From nobody@FreeBSD.org  Wed Jul  2 11:22:38 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B62DC1065678
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  2 Jul 2008 11:22:38 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id A4EAC8FC1E
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  2 Jul 2008 11:22:38 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m62BMcg9066945
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 2 Jul 2008 11:22:38 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m62BMctf066944;
	Wed, 2 Jul 2008 11:22:38 GMT
	(envelope-from nobody)
Message-Id: <200807021122.m62BMctf066944@www.freebsd.org>
Date: Wed, 2 Jul 2008 11:22:38 GMT
From: "Paul B. Mahol" <onemda@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: ndis with wep enters kdb.enter.unknown, panics
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         125181
>Category:       kern
>Synopsis:       [ndis] [patch] with wep enters kdb.enter.unknown, panics
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    thompsa
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jul 02 11:30:01 UTC 2008
>Closed-Date:    Thu Sep 29 19:35:07 UTC 2011
>Last-Modified:  Thu Sep 29 19:35:07 UTC 2011
>Originator:     Paul B. Mahol
>Release:        FreeBSD 8.0.CURRENT
>Organization:
>Environment:
FreeBSD Voyager 8.0-CURRENT FreeBSD 8.0-CURRENT #4: Sun Jun 29 00:01:49 CEST 2008     root@:/usr/local/obj/usr/local/src/sys/KERNEL  i386
>Description:
# ifconfig wlan0 up
# ifconfig wlan0 ssid MySSID wepmode on weptxkey 1
and
# ifconfig wlan0 ssid MySSID wepmode on weptxkey 1
or
# ifconfig wlan0 ssid MYSSID wepmode on wepkey abcde weptxkey 1

Panics occur only if wlan0 is up and only on SMP system.


>How-To-Repeat:
# ifconfig wlan0 create wlandev ndis0
# ifconfig wlan0 up
# ifconfig wlan0 ssid MySSID wepmode on weptxkey 1
# ifconfig wlan0 ssid MYSSID wepmode on wepkey abcde weptxkey 1
>Fix:
none, only workarounds

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: gavin 
State-Changed-When: Wed Jul 2 13:17:29 UTC 2008 
State-Changed-Why:  
To submitter: Could you give a copy of your dmesg output and "pciconf -l" 
relating to the device you are using ndis with please?  Also, it will be 
hard to diagnose this without the actual "panic text" taht is output.  If 
you have the debugger compiled in (which is default on -CURRENT), when you 
are dropped to the debugger prompt, please type "bt" and also give us the 
output of that command please. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=125181 
Responsible-Changed-From-To: freebsd-bugs->gavin 
Responsible-Changed-By: gavin 
Responsible-Changed-When: Wed Jul 2 13:20:50 UTC 2008 
Responsible-Changed-Why:  
Track 

http://www.freebsd.org/cgi/query-pr.cgi?pr=125181 

From: Gavin Atkinson <gavin@FreeBSD.org>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/125181: [ndis] with wep enters kdb.enter.unknown, panics
Date: Fri, 04 Jul 2008 11:13:40 +0100

 -------- Forwarded Message --------
 From: Paul B. Mahol <onemda@gmail.com>
 To: Gavin Atkinson <gavin@freebsd.org>
 Subject: Re: kern/125181: [ndis] with wep enters kdb.enter.unknown,
 panics
 Date: Fri, 4 Jul 2008 11:59:21 +0200
 
 Off course that I used new textdump (panic mesage), from new kernel,
 not from old one:
 
 Fatal trap 12: page fault while in kernel mode
 cpuid = 1; apic id = 01
 fault virtual address   = 0xc45b1198
 fault code              = supervisor read, page not present
 instruction pointer     = 0x20:0xc06f3004
 stack pointer           = 0x28:0xe63d9b1c
 frame pointer           = 0x28:0xe63d9c9c
 code segment            = base 0x0, limit 0xfffff, type 0x1b
                         = DPL 0, pres 1, def32 1, gran 1
 processor eflags        = interrupt enabled, resume, IOPL = 0
 current process         = 0 (ndis0 taskq)
 exclusive sleep mutex vm object (standard object) r = 0 (0xc105b174) locked @ /usr/local/src/sys/vm/vm_object.c:576
 exclusive sleep mutex vm object (standard object) r = 0 (0xc45b4174) locked @ /usr/local/src/sys/vm/vm_object.c:447
 exclusive sx user map r = 0 (0xc3ffad64) locked @ /usr/local/src/sys/vm/vm_map.c
 :2425
 
 
 addr2line -e /boot/kernel/kernel.symbols 0xc06f3004
 /usr/local/src/sys/dev/if_ndis/if_ndis.c:2570
 
 if_ndis version:
 
