From owner-freebsd-stable@FreeBSD.ORG Mon Jun 16 06:13:19 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5E64E1065679 for ; Mon, 16 Jun 2008 06:13:19 +0000 (UTC) (envelope-from pluknet@gmail.com) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.227]) by mx1.freebsd.org (Postfix) with ESMTP id 18C398FC17 for ; Mon, 16 Jun 2008 06:13:19 +0000 (UTC) (envelope-from pluknet@gmail.com) Received: by wr-out-0506.google.com with SMTP id c8so931313wra.27 for ; Sun, 15 Jun 2008 23:13:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=YXGVZXVatc2s+8Jt2ETAoO5mEET8HJh6EzwsrztXSFQ=; b=tNTpHYYgES9EsNB3jgdfkZ2I525elLdMN82HkbvxROxhzD0MCSciyMHgRxIrSfqnQL PtIIVWQC1g9BpUewnmRdCA/2vHAlP+UcNTqtFDwelmlnyhzNKjCvijjiYxGMIMZOYiQw JWus+qudMH6ltCoUr8omJNtujGsgmfz9+uezg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=NFuQTzs7h2ZtDlil8B5spu6Pd4bKhXM48yMjxFrKo7AZbUAp8YBEoGVY/Y1k62ksQt iylqzBjfAyUYY2NMuVxg2VimSNcHjmqjIdYF1HoP0tXlO4LjPGhDA6V/tSzj6kDuWGFF jw9gCv7UJv5YZcpNIrng/xlUs5BoDOUje2dQw= Received: by 10.90.99.6 with SMTP id w6mr6426146agb.71.1213596798473; Sun, 15 Jun 2008 23:13:18 -0700 (PDT) Received: by 10.90.96.4 with HTTP; Sun, 15 Jun 2008 23:13:18 -0700 (PDT) Message-ID: Date: Mon, 16 Jun 2008 10:13:18 +0400 From: pluknet To: freebsd-stable@freebsd.org In-Reply-To: <94e0cac00712141907l601c25adw41783c122130d6cb@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <4761A0D8.4070609@barafranca.com> <20071213212145.GA55472@heff.fud.org.nz> <4761AE58.2070409@barafranca.com> <47633820.7050203@barafranca.com> <94e0cac00712141907l601c25adw41783c122130d6cb@mail.gmail.com> Cc: sam@freebsd.org, Andrew Thompson Subject: Re: iwi on BETA4 with WPA2: device timeout/firmware error X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jun 2008 06:13:19 -0000 > On 15/12/2007, Hugo Silva wrote: >> Hugo Silva wrote: >> > Andrew Thompson wrote: >> >> On Thu, Dec 13, 2007 at 09:15:04PM +0000, Hugo Silva wrote: >> >> >> >>> Hello list, >> >>> >> >>> Just wanted to report another issue with BETA4 on my laptop. >> >>> >> >>> The wireless connection is "working" without encryption (interface >> >>> goes up and down every few minutes, but at least I don't lose any >> >>> connections, so it's barely noticeable). >> >>> >> >>> Today I was setting up WPA2 with wpa_supplicant and hostapd and >> >>> managed to do so (status: associated), however it goes down a few >> >>> seconds later with iwi0: device timeout and iwi0: firmware error, >> >>> every single time. >> >>> >> >>> Is this a known problem ? At least on my machine, WPA + iwi is >> >>> currently unusable, as I am not able to ping anything even in the >> >>> brief moments the card is associated with the AP. >> >>> >> >> >> >> Can you please set the sysctl debug.iwi to 2 and post the debugging >> >> messages that are output. Make sure you get the section of output from >> >> when you kick off wpa_supplicant and when the firmware error happens. >> >> >> >> >> > >> > Okay, down'ed the interface, set debug.iwi=2, and ran wpa_supplicant >> > -i iwi0 -c /etc/wpa_supplicant.conf. Here's the output: [..] >> >> I have managed to get WPA2 working, however the "firmware error" still >> persists (it only happens once every 10 or 20 minutes now, and simply >> unloading the if_iwi module will bring the interface back and it'll be >> operational. >> >> Without debugging, all dmesg showed was "firmware error" and "firmware >> stuck in state 4, resetting", with wlandebug -i iwi0 wpa+auth+crypto, it >> shows: >> >> >> >> Dec 15 02:06:00 laptop kernel: iwi0: link state changed to DOWN >> Dec 15 02:06:00 laptop kernel: iwi0: _ieee80211_crypto_delkey: NONE >> keyix 65535 flags 0x3 rsc 0 tsc 0 len 0 >> Dec 15 02:06:00 laptop kernel: iwi0: _ieee80211_crypto_delkey: TKIP >> keyix 1 flags 0x36 rsc 0 tsc 1 len 16 >> Dec 15 02:06:00 laptop kernel: iwi0: _ieee80211_crypto_delkey: TKIP >> keyix 2 flags 0x36 rsc 1 tsc 1 len 16 >> Dec 15 02:06:00 laptop kernel: iwi0: _ieee80211_crypto_delkey: NONE >> keyix 65535 flags 0x3 rsc 0 tsc 0 len 0 >> Dec 15 02:06:00 laptop kernel: iwi0: _ieee80211_crypto_delkey: NONE >> keyix 65535 flags 0x3 rsc 0 tsc 0 len 0 >> Dec 15 02:06:04 laptop kernel: iwi0: firmware stuck in state 4, resetting >> Dec 15 02:06:04 laptop kernel: iwi0: _ieee80211_crypto_delkey: NONE >> keyix 65535 flags 0x3 rsc 0 tsc 0 len 0 >> Dec 15 02:06:04 laptop kernel: iwi0: _ieee80211_crypto_delkey: NONE >> keyix 65535 flags 0x3 rsc 0 tsc 0 len 0 >> Dec 15 02:06:05 laptop kernel: iwi0: firmware error >> >> >> Is this helpful ? >> >> $ ifconfig iwi0 >> iwi0: flags=8843 metric 0 mtu 1500 >> ether .... >> inet 192.168.200.26 netmask 0xffffff00 broadcast 192.168.200.255 >> media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/54Mbps) >> status: associated >> ssid zaurak_wifi channel 5 (2432 Mhz 11g) bssid ... >> authmode WPA2/802.11i privacy ON deftxkey UNDEF TKIP 2:128-bit >> powersavemode CAM powersavesleep 100 bmiss 10 scanvalid 60 >> protmode CTS wme roaming MANUAL >> Today I could reproduce stuck in state 4 on recent RELENG7. -wlandebug -i iwi0 +scan iwi0: ieee80211_start_scan: active scan, duration 2147483647, desired mode auto, append, nopick, once iwi0: scan set 10g, 11g, 1b, 1g, 2b, 2g, 3b, 3g, 4b, 4g, 5b, 5g, 6b, 6g, 7b, 7g, 8b, 8g, 9b, 9g, 12b, 12g, 13b, 13g, 14b, 14g dwell min 200 max 200 iwi0: scan_next: chan 10g -> 10g [active, dwell min 200 max 200] [00:16:ca:f5:1e:71] new beacon on chan 10 (bss chan 10) "Golden_WiFi_B2B" [00:16:ca:f5:1e:71] caps 0x431 bintval 100 erp 0x0 country info 52 55 00 01 0b 1e [00:16:ca:f5:1e:70] new beacon on chan 10 (bss chan 10) "Golden_WiFi" [00:16:ca:f5:1e:70] caps 0x421 bintval 100 erp 0x0 country info 52 55 00 01 0b 1e [00:16:ca:f5:1e:71] new beacon on chan 10 (bss chan 10) "Golden_WiFi_B2B" [00:16:ca:f5:1e:71] caps 0x431 bintval 100 erp 0x0 country info 52 55 00 01 0b 1e [00:18:b0:fe:7c:b1] new beacon on chan 10 (bss chan 10) "Golden_WiFi_B2B" [00:18:b0:fe:7c:b1] caps 0x431 bintval 100 erp 0x0 country info 52 55 00 01 0b 1e [00:16:ca:f5:1e:70] new beacon on chan 10 (bss chan 10) "Golden_WiFi" [00:16:ca:f5:1e:70] caps 0x421 bintval 100 erp 0x0 country info 52 55 00 01 0b 1e iwi0: ieee80211_add_scan: chan 10g min dwell met (31910172 > 31910128) [00:16:ca:f5:1e:71] new beacon on chan 10 (bss chan 10) "Golden_WiFi_B2B" [00:16:ca:f5:1e:71] caps 0x431 bintval 100 erp 0x0 country info 52 55 00 01 0b 1e [00:16:ca:f5:1e:70] new beacon on chan 10 (bss chan 10) "Golden_WiFi" [00:16:ca:f5:1e:70] caps 0x421 bintval 100 erp 0x0 country info 52 55 00 01 0b 1e [00:16:ca:f5:1e:71] new beacon on chan 10 (bss chan 10) "Golden_WiFi_B2B" [00:16:ca:f5:1e:71] caps 0x431 bintval 100 erp 0x0 country info 52 55 00 01 0b 1e [00:18:b0:fe:7c:b0] new beacon on chan 10 (bss chan 10) "Golden_WiFi" [00:18:b0:fe:7c:b0] caps 0x421 bintval 100 erp 0x0 country info 52 55 00 01 0b 1e [00:16:ca:f5:1e:70] new beacon on chan 10 (bss chan 10) "Golden_WiFi" [00:16:ca:f5:1e:70] caps 0x421 bintval 100 erp 0x0 country info 52 55 00 01 0b 1e [00:16:ca:f5:1e:71] new beacon on chan 10 (bss chan 10) "Golden_WiFi_B2B" [00:16:ca:f5:1e:71] caps 0x431 bintval 100 erp 0x0 country info 52 55 00 01 0b 1e [00:18:b0:fe:7c:b0] new beacon on chan 10 (bss chan 10) "Golden_WiFi" [00:18:b0:fe:7c:b0] caps 0x421 bintval 100 erp 0x0 country info 52 55 00 01 0b 1e [00:18:b0:fe:7c:b1] new beacon on chan 10 (bss chan 10) "Golden_WiFi_B2B" [00:18:b0:fe:7c:b1] caps 0x431 bintval 100 erp 0x0 country info 52 55 00 01 0b 1e [00:16:ca:f5:1e:70] new beacon on chan 10 (bss chan 10) "Golden_WiFi" [00:16:ca:f5:1e:70] caps 0x421 bintval 100 erp 0x0 country info 52 55 00 01 0b 1e [-----several screens of same output, near 10 pages -----] [00:18:b0:fe:7c:b1] caps 0x431 bintval 100 erp 0x0 country info 52 55 00 01 0b 1e [00:16:ca:f5:1e:70] new beacon on chan 10 (bss chan 10) "Golden_WiFi" [00:16:ca:f5:1e:70] caps 0x421 bintval 100 erp 0x0 country info 52 55 00 01 0b 1e [00:16:ca:f5:1e:71] new beacon on chan 10 (bss chan 10) "Golden_WiFi_B2B" [00:16:ca:f5:1e:71] caps 0x431 bintval 100 erp 0x0 country info 52 55 00 01 0b 1e [00:18:b0:fe:7c:b0] new beacon on chan 10 (bss chan 10) "Golden_WiFi" [00:18:b0:fe:7c:b0] caps 0x421 bintval 100 erp 0x0 country info 52 55 00 01 0b 1e [00:18:b0:fe:7c:b1] new beacon on chan 10 (bss chan 10) "Golden_WiFi_B2B" [00:18:b0:fe:7c:b1] caps 0x431 bintval 100 erp 0x0 country info 52 55 00 01 0b 1e iwi0: firmware stuck in state 4, resetting iwi0: ieee80211_cancel_scan: cancel active scan iwi0: ieee80211_scan_flush iwi0: scan_next: done, [ticks 31914946, dwell min 200 scanend 2179393574] iwi0: notify scan done iwi0: ieee80211_check_scan: active scan, duration 2147483647, desired mode auto, flush iwi0: adhoc_pick_bss: no scan candidate iwi0: ieee80211_create_ibss: creating ibss I got it on ifconfig iwi0 scan, of course. iwi0: flags=8943 metric 0 mtu 1500 ether 00:0e:35:be:77:df inet 192.168.80.1 netmask 0xffffff00 broadcast 192.168.80.255 media: IEEE 802.11 Wireless Ethernet autoselect (autoselect ) # note mediaopt adhoc status: associated ssid bsdap channel 10 (2457 Mhz 11g) bssid ca:af:ea:5b:86:98 authmode OPEN privacy OFF bmiss 10 scanvalid 60 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi11g 7 roam:rate11g 5 protmode CTS Also immediately after that I reproduceably get page fault in /sys/net80211/ieee80211_ht.c:819 ... } else if (IEEE80211_IS_CHAN_HT(chan)) { ... because there is dereferencing of chan == NULL. I could avoid this panic with this dirty hack but still got "iwi0: firmware stuck in state 4, resetting": --- /sys/net80211/ieee80211_scan_sta.c.orig 2008-06-16 09:50:11.000000000 +0400 +++ /sys/net80211/ieee80211_scan_sta.c 2008-06-16 09:51:00.000000000 +0400 @@ -24,7 +24,7 @@ */ #include -__FBSDID("$FreeBSD: src/sys/net80211/ieee80211_scan_sta.c,v 1.4.2.4 2008/04/25 16:21:05 sam Exp $"); +__FBSDID("$FreeBSD$"); /* * IEEE 802.11 station scanning support. @@ -1337,6 +1337,7 @@ bestrssi = -1; mtx_lock(&st->st_lock); + bestchan = ss->ss_chans[0]; for (i = 0; i < ss->ss_last; i++) { c = ss->ss_chans[i]; if (!checktable(adhocScanTable, c)) Yes, ss->ss_last == 0, therefore bestchan stands == NULL, and therefore chan get NULL on return Last chains of call stack (sorry, on memory): adhoc_pick_bss -> -> ieee80211_ht_adjust_channel(ic, adhoc_pick_channel(ss), ic->ic_flags_ext) -> # here adhoc_pick_channel() returns NULL and ieee80211_ht_adjust_channel() deref. it on ieee80211_ht.c:819 -> trap [I don't know is it on guilty of iwi(4) or ieee80211 itself.] wbr, pluknet