Index | Thread | Search

From:
Kirill A. Korinsky <kirill@korins.ky>
Subject:
sys/qwz: fix crash on boot
To:
OpenBSD tech <tech@openbsd.org>
Date:
Sat, 21 Mar 2026 14:36:07 +0100

Download raw body.

Thread

  • Kirill A. Korinsky:

    sys/qwz: fix crash on boot

tech@,

here a small diff which allows me to boot my Snapdragon with Qualcomm
WCN7850 when qwz is back to build.

Without this diff it crashed as:

qwz0: RDDM dump failed
qwz_core_start: failed to receive wmi unified ready event: -1
qwz0: failed to start core: -1
qwz_pcic_ext_irq_disable not implemented
qwz0: cookie:0x0
qwz0: WLAON_WARM_SW_ENTRY 0x14b6e64
qwz0: WLAON_WARM_SW_ENTRY 0x14b6e64
qwz0: soc reset cause:0

attempt to access user address 0x10 from EL1
Stopped at     qwz_dp_cc_cleanup+0x9c: ldr     x8, [x23]

    TID    PID    UID    PRFLAGS    PFLAGS  CPU COMMAND
*     0      0      0    0x10000    0x200   8K swapper

qwz_dp_cc_cleanup() at qwz_dp_free+0x54
qwz_dp_free() at qwz_attach+0x130
qwz_attach() at qwz_pci_attach_hook+0x34
qwz_pci_attach_hook() at config_process_deferred_mountroot+0x58
config_process_deferred_mountroot() at main+0x5f8
main() at virtdone+0x70

Ok?

Index: sys/dev/ic/qwz.c
===================================================================
RCS file: /home/cvs/src/sys/dev/ic/qwz.c,v
diff -u -p -r1.22 qwz.c
--- sys/dev/ic/qwz.c	18 Feb 2026 03:10:57 -0000	1.22
+++ sys/dev/ic/qwz.c	21 Mar 2026 13:27:02 -0000
@@ -8340,6 +8340,9 @@ qwz_dp_cc_cleanup(struct qwz_softc *sc)
 	/* First ATH12K_NUM_RX_SPT_PAGES of allocated SPT pages are used for RX */
 	for (i = 0; i < ATH12K_NUM_RX_SPT_PAGES; i++) {
 		rx_descs = dp->spt_info->rxbaddr[i];
+		if (!rx_descs)
+			continue;
+
 		for (j = 0; j < ATH12K_MAX_SPT_ENTRIES; j++) {
 			if (!rx_descs[j].m)
 				continue;
@@ -8364,6 +8367,8 @@ qwz_dp_cc_cleanup(struct qwz_softc *sc)
 		for (i = 0; i < ATH12K_TX_SPT_PAGES_PER_POOL; i++) {
 			tx_spt_page = i + pool_id * ATH12K_TX_SPT_PAGES_PER_POOL;
 			tx_descs = dp->spt_info->txbaddr[tx_spt_page];
+			if (!tx_descs)
+				continue;
 
 			for (j = 0; j < ATH12K_MAX_SPT_ENTRIES; j++) {
 				if (!tx_descs[j].m)
@@ -8381,6 +8386,17 @@ qwz_dp_cc_cleanup(struct qwz_softc *sc)
 		spin_unlock_bh(&dp->tx_desc_lock[pool_id]);
 #endif
 	}
+
+	for (i = 0; i < dp->num_spt_pages; i++) {
+		if (!dp->spt_info[i].mem)
+			continue;
+		qwz_dmamem_free(sc->sc_dmat, dp->spt_info[i].mem);
+		dp->spt_info[i].mem = NULL;
+	}
+
+	free(dp->spt_info, M_DEVBUF, dp->num_spt_pages * sizeof(*dp->spt_info));
+	dp->spt_info = NULL;
+	dp->num_spt_pages = 0;
 }
 
 int


-- 
wbr, Kirill