Issue related to 5GHz scan results

Hi @Loic,

We are working on a product based on APQ8016E and using WCN3660B (Linaro-20.07).

We’ve found a new Wi-Fi related issue.

Issue description:

The device sporadically doesn’t find part of 5GHz networks that exist in the air.
The networks are with good RSSI and during the tests the routers are placed in a few meters from the device.
We didn’t find any relation to specific router type. It reproduces with any router we tested.

Have you faced any such issue or anyone else reported such issue? I will provide further details soon.

Regards,
Parth Y Shah

Hi @Loic,

You may see below, sometimes 5G network not visible in the scan results.

root@linaro-alip:/home/linaro# wpa_cli scan; sleep 25; wpa_cli scan_results
Selected interface ‘wlan0’
OK
[ 1847.608704] wcn36xx_sw_scan_complete: op-ch 2
Selected interface ‘wlan0’
bssid / frequency / signal level / flags / ssid
d8:47:32:91:e1:ae 2417 -66 [WPA2-PSK-CCMP][WPS][ESS] PARTH_WIFI
d8:0d:17:c1:84:2c 2422 -70 [WPA2-PSK-CCMP+TKIP][WPS][ESS] M@rgeshR@j
50:d4:f7:47:78:0e 2417 -81 [WPA2-PSK-CCMP+TKIP][WPS][ESS] R-virus
04:95:e6:7c:b7:58 2432 -77 [WPA-PSK-CCMP][WPA2-PSK-CCMP][ESS] Don’t Try
e4:47:b3:97:b7:5e 2457 -83 [WPA-PSK-CCMP+TKIP][WPA2-PSK-CCMP+TKIP][WPS][ESS] Manan
d8:32:14:88:07:98 2457 -87 [WPA-PSK-CCMP][WPA2-PSK-CCMP][ESS] Tenda
04:d9:f5:c2:de:bc 5220 -27 [WPA2-PSK-CCMP][ESS] ASUS_B8_5G
04:d9:f5:c2:de:b8 2437 -36 [WPA2-PSK-CCMP][ESS] ASUS_B8_2G
f0:b4:d2:1a:62:13 2412 -88 [WPA2-PSK-CCMP][ESS] firststep

root@linaro-alip:/home/linaro# wpa_cli scan; sleep 25; wpa_cli scan_results
Selected interface ‘wlan0’
OK
[ 1877.103400] wcn36xx_sw_scan_complete: op-ch 2
Selected interface ‘wlan0’
bssid / frequency / signal level / flags / ssid
d8:47:32:91:e1:ae 2417 -67 [WPA2-PSK-CCMP][WPS][ESS] PARTH_WIFI
d8:0d:17:c1:84:2c 2422 -68 [WPA2-PSK-CCMP+TKIP][WPS][ESS] M@rgeshR@j
04:95:e6:7c:b7:58 2432 -77 [WPA-PSK-CCMP][WPA2-PSK-CCMP][ESS] Don’t Try
e4:47:b3:97:b7:5e 2457 -85 [WPA-PSK-CCMP+TKIP][WPA2-PSK-CCMP+TKIP][WPS][ESS] Manan
04:d9:f5:c2:de:b8 2437 -34 [WPA2-PSK-CCMP][ESS] ASUS_B8_2G
f0:b4:d2:1a:62:13 2412 -88 [WPA2-PSK-CCMP][ESS] firststep

root@linaro-alip:/home/linaro# wpa_cli scan; sleep 25; wpa_cli scan_results
Selected interface ‘wlan0’
OK
[ 2279.929442] wcn36xx_sw_scan_complete: op-ch 2
Selected interface ‘wlan0’
bssid / frequency / signal level / flags / ssid
d8:47:32:91:e1:ae 2417 -75 [WPA2-PSK-CCMP][WPS][ESS] PARTH_WIFI
d8:0d:17:c1:84:2c 2422 -73 [WPA2-PSK-CCMP+TKIP][WPS][ESS] M@rgeshR@j
e4:47:b3:97:b7:5e 2457 -85 [WPA-PSK-CCMP+TKIP][WPA2-PSK-CCMP+TKIP][WPS][ESS] Manan
04:d9:f5:c2:de:b8 2437 -36 [WPA2-PSK-CCMP][ESS] ASUS_B8_2G
04:95:e6:7c:b7:58 2432 -81 [WPA-PSK-CCMP][WPA2-PSK-CCMP][ESS] Don’t Try
c8:3a:35:4e:57:f8 2462 -85 [WPA-PSK-CCMP+TKIP][WPA2-PSK-CCMP+TKIP][ESS] INTEX_4E57F8

Regards.

@Loic

We have made a script to check this issue further.

#!/bin/sh
for x in `seq 1 10`; do
        date
        wpa_cli scan_result | grep -q ASUS_B8_5G && echo 'ASUS_B8_5G-ok' || echo 'ASUS_B8_5G-error'
        wpa_cli scan_result | grep -q yogesh && echo 'yogesh-ok' || echo 'yogesh-error'
        echo -e '\n'

        for i in `seq 1 4`
        do
                wpa_cli scan > /dev/null
                sleep 30
        done

        wpa_cli scan > /dev/null
        sleep 5
done>> scan_wpa.log

Here, “ASUS_B8_5G” and “yogesh” are 5G networks.

Results:

root@linaro-alip:/home/linaro# cat scan_wpa.log | grep 'ASUS_B8_5G-ok\|ASUS_B8_5G-error\|yogesh-ok\|yogesh-error\|' -o | sort | uniq -c                                                
      2 ASUS_B8_5G-error
     10 ASUS_B8_5G-ok
      5 yogesh-error
      7 yogesh-ok

It throws error when the 5G network not found in the scan_results.

  1. Have you set a country code allowing active scanning?
    check the active scan is allowed with iw list

  2. Sniff the AP channel while scanning, do you see any probe request? what about other channels?

  3. What is the beacon interval of the problematic AP? in case of passive scanning you may miss AP if beacon interval is too high comparing to the listening duration.

  4. What is the value of passive listening duration? AFAIK default is 100ms in mac80211 but you may have customized that to reduce your scanning time?

@loic,

We keep the country code as 00 as of now. Below is output of iw list.

root@linaro-alip:/home/linaro# iw list
Wiphy phy0
max # scan SSIDs: 9
max scan IEs length: 453 bytes
max # sched scan SSIDs: 0
max # match sets: 0
max # scan plans: 1
max scan plan interval: -1
max scan plan iterations: 0
Retry short limit: 7
Retry long limit: 4
Coverage class: 0 (up to 0m)
Supported Ciphers:
* WEP40 (00-0f-ac:1)
* WEP104 (00-0f-ac:5)
* TKIP (00-0f-ac:2)
* CCMP-128 (00-0f-ac:4)
Available Antennas: TX 0 RX 0
Supported interface modes:
* IBSS
* managed
* AP
* AP/VLAN
* monitor
Band 1:
Capabilities: 0x903c
HT20
SM Power Save disabled
RX Greenfield
RX HT20 SGI
No RX STBC
Max AMSDU length: 3839 bytes
DSSS/CCK HT40
L-SIG TXOP protection
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: 16 usec (0x07)
HT Max RX data rate: 72 Mbps
HT TX/RX MCS rate indexes supported: 0-7
Bitrates (non-HT):
* 1.0 Mbps
* 2.0 Mbps (short preamble supported)
* 5.5 Mbps (short preamble supported)
* 11.0 Mbps (short preamble supported)
* 6.0 Mbps
* 9.0 Mbps
* 12.0 Mbps
* 18.0 Mbps
* 24.0 Mbps
* 36.0 Mbps
* 48.0 Mbps
* 54.0 Mbps
Frequencies:
* 2412 MHz [1] (20.0 dBm)
* 2417 MHz [2] (20.0 dBm)
* 2422 MHz [3] (20.0 dBm)
* 2427 MHz [4] (20.0 dBm)
* 2432 MHz [5] (20.0 dBm)
* 2437 MHz [6] (20.0 dBm)
* 2442 MHz [7] (20.0 dBm)
* 2447 MHz [8] (20.0 dBm)
* 2452 MHz [9] (20.0 dBm)
* 2457 MHz [10] (20.0 dBm)
* 2462 MHz [11] (20.0 dBm)
* 2467 MHz [12] (20.0 dBm) (no IR)
* 2472 MHz [13] (20.0 dBm) (no IR)
* 2484 MHz [14] (20.0 dBm) (no IR)
Band 2:
Capabilities: 0x907e
HT20/HT40
SM Power Save disabled
RX Greenfield
RX HT20 SGI
RX HT40 SGI
No RX STBC
Max AMSDU length: 3839 bytes
DSSS/CCK HT40
L-SIG TXOP protection
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: 16 usec (0x07)
HT Max RX data rate: 72 Mbps
HT TX/RX MCS rate indexes supported: 0-7
Bitrates (non-HT):
* 6.0 Mbps
* 9.0 Mbps
* 12.0 Mbps
* 18.0 Mbps
* 24.0 Mbps
* 36.0 Mbps
* 48.0 Mbps
* 54.0 Mbps
Frequencies:
* 5180 MHz [36] (20.0 dBm)
* 5200 MHz [40] (20.0 dBm) (no IR)
* 5220 MHz [44] (20.0 dBm)
* 5240 MHz [48] (20.0 dBm)
* 5260 MHz [52] (20.0 dBm) (no IR, radar detection)
* 5280 MHz [56] (20.0 dBm) (no IR, radar detection)
* 5300 MHz [60] (20.0 dBm) (no IR, radar detection)
* 5320 MHz [64] (20.0 dBm) (no IR, radar detection)
* 5500 MHz [100] (20.0 dBm) (no IR, radar detection)
* 5520 MHz [104] (20.0 dBm) (no IR, radar detection)
* 5540 MHz [108] (20.0 dBm) (no IR, radar detection)
* 5560 MHz [112] (20.0 dBm) (no IR, radar detection)
* 5580 MHz [116] (20.0 dBm) (no IR, radar detection)
* 5600 MHz [120] (20.0 dBm) (no IR, radar detection)
* 5620 MHz [124] (20.0 dBm) (no IR, radar detection)
* 5640 MHz [128] (20.0 dBm) (no IR, radar detection)
* 5660 MHz [132] (20.0 dBm) (no IR, radar detection)
* 5700 MHz [140] (20.0 dBm) (no IR, radar detection)
* 5745 MHz [149] (20.0 dBm)
* 5765 MHz [153] (20.0 dBm)
* 5785 MHz [157] (20.0 dBm)
* 5805 MHz [161] (20.0 dBm)
* 5825 MHz [165] (20.0 dBm)
Supported commands:
* new_interface
* set_interface
* new_key
* start_ap
* new_station
* set_bss
* authenticate
* associate
* deauthenticate
* disassociate
* join_ibss
* remain_on_channel
* set_tx_bitrate_mask
* frame
* frame_wait_cancel
* set_wiphy_netns
* set_channel
* set_wds_peer
* probe_client
* set_noack_map
* register_beacons
* start_p2p_device
* set_mcast_rate
* connect
* disconnect
* set_qos_map
* set_multicast_to_unicast
Supported TX frame types:
* IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
Supported RX frame types:
* IBSS: 0x40 0xb0 0xc0 0xd0
* managed: 0x40 0xb0 0xd0
* AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* mesh point: 0xb0 0xc0 0xd0
* P2P-client: 0x40 0xd0
* P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* P2P-device: 0x40 0xd0
WoWLAN support:
* wake up on anything (device continues operating normally)
software interface modes (can always be added):
* AP/VLAN
* monitor
interface combinations are not supported
HT Capability overrides:
* MCS: ff ff ff ff ff ff ff ff ff ff
* maximum A-MSDU length
* supported channel width
* short GI for 40 MHz
* max A-MPDU length exponent
* min MPDU start spacing
Device supports TX status socket option.
Device supports HT-IBSS.
Device supports SAE with AUTHENTICATE command
Device supports scan flush.
Device supports per-vif TX power setting
Driver supports full state transitions for AP/GO clients
Driver supports a userspace MPM
Device supports configuring vdev MAC-addr on create.

This issue is not happening on any specific channel or AP, it happens randomly with any AP or any 5G channel. We have not changed value of passive listening duration, it is the same as Linaro-20.07

Hi @Loic,

Is there any update here?

Regards,
Parth Y Shah

Have you try capturing data while scanning: