mirror of
https://github.com/Telecominfraproject/wlan-ap.git
synced 2026-01-27 02:22:14 +00:00
81a358f52e
When using dynamic VLAN (AP_VLAN) on 5 GHz, CSA finalize may call _ieee80211_sta_cap_rx_bw() with a non-NULL chandef whose ->chan is NULL. This leads to a NULL pointer dereference at chandef->chan->band and a kernel panic. Avoid the crash by validating chandef->chan before accessing the band and fall back to the existing non-chandef path when the channel pointer is not available during CSA. Trace: Unable to handle kernel read from unreadable memory at virtual address 0000000000000000 Internal error: Oops: 0000000096000005 [#1] SMP CPU: 0 PID: 59 Comm: kworker/u4:2 Workqueue: events_unbound wiphy_delayed_work_pending [cfg80211] Hardware name: Edgecore EAP111 (DT) pc : _ieee80211_sta_cap_rx_bw+0x14/0xcc [mac80211] lr : _ieee80211_sta_cur_vht_bw+0x20/0xb0 [mac80211] Call trace: _ieee80211_sta_cap_rx_bw+0x14/0xcc [mac80211] ieee80211_iter_chan_contexts_atomic+0x260/0xf38 [mac80211] ieee80211_link_unreserve_chanctx+0x430/0xab8 [mac80211] ieee80211_link_use_reserved_context+0xac/0xf4 [mac80211] ieee80211_nan_func_terminated+0x3f8c/0x4f00 [mac80211] ieee80211_csa_finalize_work+0x2c/0x34 [mac80211] wiphy_delayed_work_pending+0x298/0x3bc [cfg80211] process_one_work+0x178/0x2f0 worker_thread+0x2e8/0x4d4 kthread+0xdc/0xe0 ret_from_fork+0x10/0x20 Kernel panic - not syncing: Oops: Fatal exception Fixes: WIFI-15312 Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>