Bug 189405

Summary: [run] [wlan] hostapd, kernel panic, wlan using run device, run0: RT3071, RF RT3022
Product: Base System Reporter: freebsd
Component: wirelessAssignee: freebsd-wireless (Nobody) <wireless>
Status: Closed FIXED    
Severity: Affects Only Me CC: gabor.simon75, john, kevlo, marco, sbruno
Priority: Normal    
Version: 10.0-STABLE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Proposed patch to prevent kernel panic in hostap mode. none

Description freebsd 2014-05-07 02:40:01 UTC
Migrated from 9.2 to 10.0 via src build ie working on 9.2

When Hostapd is started get kernel panic.

Relevant rc.conf bits
wlans_run0="wlan0"
create_args_wlan0="wlanmode hostap country AU"
ifconfig_wlan0="inet 192.168.9.2  netmask 255.255.255.0 ssid <the SSID> mode 11g "
#hostapd_enable="YES"

dmesg info for run0:
run0: MAC/BBP RT3071 (rev 0x021C), RF RT3022 (MIMO 2T2R), address ...
run0: firmware RT3071 ver. 0.33 loaded

hostapd.conf
interface=wlan0
debug=1
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
ssid=<the SSID>
#country_code=
country_code=AU

# Enable IEEE 802.11d. This advertises the country_code and the set of allowed
# channels and transmit power levels based on the regulatory limits. The
# country_code setting must be configured with the correct country for
# IEEE 802.11d functions.
# (default: 0 = disabled)
ieee80211d=1

# Operation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g,
# Default: IEEE 802.11b
hw_mode=g

wpa=3
wpa_passphrase=<Secret>
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP TKIP


Backtrace from core.txt.0:
FreeBSD mast.priv.ate 10.0-STABLE FreeBSD 10.0-STABLE #0 r265463: Wed May  7 09:16:10 EST 2014     root@mast.priv.ate:/usr/obj/usr/src/sys/GENERIC  amd64

panic: page fault

GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...

Unread portion of the kernel message buffer:
panic: page fault
cpuid = 0
KDB: stack backtrace:
#0 0xffffffff80929670 at kdb_backtrace+0x60
#1 0xffffffff808eebd5 at panic+0x155
#2 0xffffffff80ce26ff at trap_fatal+0x38f
#3 0xffffffff80ce2a18 at trap_pfault+0x308
#4 0xffffffff80ce20d0 at trap+0x4a0
#5 0xffffffff80cc8bb2 at calltrap+0x8
#6 0xffffffff81875bcc at run_update_beacon+0x19c
#7 0xffffffff809fa7bf at ieee80211_wme_updateparams_locked+0x32f
#8 0xffffffff809fa873 at ieee80211_wme_updateparams+0x53
#9 0xffffffff809fa445 at ieee80211_wme_initparams+0x2a5
#10 0xffffffff809efd3e at ieee80211_sta_join1+0xde
#11 0xffffffff809d5b70 at hostap_newstate+0x2f0
#12 0xffffffff81876428 at run_newstate+0x5f8
#13 0xffffffff809f93bf at ieee80211_newstate_cb+0x14f
#14 0xffffffff80937cb5 at taskqueue_run_locked+0xe5
#15 0xffffffff80938748 at taskqueue_thread_loop+0xa8
#16 0xffffffff808bf76a at fork_exit+0x9a
#17 0xffffffff80cc90ee at fork_trampoline+0xe
Uptime: 56m56s
Dumping 208 out of 2013 MB:..8%..16%..24%..31%..47%..54%..62%..77%..85%..93%

Reading symbols from /boot/kernel/if_run.ko.symbols...done.
Loaded symbols for /boot/kernel/if_run.ko.symbols
Reading symbols from /boot/kernel/runfw.ko.symbols...done.
Loaded symbols for /boot/kernel/runfw.ko.symbols
Reading symbols from /boot/kernel/ng_ubt.ko.symbols...done.
Loaded symbols for /boot/kernel/ng_ubt.ko.symbols
Reading symbols from /boot/kernel/ng_hci.ko.symbols...done.
Loaded symbols for /boot/kernel/ng_hci.ko.symbols
Reading symbols from /boot/kernel/ng_bluetooth.ko.symbols...done.
Loaded symbols for /boot/kernel/ng_bluetooth.ko.symbols
Reading symbols from /boot/kernel/netgraph.ko.symbols...done.
Loaded symbols for /boot/kernel/netgraph.ko.symbols
Reading symbols from /boot/kernel/fdescfs.ko.symbols...done.
Loaded symbols for /boot/kernel/fdescfs.ko.symbols
Reading symbols from /boot/kernel/if_axe.ko.symbols...done.
Loaded symbols for /boot/kernel/if_axe.ko.symbols
Reading symbols from /boot/kernel/uether.ko.symbols...done.
Loaded symbols for /boot/kernel/uether.ko.symbols
Reading symbols from /boot/kernel/ng_ether.ko.symbols...done.
Loaded symbols for /boot/kernel/ng_ether.ko.symbols
Reading symbols from /boot/kernel/ng_pppoe.ko.symbols...done.
Loaded symbols for /boot/kernel/ng_pppoe.ko.symbols
Reading symbols from /boot/kernel/ng_socket.ko.symbols...done.
Loaded symbols for /boot/kernel/ng_socket.ko.symbols
Reading symbols from /boot/kernel/ipfw.ko.symbols...done.
Loaded symbols for /boot/kernel/ipfw.ko.symbols
Reading symbols from /boot/kernel/linux.ko.symbols...done.
Loaded symbols for /boot/kernel/linux.ko.symbols
Reading symbols from /boot/kernel/ng_btsocket.ko.symbols...done.
Loaded symbols for /boot/kernel/ng_btsocket.ko.symbols
Reading symbols from /boot/kernel/vkbd.ko.symbols...done.
Loaded symbols for /boot/kernel/vkbd.ko.symbols
Reading symbols from /boot/kernel/wlan_xauth.ko.symbols...done.
Loaded symbols for /boot/kernel/wlan_xauth.ko.symbols
#0  doadump (textdump=<value optimized out>) at pcpu.h:219
219     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb) #0  doadump (textdump=<value optimized out>) at pcpu.h:219
#1  0xffffffff808ee852 in kern_reboot (howto=260)
    at /usr/src/sys/kern/kern_shutdown.c:452
#2  0xffffffff808eec14 in panic (fmt=<value optimized out>)
    at /usr/src/sys/kern/kern_shutdown.c:759
    at /usr/src/sys/kern/kern_shutdown.c:452
#2  0xffffffff808eec14 in panic (fmt=<value optimized out>)
    at /usr/src/sys/kern/kern_shutdown.c:759
#3  0xffffffff80ce26ff in trap_fatal (frame=<value optimized out>, 
    eva=<value optimized out>) at /usr/src/sys/amd64/amd64/trap.c:881
#4  0xffffffff80ce2a18 in trap_pfault (frame=0xfffffe0096e0e740, 
    usermode=<value optimized out>) at /usr/src/sys/amd64/amd64/trap.c:692
#5  0xffffffff80ce20d0 in trap (frame=0xfffffe0096e0e740)
    at /usr/src/sys/amd64/amd64/trap.c:456
#6  0xffffffff80cc8bb2 in calltrap ()
    at /usr/src/sys/amd64/amd64/exception.S:232
#7  0xffffffff809f760c in ieee80211_beacon_update (ni=0xfffffe0001354000, 
    bo=0xfffff8000538b9e8, m=0x0, mcast=0) at atomic.h:161
#8  0xffffffff81875bcc in run_update_beacon (vap=0xfffff8000538b000, item=2)
    at /usr/src/sys/modules/usb/run/../../../dev/usb/wlan/if_run.c:4913
#9  0xffffffff809fa7bf in ieee80211_wme_updateparams_locked (
    vap=0xfffff8000538b000) at ieee80211_var.h:814
#10 0xffffffff809fa873 in ieee80211_wme_updateparams (vap=0xfffff8000538b000)
    at /usr/src/sys/net80211/ieee80211_proto.c:1150
#11 0xffffffff809fa445 in ieee80211_wme_initparams (vap=<value optimized out>)
    at /usr/src/sys/net80211/ieee80211_proto.c:955
#12 0xffffffff809efd3e in ieee80211_sta_join1 ()
    at /usr/src/sys/net80211/ieee80211_node.c:741
#13 0xffffffff809d5b70 in hostap_newstate (vap=0xfffff8000538b000, 
    nstate=<value optimized out>, arg=<value optimized out>)
    at /usr/src/sys/net80211/ieee80211_hostap.c:273
#14 0xffffffff81876428 in run_newstate (vap=<value optimized out>, 
    nstate=<value optimized out>, arg=<value optimized out>)
    at /usr/src/sys/modules/usb/run/../../../dev/usb/wlan/if_run.c:2170
#15 0xffffffff809f93bf in ieee80211_newstate_cb (xvap=0xfffff8000538b000, 
    npending=<value optimized out>)
    at /usr/src/sys/net80211/ieee80211_proto.c:1756
#16 0xffffffff80937cb5 in taskqueue_run_locked (queue=0xfffff80005264d00)
    at /usr/src/sys/kern/subr_taskqueue.c:342
#17 0xffffffff80938748 in taskqueue_thread_loop (arg=<value optimized out>)
    at /usr/src/sys/kern/subr_taskqueue.c:563
#18 0xffffffff808bf76a in fork_exit (
    callout=0xffffffff809386a0 <taskqueue_thread_loop>, 
    arg=0xfffffe0000c150f0, frame=0xfffffe0096e0ec00)
    at /usr/src/sys/kern/kern_fork.c:995
#19 0xffffffff80cc90ee in fork_trampoline ()
    at /usr/src/sys/amd64/amd64/exception.S:606
#20 0x0000000000000000 in ?? ()

How-To-Repeat: Plug in Ralink RT3071/RT3022 based USB wifi dongle.

Configure wlan for hostap mode, ip address ...

Configure hostapd

service hostapd onestart

bang
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2014-05-07 06:05:57 UTC
Responsible Changed
From-To: freebsd-bugs->freebsd-wireless

Over to maintainer(s).
Comment 2 Gabor Simon 2014-07-17 13:09:59 UTC
Created attachment 144753 [details]
Proposed patch to prevent kernel panic in hostap mode.

rvp->beacon_mbuf was NULL in run_update_beacon
Comment 3 john 2014-08-05 03:13:25 UTC
I also ran into this after migrating 9.2 to 10.0 via src build (the wifi
was working fine on 9.2). The supplied patch appears to fix the problem 
on my machine.
Comment 4 marco 2014-10-15 15:27:11 UTC
Adding a "me too" here.

I'm currently running 10.1RC1.  I noticed that the patch, which does fix things for me, has not made it into HEAD yet.

The USB stick I use while running into this issue has the following details:
- Asus USB-N66 Dual-band Wireless-N900 USB Adapter
- ugen1.3: <802.11 n WLAN Ralink> at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON (450mA)

It would be really cool if the proposed patch or similar would ultimately make it into release so I don't have to manually patch if_run.c on every update.

Thanks!
Comment 5 Sean Bruno freebsd_committer freebsd_triage 2014-10-15 15:44:20 UTC
Kevin:

Is this something you want to review or should I just commit this?
Comment 6 Kevin Lo freebsd_committer freebsd_triage 2014-10-16 01:53:57 UTC
Sean,

Sorry I've been super busy lately so haven't had time to review it.
In run_update_beacon(), it seems that this patch is not entirely correct.
Give me a week to review this patch and fix that issue, thank you.
Comment 7 marco 2014-10-16 08:07:54 UTC
Hi guys,

Thank you very much for giving this attention, I really appreciate that.

Of course I'd be willing to try patches, altho I really do prefer to stay
on the 10.1 series on this system at this moment.  I could scout for another
chassis and try later versions in that if really necessary.

While you guys are looking into this, this morning I ran into the issue
described here: https://lists.freebsd.org/pipermail/freebsd-wireless/2011-July/000352.html

Could you maybe have a look into that as well?

Basically what I witnessed having is many "run0: device timeout" messages
and everybody loosing connection.
A simple "ifconfig wlan0 down ; ifconfig wlan0 up" fixed it.

The documentation says the driver should reset the device when this happens.
That would be cool if it would do that, or do a "down / up" equivalent.

I am really sorry to add more work to this and appreciate what you're doing
for this!

Thanks!
Comment 8 commit-hook freebsd_committer freebsd_triage 2014-10-22 03:33:17 UTC
A commit references this bug:

Author: kevlo
Date: Wed Oct 22 03:32:27 UTC 2014
New revision: 273448
URL: https://svnweb.freebsd.org/changeset/base/273448

Log:
  Fix the kernel panic in hostap mode.
  rvp->beacon_mbuf was NULL in run_update_beacon().

  PR:	189405
  Submitted by:	Gabor Simon <gabor.simon75 at gmail.com>
  MFC after:	3 days

Changes:
  head/sys/dev/usb/wlan/if_run.c
Comment 9 marco 2014-10-23 15:31:59 UTC
Hi there,

Thank you very much for this!

I'm currently testing your changes on my system.
So far it's looking good.  When things were not good, hostapd would panic
the system within a couple of seconds.

Thanks!
Comment 10 commit-hook freebsd_committer freebsd_triage 2014-10-25 15:07:00 UTC
A commit references this bug:

Author: kevlo
Date: Sat Oct 25 15:06:10 UTC 2014
New revision: 273636
URL: https://svnweb.freebsd.org/changeset/base/273636

Log:
  MFC r273448:
  Fix the kernel panic in hostap mode.
  rvp->beacon_mbuf was NULL in run_update_beacon().

  PR:	189405
  Submitted by:	Gabor Simon <gabor.simon75 at gmail.com>

Changes:
_U  stable/10/
  stable/10/sys/dev/usb/wlan/if_run.c