From nobody@FreeBSD.org  Tue Aug 28 10:00:17 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C9A331065676
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 28 Aug 2012 10:00:17 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id B54D28FC15
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 28 Aug 2012 10:00:17 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q7SA07mq029569
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 28 Aug 2012 10:00:07 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q7SA076v029568;
	Tue, 28 Aug 2012 10:00:07 GMT
	(envelope-from nobody)
Message-Id: <201208281000.q7SA076v029568@red.freebsd.org>
Date: Tue, 28 Aug 2012 10:00:07 GMT
From: Mike Manilone <crtmike@gmx.us>
To: freebsd-gnats-submit@FreeBSD.org
Subject: NDIS causing PANIC
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         171137
>Category:       kern
>Synopsis:       NDIS causing PANIC
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 28 10:10:03 UTC 2012
>Closed-Date:    
>Last-Modified:  Thu Aug 30 12:30:03 UTC 2012
>Originator:     Mike Manilone
>Release:        FreeBSD 9.1-RC1 amd64
>Organization:
>Environment:
System: FreeBSD bsd.laptop.mike 9.1-RC1 FreeBSD 9.1-RC1 #0: Tue Aug 14 04:25:06 UTC 2012 root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64

>Description:
	NDIS is causing a lot of panic to me. I'm using the BCM4313 
	driver. And I *did* follow the instructions on the PC-BSD wiki.
	I can't stand the stability. I'm looking forward this bug 
	could be fixed before FreeBSD 9.1-RELEASE.
	
	I don't know how to grab the output from the panic screen. But
	I remembered that it's a page fault. (12)
>How-To-Repeat:
	1) reboot the machine, sometimes crash
	2) /etc/rc.d/netif restart, panic immediately.

>Fix:


>Release-Note:
>Audit-Trail:

From: Glen Barber <gjb@FreeBSD.org>
To: Mike Manilone <crtmike@gmx.us>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: kern/171137: NDIS causing PANIC
Date: Tue, 28 Aug 2012 06:58:15 -0400

 --JYK4vJDZwFMowpUq
 Content-Type: multipart/mixed; boundary="T4sUOijqQbZv57TR"
 Content-Disposition: inline
 
 
 --T4sUOijqQbZv57TR
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 On Tue, Aug 28, 2012 at 10:00:07AM +0000, Mike Manilone wrote:
 > >Environment:
 > System: FreeBSD bsd.laptop.mike 9.1-RC1 FreeBSD 9.1-RC1 #0: Tue Aug 14 04=
 :25:06 UTC 2012 root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC a=
 md64
 >=20
 > >Description:
 > 	NDIS is causing a lot of panic to me. I'm using the BCM4313=20
 > 	driver. And I *did* follow the instructions on the PC-BSD wiki.
 > 	I can't stand the stability. I'm looking forward this bug=20
 > 	could be fixed before FreeBSD 9.1-RELEASE.
 > =09
 > 	I don't know how to grab the output from the panic screen. But
 > 	I remembered that it's a page fault. (12)
 > >How-To-Repeat:
 > 	1) reboot the machine, sometimes crash
 > 	2) /etc/rc.d/netif restart, panic immediately.
 >=20
 
 Hi,
 
 Can you please apply the attached patch to
 /usr/src/sys/compat/ndis/subr_hal.c and rebuild your kernel and report
 back?
 
 Regards,
 
 Glen
 
 
 --T4sUOijqQbZv57TR
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: attachment; filename="ndis-race-fix.diff.txt"
 Content-Transfer-Encoding: quoted-printable
 
 Index: compat/ndis/subr_hal.c
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
 --- compat/ndis/subr_hal.c	(revision 239770)
 +++ compat/ndis/subr_hal.c	(working copy)
 @@ -392,16 +392,18 @@
  {
  	uint8_t			oldirql;
 =20
 +	sched_pin();
  	oldirql =3D KeGetCurrentIrql();
 =20
  	/* I am so going to hell for this. */
  	if (oldirql > irql)
 -		panic("IRQL_NOT_LESS_THAN");
 +		panic("IRQL_NOT_LESS_THAN_OR_EQUAL");
 =20
 -	if (oldirql !=3D DISPATCH_LEVEL) {
 -		sched_pin();
 +	if (oldirql !=3D DISPATCH_LEVEL)=20
  		mtx_lock(&disp_lock[curthread->td_oncpu]);
 -	}
 +	else
 +		sched_unpin();=09
 +
  /*printf("RAISE IRQL: %d %d\n", irql, oldirql);*/
 =20
  	return (oldirql);
 
 --T4sUOijqQbZv57TR--
 
 --JYK4vJDZwFMowpUq
 Content-Type: application/pgp-signature
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (FreeBSD)
 
 iQEcBAEBCAAGBQJQPKRHAAoJEFJPDDeguUajR7MH/iYY+OHnZXsUNCkMUgDzGO4k
 Fw3RIfJqvmRIebOZc5wVT7zyG2ZkSRdpGtHnwyhAOjAJMBwHh/1Tg6CorOylvn6M
 paspIkVfHTreqHzqkuRPmSqME25cVupkFBRs+tZxgXC2L40GL+/3SZ4+e1uv+arj
 X6yFHfPU6nXoYROwRWeYxY2U/dBieOZWR9S0iEIv6vAiJFbR8bL/1bbRWwbuyhC0
 0GuhpaJlqMB6zmuXMY/c/WQQtQMX8JF1bxHpr31yIK9NUoe6boC2lB0UywYgPpZE
 7C8kqXhCqjXGY2VMmbEfb2GiHG2lYxEHGnVhlTF1M/sdFjLi2RFa459GmYVX990=
 =9Ntv
 -----END PGP SIGNATURE-----
 
 --JYK4vJDZwFMowpUq--

From: Mike Manilone <crtmike@gmx.us>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/171137: NDIS causing PANIC
Date: Wed, 29 Aug 2012 09:34:56 +0800

 Thanks for your patch. I rebuilt my kernel with "make buildkernel; make 
 installkernel".
 Then I tried to /etc/rc.d/netif restart, still panic. (Maybe GREATER_THAN ?)

From: Gary Palmer <gpalmer@freebsd.org>
To: Mike Manilone <crtmike@gmx.us>
Cc: bug-followup@FreeBSD.org
Subject: Re: kern/171137: NDIS causing PANIC
Date: Wed, 29 Aug 2012 08:59:44 -0400

 On Wed, Aug 29, 2012 at 01:40:09AM +0000, Mike Manilone wrote:
 > The following reply was made to PR kern/171137; it has been noted by GNATS.
 > 
 > From: Mike Manilone <crtmike@gmx.us>
 > To: bug-followup@FreeBSD.org
 > Cc:  
 > Subject: Re: kern/171137: NDIS causing PANIC
 > Date: Wed, 29 Aug 2012 09:34:56 +0800
 > 
 >  Thanks for your patch. I rebuilt my kernel with "make buildkernel; make 
 >  installkernel".
 >  Then I tried to /etc/rc.d/netif restart, still panic. (Maybe GREATER_THAN ?)
 
 Did you reboot between the installkernel and trying the netif restart?
 
 Gary

From: Mike Manilone <crtmike@gmx.us>
To: Gary Palmer <gpalmer@freebsd.org>
Cc: bug-followup@FreeBSD.org
Subject: Re: kern/171137: NDIS causing PANIC
Date: Thu, 30 Aug 2012 03:58:15 +0800

 On 2012/08/29 20:59, Gary Palmer wrote:
 > On Wed, Aug 29, 2012 at 01:40:09AM +0000, Mike Manilone wrote:
 >> The following reply was made to PR kern/171137; it has been noted by GNATS.
 >>
 >> From: Mike Manilone <crtmike@gmx.us>
 >> To: bug-followup@FreeBSD.org
 >> Cc:
 >> Subject: Re: kern/171137: NDIS causing PANIC
 >> Date: Wed, 29 Aug 2012 09:34:56 +0800
 >>
 >>   Thanks for your patch. I rebuilt my kernel with "make buildkernel; make
 >>   installkernel".
 >>   Then I tried to /etc/rc.d/netif restart, still panic. (Maybe GREATER_THAN ?)
 > Did you reboot between the installkernel and trying the netif restart?
 >
 > Gary
 Sure. It still causes panic.

From: Mike Manilone <crtmike@gmx.us>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/171137: NDIS causing PANIC
Date: Thu, 30 Aug 2012 20:20:17 +0800

 Here's the backtrace.
 
 +Fatal trap 12: page fault while in kernel mode
 +cpuid = 2; apic id = 04
 +fault virtual address    = 0x4
 +fault code        = supervisor read data, page not present
 +instruction pointer    = 0x20:0xffffffff8285700a
 +stack pointer            = 0x28:0xffffff81124f7a20
 +frame pointer            = 0x28:0xffffff81124f7b70
 +code segment        = base 0x0, limit 0xfffff, type 0x1b
 +            = DPL 0, pres 1, long 1, def32 0, gran 1
 +processor eflags    = interrupt enabled, resume, IOPL = 0
 +current process        = 93 (Windows Workitem 3)
 +trap number        = 12
 +panic: page fault
 +cpuid = 2
 +KDB: stack backtrace:
 +#0 0xffffffff80920546 at kdb_backtrace+0x66
 +#1 0xffffffff808ea55e at panic+0x1ce
 +#2 0xffffffff80bd7db0 at trap_fatal+0x290
 +#3 0xffffffff80bd80ed at trap_pfault+0x1ed
 +#4 0xffffffff80bd870e at trap+0x3ce
 +#5 0xffffffff80bc2cdf at calltrap+0x8
 +#6 0xffffffff82caa669 at x86_64_call2+0x9
 +#7 0xffffffff808bb69f at fork_exit+0x11f
 +#8 0xffffffff80bc320e at fork_trampoline+0xe
 +Uptime: 23s
 +Dumping 328 out of 3922 
 MB:..5%..15%..25%..35%..44%..54%..64%..73%..83%..93%
 +Dump complete
 
>Unformatted:
