I recently upgraded a kernel on my notebook to Dec 23. I don't have the date of the previous kernel on-hand, but I suspect it was late November from before I was on travel. I have a local configuration I sometimes use with adhoc 802.11 on a prism card using WEP, using a FreeBSD notebook as a proxy to reach a wired network. The other system is a Mac OS X notebook. As of the upgrade, I get a kernel page fault on the FreeBSD system whenever I attempt to use the Mac OS X box with wireless. In fact, booting the Mac OS X box causes the FreeBSD box to panic, presumably as the Mac OS X box says "Hi, I'm here!". The panic is a NULL pointer derefernece in ieee80211_find_rxnode(). I don't have the complete trap message due to not having a serial console for the box, but below is some core information. This is highly reproduceable; please let me know if more information is needed. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert_at_fledge.watson.org Principal Research Scientist, McAfee Research #21 0x00000002 in ?? () #22 0xc05a6b2b in ieee80211_find_rxnode (ic=0xc1bcf25c, wh=0xc1bb8730) at atomic.h:365 #23 0xc04ca7c7 in wi_intr (arg=0xc1bcf000) at /usr/src/sys/dev/wi/if_wi.c:1533 #24 0xc0506d8d in ithread_loop (arg=0xc197b780) at /usr/src/sys/kern/kern_intr.c:547 #25 0xc0505e8c in fork_exit (callout=0xc0506ce0 <ithread_loop>, arg=0xc197b780, frame=0xd418fd48) at /usr/src/sys/kern/kern_fork.c:790 #26 0xc069619c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:209 (kgdb) frame 22 #22 0xc05a6b2b in ieee80211_find_rxnode (ic=0xc1bcf25c, wh=0xc1bb8730) at atomic.h:365 365 { (kgdb) list 360 #define atomic_readandclear_32 atomic_readandclear_int 361 362 #if !defined(WANT_FUNCTIONS) 363 static __inline int 364 atomic_cmpset_ptr(volatile void *dst, void *exp, void *src) 365 { 366 367 return (atomic_cmpset_int((volatile u_int *)dst, (u_int)exp, 368 (u_int)src)); 369 } (kgdb) inspect nt $1 = (struct ieee80211_node_table *) 0x0 # # I'm not sure how to get gdb to tell me what line in the 802.11 code this # is, but I'm assuming it's the call to IEEE80211_NODE_LOCK() that's # failing due to a NULL nt. # (kgdb) inspect ic $2 = (struct ieee80211com *) 0xc1bcf25c (kgdb) inspect *ic $3 = {ic_next = {sle_next = 0x0}, ic_ifp = 0xc1bcf000, ic_stats = { is_rx_badversion = 0, is_rx_tooshort = 0, is_rx_wrongbss = 0, is_rx_dup = 0, is_rx_wrongdir = 0, is_rx_mcastecho = 0, is_rx_notassoc = 0, is_rx_noprivacy = 0, is_rx_unencrypted = 0, is_rx_wepfail = 0, is_rx_decap = 0, is_rx_mgtdiscard = 0, is_rx_ctl = 0, is_rx_beacon = 0, is_rx_rstoobig = 0, is_rx_elem_missing = 0, is_rx_elem_toobig = 0, is_rx_elem_toosmall = 0, is_rx_elem_unknown = 0, is_rx_badchan = 0, is_rx_chanmismatch = 0, is_rx_nodealloc = 0, is_rx_ssidmismatch = 0, is_rx_auth_unsupported = 0, is_rx_auth_fail = 0, is_rx_auth_countermeasures = 0, is_rx_assoc_bss = 0, is_rx_assoc_notauth = 0, is_rx_assoc_capmismatch = 0, is_rx_assoc_norate = 0, is_rx_assoc_badwpaie = 0, is_rx_deauth = 0, is_rx_disassoc = 0, is_rx_badsubtype = 0, is_rx_nobuf = 0, is_rx_decryptcrc = 0, is_rx_ahdemo_mgt = 0, is_rx_bad_auth = 0, is_rx_unauth = 0, is_rx_badkeyid = 0, is_rx_ccmpreplay = 0, is_rx_ccmpformat = 0, is_rx_ccmpmic = 0, is_rx_tkipreplay = 0, is_rx_tkipformat = 0, is_rx_tkipmic = 0, is_rx_tkipicv = 0, is_rx_badcipher = 0, is_rx_nocipherctx = 0, is_rx_acl = 0, is_tx_nobuf = 0, is_tx_nonode = 0, is_tx_unknownmgt = 0, is_tx_badcipher = 0, is_tx_nodefkey = 0, is_tx_noheadroom = 0, is_scan_active = 0, is_scan_passive = 0, is_node_timeout = 0, is_crypto_nomem = 0, is_crypto_tkip = 0, is_crypto_tkipenmic = 0, is_crypto_tkipdemic = 0, is_crypto_tkipcm = 0, is_crypto_ccmp = 0, is_crypto_wep = 0, is_crypto_setkey_cipher = 0, is_crypto_setkey_nokey = 0, is_crypto_delkey = 0, is_crypto_badcipher = 0, is_crypto_nocipher = 1, is_crypto_attachfail = 0, is_crypto_swfallback = 0, is_crypto_keyfail = 0, is_ibss_capmismatch = 0, is_ibss_norate = 0, is_ps_unassoc = 0, is_ps_badaid = 0, is_ps_qempty = 0}, ic_sysctl = 0xc1bd2050, ic_debug = 0, ic_vap = 0, ic_beaconlock = {mtx_object = {lo_class = 0xc0719364, lo_name = 0xc06eaf51 "beacon", lo_type = 0xc06eaf3e "802.11 beacon lock", lo_flags = 196608, lo_list = { tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0}, ic_reset = 0, ic_recv_mgmt = 0xc059e63c <ieee80211_recv_mgmt>, ic_send_mgmt = 0xc05a9948 <ieee80211_send_mgmt>, ic_newstate = 0xc04c8e2c <wi_newstate>, ic_newassoc = 0, ic_updateslot = 0, ic_set_tim = 0xc05a8b8c <ieee80211_set_tim>, ic_myaddr = "\000\t[1'¤", ic_sup_rates = {{rs_nrates = 0 '\0', rs_rates = '\0' <repeats 14 times>}, { rs_nrates = 0 '\0', rs_rates = '\0' <repeats 14 times>}, { rs_nrates = 4 '\004', rs_rates = "\002\004\v\026\000\000\000\000\000\000\000\000\000\000"}, { rs_nrates = 0 '\0', rs_rates = '\0' <repeats 14 times>}, { rs_nrates = 0 '\0', rs_rates = '\0' <repeats 14 times>}, { rs_nrates = 0 '\0', rs_rates = '\0' <repeats 14 times>}, { rs_nrates = 0 '\0', rs_rates = '\0' <repeats 14 times>}}, ic_channels = { {ic_freq = 0, ic_flags = 0}, {ic_freq = 2412, ic_flags = 160}, { ic_freq = 2417, ic_flags = 160}, {ic_freq = 2422, ic_flags = 160}, { ic_freq = 2427, ic_flags = 160}, {ic_freq = 2432, ic_flags = 160}, { ic_freq = 2437, ic_flags = 160}, {ic_freq = 2442, ic_flags = 160}, { ic_freq = 2447, ic_flags = 160}, {ic_freq = 2452, ic_flags = 160}, { ic_freq = 2457, ic_flags = 160}, {ic_freq = 2462, ic_flags = 160}, { ic_freq = 0, ic_flags = 0} <repeats 244 times>}, ic_chan_avail = "þ\017", '\0' <repeats 29 times>, ic_chan_active = "þ\017", '\0' <repeats 29 times>, ic_chan_scan = '\0' <repeats 31 times>, ic_scan = {nt_ic = 0xc1bcf25c, nt_nodelock = {mtx_object = {lo_class = 0xc0719364, lo_name = 0xc1bcf00c "wi0", lo_type = 0xc06ebe51 "802.11 node table", lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0}, nt_node = { tqh_first = 0xc1a6d800, tqh_last = 0xc1a6d808}, nt_hash = {{ lh_first = 0x0}, {lh_first = 0x0}, {lh_first = 0x0}, {lh_first = 0x0}, {lh_first = 0xc1a6d800}, {lh_first = 0x0} <repeats 27 times>}, nt_name = 0xc06f7e21 "scan", nt_scanlock = {mtx_object = { lo_class = 0xc0719364, lo_name = 0xc1bcf00c "wi0", lo_type = 0xc06ebe63 "802.11 scangen", lo_flags = 196608, lo_list = { tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0}, nt_scangen = 1, nt_inact_timer = 13, nt_inact_init = 20, nt_timeout = 0xc05a7c0c <ieee80211_timeout_scan_candidates>}, ic_mgtq = { ifq_head = 0x0, ifq_tail = 0x0, ifq_len = 0, ifq_maxlen = 0, ifq_drops = 0, ifq_mtx = {mtx_object = {lo_class = 0xc0719364, lo_name = 0xc1bcf00c "wi0", lo_type = 0xc06ec7bb "mgmt send q", lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0}}, ic_flags = 2228240, ic_caps = 67329, ic_modecaps = 5, ic_curmode = 0, ic_phytype = IEEE80211_T_DS, ic_opmode = IEEE80211_M_IBSS, ic_state = IEEE80211_S_RUN, ic_protmode = IEEE80211_PROT_CTSONLY, ic_roaming = IEEE80211_ROAMING_AUTO, ic_sta = 0x0, ic_aid_bitmap = 0xc1bd37e0, ic_max_aid = 256, ic_sta_assoc = 0, ic_ps_sta = 0, ic_ps_pending = 0, ic_tim_bitmap = 0xc1bd3780 "", ic_tim_len = 32, ic_dtim_period = 1, ic_media = {ifm_mask = 0, ifm_media = 384, ifm_cur = 0xc1bd3760, ifm_list = {lh_first = 0xc1a6fc20}, ifm_change = 0xc04c7130 <wi_media_change>, ifm_status = 0xc04c7490 <wi_media_status>}, ic_rawbpf = 0x0, ic_bss = 0xc1a6d800, ic_ibss_chan = 0xc1bcf46e, ic_fixed_rate = -1, ic_rtsthreshold = 2312, ic_fragthreshold = 2346, ic_node_alloc = 0xc05a5f9c <node_alloc>, ic_node_free = 0xc05a6140 <node_free>, ic_node_cleanup = 0xc05a5fb8 <node_cleanup>, ic_node_getrssi = 0xc05a61bc <node_getrssi>, ic_lintval = 100, ic_holdover = 0, ic_txmin = 0, ic_txmax = 0, ic_txlifetime = 0, ic_txpowlimit = 100, ic_bmisstimeout = 700, ic_nonerpsta = 0, ic_longslotsta = 0, ic_mgt_timer = 0, ic_inact_timer = 0, ic_des_esslen = 5, ic_des_essid = "XXXXX", '\0' <repeats 26 times>, ic_des_chan = 0xffff, ic_des_bssid = "\000\000\000\000\000", ic_opt_ie = 0x0, ic_opt_ie_len = 0, ic_inact_init = 2, ic_inact_auth = 12, ic_inact_run = 20, ic_inact_probe = 2, ic_wme = {wme_flags = 0, wme_hipri_traffic = 0, wme_hipri_switch_thresh = 0, wme_hipri_switch_hysteresis = 3, wme_params = {{wmep_acm = 0 '\0', wmep_aifsn = 0 '\0', wmep_logcwmin = 0 '\0', wmep_logcwmax = 0 '\0', wmep_txopLimit = 0 '\0', wmep_noackPolicy = 0 '\0'}, { wmep_acm = 0 '\0', wmep_aifsn = 0 '\0', wmep_logcwmin = 0 '\0', wmep_logcwmax = 0 '\0', wmep_txopLimit = 0 '\0', wmep_noackPolicy = 0 '\0'}, {wmep_acm = 0 '\0', wmep_aifsn = 0 '\0', wmep_logcwmin = 0 '\0', wmep_logcwmax = 0 '\0', wmep_txopLimit = 0 '\0', wmep_noackPolicy = 0 '\0'}, { wmep_acm = 0 '\0', wmep_aifsn = 0 '\0', wmep_logcwmin = 0 '\0', wmep_logcwmax = 0 '\0', wmep_txopLimit = 0 '\0', wmep_noackPolicy = 0 '\0'}}, wme_wmeChanParams = {cap_info = 0 '\0', cap_wmeParams = {{wmep_acm = 0 '\0', wmep_aifsn = 0 '\0', wmep_logcwmin = 0 '\0', wmep_logcwmax = 0 '\0', wmep_txopLimit = 0 '\0', wmep_noackPolicy = 0 '\0'}, { wmep_acm = 0 '\0', wmep_aifsn = 0 '\0', wmep_logcwmin = 0 '\0', wmep_logcwmax = 0 '\0', wmep_txopLimit = 0 '\0', wmep_noackPolicy = 0 '\0'}, {wmep_acm = 0 '\0', wmep_aifsn = 0 '\0', wmep_logcwmin = 0 '\0', wmep_logcwmax = 0 '\0', wmep_txopLimit = 0 '\0', wmep_noackPolicy = 0 '\0'}, { wmep_acm = 0 '\0', wmep_aifsn = 0 '\0', wmep_logcwmin = 0 '\0', wmep_logcwmax = 0 '\0', wmep_txopLimit = 0 '\0', wmep_noackPolicy = 0 '\0'}}}, wme_wmeBssChanParams = { cap_info = 0 '\0', cap_wmeParams = {{wmep_acm = 0 '\0', wmep_aifsn = 0 '\0', wmep_logcwmin = 0 '\0', wmep_logcwmax = 0 '\0', wmep_txopLimit = 0 '\0', wmep_noackPolicy = 0 '\0'}, { wmep_acm = 0 '\0', wmep_aifsn = 0 '\0', wmep_logcwmin = 0 '\0', wmep_logcwmax = 0 '\0', wmep_txopLimit = 0 '\0', wmep_noackPolicy = 0 '\0'}, {wmep_acm = 0 '\0', wmep_aifsn = 0 '\0', wmep_logcwmin = 0 '\0', wmep_logcwmax = 0 '\0', wmep_txopLimit = 0 '\0', wmep_noackPolicy = 0 '\0'}, { wmep_acm = 0 '\0', wmep_aifsn = 0 '\0', wmep_logcwmin = 0 '\0', wmep_logcwmax = 0 '\0', wmep_txopLimit = 0 '\0', wmep_noackPolicy = 0 '\0'}}}, wme_chanParams = {cap_info = 0 '\0', cap_wmeParams = {{wmep_acm = 0 '\0', wmep_aifsn = 0 '\0', wmep_logcwmin = 0 '\0', wmep_logcwmax = 0 '\0', wmep_txopLimit = 0 '\0', wmep_noackPolicy = 0 '\0'}, { wmep_acm = 0 '\0', wmep_aifsn = 0 '\0', wmep_logcwmin = 0 '\0', wmep_logcwmax = 0 '\0', wmep_txopLimit = 0 '\0', wmep_noackPolicy = 0 '\0'}, {wmep_acm = 0 '\0', wmep_aifsn = 0 '\0', wmep_logcwmin = 0 '\0', wmep_logcwmax = 0 '\0', wmep_txopLimit = 0 '\0', wmep_noackPolicy = 0 '\0'}, { wmep_acm = 0 '\0', wmep_aifsn = 0 '\0', wmep_logcwmin = 0 '\0', wmep_logcwmax = 0 '\0', wmep_txopLimit = 0 '\0', wmep_noackPolicy = 0 '\0'}}}, wme_bssChanParams = { cap_info = 0 '\0', cap_wmeParams = {{wmep_acm = 0 '\0', wmep_aifsn = 0 '\0', wmep_logcwmin = 0 '\0', wmep_logcwmax = 0 '\0', wmep_txopLimit = 0 '\0', wmep_noackPolicy = 0 '\0'}, { wmep_acm = 0 '\0', wmep_aifsn = 0 '\0', wmep_logcwmin = 0 '\0', wmep_logcwmax = 0 '\0', wmep_txopLimit = 0 '\0', wmep_noackPolicy = 0 '\0'}, {wmep_acm = 0 '\0', wmep_aifsn = 0 '\0', wmep_logcwmin = 0 '\0', wmep_logcwmax = 0 '\0', wmep_txopLimit = 0 '\0', wmep_noackPolicy = 0 '\0'}, { wmep_acm = 0 '\0', wmep_aifsn = 0 '\0', wmep_logcwmin = 0 '\0', wmep_logcwmax = 0 '\0', wmep_txopLimit = 0 '\0', wmep_noackPolicy = 0 '\0'}}}, wme_update = 0}, ic_crypto = { cs_nw_keys = {{wk_keylen = 13 '\r', wk_flags = 3 '\003', wk_keyix = 0, wk_key = "XXXXXXXXXXXX\021", '\0' <repeats 18 times>, wk_keyrsc = 0, wk_keytsc = 0, wk_cipher = 0xc1f7b080, wk_private = 0xc1a8f010}, { wk_keylen = 0 '\0', wk_flags = 3 '\003', wk_keyix = 1, wk_key = '\0' <repeats 31 times>, wk_keyrsc = 0, wk_keytsc = 0, wk_cipher = 0xc06c2ac0, wk_private = 0xc1bcf25c}, {wk_keylen = 0 '\0', wk_flags = 3 '\003', wk_keyix = 2, wk_key = '\0' <repeats 31 times>, wk_keyrsc = 0, wk_keytsc = 0, wk_cipher = 0xc06c2ac0, wk_private = 0xc1bcf25c}, {wk_keylen = 0 '\0', wk_flags = 3 '\003', wk_keyix = 3, wk_key = '\0' <repeats 31 times>, wk_keyrsc = 0, wk_keytsc = 0, wk_cipher = 0xc06c2ac0, wk_private = 0xc1bcf25c}}, cs_def_txkey = 0, cs_key_alloc = 0xc059d048 <null_key_alloc>, cs_key_delete = 0xc059d054 <null_key_delete>, cs_key_set = 0xc059d060 <null_key_set>, cs_key_update_begin = 0xc059d06c <null_key_update>, cs_key_update_end = 0xc059d06c <null_key_update>}, ic_auth = 0xc06c3160, ic_ec = 0x0, ic_acl = 0x0, ic_as = 0x0} Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert_at_fledge.watson.org Principal Research Scientist, McAfee ResearchReceived on Sat Dec 25 2004 - 19:33:11 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:25 UTC