Re: kern/144755: [iwi] [panic] iwi panic when issuing /etc/rc.d/netif restart on 8-STABLE r205159

Thu, 05 Aug 2010 14:02:32 -0700 

The following reply was made to PR kern/144755; it has been noted by GNATS.

From: Alex Kozlov <s...@rm-rf.kiev.ua>
To: Bernhard Schmidt <bschm...@techwires.net>,
        Edwin Groothuis <ed...@mavetju.org>, bug-follo...@freebsd.org,
        s...@rm-rf.kiev.ua
Cc:  
Subject: Re: kern/144755: [iwi] [panic] iwi panic when issuing
 /etc/rc.d/netif restart on 8-STABLE r205159
Date: Thu, 5 Aug 2010 23:55:43 +0300

 --mYCpIKhGyMATD0i+
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 On Thu, Aug 05, 2010 at 08:10:08PM +0000, Bernhard Schmidt wrote:
 > The following reply was made to PR kern/144755; it has been noted by GNATS.
 > 
 > From: Bernhard Schmidt <bschm...@techwires.net>
 > To: Edwin Groothuis <ed...@mavetju.org>
 > Cc: bug-follo...@freebsd.org
 > Subject: Re: kern/144755: [iwi] [panic] iwi panic when issuing 
 > /etc/rc.d/netif 
 >      restart on 8-STABLE r205159
 > Date: Thu, 5 Aug 2010 22:08:38 +0200
 > 
 >  --0015175cda7eab5eec048d191d67
 >  Content-Type: text/plain; charset=ISO-8859-1
 >  
 >  On Thu, Aug 5, 2010 at 00:31, Edwin Groothuis <ed...@mavetju.org> wrote:
 >  > [..]
 >  > Nice! Is there a workaround or patch available for testing?
 >  
 >  Please give the attached patch a try. It does not prevent
 >  wpa_supplicant from starting twice (for that you can define
 >  ctrl_interface= in wpa_supplicant.conf), but should no longer panic.
 I can reproduce this panic for if_rum, similiar patch also helps.
 
 wlan0: ieee80211_new_state_locked: pending RUN -> SCAN transition lost
 wlan0: ieee80211_new_state_locked: pending RUN -> SCAN transition lost
 
 Fatal trap 12: page fault while in kernel mode
 fault virtual address  = 0xffff
 fault code             = supervisor read, page not present
 instruction pointer    = 0x20:0xc0900d42
 stack pointer          = 0x28:0xc4f05bac
 frame pointer          = 0x28:0xc4f05bb8
 code segment           = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
 processor eflags       = interrupt enabled, resume, IOPL = 0
 current process                = 0 (rum0 taskq)
 trap number            = 12
 panic: page fault
 KDB: stack backtrace:
 db_trace_self_wrapper(c0669547,c06cb000,c0660c6a,c4f05a5c,c4f05a5c,...) at 
0xc0436706 = db_trace_self_wrapper+0x26
 panic(c0660c6a,c0680c79,c4f05b6c,1,1,...) at 0xc04b898d = panic+0xed
 trap_fatal(c06c9740,f000,1,0,c04c0ef6,...) at 0xc06474bd = trap_fatal+0x23d
 trap_pfault(0,c066c5e8,2d7,0,c06c9220,...) at 0xc064787a = trap_pfault+0x27a
 trap(c4f05b6c) at 0xc06481ab = trap+0x39b
 calltrap() at 0xc062d4ac = calltrap+0x6
 --- trap 0xc, eip = 0xc0900d42, esp = 0xc4f05bac, ebp = 0xc4f05bb8 ---
 ieee80211_getcapinfo(c5caa000,ffff,c08f415a,c5caa874,c5463d00,...) at 
0xc0900d42 = ieee80211_getcapinfo+0x71
 ieee80211_beacon_construct(c62a8000,18,676,c50f5c00,c54e3988,...) at 
0xc090308d = ieee80211_beacon_construct+0x67
 ieee80211_beacon_alloc(c62a8000,c5caa874,6,2c5,5,...) at 0xc09039a0 = 
ieee80211_beacon_alloc+0x93
 rum_newstate(c5caa000,5,ffffffff,652,c5362014,...) at 0xc9a9b55f = 
rum_newstate+0x259
 ieee80211_newstate_cb(c5caa000,4,0,c0695c9c,0,...) at 0xc0906eb8 = 
ieee80211_newstate_cb+0x7a
 taskqueue_run(c537db00,c537db18,0,c0661905,0,...) at 0xc04ef61a = 
taskqueue_run+0x8a
 taskqueue_thread_loop(c5362074,c4f05d38,0,0,0,...) at 0xc04efd74 = 
taskqueue_thread_loop+0x44
 fork_exit(c04efd30,c5362074,c4f05d38) at 0xc048e868 = fork_exit+0x88
 fork_trampoline() at 0xc062d524 = fork_trampoline+0x8
 
 
 --
 Adios
 
 --mYCpIKhGyMATD0i+
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: attachment; filename="patch.txt"
 
 Index: sys/dev/usb/wlan/if_rum.c
 @@ -719,7 +719,7 @@
                break;
  
        case IEEE80211_S_RUN:
 -              ni = vap->iv_bss;
 +              ni = ieee80211_ref_node(vap->iv_bss);
  
                if (vap->iv_opmode != IEEE80211_M_MONITOR) {
                        rum_update_slot(ic->ic_ifp);
 @@ -743,6 +743,7 @@
                tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
                if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE)
                        rum_ratectl_start(sc, ni);
 +              ieee80211_free_node(ni);
                break;
        default:
                break;
 @@ -2216,7 +2217,7 @@
        struct ieee80211com *ic = vap->iv_ic;
        struct ifnet *ifp = ic->ic_ifp;
        struct rum_softc *sc = ifp->if_softc;
 -      struct ieee80211_node *ni = vap->iv_bss;
 +      struct ieee80211_node *ni;
        int ok, fail;
        int sum, retrycnt;
  
 @@ -2230,8 +2231,10 @@
        sum = ok+fail;
        retrycnt = (le32toh(sc->sta[5]) & 0xffff) + fail;
  
 +      ni = ieee80211_ref_node(vap->iv_bss);
        ieee80211_ratectl_tx_update(vap, ni, &sum, &ok, &retrycnt);
        (void) ieee80211_ratectl_rate(ni, NULL, 0);
 +      ieee80211_free_node(ni);
  
        ifp->if_oerrors += fail;        /* count TX retry-fail as Tx errors */
  
 
 --mYCpIKhGyMATD0i+--
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Reply via email to