[Bug 271979] bsdinstall(8): iwlwifi(4): system crash when authenticating for Wi-Fi: panic: lkpi_sta_auth_to_scan: lsta 0x... state not NONE: 0, nstate 1 arg 1

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 01 Nov 2023 11:39:05 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271979

--- Comment #27 from Jean-Sébastien Pédron <dumbbell@FreeBSD.org> ---
(In reply to Bjoern A. Zeeb from comment #25)

Here are the steps I used to reproduce:

(the if_iwlwifi module was already loaded)
ifconfig wlan0 create wlandev iwlwifi0 country FR
env wlans_iwlwifi0="wlan0" create_args_wlan0="country FR" ifconfig_wlan0="WPA
DHCP" ifconfig_wlan0_ipv6="inet6 accept_rtadv" service netif restart wlan0

And here is the output with your patch:

== The last lines of /var/log/messages ==

Nov  1 11:07:20 iss kernel: iwlwifi0: WRT: Invalid buffer destination
Nov  1 11:07:21 iss kernel: iwlwifi0: WFPM_UMAC_PD_NOTIFICATION: 0x20
Nov  1 11:07:21 iss kernel: iwlwifi0: WFPM_LMAC2_PD_NOTIFICATION: 0x1f
Nov  1 11:07:21 iss kernel: iwlwifi0: WFPM_AUTH_KEY_0: 0x90
Nov  1 11:07:21 iss kernel: iwlwifi0: CNVI_SCU_SEQ_DATA_DW9: 0x0
Nov  1 11:07:21 iss kernel: wlan0: Ethernet address: 04:cf:4b:1d:fe:fc
Nov  1 11:07:38 iss wpa_supplicant[1534]: Successfully initialized
wpa_supplicant
Nov  1 11:07:38 iss wpa_supplicant[1534]: ioctl[SIOCS80211, op=20, val=0,
arg_len=7]: Invalid argument
Nov  1 11:07:38 iss syslogd: last message repeated 1 times
Nov  1 11:07:38 iss wpa_supplicant[1535]: ioctl[SIOCS80211, op=103, val=0,
arg_len=128]: Operation now in progress
Nov  1 11:07:38 iss wpa_supplicant[1535]: wlan0: CTRL-EVENT-SCAN-FAILED ret=-1
retry=1
Nov  1 11:07:39 iss wpa_supplicant[1535]: ioctl[SIOCS80211, op=103, val=0,
arg_len=128]: Operation now in progress
Nov  1 11:07:39 iss wpa_supplicant[1535]: wlan0: CTRL-EVENT-SCAN-FAILED ret=-1
retry=1

== kgdb ==

(...)
Reading symbols from /boot/kernel.drm/kernel...
Reading symbols from /usr/lib/debug//boot/kernel.drm/kernel.debug...

Unread portion of the kernel message buffer:
<6>wlan0: ieee80211_new_state_locked:2718: pending SCAN -> AUTH transition lost
<4>Invalid TXQ id
iwl_mvm_tx_mpdu:1204: fc 0x00b0 tid 8 txq_id 65535 mvm 0xfffffe01762c6408 skb 0
xfffff802d41a6800 { len 30 } info 0xfffffe0038f6bce8 sta 0xfffff80114044880 (if
 you see this please report to PR 274382)
panic: lkpi_sta_auth_to_scan: lsta 0xfffff80114c1e800 state not NONE: 0, nstate
 1 arg 1

cpuid = 15
time = 1698833262
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0175ce8b70
vpanic() at vpanic+0x171/frame 0xfffffe0175ce8ca0
panic() at panic+0x43/frame 0xfffffe0175ce8d00
lkpi_sta_auth_to_scan() at lkpi_sta_auth_to_scan+0x2c8/frame 0xfffffe0175ce8d80
lkpi_iv_newstate() at lkpi_iv_newstate+0x253/frame 0xfffffe0175ce8df0
ieee80211_newstate_cb() at ieee80211_newstate_cb+0x1e7/frame 0xfffffe0175ce8e40
taskqueue_run_locked() at taskqueue_run_locked+0xab/frame 0xfffffe0175ce8ec0
taskqueue_thread_loop() at taskqueue_thread_loop+0xd3/frame 0xfffffe0175ce8ef0
fork_exit() at fork_exit+0x82/frame 0xfffffe0175ce8f30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0175ce8f30
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
Uptime: 5m22s
Dumping 1320 out of 32422 MB:..2%..11%..21%..31%..42%..51%..61%..71%..82%..91%

(kgdb) bt
#0  __curthread ()
    at /home/dumbbell/Documents/freebsd/src/sys/amd64/include/pcpu_aux.h:57
#1  doadump (textdump=textdump@entry=1)
    at /home/dumbbell/Documents/freebsd/src/sys/kern/kern_shutdown.c:406
#2  0xffffffff80b4ffd0 in kern_reboot (howto=260)
    at /home/dumbbell/Documents/freebsd/src/sys/kern/kern_shutdown.c:527
#3  0xffffffff80b5050e in vpanic (
    fmt=0xffffffff811e7898 "%s: lsta %p state not NONE: %#x, nstate %d arg %d\n
", ap=ap@entry=0xfffffe0175ce8ce0)
    at /home/dumbbell/Documents/freebsd/src/sys/kern/kern_shutdown.c:976
#4  0xffffffff80b50273 in panic (fmt=<unavailable>)
    at /home/dumbbell/Documents/freebsd/src/sys/kern/kern_shutdown.c:895
#5  0xffffffff80dd3ab8 in lkpi_sta_auth_to_scan (vap=0xfffffe017908f010,
    nstate=IEEE80211_S_SCAN, arg=1)
    at /home/dumbbell/Documents/freebsd/src/sys/compat/linuxkpi/common/src/linu
x_80211.c:1175
#6  0xffffffff80ddb1e3 in lkpi_iv_newstate (vap=0xfffffe017908f010,
    nstate=IEEE80211_S_SCAN, arg=1)
    at /home/dumbbell/Documents/freebsd/src/sys/compat/linuxkpi/common/src/linu
x_80211.c:2113
#7  0xffffffff80cfff87 in ieee80211_newstate_cb (xvap=0xfffffe017908f010,
    npending=<optimized out>)
    at /home/dumbbell/Documents/freebsd/src/sys/net80211/ieee80211_proto.c:2546
#8  0xffffffff80bb5d2b in taskqueue_run_locked (
    queue=queue@entry=0xfffff80002a93100)
    at /home/dumbbell/Documents/freebsd/src/sys/kern/subr_taskqueue.c:512
#9  0xffffffff80bb6de3 in taskqueue_thread_loop (
    arg=arg@entry=0xfffffe01762ca110)
    at /home/dumbbell/Documents/freebsd/src/sys/kern/subr_taskqueue.c:824
#10 0xffffffff80b05eb2 in fork_exit (
    callout=0xffffffff80bb6d10 <taskqueue_thread_loop>,
    arg=0xfffffe01762ca110, frame=0xfffffe0175ce8f40)
    at /home/dumbbell/Documents/freebsd/src/sys/kern/kern_fork.c:1160
#11 <signal handler called>

-- 
You are receiving this mail because:
You are on the CC list for the bug.