Bug 201105
| Summary: | iwlwifi: 8265: P2P: switching from client to groupowner leads to ASSERT 14FC | ||
|---|---|---|---|
| Product: | Drivers | Reporter: | Stefan (stefan.ursella) |
| Component: | network-wireless | Assignee: | DO NOT USE - assign "network-wireless-intel" component instead (linuxwifi) |
| Status: | CLOSED CODE_FIX | ||
| Severity: | normal | ||
| Priority: | P1 | ||
| Hardware: | Intel | ||
| OS: | Linux | ||
| Kernel Version: | 4.18.7 | Subsystem: | |
| Regression: | No | Bisected commit-id: | |
| Attachments: |
iwlfwdump and journal with wpa_supplicant debug level info
trace-cmd record -e iwlwifi -e mac80211 -e cfg80211 -e iwlwifi_msg trace-cmd record -e iwlwifi -e mac80211 -e cfg80211 -e iwlwifi_msg with wpa_supplicant debug debug patch to get more info debug patch to get more info trace-cmd record -e iwlwifi -e mac80211 -e cfg80211 -e iwlwifi_msg with wpa_supplicant debug + debug patch f real fix candidate |
||
What channel do you create your group on? Please paste the output of iw list Thanks. Wiphy phy1
max # scan SSIDs: 20
max scan IEs length: 422 bytes
Coverage class: 0 (up to 0m)
Device supports RSN-IBSS.
Device supports AP-side u-APSD.
Device supports T-DLS.
Supported Ciphers:
* WEP40 (00-0f-ac:1)
* WEP104 (00-0f-ac:5)
* TKIP (00-0f-ac:2)
* CCMP (00-0f-ac:4)
* CMAC (00-0f-ac:6)
Available Antennas: TX 0 RX 0
Supported interface modes:
* IBSS
* managed
* AP
* AP/VLAN
* monitor
* P2P-client
* P2P-GO
* P2P-device
Band 1:
Capabilities: 0x11ef
RX LDPC
HT20/HT40
SM Power Save disabled
RX HT20 SGI
RX HT40 SGI
TX STBC
RX STBC 1-stream
Max AMSDU length: 3839 bytes
DSSS/CCK HT40
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: 4 usec (0x05)
HT TX/RX MCS rate indexes supported: 0-15
Bitrates (non-HT):
* 1.0 Mbps
* 2.0 Mbps (short preamble supported)
* 5.5 Mbps (short preamble supported)
* 11.0 Mbps (short preamble supported)
* 6.0 Mbps
* 9.0 Mbps
* 12.0 Mbps
* 18.0 Mbps
* 24.0 Mbps
* 36.0 Mbps
* 48.0 Mbps
* 54.0 Mbps
Frequencies:
* 2412 MHz [1] (22.0 dBm)
* 2417 MHz [2] (22.0 dBm)
* 2422 MHz [3] (22.0 dBm)
* 2427 MHz [4] (22.0 dBm)
* 2432 MHz [5] (22.0 dBm)
* 2437 MHz [6] (22.0 dBm)
* 2442 MHz [7] (22.0 dBm)
* 2447 MHz [8] (22.0 dBm)
* 2452 MHz [9] (22.0 dBm)
* 2457 MHz [10] (22.0 dBm)
* 2462 MHz [11] (22.0 dBm)
* 2467 MHz [12] (22.0 dBm)
* 2472 MHz [13] (22.0 dBm)
* 2484 MHz [14] (disabled)
Band 2:
Capabilities: 0x11ef
RX LDPC
HT20/HT40
SM Power Save disabled
RX HT20 SGI
RX HT40 SGI
TX STBC
RX STBC 1-stream
Max AMSDU length: 3839 bytes
DSSS/CCK HT40
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: 4 usec (0x05)
HT TX/RX MCS rate indexes supported: 0-15
VHT Capabilities (0x039071b0):
Max MPDU length: 3895
Supported Channel Width: neither 160 nor 80+80
RX LDPC
short GI (80 MHz)
TX STBC
SU Beamformee
MU Beamformee
VHT RX MCS set:
1 streams: MCS 0-9
2 streams: MCS 0-9
3 streams: not supported
4 streams: not supported
5 streams: not supported
6 streams: not supported
7 streams: not supported
8 streams: not supported
VHT RX highest supported: 0 Mbps
VHT TX MCS set:
1 streams: MCS 0-9
2 streams: MCS 0-9
3 streams: not supported
4 streams: not supported
5 streams: not supported
6 streams: not supported
7 streams: not supported
8 streams: not supported
VHT TX highest supported: 0 Mbps
Bitrates (non-HT):
* 6.0 Mbps
* 9.0 Mbps
* 12.0 Mbps
* 18.0 Mbps
* 24.0 Mbps
* 36.0 Mbps
* 48.0 Mbps
* 54.0 Mbps
Frequencies:
* 5180 MHz [36] (22.0 dBm) (no IR)
* 5200 MHz [40] (22.0 dBm) (no IR)
* 5220 MHz [44] (22.0 dBm) (no IR)
* 5240 MHz [48] (22.0 dBm) (no IR)
* 5260 MHz [52] (22.0 dBm) (no IR, radar detection)
DFS state: usable (for 3672 sec)
* 5280 MHz [56] (22.0 dBm) (no IR, radar detection)
DFS state: usable (for 3672 sec)
* 5300 MHz [60] (22.0 dBm) (no IR, radar detection)
DFS state: usable (for 3672 sec)
* 5320 MHz [64] (22.0 dBm) (no IR, radar detection)
DFS state: usable (for 3672 sec)
* 5340 MHz [68] (disabled)
* 5360 MHz [72] (disabled)
* 5380 MHz [76] (disabled)
* 5400 MHz [80] (disabled)
* 5420 MHz [84] (disabled)
* 5440 MHz [88] (disabled)
* 5460 MHz [92] (disabled)
* 5480 MHz [96] (disabled)
* 5500 MHz [100] (22.0 dBm) (no IR, radar detection)
DFS state: usable (for 3672 sec)
* 5520 MHz [104] (22.0 dBm) (no IR, radar detection)
DFS state: usable (for 3672 sec)
* 5540 MHz [108] (22.0 dBm) (no IR, radar detection)
DFS state: usable (for 3672 sec)
* 5560 MHz [112] (22.0 dBm) (no IR, radar detection)
DFS state: usable (for 3672 sec)
* 5580 MHz [116] (22.0 dBm) (no IR, radar detection)
DFS state: usable (for 3672 sec)
* 5600 MHz [120] (22.0 dBm) (no IR, radar detection)
DFS state: usable (for 3672 sec)
* 5620 MHz [124] (22.0 dBm) (no IR, radar detection)
DFS state: usable (for 3672 sec)
* 5640 MHz [128] (22.0 dBm) (no IR, radar detection)
DFS state: usable (for 3672 sec)
* 5660 MHz [132] (22.0 dBm) (no IR, radar detection)
DFS state: usable (for 3672 sec)
* 5680 MHz [136] (22.0 dBm) (no IR, radar detection)
DFS state: usable (for 3672 sec)
* 5700 MHz [140] (22.0 dBm) (no IR, radar detection)
DFS state: usable (for 3672 sec)
* 5720 MHz [144] (22.0 dBm) (no IR, radar detection)
DFS state: usable (for 3672 sec)
* 5745 MHz [149] (22.0 dBm)
* 5765 MHz [153] (22.0 dBm)
* 5785 MHz [157] (22.0 dBm)
* 5805 MHz [161] (22.0 dBm)
* 5825 MHz [165] (22.0 dBm)
* 5845 MHz [169] (disabled)
* 5865 MHz [173] (disabled)
* 5885 MHz [177] (disabled)
* 5905 MHz [181] (disabled)
Supported commands:
* new_interface
* set_interface
* new_key
* start_ap
* new_station
* set_bss
* authenticate
* associate
* deauthenticate
* disassociate
* join_ibss
* remain_on_channel
* set_tx_bitrate_mask
* frame
* frame_wait_cancel
* set_wiphy_netns
* set_channel
* set_wds_peer
* tdls_mgmt
* tdls_oper
* start_sched_scan
* probe_client
* set_noack_map
* register_beacons
* start_p2p_device
* set_mcast_rate
* connect
* disconnect
* channel_switch
* Unknown command (104)
* Unknown command (105)
* Unknown command (121)
Supported TX frame types:
* IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
Supported RX frame types:
* IBSS: 0x40 0xb0 0xc0 0xd0
* managed: 0x40 0xd0
* AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* mesh point: 0xb0 0xc0 0xd0
* P2P-client: 0x40 0xd0
* P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* P2P-device: 0x40 0xd0
WoWLAN support:
* wake up on disconnect
* wake up on magic packet
* wake up on pattern match, up to 20 patterns of 16-128 bytes,
maximum packet offset 0 bytes
* can do GTK rekeying
* wake up on GTK rekey failure
* wake up on EAP identity request
* wake up on 4-way handshake
* wake up on rfkill release
software interface modes (can always be added):
* AP/VLAN
* monitor
valid interface combinations:
* #{ managed } <= 1, #{ AP, P2P-client, P2P-GO } <= 1, #{ P2P-device } <= 1,
total <= 3, #channels <= 2
HT Capability overrides:
* MCS: ff ff ff ff ff ff ff ff ff ff
* maximum A-MSDU length
* supported channel width
* short GI for 40 MHz
* max A-MPDU length exponent
* min MPDU start spacing
Device supports TX status socket option.
Device supports HT-IBSS.
Device supports low priority scan.
Device supports scan flush.
Hello, I don't select a special channel I add a group via d-bus interface fi.w1.wpa_supplicant1.Interface.P2PDevice and method GroupAdd only with the argument persistent=true Best Stefan we'll need tracing for this. Created attachment 278487 [details]
trace-cmd record -e iwlwifi -e mac80211 -e cfg80211 -e iwlwifi_msg
All right, so I can see that wpa_supplicant is opening a GO on channel 149. We had 149 open for GO based on your location as you can see in your iw list output. And then, it got disabled for beaconing operation and the supplicant knows that (because it asked for the information). Can you please run the wpa_supplicant with debug enabled and with -T so that the supplicant will send all its log to Linux tracing and it will be easy to sync the logs. Thanks. Created attachment 278531 [details]
trace-cmd record -e iwlwifi -e mac80211 -e cfg80211 -e iwlwifi_msg with wpa_supplicant debug
attached the trace with debug info from wpa_supplicant
Created attachment 278571 [details]
debug patch to get more info
We have been scratching our heads here and we don't really understand. We'll need to more help from your side.
Our conclusions so far:
* Wpa_s learnt that channel 149 is allowed in AP mode
* Wpa_s closes the interface and shuts down the interface. Because of that, all the knowledge about the regulatory in the firmware is now lost
* Wpa_s starts the P2P GO interface
* The firmware is started in a virgin state (Channel 149 is disabled)
* Wpa_s opens a GO on channel on Channel 149 and the firmware gets angry
iwlwifi should read the regulatory information from the firmware when it boots (with channel 149 disabled for AP mode) and let the upper layers know what the limitations are. This doesn't happen apparently.
Can you please try with the patch attached and send again the tracing data?
Thanks.
I think the patch above is useless... You can try, but I'll try to come up with a better patch early tomorrow morning. Created attachment 278593 [details]
debug patch to get more info
This one should be more useful, can you please send the result of tracing with this?
I'll need the -e cfg80211 switch in the tracing as well.
Thanks.
Created attachment 278623 [details]
trace-cmd record -e iwlwifi -e mac80211 -e cfg80211 -e iwlwifi_msg with wpa_supplicant debug + debug patch f
which kernel do you use I have to patch my mainline kernel to get IWL_WARN_DEV
The best would be to take the master branch of our backport tree: https://wireless.wiki.kernel.org/en/users/drivers/iwlwifi/core_release I'll analyze the tracing on Thursday. Hi,
can you please try this?
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
index 3e92a11..0e4a17e 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
@@ -329,6 +329,7 @@ struct ieee80211_regdomain *iwl_mvm_get_regdomain(struct wiphy *wiphy,
if (changed)
*changed = (resp->status == MCC_RESP_NEW_CHAN_PROFILE);
+ *changed = true;
regd = iwl_parse_nvm_mcc_info(mvm->trans->dev, mvm->cfg,
__le32_to_cpu(resp->n_channels),
I guess this will prevent the ASSERT but we still need to understand how to fix the flow properly.
Hello, sorry for the delay, I will have a look at your path tomorrow.. Hi, yes, with this hack I can prevent the crash. Thanks. I am on vacation, will get back to you end of next week. Created attachment 278903 [details]
real fix candidate
Hi,
please confirm that this fixes the problem.
Thanks.
Kind reminder :) We are waiting for your input to merge the patch. Thanks. Hi, the patch looks good. I'm not able to reproduce the crash. Thanks... (In reply to Stefan from comment #19) > Hi, > the patch looks good. I'm not able to reproduce the crash. > > Thanks... Ok, great. Thanks for reporting. Was quite fun to debug ;) |
Created attachment 278473 [details] iwlfwdump and journal with wpa_supplicant debug level info firmware version: iwlwifi 0000:02:00.0: loaded firmware version 36.e91976c0.0 op_mode iwlmvm We activate p2p interface, configure wps method push_button in wpa_supplicant. Then we activate extended listing to wait for requests. Then we connect with a windows laptop via miracast to our device. GOIntent is set to 0 to be shure that we are not the groupowner. Connection works fine. Now we disconnect the laptop and we restart wpa_supplicant and our daemon handling the p2p connection. Our p2p daemon is now starting with a different configuration: We don't start listing we add a group to our p2p interface. Now the firmware is crashing. When we restart our p2pd with the same configuration then we have no problem. We are only able to start the group when we reload iwlmvm and iwlwifi modules. I have added the dump and the journal... Best Stefan