From owner-svn-src-all@FreeBSD.ORG Sat Dec 31 07:05:14 2011 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1E8DF1065670; Sat, 31 Dec 2011 07:05:14 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: from mail-vx0-f182.google.com (mail-vx0-f182.google.com [209.85.220.182]) by mx1.freebsd.org (Postfix) with ESMTP id 891CF8FC19; Sat, 31 Dec 2011 07:05:13 +0000 (UTC) Received: by vcbfk1 with SMTP id fk1so19749346vcb.13 for ; Fri, 30 Dec 2011 23:05:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=xqclYKUFIE2sl+CmSaIDeXnvGoG0Y1oVn+Cg8SI3N4k=; b=N8TL0u5lAKeKVCqM+kHLTzGWapeYNiO2WUEKwJ0Qok1tpUN3EHd9KexPeaX4g8ySsL ZZOjwAM5BAIheM5oqIrBxe5vCuSBRoBpsIf+/9MKqBY8x8frfNsbABz0YN8s0068tQYl dRvWtoTfoqFIZbTFUmqXqIvTHxBil6D704X14= MIME-Version: 1.0 Received: by 10.220.148.201 with SMTP id q9mr4438303vcv.33.1325315112753; Fri, 30 Dec 2011 23:05:12 -0800 (PST) Sender: adrian.chadd@gmail.com Received: by 10.52.36.5 with HTTP; Fri, 30 Dec 2011 23:05:12 -0800 (PST) In-Reply-To: <4EFEB38F.8010709@freebsd.org> References: <201112300857.pBU8vxfP004914@svn.freebsd.org> <4EFEB38F.8010709@freebsd.org> Date: Fri, 30 Dec 2011 23:05:12 -0800 X-Google-Sender-Auth: HDOQNVnUrjgxdtsb0Ct-hEfjS94 Message-ID: From: Adrian Chadd To: Lawrence Stewart Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r228986 - in head: share/man/man4 sys/net X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Dec 2011 07:05:14 -0000 Please file a PR for me? :) Adrian On 30 December 2011 23:02, Lawrence Stewart wrote: > On 12/31/11 11:13, Adrian Chadd wrote: >> >> This just broke wlan. Please consider fixing this patch :) >> >> >> Adrian >> >> *** Interface: wlan0: start >> can't re-use a leaf (wlan0)! >> panic: bpfattach tscfgoid >> KDB: enter: panic >> [ thread pid 166 tid 100048 ]Stopped at =A0 =A0 =A0kdb_enter+0x4c: lui >> at,0x8048 >> db> >> db> =A0bt >> Tracing pid 166 tid 100048 td 0x80c37900 >> db_trace_thread+30 (?,?,?,?) ra 80074cc0 sp c40075f0 sz 24 >> 80074bac+114 (0,?,ffffffff,?) ra 8007427c sp c4007608 sz 32 >> 80073ef4+388 (?,?,?,?) ra 80074400 sp c4007628 sz 168 >> db_command_loop+70 (?,?,?,?) ra 80076ac4 sp c40076d0 sz 24 >> 800769d0+f4 (?,?,?,?) ra 801b7560 sp c40076e8 sz 424 >> kdb_trap+110 (?,?,?,?) ra 8035c7ec sp c4007890 sz 48 >> trap+bf4 (?,?,?,?) ra 80354560 sp c40078c0 sz 184 >> MipsKernGenException+134 (0,4,803c089c,113) ra 801b72d8 sp c4007978 sz 2= 00 >> kdb_enter+4c (?,?,?,?) ra 8017f88c sp c4007a40 sz 24 >> panic+11c (?,0,80706500,0) ra 802304b8 sp c4007a58 sz 40 >> bpfattach2+cc (?,?,?,?) ra 802305e0 sp c4007a80 sz 64 >> bpfattach+10 (?,?,?,?) ra 802448ec sp c4007ac0 sz 24 >> ether_ifattach+d0 (?,?,?,?) ra 8025f0ac sp c4007ad8 sz 32 >> ieee80211_vap_attach+104 (?,?,?,?) ra 8007ffe8 sp c4007af8 sz 96 >> 8007f960+688 (?,?,0,?) ra 8026a39c sp c4007b58 sz 88 >> 8026a22c+170 (?,?,?,?) ra 802430dc sp c4007bb0 sz 88 >> ifc_simple_create+80 (?,?,?,?) ra 80242b04 sp c4007c08 sz 64 >> 80242ab0+54 (?,?,?,?) ra 80242d78 sp c4007c48 sz 40 >> if_clone_create+a8 (?,?,?,?) ra 8023bdd4 sp c4007c70 sz 40 >> ifioctl+3a4 (?,?,80c7f460,80c37900) ra 801d8070 sp c4007c98 sz 144 >> soo_ioctl+3b0 (?,?,?,?) ra 801d2804 sp c4007d28 sz 40 >> kern_ioctl+248 (?,?,?,?) ra 801d29ac sp c4007d50 sz 64 >> sys_ioctl+130 (?,?,?,?) ra 8035c3ec sp c4007d90 sz 56 >> trap+7f4 (?,?,?,?) ra 8035475c sp c4007dc8 sz 184 >> MipsUserGenException+10c (?,?,?,4061d590) ra 0 sp c4007e80 sz 0 >> pid 166 >> db> =A0reset > > > I've managed to reproduce this on my wifi enabled laptop with r228986 MFC= ed > to a 9-stable kernel. I can't reproduce the panic with regular interfaces= , > pseudo interfaces (e.g. lo0 and pflog0) or vlans (which also have a > relationship with an underlying physical interface) i.e. this is > VAP/net80211 specific as far as I can tell. > > The problem is that bpfattach2() is being called twice with the same > interface name i.e. "wlan0". > > I added a debug printf and call to kdb_backtrace() after the > SYSCTL_ADD_PROC() call in bpfattach2() to see the code paths which are > calling into the function. Here's what I see when the kernel runs on my > laptop (I've added inline comments between "## ##"): > > Added tscfg OID for interface wlan0 > KDB: stack backtrace: > #0 0xffffffff808680ce at kdb_backtrace+0x5e > #1 0xffffffff808da5b4 at bpfattach2+0xb4 > #2 0xffffffff808fbe06 at ieee80211_vap_setup+0x266 > #3 0xffffffff80740205 at wpi_vap_create+0x95 > #4 0xffffffff809047fb at wlan_clone_create+0x16b > #5 0xffffffff808e6079 at ifc_simple_create+0x89 > #6 0xffffffff808e5cc5 at if_clone_createif+0x65 > #7 0xffffffff808e4546 at ifioctl+0x306 > #8 0xffffffff80879755 at kern_ioctl+0x115 > #9 0xffffffff8087998d at sys_ioctl+0xfd > #10 0xffffffff80b17d60 at amd64_syscall+0x450 > #11 0xffffffff80b03497 at Xfast_syscall+0xf7 > > ## Here it has successfully added the net.bpf.tscfg.wlan0 sysctl entry fo= r > wlan0 ## > > > can't re-use a leaf (wlan0)! > > ## Here SYSCTL_ADD_PROC() failed because leaf name is already used ## > > panic: bpfattach tscfgoid > cpuid =3D 1 > KDB: stack backtrace: > #0 0xffffffff808680ce at kdb_backtrace+0x5e > #1 0xffffffff80832c87 at panic+0x187 > #2 0xffffffff808da6f6 at bpfattach2+0x1f6 > #3 0xffffffff808e72ee at ether_ifattach+0xae > #4 0xffffffff808fd0a5 at ieee80211_vap_attach+0xb5 > #5 0xffffffff8074023c at wpi_vap_create+0xcc > #6 0xffffffff809047fb at wlan_clone_create+0x16b > #7 0xffffffff808e6079 at ifc_simple_create+0x89 > #8 0xffffffff808e5cc5 at if_clone_createif+0x65 > #9 0xffffffff808e4546 at ifioctl+0x306 > #10 0xffffffff80879755 at kern_ioctl+0x115 > #11 0xffffffff8087998d at sys_ioctl+0xfd > #12 0xffffffff80b17d60 at amd64_syscall+0x450 > #13 0xffffffff80b03497 at Xfast_syscall+0xf7 > > > > So after a bit of digging, ieee80211_vap_setup() calls > ieee80211_radiotap_vattach(), which explicitly calls bpfattach2(), and th= en > a subsequent call to ieee80211_vap_attach() indirectly calls into > bpfattach2() via the call to ether_ifattach(). > > This smells like a net80211 bug to me. I'm guessing, but I would suspect > ieee80211_vap_setup() shouldn't call ieee80211_radiotap_vattach() and sho= uld > let ieee80211_vap_attach() handle the BPF attachment via the call to > ether_ifattach(). > > Thoughts? > > Cheers, > Lawrence