Date: Tue, 8 Sep 2009 13:45:08 GMT From: Paul <onemda@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/138632: race at vap destroy Message-ID: <200909081345.n88Dj8KY014353@www.freebsd.org> Resent-Message-ID: <200909081350.n88Do0Rh074744@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 138632
>Category: kern
>Synopsis: race at vap destroy
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Sep 08 13:50:00 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Paul
>Release: FreeBSD 9.0-CURRENT
>Organization:
>Environment:
FreeBSD dhcppc3 9.0-CURRENT FreeBSD 9.0-CURRENT #2 r196918M: Mon Sep 7 22:22:16 UTC 2009 root@dhcppc3:/usr/obj/usr/src/sys/kernel i386
>Description:
Regression introduced with ndisulator being ported to VAP.
ndis_scan function may be started after ndis vap have been destroyed.
db:0:kdb.enter.unknown> bt
Tracing pid 11 tid 100005 td 0xc3d07690
ieee80211_scan_done(0,c05e3712,f8,0,c3d07690,...) at ieee80211_scan_done+0xb
ndis_scan(c4642800,0,c061e422,176,c068c974,...) at ndis_scan+0x38d
softclock(c068c940,c3aa7cc8,c049873d,c0690680,c3d03938,...) at softclock+0x242
intr_event_execute_handlers(c3d05aa0,c3d03900,c06188e0,4fc,c3d03970,...) at intr_event_execute_handlers+0x10f
ithread_loop(c3d49110,c3aa7d38,c0618636,343,c3d05aa0,...) at ithread_loop+0x98
fork_exit(c0483f41,c3d49110,c3aa7d38) at fork_exit+0xb8
fork_trampoline() at fork_trampoline+0x8
--- trap 0, eip = 0, esp = 0xc3aa7d70, ebp = 0 ---
>How-To-Repeat:
# ifconfig wlan0 create wlandev ndis0
# ifconfig wlan0 up && ifconfig wlan0 destroy
>Fix:
--- if_ndis.c (revision 196964)+++ if_ndis.c (working copy)
@@ -1012,7 +1012,12 @@
ndis_vap_delete(struct ieee80211vap *vap)
{
struct ndis_vap *nvp = NDIS_VAP(vap);
+ struct ieee80211com *ic = vap->iv_ic;
+ struct ifnet *ifp = ic->ic_ifp;
+ struct ndis_softc *sc = ifp->if_softc;
+ ndis_stop(sc);
+ callout_drain(&sc->ndis_scan_callout);
ieee80211_vap_detach(vap);
free(nvp, M_80211_VAP); }
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200909081345.n88Dj8KY014353>