> Aug 01 08:59:33 quark kernel: ---[ end trace 0000000000000000 ]---
> Aug 01 08:59:33 quark kernel: RIP: 0010:mt7921_ipv6_addr_change
> Aug 01 08:59:33 quark kernel: Code: 41 57 41 56 41 54 53 48 83 e4 f0
> 48 83 ec 50 48 8b 86 70 09 00 00 0f b6 8e 90 04 00 00 4c 8d ba 68 02
> 00 00 49 89 d6 4c 89 ff <48> 8b 58 08 88 4c 24 04 66 c7 44 24 05 00 00
> c6 44 24 07 00 66 c7
> Aug 01 08:59:33 quark kernel: RSP: 0018:ffffc900069373b0 EFLAGS: 00010282
> Aug 01 08:59:33 quark kernel: RAX: 0000000000000000 RBX:
> ffff888106740920 RCX: 0000000000000000
> Aug 01 08:59:33 quark kernel: RDX: ffff888106854800 RSI:
> ffff88810bb35ca0 RDI: ffff888106854a68
> Aug 01 08:59:33 quark kernel: RBP: ffffc90006937420 R08:
> 0000000000000000 R09: ffff888104c98200
> Aug 01 08:59:33 quark kernel: R10: ffffffff7fff0000 R11:
> 0000000000000020 R12: 0000000000000002
> Aug 01 08:59:33 quark kernel: R13: 0000000000000000 R14:
> ffff888106854800 R15: ffff888106854a68
> Aug 01 08:59:33 quark kernel: FS: 00007f4265049400(0000)
> GS:ffff888c2df40000(0000) knlGS:0000000000000000
> Aug 01 08:59:33 quark kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> Aug 01 08:59:33 quark kernel: CR2: 0000000000000008 CR3:
> 0000000117250000 CR4: 0000000000350ef0
this seems to be exactly the same error as I had (It can also be actively
provoked by "nmcli radio wifi off"), but in my case commit 479ffee68d59c599 is
enough to fix the issue. Can you please double check that your faulty kernel
does not include this commit. If it does and you still get the error I can post
the fix to the list.
Bert Karwatzki
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] wifi: mt76: mt7921: fix null pointer access in mt792x_mac_link_bss_remove
2024-08-28 17:05 ` Bert Karwatzki
@ 2024-08-29 16:35 ` Mike Lothian
2024-08-29 16:52 ` Mike Lothian
0 siblings, 1 reply; 16+ messages in thread
From: Mike Lothian @ 2024-08-29 16:35 UTC (permalink / raw)
To: Bert Karwatzki
Cc: Linux regressions mailing list, sean.wang, nbd, lorenzo.bianconi,
sean.wang, deren.wu, mingyen.hsieh, linux-wireless,
linux-mediatek
On Wed, 28 Aug 2024 at 18:05, Bert Karwatzki <spasswolf@web.de> wrote:
>
> Am Mittwoch, dem 28.08.2024 um 16:20 +0100 schrieb Mike Lothian:
> > On Wed, 28 Aug 2024 at 09:17, Bert Karwatzki <spasswolf@web.de> wrote:
> > >
> > > Am Mittwoch, dem 28.08.2024 um 00:38 +0100 schrieb Mike Lothian:
> > > > But not the follow on fix which fixes suspend...
> > > >
> > > > diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/main.c
> > > > b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
> > > > index 2e6268cb06c0..a85c19da77e5 100644
> > > > --- a/drivers/net/wireless/mediatek/mt76/mt7921/main.c
> > > > +++ b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
> > > > @@ -1182,7 +1182,7 @@ static void mt7921_ipv6_addr_change(struct
> > > > ieee80211_hw *hw,
> > > > struct inet6_dev *idev)
> > > > {
> > > > struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
> > > > - struct mt792x_dev *dev = mvif->phy->dev;
> > > > + struct mt792x_dev *dev = mt792x_hw_dev(hw);
> > > > struct inet6_ifaddr *ifa;
> > > > struct in6_addr ns_addrs[IEEE80211_BSS_ARP_ADDR_LIST_LEN];
> > > > struct sk_buff *skb;
> > > > @@ -1205,6 +1205,9 @@ static void mt7921_ipv6_addr_change(struct
> > > > ieee80211_hw *hw,
> > > > },
> > > > };
> > > >
> > > > + if (!mvif->phy)
> > > > + return;
> > > > +
> > > > read_lock_bh(&idev->lock);
> > > > list_for_each_entry(ifa, &idev->addr_list, if_list) {
> > > > if (ifa->flags & IFA_F_TENTATIVE)
> > > >
> > > > > > >
> > > > >
> > >
> > > That is interesting (or odd) because suspend (s2idle) works for me in next-
> > > 20240827 on this hardware:
> > >
> > > 04:00.0 Network controller [0280]: MEDIATEK Corp. MT7921K (RZ608) Wi-Fi 6E 80MHz
> > > [14c3:0608]
> > >
> > > are you using a different model?
> > >
> > > [ 272.780054] [ T848] wlp4s0: deauthenticating from 54:67:51:3d:a2:d2 by
> > > local choice (Reason: 3=DEAUTH_LEAVING)
> > > [ 273.067438] [ T3437] PM: suspend entry (s2idle)
> > > [ 273.151140] [ T3437] Filesystems sync: 0.083 seconds
> > > [ 273.157029] [ T3437] Freezing user space processes
> > >
> > > Can your the post the backtrace of your error (when commit 479ffee68d59c599f is
> > > applied)?
> > >
> > > Bert Karwatzki
> >
> > Apologies, it wasn't a suspend issue, it was when the router was restarted
> >
> > The error I saw was previously in this thread and someone pointed me
> > to the patch that fixed it - but that hasn't made it upstream yet
> >
> > Aug 01 08:59:33 quark kernel: BUG: kernel NULL pointer dereference,
> > address: 0000000000000008
> > Aug 01 08:59:33 quark kernel: #PF: supervisor read access in kernel mode
> > Aug 01 08:59:33 quark kernel: #PF: error_code(0x0000) - not-present page
> > Aug 01 08:59:33 quark kernel: PGD 0 P4D 0
> > Aug 01 08:59:33 quark kernel: Oops: Oops: 0000 [#1] PREEMPT SMP
> > Aug 01 08:59:33 quark kernel: CPU: 13 UID: 0 PID: 468 Comm:
> > NetworkManager Not tainted 6.11.0-rc1-tip+ #3200
> > 9c927d6f3c59d826d15d8e39c195392d1d16b8a8
> > Aug 01 08:59:33 quark kernel: Hardware name: Micro Computer (HK) Tech
> > Limited EliteMini Series/HPBSD, BIOS 1.02 03/28/2024
> > Aug 01 08:59:33 quark kernel: RIP: 0010:mt7921_ipv6_addr_change
> > Aug 01 08:59:33 quark kernel: Code: 41 57 41 56 41 54 53 48 83 e4 f0
> > 48 83 ec 50 48 8b 86 70 09 00 00 0f b6 8e 90 04 00 00 4c 8d ba 68 02
> > 00 00 49 89 d6 4c 89 ff <48> 8b 58 08 88 4c 24 04 66 c7 44 24 05 00 00
> > c6 44 24 07 00 66 c7
> > Aug 01 08:59:33 quark kernel: RSP: 0018:ffffc900069373b0 EFLAGS: 00010282
> > Aug 01 08:59:33 quark kernel: RAX: 0000000000000000 RBX:
> > ffff888106740920 RCX: 0000000000000000
> > Aug 01 08:59:33 quark kernel: RDX: ffff888106854800 RSI:
> > ffff88810bb35ca0 RDI: ffff888106854a68
> > Aug 01 08:59:33 quark kernel: RBP: ffffc90006937420 R08:
> > 0000000000000000 R09: ffff888104c98200
> > Aug 01 08:59:33 quark kernel: R10: ffffffff7fff0000 R11:
> > 0000000000000020 R12: 0000000000000002
> > Aug 01 08:59:33 quark kernel: R13: 0000000000000000 R14:
> > ffff888106854800 R15: ffff888106854a68
> > Aug 01 08:59:33 quark kernel: FS: 00007f4265049400(0000)
> > GS:ffff888c2df40000(0000) knlGS:0000000000000000
> > Aug 01 08:59:33 quark kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > Aug 01 08:59:33 quark kernel: CR2: 0000000000000008 CR3:
> > 0000000117250000 CR4: 0000000000350ef0
> > Aug 01 08:59:33 quark kernel: Call Trace:
> > Aug 01 08:59:33 quark kernel: <TASK>
> > Aug 01 08:59:33 quark kernel: ? __die_body+0x66/0xb0
> > Aug 01 08:59:33 quark kernel: ? page_fault_oops+0x39a/0x410
> > Aug 01 08:59:33 quark kernel: ? exc_page_fault+0x59/0xa0
> > Aug 01 08:59:33 quark kernel: ? asm_exc_page_fault+0x22/0x30
> > Aug 01 08:59:33 quark kernel: ? mt7921_ipv6_addr_change
> > Aug 01 08:59:33 quark kernel: ? __try_to_del_timer_sync
> > Aug 01 08:59:33 quark kernel: ieee80211_ifa6_changed+0x68/0x120
> > Aug 01 08:59:33 quark kernel: atomic_notifier_call_chain+0x45/0xc0
> > Aug 01 08:59:33 quark kernel: addrconf_ifdown+0x521/0x7d0
