Re: [PATCH 0/3] soc: qcom: apr: improve RX processing

[Val Packett]

Hi,

On 5/14/26 12:50 PM, Srinivas Kandagatla wrote:
> Hi all,
> [..]
> Srinivas Kandagatla (3):
>    soc: qcom: apr: Remove service from IDR before registration failure
>    soc: qcom: apr: Check response packet length by router type
>    soc: qcom: apr: Process RX messages using per-service work items
>
>   drivers/soc/qcom/apr.c       | 283 ++++++++++++++++++++++++-----------
>   include/linux/soc/qcom/apr.h |   6 +
>   2 files changed, 200 insertions(+), 89 deletions(-)

just saw a crash under apr_service_rxwq -> graph_callback with this 
series applied. Can't say it really is to blame, but still replying here 
because it was applied..

hamoa, quad WSA speakers, pipewire, audio playing from 
https://flathub.org/en/apps/com.rafaelmardojai.Blanket, crashed when 
opening pavucontrol (display froze with the pavucontrol UI already loaded)

<1>[577090.453413] Unable to handle kernel NULL pointer dereference at 
virtual address 0000000000000050
[..]
<4>[577090.453924] CPU: 0 UID: 0 PID: 946838 Comm: kworker/u49:1 
Tainted: G        W  7.1.0-rc4-next-20260519-uwu+ #116 PREEMPT(full)
<4>[577090.453933] Tainted: [W]=WARN
<4>[577090.453936] Hardware name: Dell Inc. Latitude 7455/0FK7MX, BIOS 
2.13.0 09/19/2025
<4>[577090.453941] Workqueue: qcom_apr_rx apr_service_rxwq [apr] 
(../drivers/soc/qcom/apr.c:359)
<4>[577090.453957] pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS 
BTYPE=--)
<4>[577090.453963] pc : graph_callback+0x1a8/0x280 [snd_q6apm] 
(../sound/soc/qcom/qdsp6/q6apm.c:577)
<4>[577090.453977] lr : graph_callback+0x194/0x280 [snd_q6apm] 
(../sound/soc/qcom/qdsp6/q6apm.c:572)
[..]
<4>[577090.454086] Call trace:
<4>[577090.454090]  graph_callback+0x1a8/0x280 [snd_q6apm] 
(../sound/soc/qcom/qdsp6/q6apm.c:577) (P)
<4>[577090.454100]  apr_service_rxwq+0x274/0x3b8 [apr] 
(../drivers/soc/qcom/apr.c:535)
<4>[577090.454109]  process_scheduled_works+0x190/0x500 
(../kernel/workqueue.c:3323)
<4>[577090.454124]  worker_thread+0x230/0x330 (../include/linux/list.h:404)
<4>[577090.454133]  kthread+0x120/0x158 (../kernel/kthread.c:438)
<4>[577090.454141]  ret_from_fork+0x10/0x20 
(../arch/arm64/kernel/entry.S:842)
<0>[577090.454153] Code: f94026e9 910242e0 f9400e95 d37ced08 (f8686936)
<4>[577090.454158] ---[ end trace 0000000000000000 ]---


Line 577 is         atomic_set(&graph->tx_data.hw_ptr, hdr->token + 1);

weird, both graph and hdr have been dereferenced before this line..


Thanks,
~val