I’m also seeing crashes related to WiFi (a kernel NULL pointer dereference), in my case when an access point I’m connected to is turned off.
ath12k_mac_handle_beacon_miss_iter+0x3c/0xe8 [ath12k]
__iterate_interfaces+0xd4/0x180 [mac80211]
ieee80211_iterate_active_interfaces_atomic+0x48/0x88 [mac80211]
ath12k_mac_handle_beacon_miss+0x38/0x70 [ath12k]
ath12k_wmi_op_rx+0xcc4/0x1150 [ath12k]
ath12k_htc_rx_completion_handler+0x370/0x588 [ath12k]
ath12k_ce_recv_process_cb+0x1f0/0x2d8 [ath12k]
ath12k_pci_ce_workqueue+0x30/0xa0 [ath12k]
So this is where it crashes:
static void ath12k_mac_handle_beacon_miss_iter(void *data, u8 *mac,
struct ieee80211_vif *vif)
{
u32 *vdev_id = data;
struct ath12k_vif *ahvif = ath12k_vif_to_ahvif(vif);
struct ath12k_link_vif *arvif = &ahvif->deflink;
struct ath12k *ar = arvif->ar; // ar is NULL
struct ieee80211_hw *hw = ath12k_ar_to_hw(ar);
/* ... */
}
static inline struct ieee80211_hw *ath12k_ar_to_hw(struct ath12k *ar)
{
return ar->ah->hw; // crashes on dereferencing ar
}
The last commit to change the function was this one, so I suspect the bug is from an MLO-related commit.
commit 3dd2c68f206ef7020d12b9f85cbfe05ca8662cf4
Date: Tue Oct 15 20:14:06 2024 +0300
wifi: ath12k: prepare vif data structure for MLO handling
I wonder if it could be worked around like this:
struct ath12k *ar = arvif->ar;
if (!ar)
return;
struct ieee80211_hw *hw = ath12k_ar_to_hw(ar);
Perhaps the real bug is that !arvif->is_up is checked for too late.