From owner-freebsd-i386@FreeBSD.ORG Sun Nov 16 17:20:02 2008 Return-Path: Delivered-To: freebsd-i386@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0E8E2106567E for ; Sun, 16 Nov 2008 17:20:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id E566E8FC17 for ; Sun, 16 Nov 2008 17:20:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id mAGHK17K043187 for ; Sun, 16 Nov 2008 17:20:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id mAGHK1dC043186; Sun, 16 Nov 2008 17:20:01 GMT (envelope-from gnats) Resent-Date: Sun, 16 Nov 2008 17:20:01 GMT Resent-Message-Id: <200811161720.mAGHK1dC043186@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-i386@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Jason Brand Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2A6C9106567A for ; Sun, 16 Nov 2008 17:12:41 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 1F4C28FC14 for ; Sun, 16 Nov 2008 17:12:41 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id mAGHCexM005917 for ; Sun, 16 Nov 2008 17:12:40 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id mAGHCebw005916; Sun, 16 Nov 2008 17:12:40 GMT (envelope-from nobody) Message-Id: <200811161712.mAGHCebw005916@www.freebsd.org> Date: Sun, 16 Nov 2008 17:12:40 GMT From: Jason Brand To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: i386/128917: if_wpi and wpa+tkip causing kernel panic X-BeenThere: freebsd-i386@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: I386-specific issues for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Nov 2008 17:20:02 -0000 >Number: 128917 >Category: i386 >Synopsis: if_wpi and wpa+tkip causing kernel panic >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-i386 >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Nov 16 17:20:00 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Jason Brand >Release: FreeBSD 7.1-PRERELEASE i386 >Organization: >Environment: System: FreeBSD paladin 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #1: Fri Nov 14 10: 10:16 EST 2008 root@paladin:/usr/obj/usr/src/sys/PALADIN i386 >Description: When using WPA+TKIP with if_wpi, the card will become dissociated from the AP. The LED on the laptop will not be turned off, as it usually will when the link is terminated, and wpa_supplicant does not seem to realize that the link was dropped. Wpa_supplicant "reassociate" command causes the following: Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0xffff fault code = supervisor read, page not present instruction pointer = 0x20:0xc0a12dfc stack pointer = 0x28:0xe6db9be0 frame pointer = 0x28:0xe6db9c9c code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 35 (wpi0 taskq) trap number = 12 panic: page fault cpuid = 0 Uptime: 13m38s Physical memory: 3054 MB Dumping 170 MB: 155 139 123 107 91 75 59 43 27 11 (kgdb) bt #0 doadump () at pcpu.h:196 #1 0xc058b157 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418 #2 0xc058b462 in panic (fmt=Variable "fmt" is not available. ) at /usr/src/sys/kern/kern_shutdown.c:574 #3 0xc07e1fe3 in trap_fatal (frame=0xe6db9ba0, eva=65535) at /usr/src/sys/i386/i386/trap.c:939 #4 0xc07e2240 in trap_pfault (frame=0xe6db9ba0, usermode=0, eva=65535) at /usr/src/sys/i386/i386/trap.c:852 #5 0xc07e2c12 in trap (frame=0xe6db9ba0) at /usr/src/sys/i386/i386/trap.c:530 #6 0xc07c93fb in calltrap () at /usr/src/sys/i386/i386/exception.s:159 #7 0xc0a12dfc in wpi_ops (arg0=0xc68fd000, pending=1) at /usr/src/sys/modules/wpi/../../dev/wpi/if_wpi.c:2411 #8 0xc05be5a5 in taskqueue_run (queue=0xc68f5a00) at /usr/src/sys/kern/subr_taskqueue.c:282 #9 0xc05be7ab in taskqueue_thread_loop (arg=0xc68fe9b4) at /usr/src/sys/kern/subr_taskqueue.c:401 #10 0xc05677a9 in fork_exit (callout=0xc05be6f0 , arg=0xc68fe9b4, frame=0xe6db9d38) at /usr/src/sys/kern/kern_fork.c:804 #11 0xc07c9470 in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:264 >How-To-Repeat: Connect to a WPA+TKIP network. The PR originator only has access to one network using this, therefore is unable to verify the reproducibility on other networks. >Fix: Workaround: Do not use wpa_supplicant's "reassociate" command to re-establish the link. Instead, run /etc/rc.d/netif restart. >Release-Note: >Audit-Trail: >Unformatted: