system/5154: USB wifi prism3 hostap mode

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

system/5154: USB wifi prism3 hostap mode

Manuel Pata
>Number:         5154
>Category:       system
>Synopsis:       setting a wifi usb prism3 module to hostap mode crashes the system
>Confidential:   yes
>Severity:       critical
>Priority:       medium
>Responsible:    bugs
>State:          open
>Quarter:        
>Keywords:      
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Jun 12 23:40:02 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Manuel Pata
>Release:        3.9-current
>Organization:
net
>Environment:
       
        System      : OpenBSD 3.9
        Architecture: OpenBSD.i386
        Machine     : i386
        dmesg    :

[ using 513448 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
        The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2006 OpenBSD. All rights reserved.  http://www.OpenBSD.org

OpenBSD 3.9-current (GENERIC) #877: Sun Jun 11 22:08:18 MDT 2006
    [hidden email]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III ("GenuineIntel" 686-class) 697 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,SER,MMX,FXSR,SSE
cpu0: unknown i686 model 8, can't get bus clock
real mem  = 133722112 (130588K)
avail mem = 114978816 (112284K)
using 1657 buffers containing 6787072 bytes (6628K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(ff) BIOS, date 12/26/01, BIOS32 rev. 0 @ 0xf0210, SMBIOS rev. 2.3 @ 0xf8280 (37 entries)
bios0: Acer TravelMate 520
apm0 at bios0: Power Management spec V1.2 (BIOS mgmt disabled)
apm0: APM power management enable: unrecognized device ID (9)
apm0: APM engage (device 1): power management disabled (1)
apm0: AC on, battery charge unknown, charging
apm0: flags f0102 dobusy 1 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf0200/0xb00
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfb9d0/128 (6 entries)
pcibios0: no compatible PCI ICU found: ICU vendor 0xffff product 0xffff
pcibios0: PCI bus #3 is the last bus
bios0: ROM list: 0xc0000/0x10000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Acer Labs M1621 PCI" rev 0x05
ppb0 at pci0 dev 1 function 0 "Acer Labs M5247 AGP/PCI-PC" rev 0x01
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Mobility 1" rev 0x64
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
autri0 at pci0 dev 6 function 0 "Acer Labs M5451 Audio" rev 0x01: irq 10
ac97: codec id 0x43525934 (Cirrus Logic CS4299 rev 4)
ac97: codec features headphone, 20 bit DAC, 18 bit ADC, Crystal Semi 3D
audio0 at autri0
midi0 at autri0: <4DWAVE MIDI UART>
pcib0 at pci0 dev 7 function 0 "Acer Labs M1533 ISA" rev 0x00
fxp0 at pci0 dev 10 function 0 "Intel 8255x" rev 0x08, i82559: irq 10, address 00:00:e2:44:ea:ac
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
pciide0 at pci0 dev 16 function 0 "Acer Labs M5229 UDMA IDE" rev 0xc3: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: <IBM-DJSA-210>
wd0: 16-sector PIO, LBA, 9590MB, 19640880 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <MATSHITA, CD-ROM CR-177, 7T03> SCSI0 5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
alipm0 at pci0 dev 17 function 0 "Acer Labs M7101 Power" rev 0x00: 74KHz clock
iic0 at alipm0
cbb0 at pci0 dev 19 function 0 "O2 Micro OZ6933 CardBus" rev 0x01: irq 11
cbb1 at pci0 dev 19 function 1 "O2 Micro OZ6933 CardBus" rev 0x01: irq 11
ohci0 at pci0 dev 20 function 0 "Acer Labs M5237 USB" rev 0x03: irq 11, version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: Acer Labs OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi1 at pcppi0: <PC speaker>
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom0: console
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 2 device 0 cacheline 0x0, lattimer 0x20
pcmcia0 at cardslot0
cardslot1 at cbb1 slot 1 flags 0
cardbus1 at cardslot1: bus 3 device 0 cacheline 0x0, lattimer 0x20
pcmcia1 at cardslot1
biomask eb65 netmask ef65 ttymask ffe7
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
wi0 at uhub0 port 1
wi0: BayNETGEAR 802.11b, rev 1.10/1.32, addr 2
wi0: PRISM3 (USB) (0x8026), Firmware 1.1.3 (primary), 1.7.0 (station), address 00:09:5b:41:ae:ee
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
Automatic boot in progress: starting file system checks.

>Description:
        The system crashes when I try to set the mediaopt of the usb wifi module to 'hostap' using ifconfig. If I set it to Host AP mode using 'wicontrol -p 6' it doesn't crash immediately, only on the next command sent to the card either using ifconfig or wicontrol.
        Trying to set the card to adhoc mode and then to hostap mode will result in: 'ifconfig: SIOCSIFMEDIA: Invalid argument' as expected.

usb_insert_transfer: xfer=0xd0b0b100 not busy 0x4f4e5155
wi0: wi_send_packet: error=INVAL
wi0: wi_mgmt_xmit: xmit failed
usb_insert_transfer: xfer=0xd0b0b100 not busy 0x4f4e5155
wi0: wi_usb_do_transmit_sync error=INVAL
usb_insert_transfer: xfer=0xd0b0b100 not busy 0x4f4e5155
wi0: wi_usb_do_transmit_sync error=INVAL
usb_insert_transfer: xfer=0xd0b0b100 not busy 0x4f4e5155
wi0: wi_usb_do_transmit_sync error=INVAL
wi0: init failed
uvm_fault(0xd3d4ca50, 0x0, 0, 3) -> e
kernel: page fault trap, code=0
Stopped at      bcopy+0x1a:     repe movsl      (%esi),%es:(%edi)
ddb> trace
bcopy(d0b20000,1,0,dadbc228,44) at bcopy+0x1a
wi_mgmt_xmit(d0b20000,d0b2122c,20,d0b20000,d06cf908) at wi_mgmt_xmit+0x6e
wihap_sta_disassoc(d0b20000,d06d1560,8) at wihap_sta_disassoc+0xa1
wihap_shutdown(d0b20000,dac6a7a0,dadbc340,d02bc41a) at wihap_shutdown+0xe2
wi_stop(d0b20000,dac6a770,0,50) at wi_stop+0x11
wi_init_io(d0b20000,d0200c29,448df295,f814,d3d39390) at wi_init_io+0x8b3
wi_init_usb(d0b20000,d0b20030,8020690c,d0b1e800,d06cf908) at wi_init_usb+0x1e
wi_ioctl(d0b20030,8020690c,d0b1e800,2,0) at wi_ioctl+0x1eb
wi_ioctl_usb(d0b20030,8020690c,d0b1e800,dadbccb4) at wi_ioctl_usb+0x28
in6_purgeif(d0b20030,d0b1e800,dadbcc98,1) at in6_purgeif+0x6ed
in6_update_ifa(d0b20030,dadbcc88,0,0) at in6_update_ifa+0x1f5
in6_domifdetach(d0b20030,0,dadbce68,dadbce68,0) at in6_domifdetach+0x547
in6_ifattach(d0b20030,0,dadbce30,d035f8cb,d3d117f8) at in6_ifattach+0xd9
in6_if_up(d0b20030,c0206935,dadbce68,2d,22ec800) at in6_if_up+0x12
ifioctl(d3d117f8,8040691a,dadbce68,d3c77710,0) at ifioctl+0x1f4
sys_ioctl(d3c77710,dadbcf68,dadbcf58,3c001c00,25f) at sys_ioctl+0x125
syscall() at syscall+0x2ea
--- syscall (number 54) ---
0x1c007849:
ddb> show registers
ds                  0x10
es                  0x10
fs                  0x58
gs            0xd06c0010        ukbd_ca+0xc50
edi                    0
esi           0xdadbc228        end+0xa6021b8
ebp           0xdadbc1f0        end+0xa602180
ebx                    0
edx           0xd0b20000        end+0x365f90
ecx                 0x11
eax           0x25243dd8
eip           0xd020065e        bcopy+0x1a
cs                   0x8
eflags           0x10206
esp           0xdadbc1bc        end+0xa60214c
ss            0xdadb0010        end+0xa5f5fa0
bcopy+0x1a:     repe movsl      (%esi),%es:(%edi)
ddb> ps
   PID   PPID   PGRP    UID  S       FLAGS  WAIT       COMMAND
*31454  25361  31454      0  7      0x4006             ifconfig
 11138      1  11138      0  3      0x4086  ttyin      getty
 14792      1  14792      0  3      0x4086  ttyin      getty
 12165      1  12165      0  3      0x4086  ttyin      getty
  2457      1   2457      0  3      0x4086  ttyin      getty
 25361      1  25361   1000  3      0x4086  pause      ksh
  6724      1   6724      0  3        0x84  poll       wsmoused
  8826      1   8826      0  3        0x84  select     cron
  3132      1   3132      0  3        0x84  kqread     apmd
  8576      1   8576      0  3        0x84  select     sshd
 17482   1508   1508     73  2       0x184             syslogd
  1508      1   1508      0  3        0x84  netio      syslogd
    16      0      0      0  3    0x100204  crypto_wa  crypto
    15      0      0      0  3    0x100204  aiodoned   aiodoned
    14      0      0      0  3    0x100204  syncer     update
    13      0      0      0  3    0x100204  cleaner    cleaner
    12      0      0      0  3    0x100204  reaper     reaper
    11      0      0      0  3    0x100204  pgdaemon   pagedaemon
    10      0      0      0  3    0x100204  wiIDL      wi0
     9      0      0      0  3    0x100204  pftm       pfpurge
     8      0      0      0  3    0x100204  cardslote  cardslot1
     7      0      0      0  3    0x100204  cardslote  cardslot0
     6      0      0      0  3    0x100204  wait       wskbd_hotkey
     5      0      0      0  3    0x100204  usbtsk     usbtask
     4      0      0      0  3    0x100204  usbevt     usb0
     3      0      0      0  3    0x100204  apmev      apm0
     2      0      0      0  3    0x100204  kmalloc    kmthread
     1      0      1      0  3      0x4084  wait       init
     0     -1      0      0  3     0x80204  scheduler  swapper
ddb> show panic
the kernel did not panic
ddb> continue
uvm_fault(0xd3d4ca50, 0x0, 0, 3) -> e
kernel: page fault trap, code=0
Stopped at      bcopy+0x1a:     repe movsl      (%esi),%es:(%edi)
ddb> continue
uvm_fault(0xd3d4ca50, 0x0, 0, 3) -> e
kernel: page fault trap, code=0
Stopped at      bcopy+0x1a:     repe movsl      (%esi),%es:(%edi)
ddb> boot reboot
usb_insert_transfer: xfer=0xd0b0b100 not busy 0x4f4e5155
wi0: wi_usb_do_transmit_sync error=INVAL


>How-To-Repeat:
        ifconfig wi0 nwid foobar mediaopt hostap inet 192.168.1.1
        or:
                ifconfig wi0 inet 192.168.1.1 nwid foobar
                wicontrol wi0 -p 6
                wicontrol wi0 -p 1
        or:
                ifconfig wi0 inet 192.168.1.1 nwid foobar inet adhoc
                wicontrol wi0 -p 1|6
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted: