On Sat, Oct 01, 2016 at 06:12:27AM +0300, Lauri Tirkkonen wrote:
> On Thu, Sep 29 2016 12:59:23 +0300, Lauri Tirkkonen wrote:
> > On Thu, Sep 29 2016 11:31:26 +0200, Stefan Sperling wrote:
> > > You've found another code path where a check against AID zero is
> > > used to determine whether a node is in associated state. Tsk tsk.
> > >
> > > Does this fix it?
> >
> > Thanks, I'm running this fix now -- I'll let you know if I can get it to
> > crash again. I don't have a sure way to repro so I guess I'll just wait
> > a couple days and try using the wireless with different devices.
>
> Unfortunately:
>
> panic: bogus long slot station count 0
> Starting stack trace...
> panic() at panic+0x10b
> ieee80211_node_leave_11g() at ieee80211_node_leave_11g+0xc4
> ieee80211_node_leave() at ieee80211_node_leave+0x14e
> ieee80211_send_4way_msg1() at ieee80211_send_4way_msg1+0x1e5
> ieee80211_eapol_timeout() at ieee80211_eapol_timeout+0x43
> timeout_run() at timeout_run+0x48
> softclock() at softclock+0x14c
> softintr_dispatch() at softintr_dispatch+0x8b
> Xsoftclock() at Xsoftclock+0x1f
> --- interrupt ---
> end trace frame: 0x0, count: 248
> 0x8:
> End of stack trace.
>
> I have another core now, if you have any further ideas.
>
> --
> Lauri Tirkkonen | lotheac @ IRCnet
Can you please run with this and show me what this logs until
the problem happens?
Index: ieee80211_crypto_tkip.c
===================================================================
RCS file: /cvs/src/sys/net80211/ieee80211_crypto_tkip.c,v
retrieving revision 1.25
diff -u -p -r1.25 ieee80211_crypto_tkip.c
--- ieee80211_crypto_tkip.c 24 Nov 2015 13:45:06 -0000 1.25
+++ ieee80211_crypto_tkip.c 1 Oct 2016 11:44:28 -0000
@@ -487,6 +487,7 @@ ieee80211_tkip_deauth(void *arg, struct
/* deauthenticate STA */
IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH,
IEEE80211_REASON_MIC_FAILURE);
+ printf("%s: ieee80211_node_leave\n", __func__);
ieee80211_node_leave(ic, ni);
}
}
Index: ieee80211_ioctl.c
===================================================================
RCS file: /cvs/src/sys/net80211/ieee80211_ioctl.c,v
retrieving revision 1.44
diff -u -p -r1.44 ieee80211_ioctl.c
--- ieee80211_ioctl.c 15 Sep 2016 03:32:48 -0000 1.44
+++ ieee80211_ioctl.c 1 Oct 2016 11:44:47 -0000
@@ -747,6 +747,7 @@ ieee80211_ioctl(struct ifnet *ifp, u_lon
IEEE80211_FC0_SUBTYPE_DEAUTH,
IEEE80211_REASON_AUTH_LEAVE);
+ printf("%s: ieee80211_node_leave\n", __func__);
ieee80211_node_leave(ic, ni);
}
break;
Index: ieee80211_node.c
===================================================================
RCS file: /cvs/src/sys/net80211/ieee80211_node.c,v
retrieving revision 1.105
diff -u -p -r1.105 ieee80211_node.c
--- ieee80211_node.c 15 Sep 2016 03:32:48 -0000 1.105
+++ ieee80211_node.c 1 Oct 2016 11:44:09 -0000
@@ -1251,6 +1251,7 @@ ieee80211_clean_nodes(struct ieee80211co
IEEE80211_FC0_SUBTYPE_DEAUTH,
IEEE80211_REASON_AUTH_EXPIRE);
s = splnet();
+ printf("%s: ieee80211_node_leave\n", __func__);
ieee80211_node_leave(ic, ni);
} else
#endif
@@ -1527,6 +1528,7 @@ ieee80211_node_join(struct ieee80211com
if (aid >= ic->ic_max_aid) {
IEEE80211_SEND_MGMT(ic, ni, resp,
IEEE80211_REASON_ASSOC_TOOMANY);
+ printf("%s: ieee80211_node_leave\n", __func__);
ieee80211_node_leave(ic, ni);
return;
}
@@ -1624,6 +1626,24 @@ ieee80211_node_leave_rsn(struct ieee8021
void
ieee80211_node_leave_11g(struct ieee80211com *ic, struct ieee80211_node *ni)
{
+ printf("%s: ni=%p\n", __func__, ni);
+ printf("%s: ni->ni_refcnt=%d\n", __func__, ni->ni_refcnt);
+ printf("%s: ni->ni_macaddr=%s\n", __func__,
ether_sprintf(ni->ni_macaddr));
+ printf("%s: ni->ni_bssid=%s\n", __func__, ether_sprintf(ni->ni_bssid));
+ printf("%s: ni->ni_capinfo=0x%x\n", __func__, ni->ni_capinfo);
