* [PATCH wireless] wifi: mac80211: don't WARN for late channel/color switch
@ 2025-06-17 8:49 Johannes Berg
2025-06-17 8:49 ` syzbot
` (7 more replies)
0 siblings, 8 replies; 9+ messages in thread
From: Johannes Berg @ 2025-06-17 8:49 UTC (permalink / raw)
To: linux-wireless
Cc: Johannes Berg, syzbot+468656785707b0e995df,
syzbot+18c783c5cf6a781e3e2c, syzbot+d5924d5cffddfccab68e,
syzbot+7d73d99525d1ff7752ef, syzbot+8e6e002c74d1927edaf5,
syzbot+97254a3b10c541879a65, syzbot+dfd1fd46a1960ad9c6ec,
syzbot+85e0b8d12d9ca877d806
From: Johannes Berg <johannes.berg@intel.com>
There's really no value in the WARN stack trace etc., the reason
for this happening isn't directly related to the calling function
anyway. Also, syzbot has been observing it constantly, and there's
no way we can resolve it there - those systems are just slow.
Instead print an error message (once) and add a comment about what
really causes this message.
Reported-by: syzbot+468656785707b0e995df@syzkaller.appspotmail.com
Reported-by: syzbot+18c783c5cf6a781e3e2c@syzkaller.appspotmail.com
Reported-by: syzbot+d5924d5cffddfccab68e@syzkaller.appspotmail.com
Reported-by: syzbot+7d73d99525d1ff7752ef@syzkaller.appspotmail.com
Reported-by: syzbot+8e6e002c74d1927edaf5@syzkaller.appspotmail.com
Reported-by: syzbot+97254a3b10c541879a65@syzkaller.appspotmail.com
Reported-by: syzbot+dfd1fd46a1960ad9c6ec@syzkaller.appspotmail.com
Reported-by: syzbot+85e0b8d12d9ca877d806@syzkaller.appspotmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
#syz test
---
net/mac80211/debug.h | 5 ++++-
net/mac80211/tx.c | 29 +++++++++++++++++++++--------
2 files changed, 25 insertions(+), 9 deletions(-)
diff --git a/net/mac80211/debug.h b/net/mac80211/debug.h
index 5b81998cb0c9..ef7c1a68d88d 100644
--- a/net/mac80211/debug.h
+++ b/net/mac80211/debug.h
@@ -1,10 +1,11 @@
/* SPDX-License-Identifier: GPL-2.0 */
/*
* Portions
- * Copyright (C) 2022 - 2024 Intel Corporation
+ * Copyright (C) 2022 - 2025 Intel Corporation
*/
#ifndef __MAC80211_DEBUG_H
#define __MAC80211_DEBUG_H
+#include <linux/once_lite.h>
#include <net/cfg80211.h>
#ifdef CONFIG_MAC80211_OCB_DEBUG
@@ -152,6 +153,8 @@ do { \
else \
_sdata_err((link)->sdata, fmt, ##__VA_ARGS__); \
} while (0)
+#define link_err_once(link, fmt, ...) \
+ DO_ONCE_LITE(link_err, link, fmt, ##__VA_ARGS__)
#define link_id_info(sdata, link_id, fmt, ...) \
do { \
if (ieee80211_vif_is_mld(&sdata->vif)) \
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index d8d4f3d7d7f2..d58b80813bdd 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -5,7 +5,7 @@
* Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
* Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
* Copyright 2013-2014 Intel Mobile Communications GmbH
- * Copyright (C) 2018-2024 Intel Corporation
+ * Copyright (C) 2018-2025 Intel Corporation
*
* Transmit and frame generation functions.
*/
@@ -5016,12 +5016,25 @@ static void ieee80211_set_beacon_cntdwn(struct ieee80211_sub_if_data *sdata,
}
}
-static u8 __ieee80211_beacon_update_cntdwn(struct beacon_data *beacon)
+static u8 __ieee80211_beacon_update_cntdwn(struct ieee80211_link_data *link,
+ struct beacon_data *beacon)
{
- beacon->cntdwn_current_counter--;
+ if (beacon->cntdwn_current_counter == 1) {
+ /*
+ * Channel switch handling is done by a worker thread while
+ * beacons get pulled from hardware timers. It's therefore
+ * possible that software threads are slow enough to not be
+ * able to complete CSA handling in a single beacon interval,
+ * in which case we get here. There isn't much to do about
+ * it, other than letting the user know that the AP isn't
+ * behaving correctly.
+ */
+ link_err_once(link,
+ "beacon TX faster than countdown (channel/color switch) completion\n");
+ return 0;
+ }
- /* the counter should never reach 0 */
- WARN_ON_ONCE(!beacon->cntdwn_current_counter);
+ beacon->cntdwn_current_counter--;
return beacon->cntdwn_current_counter;
}
@@ -5052,7 +5065,7 @@ u8 ieee80211_beacon_update_cntdwn(struct ieee80211_vif *vif, unsigned int link_i
if (!beacon)
goto unlock;
- count = __ieee80211_beacon_update_cntdwn(beacon);
+ count = __ieee80211_beacon_update_cntdwn(link, beacon);
unlock:
rcu_read_unlock();
@@ -5450,7 +5463,7 @@ __ieee80211_beacon_get(struct ieee80211_hw *hw,
if (beacon->cntdwn_counter_offsets[0]) {
if (!is_template)
- __ieee80211_beacon_update_cntdwn(beacon);
+ __ieee80211_beacon_update_cntdwn(link, beacon);
ieee80211_set_beacon_cntdwn(sdata, beacon, link);
}
@@ -5482,7 +5495,7 @@ __ieee80211_beacon_get(struct ieee80211_hw *hw,
* for now we leave it consistent with overall
* mac80211's behavior.
*/
- __ieee80211_beacon_update_cntdwn(beacon);
+ __ieee80211_beacon_update_cntdwn(link, beacon);
ieee80211_set_beacon_cntdwn(sdata, beacon, link);
}
--
2.49.0
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH wireless] wifi: mac80211: don't WARN for late channel/color switch
2025-06-17 8:49 [PATCH wireless] wifi: mac80211: don't WARN for late channel/color switch Johannes Berg
@ 2025-06-17 8:49 ` syzbot
2025-06-17 8:49 ` syzbot
` (6 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: syzbot @ 2025-06-17 8:49 UTC (permalink / raw)
To: johannes
Cc: johannes.berg, johannes, linux-wireless, linux-kernel,
syzkaller-bugs
> From: Johannes Berg <johannes.berg@intel.com>
>
> There's really no value in the WARN stack trace etc., the reason
> for this happening isn't directly related to the calling function
> anyway. Also, syzbot has been observing it constantly, and there's
> no way we can resolve it there - those systems are just slow.
>
> Instead print an error message (once) and add a comment about what
> really causes this message.
>
> Reported-by: syzbot+468656785707b0e995df@syzkaller.appspotmail.com
> Reported-by: syzbot+18c783c5cf6a781e3e2c@syzkaller.appspotmail.com
> Reported-by: syzbot+d5924d5cffddfccab68e@syzkaller.appspotmail.com
> Reported-by: syzbot+7d73d99525d1ff7752ef@syzkaller.appspotmail.com
> Reported-by: syzbot+8e6e002c74d1927edaf5@syzkaller.appspotmail.com
> Reported-by: syzbot+97254a3b10c541879a65@syzkaller.appspotmail.com
> Reported-by: syzbot+dfd1fd46a1960ad9c6ec@syzkaller.appspotmail.com
> Reported-by: syzbot+85e0b8d12d9ca877d806@syzkaller.appspotmail.com
> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
> ---
> #syz test
This crash does not have a reproducer. I cannot test it.
> ---
> net/mac80211/debug.h | 5 ++++-
> net/mac80211/tx.c | 29 +++++++++++++++++++++--------
> 2 files changed, 25 insertions(+), 9 deletions(-)
>
> diff --git a/net/mac80211/debug.h b/net/mac80211/debug.h
> index 5b81998cb0c9..ef7c1a68d88d 100644
> --- a/net/mac80211/debug.h
> +++ b/net/mac80211/debug.h
> @@ -1,10 +1,11 @@
> /* SPDX-License-Identifier: GPL-2.0 */
> /*
> * Portions
> - * Copyright (C) 2022 - 2024 Intel Corporation
> + * Copyright (C) 2022 - 2025 Intel Corporation
> */
> #ifndef __MAC80211_DEBUG_H
> #define __MAC80211_DEBUG_H
> +#include <linux/once_lite.h>
> #include <net/cfg80211.h>
>
> #ifdef CONFIG_MAC80211_OCB_DEBUG
> @@ -152,6 +153,8 @@ do { \
> else \
> _sdata_err((link)->sdata, fmt, ##__VA_ARGS__); \
> } while (0)
> +#define link_err_once(link, fmt, ...) \
> + DO_ONCE_LITE(link_err, link, fmt, ##__VA_ARGS__)
> #define link_id_info(sdata, link_id, fmt, ...) \
> do { \
> if (ieee80211_vif_is_mld(&sdata->vif)) \
> diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
> index d8d4f3d7d7f2..d58b80813bdd 100644
> --- a/net/mac80211/tx.c
> +++ b/net/mac80211/tx.c
> @@ -5,7 +5,7 @@
> * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
> * Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
> * Copyright 2013-2014 Intel Mobile Communications GmbH
> - * Copyright (C) 2018-2024 Intel Corporation
> + * Copyright (C) 2018-2025 Intel Corporation
> *
> * Transmit and frame generation functions.
> */
> @@ -5016,12 +5016,25 @@ static void ieee80211_set_beacon_cntdwn(struct ieee80211_sub_if_data *sdata,
> }
> }
>
> -static u8 __ieee80211_beacon_update_cntdwn(struct beacon_data *beacon)
> +static u8 __ieee80211_beacon_update_cntdwn(struct ieee80211_link_data *link,
> + struct beacon_data *beacon)
> {
> - beacon->cntdwn_current_counter--;
> + if (beacon->cntdwn_current_counter == 1) {
> + /*
> + * Channel switch handling is done by a worker thread while
> + * beacons get pulled from hardware timers. It's therefore
> + * possible that software threads are slow enough to not be
> + * able to complete CSA handling in a single beacon interval,
> + * in which case we get here. There isn't much to do about
> + * it, other than letting the user know that the AP isn't
> + * behaving correctly.
> + */
> + link_err_once(link,
> + "beacon TX faster than countdown (channel/color switch) completion\n");
> + return 0;
> + }
>
> - /* the counter should never reach 0 */
> - WARN_ON_ONCE(!beacon->cntdwn_current_counter);
> + beacon->cntdwn_current_counter--;
>
> return beacon->cntdwn_current_counter;
> }
> @@ -5052,7 +5065,7 @@ u8 ieee80211_beacon_update_cntdwn(struct ieee80211_vif *vif, unsigned int link_i
> if (!beacon)
> goto unlock;
>
> - count = __ieee80211_beacon_update_cntdwn(beacon);
> + count = __ieee80211_beacon_update_cntdwn(link, beacon);
>
> unlock:
> rcu_read_unlock();
> @@ -5450,7 +5463,7 @@ __ieee80211_beacon_get(struct ieee80211_hw *hw,
>
> if (beacon->cntdwn_counter_offsets[0]) {
> if (!is_template)
> - __ieee80211_beacon_update_cntdwn(beacon);
> + __ieee80211_beacon_update_cntdwn(link, beacon);
>
> ieee80211_set_beacon_cntdwn(sdata, beacon, link);
> }
> @@ -5482,7 +5495,7 @@ __ieee80211_beacon_get(struct ieee80211_hw *hw,
> * for now we leave it consistent with overall
> * mac80211's behavior.
> */
> - __ieee80211_beacon_update_cntdwn(beacon);
> + __ieee80211_beacon_update_cntdwn(link, beacon);
>
> ieee80211_set_beacon_cntdwn(sdata, beacon, link);
> }
> --
> 2.49.0
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH wireless] wifi: mac80211: don't WARN for late channel/color switch
2025-06-17 8:49 [PATCH wireless] wifi: mac80211: don't WARN for late channel/color switch Johannes Berg
2025-06-17 8:49 ` syzbot
@ 2025-06-17 8:49 ` syzbot
2025-06-17 8:49 ` syzbot
` (5 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: syzbot @ 2025-06-17 8:49 UTC (permalink / raw)
To: johannes
Cc: johannes.berg, johannes, linux-wireless, linux-kernel,
syzkaller-bugs
> From: Johannes Berg <johannes.berg@intel.com>
>
> There's really no value in the WARN stack trace etc., the reason
> for this happening isn't directly related to the calling function
> anyway. Also, syzbot has been observing it constantly, and there's
> no way we can resolve it there - those systems are just slow.
>
> Instead print an error message (once) and add a comment about what
> really causes this message.
>
> Reported-by: syzbot+468656785707b0e995df@syzkaller.appspotmail.com
> Reported-by: syzbot+18c783c5cf6a781e3e2c@syzkaller.appspotmail.com
> Reported-by: syzbot+d5924d5cffddfccab68e@syzkaller.appspotmail.com
> Reported-by: syzbot+7d73d99525d1ff7752ef@syzkaller.appspotmail.com
> Reported-by: syzbot+8e6e002c74d1927edaf5@syzkaller.appspotmail.com
> Reported-by: syzbot+97254a3b10c541879a65@syzkaller.appspotmail.com
> Reported-by: syzbot+dfd1fd46a1960ad9c6ec@syzkaller.appspotmail.com
> Reported-by: syzbot+85e0b8d12d9ca877d806@syzkaller.appspotmail.com
> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
> ---
> #syz test
This crash does not have a reproducer. I cannot test it.
> ---
> net/mac80211/debug.h | 5 ++++-
> net/mac80211/tx.c | 29 +++++++++++++++++++++--------
> 2 files changed, 25 insertions(+), 9 deletions(-)
>
> diff --git a/net/mac80211/debug.h b/net/mac80211/debug.h
> index 5b81998cb0c9..ef7c1a68d88d 100644
> --- a/net/mac80211/debug.h
> +++ b/net/mac80211/debug.h
> @@ -1,10 +1,11 @@
> /* SPDX-License-Identifier: GPL-2.0 */
> /*
> * Portions
> - * Copyright (C) 2022 - 2024 Intel Corporation
> + * Copyright (C) 2022 - 2025 Intel Corporation
> */
> #ifndef __MAC80211_DEBUG_H
> #define __MAC80211_DEBUG_H
> +#include <linux/once_lite.h>
> #include <net/cfg80211.h>
>
> #ifdef CONFIG_MAC80211_OCB_DEBUG
> @@ -152,6 +153,8 @@ do { \
> else \
> _sdata_err((link)->sdata, fmt, ##__VA_ARGS__); \
> } while (0)
> +#define link_err_once(link, fmt, ...) \
> + DO_ONCE_LITE(link_err, link, fmt, ##__VA_ARGS__)
> #define link_id_info(sdata, link_id, fmt, ...) \
> do { \
> if (ieee80211_vif_is_mld(&sdata->vif)) \
> diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
> index d8d4f3d7d7f2..d58b80813bdd 100644
> --- a/net/mac80211/tx.c
> +++ b/net/mac80211/tx.c
> @@ -5,7 +5,7 @@
> * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
> * Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
> * Copyright 2013-2014 Intel Mobile Communications GmbH
> - * Copyright (C) 2018-2024 Intel Corporation
> + * Copyright (C) 2018-2025 Intel Corporation
> *
> * Transmit and frame generation functions.
> */
> @@ -5016,12 +5016,25 @@ static void ieee80211_set_beacon_cntdwn(struct ieee80211_sub_if_data *sdata,
> }
> }
>
> -static u8 __ieee80211_beacon_update_cntdwn(struct beacon_data *beacon)
> +static u8 __ieee80211_beacon_update_cntdwn(struct ieee80211_link_data *link,
> + struct beacon_data *beacon)
> {
> - beacon->cntdwn_current_counter--;
> + if (beacon->cntdwn_current_counter == 1) {
> + /*
> + * Channel switch handling is done by a worker thread while
> + * beacons get pulled from hardware timers. It's therefore
> + * possible that software threads are slow enough to not be
> + * able to complete CSA handling in a single beacon interval,
> + * in which case we get here. There isn't much to do about
> + * it, other than letting the user know that the AP isn't
> + * behaving correctly.
> + */
> + link_err_once(link,
> + "beacon TX faster than countdown (channel/color switch) completion\n");
> + return 0;
> + }
>
> - /* the counter should never reach 0 */
> - WARN_ON_ONCE(!beacon->cntdwn_current_counter);
> + beacon->cntdwn_current_counter--;
>
> return beacon->cntdwn_current_counter;
> }
> @@ -5052,7 +5065,7 @@ u8 ieee80211_beacon_update_cntdwn(struct ieee80211_vif *vif, unsigned int link_i
> if (!beacon)
> goto unlock;
>
> - count = __ieee80211_beacon_update_cntdwn(beacon);
> + count = __ieee80211_beacon_update_cntdwn(link, beacon);
>
> unlock:
> rcu_read_unlock();
> @@ -5450,7 +5463,7 @@ __ieee80211_beacon_get(struct ieee80211_hw *hw,
>
> if (beacon->cntdwn_counter_offsets[0]) {
> if (!is_template)
> - __ieee80211_beacon_update_cntdwn(beacon);
> + __ieee80211_beacon_update_cntdwn(link, beacon);
>
> ieee80211_set_beacon_cntdwn(sdata, beacon, link);
> }
> @@ -5482,7 +5495,7 @@ __ieee80211_beacon_get(struct ieee80211_hw *hw,
> * for now we leave it consistent with overall
> * mac80211's behavior.
> */
> - __ieee80211_beacon_update_cntdwn(beacon);
> + __ieee80211_beacon_update_cntdwn(link, beacon);
>
> ieee80211_set_beacon_cntdwn(sdata, beacon, link);
> }
> --
> 2.49.0
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH wireless] wifi: mac80211: don't WARN for late channel/color switch
2025-06-17 8:49 [PATCH wireless] wifi: mac80211: don't WARN for late channel/color switch Johannes Berg
` (3 preceding siblings ...)
2025-06-17 8:49 ` syzbot
@ 2025-06-17 8:49 ` syzbot
2025-06-17 8:49 ` syzbot
` (2 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: syzbot @ 2025-06-17 8:49 UTC (permalink / raw)
To: johannes
Cc: johannes.berg, johannes, linux-wireless, linux-kernel,
syzkaller-bugs
> From: Johannes Berg <johannes.berg@intel.com>
>
> There's really no value in the WARN stack trace etc., the reason
> for this happening isn't directly related to the calling function
> anyway. Also, syzbot has been observing it constantly, and there's
> no way we can resolve it there - those systems are just slow.
>
> Instead print an error message (once) and add a comment about what
> really causes this message.
>
> Reported-by: syzbot+468656785707b0e995df@syzkaller.appspotmail.com
> Reported-by: syzbot+18c783c5cf6a781e3e2c@syzkaller.appspotmail.com
> Reported-by: syzbot+d5924d5cffddfccab68e@syzkaller.appspotmail.com
> Reported-by: syzbot+7d73d99525d1ff7752ef@syzkaller.appspotmail.com
> Reported-by: syzbot+8e6e002c74d1927edaf5@syzkaller.appspotmail.com
> Reported-by: syzbot+97254a3b10c541879a65@syzkaller.appspotmail.com
> Reported-by: syzbot+dfd1fd46a1960ad9c6ec@syzkaller.appspotmail.com
> Reported-by: syzbot+85e0b8d12d9ca877d806@syzkaller.appspotmail.com
> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
> ---
> #syz test
This crash does not have a reproducer. I cannot test it.
> ---
> net/mac80211/debug.h | 5 ++++-
> net/mac80211/tx.c | 29 +++++++++++++++++++++--------
> 2 files changed, 25 insertions(+), 9 deletions(-)
>
> diff --git a/net/mac80211/debug.h b/net/mac80211/debug.h
> index 5b81998cb0c9..ef7c1a68d88d 100644
> --- a/net/mac80211/debug.h
> +++ b/net/mac80211/debug.h
> @@ -1,10 +1,11 @@
> /* SPDX-License-Identifier: GPL-2.0 */
> /*
> * Portions
> - * Copyright (C) 2022 - 2024 Intel Corporation
> + * Copyright (C) 2022 - 2025 Intel Corporation
> */
> #ifndef __MAC80211_DEBUG_H
> #define __MAC80211_DEBUG_H
> +#include <linux/once_lite.h>
> #include <net/cfg80211.h>
>
> #ifdef CONFIG_MAC80211_OCB_DEBUG
> @@ -152,6 +153,8 @@ do { \
> else \
> _sdata_err((link)->sdata, fmt, ##__VA_ARGS__); \
> } while (0)
> +#define link_err_once(link, fmt, ...) \
> + DO_ONCE_LITE(link_err, link, fmt, ##__VA_ARGS__)
> #define link_id_info(sdata, link_id, fmt, ...) \
> do { \
> if (ieee80211_vif_is_mld(&sdata->vif)) \
> diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
> index d8d4f3d7d7f2..d58b80813bdd 100644
> --- a/net/mac80211/tx.c
> +++ b/net/mac80211/tx.c
> @@ -5,7 +5,7 @@
> * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
> * Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
> * Copyright 2013-2014 Intel Mobile Communications GmbH
> - * Copyright (C) 2018-2024 Intel Corporation
> + * Copyright (C) 2018-2025 Intel Corporation
> *
> * Transmit and frame generation functions.
> */
> @@ -5016,12 +5016,25 @@ static void ieee80211_set_beacon_cntdwn(struct ieee80211_sub_if_data *sdata,
> }
> }
>
> -static u8 __ieee80211_beacon_update_cntdwn(struct beacon_data *beacon)
> +static u8 __ieee80211_beacon_update_cntdwn(struct ieee80211_link_data *link,
> + struct beacon_data *beacon)
> {
> - beacon->cntdwn_current_counter--;
> + if (beacon->cntdwn_current_counter == 1) {
> + /*
> + * Channel switch handling is done by a worker thread while
> + * beacons get pulled from hardware timers. It's therefore
> + * possible that software threads are slow enough to not be
> + * able to complete CSA handling in a single beacon interval,
> + * in which case we get here. There isn't much to do about
> + * it, other than letting the user know that the AP isn't
> + * behaving correctly.
> + */
> + link_err_once(link,
> + "beacon TX faster than countdown (channel/color switch) completion\n");
> + return 0;
> + }
>
> - /* the counter should never reach 0 */
> - WARN_ON_ONCE(!beacon->cntdwn_current_counter);
> + beacon->cntdwn_current_counter--;
>
> return beacon->cntdwn_current_counter;
> }
> @@ -5052,7 +5065,7 @@ u8 ieee80211_beacon_update_cntdwn(struct ieee80211_vif *vif, unsigned int link_i
> if (!beacon)
> goto unlock;
>
> - count = __ieee80211_beacon_update_cntdwn(beacon);
> + count = __ieee80211_beacon_update_cntdwn(link, beacon);
>
> unlock:
> rcu_read_unlock();
> @@ -5450,7 +5463,7 @@ __ieee80211_beacon_get(struct ieee80211_hw *hw,
>
> if (beacon->cntdwn_counter_offsets[0]) {
> if (!is_template)
> - __ieee80211_beacon_update_cntdwn(beacon);
> + __ieee80211_beacon_update_cntdwn(link, beacon);
>
> ieee80211_set_beacon_cntdwn(sdata, beacon, link);
> }
> @@ -5482,7 +5495,7 @@ __ieee80211_beacon_get(struct ieee80211_hw *hw,
> * for now we leave it consistent with overall
> * mac80211's behavior.
> */
> - __ieee80211_beacon_update_cntdwn(beacon);
> + __ieee80211_beacon_update_cntdwn(link, beacon);
>
> ieee80211_set_beacon_cntdwn(sdata, beacon, link);
> }
> --
> 2.49.0
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH wireless] wifi: mac80211: don't WARN for late channel/color switch
2025-06-17 8:49 [PATCH wireless] wifi: mac80211: don't WARN for late channel/color switch Johannes Berg
` (5 preceding siblings ...)
2025-06-17 8:49 ` syzbot
@ 2025-06-17 8:49 ` syzbot
2025-06-17 8:49 ` syzbot
7 siblings, 0 replies; 9+ messages in thread
From: syzbot @ 2025-06-17 8:49 UTC (permalink / raw)
To: johannes
Cc: johannes.berg, johannes, linux-wireless, linux-kernel,
syzkaller-bugs
> From: Johannes Berg <johannes.berg@intel.com>
>
> There's really no value in the WARN stack trace etc., the reason
> for this happening isn't directly related to the calling function
> anyway. Also, syzbot has been observing it constantly, and there's
> no way we can resolve it there - those systems are just slow.
>
> Instead print an error message (once) and add a comment about what
> really causes this message.
>
> Reported-by: syzbot+468656785707b0e995df@syzkaller.appspotmail.com
> Reported-by: syzbot+18c783c5cf6a781e3e2c@syzkaller.appspotmail.com
> Reported-by: syzbot+d5924d5cffddfccab68e@syzkaller.appspotmail.com
> Reported-by: syzbot+7d73d99525d1ff7752ef@syzkaller.appspotmail.com
> Reported-by: syzbot+8e6e002c74d1927edaf5@syzkaller.appspotmail.com
> Reported-by: syzbot+97254a3b10c541879a65@syzkaller.appspotmail.com
> Reported-by: syzbot+dfd1fd46a1960ad9c6ec@syzkaller.appspotmail.com
> Reported-by: syzbot+85e0b8d12d9ca877d806@syzkaller.appspotmail.com
> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
> ---
> #syz test
This crash does not have a reproducer. I cannot test it.
> ---
> net/mac80211/debug.h | 5 ++++-
> net/mac80211/tx.c | 29 +++++++++++++++++++++--------
> 2 files changed, 25 insertions(+), 9 deletions(-)
>
> diff --git a/net/mac80211/debug.h b/net/mac80211/debug.h
> index 5b81998cb0c9..ef7c1a68d88d 100644
> --- a/net/mac80211/debug.h
> +++ b/net/mac80211/debug.h
> @@ -1,10 +1,11 @@
> /* SPDX-License-Identifier: GPL-2.0 */
> /*
> * Portions
> - * Copyright (C) 2022 - 2024 Intel Corporation
> + * Copyright (C) 2022 - 2025 Intel Corporation
> */
> #ifndef __MAC80211_DEBUG_H
> #define __MAC80211_DEBUG_H
> +#include <linux/once_lite.h>
> #include <net/cfg80211.h>
>
> #ifdef CONFIG_MAC80211_OCB_DEBUG
> @@ -152,6 +153,8 @@ do { \
> else \
> _sdata_err((link)->sdata, fmt, ##__VA_ARGS__); \
> } while (0)
> +#define link_err_once(link, fmt, ...) \
> + DO_ONCE_LITE(link_err, link, fmt, ##__VA_ARGS__)
> #define link_id_info(sdata, link_id, fmt, ...) \
> do { \
> if (ieee80211_vif_is_mld(&sdata->vif)) \
> diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
> index d8d4f3d7d7f2..d58b80813bdd 100644
> --- a/net/mac80211/tx.c
> +++ b/net/mac80211/tx.c
> @@ -5,7 +5,7 @@
> * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
> * Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
> * Copyright 2013-2014 Intel Mobile Communications GmbH
> - * Copyright (C) 2018-2024 Intel Corporation
> + * Copyright (C) 2018-2025 Intel Corporation
> *
> * Transmit and frame generation functions.
> */
> @@ -5016,12 +5016,25 @@ static void ieee80211_set_beacon_cntdwn(struct ieee80211_sub_if_data *sdata,
> }
> }
>
> -static u8 __ieee80211_beacon_update_cntdwn(struct beacon_data *beacon)
> +static u8 __ieee80211_beacon_update_cntdwn(struct ieee80211_link_data *link,
> + struct beacon_data *beacon)
> {
> - beacon->cntdwn_current_counter--;
> + if (beacon->cntdwn_current_counter == 1) {
> + /*
> + * Channel switch handling is done by a worker thread while
> + * beacons get pulled from hardware timers. It's therefore
> + * possible that software threads are slow enough to not be
> + * able to complete CSA handling in a single beacon interval,
> + * in which case we get here. There isn't much to do about
> + * it, other than letting the user know that the AP isn't
> + * behaving correctly.
> + */
> + link_err_once(link,
> + "beacon TX faster than countdown (channel/color switch) completion\n");
> + return 0;
> + }
>
> - /* the counter should never reach 0 */
> - WARN_ON_ONCE(!beacon->cntdwn_current_counter);
> + beacon->cntdwn_current_counter--;
>
> return beacon->cntdwn_current_counter;
> }
> @@ -5052,7 +5065,7 @@ u8 ieee80211_beacon_update_cntdwn(struct ieee80211_vif *vif, unsigned int link_i
> if (!beacon)
> goto unlock;
>
> - count = __ieee80211_beacon_update_cntdwn(beacon);
> + count = __ieee80211_beacon_update_cntdwn(link, beacon);
>
> unlock:
> rcu_read_unlock();
> @@ -5450,7 +5463,7 @@ __ieee80211_beacon_get(struct ieee80211_hw *hw,
>
> if (beacon->cntdwn_counter_offsets[0]) {
> if (!is_template)
> - __ieee80211_beacon_update_cntdwn(beacon);
> + __ieee80211_beacon_update_cntdwn(link, beacon);
>
> ieee80211_set_beacon_cntdwn(sdata, beacon, link);
> }
> @@ -5482,7 +5495,7 @@ __ieee80211_beacon_get(struct ieee80211_hw *hw,
> * for now we leave it consistent with overall
> * mac80211's behavior.
> */
> - __ieee80211_beacon_update_cntdwn(beacon);
> + __ieee80211_beacon_update_cntdwn(link, beacon);
>
> ieee80211_set_beacon_cntdwn(sdata, beacon, link);
> }
> --
> 2.49.0
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH wireless] wifi: mac80211: don't WARN for late channel/color switch
2025-06-17 8:49 [PATCH wireless] wifi: mac80211: don't WARN for late channel/color switch Johannes Berg
` (6 preceding siblings ...)
2025-06-17 8:49 ` syzbot
@ 2025-06-17 8:49 ` syzbot
7 siblings, 0 replies; 9+ messages in thread
From: syzbot @ 2025-06-17 8:49 UTC (permalink / raw)
To: johannes
Cc: johannes.berg, johannes, linux-wireless, linux-kernel,
syzkaller-bugs
> From: Johannes Berg <johannes.berg@intel.com>
>
> There's really no value in the WARN stack trace etc., the reason
> for this happening isn't directly related to the calling function
> anyway. Also, syzbot has been observing it constantly, and there's
> no way we can resolve it there - those systems are just slow.
>
> Instead print an error message (once) and add a comment about what
> really causes this message.
>
> Reported-by: syzbot+468656785707b0e995df@syzkaller.appspotmail.com
> Reported-by: syzbot+18c783c5cf6a781e3e2c@syzkaller.appspotmail.com
> Reported-by: syzbot+d5924d5cffddfccab68e@syzkaller.appspotmail.com
> Reported-by: syzbot+7d73d99525d1ff7752ef@syzkaller.appspotmail.com
> Reported-by: syzbot+8e6e002c74d1927edaf5@syzkaller.appspotmail.com
> Reported-by: syzbot+97254a3b10c541879a65@syzkaller.appspotmail.com
> Reported-by: syzbot+dfd1fd46a1960ad9c6ec@syzkaller.appspotmail.com
> Reported-by: syzbot+85e0b8d12d9ca877d806@syzkaller.appspotmail.com
> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
> ---
> #syz test
This crash does not have a reproducer. I cannot test it.
> ---
> net/mac80211/debug.h | 5 ++++-
> net/mac80211/tx.c | 29 +++++++++++++++++++++--------
> 2 files changed, 25 insertions(+), 9 deletions(-)
>
> diff --git a/net/mac80211/debug.h b/net/mac80211/debug.h
> index 5b81998cb0c9..ef7c1a68d88d 100644
> --- a/net/mac80211/debug.h
> +++ b/net/mac80211/debug.h
> @@ -1,10 +1,11 @@
> /* SPDX-License-Identifier: GPL-2.0 */
> /*
> * Portions
> - * Copyright (C) 2022 - 2024 Intel Corporation
> + * Copyright (C) 2022 - 2025 Intel Corporation
> */
> #ifndef __MAC80211_DEBUG_H
> #define __MAC80211_DEBUG_H
> +#include <linux/once_lite.h>
> #include <net/cfg80211.h>
>
> #ifdef CONFIG_MAC80211_OCB_DEBUG
> @@ -152,6 +153,8 @@ do { \
> else \
> _sdata_err((link)->sdata, fmt, ##__VA_ARGS__); \
> } while (0)
> +#define link_err_once(link, fmt, ...) \
> + DO_ONCE_LITE(link_err, link, fmt, ##__VA_ARGS__)
> #define link_id_info(sdata, link_id, fmt, ...) \
> do { \
> if (ieee80211_vif_is_mld(&sdata->vif)) \
> diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
> index d8d4f3d7d7f2..d58b80813bdd 100644
> --- a/net/mac80211/tx.c
> +++ b/net/mac80211/tx.c
> @@ -5,7 +5,7 @@
> * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
> * Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
> * Copyright 2013-2014 Intel Mobile Communications GmbH
> - * Copyright (C) 2018-2024 Intel Corporation
> + * Copyright (C) 2018-2025 Intel Corporation
> *
> * Transmit and frame generation functions.
> */
> @@ -5016,12 +5016,25 @@ static void ieee80211_set_beacon_cntdwn(struct ieee80211_sub_if_data *sdata,
> }
> }
>
> -static u8 __ieee80211_beacon_update_cntdwn(struct beacon_data *beacon)
> +static u8 __ieee80211_beacon_update_cntdwn(struct ieee80211_link_data *link,
> + struct beacon_data *beacon)
> {
> - beacon->cntdwn_current_counter--;
> + if (beacon->cntdwn_current_counter == 1) {
> + /*
> + * Channel switch handling is done by a worker thread while
> + * beacons get pulled from hardware timers. It's therefore
> + * possible that software threads are slow enough to not be
> + * able to complete CSA handling in a single beacon interval,
> + * in which case we get here. There isn't much to do about
> + * it, other than letting the user know that the AP isn't
> + * behaving correctly.
