From nobody Wed Nov 01 11:39:05 2023
X-Original-To: wireless@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SL4ls6k44z50Jkv
	for <wireless@mlmmj.nyi.freebsd.org>; Wed,  1 Nov 2023 11:39:05 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4SL4ls3vc4z3dqZ
	for <wireless@FreeBSD.org>; Wed,  1 Nov 2023 11:39:05 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1698838745;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=MF15FGO4Jg63wNsIzlXOwjRpN50X8ysqQmig+0yAcHw=;
	b=JZdqJQu6MqG/2pYCGYS2fbMxKk0sTCkAIozXkZSkeSHLJ1nTqr6MOAbTFLGeoKtUJ5guw8
	21KOA/NJSI1lhpKS4gniPqyHXfph/An1asJOlh2R5IgVF9QEbah5AhORI1qJ9JLB5i96l/
	k5cK2E7aWhKPLhhJ0IjMG/0Mvt/W9GMLCcxq0y4ZriExV0JHp/Jsi54bCT9aoSqSSn4YBV
	/Ovw0fmAgo38ZtXbbi6ZhmuCj1YN/2pI3XYe13YWA17qJ58i+rkH2xICFcjhs45Z97J7AQ
	5RKAarQlbYp8jwsMAsCtM9lcREltlmxw5qDN6Te24M7zZsQFEjZdIh3KIkQo2A==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1698838745; a=rsa-sha256; cv=none;
	b=Up+HsSzy7cFgZ0SC6PZhIuwvRNSEFxCc/5QdHr6BMnfpNItalwpO8Sp0MG+t+zdwlh+rAy
	smnXvSbcC3VYXhDzpweZlqwx4CofxWC/fUmy8NPvNGVodx+wS6280Ufte7TVi43rufYAtN
	NNWib9siLzxHfV8WxGy22xPyNmaf0CNO1KVVll24JeYti2wNUBhSFxADlFhMUf6ki5vM1l
	3834glxpuNXSZ15L6MftaZxdGi0vPA6Q/6lL1buImC3gLu5VVqXXg6mjI2n8MmLTtquFQt
	bErN6HHISX+TunzrZYPMy6F0g1mur1Kc/vcPVeakmAMH4ONUOJ6KofhK6q8cnA==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SL4ls2yWzzlG4
	for <wireless@FreeBSD.org>; Wed,  1 Nov 2023 11:39:05 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 3A1Bd54I095518
	for <wireless@FreeBSD.org>; Wed, 1 Nov 2023 11:39:05 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 3A1Bd59G095517
	for wireless@FreeBSD.org; Wed, 1 Nov 2023 11:39:05 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: wireless@FreeBSD.org
Subject: [Bug 271979] bsdinstall(8): iwlwifi(4): system crash when
 authenticating for Wi-Fi: panic: lkpi_sta_auth_to_scan: lsta 0x... state not
 NONE: 0, nstate 1 arg 1
Date: Wed, 01 Nov 2023 11:39:05 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: crash, install, needs-qa
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: dumbbell@FreeBSD.org
X-Bugzilla-Status: In Progress
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: bz@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-271979-21060-HLJ2rPJ9nE@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-271979-21060@https.bugs.freebsd.org/bugzilla/>
References: <bug-271979-21060@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Discussions <freebsd-wireless.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-wireless
List-Help: <mailto:wireless+help@freebsd.org>
List-Post: <mailto:wireless@freebsd.org>
List-Subscribe: <mailto:wireless+subscribe@freebsd.org>
List-Unsubscribe: <mailto:wireless+unsubscribe@freebsd.org>
Sender: owner-freebsd-wireless@freebsd.org
X-BeenThere: freebsd-wireless@freebsd.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D271979

--- Comment #27 from Jean-S=C3=A9bastien P=C3=A9dron <dumbbell@FreeBSD.org>=
 ---
(In reply to Bjoern A. Zeeb from comment #25)

Here are the steps I used to reproduce:

(the if_iwlwifi module was already loaded)
ifconfig wlan0 create wlandev iwlwifi0 country FR
env wlans_iwlwifi0=3D"wlan0" create_args_wlan0=3D"country FR" ifconfig_wlan=
0=3D"WPA
DHCP" ifconfig_wlan0_ipv6=3D"inet6 accept_rtadv" service netif restart wlan0

And here is the output with your patch:

=3D=3D The last lines of /var/log/messages =3D=3D

Nov  1 11:07:20 iss kernel: iwlwifi0: WRT: Invalid buffer destination
Nov  1 11:07:21 iss kernel: iwlwifi0: WFPM_UMAC_PD_NOTIFICATION: 0x20
Nov  1 11:07:21 iss kernel: iwlwifi0: WFPM_LMAC2_PD_NOTIFICATION: 0x1f
Nov  1 11:07:21 iss kernel: iwlwifi0: WFPM_AUTH_KEY_0: 0x90
Nov  1 11:07:21 iss kernel: iwlwifi0: CNVI_SCU_SEQ_DATA_DW9: 0x0
Nov  1 11:07:21 iss kernel: wlan0: Ethernet address: 04:cf:4b:1d:fe:fc
Nov  1 11:07:38 iss wpa_supplicant[1534]: Successfully initialized
wpa_supplicant
Nov  1 11:07:38 iss wpa_supplicant[1534]: ioctl[SIOCS80211, op=3D20, val=3D=
0,
arg_len=3D7]: Invalid argument
Nov  1 11:07:38 iss syslogd: last message repeated 1 times
Nov  1 11:07:38 iss wpa_supplicant[1535]: ioctl[SIOCS80211, op=3D103, val=
=3D0,
arg_len=3D128]: Operation now in progress
Nov  1 11:07:38 iss wpa_supplicant[1535]: wlan0: CTRL-EVENT-SCAN-FAILED ret=
=3D-1
retry=3D1
Nov  1 11:07:39 iss wpa_supplicant[1535]: ioctl[SIOCS80211, op=3D103, val=
=3D0,
arg_len=3D128]: Operation now in progress
Nov  1 11:07:39 iss wpa_supplicant[1535]: wlan0: CTRL-EVENT-SCAN-FAILED ret=
=3D-1
retry=3D1

=3D=3D kgdb =3D=3D

(...)
Reading symbols from /boot/kernel.drm/kernel...
Reading symbols from /usr/lib/debug//boot/kernel.drm/kernel.debug...

Unread portion of the kernel message buffer:
<6>wlan0: ieee80211_new_state_locked:2718: pending SCAN -> AUTH transition =
lost
<4>Invalid TXQ id
iwl_mvm_tx_mpdu:1204: fc 0x00b0 tid 8 txq_id 65535 mvm 0xfffffe01762c6408 s=
kb 0
xfffff802d41a6800 { len 30 } info 0xfffffe0038f6bce8 sta 0xfffff80114044880=
 (if
 you see this please report to PR 274382)
panic: lkpi_sta_auth_to_scan: lsta 0xfffff80114c1e800 state not NONE: 0, ns=
tate
 1 arg 1

cpuid =3D 15
time =3D 1698833262
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0175ce8=
b70
vpanic() at vpanic+0x171/frame 0xfffffe0175ce8ca0
panic() at panic+0x43/frame 0xfffffe0175ce8d00
lkpi_sta_auth_to_scan() at lkpi_sta_auth_to_scan+0x2c8/frame 0xfffffe0175ce=
8d80
lkpi_iv_newstate() at lkpi_iv_newstate+0x253/frame 0xfffffe0175ce8df0
ieee80211_newstate_cb() at ieee80211_newstate_cb+0x1e7/frame 0xfffffe0175ce=
8e40
taskqueue_run_locked() at taskqueue_run_locked+0xab/frame 0xfffffe0175ce8ec0
taskqueue_thread_loop() at taskqueue_thread_loop+0xd3/frame 0xfffffe0175ce8=
ef0
fork_exit() at fork_exit+0x82/frame 0xfffffe0175ce8f30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0175ce8f30
--- trap 0, rip =3D 0, rsp =3D 0, rbp =3D 0 ---
Uptime: 5m22s
Dumping 1320 out of 32422 MB:..2%..11%..21%..31%..42%..51%..61%..71%..82%..=
91%

(kgdb) bt
#0  __curthread ()
    at /home/dumbbell/Documents/freebsd/src/sys/amd64/include/pcpu_aux.h:57
#1  doadump (textdump=3Dtextdump@entry=3D1)
    at /home/dumbbell/Documents/freebsd/src/sys/kern/kern_shutdown.c:406
#2  0xffffffff80b4ffd0 in kern_reboot (howto=3D260)
    at /home/dumbbell/Documents/freebsd/src/sys/kern/kern_shutdown.c:527
#3  0xffffffff80b5050e in vpanic (
    fmt=3D0xffffffff811e7898 "%s: lsta %p state not NONE: %#x, nstate %d ar=
g %d\n
", ap=3Dap@entry=3D0xfffffe0175ce8ce0)
    at /home/dumbbell/Documents/freebsd/src/sys/kern/kern_shutdown.c:976
#4  0xffffffff80b50273 in panic (fmt=3D<unavailable>)
    at /home/dumbbell/Documents/freebsd/src/sys/kern/kern_shutdown.c:895
#5  0xffffffff80dd3ab8 in lkpi_sta_auth_to_scan (vap=3D0xfffffe017908f010,
    nstate=3DIEEE80211_S_SCAN, arg=3D1)
    at /home/dumbbell/Documents/freebsd/src/sys/compat/linuxkpi/common/src/=
linu
x_80211.c:1175
#6  0xffffffff80ddb1e3 in lkpi_iv_newstate (vap=3D0xfffffe017908f010,
    nstate=3DIEEE80211_S_SCAN, arg=3D1)
    at /home/dumbbell/Documents/freebsd/src/sys/compat/linuxkpi/common/src/=
linu
x_80211.c:2113
#7  0xffffffff80cfff87 in ieee80211_newstate_cb (xvap=3D0xfffffe017908f010,
    npending=3D<optimized out>)
    at /home/dumbbell/Documents/freebsd/src/sys/net80211/ieee80211_proto.c:=
2546
#8  0xffffffff80bb5d2b in taskqueue_run_locked (
    queue=3Dqueue@entry=3D0xfffff80002a93100)
    at /home/dumbbell/Documents/freebsd/src/sys/kern/subr_taskqueue.c:512
#9  0xffffffff80bb6de3 in taskqueue_thread_loop (
    arg=3Darg@entry=3D0xfffffe01762ca110)
    at /home/dumbbell/Documents/freebsd/src/sys/kern/subr_taskqueue.c:824
#10 0xffffffff80b05eb2 in fork_exit (
    callout=3D0xffffffff80bb6d10 <taskqueue_thread_loop>,
    arg=3D0xfffffe01762ca110, frame=3D0xfffffe0175ce8f40)
    at /home/dumbbell/Documents/freebsd/src/sys/kern/kern_fork.c:1160
#11 <signal handler called>

--=20
You are receiving this mail because:
You are on the CC list for the bug.=