+ printf("%s: ni->ni_erp=0x%x\n", __func__, ni->ni_erp);
+ printf("%s: eapol timeout %spending\n", __func__,
+ timeout_pending(&ni->ni_eapol_to) ? "" : "not ");
+ printf("%s: ni->ni_rsn_state=%d\n", __func__, ni->ni_rsn_state);
+ printf("%s: ni->ni_port_valid=%d\n", __func__, ni->ni_port_valid);
+ printf("%s: sa query timeout %spending\n", __func__,
+ timeout_pending(&ni->ni_sa_query_to) ? "" : "not ");
+ printf("%s: ni->ni_fails=%d\n", __func__, ni->ni_fails);
+ printf("%s: ni->ni_incact=%d\n", __func__, ni->ni_inact);
+ printf("%s: ni->ni_txrate=%d\n", __func__, ni->ni_txrate);
+ printf("%s: ni->ni_state=%d\n", __func__, ni->ni_state);
+ printf("%s: ni->ni_flags=0x%x\n", __func__, ni->ni_flags);
+
if (!(ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME)) {
#ifdef DIAGNOSTIC
if (ic->ic_longslotsta == 0) {
@@ -1678,6 +1698,9 @@ ieee80211_node_leave(struct ieee80211com
{
if (ic->ic_opmode != IEEE80211_M_HOSTAP)
panic("not in ap mode, mode %u", ic->ic_opmode);
+
+ if (ni->ni_state == IEEE80211_STA_COLLECT)
+ return;
/*
* If node wasn't previously associated all we need to do is
* reclaim the reference.
Index: ieee80211_pae_input.c
===================================================================
RCS file: /cvs/src/sys/net80211/ieee80211_pae_input.c,v
retrieving revision 1.25
diff -u -p -r1.25 ieee80211_pae_input.c
--- ieee80211_pae_input.c 15 Jul 2015 22:16:42 -0000 1.25
+++ ieee80211_pae_input.c 1 Oct 2016 11:45:15 -0000
@@ -310,6 +310,7 @@ ieee80211_recv_4way_msg2(struct ieee8021
memcmp(rsnie, ni->ni_rsnie, 2 + rsnie[1]) != 0) {
IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH,
IEEE80211_REASON_RSN_DIFFERENT_IE);
+ printf("%s: ieee80211_node_leave\n", __func__);
ieee80211_node_leave(ic, ni);
return;
}
@@ -648,6 +649,7 @@ ieee80211_recv_4way_msg4(struct ieee8021
IEEE80211_SEND_MGMT(ic, ni,
IEEE80211_FC0_SUBTYPE_DEAUTH,
IEEE80211_REASON_ASSOC_TOOMANY);
+ printf("%s: ieee80211_node_leave\n", __func__);
ieee80211_node_leave(ic, ni);
return;
}
Index: ieee80211_pae_output.c
===================================================================
RCS file: /cvs/src/sys/net80211/ieee80211_pae_output.c,v
retrieving revision 1.27
diff -u -p -r1.27 ieee80211_pae_output.c
--- ieee80211_pae_output.c 12 Apr 2016 14:33:27 -0000 1.27
+++ ieee80211_pae_output.c 1 Oct 2016 11:45:31 -0000
@@ -259,6 +259,7 @@ ieee80211_send_4way_msg1(struct ieee8021
if (++ni->ni_rsn_retries > 3) {
IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH,
IEEE80211_REASON_4WAY_TIMEOUT);
+ printf("%s: ieee80211_node_leave\n", __func__);
ieee80211_node_leave(ic, ni);
return 0;
}
@@ -366,6 +367,7 @@ ieee80211_send_4way_msg3(struct ieee8021
if (++ni->ni_rsn_retries > 3) {
IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH,
IEEE80211_REASON_4WAY_TIMEOUT);
+ printf("%s: ieee80211_node_leave\n", __func__);
ieee80211_node_leave(ic, ni);
return 0;
}
@@ -489,6 +491,7 @@ ieee80211_send_group_msg1(struct ieee802
if (++ni->ni_rsn_retries > 3) {
IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH,
IEEE80211_REASON_GROUP_TIMEOUT);
+ printf("%s: ieee80211_node_leave\n", __func__);
ieee80211_node_leave(ic, ni);
return 0;
}
Index: ieee80211_proto.c
===================================================================
RCS file: /cvs/src/sys/net80211/ieee80211_proto.c,v
retrieving revision 1.69
diff -u -p -r1.69 ieee80211_proto.c
--- ieee80211_proto.c 15 Sep 2016 03:32:48 -0000 1.69
+++ ieee80211_proto.c 1 Oct 2016 11:45:42 -0000
@@ -392,6 +392,7 @@ ieee80211_keyrun(struct ieee80211com *ic
DPRINTF(("no PMK available for %s\n", ether_sprintf(macaddr)));
IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH,
IEEE80211_REASON_AUTH_LEAVE);
+ printf("%s: ieee80211_node_leave\n", __func__);
ieee80211_node_leave(ic, ni);
return EINVAL;
}
