Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 09 Nov 2023 22:04:37 +0000
From:      bugzilla-noreply@freebsd.org
To:        wireless@FreeBSD.org
Subject:   [Bug 271979] bsdinstall(8): iwlwifi(4): system crash when authenticating for Wi-Fi: panic: lkpi_sta_auth_to_scan: lsta 0x... state not NONE: 0, nstate 1 arg 1
Message-ID:  <bug-271979-21060-GEog5ca6e5@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-271979-21060@https.bugs.freebsd.org/bugzilla/>
References:  <bug-271979-21060@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D271979

Cheng Cui <cc@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |cc@FreeBSD.org

--- Comment #28 from Cheng Cui <cc@FreeBSD.org> ---
Hit this panic in main with a patch to newstate-logging.

cc@n1_iwl_vm:~ % uname -a
FreeBSD n1_iwl_vm 15.0-CURRENT FreeBSD 15.0-CURRENT #1 main-f7d16a627-dirty:
Thu Nov  9 16:03:11 EST 2023=20=20=20=20
cc@n1_iwl_vm:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64
cc@n1_iwl_vm:~ %=20

The reproduce method is just reboot with the following rc.conf setup.
/etc/rc.conf
wlans_iwlwifi0=3D"wlan0"
ifconfig_wlan0=3D"WPA SYNCDHCP"
create_args_wlan0=3D"country US regdomain fcc"
wlandebug_wlan0=3D"+state "

/boot/loader.conf
boot_verbose=3D"YES"
kern.msgbufsize=3D1146880

console prints before panic:
...
iwlwifi0: Detected crf-id 0x3617, cnv-id 0x100530 wfpm id 0x80000000
iwlwifi0: PCI dev 2723/0084, rev=3D0x340, rfid=3D0x10a100
firmware: 'iwlwifi-cc-a0-77.ucode' version 77: 1366144 bytes loaded at
0xffffffff826a5000
iwlwifi0: successfully loaded firmware image 'iwlwifi-cc-a0-77.ucode'
iwlwifi0: api flags index 2 larger than supported by driver
iwlwifi0: TLV_FW_FSEQ_VERSION: FSEQ Version: 89.3.35.37
iwl-debug-yoyo.bin: could not load firmware image, error 2
iwl-debug-yoyo.bin: could not load firmware image, error 2
iwl-debug-yoyo_bin: could not load firmware image, error 2
iwl_debug_yoyo_bin: could not load firmware image, error 2
iwlwifi0: loaded firmware version 77.2df8986f.0 cc-a0-77.ucode op_mode iwlm=
vm
iwlwifi0: Detected Intel(R) Wi-Fi 6 AX200 160MHz, REV=3D0x340
iwlwifi0: Detected RF HR B3, rfid=3D0x10a100
iwlwifi0: base HW address: e0:2e:0b:92:e5:82
iwlwifi0: 11a rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
iwlwifi0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
iwlwifi0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps
24Mbps 36Mbps 48Mbps 54Mbps
pci0: driver added
wlan0: bpf attached
wlan0: bpf attached
wlan0: Ethernet address: e0:2e:0b:92:e5:82
net.wlan.0.debug: 0x0 =3D> 0x80000<state>
Created wlan(4) interfaces: wlan0.
lo0: link state changed to UP
vtnet0: link state changed to UP
Starting dhclient.
DHCPREQUEST on vtnet0 to 255.255.255.255 port 67
DHCPACK from 192.168.1.1
Bogus Host Name option 12: n1_iwl_vm (n1_iwl_vm)
bound to 192.168.1.154 -- renewal in 21600 seconds.
Starting wpa_supplicant.
wlan0: start running, 0 vaps running
wlan0: ieee80211_start_locked: up parent iwlwifi0
wlan0: start running, 1 vaps running
wlan0: ieee80211_new_state_locked:2746: starting state update INIT -> INIT
(SCAN)
wlan0: ieee80211_new_state_locked: INIT -> SCAN (arg 0) (nrunning 0 nscanni=
ng
0)
wlan0: ieee80211_newstate_cb:2517: running state update INIT -> SCAN (1)
wlan0: ieee80211_newstate_cb: INIT -> SCAN arg 0
wlan0: sta_newstate: INIT -> SCAN (0)
Starting dhclient.
wlan0: no link .....wlan0: ieee80211_new_state_locked:2746: starting state
update SCAN -> SCAN (AUTH)
wlan0: ieee80211_new_state_locked: SCAN -> AUTH (arg 192) (nrunning 0 nscan=
ning
0)
wlan0: ieee80211_newstate_cb:2517: running state update SCAN -> AUTH (1)
wlan0: ieee80211_newstate_cb: SCAN -> AUTH arg 192
wlan0: [f4:69:42:57:3f:0e] station assoc via MLME
wlan0: ieee80211_new_state_locked:2731: pending SCAN -> AUTH (now to AUTH)
transition lost
wlan0: ieee80211_new_state_locked:2746: starting state update SCAN -> AUTH
(AUTH)
wlan0: ieee80211_new_state_locked: SCAN -> AUTH (arg 192) (nrunning 0 nscan=
ning
0)
wlan0: sta_newstate: SCAN -> AUTH (192)
wlan0: ieee80211_newstate_cb:2517: running state update AUTH -> AUTH (1)
wlan0: ieee80211_newstate_cb: AUTH -> AUTH arg 192
Invalid TXQ idiwl_mvm_tx_mpdu:1204: fc 0x00b0 tid 8 txq_id 65535 mvm
0xfffffe00b1250408 skb 0xfffff80007865800 { len 30 } info 0xfffffe00745dcce8
sta 0xfffff80005760880 (if you see this please report to PR 274382)
wlan0: ni 0xfffffe00b15bf000 vap 0xfffffe00b12e0010 mode STA state AUTH m
0xfffff800078b1b00 status 4543576
wlan0: ni 0xfffffe00b15bf000 mode STA state AUTH arg 0x2 status 4543576
wlan0: sta_newstate: AUTH -> AUTH (192)
wlan0: ni 0xfffffe00b15bf000 vap 0xfffffe00b12e0010 mode STA state AUTH m
0xfffff8000773cb00 status 1
wlan0: ni 0xfffffe00b15bf000 mode STA state AUTH arg 0x2 status 1
wlan0: vap 0xfffffe00b12e0010 mode STA state AUTH flags 0x2400 & 0x80
wlan0: ieee80211_new_state_locked:2746: starting state update AUTH -> AUTH
(SCAN)
wlan0: ieee80211_new_state_locked: AUTH -> SCAN (arg 1) (nrunning 0 nscanni=
ng
0)
wlan0: ieee80211_newstate_cb:2517: running state update AUTH -> SCAN (1)
wlan0: ieee80211_newstate_cb: AUTH -> SCAN arg 1
panic: lkpi_sta_auth_to_scan: lsta 0xfffff80007756800 state not NONE: 0, ns=
tate
1 arg 1

cpuid =3D 6
time =3D 1699566558
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00b0eb5=
b70
vpanic() at vpanic+0x132/frame 0xfffffe00b0eb5ca0
panic() at panic+0x43/frame 0xfffffe00b0eb5d00
lkpi_sta_auth_to_scan() at lkpi_sta_auth_to_scan+0x2c8/frame 0xfffffe00b0eb=
5d80
lkpi_iv_newstate() at lkpi_iv_newstate+0x253/frame 0xfffffe00b0eb5df0
ieee80211_newstate_cb() at ieee80211_newstate_cb+0x226/frame 0xfffffe00b0eb=
5e40
taskqueue_run_locked() at taskqueue_run_locked+0xab/frame 0xfffffe00b0eb5ec0
taskqueue_thread_loop() at taskqueue_thread_loop+0xd3/frame 0xfffffe00b0eb5=
ef0
fork_exit() at fork_exit+0x82/frame 0xfffffe00b0eb5f30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00b0eb5f30
--- trap 0, rip =3D 0, rsp =3D 0, rbp =3D 0 ---
KDB: enter: panic
[ thread pid 0 tid 100168 ]
Stopped at      kdb_enter+0x32: movq    $0,0xe2aee3(%rip)
db> dump
Dumping 362 out of 6111 MB:..5%..14%..23%..31%..45%..53%..62%..71%..84%..93%
Dump complete
db>

--=20
You are receiving this mail because:
You are on the CC list for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-271979-21060-GEog5ca6e5>