From owner-freebsd-net@FreeBSD.ORG  Fri Oct  8 15:20:12 2010
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 45F41106566B;
	Fri,  8 Oct 2010 15:20:12 +0000 (UTC)
	(envelope-from onemda@gmail.com)
Received: from mail-fx0-f54.google.com (mail-fx0-f54.google.com
	[209.85.161.54])
	by mx1.freebsd.org (Postfix) with ESMTP id 9E0EB8FC0C;
	Fri,  8 Oct 2010 15:20:11 +0000 (UTC)
Received: by fxm4 with SMTP id 4so418470fxm.13
	for <multiple recipients>; Fri, 08 Oct 2010 08:20:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:received:in-reply-to
	:references:date:message-id:subject:from:to:cc:content-type;
	bh=JQ9HbOB/2JPIFgeftWlQLJwrcqrYDmPU7bl1zXnxxtM=;
	b=GTAFHw7IKeD2qxTbhG9nLmfWt5wz1lwRkaqhL7MJV0WWOR5JOos5tXdljw0bkMGyzR
	7VSbp01eZilyHGiG/yWP8v0rG5HKMvTRq+J7V59sNACEhyHWEaoHxQVRG99EYw4my6Ar
	NSEWzfrlsI2zxKoiUP9GyOHprhqM3VxkclLnk=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type;
	b=lqiBjymuOOPelyXHeHfHJ2cYrmfKTYojjv8L1YUi2TgS1xvkThfWb6kvcuMxGrvmzA
	G0vOWP2s8xZ6oIeT4KSqX4CcdponGPgdjA+Qrc9fuofzVZtTJ/SmNKroMeXt1GTXOtUx
	Nk/xxddiv4Geh66Ti8mqRMu/m9C1vFdxR8dqg=
MIME-Version: 1.0
Received: by 10.103.169.18 with SMTP id w18mr582838muo.6.1286551208833; Fri,
	08 Oct 2010 08:20:08 -0700 (PDT)
Received: by 10.220.187.194 with HTTP; Fri, 8 Oct 2010 08:20:08 -0700 (PDT)
In-Reply-To: <20101008131849.GA54860@FreeBSD.org>
References: <4763016D.7060100@janh.de> <20101006100335.GA26843@FreeBSD.org>
	<AANLkTimB4gRYYzO8UHAGHB9p0nEm5utvXTwWX+aypt5J@mail.gmail.com>
	<20101008131849.GA54860@FreeBSD.org>
Date: Fri, 8 Oct 2010 15:20:08 +0000
Message-ID: <AANLkTi=Tbromosm23qLoi2bKVCGB=AT6tX-90DNyB-Dv@mail.gmail.com>
From: Paul B Mahol <onemda@gmail.com>
To: Alexey Dokuchaev <danfe@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1
Cc: Bernhard Schmidt <bschmidt@techwires.net>, net@freebsd.org
Subject: Re: Monitor mode not working for iwi(4) on 7.X
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Oct 2010 15:20:12 -0000

On 10/8/10, Alexey Dokuchaev <danfe@freebsd.org> wrote:
> On Thu, Oct 07, 2010 at 08:43:37PM +0200, Bernhard Schmidt wrote:
>> Try the attached patch, this is basically the code from stable/6
>> ported to head and stable/7. I did only some basic tests but monitor
>> mode seems to work and it is still possible to use the card in STA
>> mode.
>>
>> I'm not sure why that got lost, but there must be a reason I'm not
>> seeing right now. If someone has more knowledge about that, please
>> let me know, otherwise I intend to commit it this weekend.
>
> Unfortunately, I am getting instant panic when trying any of aircrack-ng
> suite utilities ("ifconfig iwi0 scan/list scan" works though):
>
> Fatal trap 12: page fault while in kernel mode
> fault virtual address   = 0x0
> fault code              = supervisor read, page not present
> instruction pointer     = 0x20:0xc0768d42
> stack pointer           = 0x28:0xe4112c80
> frame pointer           = 0x28:0xe4112c98
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, def32 1, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 35 (iwi0 taskq)
>
> (kgdb) bt
> ...
> #6  0xc060cae0 in trap_fatal (frame=0xe4112c40, eva=0)
>     at /usr/src/sys/i386/i386/trap.c:941
> #7  0xc060cd90 in trap_pfault (frame=0xe4112c40, usermode=0, eva=0)
>     at /usr/src/sys/i386/i386/trap.c:863
> #8  0xc060d7f7 in trap (frame=0xe4112c40) at
> /usr/src/sys/i386/i386/trap.c:541
> #9  0xc05f4d9b in calltrap () at /usr/src/sys/i386/i386/exception.s:166
> #10 0xc0768d42 in iwi_monitor_scan (arg=0xc3dcc000, npending=4)
>     at /usr/src/sys/modules/iwi/../../dev/iwi/if_iwi.c:2744
> ...
> (kgdb) f 10
> #10 0xc0768d42 in iwi_monitor_scan (arg=0xc3dcc000, npending=4)
>     at /usr/src/sys/modules/iwi/../../dev/iwi/if_iwi.c:2744
> 2744            struct iwi_softc *sc = ic->ic_ifp->if_softc;
> (kgdb) l
> 2739
> 2740    static void
> 2741    iwi_monitor_scan(void *arg, int npending)
> 2742    {
> 2743            struct ieee80211com *ic = arg;
> 2744            struct iwi_softc *sc = ic->ic_ifp->if_softc;
> 2745            IWI_LOCK_DECL;
> 2746
> 2747            IWI_LOCK(sc);
> 2748            (void) iwi_scanchan(sc, 2000, 0);
> (kgdb) p ((struct ieee80211com *)arg)->ic_ifp
> $1 = (struct ifnet *) 0x0
>
> Any suggestions?

7.X is buggy regarding tasqueue, I think (maybe it is net80211 bug and
not iwi fault).
Does it panic with tcpdump too?
Try to reproduce it on CURRENT.