From owner-freebsd-net@FreeBSD.ORG Thu Aug 5 07:30:13 2010 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C28BB106567E for ; Thu, 5 Aug 2010 07:30:13 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B14D08FC1C for ; Thu, 5 Aug 2010 07:30:13 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o757UDMP052434 for ; Thu, 5 Aug 2010 07:30:13 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o757UD9I052424; Thu, 5 Aug 2010 07:30:13 GMT (envelope-from gnats) Date: Thu, 5 Aug 2010 07:30:13 GMT Message-Id: <201008050730.o757UD9I052424@freefall.freebsd.org> To: freebsd-net@FreeBSD.org From: Alex Kozlov Cc: Subject: Re: kern/149185: [rum] [panic] panic in rum(4) driver on 8.1-R X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Alex Kozlov List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Aug 2010 07:30:13 -0000 The following reply was made to PR kern/149185; it has been noted by GNATS. From: Alex Kozlov To: nox@freebsd.org, rpaulo@freebsd.org, freebsd-net@FreeBSD.org, bug-followup@FreeBSD.org, spam@rm-rf.kiev.ua Cc: Subject: Re: kern/149185: [rum] [panic] panic in rum(4) driver on 8.1-R Date: Thu, 5 Aug 2010 09:52:16 +0300 --Q68bSM7Ycu6FN28Q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Wed, Aug 04, 2010 at 10:02:35PM +0200, Juergen Lock wrote: > Regarding the 8.1 if_rum(4) panics... I got a similar one, extracted > a dump and tried to gather some info for someone who knows the code: > > The zero divide fault was because (apparently) rate was unitialized, > as is > > ((struct ieee80211_node *) m->M_dat.MH.MH_pkthdr.rcvif)->ni_vap->iv_txparms[0] > > i.e. struct ieee80211_txparam &vap->iv_txparms[0] in case it matters. Yes, its seems that ratectl framework sometimes set ni->ni_txrate to 0 This can be mitigated by patch [1] or by setting ucastrate option in ifconfig. Still real issue need to be solved. -- Adios --Q68bSM7Ycu6FN28Q Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="patch.txt" Index: sys/dev/usb/wlan/if_rum.c @@ -1153,9 +1153,11 @@ rate = params->ibp_rate0; if (!ieee80211_isratevalid(ic->ic_rt, rate)) { + device_printf(sc->sc_dev, "invalid rate=%d\n", rate); m_freem(m0); return EINVAL; } + flags = 0; if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) flags |= RT2573_TX_NEED_ACK; @@ -1217,6 +1219,13 @@ else rate = ni->ni_txrate; + /* XXX ieee80211_ratectl sometimes set ni->ni_txrate to 0 */ + if (!ieee80211_isratevalid(ic->ic_rt, rate)) { + device_printf(sc->sc_dev, "invalid rate=%d\n", rate); + m_freem(m0); + return EINVAL; + } + if (wh->i_fc[1] & IEEE80211_FC1_WEP) { k = ieee80211_crypto_encap(ni, m0); if (k == NULL) { --Q68bSM7Ycu6FN28Q--