> + */
> + link_err_once(link,
> + "beacon TX faster than countdown (channel/color switch) completion\n");
> + return 0;
> + }
>
> - /* the counter should never reach 0 */
> - WARN_ON_ONCE(!beacon->cntdwn_current_counter);
> + beacon->cntdwn_current_counter--;
>
> return beacon->cntdwn_current_counter;
> }
> @@ -5052,7 +5065,7 @@ u8 ieee80211_beacon_update_cntdwn(struct ieee80211_vif *vif, unsigned int link_i
> if (!beacon)
> goto unlock;
>
> - count = __ieee80211_beacon_update_cntdwn(beacon);
> + count = __ieee80211_beacon_update_cntdwn(link, beacon);
>
> unlock:
> rcu_read_unlock();
> @@ -5450,7 +5463,7 @@ __ieee80211_beacon_get(struct ieee80211_hw *hw,
>
> if (beacon->cntdwn_counter_offsets[0]) {
> if (!is_template)
> - __ieee80211_beacon_update_cntdwn(beacon);
> + __ieee80211_beacon_update_cntdwn(link, beacon);
>
> ieee80211_set_beacon_cntdwn(sdata, beacon, link);
> }
> @@ -5482,7 +5495,7 @@ __ieee80211_beacon_get(struct ieee80211_hw *hw,
> * for now we leave it consistent with overall
> * mac80211's behavior.
> */
> - __ieee80211_beacon_update_cntdwn(beacon);
> + __ieee80211_beacon_update_cntdwn(link, beacon);
>
> ieee80211_set_beacon_cntdwn(sdata, beacon, link);
> }
> --
> 2.49.0
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH wireless] wifi: mac80211: don't WARN for late channel/color switch
2025-06-17 8:49 [PATCH wireless] wifi: mac80211: don't WARN for late channel/color switch Johannes Berg
` (4 preceding siblings ...)
2025-06-17 8:49 ` syzbot
@ 2025-06-17 8:49 ` syzbot
2025-06-17 8:49 ` syzbot
2025-06-17 8:49 ` syzbot
7 siblings, 0 replies; 9+ messages in thread
From: syzbot @ 2025-06-17 8:49 UTC (permalink / raw)
To: johannes
Cc: johannes.berg, johannes, linux-wireless, linux-kernel,
syzkaller-bugs
> From: Johannes Berg <johannes.berg@intel.com>
>
> There's really no value in the WARN stack trace etc., the reason
> for this happening isn't directly related to the calling function
> anyway. Also, syzbot has been observing it constantly, and there's
> no way we can resolve it there - those systems are just slow.
>
> Instead print an error message (once) and add a comment about what
> really causes this message.
>
> Reported-by: syzbot+468656785707b0e995df@syzkaller.appspotmail.com
> Reported-by: syzbot+18c783c5cf6a781e3e2c@syzkaller.appspotmail.com
> Reported-by: syzbot+d5924d5cffddfccab68e@syzkaller.appspotmail.com
> Reported-by: syzbot+7d73d99525d1ff7752ef@syzkaller.appspotmail.com
> Reported-by: syzbot+8e6e002c74d1927edaf5@syzkaller.appspotmail.com
> Reported-by: syzbot+97254a3b10c541879a65@syzkaller.appspotmail.com
> Reported-by: syzbot+dfd1fd46a1960ad9c6ec@syzkaller.appspotmail.com
> Reported-by: syzbot+85e0b8d12d9ca877d806@syzkaller.appspotmail.com
> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
> ---
> #syz test
This crash does not have a reproducer. I cannot test it.
> ---
> net/mac80211/debug.h | 5 ++++-
> net/mac80211/tx.c | 29 +++++++++++++++++++++--------
> 2 files changed, 25 insertions(+), 9 deletions(-)
>
> diff --git a/net/mac80211/debug.h b/net/mac80211/debug.h
> index 5b81998cb0c9..ef7c1a68d88d 100644
> --- a/net/mac80211/debug.h
> +++ b/net/mac80211/debug.h
> @@ -1,10 +1,11 @@
> /* SPDX-License-Identifier: GPL-2.0 */
> /*
> * Portions
> - * Copyright (C) 2022 - 2024 Intel Corporation
> + * Copyright (C) 2022 - 2025 Intel Corporation
> */
> #ifndef __MAC80211_DEBUG_H
> #define __MAC80211_DEBUG_H
> +#include <linux/once_lite.h>
> #include <net/cfg80211.h>
>
> #ifdef CONFIG_MAC80211_OCB_DEBUG
> @@ -152,6 +153,8 @@ do { \
> else \
> _sdata_err((link)->sdata, fmt, ##__VA_ARGS__); \
> } while (0)
> +#define link_err_once(link, fmt, ...) \
> + DO_ONCE_LITE(link_err, link, fmt, ##__VA_ARGS__)
> #define link_id_info(sdata, link_id, fmt, ...) \
> do { \
> if (ieee80211_vif_is_mld(&sdata->vif)) \
> diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
> index d8d4f3d7d7f2..d58b80813bdd 100644
> --- a/net/mac80211/tx.c
> +++ b/net/mac80211/tx.c
> @@ -5,7 +5,7 @@
> * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
> * Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
> * Copyright 2013-2014 Intel Mobile Communications GmbH
> - * Copyright (C) 2018-2024 Intel Corporation
> + * Copyright (C) 2018-2025 Intel Corporation
> *
> * Transmit and frame generation functions.
> */
> @@ -5016,12 +5016,25 @@ static void ieee80211_set_beacon_cntdwn(struct ieee80211_sub_if_data *sdata,
> }
> }
>
> -static u8 __ieee80211_beacon_update_cntdwn(struct beacon_data *beacon)
> +static u8 __ieee80211_beacon_update_cntdwn(struct ieee80211_link_data *link,
> + struct beacon_data *beacon)
> {
> - beacon->cntdwn_current_counter--;
> + if (beacon->cntdwn_current_counter == 1) {
> + /*
> + * Channel switch handling is done by a worker thread while
> + * beacons get pulled from hardware timers. It's therefore
> + * possible that software threads are slow enough to not be
> + * able to complete CSA handling in a single beacon interval,
> + * in which case we get here. There isn't much to do about
> + * it, other than letting the user know that the AP isn't
> + * behaving correctly.
> + */
> + link_err_once(link,
> + "beacon TX faster than countdown (channel/color switch) completion\n");
> + return 0;
> + }
>
> - /* the counter should never reach 0 */
> - WARN_ON_ONCE(!beacon->cntdwn_current_counter);
> + beacon->cntdwn_current_counter--;
>
> return beacon->cntdwn_current_counter;
> }
> @@ -5052,7 +5065,7 @@ u8 ieee80211_beacon_update_cntdwn(struct ieee80211_vif *vif, unsigned int link_i
> if (!beacon)
> goto unlock;
>
> - count = __ieee80211_beacon_update_cntdwn(beacon);
> + count = __ieee80211_beacon_update_cntdwn(link, beacon);
>
> unlock:
> rcu_read_unlock();
> @@ -5450,7 +5463,7 @@ __ieee80211_beacon_get(struct ieee80211_hw *hw,
>
> if (beacon->cntdwn_counter_offsets[0]) {
> if (!is_template)
> - __ieee80211_beacon_update_cntdwn(beacon);
> + __ieee80211_beacon_update_cntdwn(link, beacon);
>
> ieee80211_set_beacon_cntdwn(sdata, beacon, link);
> }
> @@ -5482,7 +5495,7 @@ __ieee80211_beacon_get(struct ieee80211_hw *hw,
> * for now we leave it consistent with overall
> * mac80211's behavior.
> */
> - __ieee80211_beacon_update_cntdwn(beacon);
> + __ieee80211_beacon_update_cntdwn(link, beacon);
>
> ieee80211_set_beacon_cntdwn(sdata, beacon, link);
> }
> --
> 2.49.0
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH wireless] wifi: mac80211: don't WARN for late channel/color switch
2025-06-17 8:49 [PATCH wireless] wifi: mac80211: don't WARN for late channel/color switch Johannes Berg
` (2 preceding siblings ...)
2025-06-17 8:49 ` syzbot
@ 2025-06-17 8:49 ` syzbot
2025-06-17 8:49 ` syzbot
` (3 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: syzbot @ 2025-06-17 8:49 UTC (permalink / raw)
To: johannes
Cc: johannes.berg, johannes, linux-wireless, linux-kernel,
syzkaller-bugs
> From: Johannes Berg <johannes.berg@intel.com>
>
> There's really no value in the WARN stack trace etc., the reason
> for this happening isn't directly related to the calling function
> anyway. Also, syzbot has been observing it constantly, and there's
> no way we can resolve it there - those systems are just slow.
>
> Instead print an error message (once) and add a comment about what
> really causes this message.
>
> Reported-by: syzbot+468656785707b0e995df@syzkaller.appspotmail.com
> Reported-by: syzbot+18c783c5cf6a781e3e2c@syzkaller.appspotmail.com
> Reported-by: syzbot+d5924d5cffddfccab68e@syzkaller.appspotmail.com
> Reported-by: syzbot+7d73d99525d1ff7752ef@syzkaller.appspotmail.com
> Reported-by: syzbot+8e6e002c74d1927edaf5@syzkaller.appspotmail.com
> Reported-by: syzbot+97254a3b10c541879a65@syzkaller.appspotmail.com
> Reported-by: syzbot+dfd1fd46a1960ad9c6ec@syzkaller.appspotmail.com
> Reported-by: syzbot+85e0b8d12d9ca877d806@syzkaller.appspotmail.com
> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
> ---
> #syz test
This crash does not have a reproducer. I cannot test it.
> ---
> net/mac80211/debug.h | 5 ++++-
> net/mac80211/tx.c | 29 +++++++++++++++++++++--------
> 2 files changed, 25 insertions(+), 9 deletions(-)
>
> diff --git a/net/mac80211/debug.h b/net/mac80211/debug.h
> index 5b81998cb0c9..ef7c1a68d88d 100644
> --- a/net/mac80211/debug.h
> +++ b/net/mac80211/debug.h
> @@ -1,10 +1,11 @@
> /* SPDX-License-Identifier: GPL-2.0 */
> /*
> * Portions
> - * Copyright (C) 2022 - 2024 Intel Corporation
> + * Copyright (C) 2022 - 2025 Intel Corporation
> */
> #ifndef __MAC80211_DEBUG_H
> #define __MAC80211_DEBUG_H
> +#include <linux/once_lite.h>
> #include <net/cfg80211.h>
>
> #ifdef CONFIG_MAC80211_OCB_DEBUG
> @@ -152,6 +153,8 @@ do { \
> else \
> _sdata_err((link)->sdata, fmt, ##__VA_ARGS__); \
> } while (0)
> +#define link_err_once(link, fmt, ...) \
> + DO_ONCE_LITE(link_err, link, fmt, ##__VA_ARGS__)
> #define link_id_info(sdata, link_id, fmt, ...) \
> do { \
> if (ieee80211_vif_is_mld(&sdata->vif)) \
> diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
> index d8d4f3d7d7f2..d58b80813bdd 100644
> --- a/net/mac80211/tx.c
> +++ b/net/mac80211/tx.c
> @@ -5,7 +5,7 @@
> * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
> * Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
> * Copyright 2013-2014 Intel Mobile Communications GmbH
> - * Copyright (C) 2018-2024 Intel Corporation
> + * Copyright (C) 2018-2025 Intel Corporation
> *
> * Transmit and frame generation functions.
> */
> @@ -5016,12 +5016,25 @@ static void ieee80211_set_beacon_cntdwn(struct ieee80211_sub_if_data *sdata,
> }
> }
>
> -static u8 __ieee80211_beacon_update_cntdwn(struct beacon_data *beacon)
> +static u8 __ieee80211_beacon_update_cntdwn(struct ieee80211_link_data *link,
> + struct beacon_data *beacon)
> {
> - beacon->cntdwn_current_counter--;
> + if (beacon->cntdwn_current_counter == 1) {
> + /*
> + * Channel switch handling is done by a worker thread while
> + * beacons get pulled from hardware timers. It's therefore
> + * possible that software threads are slow enough to not be
> + * able to complete CSA handling in a single beacon interval,
> + * in which case we get here. There isn't much to do about
> + * it, other than letting the user know that the AP isn't
> + * behaving correctly.
> + */
> + link_err_once(link,
> + "beacon TX faster than countdown (channel/color switch) completion\n");
> + return 0;
> + }
>
> - /* the counter should never reach 0 */
> - WARN_ON_ONCE(!beacon->cntdwn_current_counter);
> + beacon->cntdwn_current_counter--;
>
> return beacon->cntdwn_current_counter;
> }
> @@ -5052,7 +5065,7 @@ u8 ieee80211_beacon_update_cntdwn(struct ieee80211_vif *vif, unsigned int link_i
> if (!beacon)
> goto unlock;
>
> - count = __ieee80211_beacon_update_cntdwn(beacon);
> + count = __ieee80211_beacon_update_cntdwn(link, beacon);
>
> unlock:
> rcu_read_unlock();
> @@ -5450,7 +5463,7 @@ __ieee80211_beacon_get(struct ieee80211_hw *hw,
>
> if (beacon->cntdwn_counter_offsets[0]) {
> if (!is_template)
> - __ieee80211_beacon_update_cntdwn(beacon);
> + __ieee80211_beacon_update_cntdwn(link, beacon);
>
> ieee80211_set_beacon_cntdwn(sdata, beacon, link);
> }
> @@ -5482,7 +5495,7 @@ __ieee80211_beacon_get(struct ieee80211_hw *hw,
> * for now we leave it consistent with overall
> * mac80211's behavior.
> */
> - __ieee80211_beacon_update_cntdwn(beacon);
> + __ieee80211_beacon_update_cntdwn(link, beacon);
>
> ieee80211_set_beacon_cntdwn(sdata, beacon, link);
> }
> --
> 2.49.0
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH wireless] wifi: mac80211: don't WARN for late channel/color switch
2025-06-17 8:49 [PATCH wireless] wifi: mac80211: don't WARN for late channel/color switch Johannes Berg
2025-06-17 8:49 ` syzbot
2025-06-17 8:49 ` syzbot
@ 2025-06-17 8:49 ` syzbot
2025-06-17 8:49 ` syzbot
` (4 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: syzbot @ 2025-06-17 8:49 UTC (permalink / raw)
To: johannes
Cc: johannes.berg, johannes, linux-wireless, linux-kernel,
syzkaller-bugs
> From: Johannes Berg <johannes.berg@intel.com>
>
> There's really no value in the WARN stack trace etc., the reason
> for this happening isn't directly related to the calling function
> anyway. Also, syzbot has been observing it constantly, and there's
> no way we can resolve it there - those systems are just slow.
>
> Instead print an error message (once) and add a comment about what
> really causes this message.
>
> Reported-by: syzbot+468656785707b0e995df@syzkaller.appspotmail.com
> Reported-by: syzbot+18c783c5cf6a781e3e2c@syzkaller.appspotmail.com
> Reported-by: syzbot+d5924d5cffddfccab68e@syzkaller.appspotmail.com
> Reported-by: syzbot+7d73d99525d1ff7752ef@syzkaller.appspotmail.com
> Reported-by: syzbot+8e6e002c74d1927edaf5@syzkaller.appspotmail.com
> Reported-by: syzbot+97254a3b10c541879a65@syzkaller.appspotmail.com
> Reported-by: syzbot+dfd1fd46a1960ad9c6ec@syzkaller.appspotmail.com
> Reported-by: syzbot+85e0b8d12d9ca877d806@syzkaller.appspotmail.com
> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
> ---
> #syz test
This crash does not have a reproducer. I cannot test it.
> ---
> net/mac80211/debug.h | 5 ++++-
> net/mac80211/tx.c | 29 +++++++++++++++++++++--------
> 2 files changed, 25 insertions(+), 9 deletions(-)
>
> diff --git a/net/mac80211/debug.h b/net/mac80211/debug.h
> index 5b81998cb0c9..ef7c1a68d88d 100644
> --- a/net/mac80211/debug.h
> +++ b/net/mac80211/debug.h
> @@ -1,10 +1,11 @@
> /* SPDX-License-Identifier: GPL-2.0 */
> /*
> * Portions
> - * Copyright (C) 2022 - 2024 Intel Corporation
> + * Copyright (C) 2022 - 2025 Intel Corporation
> */
> #ifndef __MAC80211_DEBUG_H
> #define __MAC80211_DEBUG_H
> +#include <linux/once_lite.h>
> #include <net/cfg80211.h>
>
> #ifdef CONFIG_MAC80211_OCB_DEBUG
> @@ -152,6 +153,8 @@ do { \
> else \
> _sdata_err((link)->sdata, fmt, ##__VA_ARGS__); \
> } while (0)
> +#define link_err_once(link, fmt, ...) \
> + DO_ONCE_LITE(link_err, link, fmt, ##__VA_ARGS__)
> #define link_id_info(sdata, link_id, fmt, ...) \
> do { \
> if (ieee80211_vif_is_mld(&sdata->vif)) \
> diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
> index d8d4f3d7d7f2..d58b80813bdd 100644
> --- a/net/mac80211/tx.c
> +++ b/net/mac80211/tx.c
> @@ -5,7 +5,7 @@
> * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
> * Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
> * Copyright 2013-2014 Intel Mobile Communications GmbH
> - * Copyright (C) 2018-2024 Intel Corporation
> + * Copyright (C) 2018-2025 Intel Corporation
> *
> * Transmit and frame generation functions.
> */
> @@ -5016,12 +5016,25 @@ static void ieee80211_set_beacon_cntdwn(struct ieee80211_sub_if_data *sdata,
> }
> }
>
> -static u8 __ieee80211_beacon_update_cntdwn(struct beacon_data *beacon)
> +static u8 __ieee80211_beacon_update_cntdwn(struct ieee80211_link_data *link,
> + struct beacon_data *beacon)
> {
> - beacon->cntdwn_current_counter--;
> + if (beacon->cntdwn_current_counter == 1) {
> + /*
> + * Channel switch handling is done by a worker thread while
> + * beacons get pulled from hardware timers. It's therefore
> + * possible that software threads are slow enough to not be
> + * able to complete CSA handling in a single beacon interval,
> + * in which case we get here. There isn't much to do about
> + * it, other than letting the user know that the AP isn't
> + * behaving correctly.
> + */
> + link_err_once(link,
> + "beacon TX faster than countdown (channel/color switch) completion\n");
> + return 0;
> + }
>
> - /* the counter should never reach 0 */
> - WARN_ON_ONCE(!beacon->cntdwn_current_counter);
> + beacon->cntdwn_current_counter--;
>
> return beacon->cntdwn_current_counter;
> }
> @@ -5052,7 +5065,7 @@ u8 ieee80211_beacon_update_cntdwn(struct ieee80211_vif *vif, unsigned int link_i
> if (!beacon)
> goto unlock;
>
> - count = __ieee80211_beacon_update_cntdwn(beacon);
> + count = __ieee80211_beacon_update_cntdwn(link, beacon);
>
> unlock:
> rcu_read_unlock();
> @@ -5450,7 +5463,7 @@ __ieee80211_beacon_get(struct ieee80211_hw *hw,
>
> if (beacon->cntdwn_counter_offsets[0]) {
> if (!is_template)
> - __ieee80211_beacon_update_cntdwn(beacon);
> + __ieee80211_beacon_update_cntdwn(link, beacon);
>
> ieee80211_set_beacon_cntdwn(sdata, beacon, link);
> }
> @@ -5482,7 +5495,7 @@ __ieee80211_beacon_get(struct ieee80211_hw *hw,
> * for now we leave it consistent with overall
> * mac80211's behavior.
> */
> - __ieee80211_beacon_update_cntdwn(beacon);
> + __ieee80211_beacon_update_cntdwn(link, beacon);
>
> ieee80211_set_beacon_cntdwn(sdata, beacon, link);
> }
> --
> 2.49.0
>
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2025-06-17 8:49 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-06-17 8:49 [PATCH wireless] wifi: mac80211: don't WARN for late channel/color switch Johannes Berg
2025-06-17 8:49 ` syzbot
2025-06-17 8:49 ` syzbot
2025-06-17 8:49 ` syzbot
2025-06-17 8:49 ` syzbot
2025-06-17 8:49 ` syzbot
2025-06-17 8:49 ` syzbot
2025-06-17 8:49 ` syzbot
2025-06-17 8:49 ` syzbot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox