From: Bongani Hlope <developer@hlope.org.za>
To: linux-wireless@vger.kernel.org
Subject: [BUG] wifi: mt7902: NULL pointer dereference
Date: Sat, 2 May 2026 12:58:24 +0200 [thread overview]
Message-ID: <20260502125824.425d7159@bongani-mini.home.org.za> (raw)
[-- Attachment #1: Type: text/plain, Size: 4646 bytes --]
Hello
I'm not sure if this has been reported yet, first ran into this on
linux-next and it is still present on linux 7.1.0-rc1+. I get the
following kernel Oops:
wpa_supplicant[918]: wlp3s0: CTRL-EVENT-STARTED-CHANNEL-SWITCH
freq=5240 ht_enabled=1 ch_offset=-1 ch_width=80 MHz cf1=5210 cf2=0
kernel: BUG: kernel NULL pointer dereference, address: 0000000000000000
kernel: #PF: supervisor read access in kernel mode
kernel: #PF: error_code(0x0000) - not-present page
kernel: PGD 0 P4D 0
kernel: Oops: Oops: 0000 [#1] SMP NOPTI
kernel: CPU: 7 UID: 0 PID: 6710 Comm: kworker/u64:1 Not tainted
7.1.0-rc1+ #4 PREEMPT(full)
kernel: Hardware name: Micro Computer (HK) Tech Limited EliteMini
Series/F7BSI, BIOS 1.08 11/05/2024
kernel: Workqueue: events_unbound cfg80211_wiphy_work [cfg80211]
kernel: PGD 0 P4D 0
kernel: Oops: Oops: 0000 [#1] SMP NOPTI
kernel: CPU: 7 UID: 0 PID: 6710 Comm: kworker/u64:1 Not tainted
7.1.0-rc1+ #4 PREEMPT(full)
kernel: Hardware name: Micro Computer (HK) Tech Limited EliteMini
Series/F7BSI, BIOS 1.08 11/05/2024
kernel: Workqueue: events_unbound cfg80211_wiphy_work [cfg80211]
kernel: RIP: 0010:mt7921_channel_switch_rx_beacon+0x1f/0x100
[mt7921_common]
kernel: Code: 12 3d 00 eb 9a 66 0f 1f 44 00 00 f3 0f 1e fa 0f 1f 44 00
00 48 8b 47 58 48 ff 05 ec 15 3d 00 48 8b 40 08 48 8b 80 80 9c 00 00 <48> 8b 08 48 39 4a 10 74 0c 48 ff 05 81 02 3d 00 e9 f7 f4 74 ea 53
kernel: RSP: 0018:ffffb75fa1993af0 EFLAGS: 00010202
kernel: RAX: 0000000000000000 RBX: ffff91cae1eb09e0 RCX:
0000000000000000
kernel: RDX: ffffb75fa1993b20 RSI: ffff91ca84badfe8 RDI:
ffff91cae1eb09e0
kernel: RBP: ffff91ca84bacac0 R08: 0000000000000001 R09:
0000000000000001
kernel: R10: ffff91ca8ba56128 R11: ffff91cae1eb0518 R12:
0000000000000000
kernel: R13: 0000000000000000 R14: ffffb75fa1993b60 R15:
ffff91cae1eb09e0
kernel: FS: 0000000000000000(0000) GS:ffff91d18ebde000(0000)
knlGS:0000000000000000
kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kernel: CR2: 0000000000000000 CR3: 0000000562a38000 CR4:
0000000000f50ef0
kernel: PKRU: 55555554
kernel: Call Trace:
kernel: <TASK>
kernel: ieee80211_sta_process_chanswitch+0x67c/0xee0 [mac80211]
kernel: ieee80211_rx_mgmt_beacon+0x842/0x22a0 [mac80211]
kernel: ? __entry_text_end+0x1020b6/0x1020b9
kernel: ? internal_add_timer+0x4d/0x80
kernel: ? __mod_timer+0x25e/0x500
kernel: ? srso_alias_return_thunk+0x5/0xfbef5
kernel: ieee80211_sta_rx_queued_mgmt+0xa7/0xbb0 [mac80211]
kernel: ? srso_alias_return_thunk+0x5/0xfbef5
kernel: ? psi_task_switch+0x31e/0x410
kernel: ? srso_alias_return_thunk+0x5/0xfbef5
kernel: ieee80211_iface_work+0x62e/0x890 [mac80211]
kernel: ? srso_alias_return_thunk+0x5/0xfbef5
kernel: ? __schedule+0x5c8/0x20d0
kernel: cfg80211_wiphy_work+0x1ee/0x280 [cfg80211]
kernel: process_scheduled_works+0x180/0x680
kernel: ? rescuer_thread+0x7f0/0x7f0
kernel: worker_thread+0x1aa/0x450
kernel: ? rescuer_thread+0x7f0/0x7f0
kernel: kthread+0x181/0x1e0
kernel: ? kthread_affine_node+0x1e0/0x1e0
kernel: ret_from_fork+0x405/0x600
kernel: ? kthread_affine_node+0x1e0/0x1e0
kernel: ret_from_fork_asm+0x11/0x20
kernel: </TASK>
kernel: Modules linked in: joydev uinput mptcp_diag xsk_diag tcp_diag
udp_diag raw_diag inet_diag unix_diag af_packet_diag netlink_diag sd_mod scsi_mod scsi_common ccm snd_seq_dummy snd_hrtimer snd_seq snd_>
kernel: snd snd_pci_acp5x snd_rn_pci_acp3x irqbypass aesni_intel
snd_acp_config gf128mul snd_soc_acpi rapl ecdh_generic pcspkr k10temp amd_pmc snd_pci_acp3x soundcore button evdev rfkill libarc4 aead msr e>
kernel: CR2: 0000000000000000
kernel: ---[ end trace 0000000000000000 ]---
kernel: RIP: 0010:mt7921_channel_switch_rx_beacon+0x1f/0x100
[mt7921_common]
kernel: Code: 12 3d 00 eb 9a 66 0f 1f 44 00 00 f3 0f 1e fa 0f 1f 44 00
00 48 8b 47 58 48 ff 05 ec 15 3d 00 48 8b 40 08 48 8b 80 80 9c 00 00 <48> 8b 08 48 39 4a 10 74 0c 48 ff 05 81 02 3d 00 e9 f7 f4 74 ea 53
kernel: RSP: 0018:ffffb75fa1993af0 EFLAGS: 00010202
kernel: RAX: 0000000000000000 RBX: ffff91cae1eb09e0 RCX:
0000000000000000
kernel: RDX: ffffb75fa1993b20 RSI: ffff91ca84badfe8 RDI:
ffff91cae1eb09e0
kernel: RBP: ffff91ca84bacac0 R08: 0000000000000001 R09:
0000000000000001
kernel: R10: ffff91ca8ba56128 R11: ffff91cae1eb0518 R12:
0000000000000000
kernel: R13: 0000000000000000 R14: ffffb75fa1993b60 R15:
ffff91cae1eb09e0
kernel: FS: 0000000000000000(0000) GS:ffff91d18ebde000(0000)
knlGS:0000000000000000
kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kernel: CR2: 0000000000000000 CR3: 0000000562a38000 CR4:
0000000000f50ef0
kernel: PKRU: 55555554
kernel: note: kworker/u64:1[6710] exited with irqs disabled
Regards,
Bongani Hlope
[-- Attachment #2: lspci.txt --]
[-- Type: text/plain, Size: 3580 bytes --]
00:00.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Phoenix Root Complex
00:00.2 IOMMU: Advanced Micro Devices, Inc. [AMD] Phoenix IOMMU
00:01.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Phoenix Dummy Host Bridge
00:01.2 PCI bridge: Advanced Micro Devices, Inc. [AMD] Phoenix GPP Bridge
00:02.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Phoenix Dummy Host Bridge
00:02.1 PCI bridge: Advanced Micro Devices, Inc. [AMD] Phoenix GPP Bridge
00:02.3 PCI bridge: Advanced Micro Devices, Inc. [AMD] Phoenix GPP Bridge
00:03.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Phoenix Dummy Host Bridge
00:03.1 PCI bridge: Advanced Micro Devices, Inc. [AMD] Family 19h USB4/Thunderbolt PCIe tunnel
00:04.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Phoenix Dummy Host Bridge
00:04.1 PCI bridge: Advanced Micro Devices, Inc. [AMD] Family 19h USB4/Thunderbolt PCIe tunnel
00:08.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Phoenix Dummy Host Bridge
00:08.1 PCI bridge: Advanced Micro Devices, Inc. [AMD] Phoenix Internal GPP Bridge to Bus [C:A]
00:08.2 PCI bridge: Advanced Micro Devices, Inc. [AMD] Phoenix Internal GPP Bridge to Bus [C:A]
00:08.3 PCI bridge: Advanced Micro Devices, Inc. [AMD] Phoenix Internal GPP Bridge to Bus [C:A]
00:14.0 SMBus: Advanced Micro Devices, Inc. [AMD] FCH SMBus Controller (rev 71)
00:14.3 ISA bridge: Advanced Micro Devices, Inc. [AMD] FCH LPC Bridge (rev 51)
00:18.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Phoenix Data Fabric; Function 0
00:18.1 Host bridge: Advanced Micro Devices, Inc. [AMD] Phoenix Data Fabric; Function 1
00:18.2 Host bridge: Advanced Micro Devices, Inc. [AMD] Phoenix Data Fabric; Function 2
00:18.3 Host bridge: Advanced Micro Devices, Inc. [AMD] Phoenix Data Fabric; Function 3
00:18.4 Host bridge: Advanced Micro Devices, Inc. [AMD] Phoenix Data Fabric; Function 4
00:18.5 Host bridge: Advanced Micro Devices, Inc. [AMD] Phoenix Data Fabric; Function 5
00:18.6 Host bridge: Advanced Micro Devices, Inc. [AMD] Phoenix Data Fabric; Function 6
00:18.7 Host bridge: Advanced Micro Devices, Inc. [AMD] Phoenix Data Fabric; Function 7
01:00.0 Non-Volatile memory controller: Kingston Technology Company, Inc. OM8TAP4 PCIe 4 NVMe SSD (QLC) (DRAM-less)
02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8125 2.5GbE Controller (rev 05)
03:00.0 Network controller: MEDIATEK Corp. Device 7902
c4:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Phoenix3 (rev b3)
c4:00.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Radeon High Definition Audio Controller [Rembrandt/Strix]
c4:00.2 Encryption controller: Advanced Micro Devices, Inc. [AMD] Phoenix CCP/PSP 3.0 Device
c4:00.3 USB controller: Advanced Micro Devices, Inc. [AMD] Device 15b9
c4:00.4 USB controller: Advanced Micro Devices, Inc. [AMD] Device 15ba
c4:00.5 Multimedia controller: Advanced Micro Devices, Inc. [AMD] Audio Coprocessor (rev 63)
c4:00.6 Audio device: Advanced Micro Devices, Inc. [AMD] Family 17h/19h/1ah HD Audio Controller
c5:00.0 Non-Essential Instrumentation [1300]: Advanced Micro Devices, Inc. [AMD] Phoenix Dummy Function
c6:00.0 Non-Essential Instrumentation [1300]: Advanced Micro Devices, Inc. [AMD] Phoenix Dummy Function
c6:00.3 USB controller: Advanced Micro Devices, Inc. [AMD] Device 15c0
c6:00.4 USB controller: Advanced Micro Devices, Inc. [AMD] Device 15c1
c6:00.5 USB controller: Advanced Micro Devices, Inc. [AMD] Pink Sardine USB4/Thunderbolt NHI controller #1
c6:00.6 USB controller: Advanced Micro Devices, Inc. [AMD] Pink Sardine USB4/Thunderbolt NHI controller #2
next reply other threads:[~2026-05-02 11:27 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-02 10:58 Bongani Hlope [this message]
2026-05-02 12:06 ` [BUG] wifi: mt7902: NULL pointer dereference Bongani Hlope
2026-05-04 14:51 ` [PATCH] wifi: mt76: mt7921/mt7925: fix NULL dereference in CSA beacon Arjan van de Ven
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260502125824.425d7159@bongani-mini.home.org.za \
--to=developer@hlope.org.za \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox