Date: Sun, 08 Mar 2026 17:07:33 +0000 From: Bjoern A. Zeeb <bz@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 53c69fd933dc - main - LinuxKPI: 802.11: lkpi_sta_auth_to_scan() fail graciously on lsta == NULL Message-ID: <69adacd5.433ce.68a3fd9c@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by bz: URL: https://cgit.FreeBSD.org/src/commit/?id=53c69fd933dc49f69d5603fb27ce51064ebe681e commit 53c69fd933dc49f69d5603fb27ce51064ebe681e Author: Bjoern A. Zeeb <bz@FreeBSD.org> AuthorDate: 2026-03-08 12:48:51 +0000 Commit: Bjoern A. Zeeb <bz@FreeBSD.org> CommitDate: 2026-03-08 13:49:52 +0000 LinuxKPI: 802.11: lkpi_sta_auth_to_scan() fail graciously on lsta == NULL Usually after a firmware crash, we see reports of crashes in lkpi_sta_auth_to_scan(). One of the last ones was in the PR mentioned below. These crashes are often attributed as the problem while the real problem happened before. At this point try avoid the NULL pointer and to fail graciously if lvif->iv_bss (lsta) is no longer set. This way users have a chance to possibly recover using netif restart wlan0 rather than dealing with a panic. See if this helps us to better track down the original problems rather than the follow-up crash. On a debug kernel the KASSERT should normally have caught that condition as well but we see panics on page faults were the log line was there but then the lsta->ni deref has happened, which is after the KASSERT. I have not checked if this is a reordering problem or if the people reporting had IEEE80211_DEBUG on but not INVARIANTS. Sponsored by: The FreeBSD Foundation PR: 286219 #c11 MFC after: 3 days --- sys/compat/linuxkpi/common/src/linux_80211.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/sys/compat/linuxkpi/common/src/linux_80211.c b/sys/compat/linuxkpi/common/src/linux_80211.c index 63f92b8afb2b..01347586ef63 100644 --- a/sys/compat/linuxkpi/common/src/linux_80211.c +++ b/sys/compat/linuxkpi/common/src/linux_80211.c @@ -3215,16 +3215,28 @@ lkpi_sta_auth_to_scan(struct ieee80211vap *vap, enum ieee80211_state nstate, int wiphy_lock(hw->wiphy); LKPI_80211_LVIF_LOCK(lvif); -#ifdef LINUXKPI_DEBUG_80211 - /* XXX-BZ KASSERT later; state going down so no action. */ - if (lvif->lvif_bss == NULL) - ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p iv_bss %p lvif_bss %p " - "lvif_bss->ni %p synched %d\n", __func__, __LINE__, + /* + * XXX-BZ KASSERT later; state going down so no action in theory + * but try to avoid a NULL-pointer derref for now and gracefully + * fail for non-debug kernels. + */ + if (lvif->lvif_bss == NULL) { + ic_printf(vap->iv_ic, "%s:%d: ERROR: lvif %p vap %p iv_bss %p " + "lvif_bss %p lvif_bss->ni %p synched %d; " + "expect follow-up problems\n", __func__, __LINE__, lvif, vap, vap->iv_bss, lvif->lvif_bss, (lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL, lvif->lvif_bss_synched); -#endif - + LKPI_80211_LVIF_UNLOCK(lvif); + /* + * This will likely lead to a firmware crash (if there + * was not one before already) and need a + * ieee80211_restart_hw() but still better than a panic + * for users as they can at least recover. + */ + error = ENOTRECOVERABLE; + goto out; + } lsta = lvif->lvif_bss; LKPI_80211_LVIF_UNLOCK(lvif); KASSERT(lsta != NULL && lsta->ni != NULL, ("%s: lsta %p ni %p "home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69adacd5.433ce.68a3fd9c>