On Sun, May 09, 2021 at 08:28:14PM +0000, Mikolaj Kucharski wrote: > ..and in case timestamps may give a bit more clue, here is example from > one of the accesspoints:
Yes, this is insightful: > # grep -F ieee80211_encap /var/log/messages > 2021-05-09T11:35:31.155Z pce-0041 /bsd: ieee80211_encap: data frame for node > c0:ee:fb:33:f0:11 in state 4 At this point the node was in COLLECT state. This happens if the node deliberately disassociates or if the AP doesn't see activity from the node for a while. Which should be a common case for phones that walk in and out of range. > 2021-05-09T11:36:07.957Z pce-0041 /bsd: ieee80211_encap: data frame for node > c0:ee:fb:33:f0:11 in state 4 > 2021-05-09T11:36:07.964Z pce-0041 /bsd: ieee80211_encap: data frame for node > c0:ee:fb:33:f0:11 in state 4 > 2021-05-09T19:14:34.117Z pce-0041 /bsd: ieee80211_encap: data frame for node > c0:ee:fb:33:f0:11 in state 4 > 2021-05-09T19:14:34.567Z pce-0041 /bsd: ieee80211_encap: data frame for node > c0:ee:fb:33:f0:11 in state 4 > 2021-05-09T19:14:37.467Z pce-0041 /bsd: ieee80211_encap: data frame for node > c0:ee:fb:33:f0:11 in state 4 > 2021-05-09T19:14:44.217Z pce-0041 /bsd: ieee80211_encap: data frame for node > c0:ee:fb:33:f0:11 in state 4 My guess is that all of these frames were broadcasts which get sent to all nodes. It doesn't look like a data stream that targets this particular node since the packets are far apart from each other. > 2021-05-09T19:14:49.267Z pce-0041 /bsd: ieee80211_encap: data frame for node > c0:ee:fb:33:f0:11 in state 2 The phone came back, and is in state AUTH. Not sure why it stays in this state for a while. Maybe it has decided to try a different AP after all and never made it back into ASSOC state this time around? > 2021-05-09T19:14:50.317Z pce-0041 /bsd: ieee80211_encap: data frame for node > c0:ee:fb:33:f0:11 in state 2 > 2021-05-09T19:14:51.317Z pce-0041 /bsd: ieee80211_encap: data frame for node > c0:ee:fb:33:f0:11 in state 2 > 2021-05-09T19:14:53.317Z pce-0041 /bsd: ieee80211_encap: data frame for node > c0:ee:fb:33:f0:11 in state 2 > 2021-05-09T19:14:57.318Z pce-0041 /bsd: ieee80211_encap: data frame for node > c0:ee:fb:33:f0:11 in state 2 Perhaps the phone finally associated here. > 2021-05-09T19:16:06.170Z pce-0041 /bsd: ieee80211_encap: data frame for node > c0:ee:fb:33:f0:11 in state 4 And after a couple of minutes the AP has given up on the phone again. We don't have clear confirmation yet that this is indeed triggering the sw crypto panic but I believe it could. In any case, sending data frames to non-associated nodes is wrong and is clearly occurring here. I will commit the fix. Thank you for testing!