 $FreeBSD: src/sys/dev/if_ndis/if_ndis.c,v 1.142 2008/06/11 13:40:15 cokane Exp $
 
 Interestingly bt and panic mesage do not conflict with each other in new kernel, as it was before (bt from other kernel showed completly different line number in ndis_auth_and_assoc):
 
 db:0:kdb.enter.unknown>  bt
 Tracing pid 0 tid 100105 td 0xc3fae000
 ndis_auth_and_assoc(e63d9cd4,c0547e5b,c40d6400,1,c0755524,...) at ndis_auth_and_assoc+0x6a4
 ndis_auth(c40d6400,1,c0755524,54,c3f41d1c,...) at ndis_auth+0x1d
 taskqueue_run(c3f41d00,c3f41d1c,0,c0745486,0,...) at taskqueue_run+0x10b
 taskqueue_thread_loop(c40d65bc,e63d9d38,c074d3d4,324,c07d1380,...) at taskqueue_thread_loop+0x68
 fork_exit(c0547f50,c40d65bc,e63d9d38) at fork_exit+0xb8
 fork_trampoline() at fork_trampoline+0x8
 --- trap 0, eip = 0, esp = 0xe63d9d70, ebp = 0 ---
 
 (gdb) file kernel.symbols
 Reading symbols from kernel.symbols...done.
 (gdb) l *ndis_auth_and_assoc+0x6a4
 0xc06f3004 is in ndis_auth_and_assoc (/usr/local/src/sys/dev/if_ndis/if_ndis.c:2570).
 2565            }
 2566    #endif
 2567
 2568            len = sizeof(ssid);
 2569            bzero((char *)&ssid, len);
 2570            ssid.ns_ssidlen = ni->ni_esslen;
 2571            if (ssid.ns_ssidlen == 0) {
 2572                    ssid.ns_ssidlen = 1;
 2573            } else
 2574                    bcopy(ni->ni_essid, ssid.ns_ssid, ssid.ns_ssidlen);
 (gdb) 
 
 
 My opinion is that some of NDIS_{,UN}LOCK is missing.
 
 I will check if those numbers are not random ...
State-Changed-From-To: feedback->open 
State-Changed-By: gavin 
State-Changed-When: Fri Jul 4 11:29:36 UTC 2008 
State-Changed-Why:  
Feedback received, thanks!  Submitter also notes that sometimes the 
panic is on line 2424. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=125181 
State-Changed-From-To: open->feedback 
State-Changed-By: gavin 
State-Changed-When: Thu Jul 10 13:19:00 UTC 2008 
State-Changed-Why:  
Could you try this patch please? 


Index: src/sys/dev/if_ndis/if_ndis.c 
=================================================================== 
RCS file: /home/ncvs/src/sys/dev/if_ndis/if_ndis.c,v 
retrieving revision 1.143 
diff -u -r1.143 if_ndis.c 
--- src/sys/dev/if_ndis/if_ndis.c	9 Jul 2008 00:10:55 -0000	1.143 
+++ src/sys/dev/if_ndis/if_ndis.c	10 Jul 2008 11:32:30 -0000 
@@ -2348,10 +2348,13 @@ 
 	struct ndis_softc *sc = arg; 
 	struct ifnet *ifp = sc->ifp; 
 	struct ieee80211com *ic = ifp->if_l2com; 
-	struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 
+	struct ieee80211vap *vap; 

+	IEEE80211_LOCK(ic); 
+	vap = TAILQ_FIRST(&ic->ic_vaps); 
 	vap->iv_state = IEEE80211_S_AUTH; 
 	ndis_auth_and_assoc(sc, vap); 
+	IEEE80211_UNLOCK(ic); 
 } 

 static void 
@@ -2360,10 +2363,13 @@ 
 	struct ndis_softc *sc = arg; 
 	struct ifnet *ifp = sc->ifp; 
 	struct ieee80211com *ic = ifp->if_l2com; 
-	struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 
+	struct ieee80211vap *vap; 

+	IEEE80211_LOCK(ic); 
+	vap = TAILQ_FIRST(&ic->ic_vaps); 
 	vap->iv_state = IEEE80211_S_ASSOC; 
 	ndis_auth_and_assoc(sc, vap); 
+	IEEE80211_UNLOCK(ic); 
 } 

 static void 

http://www.freebsd.org/cgi/query-pr.cgi?pr=125181 
State-Changed-From-To: feedback->open 
State-Changed-By: gavin 
State-Changed-When: Sun Jul 13 17:06:03 UTC 2008 
State-Changed-Why:  
Over to maintainers for evaluation 


Responsible-Changed-From-To: gavin->freebsd-net 
Responsible-Changed-By: gavin 
Responsible-Changed-When: Sun Jul 13 17:06:03 UTC 2008 
Responsible-Changed-Why:  
Submitter reports my patch fixes things for him 

http://www.freebsd.org/cgi/query-pr.cgi?pr=125181 

From: Coleman Kane <cokane@FreeBSD.org>
To: bug-followup@FreeBSD.org, onemda@gmail.com
Cc: thompsa@FreeBSD.org
Subject: Re: kern/125181: [ndis] [patch] with wep enters kdb.enter.unknown,
	panics
Date: Thu, 17 Jul 2008 12:09:52 -0400

 --=-soKy1PZEAkA40vAIl1Y1
 Content-Type: text/plain
 Content-Transfer-Encoding: quoted-printable
 
 Andrew,
 
 I got directed to this PR by onemda@gmail.com (Paul D. Mahol), who's
 been helping me track down some edge cases in the if_ndis locking
 rewrite. I am not 100% familiar with the locking semantics in play here
 (IEEE80211 and VAPs), so I wanted to run it by you before I determine
 that it seems to be working well for me.
 
