On Thu, 28 Oct 2021 10:10:23 +0000 Klemens Nanni <k...@openbsd.org> wrote: > On Tue, Sep 14, 2021 at 05:52:08PM -0400, James Hastings wrote: > > >Synopsis: run(4): connecting to WEP network. panic: null node > > >Category: kernel > > >Environment: > > System : OpenBSD 7.0 > > Details : OpenBSD 7.0-beta (GENERIC.MP) #206: Thu Sep 9 09:24:02 > > MDT 2021 > > > > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > > > Architecture: OpenBSD.amd64 > > Machine : amd64 > > >Description: > > I was testing various networks with a Ralink RT5370 USB run(4) device. > > Connecting to a WEP-enabled SSID reliably produces the following kernel > > panic: > > I looked at this out of curiosity and the code seems obviously wrong. > > > panic: null node > > Stopped at db_enter+0x10: popq %rbp > > TID PID UID PRFLAGS PFLAGS CPU COMMAND > > *515938 8927 0 0x14000 0x200 3K usbtask > > db_enter() at db_enter+0x10 > > panic(ffffffff81e29b27) at panic+0xbf > > ieee80211_send_mgmt(ffff800000e7d048,0,c0,3,0) at ieee80211_send_mgmt+0x3aa > > run_set_key_cb(ffff800000e7d000,ffff800000e7fe00) at run_set_key_cb+0x76 > > run_task(ffff800000e7d000) at run_task+0xa9 > > usb_task_thread(ffff800022d72550) at usb_task_thread+0x135 > > end trace frame: 0x0, count: 9 > > run_init() does this > > if (ic->ic_flags & IEEE80211_F_WEPON) { > /* install WEP keys */ > for (i = 0; i < IEEE80211_WEP_NKID; i++) > (void)run_set_key(ic, NULL, &ic->ic_nw_keys[i]); > } > > run_set_key() passes that NULL argument unaltered to run_set_key_cb() > which eventually calls ieee80211_send_mgmt() with a NULL `ni' argument > which hits the panic. > > I don't see how this can work; maybe an oversight whenever run(4) or > 802.11 was touched last?
Yes, apparently before https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/dev/usb/if_run.c.diff?r1=1.131&r2=1.132&f=h run_set_key_cb() wouldn't even look at 'cmd->ni'. > > > >How-To-Repeat: > > $ doas ifconfig run0 nwid MYWEPSSID nwkey 0xXXXXXXXXXX > > $ doas ifconfig run0 up > > <panic> > > >Fix: > > Unknown at this time. >
smime.p7s
Description: S/MIME cryptographic signature