NetBSD Problem Report #45745
From prlw1@inf.phy.cam.ac.uk Mon Dec 26 22:19:56 2011
Return-Path: <prlw1@inf.phy.cam.ac.uk>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id 34E7463BB83
for <gnats-bugs@gnats.netbsd.org>; Mon, 26 Dec 2011 22:19:56 +0000 (UTC)
Message-Id: <E1RfItg-0001HA-0t@quartz.inf.phy.cam.ac.uk>
Date: Mon, 26 Dec 2011 22:19:56 +0000
From: prlw1@cam.ac.uk
Sender: Patrick Welche <prlw1@inf.phy.cam.ac.uk>
Reply-To: prlw1@cam.ac.uk
To: gnats-bugs@gnats.NetBSD.org
Subject: ath0 hostap change mode panic
X-Send-Pr-Version: 3.95
>Number: 45745
>Category: kern
>Synopsis: ath0 hostap panics with ifconfig ath0 mode 11g
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Dec 26 22:20:00 +0000 2011
>Last-Modified: Sat Jun 27 05:10:02 +0000 2020
>Originator: Patrick Welche
>Release: NetBSD 5.99.59
>Organization:
>Environment:
Architecture: i386
Machine: i386
>Description:
On NetBSD/i386-current from 24 Dec, I tried setting up a hostap based on ath0:
Vendor Name: Atheros Communications (0x168c)
Device Name: AR5212 Wireless LAN (0x0013)
The iwn0 client and the ath0 had an "active" network, but according
to tcpdump, neither could see any packets. I then tried
ifconfig ath0 mode 11g
as ifconfig -m ath0 lists
media autoselect mode 11g mediaopt hostap
as the iwn0 selected 11g but as the ath0 was in hostap mode,
it picked the first available mode, i.e., 11b (ieee80211.c::642).
However, this caused a (repeatable) panic:
#0 0xc031c7a8 in maybe_dump (howto=260)
at ../../../../arch/i386/i386/machdep.c:861
#1 cpu_reboot (howto=260, bootstr=0x0)
at ../../../../arch/i386/i386/machdep.c:886
#2 0xc0481676 in vpanic (fmt=0xc065e78c "bogus long slot station count %d",
ap=0xce45a648 "") at ../../../../kern/subr_prf.c:308
#3 0xc0481738 in panic (fmt=0xc065e78c "bogus long slot station count %d")
at ../../../../kern/subr_prf.c:205
#4 0xc025cb08 in ieee80211_node_leave_11g (ni=0xc3497000, ic=0xcbdae4ac)
at ../../../../net80211/ieee80211_node.c:2228
#5 ieee80211_node_leave (ic=0xcbdae4ac, ni=0xc3497000)
at ../../../../net80211/ieee80211_node.c:2311
#6 0xc025c7c5 in ieee80211_iterate_nodes (nt=0xcbdaec2c,
f=0xc02607a0 <sta_disassoc>, arg=0xcbdae4ac)
at ../../../../net80211/ieee80211_node.c:2062
#7 0xc0260d34 in ieee80211_newstate (ic=0xcbdae4ac, nstate=IEEE80211_S_INIT,
arg=-1) at ../../../../net80211/ieee80211_proto.c:939
#8 0xc017ec35 in ath_newstate (ic=0xcbdae4ac, nstate=IEEE80211_S_INIT, arg=-1)
at ../../../../dev/ic/ath.c:4805
#9 0xc017a4df in ath_stop_locked (ifp=0xcbdae030, disable=0)
at ../../../../dev/ic/ath.c:1112
#10 0xc017f818 in ath_init (sc=0xcbdae000) at ../../../../dev/ic/ath.c:999
#11 0xc017fa1d in ath_media_change (ifp=0xcbdae030)
at ../../../../dev/ic/ath.c:1454
#12 0xc027a217 in ifmedia_change (ifp=0xcbdae030, ifm=0xcbdaecf0)
at ../../../../net/if_media.c:125
#13 ifmedia_ioctl (ifp=0xcbdae030, ifr=0xcc8faf00, ifm=0xcbdaecf0,
cmd=3230689589) at ../../../../net/if_media.c:298
#14 0xc02559bb in ieee80211_ioctl (ic=0xcbdae4ac, cmd=3230689589,
data=0xcc8faf00) at ../../../../net80211/ieee80211_ioctl.c:2609
#15 0xc017faee in ath_ioctl (ifp=0xcbdae030, cmd=3230689589, data=0xcc8faf00)
at ../../../../dev/ic/ath.c:5365
#16 0xc0265706 in ifioctl (so=0xc2ece928, cmd=3230689589, data=0xcc8faf00,
l=0xcdc8fd40) at ../../../../net/if.c:1839
#17 0xc04959da in soo_ioctl (fp=0xd3af8c40, cmd=3230689589, data=0xcc8faf00)
at ../../../../kern/sys_socket.c:200
#18 0xc048a921 in sys_ioctl (l=0xcdc8fd40, uap=0xce45acf4, retval=0xce45ad1c)
at ../../../../kern/sys_generic.c:645
#19 0xc0495ac7 in sy_call (rval=0xce45ad1c, uap=0xce45acf4, l=0xcdc8fd40,
sy=0xc06d6e08) at ../../../../sys/syscallvar.h:61
#20 syscall (frame=0xce45ad48) at ../../../../arch/x86/x86/syscall.c:196
#21 0xc010058d in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
ieee80211_node
ni->nicapinfo = 49 = 0x31 = ESS, PRIVACY, SHORT_PREAMBLE
ieee80211com
ic->ic_longslotsta = 0
ic->ic_modecaps = 13 = 1+4+8 = IEEE80211_MODE_AUTO, 11B, 11G.
ic->ic_curmode = 3 = IEEE80211_MODE_11G
I think that the problem is that we ask for 11G, so ic_curmode is changed
to 11G, then we need to reset for the change to take effect => ath_init, but
then we must leave our current network: 11G as that is what curmode now says.
oops.
>How-To-Repeat:
>Fix:
>Audit-Trail:
From: "Jukka Ruohonen" <jruoho@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/45745 CVS commit: src
Date: Sat, 27 Jun 2020 05:07:08 +0000
Module Name: src
Committed By: jruoho
Date: Sat Jun 27 05:07:08 UTC 2020
Modified Files:
src/distrib/sets/lists/tests: mi
src/tests/sbin/ifconfig: Makefile
Added Files:
src/tests/sbin/ifconfig: t_woptions.sh
Log Message:
Add test cases for different 802.11 options. These include cases for
PR kern/35045, PR kern/45745, and PR kern/55424.
To generate a diff of this commit:
cvs rdiff -u -r1.854 -r1.855 src/distrib/sets/lists/tests/mi
cvs rdiff -u -r1.5 -r1.6 src/tests/sbin/ifconfig/Makefile
cvs rdiff -u -r0 -r1.1 src/tests/sbin/ifconfig/t_woptions.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
>Unformatted:
24 Dec 2011
(Contact us)
$NetBSD: gnats-precook-prs,v 1.4 2018/12/21 14:20:20 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.