[Bug 272607] iwlwifi: 'service netif stop' causes kernel panic when wrong setting in wpa_supplicant.conf

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 19 Jul 2023 22:11:45 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272607

            Bug ID: 272607
           Summary: iwlwifi: 'service netif stop' causes kernel panic when
                    wrong setting in wpa_supplicant.conf
           Product: Base System
           Version: 13.2-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: wireless
          Assignee: wireless@FreeBSD.org
          Reporter: karl.levik@gmail.com

Overview: 

    I was attempting to connect my laptop to the eduroam wifi network. I
discovered I could reliably cause a kernel panic every time I executed 'service
netif stop' or '/etc/rc.d/netif stop'. At this point I had not yet been able to
connect to the network. Later I found that one of my settings in
/etc/wpa_supplicant.conf was wrong. I had "network {... eap=TTLS ...}" whereas
the correct setting was apparently "network {... "eap=PEAP" ...}". Once this
was corrected, I was able to connect to the network, and I could no longer
trigger a kernel panic. 

Steps to Reproduce:

    1. Use an /etc/wpa_supplicant.conf file similar to below.
    2. Execute 'service netif stop'

/etc/wpa_supplicant.conf:

ctrl_interface=/var/run/wpa_supplicant
network={
        ssid="eduroam"
        scan_ssid=1
        key_mgmt=WPA-EAP
        eap=TTLS
        identity="your_id@yourdomain.tld"
        anonymous_identity="anonymous_id@yourdomain.tld"
        password="your_password"
        phase2="auth=MSCHAPV2"
        ca_cert="/usr/local/etc/ssl/certs/yourNetworkingRootCA.pem"
}

Actual Results:

    The system crashes with a kernel panic (page fault) with messages as shown
below in excerpts from relevant log files.

/var/log/messages:

Jul 19 15:04:32 valhalla syslogd: last message repeated 2 times
Jul 19 15:04:50 valhalla syslogd: last message repeated 1 times
Jul 19 15:04:55 valhalla ntpd[1666]: error resolving pool
0.freebsd.pool.ntp.org: Name does not resolve (8)
Jul 19 15:05:00 valhalla ntpd[1666]: error resolving pool
2.freebsd.pool.ntp.org: Name does not resolve (8)
Jul 19 15:05:24 valhalla dhclient[1782]: Interface wlan1 is down, dhclient
exiting
Jul 19 15:05:24 valhalla dhclient[1782]: connection closed
Jul 19 15:05:24 valhalla dhclient[1782]: exiting.
Jul 19 15:05:38 valhalla wpa_supplicant[289]: wlan1: CTRL-EVENT-SSID-REENABLED
id=1 ssid="eduroam"
Jul 19 15:06:59 valhalla syslogd: kernel boot file is /boot/kernel/kernel
Jul 19 15:06:59 valhalla kernel: panic: page fault
Jul 19 15:06:59 valhalla kernel: cpuid = 10
Jul 19 15:06:59 valhalla kernel: time = 1689775572
Jul 19 15:06:59 valhalla kernel: KDB: stack backtrace:
Jul 19 15:06:59 valhalla kernel: #0 0xffffffff80c54185 at kdb_backtrace+0x65
Jul 19 15:06:59 valhalla kernel: #1 0xffffffff80c07ac2 at vpanic+0x152
Jul 19 15:06:59 valhalla kernel: #2 0xffffffff80c07963 at panic+0x43
Jul 19 15:06:59 valhalla kernel: #3 0xffffffff810bfde7 at trap_fatal+0x387
Jul 19 15:06:59 valhalla kernel: #4 0xffffffff810bfe3f at trap_pfault+0x4f
Jul 19 15:06:59 valhalla kernel: #5 0xffffffff81096ce8 at calltrap+0x8
Jul 19 15:06:59 valhalla kernel: #6 0xffffffff80d8f5a3 at
ieee80211_node_psq_drain+0xf3
Jul 19 15:06:59 valhalla kernel: #7 0xffffffff80d836c6 at node_cleanup+0xa6
Jul 19 15:06:59 valhalla kernel: #8 0xffffffff80d835e5 at node_free+0x25
Jul 19 15:06:59 valhalla kernel: #9 0xffffffff80d84b72 at
ieee80211_sta_join1+0xc2
Jul 19 15:06:59 valhalla kernel: #10 0xffffffff80d85aaa at
ieee80211_sta_join+0x42a
Jul 19 15:06:59 valhalla kernel: #11 0xffffffff80d79e01 at
ieee80211_ioctl_setmlme+0x111
Jul 19 15:06:59 valhalla kernel: #12 0xffffffff80d779ce at
ieee80211_ioctl_set80211+0x5de
Jul 19 15:06:59 valhalla kernel: #13 0xffffffff80d76541 at
ieee80211_ioctl+0x311
Jul 19 15:06:59 valhalla kernel: #14 0xffffffff80d1f63d at ifioctl+0x98d
Jul 19 15:06:59 valhalla kernel: #15 0xffffffff80c74cb7 at kern_ioctl+0x257
Jul 19 15:06:59 valhalla kernel: #16 0xffffffff80c749eb at sys_ioctl+0x12b
Jul 19 15:06:59 valhalla kernel: #17 0xffffffff810c06dc at amd64_syscall+0x10c
Jul 19 15:06:59 valhalla kernel: Uptime: 4m6s

---

/var/run/dmesg.boot:

wlan1: link state changed to UP
wlan1: link state changed to DOWN
wlan1: link state changed to UP
wlan1: link state changed to DOWN
wlan1: link state changed to UP
wlan1: link state changed to DOWN


Fatal trap 12: page fault while in kernel mode
cpuid = 10; apic id = 0a
fault virtual address = 0x440
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff80be476d
stack pointer = 0x28:0xfffffe013ee29870
frame pointer = 0x28:0xfffffe013ee298f0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 289 (wpa_supplicant)
trap number = 12
panic: page fault
cpuid = 10
time = 1689775572
KDB: stack backtrace:
#0 0xffffffff80c54185 at kdb_backtrace+0x65
#1 0xffffffff80c07ac2 at vpanic+0x152
#2 0xffffffff80c07963 at panic+0x43
#3 0xffffffff810bfde7 at trap_fatal+0x387
#4 0xffffffff810bfe3f at trap_pfault+0x4f
#5 0xffffffff81096ce8 at calltrap+0x8
#6 0xffffffff80d8f5a3 at ieee80211_node_psq_drain+0xf3
#7 0xffffffff80d836c6 at node_cleanup+0xa6
#8 0xffffffff80d835e5 at node_free+0x25
#9 0xffffffff80d84b72 at ieee80211_sta_join1+0xc2
#10 0xffffffff80d85aaa at ieee80211_sta_join+0x42a
#11 0xffffffff80d79e01 at ieee80211_ioctl_setmlme+0x111
#12 0xffffffff80d779ce at ieee80211_ioctl_set80211+0x5de
#13 0xffffffff80d76541 at ieee80211_ioctl+0x311
#14 0xffffffff80d1f63d at ifioctl+0x98d
#15 0xffffffff80c74cb7 at kern_ioctl+0x257
#16 0xffffffff80c749eb at sys_ioctl+0x12b
#17 0xffffffff810c06dc at amd64_syscall+0x10c
Uptime: 4m6s

---

Expected Results:

    The service should stop without causing a system crash.

Build Date & Hardware:

    * Kernel and world built on 7th July.
    * FreeBSD valhalla 13.2-STABLE FreeBSD 13.2-STABLE
stable/13-n255791-a81d4240b346 VALHALLA amd64

-- 
You are receiving this mail because:
You are the assignee for the bug.