Sadly, this is too early in the initialization process and we get NULL
deref, similar to [1].
Unable to handle kernel NULL pointer dereference at virtual address
0000000000000058
Mem abort info:
ESR = 0x0000000096000004
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x04: level 0 translation fault
Data abort info:
ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
CM = 0, WnR = 0, TnD = 0, TagAccess = 0
GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
user pgtable: 4k pages, 48-bit VAs, pgdp=000000010f838000
[0000000000000058] pgd=0000000000000000, p4d=0000000000000000
Internal error: Oops: 0000000096000004 [#1] SMP
Modules linked in: qrtr_smd fastrpc rpmsg_ctrl des_generic
algif_skcipher md5 md4 algif_hash snd_soc_sdm845 snd_soc_rt5663
snd_soc_qcom_sdw snd_soc_qcom_common snd_soc_rl6231 hci_uart
snd_soc_core nft_reject_inet nf_reject_ipv4 btqca nf_reject_ipv6
nft_reject btbcm snd_compress nft_ct bluetooth nf_conntrack nxp_nci_i2c
snd_pcm nxp_nci nf_defrag_ipv6 ecdh_generic nf_defrag_ipv4 nci snd_timer
ecc soundwire_bus nfc pwrseq_core rmi_i2c snd nf_tables qcom_camss
venus_core qcom_spmi_haptics soundcore rmi_core leds_qcom_flash
videobuf2_dma_sg qcom_spmi_rradc ath10k_snoc bq27xxx_battery_i2c
videobuf2_memops v4l2_mem2mem qcom_smbx bq27xxx_battery rtc_pm8xxx
v4l2_fwnode videobuf2_v4l2 ath10k_core videobuf2_common v4l2_async ath
qcom_refgen_regulator qcom_stats videodev reset_qcom_pdc mac80211 mc
camcc_sdm845 i2c_qcom_cci coresight_tmc qcom_rng coresight_stm stm_core
coresight_replicator coresight_funnel qcom_q6v5_mss coresight cfg80211
qrtr ipa qcom_q6v5_pas slim_qcom_ngd_ctrl rfkill qcom_pil_info qcom_wdt
qcom_q6v5
qcom_sysmon qcom_common qcom_glink_smem icc_bwmon uhid uinput zram
zsmalloc fuse nfnetlink ipv6
CPU: 4 UID: 0 PID: 154 Comm: kworker/u32:7 Tainted: G W
6.18.0-rc5-next-20251111-sdm845-00134-gfb2106976a5c-dirty #2 PREEMPT
Tainted: [W]=WARN
Hardware name: OnePlus 6T (DT)
Workqueue: ath10k_qmi_driver_event ath10k_qmi_driver_event_work
[ath10k_snoc]
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : ath10k_qmi_driver_event_work+0x1ec/0x440 [ath10k_snoc]
lr : ath10k_qmi_driver_event_work+0x1dc/0x440 [ath10k_snoc]
sp : ffff8000819b3cf0
x29: ffff8000819b3d40 x28: ffff00008d823c00 x27: dead000000000122
x26: 0000000000000000 x25: ffff00008fab2060 x24: dead000000000100
x23: ffff00008d823d50 x22: ffff00008d81bd28 x21: ffff00008d823d28
x20: ffff00008d823d28 x19: ffff0000901c5120 x18: ffff56858e1da000
x17: ffff56858e1da000 x16: ffffa97c6467f1b8 x15: ffffa97c6569dbd0
x14: ffffa97c655a1440 x13: 0000000000000000 x12: ffff00008a12e4a8
x11: ffff00008d823cd8 x10: ffff00008a12e480 x9 : ffffa97c640314c4
x8 : ffff00008d823cd8 x7 : 0000000000000000 x6 : ffff00008a12e6a8
x5 : fffffffffffffffe x4 : 0000000000000000 x3 : 0000000000000000
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
ath10k_qmi_driver_event_work+0x1ec/0x440 [ath10k_snoc] (P)
process_one_work+0x15c/0x3c0
worker_thread+0x2d0/0x400
kthread+0x148/0x208
ret_from_fork+0x10/0x20
Code: 350001a0 39488380 37000de0 f9487b20 (f9402c00)
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
If no objection raised, I would go back to the original device-tree
property way then (as also another device in need of this quirk showed up).
David
[1]
https://lore.kernel.org/ath10k/[email protected]/
On 11/11/2025 13:34, David Heidelberg via B4 Relay wrote:
From: David Heidelberg <[email protected]>
There are firmware versions which do not support host capability
QMI request. We suspect either the host cap is not implemented or
there may be firmware specific issues, but apparently there seem
to be a generation of firmware that has this particular behavior.
For example, firmware build on Xiaomi Poco F1 (sdm845) phone:
"QC_IMAGE_VERSION_STRING=WLAN.HL.2.0.c3-00257-QCAHLSWMTPLZ-1"
If we do not skip the host cap QMI request on Xiaomi Poco F1,
then we get a QMI_ERR_MALFORMED_MSG_V01 error message in the
ath10k_qmi_host_cap_send_sync(). But this error message is not
fatal to the firmware nor to the ath10k driver and we can still
bring up the WiFi services successfully if we just ignore it.
Hence introducing this firmware quirk to skip host capability
QMI request for the firmware versions which do not support this
feature.
Suggested-by: Dmitry Baryshkov <[email protected]>
Signed-off-by: David Heidelberg <[email protected]>
---
drivers/net/wireless/ath/ath10k/core.c | 1 +
drivers/net/wireless/ath/ath10k/core.h | 3 +++
drivers/net/wireless/ath/ath10k/qmi.c | 13 ++++++++++---
3 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/ath/ath10k/core.c
b/drivers/net/wireless/ath/ath10k/core.c
index 7c2939cbde5f0..7602631696798 100644
--- a/drivers/net/wireless/ath/ath10k/core.c
+++ b/drivers/net/wireless/ath/ath10k/core.c
@@ -773,6 +773,7 @@ static const char *const ath10k_core_fw_feature_str[] = {
[ATH10K_FW_FEATURE_SINGLE_CHAN_INFO_PER_CHANNEL] =
"single-chan-info-per-channel",
[ATH10K_FW_FEATURE_PEER_FIXED_RATE] = "peer-fixed-rate",
[ATH10K_FW_FEATURE_IRAM_RECOVERY] = "iram-recovery",
+ [ATH10K_FW_FEATURE_NO_HOST_CAP_QMI_REQ] = "no-host-cap-qmi-req",
};
static unsigned int ath10k_core_get_fw_feature_str(char *buf,
diff --git a/drivers/net/wireless/ath/ath10k/core.h
b/drivers/net/wireless/ath/ath10k/core.h
index 73a9db302245d..b20541e4046f8 100644
--- a/drivers/net/wireless/ath/ath10k/core.h
+++ b/drivers/net/wireless/ath/ath10k/core.h
@@ -838,6 +838,9 @@ enum ath10k_fw_features {
/* Firmware support IRAM recovery */
ATH10K_FW_FEATURE_IRAM_RECOVERY = 22,
+ /* Firmware does not support host capability QMI request */
+ ATH10K_FW_FEATURE_NO_HOST_CAP_QMI_REQ = 23,
+
/* keep last */
ATH10K_FW_FEATURE_COUNT,
};
diff --git a/drivers/net/wireless/ath/ath10k/qmi.c
b/drivers/net/wireless/ath/ath10k/qmi.c
index 8275345631a0b..5dc8ea39372c1 100644
--- a/drivers/net/wireless/ath/ath10k/qmi.c
+++ b/drivers/net/wireless/ath/ath10k/qmi.c
@@ -819,9 +819,16 @@ static void ath10k_qmi_event_server_arrive(struct
ath10k_qmi *qmi)
return;
}
- ret = ath10k_qmi_host_cap_send_sync(qmi);
- if (ret)
- return;
+ /*
+ * Skip the host capability request for the firmware versions which
+ * do not support this feature.
+ */
+ if (!test_bit(ATH10K_FW_FEATURE_NO_HOST_CAP_QMI_REQ,
+ ar->running_fw->fw_file.fw_features)) {
+ ret = ath10k_qmi_host_cap_send_sync(qmi);
+ if (ret)
+ return;
+ }
ret = ath10k_qmi_msa_mem_info_send_sync_msg(qmi);
if (ret)
--
David Heidelberg
