Date: Mon, 16 Jun 2008 10:13:18 +0400 From: pluknet <pluknet@gmail.com> To: freebsd-stable@freebsd.org Cc: sam@freebsd.org, Andrew Thompson <thompsa@freebsd.org> Subject: Re: iwi on BETA4 with WPA2: device timeout/firmware error Message-ID: <a31046fc0806152313x79d45806j6457de42b9c0b9fa@mail.gmail.com> In-Reply-To: <94e0cac00712141907l601c25adw41783c122130d6cb@mail.gmail.com> References: <4761A0D8.4070609@barafranca.com> <20071213212145.GA55472@heff.fud.org.nz> <4761AE58.2070409@barafranca.com> <47633820.7050203@barafranca.com> <94e0cac00712141907l601c25adw41783c122130d6cb@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 15/12/2007, Hugo Silva <hugo@barafranca.com> wrote:
>> Hugo Silva wrote:
>> > Andrew Thompson wrote:
>> >> On Thu, Dec 13, 2007 at 09:15:04PM +0000, Hugo Silva wrote:
>> >>
>> >>> Hello list,
>> >>>
>> >>> Just wanted to report another issue with BETA4 on my laptop.
>> >>>
>> >>> The wireless connection is "working" without encryption (interface
>> >>> goes up and down every few minutes, but at least I don't lose any
>> >>> connections, so it's barely noticeable).
>> >>>
>> >>> Today I was setting up WPA2 with wpa_supplicant and hostapd and
>> >>> managed to do so (status: associated), however it goes down a few
>> >>> seconds later with iwi0: device timeout and iwi0: firmware error,
>> >>> every single time.
>> >>>
>> >>> Is this a known problem ? At least on my machine, WPA + iwi is
>> >>> currently unusable, as I am not able to ping anything even in the
>> >>> brief moments the card is associated with the AP.
>> >>>
>> >>
>> >> Can you please set the sysctl debug.iwi to 2 and post the debugging
>> >> messages that are output. Make sure you get the section of output from
>> >> when you kick off wpa_supplicant and when the firmware error happens.
>> >>
>> >>
>> >
>> > Okay, down'ed the interface, set debug.iwi=2, and ran wpa_supplicant
>> > -i iwi0 -c /etc/wpa_supplicant.conf. Here's the output:
[..]
>>
>> I have managed to get WPA2 working, however the "firmware error" still
>> persists (it only happens once every 10 or 20 minutes now, and simply
>> unloading the if_iwi module will bring the interface back and it'll be
>> operational.
>>
>> Without debugging, all dmesg showed was "firmware error" and "firmware
>> stuck in state 4, resetting", with wlandebug -i iwi0 wpa+auth+crypto, it
>> shows:
>>
>>
>>
>> Dec 15 02:06:00 laptop kernel: iwi0: link state changed to DOWN
>> Dec 15 02:06:00 laptop kernel: iwi0: _ieee80211_crypto_delkey: NONE
>> keyix 65535 flags 0x3 rsc 0 tsc 0 len 0
>> Dec 15 02:06:00 laptop kernel: iwi0: _ieee80211_crypto_delkey: TKIP
>> keyix 1 flags 0x36 rsc 0 tsc 1 len 16
>> Dec 15 02:06:00 laptop kernel: iwi0: _ieee80211_crypto_delkey: TKIP
>> keyix 2 flags 0x36 rsc 1 tsc 1 len 16
>> Dec 15 02:06:00 laptop kernel: iwi0: _ieee80211_crypto_delkey: NONE
>> keyix 65535 flags 0x3 rsc 0 tsc 0 len 0
>> Dec 15 02:06:00 laptop kernel: iwi0: _ieee80211_crypto_delkey: NONE
>> keyix 65535 flags 0x3 rsc 0 tsc 0 len 0
>> Dec 15 02:06:04 laptop kernel: iwi0: firmware stuck in state 4, resetting
>> Dec 15 02:06:04 laptop kernel: iwi0: _ieee80211_crypto_delkey: NONE
>> keyix 65535 flags 0x3 rsc 0 tsc 0 len 0
>> Dec 15 02:06:04 laptop kernel: iwi0: _ieee80211_crypto_delkey: NONE
>> keyix 65535 flags 0x3 rsc 0 tsc 0 len 0
>> Dec 15 02:06:05 laptop kernel: iwi0: firmware error
>>
>>
>> Is this helpful ?
>>
>> $ ifconfig iwi0
>> iwi0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
>> ether ....
>> inet 192.168.200.26 netmask 0xffffff00 broadcast 192.168.200.255
>> media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/54Mbps)
>> status: associated
>> ssid zaurak_wifi channel 5 (2432 Mhz 11g) bssid ...
>> authmode WPA2/802.11i privacy ON deftxkey UNDEF TKIP 2:128-bit
>> powersavemode CAM powersavesleep 100 bmiss 10 scanvalid 60
>> protmode CTS wme roaming MANUAL
>>
Today I could reproduce stuck in state 4 on recent RELENG7.
-wlandebug -i iwi0 +scan
iwi0: ieee80211_start_scan: active scan, duration 2147483647, desired
mode auto, append, nopick, once
iwi0: scan set 10g, 11g, 1b, 1g, 2b, 2g, 3b, 3g, 4b, 4g, 5b, 5g, 6b,
6g, 7b, 7g, 8b, 8g, 9b, 9g, 12b, 12g, 13b, 13g, 14b, 14g dwell min 200
max 200
iwi0: scan_next: chan 10g -> 10g [active, dwell min 200 max 200]
[00:16:ca:f5:1e:71] new beacon on chan 10 (bss chan 10) "Golden_WiFi_B2B"
[00:16:ca:f5:1e:71] caps 0x431 bintval 100 erp 0x0 country info 52 55
00 01 0b 1e
[00:16:ca:f5:1e:70] new beacon on chan 10 (bss chan 10) "Golden_WiFi"
[00:16:ca:f5:1e:70] caps 0x421 bintval 100 erp 0x0 country info 52 55
00 01 0b 1e
[00:16:ca:f5:1e:71] new beacon on chan 10 (bss chan 10) "Golden_WiFi_B2B"
[00:16:ca:f5:1e:71] caps 0x431 bintval 100 erp 0x0 country info 52 55
00 01 0b 1e
[00:18:b0:fe:7c:b1] new beacon on chan 10 (bss chan 10) "Golden_WiFi_B2B"
[00:18:b0:fe:7c:b1] caps 0x431 bintval 100 erp 0x0 country info 52 55
00 01 0b 1e
[00:16:ca:f5:1e:70] new beacon on chan 10 (bss chan 10) "Golden_WiFi"
[00:16:ca:f5:1e:70] caps 0x421 bintval 100 erp 0x0 country info 52 55
00 01 0b 1e
iwi0: ieee80211_add_scan: chan 10g min dwell met (31910172 > 31910128)
[00:16:ca:f5:1e:71] new beacon on chan 10 (bss chan 10) "Golden_WiFi_B2B"
[00:16:ca:f5:1e:71] caps 0x431 bintval 100 erp 0x0 country info 52 55
00 01 0b 1e
[00:16:ca:f5:1e:70] new beacon on chan 10 (bss chan 10) "Golden_WiFi"
[00:16:ca:f5:1e:70] caps 0x421 bintval 100 erp 0x0 country info 52 55
00 01 0b 1e
[00:16:ca:f5:1e:71] new beacon on chan 10 (bss chan 10) "Golden_WiFi_B2B"
[00:16:ca:f5:1e:71] caps 0x431 bintval 100 erp 0x0 country info 52 55
00 01 0b 1e
[00:18:b0:fe:7c:b0] new beacon on chan 10 (bss chan 10) "Golden_WiFi"
[00:18:b0:fe:7c:b0] caps 0x421 bintval 100 erp 0x0 country info 52 55
00 01 0b 1e
[00:16:ca:f5:1e:70] new beacon on chan 10 (bss chan 10) "Golden_WiFi"
[00:16:ca:f5:1e:70] caps 0x421 bintval 100 erp 0x0 country info 52 55
00 01 0b 1e
[00:16:ca:f5:1e:71] new beacon on chan 10 (bss chan 10) "Golden_WiFi_B2B"
[00:16:ca:f5:1e:71] caps 0x431 bintval 100 erp 0x0 country info 52 55
00 01 0b 1e
[00:18:b0:fe:7c:b0] new beacon on chan 10 (bss chan 10) "Golden_WiFi"
[00:18:b0:fe:7c:b0] caps 0x421 bintval 100 erp 0x0 country info 52 55
00 01 0b 1e
[00:18:b0:fe:7c:b1] new beacon on chan 10 (bss chan 10) "Golden_WiFi_B2B"
[00:18:b0:fe:7c:b1] caps 0x431 bintval 100 erp 0x0 country info 52 55
00 01 0b 1e
[00:16:ca:f5:1e:70] new beacon on chan 10 (bss chan 10) "Golden_WiFi"
[00:16:ca:f5:1e:70] caps 0x421 bintval 100 erp 0x0 country info 52 55
00 01 0b 1e
[-----several screens of same output, near 10 pages -----]
[00:18:b0:fe:7c:b1] caps 0x431 bintval 100 erp 0x0 country info 52 55
00 01 0b 1e
[00:16:ca:f5:1e:70] new beacon on chan 10 (bss chan 10) "Golden_WiFi"
[00:16:ca:f5:1e:70] caps 0x421 bintval 100 erp 0x0 country info 52 55
00 01 0b 1e
[00:16:ca:f5:1e:71] new beacon on chan 10 (bss chan 10) "Golden_WiFi_B2B"
[00:16:ca:f5:1e:71] caps 0x431 bintval 100 erp 0x0 country info 52 55
00 01 0b 1e
[00:18:b0:fe:7c:b0] new beacon on chan 10 (bss chan 10) "Golden_WiFi"
[00:18:b0:fe:7c:b0] caps 0x421 bintval 100 erp 0x0 country info 52 55
00 01 0b 1e
[00:18:b0:fe:7c:b1] new beacon on chan 10 (bss chan 10) "Golden_WiFi_B2B"
[00:18:b0:fe:7c:b1] caps 0x431 bintval 100 erp 0x0 country info 52 55
00 01 0b 1e
iwi0: firmware stuck in state 4, resetting
iwi0: ieee80211_cancel_scan: cancel active scan
iwi0: ieee80211_scan_flush
iwi0: scan_next: done, [ticks 31914946, dwell min 200 scanend 2179393574]
iwi0: notify scan done
iwi0: ieee80211_check_scan: active scan, duration 2147483647, desired
mode auto, flush
iwi0: adhoc_pick_bss: no scan candidate
iwi0: ieee80211_create_ibss: creating ibss
I got it on ifconfig iwi0 scan, of course.
iwi0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500
ether 00:0e:35:be:77:df
inet 192.168.80.1 netmask 0xffffff00 broadcast 192.168.80.255
media: IEEE 802.11 Wireless Ethernet autoselect (autoselect <adhoc>)
# note mediaopt adhoc
status: associated
ssid bsdap channel 10 (2457 Mhz 11g) bssid ca:af:ea:5b:86:98
authmode OPEN privacy OFF bmiss 10 scanvalid 60 bgscan
bgscanintvl 300 bgscanidle 250 roam:rssi11g 7 roam:rate11g 5
protmode CTS
Also immediately after that I reproduceably get page fault in
/sys/net80211/ieee80211_ht.c:819
...
} else if (IEEE80211_IS_CHAN_HT(chan)) {
...
because there is dereferencing of chan == NULL.
I could avoid this panic with this dirty hack but still got
"iwi0: firmware stuck in state 4, resetting":
--- /sys/net80211/ieee80211_scan_sta.c.orig 2008-06-16
09:50:11.000000000 +0400
+++ /sys/net80211/ieee80211_scan_sta.c 2008-06-16 09:51:00.000000000 +0400
@@ -24,7 +24,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/net80211/ieee80211_scan_sta.c,v 1.4.2.4
2008/04/25 16:21:05 sam Exp $");
+__FBSDID("$FreeBSD$");
/*
* IEEE 802.11 station scanning support.
@@ -1337,6 +1337,7 @@
bestrssi = -1;
mtx_lock(&st->st_lock);
+ bestchan = ss->ss_chans[0];
for (i = 0; i < ss->ss_last; i++) {
c = ss->ss_chans[i];
if (!checktable(adhocScanTable, c))
Yes, ss->ss_last == 0, therefore bestchan stands == NULL, and
therefore chan get NULL on return
Last chains of call stack (sorry, on memory):
adhoc_pick_bss ->
-> ieee80211_ht_adjust_channel(ic, adhoc_pick_channel(ss), ic->ic_flags_ext) ->
# here adhoc_pick_channel() returns NULL and
ieee80211_ht_adjust_channel() deref. it on ieee80211_ht.c:819
-> trap
[I don't know is it on guilty of iwi(4) or ieee80211 itself.]
wbr,
pluknet
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a31046fc0806152313x79d45806j6457de42b9c0b9fa>