On Mon, Nov 16, 2020 at 12:53:14PM +0100, Stefan Sperling wrote:
> On Mon, Nov 16, 2020 at 10:59:45AM +0000, Mikolaj Kucharski wrote:
> > It happened again. This time on current. I was on Android phone using
> > Signal and other laptop on urwn(4) was fetching newest packages snapshot.
> >
> > In this email thread it's different physical hardware, but I think
> > it's same Wi-Fi card like on the other PC Engines board.
> >
> > This email thread which I'm continuing here is:
> >
> > https://marc.info/?t=160028899800004&r=1&w=2
> >
> > There was also previous one from May 2020:
> >
> > https://marc.info/?t=159047855800002&r=1&w=2
> >
> > OpenBSD 6.8-current (GENERIC.MP) #180: Sun Nov 15 18:14:53 MST 2020
> > [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> >
>
> Until a way to trigger this deliberately is found, or we get lucky and someone
> with time and motivation finds the race by auditing code, there is nothing
> that
> could be done here.
Makes sense, Stefan. I don't know how to trigger this on demand,
but will try to run custom kernel, with some additional debugging
statements. I will report any panics with new information here.
I have no idea, but looking how usual path is executed if-statement from
line 1449 is evaluated to true on my machine during usual operation, so
I imagine when kernel panic happens, probably else branch is executed.
file dev/ic/ar5008.c, function ar5008_tx():
1449 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
1450 k = ieee80211_get_txkey(ic, wh, ni);
1451 if (k->k_cipher == IEEE80211_CIPHER_CCMP) {
1452 u_int hdrlen = ieee80211_get_hdrlen(wh);
1453 if (ar5008_ccmp_encap(m, hdrlen, k) != 0)
1454 return (ENOBUFS);
1455 } else {
1456 if ((m = ieee80211_encrypt(ic, m, k)) == NULL)
1457 return (ENOBUFS);
1458 k = NULL; /* skip hardware crypto further below */
1459 }
1460 wh = mtod(m, struct ieee80211_frame *);
1461 }
Anyway, more panics are needed..
--
Regards,
Mikolaj
