From: Zac Bowling mt7925_mcu_set_mlo_roc() uses WARN_ON_ONCE() to check if link_conf or channel is NULL. However, during MLO AP setup, it's normal for the channel to not be configured yet when this function is called. The WARN_ON_ONCE triggers a kernel warning/oops that makes the system appear to have crashed, even though it's just a timing issue. Example kernel oops during AP setup: WARNING: CPU: 0 PID: 12345 at drivers/net/wireless/mediatek/mt76/mt7925/mcu.c:1345 Call Trace: mt7925_mcu_set_mlo_roc+0x... mt7925_remain_on_channel+0x... Replace WARN_ON_ONCE with regular NULL checks and return -ENOLINK to indicate the link is not fully configured yet. This allows the upper layers to retry when the link is ready, without spamming the kernel log with warnings. Also add a check for mconf in the first loop to match the pattern used in the second loop, preventing potential NULL dereference. This fixes kernel oops reported during MLO AP setup on OpenWrt with MT7925E hardware and similar issues on standard Linux distributions. Fixes: c5d11e4a9fa8 ("wifi: mt76: mt7925: add mt7925_change_vif_links") Link: https://github.com/openwrt/mt76/issues/1014 Signed-off-by: Zac Bowling --- .../net/wireless/mediatek/mt76/mt7925/mcu.c | 20 +++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c index 958ff9da9f..8080fea30d 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c @@ -1337,15 +1337,23 @@ int mt7925_mcu_set_mlo_roc(struct mt792x_bss_conf *mconf, u16 sel_links, for (i = 0; i < ARRAY_SIZE(links); i++) { links[i].id = i ? __ffs(~BIT(mconf->link_id) & sel_links) : mconf->link_id; + link_conf = mt792x_vif_to_bss_conf(vif, links[i].id); - if (WARN_ON_ONCE(!link_conf)) - return -EPERM; + if (!link_conf) + return -ENOLINK; links[i].chan = link_conf->chanreq.oper.chan; - if (WARN_ON_ONCE(!links[i].chan)) - return -EPERM; + if (!links[i].chan) + /* Channel not configured yet - this can happen during + * MLO AP setup when links are being added sequentially. + * Return -ENOLINK to indicate link not ready. + */ + return -ENOLINK; links[i].mconf = mt792x_vif_to_link(mvif, links[i].id); + if (!links[i].mconf) + return -ENOLINK; + links[i].tag = links[i].id == mconf->link_id ? UNI_ROC_ACQUIRE : UNI_ROC_SUB_LINK; @@ -1359,8 +1367,8 @@ int mt7925_mcu_set_mlo_roc(struct mt792x_bss_conf *mconf, u16 sel_links, type = MT7925_ROC_REQ_JOIN; for (i = 0; i < ARRAY_SIZE(links) && i < hweight16(vif->active_links); i++) { - if (WARN_ON_ONCE(!links[i].mconf || !links[i].chan)) - continue; + if (!links[i].mconf || !links[i].chan) + return -ENOLINK; chan = links[i].chan; center_ch = ieee80211_frequency_to_channel(chan->center_freq); -- 2.52.0