> > Aug 01 08:59:33 quark kernel: addrconf_notify+0x1ed/0x4a0
> > Aug 01 08:59:33 quark kernel: raw_notifier_call_chain+0x45/0xb0
> > Aug 01 08:59:33 quark kernel: __dev_notify_flags+0xf4/0x200
> > Aug 01 08:59:33 quark kernel: dev_change_flags+0x49/0x50
> > Aug 01 08:59:33 quark kernel: do_setlink+0x49b/0x1300
> > Aug 01 08:59:33 quark kernel: ? terminate_walk+0x6b/0x100
> > Aug 01 08:59:33 quark kernel: ? __nla_validate_parse
> > Aug 01 08:59:33 quark kernel: ? filename_lookup+0xc7/0x1b0
> > Aug 01 08:59:33 quark kernel: rtnl_newlink+0xb6a/0xde0
> > Aug 01 08:59:33 quark kernel: ? __wake_up_sync_key+0x51/0x80
> > Aug 01 08:59:33 quark kernel: ? scm_destroy+0xc/0x30
> > Aug 01 08:59:33 quark kernel: ? security_capable+0x38/0x50
> > Aug 01 08:59:33 quark kernel: rtnetlink_rcv_msg+0x2dd/0x330
> > Aug 01 08:59:33 quark kernel: ? select_task_rq_fair
> > Aug 01 08:59:33 quark kernel: ? rtnetlink_bind+0x30/0x30
> > Aug 01 08:59:33 quark kernel: netlink_rcv_skb+0xb5/0xf0
> > Aug 01 08:59:33 quark kernel: netlink_unicast+0x230/0x330
> > Aug 01 08:59:33 quark kernel: netlink_sendmsg+0x3b1/0x460
> > Aug 01 08:59:33 quark kernel: ____sys_sendmsg
> > Aug 01 08:59:33 quark kernel: ? chacha_block_generic+0x6a/0x130
> > Aug 01 08:59:33 quark kernel: ___sys_sendmsg+0x282/0x2a0
> > Aug 01 08:59:33 quark kernel: ? __fget_files+0x95/0xb0
> > Aug 01 08:59:33 quark kernel: __se_sys_sendmsg+0xf4/0x120
> > Aug 01 08:59:33 quark kernel: do_syscall_64+0x7e/0x130
> > Aug 01 08:59:33 quark kernel: ? pollwake+0x52/0x60
> > Aug 01 08:59:33 quark kernel: ? do_task_dead+0x50/0x50
> > Aug 01 08:59:33 quark kernel: ? __wake_up_locked_key+0x48/0x70
> > Aug 01 08:59:33 quark kernel: ? eventfd_write+0x193/0x1b0
> > Aug 01 08:59:33 quark kernel: ? syscall_exit_to_user_mode+0x93/0xc0
> > Aug 01 08:59:33 quark kernel: ? vfs_write+0xfa/0x3d0
> > Aug 01 08:59:33 quark kernel: ? __fget_files+0x95/0xb0
> > Aug 01 08:59:33 quark kernel: ? __fget_files+0x95/0xb0
> > Aug 01 08:59:33 quark kernel: ? ksys_write+0x8f/0xb0
> > Aug 01 08:59:33 quark kernel: ? arch_exit_to_user_mode_prepare+0x11/0x50
> > Aug 01 08:59:33 quark kernel: ? syscall_exit_to_user_mode+0x93/0xc0
> > Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
> > Aug 01 08:59:33 quark kernel: ? syscall_exit_to_user_mode+0x93/0xc0
> > Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
> > Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
> > Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
> > Aug 01 08:59:33 quark kernel: ? arch_exit_to_user_mode_prepare+0x11/0x50
> > Aug 01 08:59:33 quark kernel: entry_SYSCALL_64_after_hwframe+0x4b/0x53
> > Aug 01 08:59:33 quark kernel: RIP: 0033:0x7f4264d31fae
> > Aug 01 08:59:33 quark kernel: Code: 20 89 54 24 1c 48 89 74 24 10 89
> > 7c 24 08 e8 a9 75 f7 ff 41 89 c0 8b 54 24 1c 48 8b 74 24 10 b8 2e 00
> > 00 00 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 3a 44 89 c7 48 89 44 24
> > 08 e8 fd 75 f7 ff 48
> > Aug 01 08:59:33 quark kernel: RSP: 002b:00007ffff4b1afa0 EFLAGS:
> > 00000293 ORIG_RAX: 000000000000002e
> > Aug 01 08:59:33 quark kernel: RAX: ffffffffffffffda RBX:
> > 000055c35260c570 RCX: 00007f4264d31fae
> > Aug 01 08:59:33 quark kernel: RDX: 0000000000000000 RSI:
> > 00007ffff4b1afe0 RDI: 000000000000000d
> > Aug 01 08:59:33 quark kernel: RBP: 00007ffff4b1b050 R08:
> > 0000000000000000 R09: 0000000000000000
> > Aug 01 08:59:33 quark kernel: R10: 000000000000009d R11:
> > 0000000000000293 R12: 0000000000000004
> > Aug 01 08:59:33 quark kernel: R13: 0000000000000000 R14:
> > 0000000000000000 R15: 0000000000000000
> > Aug 01 08:59:33 quark kernel: </TASK>
> > Aug 01 08:59:33 quark kernel: Modules linked in:
> > Aug 01 08:59:33 quark kernel: CR2: 0000000000000008
> > Aug 01 08:59:33 quark kernel: ---[ end trace 0000000000000000 ]---
> > Aug 01 08:59:33 quark kernel: RIP: 0010:mt7921_ipv6_addr_change
> > Aug 01 08:59:33 quark kernel: Code: 41 57 41 56 41 54 53 48 83 e4 f0
> > 48 83 ec 50 48 8b 86 70 09 00 00 0f b6 8e 90 04 00 00 4c 8d ba 68 02
> > 00 00 49 89 d6 4c 89 ff <48> 8b 58 08 88 4c 24 04 66 c7 44 24 05 00 00
> > c6 44 24 07 00 66 c7
> > Aug 01 08:59:33 quark kernel: RSP: 0018:ffffc900069373b0 EFLAGS: 00010282
> > Aug 01 08:59:33 quark kernel: RAX: 0000000000000000 RBX:
> > ffff888106740920 RCX: 0000000000000000
> > Aug 01 08:59:33 quark kernel: RDX: ffff888106854800 RSI:
> > ffff88810bb35ca0 RDI: ffff888106854a68
> > Aug 01 08:59:33 quark kernel: RBP: ffffc90006937420 R08:
> > 0000000000000000 R09: ffff888104c98200
> > Aug 01 08:59:33 quark kernel: R10: ffffffff7fff0000 R11:
> > 0000000000000020 R12: 0000000000000002
> > Aug 01 08:59:33 quark kernel: R13: 0000000000000000 R14:
> > ffff888106854800 R15: ffff888106854a68
> > Aug 01 08:59:33 quark kernel: FS: 00007f4265049400(0000)
> > GS:ffff888c2df40000(0000) knlGS:0000000000000000
> > Aug 01 08:59:33 quark kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > Aug 01 08:59:33 quark kernel: CR2: 0000000000000008 CR3:
> > 0000000117250000 CR4: 0000000000350ef0
>
>
> this seems to be exactly the same error as I had (It can also be actively
> provoked by "nmcli radio wifi off"), but in my case commit 479ffee68d59c599 is
> enough to fix the issue. Can you please double check that your faulty kernel
> does not include this commit. If it does and you still get the error I can post
> the fix to the list.
>
> Bert Karwatzki
479ffee68d59c599 isn't enough to fix it here, I've been applying the
second patch since it was pointed out
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] wifi: mt76: mt7921: fix null pointer access in mt792x_mac_link_bss_remove
2024-08-29 16:35 ` Mike Lothian
@ 2024-08-29 16:52 ` Mike Lothian
2024-09-05 13:33 ` Kalle Valo
0 siblings, 1 reply; 16+ messages in thread
From: Mike Lothian @ 2024-08-29 16:52 UTC (permalink / raw)
To: Bert Karwatzki
Cc: Linux regressions mailing list, sean.wang, nbd, lorenzo.bianconi,
sean.wang, deren.wu, mingyen.hsieh, linux-wireless,
linux-mediatek
On Thu, 29 Aug 2024 at 17:35, Mike Lothian <mike@fireburn.co.uk> wrote:
>
> On Wed, 28 Aug 2024 at 18:05, Bert Karwatzki <spasswolf@web.de> wrote:
> >
> > Am Mittwoch, dem 28.08.2024 um 16:20 +0100 schrieb Mike Lothian:
> > > On Wed, 28 Aug 2024 at 09:17, Bert Karwatzki <spasswolf@web.de> wrote:
> > > >
> > > > Am Mittwoch, dem 28.08.2024 um 00:38 +0100 schrieb Mike Lothian:
> > > > > But not the follow on fix which fixes suspend...
> > > > >
> > > > > diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/main.c
> > > > > b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
> > > > > index 2e6268cb06c0..a85c19da77e5 100644
> > > > > --- a/drivers/net/wireless/mediatek/mt76/mt7921/main.c
> > > > > +++ b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
> > > > > @@ -1182,7 +1182,7 @@ static void mt7921_ipv6_addr_change(struct
> > > > > ieee80211_hw *hw,
> > > > > struct inet6_dev *idev)
> > > > > {
> > > > > struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
> > > > > - struct mt792x_dev *dev = mvif->phy->dev;
> > > > > + struct mt792x_dev *dev = mt792x_hw_dev(hw);
> > > > > struct inet6_ifaddr *ifa;
> > > > > struct in6_addr ns_addrs[IEEE80211_BSS_ARP_ADDR_LIST_LEN];
> > > > > struct sk_buff *skb;
> > > > > @@ -1205,6 +1205,9 @@ static void mt7921_ipv6_addr_change(struct
> > > > > ieee80211_hw *hw,
> > > > > },
> > > > > };
> > > > >
> > > > > + if (!mvif->phy)
> > > > > + return;
> > > > > +
> > > > > read_lock_bh(&idev->lock);
> > > > > list_for_each_entry(ifa, &idev->addr_list, if_list) {
> > > > > if (ifa->flags & IFA_F_TENTATIVE)
> > > > >
> > > > > > > >
> > > > > >
> > > >
> > > > That is interesting (or odd) because suspend (s2idle) works for me in next-
> > > > 20240827 on this hardware:
> > > >
> > > > 04:00.0 Network controller [0280]: MEDIATEK Corp. MT7921K (RZ608) Wi-Fi 6E 80MHz
> > > > [14c3:0608]
> > > >
> > > > are you using a different model?
> > > >
> > > > [ 272.780054] [ T848] wlp4s0: deauthenticating from 54:67:51:3d:a2:d2 by
> > > > local choice (Reason: 3=DEAUTH_LEAVING)
> > > > [ 273.067438] [ T3437] PM: suspend entry (s2idle)
> > > > [ 273.151140] [ T3437] Filesystems sync: 0.083 seconds
> > > > [ 273.157029] [ T3437] Freezing user space processes
> > > >
> > > > Can your the post the backtrace of your error (when commit 479ffee68d59c599f is
> > > > applied)?
> > > >
> > > > Bert Karwatzki
> > >
> > > Apologies, it wasn't a suspend issue, it was when the router was restarted
> > >
> > > The error I saw was previously in this thread and someone pointed me
> > > to the patch that fixed it - but that hasn't made it upstream yet
> > >
> > > Aug 01 08:59:33 quark kernel: BUG: kernel NULL pointer dereference,
> > > address: 0000000000000008
> > > Aug 01 08:59:33 quark kernel: #PF: supervisor read access in kernel mode
> > > Aug 01 08:59:33 quark kernel: #PF: error_code(0x0000) - not-present page
> > > Aug 01 08:59:33 quark kernel: PGD 0 P4D 0
> > > Aug 01 08:59:33 quark kernel: Oops: Oops: 0000 [#1] PREEMPT SMP
> > > Aug 01 08:59:33 quark kernel: CPU: 13 UID: 0 PID: 468 Comm:
> > > NetworkManager Not tainted 6.11.0-rc1-tip+ #3200
> > > 9c927d6f3c59d826d15d8e39c195392d1d16b8a8
> > > Aug 01 08:59:33 quark kernel: Hardware name: Micro Computer (HK) Tech
> > > Limited EliteMini Series/HPBSD, BIOS 1.02 03/28/2024
> > > Aug 01 08:59:33 quark kernel: RIP: 0010:mt7921_ipv6_addr_change
> > > Aug 01 08:59:33 quark kernel: Code: 41 57 41 56 41 54 53 48 83 e4 f0
> > > 48 83 ec 50 48 8b 86 70 09 00 00 0f b6 8e 90 04 00 00 4c 8d ba 68 02
> > > 00 00 49 89 d6 4c 89 ff <48> 8b 58 08 88 4c 24 04 66 c7 44 24 05 00 00
> > > c6 44 24 07 00 66 c7
> > > Aug 01 08:59:33 quark kernel: RSP: 0018:ffffc900069373b0 EFLAGS: 00010282
> > > Aug 01 08:59:33 quark kernel: RAX: 0000000000000000 RBX:
> > > ffff888106740920 RCX: 0000000000000000
> > > Aug 01 08:59:33 quark kernel: RDX: ffff888106854800 RSI:
> > > ffff88810bb35ca0 RDI: ffff888106854a68
> > > Aug 01 08:59:33 quark kernel: RBP: ffffc90006937420 R08:
> > > 0000000000000000 R09: ffff888104c98200
> > > Aug 01 08:59:33 quark kernel: R10: ffffffff7fff0000 R11:
> > > 0000000000000020 R12: 0000000000000002
> > > Aug 01 08:59:33 quark kernel: R13: 0000000000000000 R14:
> > > ffff888106854800 R15: ffff888106854a68
> > > Aug 01 08:59:33 quark kernel: FS: 00007f4265049400(0000)
> > > GS:ffff888c2df40000(0000) knlGS:0000000000000000
> > > Aug 01 08:59:33 quark kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > > Aug 01 08:59:33 quark kernel: CR2: 0000000000000008 CR3:
> > > 0000000117250000 CR4: 0000000000350ef0
> > > Aug 01 08:59:33 quark kernel: Call Trace:
> > > Aug 01 08:59:33 quark kernel: <TASK>
> > > Aug 01 08:59:33 quark kernel: ? __die_body+0x66/0xb0
> > > Aug 01 08:59:33 quark kernel: ? page_fault_oops+0x39a/0x410
> > > Aug 01 08:59:33 quark kernel: ? exc_page_fault+0x59/0xa0
> > > Aug 01 08:59:33 quark kernel: ? asm_exc_page_fault+0x22/0x30
> > > Aug 01 08:59:33 quark kernel: ? mt7921_ipv6_addr_change
> > > Aug 01 08:59:33 quark kernel: ? __try_to_del_timer_sync
> > > Aug 01 08:59:33 quark kernel: ieee80211_ifa6_changed+0x68/0x120
> > > Aug 01 08:59:33 quark kernel: atomic_notifier_call_chain+0x45/0xc0
> > > Aug 01 08:59:33 quark kernel: addrconf_ifdown+0x521/0x7d0
> > > Aug 01 08:59:33 quark kernel: addrconf_notify+0x1ed/0x4a0
> > > Aug 01 08:59:33 quark kernel: raw_notifier_call_chain+0x45/0xb0
> > > Aug 01 08:59:33 quark kernel: __dev_notify_flags+0xf4/0x200
> > > Aug 01 08:59:33 quark kernel: dev_change_flags+0x49/0x50
> > > Aug 01 08:59:33 quark kernel: do_setlink+0x49b/0x1300
> > > Aug 01 08:59:33 quark kernel: ? terminate_walk+0x6b/0x100
> > > Aug 01 08:59:33 quark kernel: ? __nla_validate_parse
> > > Aug 01 08:59:33 quark kernel: ? filename_lookup+0xc7/0x1b0
> > > Aug 01 08:59:33 quark kernel: rtnl_newlink+0xb6a/0xde0
> > > Aug 01 08:59:33 quark kernel: ? __wake_up_sync_key+0x51/0x80
> > > Aug 01 08:59:33 quark kernel: ? scm_destroy+0xc/0x30
> > > Aug 01 08:59:33 quark kernel: ? security_capable+0x38/0x50
> > > Aug 01 08:59:33 quark kernel: rtnetlink_rcv_msg+0x2dd/0x330
> > > Aug 01 08:59:33 quark kernel: ? select_task_rq_fair
> > > Aug 01 08:59:33 quark kernel: ? rtnetlink_bind+0x30/0x30
> > > Aug 01 08:59:33 quark kernel: netlink_rcv_skb+0xb5/0xf0
> > > Aug 01 08:59:33 quark kernel: netlink_unicast+0x230/0x330
> > > Aug 01 08:59:33 quark kernel: netlink_sendmsg+0x3b1/0x460
> > > Aug 01 08:59:33 quark kernel: ____sys_sendmsg
> > > Aug 01 08:59:33 quark kernel: ? chacha_block_generic+0x6a/0x130
> > > Aug 01 08:59:33 quark kernel: ___sys_sendmsg+0x282/0x2a0
> > > Aug 01 08:59:33 quark kernel: ? __fget_files+0x95/0xb0
> > > Aug 01 08:59:33 quark kernel: __se_sys_sendmsg+0xf4/0x120
> > > Aug 01 08:59:33 quark kernel: do_syscall_64+0x7e/0x130
> > > Aug 01 08:59:33 quark kernel: ? pollwake+0x52/0x60
> > > Aug 01 08:59:33 quark kernel: ? do_task_dead+0x50/0x50
> > > Aug 01 08:59:33 quark kernel: ? __wake_up_locked_key+0x48/0x70
> > > Aug 01 08:59:33 quark kernel: ? eventfd_write+0x193/0x1b0
> > > Aug 01 08:59:33 quark kernel: ? syscall_exit_to_user_mode+0x93/0xc0
> > > Aug 01 08:59:33 quark kernel: ? vfs_write+0xfa/0x3d0
> > > Aug 01 08:59:33 quark kernel: ? __fget_files+0x95/0xb0
> > > Aug 01 08:59:33 quark kernel: ? __fget_files+0x95/0xb0
> > > Aug 01 08:59:33 quark kernel: ? ksys_write+0x8f/0xb0
> > > Aug 01 08:59:33 quark kernel: ? arch_exit_to_user_mode_prepare+0x11/0x50
> > > Aug 01 08:59:33 quark kernel: ? syscall_exit_to_user_mode+0x93/0xc0
> > > Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
> > > Aug 01 08:59:33 quark kernel: ? syscall_exit_to_user_mode+0x93/0xc0
> > > Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
> > > Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
> > > Aug 01 08:59:33 quark kernel: ? do_syscall_64+0x8a/0x130
> > > Aug 01 08:59:33 quark kernel: ? arch_exit_to_user_mode_prepare+0x11/0x50
> > > Aug 01 08:59:33 quark kernel: entry_SYSCALL_64_after_hwframe+0x4b/0x53
> > > Aug 01 08:59:33 quark kernel: RIP: 0033:0x7f4264d31fae
> > > Aug 01 08:59:33 quark kernel: Code: 20 89 54 24 1c 48 89 74 24 10 89
> > > 7c 24 08 e8 a9 75 f7 ff 41 89 c0 8b 54 24 1c 48 8b 74 24 10 b8 2e 00
> > > 00 00 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 3a 44 89 c7 48 89 44 24
> > > 08 e8 fd 75 f7 ff 48
> > > Aug 01 08:59:33 quark kernel: RSP: 002b:00007ffff4b1afa0 EFLAGS:
> > > 00000293 ORIG_RAX: 000000000000002e
> > > Aug 01 08:59:33 quark kernel: RAX: ffffffffffffffda RBX:
> > > 000055c35260c570 RCX: 00007f4264d31fae
> > > Aug 01 08:59:33 quark kernel: RDX: 0000000000000000 RSI:
> > > 00007ffff4b1afe0 RDI: 000000000000000d
> > > Aug 01 08:59:33 quark kernel: RBP: 00007ffff4b1b050 R08:
> > > 0000000000000000 R09: 0000000000000000
> > > Aug 01 08:59:33 quark kernel: R10: 000000000000009d R11:
> > > 0000000000000293 R12: 0000000000000004
> > > Aug 01 08:59:33 quark kernel: R13: 0000000000000000 R14:
> > > 0000000000000000 R15: 0000000000000000
> > > Aug 01 08:59:33 quark kernel: </TASK>
> > > Aug 01 08:59:33 quark kernel: Modules linked in:
> > > Aug 01 08:59:33 quark kernel: CR2: 0000000000000008
> > > Aug 01 08:59:33 quark kernel: ---[ end trace 0000000000000000 ]---
> > > Aug 01 08:59:33 quark kernel: RIP: 0010:mt7921_ipv6_addr_change
> > > Aug 01 08:59:33 quark kernel: Code: 41 57 41 56 41 54 53 48 83 e4 f0
> > > 48 83 ec 50 48 8b 86 70 09 00 00 0f b6 8e 90 04 00 00 4c 8d ba 68 02
> > > 00 00 49 89 d6 4c 89 ff <48> 8b 58 08 88 4c 24 04 66 c7 44 24 05 00 00
> > > c6 44 24 07 00 66 c7
> > > Aug 01 08:59:33 quark kernel: RSP: 0018:ffffc900069373b0 EFLAGS: 00010282
> > > Aug 01 08:59:33 quark kernel: RAX: 0000000000000000 RBX:
> > > ffff888106740920 RCX: 0000000000000000
> > > Aug 01 08:59:33 quark kernel: RDX: ffff888106854800 RSI:
> > > ffff88810bb35ca0 RDI: ffff888106854a68
> > > Aug 01 08:59:33 quark kernel: RBP: ffffc90006937420 R08:
> > > 0000000000000000 R09: ffff888104c98200
> > > Aug 01 08:59:33 quark kernel: R10: ffffffff7fff0000 R11:
> > > 0000000000000020 R12: 0000000000000002
> > > Aug 01 08:59:33 quark kernel: R13: 0000000000000000 R14:
> > > ffff888106854800 R15: ffff888106854a68
> > > Aug 01 08:59:33 quark kernel: FS: 00007f4265049400(0000)
> > > GS:ffff888c2df40000(0000) knlGS:0000000000000000
> > > Aug 01 08:59:33 quark kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > > Aug 01 08:59:33 quark kernel: CR2: 0000000000000008 CR3:
> > > 0000000117250000 CR4: 0000000000350ef0
> >
> >
> > this seems to be exactly the same error as I had (It can also be actively
> > provoked by "nmcli radio wifi off"), but in my case commit 479ffee68d59c599 is
> > enough to fix the issue. Can you please double check that your faulty kernel
> > does not include this commit. If it does and you still get the error I can post
> > the fix to the list.
> >
> > Bert Karwatzki
>
> 479ffee68d59c599 isn't enough to fix it here, I've been applying the
> second patch since it was pointed out
Sorry I've gotten myself confused as the patches changed
My kernel with
6557a28f3e3a54cff4f0dcdd1dfa649b26557ab3
479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3
Is enough to fix things
I've been applying the old fix on top which was only applying
@@ -1206,6 +1206,9 @@ static void mt7921_ipv6_addr_change(struct
ieee80211_hw *hw,
},
};
+ if (!mvif->phy)
+ return;
+
read_lock_bh(&idev->lock);
list_for_each_entry(ifa, &idev->addr_list, if_list) {
if (ifa->flags & IFA_F_TENTATIVE)
Casing it to be rebuilt each time
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH] wifi: mt76: mt7921: fix null pointer access in mt792x_mac_link_bss_remove
2024-08-29 16:52 ` Mike Lothian
@ 2024-09-05 13:33 ` Kalle Valo
0 siblings, 0 replies; 16+ messages in thread
From: Kalle Valo @ 2024-09-05 13:33 UTC (permalink / raw)
To: Mike Lothian
Cc: Bert Karwatzki, Linux regressions mailing list, sean.wang, nbd,
lorenzo.bianconi, sean.wang, deren.wu, mingyen.hsieh,
linux-wireless, linux-mediatek
Mike Lothian <mike@fireburn.co.uk> writes:
>> > this seems to be exactly the same error as I had (It can also be actively
>> > provoked by "nmcli radio wifi off"), but in my case commit 479ffee68d59c599 is
>> > enough to fix the issue. Can you please double check that your faulty kernel
>> > does not include this commit. If it does and you still get the error I can post
>> > the fix to the list.
>>
>> 479ffee68d59c599 isn't enough to fix it here, I've been applying the
>> second patch since it was pointed out
>
> Sorry I've gotten myself confused as the patches changed
>
> My kernel with
> 6557a28f3e3a54cff4f0dcdd1dfa649b26557ab3
> 479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3
>
> Is enough to fix things
>
> I've been applying the old fix on top which was only applying
>
> @@ -1206,6 +1206,9 @@ static void mt7921_ipv6_addr_change(struct
> ieee80211_hw *hw,
> },
> };
>
> + if (!mvif->phy)
> + return;
> +
> read_lock_bh(&idev->lock);
> list_for_each_entry(ifa, &idev->addr_list, if_list) {
> if (ifa->flags & IFA_F_TENTATIVE)
>
> Casing it to be rebuilt each time
So just to confirm: all fixes are now applied to the tree and we don't
have any missing fixes?
--
https://patchwork.kernel.org/project/linux-wireless/list/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2024-09-05 13:33 UTC | newest]
Thread overview: 16+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-07-18 23:46 [PATCH] wifi: mt76: mt7921: fix null pointer access in mt792x_mac_link_bss_remove sean.wang
2024-07-19 11:26 ` Bert Karwatzki
2024-07-24 9:36 ` Linux regression tracking (Thorsten Leemhuis)
2024-07-29 10:51 ` Bert Karwatzki
2024-07-29 13:49 ` Linux regression tracking (Thorsten Leemhuis)
2024-08-01 12:38 ` Mike Lothian
2024-08-01 16:57 ` Bert Karwatzki
2024-08-27 16:30 ` Mike Lothian
2024-08-27 21:13 ` Bert Karwatzki
2024-08-27 23:38 ` Mike Lothian
2024-08-28 8:17 ` Bert Karwatzki
2024-08-28 15:20 ` Mike Lothian
2024-08-28 17:05 ` Bert Karwatzki
2024-08-29 16:35 ` Mike Lothian
2024-08-29 16:52 ` Mike Lothian
2024-09-05 13:33 ` Kalle Valo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).