From nobody Wed Mar 11 16:53:41 2026 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fWGzb14zCz6VRX1 for ; Wed, 11 Mar 2026 16:53:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fWGzZ5JkQz3X4t for ; Wed, 11 Mar 2026 16:53:46 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1773248026; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hqSRQfiad1sHFfh4694UJzforYMQ8+lHpYal8e42vzM=; b=iWraQ2rijAhJZT9v3+vBkzjWTilfpoUY9HCj5LJgbZURdg6crwR6z1009bFtw3mRVkWB22 ToCdscW64Wx1BzLEB6Pozy6t3LsAaYEq5/5EdFU+KboPUyc3tKQgqjvY9rxD3PinluOXyA gNcULd/mCISPdaZmVTg5b+1G1mx5k6d2QvKH93X13zOh4mq6fO2CH50uS6nc7/FqY117k4 30xMEL6F/icnQwj3+XlIbeJy8z5HM9WXe82jX2vAfLSfk259Bw/yw5aaSF4qTRRm0s9kag jbuG0gdYWGluure9wplQp324FICe9AWuZJ5/7BxziQjvmnAKC72ppRm1PmJEbw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1773248026; a=rsa-sha256; cv=none; b=E/kCNFjaikYXZ3jxydPkhPthWwUBmPz2+bv5kO0hHxKIFJu2+jRsAx6L3jVSIJ7TxlHokR 22i/GZMlUPyk9oR/WUjX98dUvr9SRKH/PjJ9wr54C6Fi7I8CUaiesGFhryK/ttJVHlrG9U 2T6vAtj1AOuLsqOaJZc2ysSEw1qxVX1wAuEuma58A/czpeTgY4itR1hQoms38uWBiQmUYQ RGl6g+3Rtm/+FWqvtY/Wykqavf1nSn2qZTshyx0iuD6zlW4skQqdIEwlZtzYV1uS2lZnL0 TocUaUR3YXIzVdag05fJWYA+G9DxO9SeAXzz6JC3dV+fkihRmvLkW8gDQMWNwQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1773248026; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hqSRQfiad1sHFfh4694UJzforYMQ8+lHpYal8e42vzM=; b=ajbT8TkfGgoghndzsfJZq6cjCJ5fCgWuxjP4rFdnezLrWcYTCMTaYjHmYvFnRHjhD2L9pQ BJ8Itu1kalTjeSpKdfjvOoQgq4S01Ha19/qgT1276hcE8jO245GA8SuAkLhWL/Ry8lIZQQ AzGGYjNN/HLbFQ+gNgYhPxgMAthRrneVU/ebyCWGxBBvhDCCJ4VEyTrczsHREqwmRkJllM z1FMf+KIbFcitjyeWyBizTQp9y6QEKGkDfcrb6LueTKA6ellPAKBsTZN8ej3Od+a7XAw8r fsZoM/DFqdXfZcLYATPq1RFmH8GYt5x2a9I8P6gvfEnqQouWkVhgTvpf3R151w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fWGzZ4ZDpz16NX for ; Wed, 11 Mar 2026 16:53:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 436d7 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 11 Mar 2026 16:53:41 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Bjoern A. Zeeb Subject: git: 86417d5b061f - stable/15 - LinuxKPI: 802.11: lkpi_sta_auth_to_scan() fail graciously on lsta == NULL List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: bz X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 86417d5b061f7d385a09ae557504e8ef306ecbf9 Auto-Submitted: auto-generated Date: Wed, 11 Mar 2026 16:53:41 +0000 Message-Id: <69b19e15.436d7.3804426e@gitrepo.freebsd.org> The branch stable/15 has been updated by bz: URL: https://cgit.FreeBSD.org/src/commit/?id=86417d5b061f7d385a09ae557504e8ef306ecbf9 commit 86417d5b061f7d385a09ae557504e8ef306ecbf9 Author: Bjoern A. Zeeb AuthorDate: 2026-03-08 12:48:51 +0000 Commit: Bjoern A. Zeeb CommitDate: 2026-03-11 16:53:24 +0000 LinuxKPI: 802.11: lkpi_sta_auth_to_scan() fail graciously on lsta == NULL Usually after a firmware crash, we see reports of crashes in lkpi_sta_auth_to_scan(). One of the last ones was in the PR mentioned below. These crashes are often attributed as the problem while the real problem happened before. At this point try avoid the NULL pointer and to fail graciously if lvif->iv_bss (lsta) is no longer set. This way users have a chance to possibly recover using netif restart wlan0 rather than dealing with a panic. See if this helps us to better track down the original problems rather than the follow-up crash. On a debug kernel the KASSERT should normally have caught that condition as well but we see panics on page faults were the log line was there but then the lsta->ni deref has happened, which is after the KASSERT. I have not checked if this is a reordering problem or if the people reporting had IEEE80211_DEBUG on but not INVARIANTS. Sponsored by: The FreeBSD Foundation PR: 286219 #c11 (cherry picked from commit 53c69fd933dc49f69d5603fb27ce51064ebe681e) --- sys/compat/linuxkpi/common/src/linux_80211.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/sys/compat/linuxkpi/common/src/linux_80211.c b/sys/compat/linuxkpi/common/src/linux_80211.c index 63f92b8afb2b..01347586ef63 100644 --- a/sys/compat/linuxkpi/common/src/linux_80211.c +++ b/sys/compat/linuxkpi/common/src/linux_80211.c @@ -3215,16 +3215,28 @@ lkpi_sta_auth_to_scan(struct ieee80211vap *vap, enum ieee80211_state nstate, int wiphy_lock(hw->wiphy); LKPI_80211_LVIF_LOCK(lvif); -#ifdef LINUXKPI_DEBUG_80211 - /* XXX-BZ KASSERT later; state going down so no action. */ - if (lvif->lvif_bss == NULL) - ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p iv_bss %p lvif_bss %p " - "lvif_bss->ni %p synched %d\n", __func__, __LINE__, + /* + * XXX-BZ KASSERT later; state going down so no action in theory + * but try to avoid a NULL-pointer derref for now and gracefully + * fail for non-debug kernels. + */ + if (lvif->lvif_bss == NULL) { + ic_printf(vap->iv_ic, "%s:%d: ERROR: lvif %p vap %p iv_bss %p " + "lvif_bss %p lvif_bss->ni %p synched %d; " + "expect follow-up problems\n", __func__, __LINE__, lvif, vap, vap->iv_bss, lvif->lvif_bss, (lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL, lvif->lvif_bss_synched); -#endif - + LKPI_80211_LVIF_UNLOCK(lvif); + /* + * This will likely lead to a firmware crash (if there + * was not one before already) and need a + * ieee80211_restart_hw() but still better than a panic + * for users as they can at least recover. + */ + error = ENOTRECOVERABLE; + goto out; + } lsta = lvif->lvif_bss; LKPI_80211_LVIF_UNLOCK(lvif); KASSERT(lsta != NULL && lsta->ni != NULL, ("%s: lsta %p ni %p "