 --=20
 Coleman Kane
 
 --=-soKy1PZEAkA40vAIl1Y1
 Content-Type: application/pgp-signature; name=signature.asc
 Content-Description: This is a digitally signed message part
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.9 (FreeBSD)
 
 iEYEABECAAYFAkh/bs8ACgkQcMSxQcXat5cPdQCfbs4UgSOx8VZ7wJOu9H1bYdxA
 h7sAnRJA4UxSvjdNCGG7tm95Jedhz/Ae
 =vNY9
 -----END PGP SIGNATURE-----
 
 --=-soKy1PZEAkA40vAIl1Y1--
 

From: Andrew Thompson <thompsa@FreeBSD.org>
To: Coleman Kane <cokane@FreeBSD.org>
Cc: bug-followup@FreeBSD.org, onemda@gmail.com
Subject: Re: kern/125181: [ndis] [patch] with wep enters kdb.enter.unknown,
	panics
Date: Thu, 17 Jul 2008 09:43:42 -0700

 On Thu, Jul 17, 2008 at 12:09:52PM -0400, Coleman Kane wrote:
 > Andrew,
 > 
 > I got directed to this PR by onemda@gmail.com (Paul D. Mahol), who's
 > been helping me track down some edge cases in the if_ndis locking
 > rewrite. I am not 100% familiar with the locking semantics in play here
 > (IEEE80211 and VAPs), so I wanted to run it by you before I determine
 > that it seems to be working well for me.
 
 I dont think ndis should be reaching into the net80211 lock. Now that
 ndis uses a regular mutex its a good chance to add mtx_asserts in the
 right places and get the locking up to speed. I will try to post a patch
 soon unless someone beats be to it.
 
 Andrew

From: "Paul B. Mahol" <onemda@gmail.com>
To: "Andrew Thompson" <thompsa@freebsd.org>
Cc: "Coleman Kane" <cokane@freebsd.org>, bug-followup@freebsd.org
Subject: Re: kern/125181: [ndis] [patch] with wep enters kdb.enter.unknown, panics
Date: Mon, 1 Sep 2008 09:57:42 +0200

 On 7/17/08, Andrew Thompson <thompsa@freebsd.org> wrote:
 > On Thu, Jul 17, 2008 at 12:09:52PM -0400, Coleman Kane wrote:
 >> Andrew,
 >>
 >> I got directed to this PR by onemda@gmail.com (Paul D. Mahol), who's
 >> been helping me track down some edge cases in the if_ndis locking
 >> rewrite. I am not 100% familiar with the locking semantics in play here
 >> (IEEE80211 and VAPs), so I wanted to run it by you before I determine
 >> that it seems to be working well for me.
 >
 > I dont think ndis should be reaching into the net80211 lock. Now that
 > ndis uses a regular mutex its a good chance to add mtx_asserts in the
 > right places and get the locking up to speed. I will try to post a patch
 > soon unless someone beats be to it.
 >
 > Andrew
 >
 
 I got hit by this bug again, my only option is to switch to UP kernel
 until patch for this bug is finally committed.
 
 
 Subject of bug report is no more relevant, becuase this bug has
 nothing directly related with WEP.
Responsible-Changed-From-To: freebsd-net->thompsa 
Responsible-Changed-By: brooks 
Responsible-Changed-When: Fri Oct 17 14:17:37 UTC 2008 
Responsible-Changed-Why:  
thompsa seems to have insight into this problem to assign it to him for now. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=125181 

From: "Paul B. Mahol" <onemda@gmail.com>
To: Andrew Thompson <thompsa@freebsd.org>
Cc: bug-followup@freebsd.org
Subject: Re: kern/125181: [ndis] [patch] with wep enters kdb.enter.unknown, 
	panics
Date: Fri, 8 May 2009 18:25:54 +0200

 Could somebody please close PR, I don't care for MFC(at least is
 should be marked patched).
 
 -- 
 Paul
State-Changed-From-To: open->patched 
State-Changed-By: gavin 
State-Changed-When: Thu Jun 11 11:21:01 UTC 2009 
State-Changed-Why:  
According to submitter, this is now patched in HEAD.  I don't know exactly which 
revision fixed the issue so don't know if it has been merged yet. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=125181 
State-Changed-From-To: patched->closed 
State-Changed-By: eadler 
State-Changed-When: Thu Sep 29 19:35:05 UTC 2011 
State-Changed-Why:  
this has been MFCed by now 

http://www.freebsd.org/cgi/query-pr.cgi?pr=125181 
>Unformatted:
