Date: Sun, 4 Nov 2007 16:48:36 GMT From: Christian Spiel <e9800675@stud4.tuwien.ac.at> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/117820: rum related kernel panic Message-ID: <200711041648.lA4GmalT005117@www.freebsd.org> Resent-Message-ID: <200711041650.lA4Go1wV067019@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 117820
>Category: kern
>Synopsis: rum related kernel panic
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Nov 04 16:50:01 UTC 2007
>Closed-Date:
>Last-Modified:
>Originator: Christian Spiel
>Release: 7.0-CURRENT
>Organization:
Vienna University of Technology
>Environment:
amd64
>Description:
Using the rum driver with WPA enabled the kernel panics within a few minutes when downloading stuff.
I have backtraced the problem using the coredump and kgdb. It shows that in if_rum.c at line 842 a null pointer dereference occurs.
842: if (data->m->m_flags & M_TXCB)
843: ieee80211_process_callback(data->ni, data->m,
844: status == USBD_NORMAL_COMPLETION ? 0 : ETIMEDOUT);
data is NULL because the function rum_txeof was called with priv==NULL.
>How-To-Repeat:
Easily repeatable
>Fix:
I have added a check against null pointer in this function and it improves the stability of the system considerably although that is of course not the correct solution.
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200711041648.lA4GmalT005117>