Bug 272607
| Summary: | iwlwifi: 'service netif stop' causes kernel panic when wrong setting in wpa_supplicant.conf (also node_free, fixed?) | ||
|---|---|---|---|
| Product: | Base System | Reporter: | dbdemon <karl.levik> |
| Component: | wireless | Assignee: | Bjoern A. Zeeb <bz> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | CC: | bz, emaste, josef.c.bailey, pat, pi |
| Priority: | --- | Keywords: | crash |
| Version: | 13.2-STABLE | Flags: | bz:
mfc-stable14+
bz: mfc-stable13+ |
| Hardware: | amd64 | ||
| OS: | Any | ||
| See Also: | https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273985 | ||
| Bug Depends on: | |||
| Bug Blocks: | 273620 | ||
My laptop hwprobe: https://bsd-hardware.info/?probe=4c9dd227a7 (In reply to dbdemon from comment #1) <https://bsd-hardware.info/?probe=4c9dd227a7#pci:8086-06f0-8086-4070> > … 8086:06f0:8086:4070 / 02-80-00 Intel Comet Lake PCH CNVi WiFi … iwlwifi A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=0936c648ad0ee5152dc19f261e77fe9c1833fe05 commit 0936c648ad0ee5152dc19f261e77fe9c1833fe05 Author: Bjoern A. Zeeb <bz@FreeBSD.org> AuthorDate: 2024-02-05 14:51:08 +0000 Commit: Bjoern A. Zeeb <bz@FreeBSD.org> CommitDate: 2024-02-14 19:48:04 +0000 LinuxKPI: 802.11: update the ni/lsta reference cycle Update the ni/lsta reference cycle, add extra checks and assertions. This is to accomodate problems we were seeing based on net80211 behaviour (join1() and (*iv_update_bss)() as well as state changes for new iv_bss nodes during an active session). This should hopefully help to stabilise behaviour until the underlying problems gets properly addressed (for this and all other device drivers). PR: 272607, 273985, 274003 MFC after: 3 days Reviewed by: cc Differential Revision: https://reviews.freebsd.org/D43753 sys/compat/linuxkpi/common/src/linux_80211.c | 209 +++++++++++++++++---------- sys/compat/linuxkpi/common/src/linux_80211.h | 1 + 2 files changed, 130 insertions(+), 80 deletions(-) A commit in branch stable/14 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=12887199b37469c98a47baf66cd3cc182c79fbd6 commit 12887199b37469c98a47baf66cd3cc182c79fbd6 Author: Bjoern A. Zeeb <bz@FreeBSD.org> AuthorDate: 2024-02-05 14:51:08 +0000 Commit: Bjoern A. Zeeb <bz@FreeBSD.org> CommitDate: 2024-02-18 18:31:17 +0000 LinuxKPI: 802.11: update the ni/lsta reference cycle Update the ni/lsta reference cycle, add extra checks and assertions. This is to accomodate problems we were seeing based on net80211 behaviour (join1() and (*iv_update_bss)() as well as state changes for new iv_bss nodes during an active session). This should hopefully help to stabilise behaviour until the underlying problems gets properly addressed (for this and all other device drivers). PR: 272607, 273985, 274003 Reviewed by: cc Differential Revision: https://reviews.freebsd.org/D43753 (cherry picked from commit 0936c648ad0ee5152dc19f261e77fe9c1833fe05) sys/compat/linuxkpi/common/src/linux_80211.c | 209 +++++++++++++++++---------- sys/compat/linuxkpi/common/src/linux_80211.h | 1 + 2 files changed, 130 insertions(+), 80 deletions(-) A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=223edc1a3c2fc86dbc7fa0ecd00f26a85d7c7b43 commit 223edc1a3c2fc86dbc7fa0ecd00f26a85d7c7b43 Author: Bjoern A. Zeeb <bz@FreeBSD.org> AuthorDate: 2024-02-05 14:51:08 +0000 Commit: Bjoern A. Zeeb <bz@FreeBSD.org> CommitDate: 2024-02-19 08:02:02 +0000 LinuxKPI: 802.11: update the ni/lsta reference cycle Update the ni/lsta reference cycle, add extra checks and assertions. This is to accomodate problems we were seeing based on net80211 behaviour (join1() and (*iv_update_bss)() as well as state changes for new iv_bss nodes during an active session). This should hopefully help to stabilise behaviour until the underlying problems gets properly addressed (for this and all other device drivers). PR: 272607, 273985, 274003 Reviewed by: cc Differential Revision: https://reviews.freebsd.org/D43753 (cherry picked from commit 0936c648ad0ee5152dc19f261e77fe9c1833fe05) sys/compat/linuxkpi/common/src/linux_80211.c | 209 +++++++++++++++++---------- sys/compat/linuxkpi/common/src/linux_80211.h | 1 + 2 files changed, 130 insertions(+), 80 deletions(-) A commit in branch releng/13.3 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=9b2da4bc5a68294bc1dcfdd0d0ccadf747bafd67 commit 9b2da4bc5a68294bc1dcfdd0d0ccadf747bafd67 Author: Bjoern A. Zeeb <bz@FreeBSD.org> AuthorDate: 2024-02-05 14:51:08 +0000 Commit: Bjoern A. Zeeb <bz@FreeBSD.org> CommitDate: 2024-02-19 16:09:22 +0000 LinuxKPI: 802.11: update the ni/lsta reference cycle Update the ni/lsta reference cycle, add extra checks and assertions. This is to accomodate problems we were seeing based on net80211 behaviour (join1() and (*iv_update_bss)() as well as state changes for new iv_bss nodes during an active session). This should hopefully help to stabilise behaviour until the underlying problems gets properly addressed (for this and all other device drivers). Approved by: re (cperciva) PR: 272607, 273985, 274003 Reviewed by: cc Differential Revision: https://reviews.freebsd.org/D43753 (cherry picked from commit 0936c648ad0ee5152dc19f261e77fe9c1833fe05) (cherry picked from commit 223edc1a3c2fc86dbc7fa0ecd00f26a85d7c7b43) sys/compat/linuxkpi/common/src/linux_80211.c | 209 +++++++++++++++++---------- sys/compat/linuxkpi/common/src/linux_80211.h | 1 + 2 files changed, 130 insertions(+), 80 deletions(-) Hi, I believe the problem here (also seen in PR 273985) is fixed in 15/14/13/and 13.3 from RC1 on. Could you try a more recent stable and let us know is you still see the issue? I have just tested this on 14.0-STABLE, and I can confirm that the issue seems to have been resolved. # uname -a FreeBSD valhalla 14.0-STABLE FreeBSD 14.0-STABLE #0 stable/14-n266870-e705ac7788b2: Sat Feb 24 13:58:38 GMT 2024 root@valhalla:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64 Thank you very much. (In reply to dbdemon from comment #8) Thank you so much for the testing and feedback! Much appreciated. |
Overview: I was attempting to connect my laptop to the eduroam wifi network. I discovered I could reliably cause a kernel panic every time I executed 'service netif stop' or '/etc/rc.d/netif stop'. At this point I had not yet been able to connect to the network. Later I found that one of my settings in /etc/wpa_supplicant.conf was wrong. I had "network {... eap=TTLS ...}" whereas the correct setting was apparently "network {... "eap=PEAP" ...}". Once this was corrected, I was able to connect to the network, and I could no longer trigger a kernel panic. Steps to Reproduce: 1. Use an /etc/wpa_supplicant.conf file similar to below. 2. Execute 'service netif stop' /etc/wpa_supplicant.conf: ctrl_interface=/var/run/wpa_supplicant network={ ssid="eduroam" scan_ssid=1 key_mgmt=WPA-EAP eap=TTLS identity="your_id@yourdomain.tld" anonymous_identity="anonymous_id@yourdomain.tld" password="your_password" phase2="auth=MSCHAPV2" ca_cert="/usr/local/etc/ssl/certs/yourNetworkingRootCA.pem" } Actual Results: The system crashes with a kernel panic (page fault) with messages as shown below in excerpts from relevant log files. /var/log/messages: Jul 19 15:04:32 valhalla syslogd: last message repeated 2 times Jul 19 15:04:50 valhalla syslogd: last message repeated 1 times Jul 19 15:04:55 valhalla ntpd[1666]: error resolving pool 0.freebsd.pool.ntp.org: Name does not resolve (8) Jul 19 15:05:00 valhalla ntpd[1666]: error resolving pool 2.freebsd.pool.ntp.org: Name does not resolve (8) Jul 19 15:05:24 valhalla dhclient[1782]: Interface wlan1 is down, dhclient exiting Jul 19 15:05:24 valhalla dhclient[1782]: connection closed Jul 19 15:05:24 valhalla dhclient[1782]: exiting. Jul 19 15:05:38 valhalla wpa_supplicant[289]: wlan1: CTRL-EVENT-SSID-REENABLED id=1 ssid="eduroam" Jul 19 15:06:59 valhalla syslogd: kernel boot file is /boot/kernel/kernel Jul 19 15:06:59 valhalla kernel: panic: page fault Jul 19 15:06:59 valhalla kernel: cpuid = 10 Jul 19 15:06:59 valhalla kernel: time = 1689775572 Jul 19 15:06:59 valhalla kernel: KDB: stack backtrace: Jul 19 15:06:59 valhalla kernel: #0 0xffffffff80c54185 at kdb_backtrace+0x65 Jul 19 15:06:59 valhalla kernel: #1 0xffffffff80c07ac2 at vpanic+0x152 Jul 19 15:06:59 valhalla kernel: #2 0xffffffff80c07963 at panic+0x43 Jul 19 15:06:59 valhalla kernel: #3 0xffffffff810bfde7 at trap_fatal+0x387 Jul 19 15:06:59 valhalla kernel: #4 0xffffffff810bfe3f at trap_pfault+0x4f Jul 19 15:06:59 valhalla kernel: #5 0xffffffff81096ce8 at calltrap+0x8 Jul 19 15:06:59 valhalla kernel: #6 0xffffffff80d8f5a3 at ieee80211_node_psq_drain+0xf3 Jul 19 15:06:59 valhalla kernel: #7 0xffffffff80d836c6 at node_cleanup+0xa6 Jul 19 15:06:59 valhalla kernel: #8 0xffffffff80d835e5 at node_free+0x25 Jul 19 15:06:59 valhalla kernel: #9 0xffffffff80d84b72 at ieee80211_sta_join1+0xc2 Jul 19 15:06:59 valhalla kernel: #10 0xffffffff80d85aaa at ieee80211_sta_join+0x42a Jul 19 15:06:59 valhalla kernel: #11 0xffffffff80d79e01 at ieee80211_ioctl_setmlme+0x111 Jul 19 15:06:59 valhalla kernel: #12 0xffffffff80d779ce at ieee80211_ioctl_set80211+0x5de Jul 19 15:06:59 valhalla kernel: #13 0xffffffff80d76541 at ieee80211_ioctl+0x311 Jul 19 15:06:59 valhalla kernel: #14 0xffffffff80d1f63d at ifioctl+0x98d Jul 19 15:06:59 valhalla kernel: #15 0xffffffff80c74cb7 at kern_ioctl+0x257 Jul 19 15:06:59 valhalla kernel: #16 0xffffffff80c749eb at sys_ioctl+0x12b Jul 19 15:06:59 valhalla kernel: #17 0xffffffff810c06dc at amd64_syscall+0x10c Jul 19 15:06:59 valhalla kernel: Uptime: 4m6s --- /var/run/dmesg.boot: wlan1: link state changed to UP wlan1: link state changed to DOWN wlan1: link state changed to UP wlan1: link state changed to DOWN wlan1: link state changed to UP wlan1: link state changed to DOWN Fatal trap 12: page fault while in kernel mode cpuid = 10; apic id = 0a fault virtual address = 0x440 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff80be476d stack pointer = 0x28:0xfffffe013ee29870 frame pointer = 0x28:0xfffffe013ee298f0 code segment = base rx0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 289 (wpa_supplicant) trap number = 12 panic: page fault cpuid = 10 time = 1689775572 KDB: stack backtrace: #0 0xffffffff80c54185 at kdb_backtrace+0x65 #1 0xffffffff80c07ac2 at vpanic+0x152 #2 0xffffffff80c07963 at panic+0x43 #3 0xffffffff810bfde7 at trap_fatal+0x387 #4 0xffffffff810bfe3f at trap_pfault+0x4f #5 0xffffffff81096ce8 at calltrap+0x8 #6 0xffffffff80d8f5a3 at ieee80211_node_psq_drain+0xf3 #7 0xffffffff80d836c6 at node_cleanup+0xa6 #8 0xffffffff80d835e5 at node_free+0x25 #9 0xffffffff80d84b72 at ieee80211_sta_join1+0xc2 #10 0xffffffff80d85aaa at ieee80211_sta_join+0x42a #11 0xffffffff80d79e01 at ieee80211_ioctl_setmlme+0x111 #12 0xffffffff80d779ce at ieee80211_ioctl_set80211+0x5de #13 0xffffffff80d76541 at ieee80211_ioctl+0x311 #14 0xffffffff80d1f63d at ifioctl+0x98d #15 0xffffffff80c74cb7 at kern_ioctl+0x257 #16 0xffffffff80c749eb at sys_ioctl+0x12b #17 0xffffffff810c06dc at amd64_syscall+0x10c Uptime: 4m6s --- Expected Results: The service should stop without causing a system crash. Build Date & Hardware: * Kernel and world built on 7th July. * FreeBSD valhalla 13.2-STABLE FreeBSD 13.2-STABLE stable/13-n255791-a81d4240b346 VALHALLA amd64