subject:"ieee80211 panic on athn reconfig"

Re: ieee80211 panic on athn reconfig

2020-08-01 Thread Jan Stary

On May 03 19:21:17, s...@stsp.name wrote:
> On Fri, Apr 17, 2020 at 12:08:39PM +0200, Jan Stary wrote:
> > This is current/i386 on an ALIX (dmesg below) with
> > 
> >   athn0 at pci0 dev 12 function 0 "Atheros AR9280" rev 0x01: irq 9
> >   athn0: AR9280 rev 2 (2T2R), ROM rev 22, address 04:f0:21:01:d6:86
> > 
> > # cat hostname.athn0
> > inet 192.168.33.1 255.255.255.0 NONE
> > media autoselect mode 11g mediaopt hostap chan 2
> > nwid stare.cz wpakey hovnoPrdel123
> > 
> > After changing the password, or the channel, or the mode, and doing
> > 
> > # sh /etc/netstart athn0
> > 
> > the machine reproducibly panics (cereal script below).
> > 
> > I have no idea why it panics in ieee80211_encrypt().
> > It happens both with clients associated and not.
> > 
> > Is this known with athn(4)?
> > How can I help debug this?
> > 
> > Jan
> > 
> > 
> > ddb> show panic
> > ieee80211_encrypt: key unset for sw crypto: 0
> > 
> > ddb> trace
> > db_enter() at db_enter+0x4
> > panic(d0b83788) at panic+0xcc
> > ieee80211_encrypt(d194e030,d195bc00,d194eb00) at ieee80211_encrypt+0x70
> > ar5008_tx(d194e000,d195bc00,d19a,2) at ar5008_tx+0x9a
> > ar5008_swba_intr(d194e000) at ar5008_swba_intr+0x238
> > ar5008_intr(d194e000) at ar5008_intr+0x12f
> > intr_handler(f3b1d67c,d1945480) at intr_handler+0x18
> > Xintr_legacy9_untramp() at Xintr_legacy9_untramp+0xf7
> > end of kernel

Sorry for being so late; apparently, the fix is already in.

I can confirm that none of the above happens any more:
changing the password, the mode, or the channel
does not result in a panic, with and without clients connected.


> Are you using clients which use powersave mode, such as phones?

yes, androids.

Jan

Re: ieee80211 panic on athn reconfig

2020-05-03 Thread Stefan Sperling

On Fri, Apr 17, 2020 at 12:08:39PM +0200, Jan Stary wrote:
> This is current/i386 on an ALIX (dmesg below) with
> 
>   athn0 at pci0 dev 12 function 0 "Atheros AR9280" rev 0x01: irq 9
>   athn0: AR9280 rev 2 (2T2R), ROM rev 22, address 04:f0:21:01:d6:86
> 
> # cat hostname.athn0
> inet 192.168.33.1 255.255.255.0 NONE
> media autoselect mode 11g mediaopt hostap chan 2
> nwid stare.cz wpakey hovnoPrdel123
> 
> After changing the password, or the channel, or the mode, and doing
> 
> # sh /etc/netstart athn0
> 
> the machine reproducibly panics (cereal script below).
> 
> I have no idea why it panics in ieee80211_encrypt().
> It happens both with clients associated and not.
> 
> Is this known with athn(4)?
> How can I help debug this?
> 
>   Jan
> 
> 
> ddb> show panic
> ieee80211_encrypt: key unset for sw crypto: 0
> 
> ddb> trace
> db_enter() at db_enter+0x4
> panic(d0b83788) at panic+0xcc
> ieee80211_encrypt(d194e030,d195bc00,d194eb00) at ieee80211_encrypt+0x70
> ar5008_tx(d194e000,d195bc00,d19a,2) at ar5008_tx+0x9a
> ar5008_swba_intr(d194e000) at ar5008_swba_intr+0x238
> ar5008_intr(d194e000) at ar5008_intr+0x12f
> intr_handler(f3b1d67c,d1945480) at intr_handler+0x18
> Xintr_legacy9_untramp() at Xintr_legacy9_untramp+0xf7
> end of kernel

Are you using clients which use powersave mode, such as phones?

This trace goes through ar5008_swba_intr(). The only way to get into
ar5008_tx() from there is when group-addressed frames are queued on the
powersave queue of the AP (ic_bss->ni_savedq).

I cannot see this queue being purged anywhere when the interface goes down.
So it seems what happened is that a stale frame was sitting on this queue
and a fatal transmit attempt occurred when the interface came back up after
being re-configured.

Can you please try this diff?

The same panic and trace has also been reported to me by Ted Patterson.

diff ffca677e9e7ca9efd316fa2f2b6572b193c50cf8 /usr/src
blob - f6349c70279687b18ce89f670b732a62f3696271
file + sys/net80211/ieee80211_node.c
--- sys/net80211/ieee80211_node.c
+++ sys/net80211/ieee80211_node.c
@@ -1595,6 +1595,10 @@ ieee80211_node_cleanup(struct ieee80211com *ic, struct
free(ni->ni_unref_arg, M_DEVBUF, ni->ni_unref_arg_size);
ni->ni_unref_arg = NULL;
ni->ni_unref_arg_size = 0;
+
+#ifndef IEEE80211_STA_ONLY
+   mq_purge(&ni->ni_savedq);
+#endif
 }
 
 void
@@ -2047,7 +2051,7 @@ ieee80211_free_allnodes(struct ieee80211com *ic, int c
splx(s);
 
if (clear_ic_bss && ic->ic_bss != NULL)
-   ieee80211_node_cleanup(ic, ic->ic_bss); /* for station mode */
+   ieee80211_node_cleanup(ic, ic->ic_bss);
 }
 
 void

Re: ieee80211 panic on athn reconfig

2020-04-17 Thread Stefan Sperling

On Fri, Apr 17, 2020 at 12:08:39PM +0200, Jan Stary wrote:
> This is current/i386 on an ALIX (dmesg below) with
> 
>   athn0 at pci0 dev 12 function 0 "Atheros AR9280" rev 0x01: irq 9
>   athn0: AR9280 rev 2 (2T2R), ROM rev 22, address 04:f0:21:01:d6:86
> 
> # cat hostname.athn0
> inet 192.168.33.1 255.255.255.0 NONE
> media autoselect mode 11g mediaopt hostap chan 2
> nwid stare.cz wpakey hovnoPrdel123
> 
> After changing the password, or the channel, or the mode, and doing
> 
> # sh /etc/netstart athn0
> 
> the machine reproducibly panics (cereal script below).
> 
> I have no idea why it panics in ieee80211_encrypt().
> It happens both with clients associated and not.
> 
> Is this known with athn(4)?

No, but it is definitely a bug.

> How can I help debug this?

Could you try to find a short sequence of 'ifconfig athn0' commands that
will trigger it, instead of /etc/netstart? That would help me already.

ieee80211 panic on athn reconfig

2020-04-17 Thread Jan Stary

This is current/i386 on an ALIX (dmesg below) with

  athn0 at pci0 dev 12 function 0 "Atheros AR9280" rev 0x01: irq 9
  athn0: AR9280 rev 2 (2T2R), ROM rev 22, address 04:f0:21:01:d6:86

# cat hostname.athn0
inet 192.168.33.1 255.255.255.0 NONE
media autoselect mode 11g mediaopt hostap chan 2
nwid stare.cz wpakey hovnoPrdel123

After changing the password, or the channel, or the mode, and doing

# sh /etc/netstart athn0

the machine reproducibly panics (cereal script below).

I have no idea why it panics in ieee80211_encrypt().
It happens both with clients associated and not.

Is this known with athn(4)?
How can I help debug this?

Jan


ddb> show panic
ieee80211_encrypt: key unset for sw crypto: 0

ddb> trace
db_enter() at db_enter+0x4
panic(d0b83788) at panic+0xcc
ieee80211_encrypt(d194e030,d195bc00,d194eb00) at ieee80211_encrypt+0x70
ar5008_tx(d194e000,d195bc00,d19a,2) at ar5008_tx+0x9a
ar5008_swba_intr(d194e000) at ar5008_swba_intr+0x238
ar5008_intr(d194e000) at ar5008_intr+0x12f
intr_handler(f3b1d67c,d1945480) at intr_handler+0x18
Xintr_legacy9_untramp() at Xintr_legacy9_untramp+0xf7
end of kernel

ddb> ps
   PID TID   PPIDUID  S   FLAGS  WAIT  COMMAND
*51886  239363  46526  0  7 0x3ifconfig
 46526   94296  51119  0  30x10008b  pause sh
 51119  210938  1  0  30x10008b  pause ksh
  4074  355325  1  0  30x100098  poll  cron
 26296  319573  67907 74  30x100092  bpf   pflogd
 67907  395783  1  0  30x80  netio pflogd
 78788  338207  1 79  30x100090  kqreadtftpd
 64936  466062  45121 95  30x100092  kqreadsmtpd
 78617   19784  45121103  30x100092  kqreadsmtpd
 89735  422787  45121 95  30x100092  kqreadsmtpd
 40031  127196  45121 95  30x100092  kqreadsmtpd
  3003  366634  45121 95  30x100092  kqreadsmtpd
 67429  418102  45121 95  30x100092  kqreadsmtpd
 45121   87978  1  0  30x100080  kqreadsmtpd
 892939339  1 77  30x100090  poll  dhcpd
 32523   33766  1  0  30x80  selectsshd
 16723  521208  1  0  30x100080  poll  ntpd
 41803  404697  97594 83  30x100092  poll  ntpd
 97594  270290  1 83  30x100092  poll  ntpd
 27672  104019  1 53  30x90  kqreadunbound
 85121   72700  81754 97  30x100090  kqreadnsd
-81754or133366  40270 97  30x100090  poll  nsd
 40270   98718  1 97  30x100090  kqreadnsd
  2198   36071  55390 74  30x100092  bpf   pflogd
 55390  372523  1  0  30x80  netio pflogd
 82531   87748  87247 73  30x100090  kqreadsyslogd
 87247  309403  1  0  30x100082  netio syslogd
 98924  510112  35334115  30x100092  kqreadslaacd
 93418   61048  35334115  30x100092  kqreadslaacd
 35334  428553  1  0  30x100080  kqreadslaacd
  5139  163288  0  0  3 0x14200  bored smr
 22383  413035  0  0  2 0x14200zerothread
 77055   99704  0  0  3 0x14200  aiodoned  aiodoned
 61899  379872  0  0  3 0x14200  syncerupdate
 81836  124433  0  0  3 0x14200  cleaner   cleaner
 55117   45992  0  0  3 0x14200  reaperreaper
 50811   60573  0  0  3 0x14200  pgdaemon  pagedaemon
 15077  352797  0  0  3 0x14200  bored crynlk
  6357  442984  0  0  3 0x14200  bored crypto
 45388  138131  0  0  3 0x14200  usbtskusbtask
 45899  192598  0  0  3 0x14200  usbatsk   usbatsk
 77300  116231  0  0  3 0x14200  bored sensors
 36473  508486  0  0  3 0x14200  bored softnet
 73636  394873  0  0  3 0x14200  bored systqmp
-64894or356410  0  0  3 0x14200  bored systq
  4636  461286  0  0  3  0x40014200  bored softclock
 59424  288681  0  0  3  0x40014200idle0
 19281  244490  0  0  3 0x14200  kmalloc   kmthread
 1  431117  0  0  30x82  wait  init
 0   0 -1  0  3 0x10200  scheduler swapper



OpenBSD 6.7-beta (GENERIC) #108: Thu Apr  9 11:00:54 MDT 2020
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
real mem  = 267931648 (255MB)
avail mem = 247336960 (235MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: date 11/05/08, BIOS32 rev. 0 @ 0xfd088
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last b

Re: ieee80211 panic on athn reconfig

Re: ieee80211 panic on athn reconfig

Re: ieee80211 panic on athn reconfig

ieee80211 panic on athn reconfig

4 matches

Site Navigation

Mail list logo

Footer information