From owner-freebsd-net@FreeBSD.ORG Wed Aug 4 20:22:52 2010 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3A8571065678; Wed, 4 Aug 2010 20:22:52 +0000 (UTC) (envelope-from nox@jelal.kn-bremen.de) Received: from smtp.kn-bremen.de (gelbbaer.kn-bremen.de [78.46.108.116]) by mx1.freebsd.org (Postfix) with ESMTP id 462388FC19; Wed, 4 Aug 2010 20:22:51 +0000 (UTC) Received: by smtp.kn-bremen.de (Postfix, from userid 10) id 26E4A1E006D6; Wed, 4 Aug 2010 22:04:50 +0200 (CEST) Received: from triton8.kn-bremen.de (noident@localhost [127.0.0.1]) by triton8.kn-bremen.de (8.14.4/8.14.3) with ESMTP id o74K2ZuO057192; Wed, 4 Aug 2010 22:02:35 +0200 (CEST) (envelope-from nox@triton8.kn-bremen.de) Received: (from nox@localhost) by triton8.kn-bremen.de (8.14.4/8.14.3/Submit) id o74K2Z1g057191; Wed, 4 Aug 2010 22:02:35 +0200 (CEST) (envelope-from nox) Date: Wed, 4 Aug 2010 22:02:35 +0200 (CEST) From: Juergen Lock Message-Id: <201008042002.o74K2Z1g057191@triton8.kn-bremen.de> To: bug-followup@FreeBSD.org X-Newsgroups: gmane.os.freebsd.devel.net,gmane.os.freebsd.bugs In-Reply-To: <201008020223.o722NSe2093952@freefall.freebsd.org> Organization: home Cc: freebsd-net@FreeBSD.org Subject: Re: kern/149185: [rum] [panic] panic in rum(4) driver on 8.1-R X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Aug 2010 20:22:52 -0000 Hi! Regarding the 8.1 if_rum(4) panics... I got a similar one, extracted a dump and tried to gather some info for someone who knows the code: The zero divide fault was because (apparently) rate was unitialized, as is ((struct ieee80211_node *) m->M_dat.MH.MH_pkthdr.rcvif)->ni_vap->iv_txparms[0] i.e. struct ieee80211_txparam &vap->iv_txparms[0] in case it matters. [1] Simply setting rate to something non-zero (I first tried 0xff, then 72 since that was used in station mode) without changing anything else stopped the panics but as probably to be expected, the wifi only partly worked, clients frequently disconnected. (I'll put the patch at the end of the mail. [2]) # ifconfig wlan0 create wlandev rum0 wlanmode ap ssid XXX # /etc/rc.d/hostapd onestart Starting hostapd. Configuration file: /etc/hostapd.conf Using interface wlan0 with hwaddr 00:22:75:fe:9d:4e and ssid 'XXX' bind(PF_UNIX): Address already in use Failed to setup control interface /etc/rc.d/hostapd: WARNING: failed to start hostapd # /etc/rc.d/hostapd onestart Starting hostapd. Configuration file: /etc/hostapd.conf Using interface wlan0 with hwaddr 00:22:75:fe:9d:4e and ssid 'XXX' # [...] Fatal trap 18: integer divide fault while in kernel mode cpuid = 0; apic id = 00 instruction pointer = 0x20:0xffffffff80534a28 stack pointer = 0x28:0xffffff80ec0727a0 frame pointer = 0x28:0xffffff80ec0727b0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 607 (hostapd) trap number = 18 panic: integer divide fault cpuid = 0 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2a panic() at panic+0x182 trap_fatal() at trap_fatal+0x2ad trap() at trap+0x102 calltrap() at calltrap+0x8 --- trap 0x12, rip = 0xffffffff80534a28, rsp = 0xffffff80ec0727a0, rbp = 0xffffff80ec0727b0 --- rum_setup_tx_desc() at rum_setup_tx_desc+0x68 rum_start() at rum_start+0x1af if_transmit() at if_transmit+0xea ieee80211_start() at ieee80211_start+0x542 if_transmit() at if_transmit+0xea ether_output_frame() at ether_output_frame+0x33 ether_output() at ether_output+0x4ba bpfwrite() at bpfwrite+0x3a5 devfs_write_f() at devfs_write_f+0x8b dofilewrite() at dofilewrite+0x85 kern_writev() at kern_writev+0x60 write() at write+0x55 syscall() at syscall+0x1e7 Xfast_syscall() at Xfast_syscall+0xe1 --- syscall (4, FreeBSD ELF64, write), rip = 0x8008a33cc, rsp = 0x7fffffffcd98, rbp = 0x800a29800 --- Uptime: 3m12s [...] #0 doadump () at pcpu.h:223 223 pcpu.h: No such file or directory. in pcpu.h (kgdb) bt #0 doadump () at pcpu.h:223 #1 0xffffffff805f06c9 in boot (howto=260) at /data2v/home/nox/src-r81/src/sys/kern/kern_shutdown.c:416 #2 0xffffffff805f0b1c in panic (fmt=Variable "fmt" is not available. ) at /data2v/home/nox/src-r81/src/sys/kern/kern_shutdown.c:590 #3 0xffffffff808e4d6d in trap_fatal (frame=0x12, eva=Variable "eva" is not available. ) at /data2v/home/nox/src-r81/src/sys/amd64/amd64/trap.c:777 #4 0xffffffff808e5782 in trap (frame=0xffffff80ec0726f0) at /data2v/home/nox/src-r81/src/sys/amd64/amd64/trap.c:588 #5 0xffffffff808ca8b3 in calltrap () at /data2v/home/nox/src-r81/src/sys/amd64/amd64/exception.S:223 #6 0xffffffff80534a28 in rum_setup_tx_desc (sc=Variable "sc" is not available. ) at /data2v/home/nox/src-r81/src/sys/dev/usb/wlan/if_rum.c:1016 #7 0xffffffff80535e8f in rum_start (ifp=0xffffff0005e84000) at /data2v/home/nox/src-r81/src/sys/dev/usb/wlan/if_rum.c:1265 #8 0xffffffff806a025a in if_transmit (ifp=0xffffff0005e84000, m=Variable "m" is not available. ) at /data2v/home/nox/src-r81/src/sys/net/if.c:3357 #9 0xffffffff806e0cf2 in ieee80211_start (ifp=0xffffff00071eb000) at /data2v/home/nox/src-r81/src/sys/net80211/ieee80211_output.c:362 #10 0xffffffff806a025a in if_transmit (ifp=0xffffff00071eb000, m=Variable "m" is not available. ) at /data2v/home/nox/src-r81/src/sys/net/if.c:3357 #11 0xffffffff806a4c43 in ether_output_frame (ifp=0xffffff00071eb000, m=0xffffff0007594800) ---Type to continue, or q to quit--- at /data2v/home/nox/src-r81/src/sys/net/if_ethersubr.c:452 #12 0xffffffff806a558a in ether_output (ifp=0xffffff00071eb000, m=0xffffff0007594800, dst=0xffffff0005e3e860, ro=Variable "ro" is not available. ) at /data2v/home/nox/src-r81/src/sys/net/if_ethersubr.c:423 #13 0xffffffff80697865 in bpfwrite (dev=Variable "dev" is not available. ) at /data2v/home/nox/src-r81/src/sys/net/bpf.c:939 #14 0xffffffff8057691b in devfs_write_f (fp=0xffffff0005f8f370, uio=0xffffff80ec072b10, cred=Variable "cred" is not available. ) at /data2v/home/nox/src-r81/src/sys/fs/devfs/devfs_vnops.c:1509 #15 0xffffffff80633025 in dofilewrite (td=0xffffff0005f82ba0, fd=4, fp=0xffffff0005f8f370, auio=0xffffff80ec072b10, offset=Variable "offset" is not available. ) at file.h:239 #16 0xffffffff80633330 in kern_writev (td=0xffffff0005f82ba0, fd=4, auio=0xffffff80ec072b10) at /data2v/home/nox/src-r81/src/sys/kern/sys_generic.c:446 #17 0xffffffff806333b5 in write (td=Variable "td" is not available. ) at /data2v/home/nox/src-r81/src/sys/kern/sys_generic.c:362 #18 0xffffffff808e5367 in syscall (frame=0xffffff80ec072c80) at /data2v/home/nox/src-r81/src/sys/amd64/amd64/trap.c:945 #19 0xffffffff808cab91 in Xfast_syscall () at /data2v/home/nox/src-r81/src/sys/amd64/amd64/exception.S:374 #20 0x00000008008a33cc in ?? () Previous frame inner to this frame (corrupt stack?) (kgdb) fr 6 #6 0xffffffff80534a28 in rum_setup_tx_desc (sc=Variable "sc" is not available. ) at /data2v/home/nox/src-r81/src/sys/dev/usb/wlan/if_rum.c:1016 1016 plcp_length = (16 * len + rate - 1) / rate; (kgdb) p rate $1 = 0 (kgdb) l 1011 1012 plcp_length = len & 0xfff; 1013 desc->plcp_length_hi = plcp_length >> 6; 1014 desc->plcp_length_lo = plcp_length & 0x3f; 1015 } else { 1016 plcp_length = (16 * len + rate - 1) / rate; 1017 if (rate == 22) { 1018 remainder = (16 * len) % 22; 1019 if (remainder != 0 && remainder < 7) 1020 desc->plcp_service |= RT2573_PLCP_LENGEXT; (kgdb) up #7 0xffffffff80535e8f in rum_start (ifp=0xffffff0005e84000) at /data2v/home/nox/src-r81/src/sys/dev/usb/wlan/if_rum.c:1265 1265 rum_setup_tx_desc(sc, &data->desc, flags, 0, m0->m_pkthdr.len, rate); (kgdb) l 1260 dur = ieee80211_ack_duration(ic->ic_rt, rate, 1261 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 1262 *(uint16_t *)wh->i_dur = htole16(dur); 1263 } 1264 1265 rum_setup_tx_desc(sc, &data->desc, flags, 0, m0->m_pkthdr.len, rate); 1266 1267 DPRINTFN(10, "sending frame len=%d rate=%d\n", 1268 m0->m_pkthdr.len + (int)RT2573_TX_DESC_SIZE, rate); 1269 (kgdb) p wh No symbol "wh" in current context. (kgdb) p m0 Variable "m0" is not available. (kgdb) p tp->ucastrate No symbol "tp" in current context. (kgdb) p ni->nx_tx_rate Variable "ni" is not available. (kgdb) p wh No symbol "wh" in current context. (kgdb) p rate No symbol "rate" in current context. (kgdb) p ni Variable "ni" is not available. (kgdb) up #8 0xffffffff806a025a in if_transmit (ifp=0xffffff0005e84000, m=Variable "m" is not available. ) at /data2v/home/nox/src-r81/src/sys/net/if.c:3357 3357 IFQ_HANDOFF(ifp, m, error); (kgdb) l 3352 static int 3353 if_transmit(struct ifnet *ifp, struct mbuf *m) 3354 { 3355 int error; 3356 3357 IFQ_HANDOFF(ifp, m, error); 3358 return (error); 3359 } 3360 3361 int (kgdb) down #7 0xffffffff80535e8f in rum_start (ifp=0xffffff0005e84000) at /data2v/home/nox/src-r81/src/sys/dev/usb/wlan/if_rum.c:1265 1265 rum_setup_tx_desc(sc, &data->desc, flags, 0, m0->m_pkthdr.len, rate); (kgdb) p m $2 = (struct mbuf *) 0xffffff0007584400 (kgdb) p *m $3 = { m_hdr = { mh_next = 0xffffff0007594800, mh_nextpkt = 0x0, mh_data = 0xffffff0007584466 "\b\002", mh_len = 32, mh_flags = 82, mh_type = 1, pad = "\000\000\000\000\000" }, M_dat = { MH = { MH_pkthdr = { rcvif = 0xffffff80007e3000, header = 0x0, len = 131, flowid = 0, csum_flags = 0, csum_data = 0, tso_segsz = 2, PH_vt = { vt_vtag = 3, vt_nrecs = 3 ---Type to continue, or q to quit--- }, tags = { slh_first = 0x0 } }, MH_dat = { MH_ext = { ext_buf = 0x0, ext_free = 0x208000000000000, ext_arg1 = 0x111202bf1c000000, ext_arg2 = 0x22004e9dfe752200, ext_size = 1318977141, ref_cnt = 0x408e8800000003, ext_type = 1998915136 }, MH_databuf = '\0' , "\b\002\000\000\000\034¿\002\022\021\000\"uþ\235N\000\"uþ\235N \000ªª\003\000\000\000\210\216@\000@\006%w\n\000\000\a\n\000\000\006·\214\000\026ê\226x¶\027UøH\200\020 b\0243\000\000\001\001\b\n\000\0025\202¨\fþ³", '\0' } }, M_databuf = "\0000~\000\200ÿÿÿ\000\000\000\000\000\000\000\000\203", '\0' , "\002\000\003", '\0' , "\b\002\000\000\000\0---Type to continue, or q to quit--- 34¿\002\022\021\000\"uþ\235N\000\"uþ\235N \000ªª\003\000\000\000\210\216@\000@\006%w\n\000\000\a\n\000\000\006·\214\000\026ê\226x¶\027UøH\200\020 b\0243\000\000\001\001\b\n\000\0025\202¨\fþ³", '\0' } } (kgdb) p m->M_dat $4 = { MH = { MH_pkthdr = { rcvif = 0xffffff80007e3000, header = 0x0, len = 131, flowid = 0, csum_flags = 0, csum_data = 0, tso_segsz = 2, PH_vt = { vt_vtag = 3, vt_nrecs = 3 }, tags = { slh_first = 0x0 } }, MH_dat = { MH_ext = { ext_buf = 0x0, ext_free = 0x208000000000000, ext_arg1 = 0x111202bf1c000000, ---Type to continue, or q to quit--- ext_arg2 = 0x22004e9dfe752200, ext_size = 1318977141, ref_cnt = 0x408e8800000003, ext_type = 1998915136 }, MH_databuf = '\0' , "\b\002\000\000\000\034¿\002\022\021\000\"uþ\235N\000\"uþ\235N \000ªª\003\000\000\000\210\216@\000@\006%w\n\000\000\a\n\000\000\006·\214\000\026ê\226x¶\027UøH\200\020 b\0243\000\000\001\001\b\n\000\0025\202¨\fþ³", '\0' } }, M_databuf = "\0000~\000\200ÿÿÿ\000\000\000\000\000\000\000\000\203", '\0' , "\002\000\003", '\0' , "\b\002\000\000\000\034¿\002\022\021\000\"uþ\235N\000\"uþ\235N \000ªª\003\000\000\000\210\216@\000@\006%w\n\000\000\a\n\000\000\006·\214\000\026ê\226x¶\027UøH\200\020 b\0243\000\000\001\001\b\n\000\0025\202¨\fþ³", '\0' } (kgdb) p m->M_dat.MH.MH_pkthdr $5 = { rcvif = 0xffffff80007e3000, header = 0x0, len = 131, flowid = 0, csum_flags = 0, csum_data = 0, tso_segsz = 2, PH_vt = { vt_vtag = 3, vt_nrecs = 3 }, tags = { slh_first = 0x0 } } (kgdb) p m->M_dat.MH.MH_pkthdr.rcvif $6 = (struct ifnet *) 0xffffff80007e3000 (kgdb) p ((struct ieee80211_node *) m->M_dat.MH.MH_pkthdr.rcvif)->ni_txrate $7 = 0 (kgdb) p ((struct ieee80211_node *) m->M_dat.MH.MH_pkthdr.rcvif)->ni_chan $8 = (struct ieee80211_channel *) 0xffffff80007df300 (kgdb) p *((struct ieee80211_node *) m->M_dat.MH.MH_pkthdr.rcvif)->ni_chan $9 = { ic_flags = 1152, ic_freq = 2437, ic_ieee = 6 '\006', ic_maxregpower = 0 '\0', ic_maxpower = 0 '\0', ic_minpower = 0 '\0', ic_state = 0 '\0', ic_extieee = 0 '\0', ic_maxantgain = 0 '\0', ic_pad = 0 '\0', ic_devdata = 0 } (kgdb) p vap No symbol "vap" in current context. (kgdb) p *((struct ieee80211_node *) m->M_dat.MH.MH_pkthdr.rcvif)->ni_vap $10 = { iv_media = { ifm_mask = 0, ifm_media = 0, ifm_cur = 0xffffff0005ef48e0, ifm_list = { lh_first = 0xffffff0005ef4520 }, ifm_change = 0xffffffff806b7980 , ifm_status = 0xffffffff806b7f70 }, iv_ifp = 0xffffff00071eb000, iv_rawbpf = 0xffffff0005f20680, iv_sysctl = 0xffffff0005e3e850, iv_oid = 0xffffff0005f20200, iv_next = { tqe_next = 0x0, tqe_prev = 0xffffff80007df038 }, iv_ic = 0xffffff80007df000, iv_debug = 0, iv_stats = { is_rx_badversion = 0, ---Type to continue, or q to quit--- is_rx_tooshort = 0, is_rx_wrongbss = 0, is_rx_dup = 0, is_rx_wrongdir = 0, is_rx_mcastecho = 0, is_rx_notassoc = 0, is_rx_noprivacy = 0, is_rx_unencrypted = 0, is_rx_wepfail = 0, is_rx_decap = 0, is_rx_mgtdiscard = 0, is_rx_ctl = 0, is_rx_beacon = 3, is_rx_rstoobig = 0, is_rx_elem_missing = 0, is_rx_elem_toobig = 0, is_rx_elem_toosmall = 0, is_rx_elem_unknown = 0, is_rx_badchan = 0, is_rx_chanmismatch = 1, is_rx_nodealloc = 0, is_rx_ssidmismatch = 0, is_rx_auth_unsupported = 0, ---Type to continue, or q to quit--- is_rx_auth_fail = 0, is_rx_auth_countermeasures = 0, is_rx_assoc_bss = 0, is_rx_assoc_notauth = 0, is_rx_assoc_capmismatch = 0, is_rx_assoc_norate = 0, is_rx_assoc_badwpaie = 0, is_rx_deauth = 0, is_rx_disassoc = 0, is_rx_badsubtype = 0, is_rx_nobuf = 0, is_rx_decryptcrc = 0, is_rx_ahdemo_mgt = 0, is_rx_bad_auth = 0, is_rx_unauth = 0, is_rx_badkeyid = 0, is_rx_ccmpreplay = 0, is_rx_ccmpformat = 0, is_rx_ccmpmic = 0, is_rx_tkipreplay = 0, is_rx_tkipformat = 0, is_rx_tkipmic = 0, is_rx_tkipicv = 0, ---Type to continue, or q to quit--- is_rx_badcipher = 0, is_rx_nocipherctx = 0, is_rx_acl = 0, is_tx_nobuf = 0, is_tx_nonode = 0, is_tx_unknownmgt = 0, is_tx_badcipher = 0, is_tx_nodefkey = 0, is_tx_noheadroom = 0, is_tx_fragframes = 0, is_tx_frags = 0, is_scan_active = 1, is_scan_passive = 0, is_node_timeout = 0, is_crypto_nomem = 0, is_crypto_tkip = 3, is_crypto_tkipenmic = 3, is_crypto_tkipdemic = 0, is_crypto_tkipcm = 0, is_crypto_ccmp = 0, is_crypto_wep = 0, is_crypto_setkey_cipher = 0, is_crypto_setkey_nokey = 0, ---Type to continue, or q to quit--- is_crypto_delkey = 0, is_crypto_badcipher = 0, is_crypto_nocipher = 0, is_crypto_attachfail = 0, is_crypto_swfallback = 0, is_crypto_keyfail = 0, is_crypto_enmicfail = 0, is_ibss_capmismatch = 0, is_ibss_norate = 0, is_ps_unassoc = 0, is_ps_badaid = 0, is_ps_qempty = 0, is_ff_badhdr = 0, is_ff_tooshort = 0, is_ff_split = 0, is_ff_decap = 0, is_ff_encap = 0, is_rx_badbintval = 0, is_rx_demicfail = 0, is_rx_defrag = 0, is_rx_mgmt = 7, is_rx_action = 0, is_amsdu_tooshort = 0, ---Type to continue, or q to quit--- is_amsdu_split = 0, is_amsdu_decap = 0, is_amsdu_encap = 0, is_ampdu_bar_bad = 0, is_ampdu_bar_oow = 0, is_ampdu_bar_move = 0, is_ampdu_bar_rx = 0, is_ampdu_rx_flush = 0, is_ampdu_rx_oor = 0, is_ampdu_rx_copy = 0, is_ampdu_rx_drop = 0, is_tx_badstate = 0, is_tx_notassoc = 0, is_tx_classify = 0, is_dwds_mcast = 0, is_dwds_qdrop = 0, is_ht_assoc_nohtcap = 0, is_ht_assoc_downgrade = 0, is_ht_assoc_norate = 0, is_ampdu_rx_age = 0, is_ampdu_rx_move = 0, is_addba_reject = 0, is_addba_norequest = 0, ---Type to continue, or q to quit--- is_addba_badtoken = 0, is_addba_badpolicy = 0, is_ampdu_stop = 0, is_ampdu_stop_failed = 0, is_ampdu_rx_reorder = 0, is_scan_bg = 0, is_rx_deauth_code = 0 '\0', is_rx_disassoc_code = 0 '\0', is_rx_authfail_code = 0 '\0', is_beacon_miss = 0, is_rx_badstate = 0, is_ff_flush = 0, is_tx_ctl = 0, is_ampdu_rexmt = 0, is_ampdu_rexmt_fail = 0, is_mesh_wrongmesh = 0, is_mesh_nolink = 0, is_mesh_fwd_ttl = 0, is_mesh_fwd_nobuf = 0, is_mesh_fwd_tooshort = 0, is_mesh_fwd_disabled = 0, is_mesh_fwd_nopath = 0, is_hwmp_wrongseq = 0, ---Type to continue, or q to quit--- is_hwmp_rootreqs = 0, is_hwmp_rootrann = 0, is_mesh_badae = 0, is_mesh_rtaddfailed = 0, is_mesh_notproxy = 0, is_rx_badalign = 0, is_hwmp_proxy = 0, is_spare = {0 } }, iv_myaddr = "\000\"uþ\235N", iv_flags = 1090781200, iv_flags_ext = 1026, iv_flags_ht = 0, iv_flags_ven = 0, iv_caps = 562095104, iv_htcaps = 0, iv_opmode = IEEE80211_M_HOSTAP, iv_state = IEEE80211_S_RUN, iv_nstate = IEEE80211_S_RUN, iv_nstate_arg = -1, iv_nstate_task = { ta_link = { stqe_next = 0x0 ---Type to continue, or q to quit--- }, ta_pending = 0, ta_priority = 0, ta_func = 0xffffffff806e66d0 , ta_context = 0xffffff0005dfe000 }, iv_swbmiss_task = { ta_link = { stqe_next = 0x0 }, ta_pending = 0, ta_priority = 0, ta_func = 0xffffffff806e49f0 , ta_context = 0xffffff0005dfe000 }, iv_mgtsend = { c_links = { sle = { sle_next = 0x0 }, tqe = { tqe_next = 0x0, tqe_prev = 0x0 ---Type to continue, or q to quit--- } }, c_time = 0, c_arg = 0x0, c_func = 0, c_lock = 0x0, c_flags = 16, c_cpu = 0 }, iv_inact_init = 2, iv_inact_auth = 12, iv_inact_run = 20, iv_inact_probe = 2, iv_des_nssid = 1, iv_des_ssid = {{ len = 8, ssid = "XXX", '\0' }}, iv_des_bssid = "\000\000\000\000\000", iv_des_chan = 0xffff, iv_des_mode = 0, iv_nicknamelen = 0, iv_nickname = '\0' , ---Type to continue, or q to quit--- iv_bgscanidle = 250, iv_bgscanintvl = 300000, iv_scanvalid = 60000, iv_scanreq_duration = 0, iv_scanreq_mindwell = 0, iv_scanreq_maxdwell = 0, iv_scanreq_flags = 0, iv_scanreq_nssid = 0 '\0', iv_scanreq_ssid = {{ len = 0, ssid = '\0' }}, iv_roaming = IEEE80211_ROAMING_AUTO, iv_roamparms = {{ rssi = 0 '\0', rate = 0 '\0', pad = 0 }, { rssi = 14 '\016', rate = 24 '\030', pad = 0 }, { rssi = 14 '\016', ---Type to continue, or q to quit--- rate = 2 '\002', pad = 0 }, { rssi = 14 '\016', rate = 10 '\n', pad = 0 }, { rssi = 0 '\0', rate = 0 '\0', pad = 0 }, { rssi = 14 '\016', rate = 24 '\030', pad = 0 }, { rssi = 14 '\016', rate = 24 '\030', pad = 0 }, { rssi = 14 '\016', rate = 24 '\030', pad = 0 }, { ---Type to continue, or q to quit--- rssi = 14 '\016', rate = 129 '\201', pad = 0 }, { rssi = 14 '\016', rate = 129 '\201', pad = 0 }, { rssi = 14 '\016', rate = 12 '\f', pad = 0 }, { rssi = 14 '\016', rate = 6 '\006', pad = 0 }}, iv_bmissthreshold = 7 '\a', iv_bmiss_count = 0 '\0', iv_bmiss_max = 2, iv_swbmiss_count = 0, iv_swbmiss_period = 0, iv_swbmiss = { c_links = { ---Type to continue, or q to quit--- sle = { sle_next = 0x0 }, tqe = { tqe_next = 0x0, tqe_prev = 0x0 } }, c_time = 0, c_arg = 0x0, c_func = 0, c_lock = 0x0, c_flags = 16, c_cpu = 0 }, iv_ampdu_rxmax = 0, iv_ampdu_density = 0, iv_ampdu_limit = 0, iv_amsdu_limit = 0, iv_ampdu_mintraffic = {64, 128, 32, 32}, iv_aid_bitmap = 0xffffff0005e3e750, iv_max_aid = 128, iv_sta_assoc = 1, ---Type to continue, or q to quit--- iv_ps_sta = 0, iv_ps_pending = 0, iv_txseq = 0, iv_tim_len = 16, iv_tim_bitmap = 0xffffff0005e3e740 "", iv_dtim_period = 1 '\001', iv_dtim_count = 0 '\0', iv_csa_count = 0, iv_bss = 0xffffff80007f6000, iv_txparms = {{ ucastrate = 0 '\0', mgmtrate = 0 '\0', mcastrate = 0 '\0', maxretry = 0 '\0' }, { ucastrate = 255 'ÿ', mgmtrate = 12 '\f', mcastrate = 12 '\f', maxretry = 6 '\006' }, { ucastrate = 255 'ÿ', mgmtrate = 2 '\002', mcastrate = 2 '\002', ---Type to continue, or q to quit--- maxretry = 6 '\006' }, { ucastrate = 255 'ÿ', mgmtrate = 2 '\002', mcastrate = 2 '\002', maxretry = 6 '\006' }, { ucastrate = 255 'ÿ', mgmtrate = 0 '\0', mcastrate = 0 '\0', maxretry = 6 '\006' }, { ucastrate = 255 'ÿ', mgmtrate = 12 '\f', mcastrate = 12 '\f', maxretry = 6 '\006' }, { ucastrate = 255 'ÿ', mgmtrate = 2 '\002', mcastrate = 2 '\002', maxretry = 6 '\006' }, { ucastrate = 255 'ÿ', ---Type to continue, or q to quit--- mgmtrate = 12 '\f', mcastrate = 12 '\f', maxretry = 6 '\006' }, { ucastrate = 255 'ÿ', mgmtrate = 128 '\200', mcastrate = 128 '\200', maxretry = 6 '\006' }, { ucastrate = 255 'ÿ', mgmtrate = 128 '\200', mcastrate = 128 '\200', maxretry = 6 '\006' }, { ucastrate = 255 'ÿ', mgmtrate = 6 '\006', mcastrate = 6 '\006', maxretry = 6 '\006' }, { ucastrate = 255 'ÿ', mgmtrate = 3 '\003', mcastrate = 3 '\003', maxretry = 6 '\006' ---Type to continue, or q to quit--- }}, iv_rtsthreshold = 2346, iv_fragthreshold = 2346, iv_inact_timer = 0, iv_appie_beacon = 0x0, iv_appie_probereq = 0x0, iv_appie_proberesp = 0x0, iv_appie_assocreq = 0x0, iv_appie_assocresp = 0x0, iv_appie_wpa = 0xffffff0005ef43a0, iv_wpa_ie = 0x0, iv_rsn_ie = 0xffffff0005ef43a2 "0\030\001", iv_max_keyix = 4, iv_def_txkey = 1, iv_nw_keys = {{ wk_keylen = 0 '\0', wk_pad = 0 '\0', wk_flags = 3, wk_keyix = 65535, wk_rxkeyix = 65535, wk_key = '\0' , wk_keyrsc = {0 }, wk_keytsc = 0, ---Type to continue, or q to quit--- wk_cipher = 0xffffffff809fb0c0, wk_private = 0xffffff0005dfe000, wk_macaddr = "\000\000\000\000\000" }, { wk_keylen = 16 '\020', wk_pad = 0 '\0', wk_flags = 501, wk_keyix = 1, wk_rxkeyix = 65535, wk_key = "XXX", wk_keyrsc = {0 }, wk_keytsc = 4, wk_cipher = 0xffffffff809fb180, wk_private = 0xffffff0005f22e00, wk_macaddr = "ÿÿÿÿÿÿ" }, { wk_keylen = 0 '\0', wk_pad = 0 '\0', wk_flags = 3, wk_keyix = 65535, wk_rxkeyix = 65535, wk_key = '\0' , wk_keyrsc = {0 }, ---Type to continue, or q to quit--- wk_keytsc = 0, wk_cipher = 0xffffffff809fb0c0, wk_private = 0xffffff0005dfe000, wk_macaddr = "\000\000\000\000\000" }, { wk_keylen = 0 '\0', wk_pad = 0 '\0', wk_flags = 3, wk_keyix = 65535, wk_rxkeyix = 65535, wk_key = '\0' , wk_keyrsc = {0 }, wk_keytsc = 0, wk_cipher = 0xffffffff809fb0c0, wk_private = 0xffffff0005dfe000, wk_macaddr = "\000\000\000\000\000" }}, iv_key_alloc = 0xffffffff806bc2c0 , iv_key_delete = 0xffffffff806bc310 , iv_key_set = 0xffffffff806bc320 , iv_key_update_begin = 0xffffffff806bc330 , iv_key_update_end = 0xffffffff806bc330 , iv_auth = 0xffffffff8103a0e0, ---Type to continue, or q to quit--- iv_ec = 0x0, iv_acl = 0x0, iv_as = 0x0, iv_rate = 0xffffffff809fa9e0, iv_rs = 0xffffff0005e3e780, iv_tdma = 0x0, iv_mesh = 0x0, iv_hwmp = 0x0, iv_opdetach = 0xffffffff806c5130 , iv_input = 0xffffffff806c7e70 , iv_recv_mgmt = 0xffffffff806c5d30 , iv_recv_ctl = 0xffffffff806c54c0 , iv_deliver_data = 0xffffffff806c52b0 , iv_bmiss = 0, iv_reset = 0xffffffff806b76c0 , iv_update_beacon = 0xffffffff806e4640 , iv_update_ps = 0xffffffff806e3860 , iv_set_tim = 0xffffffff806e41d0 , iv_newstate = 0xffffffff805382a0 , iv_output = 0xffffffff806a50d0 , iv_spare = {0, 0, 0, 0, 0, 0} } (kgdb) p ((struct ieee80211_node *) m->M_dat.MH.MH_pkthdr.rcvif)->ni_vap) $11 = (struct ieee80211vap *) 0xffffff0005dfe000 (kgdb) p ((struct ieee80211_node *) m->M_dat.MH.MH_pkthdr.rcvif)->ni_vap->iv_txparms [1] $12 = {{ ucastrate = 0 '\0', mgmtrate = 0 '\0', mcastrate = 0 '\0', maxretry = 0 '\0' }, { ucastrate = 255 'ÿ', mgmtrate = 12 '\f', mcastrate = 12 '\f', maxretry = 6 '\006' }, { ucastrate = 255 'ÿ', mgmtrate = 2 '\002', mcastrate = 2 '\002', maxretry = 6 '\006' }, { ucastrate = 255 'ÿ', mgmtrate = 2 '\002', mcastrate = 2 '\002', maxretry = 6 '\006' }, { ucastrate = 255 'ÿ', mgmtrate = 0 '\0', ---Type to continue, or q to quit--- mcastrate = 0 '\0', maxretry = 6 '\006' }, { ucastrate = 255 'ÿ', mgmtrate = 12 '\f', mcastrate = 12 '\f', maxretry = 6 '\006' }, { ucastrate = 255 'ÿ', mgmtrate = 2 '\002', mcastrate = 2 '\002', maxretry = 6 '\006' }, { ucastrate = 255 'ÿ', mgmtrate = 12 '\f', mcastrate = 12 '\f', maxretry = 6 '\006' }, { ucastrate = 255 'ÿ', mgmtrate = 128 '\200', mcastrate = 128 '\200', maxretry = 6 '\006' }, { ---Type to continue, or q to quit--- ucastrate = 255 'ÿ', mgmtrate = 128 '\200', mcastrate = 128 '\200', maxretry = 6 '\006' }, { ucastrate = 255 'ÿ', mgmtrate = 6 '\006', mcastrate = 6 '\006', maxretry = 6 '\006' }, { ucastrate = 255 'ÿ', mgmtrate = 3 '\003', mcastrate = 3 '\003', maxretry = 6 '\006' }} (kgdb) p (((struct ieee80211_node *) m->M_dat.MH.MH_pkthdr.rcvif)->ni_vap)->iv_txxparms $13 = {{ ucastrate = 0 '\0', mgmtrate = 0 '\0', mcastrate = 0 '\0', maxretry = 0 '\0' }, { ucastrate = 255 'ÿ', mgmtrate = 12 '\f', mcastrate = 12 '\f', maxretry = 6 '\006' }, { ucastrate = 255 'ÿ', mgmtrate = 2 '\002', mcastrate = 2 '\002', maxretry = 6 '\006' }, { ucastrate = 255 'ÿ', mgmtrate = 2 '\002', mcastrate = 2 '\002', maxretry = 6 '\006' }, { ucastrate = 255 'ÿ', mgmtrate = 0 '\0', ---Type to continue, or q to quit--- mcastrate = 0 '\0', maxretry = 6 '\006' }, { ucastrate = 255 'ÿ', mgmtrate = 12 '\f', mcastrate = 12 '\f', maxretry = 6 '\006' }, { ucastrate = 255 'ÿ', mgmtrate = 2 '\002', mcastrate = 2 '\002', maxretry = 6 '\006' }, { ucastrate = 255 'ÿ', mgmtrate = 12 '\f', mcastrate = 12 '\f', maxretry = 6 '\006' }, { ucastrate = 255 'ÿ', mgmtrate = 128 '\200', mcastrate = 128 '\200', maxretry = 6 '\006' }, { ---Type to continue, or q to quit--- ucastrate = 255 'ÿ', mgmtrate = 128 '\200', mcastrate = 128 '\200', maxretry = 6 '\006' }, { ucastrate = 255 'ÿ', mgmtrate = 6 '\006', mcastrate = 6 '\006', maxretry = 6 '\006' }, { ucastrate = 255 'ÿ', mgmtrate = 3 '\003', mcastrate = 3 '\003', maxretry = 6 '\006' }} (kgdb) p *((struct ieee80211_node *) m->M_dat.MH.MH_pkthdr.rcvif) $14 = { ni_vap = 0xffffff0005dfe000, ni_ic = 0xffffff80007df000, ni_table = 0xffffff80007e07b0, ni_list = { tqe_next = 0x0, tqe_prev = 0xffffff80007f6018 }, ni_hash = { le_next = 0x0, le_prev = 0xffffff80007e0880 }, ni_refcnt = 2, ni_scangen = 0, ni_flags = 131108, ni_associd = 49153, ni_vlan = 0, ni_txpower = 100, ni_authmode = 3 '\003', ni_ath_flags = 0 '\0', ni_ath_defkeyix = 32767, ni_txparms = 0xffffff0005dfe4fc, ni_jointime = 192, ---Type to continue, or q to quit--- ni_challenge = 0x0, ni_ies = { wpa_ie = 0x0, rsn_ie = 0xffffff0005f2a49a "0\024\001", wme_ie = 0x0, ath_ie = 0x0, htcap_ie = 0x0, htinfo_ie = 0x0, tdma_ie = 0x0, meshid_ie = 0x0, spare = {0x0, 0x0, 0x0, 0x0}, data = 0xffffff0005f2a480 "", len = 48 }, ni_txseqs = {0 , 3}, ni_rxseqs = {0 , 16}, ni_rxfragstamp = 0, ni_rxfrag = {0x0, 0x0, 0x0}, ni_ucastkey = { wk_keylen = 0 '\0', wk_pad = 0 '\0', wk_flags = 3, wk_keyix = 65535, ---Type to continue, or q to quit--- wk_rxkeyix = 65535, wk_key = '\0' , wk_keyrsc = {0 }, wk_keytsc = 0, wk_cipher = 0xffffffff809fb0c0, wk_private = 0xffffff0005dfe000, wk_macaddr = "\000\000\000\000\000" }, ni_avgrssi = 2176, ni_noise = -95 '¡', ni_macaddr = "\000\034¿\002\022\021", ni_bssid = "\000\"uþ\235N", ni_tstamp = { data = "\000\000\000\000\000\000\000", tsf = 0 }, ni_intval = 1, ni_capinfo = 1073, ni_esslen = 0 '\0', ni_essid = '\0' , ni_rates = { rs_nrates = 12 '\f', rs_rates = "\202\204\213\f\022\226\030$0H`l\000\000" ---Type to continue, or q to quit--- }, ni_chan = 0xffffff80007df300, ni_fhdwell = 0, ni_fhindex = 0 '\0', ni_erp = 0, ni_timoff = 0, ni_dtim_period = 0 '\0', ni_dtim_count = 0 '\0', ni_meshidlen = 0 '\0', ni_meshid = '\0' , ni_mlstate = IEEE80211_NODE_MESH_IDLE, ni_mllid = 0, ni_mlpid = 0, ni_mltimer = { c_links = { sle = { sle_next = 0x0 }, tqe = { tqe_next = 0x0, tqe_prev = 0x0 } }, ---Type to continue, or q to quit--- c_time = 0, c_arg = 0x0, c_func = 0, c_lock = 0x0, c_flags = 0, c_cpu = 0 }, ni_mlrcnt = 0 '\0', ni_mltval = 0 '\0', ni_htcap = 0, ni_htparam = 0 '\0', ni_htctlchan = 0 '\0', ni_ht2ndchan = 0 '\0', ni_htopmode = 0 '\0', ni_htstbc = 0 '\0', ni_chw = 0 '\0', ni_htrates = { rs_nrates = 0 '\0', rs_rates = '\0' }, ni_tx_ampdu = {{ txa_ni = 0x0, txa_flags = 0, ---Type to continue, or q to quit--- txa_ac = 0 '\0', txa_token = 0 '\0', txa_lastsample = 0, txa_pkts = 0, txa_avgpps = 0, txa_qbytes = 0, txa_qframes = 0, txa_start = 0, txa_seqpending = 0, txa_wnd = 0, txa_attempts = 0 '\0', txa_nextrequest = 0, txa_timer = { c_links = { sle = { sle_next = 0x0 }, tqe = { tqe_next = 0x0, tqe_prev = 0x0 } }, c_time = 0, ---Type to continue, or q to quit--- c_arg = 0x0, c_func = 0, c_lock = 0x0, c_flags = 0, c_cpu = 0 }, txa_private = 0x0, txa_pad = {0, 0, 0, 0} }, { txa_ni = 0x0, txa_flags = 0, txa_ac = 0 '\0', txa_token = 0 '\0', txa_lastsample = 0, txa_pkts = 0, txa_avgpps = 0, txa_qbytes = 0, txa_qframes = 0, txa_start = 0, txa_seqpending = 0, txa_wnd = 0, txa_attempts = 0 '\0', txa_nextrequest = 0, ---Type to continue, or q to quit--- txa_timer = { c_links = { sle = { sle_next = 0x0 }, tqe = { tqe_next = 0x0, tqe_prev = 0x0 } }, c_time = 0, c_arg = 0x0, c_func = 0, c_lock = 0x0, c_flags = 0, c_cpu = 0 }, txa_private = 0x0, txa_pad = {0, 0, 0, 0} }, { txa_ni = 0x0, txa_flags = 0, txa_ac = 0 '\0', ---Type to continue, or q to quit--- txa_token = 0 '\0', txa_lastsample = 0, txa_pkts = 0, txa_avgpps = 0, txa_qbytes = 0, txa_qframes = 0, txa_start = 0, txa_seqpending = 0, txa_wnd = 0, txa_attempts = 0 '\0', txa_nextrequest = 0, txa_timer = { c_links = { sle = { sle_next = 0x0 }, tqe = { tqe_next = 0x0, tqe_prev = 0x0 } }, c_time = 0, c_arg = 0x0, ---Type to continue, or q to quit--- c_func = 0, c_lock = 0x0, c_flags = 0, c_cpu = 0 }, txa_private = 0x0, txa_pad = {0, 0, 0, 0} }, { txa_ni = 0x0, txa_flags = 0, txa_ac = 0 '\0', txa_token = 0 '\0', txa_lastsample = 0, txa_pkts = 0, txa_avgpps = 0, txa_qbytes = 0, txa_qframes = 0, txa_start = 0, txa_seqpending = 0, txa_wnd = 0, txa_attempts = 0 '\0', txa_nextrequest = 0, txa_timer = { ---Type to continue, or q to quit--- c_links = { sle = { sle_next = 0x0 }, tqe = { tqe_next = 0x0, tqe_prev = 0x0 } }, c_time = 0, c_arg = 0x0, c_func = 0, c_lock = 0x0, c_flags = 0, c_cpu = 0 }, txa_private = 0x0, txa_pad = {0, 0, 0, 0} }}, ni_rx_ampdu = {{ rxa_flags = 0, rxa_qbytes = 0, rxa_qframes = 0, ---Type to continue, or q to quit--- rxa_seqstart = 0, rxa_start = 0, rxa_wnd = 0, rxa_age = 0, rxa_nframes = 0, rxa_m = {0x0 }, rxa_pad = {0, 0, 0, 0} } }, ni_inact = 2, ni_inact_reload = 12, ni_txrate = 0, ni_psq = { psq_lock = { lock_object = { lo_name = 0xffffffff809653c5 "unknown", lo_flags = 16973824, lo_data = 0, lo_witness = 0x0 }, mtx_lock = 4 }, psq_len = 0, psq_maxlen = 50, ---Type to continue, or q to quit--- psq_drops = 0, psq_head = {{ head = 0x0, tail = 0x0, len = 0 }, { head = 0x0, tail = 0x0, len = 0 }} }, ni_stats = { ns_rx_data = 1, ns_rx_mgmt = 1, ns_rx_ctrl = 0, ns_rx_ucast = 0, ns_rx_mcast = 1, ns_rx_bytes = 20, ns_rx_beacons = 0, ns_rx_proberesp = 0, ns_rx_dup = 0, ns_rx_noprivacy = 0, ns_rx_wepfail = 0, ---Type to continue, or q to quit--- ns_rx_demicfail = 0, ns_rx_decap = 0, ns_rx_defrag = 0, ns_rx_disassoc = 0, ns_rx_deauth = 0, ns_rx_action = 0, ns_rx_decryptcrc = 0, ns_rx_unauth = 0, ns_rx_unencrypted = 0, ns_rx_drop = 0, ns_tx_data = 1, ns_tx_mgmt = 2, ns_tx_ctrl = 0, ns_tx_ucast = 1, ns_tx_mcast = 0, ns_tx_bytes = 107, ns_tx_probereq = 0, ns_tx_novlantag = 0, ns_tx_vlanmismatch = 0, ns_ps_discard = 0, ns_tx_assoc = 1, ns_tx_assoc_fail = 0, ns_tx_auth = 1, ---Type to continue, or q to quit--- ns_tx_auth_fail = 0, ns_tx_deauth = 0, ns_tx_deauth_code = 0, ns_tx_disassoc = 0, ns_tx_disassoc_code = 0, ns_spare = {0, 0, 0, 0, 0, 0, 0, 0} }, ni_wdsvap = 0x0, ni_rctls = 0x0, ni_spare = {0, 0, 0} } (kgdb) q And here comes the patch: (the first hunk is an unrelated stable/8 commit since I'm on the 8.1 release branch atm.) [2] Index: src/sys/dev/usb/wlan/if_rum.c =================================================================== RCS file: /home/scvs/src/sys/dev/usb/wlan/if_rum.c,v retrieving revision 1.20.2.7.2.1 diff -u -p -r1.20.2.7.2.1 if_rum.c --- src/sys/dev/usb/wlan/if_rum.c 14 Jun 2010 02:09:06 -0000 1.20.2.7.2.1 +++ src/sys/dev/usb/wlan/if_rum.c 1 Aug 2010 14:31:27 -0000 @@ -1049,7 +1049,7 @@ rum_sendprot(struct rum_softc *sc, ackrate = ieee80211_ack_rate(ic->ic_rt, rate); isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; - dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort); + dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) + ieee80211_ack_duration(ic->ic_rt, rate, isshort); flags = RT2573_TX_MORE_FRAG; if (prot == IEEE80211_PROT_RTSCTS) { @@ -1216,6 +1216,17 @@ rum_tx_data(struct rum_softc *sc, struct rate = tp->ucastrate; else rate = ni->ni_txrate; +#if 1 + static int lastrate = 0; + if (rate == 0) { + /* XXX */ + rate = 72; + printf("wlan: rate = 0! using %d\n", rate); + } else if (rate != lastrate) { + printf("wlan: rate = %d\n", rate); + lastrate = rate; + } +#endif if (wh->i_fc[1] & IEEE80211_FC1_WEP) { k = ieee80211_crypto_encap(ni, m0); Using that patch I get: Aug 2 20:15:06 triton8 kernel: wlan: rate = 0! using 72 Aug 2 20:15:22 triton8 last message repeated 11 times Aug 2 20:15:22 triton8 kernel: Aug 2 20:15:24 triton8 kernel: wlan: rate = 0! using 72 Aug 2 20:15:26 triton8 last message repeated 16 times Aug 2 20:21:03 triton8 last message repeated 2 times Aug 2 20:22:46 triton8 last message repeated 19 times HTH, Juergen