From nobody Fri Jan 9 00:43:28 2026 Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1FB843BB48 for ; Mon, 5 Jan 2026 00:26:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767572814; cv=none; b=ceg1/6oev3kokhBOQAukOU1IzZ30cPkr3KDxuUn/iaXPJz58x5kww5UZ8FxjgQdAoezv9V1oN9cXSo4z4C4wky3Vx0dskWTqMxFJrJX5+a270TbWA2hu1f2FvpEpP44Entpt7glBy+/8fYAsv0LYcNia8QJFnw4sEli4LtnwAFA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767572814; c=relaxed/simple; bh=QsR5/OKd7dRBwCFTqGC5Zw+i/++FftRL2ti6sVT5Ug4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gbqQpq4LiDXEYyOQf+4tjooqoh75JFx9xFHkJjLaIElDIjR3x4awxWtdhiNSg52jb7lsl30ksOdhrhbXuR2kDKQfBsl8DjTihRn+3kUAORW4tg1gmZcXGCp/wHc0psvfrjYWU44Kz9kwhKFUEJTQrMdwmKn3R0r5ZlIWiGHa/oY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=IZdAMv82; arc=none smtp.client-ip=209.85.214.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="IZdAMv82" Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-2a0d06ffa2aso166446825ad.3 for ; Sun, 04 Jan 2026 16:26:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767572812; x=1768177612; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=xAgVTP0BzLqwfWTeezG65MLKR0/RKkukMTGhqy2j9so=; b=IZdAMv82tfl08bSCZUB3niKU/tbTIZqnIffZeJkpLUQqP3goaB3XQLH+/YZXV597sx Trs977YuGQXm6AeGJ6nKc3Yq3XC6iQYnUHcSZwJEXr5pKB40mteWTbtcBjnF1LLPWe8A xV2yk1Cxmcg4CSludJ4uj8VYl+u7hVcYXIFgK3WGj4zvfoa4HMx4L+gt5fy7GTro6EyQ SzmVwNCGf+uzjbStrWvBtZrg/li4JYN7ybuQQGV2YBM7pgr4Cmr/cbxG/ApumnHTurhw VV+8N6OorKl5eWfY4dklhSVkngYS5ELtGOt0OmiZunwEU4BOY/HKVtNW5pRNtnFmUCG6 /8RQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767572812; x=1768177612; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=xAgVTP0BzLqwfWTeezG65MLKR0/RKkukMTGhqy2j9so=; b=tuSj81ruIOuY7yN17cu0ly40NyFrZnSOUrChoNXNmLtkOnt1y2aBjMVfoH6X2aZ57s Osb1DOG8WL8OdLUFm0jOORM9UAUXj9rDVt9K4H0TK+fApijLs3qQU7vlg4dGtvKT/bff 6PZx3wOM1JjUFfvnjt4x/s4PcbDGBnlOmaneLbXPN+lrtqWG/N1bNOWvfGPhTQxv9dQ2 mqo+EeRAGpkxdSuZsFLI1GBMLsZUuZTrCe3/jTwksx2xEx8yDuHM38PH9Cv18nf+XhMe e03mElFO/2e2GKmM+a2qWKYYqZrc9DrxAk/dZg3qgyiErF7vY5olZbG0bvvFR42NE2fV rPOQ== X-Forwarded-Encrypted: i=1; AJvYcCXhsybHeiOpnnZ2NNj5+CPIPhj0y0b/wt7JBeIwoPtBiJHp3b+UaKCVI6A8XC6MRWdog+Q4GCSlleH9iGk=@vger.kernel.org X-Gm-Message-State: AOJu0Ywke16/Bs/8b2sSw6S1gGUDoQy3E2GyHciiO7GCDTgYYH+JuW64 Fb3a3YQKETqcWA1WftROrGrt/bBie543dRkNGkdv7mzLPTjIULbZLT3x X-Gm-Gg: AY/fxX42uwP+ydMwc+p+JCYjqrvj2HrrM8AdCbiZ398fUEucwjuQ+A/NBtNWPT02ocX FUlQlnJ3agJ87SgCstBPH8O037L92wDWKdog/hcq3CeYCbdmnaw5xvNaIQVshElHOs4l+63z/WZ IeB5QfQdJEWj6yttniqjn8vBFNsfhsZZmXPDy6jlxVvXVVO5AUqT0B1qczde3BdrZ4i4JDNaYcL NZzaoDJWXIzQaVEkghICKBIAVXnTgXkKEP47/CtReHpnlYGvBydXYebpQvR2I8knXgM2ww5qGAI MLXBsmbef5XN+DxTqpk9rxayFO+s0GQfX1vMcssBkBGtvFuhCI7gp/iK5TXIk+4seUf1FBGsSiW OVcwkpG7auzzKlwwmcy5pjf5ThImcp/Zma61OzgHAyJfSyq+eI7otMFpASDsgi10hl9/6RFITxv vfbZQoWq4fPGUg9MDMu4lV4yDYxtqlheQ/1IeRDpA1DjmIAez9ZRz2HknghGq+z5w= X-Google-Smtp-Source: AGHT+IFKYGpXpbeOzNKq3w85a9004NHjGaMx7/DnJGknvJa/Jb0muU+WLPE3Jt6/U31pHd5HhFvK7A== X-Received: by 2002:a05:7022:f902:20b0:11c:b3ad:1fe1 with SMTP id a92af1059eb24-121722b1a7bmr41061173c88.11.1767572812230; Sun, 04 Jan 2026 16:26:52 -0800 (PST) Received: from zubuntu.bengal-mercat.ts.net ([2001:5a8:60d:bc9:9ebf:dff:fe00:f8f2]) by smtp.gmail.com with ESMTPSA id a92af1059eb24-121724de268sm133378109c88.8.2026.01.04.16.26.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 04 Jan 2026 16:26:51 -0800 (PST) From: Zac Bowling To: zbowling@gmail.com Cc: deren.wu@mediatek.com, kvalo@kernel.org, linux-kernel@vger.kernel.org, linux-mediatek@lists.infradead.org, linux-wireless@vger.kernel.org, lorenzo@kernel.org, nbd@nbd.name, ryder.lee@mediatek.com, sean.wang@mediatek.com Subject: [PATCH 02/17] wifi: mt76: mt7925: fix missing mutex protection in reset and ROC abort Date: Sun, 4 Jan 2026 16:26:23 -0800 Message-ID: <20260105002638.668723-3-zbowling@gmail.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260105002638.668723-1-zbowling@gmail.com> References: <20260102200524.290779-1-zbowling@gmail.com> <20260105002638.668723-1-zbowling@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" During firmware recovery and ROC (Remain On Channel) abort operations, the driver iterates over active interfaces and calls MCU functions that require the device mutex to be held, but the mutex was not acquired. This causes system-wide deadlocks where the system becomes completely unresponsive. From logs on affected systems: INFO: task kworker/u128:0:48737 blocked for more than 122 seconds. Workqueue: mt76 mt7925_mac_reset_work [mt7925_common] Call Trace: __schedule+0x426/0x12c0 schedule+0x27/0xf0 schedule_preempt_disabled+0x15/0x30 __mutex_lock.constprop.0+0x3d0/0x6d0 mt7925_mac_reset_work+0x85/0x170 [mt7925_common] The deadlock manifests approximately every 5 minutes when the adapter tries to hop to a better BSSID, triggering firmware reset. Network commands (ip, ifconfig, etc.) hang indefinitely, processes get stuck in uninterruptible sleep (D state), and reboot hangs as well. Add mutex protection around interface iteration in: - mt7925_mac_reset_work(): Called during firmware recovery after MCU timeouts to reconnect all interfaces - mt7925_roc_abort_sync() in suspend path: Called during suspend to clean up Remain On Channel operations This matches the pattern used in mt7615 and other MediaTek drivers where interface iteration callbacks invoke MCU functions with mutex held: // mt7615/main.c - roc_work has mutex protection mt7615_mutex_acquire(phy->dev); ieee80211_iterate_active_interfaces(...); mt7615_mutex_release(phy->dev); Note: Sean Wang from MediaTek has submitted an alternative fix for the ROC path using cancel_delayed_work() instead of cancel_delayed_work_sync(). Both approaches address the deadlock; this one adds explicit mutex protection which may be superseded by the upstream fix. Fixes: c948b5da6bbe ("wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt= 7925 chips") Link: https://community.frame.work/t/kernel-panic-from-wifi-mediatek-mt7925= -nullptr-dereference/79301 Reported-by: Zac Bowling Tested-by: Zac Bowling Signed-off-by: Zac Bowling --- drivers/net/wireless/mediatek/mt76/mt7925/mac.c | 2 ++ drivers/net/wireless/mediatek/mt76/mt7925/pci.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/mac.c b/drivers/net/= wireless/mediatek/mt76/mt7925/mac.c index 184efe8afa10..06420ac6ed55 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/mac.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/mac.c @@ -1331,9 +1331,11 @@ void mt7925_mac_reset_work(struct work_struct *work) dev->hw_full_reset =3D false; pm->suspended =3D false; ieee80211_wake_queues(hw); + mt792x_mutex_acquire(dev); ieee80211_iterate_active_interfaces(hw, IEEE80211_IFACE_ITER_RESUME_ALL, mt7925_vif_connect_iter, NULL); + mt792x_mutex_release(dev); mt76_connac_power_save_sched(&dev->mt76.phy, pm); =20 mt7925_regd_change(&dev->phy, "00"); diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/pci.c b/drivers/net/= wireless/mediatek/mt76/mt7925/pci.c index c4161754c01d..e9d62c6aee91 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/pci.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/pci.c @@ -455,7 +455,9 @@ static int mt7925_pci_suspend(struct device *device) cancel_delayed_work_sync(&pm->ps_work); cancel_work_sync(&pm->wake_work); =20 + mt792x_mutex_acquire(dev); mt7925_roc_abort_sync(dev); + mt792x_mutex_release(dev); =20 err =3D mt792x_mcu_drv_pmctrl(dev); if (err < 0) --=20 2.51.0