On 9/12/20 5:45 AM, pr%xn--rvztrtkrfrgp-bbb7j2b8f0b9d7a21oft.com@localhost wrote: >> Number: 55655 >> Category: port-amd64 >> Synopsis: Specific AP deauth causes panic >> Confidential: no >> Severity: serious >> Priority: medium >> Responsible: port-amd64-maintainer >> State: open >> Class: sw-bug >> Submitter-Id: net >> Arrival-Date: Sat Sep 12 03:45:00 +0000 2020 >> Originator: Ben Gergely >> Release: >> Organization: >> Environment: > NetBSD 9.99.72 amd64 >> Description: > When APs are rebooted they seem to send a special deauth that triggers a panic, only encountered this occasionally as it was scheduled for 4am and I'm not always around to see it. > > But can trigger it by just telling the AP to reboot (it deauths all the clients before it does that). > > Initially thought it was wpi specific but have the same behavior with ath. > > Other types of de-authentications don't trigger a panic. > > Could it be sending along an unexpected deauth code in the deauth packet when its rebooting? > > > bt from ath and wpi: > > [ 2548.592760] panic: kernel diagnostic assertion "!cpu_softintr_p()" failed: file "/usr/src/sys/kern/subr_kmem.c", line 337 > [ 2548.592760] cpu0: Begin traceback... > [ 2548.592760] vpanic() at netbsd:vpanic+0x152 > [ 2548.592760] __x86_indirect_thunk_rax() at netbsd:__x86_indirect_thunk_rax > [ 2548.592760] kmem_free() at netbsd:kmem_free+0x82 > [ 2548.592760] _ieee80211_crypto_delkey() at netbsd:_ieee80211_crypto_delkey+0x64 > [ 2548.592760] ieee80211_crypto_delkey() at netbsd:ieee80211_crypto_delkey+0x24 > [ 2548.592760] ieee80211_node_delucastkey() at netbsd:ieee80211_node_delucastkey+0xc3 > [ 2548.592760] ieee80211_sta_leave() at netbsd:ieee80211_sta_leave+0x1c > [ 2548.592760] ieee80211_newstate() at netbsd:ieee80211_newstate+0x18d > [ 2548.592760] ath_newstate() at netbsd:ath_newstate+0x2ed > [ 2548.592760] ath_bmiss_proc_si() at netbsd:ath_bmiss_proc_si+0x13a > [ 2548.592760] softint_dispatch() at netbsd:softint_dispatch+0x2d1 > [ 2548.592760] DDB lost frame for netbsd:Xsoftintr+0x4f, trying 0xffffa700ae4840f0 > [ 2548.592760] Xsoftintr() at netbsd:Xsoftintr+0x4f > [ 2548.592760] --- interrupt --- > [ 2548.592760] cccc8ccc4dccddcc: > [ 2548.592760] cpu0: End traceback... > > [ 1000.479797] panic: kernel diagnostic assertion "!cpu_softintr_p()" failed: file "/usr/src/sys/kern/subr_kmem.c", line 337 > [ 1000.479797] cpu0: Begin traceback... > [ 1000.479797] vpanic() at netbsd:vpanic+0x152 > [ 1000.479797] __x86_indirect_thunk_rax() at netbsd:__x86_indirect_thunk_rax > [ 1000.479797] kmem_free() at netbsd:kmem_free+0x82 > [ 1000.479797] _ieee80211_crypto_delkey() at netbsd:_ieee80211_crypto_delkey+0x64 > [ 1000.479797] ieee80211_crypto_delkey() at netbsd:ieee80211_crypto_delkey+0x24 > [ 1000.479797] ieee80211_node_delucastkey() at netbsd:ieee80211_node_delucastkey+0xc3 > [ 1000.479797] ieee80211_sta_leave() at netbsd:ieee80211_sta_leave+0x1c > [ 1000.479797] ieee80211_newstate() at netbsd:ieee80211_newstate+0x354 > [ 1000.479797] iwn_newstate() at netbsd:iwn_newstate+0x346 > [ 1000.479797] ieee80211_recv_mgmt() at netbsd:ieee80211_recv_mgmt+0xb4c > [ 1000.479797] ieee80211_input() at netbsd:ieee80211_input+0x408 > [ 1000.479797] iwn_notif_intr() at netbsd:iwn_notif_intr+0x515 > [ 1000.479797] iwn_softintr() at netbsd:iwn_softintr+0x311 > [ 1000.479797] softint_dispatch() at netbsd:softint_dispatch+0x2d1 > [ 1000.479797] DDB lost frame for netbsd:Xsoftintr+0x4f, trying 0xffffac00ae4840f0 > [ 1000.479797] Xsoftintr() at netbsd:Xsoftintr+0x4f > [ 1000.479797] --- interrupt --- > [ 1000.479797] cccc8ccc4dccddcc: > [ 1000.479797] cpu0: End traceback... > >> How-To-Repeat: >> Fix: The kmem_free is called from softint context wich isn't allowed. Those key allocation should be done via kmem_intr_alloc/kmem_intr_free. I've seen that as well and forgot about it after patching is locally. I'll commit that change. -- ----- You will continue to suffer if you have an emotional reaction to everything that is said to you. True power is sitting back and observing everything with logic. If words control you that means everyone else can control you. Breathe and allow things to pass. --- Bruce Lee
Attachment:
signature.asc
Description: OpenPGP digital signature