133712 – [ural] [patch] RE: Fixed an issue with ural(4) that was creating kernel panics (trap 12)

Bug 133712 - [ural] [patch] RE: Fixed an issue with ural(4) that was creating kernel panics (trap 12)

Summary: [ural] [patch] RE: Fixed an issue with ural(4) that was creating kernel panic...

Status:	Open

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	usb (show other bugs)
Version:	7.2-PRERELEASE
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-usb (Nobody)

URL:
Keywords:	patch

Depends on:
Blocks:

Reported:	2009-04-13 21:20 UTC by Paul G Webster
Modified:	2022-10-17 12:41 UTC (History)
CC List:	0 users

See Also:

Attachments
file.txt (61.74 KB, text/plain) 2009-04-13 21:20 UTC, Paul G Webster	no flags	Details
if_ural.diff (571 bytes, patch) 2009-04-13 22:58 UTC, Paul G Webster	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Paul G Webster 2009-04-13 21:20:02 UTC

On FreeBSD 7.0+ (and some 6.x versions according to other people on irc.freenode.net) you will get a Kpanic (trap12) when attempting to join a WPA enabled network. Here is the device in question:

ural0: <Cisco-Linksys Wireless-G USB Network Adapter, class 0/0, rev 2.00/0.04, addr 2> on uhub4
ural0: MAC/BBP RT2570 (rev 0x05), RF RT2526
ural0: WARNING: using obsoleted IFF_NEEDSGIANT flag
ural0: Ethernet address: 00:12:17:84:4d:74


Now after some playing around I found out (by adding a few debug lines in the source) the crash occured when the rf autotune was being disabled.. 

Count down to the crash RFTUNEa
Count down to the crash RFTUNEb
Count down to the crash RFTUNEc
disabling RF autotune <-- this message can be found in if_ural.c the rest are added by me
disabling RF autotune - ENABLED

now by adding all this debugging and turning on usb_debug it wont crash, after some investigating and some help from friends - apparently the crash is caused by a race event?  and by adding all this debug information it has slowed down sufficiantly to let the device disable autotuning correctly.. I have not removed the debugging lines YET, but im thinking about swapping some out for sleep lines to try and fix this race issue.. 

Anyway.. I thought I best send a PR for if any of you guys know about this.

-- Thank for your time 
-- Paul G Webster

Fix: Slow down the driver disabling rf autotune 

Patch attached with submission follows:
How-To-Repeat: Use "ural0: MAC/BBP RT2570 (rev 0x05), RF RT2526" (linksys WUSB54G) [version 4] and use wpa_supplicant to access a wpa1/2 network

Comment 1 Paul G Webster 2009-04-14 00:03:29 UTC

errr. no idea what happened there here it is in the body of the email:

--- /usr/src/sys/dev/usb/if_ural.c	2009-04-13 22:47:21.000000000 +0000
+++ /root/fbsdold/src/sys/dev/usb/if_ural.c	2007-09-17 19:07:24.000000000 +0000
@@ -1937,11 +1937,6 @@
 	if (sc->rf_rev != RAL_RF_2523) {
 		tmp = sc->rf_regs[RAL_RF1] & ~RAL_RF1_AUTOTUNE;
 		ural_rf_write(sc, RAL_RF1, tmp);
-		if (sc->rf_rev == RAL_RF_2526) {
-		/* This stops a race event ending in a kernel panic occuring on
some adapters */
-			DPRINTFN(2, ("RAL_RF_2526 workaround: Adding 0.1 second delay.\n"));
-			DELAY(100000);
-		}
 	}

 	tmp = sc->rf_regs[RAL_RF3] & ~RAL_RF3_AUTOTUNE;

Comment 2 Gavin Atkinson freebsd_committer

2009-04-17 16:48:03 UTC

State Changed
From-To: open->feedback

To submitter: can you please show details of the panic itself?  If you 
have compiled the debugger (DDB and KDB) into the kernel, the output of 
"bt" would be useful.  Thanks!

Comment 3 Gavin Atkinson freebsd_committer

2009-04-17 16:48:03 UTC

Responsible Changed
From-To: freebsd-usb->gavin

Track

Comment 4 Paul G Webster 2009-04-25 19:02:09 UTC

Below is a bt/kdb of the kpanic caused, I would also like to note I narrowed
down the problem even further to speific access-points/aps primarily netgear
ones but anyways... I also found that setting the delay a slow as 10000
works just as well.

(kgdb) bt
#0  0xc07eb8ac in doadump () at /usr/src/sys/kern/kern_shutdown.c:239
#1  0xc07ebfa7 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:417
#2  0xc07ec2b2 in panic (fmt=0xc0b5a4c9 "from debugger") at
/usr/src/sys/kern/kern_shutdown.c:571
#3  0xc0497627 in db_panic (addr=Could not find the frame base for
"db_panic".
) at /usr/src/sys/ddb/db_command.c:446
#4  0xc0497d9c in db_command (last_cmdp=0xc0c9a114, cmd_table=0x0,
dopager=1)
    at /usr/src/sys/ddb/db_command.c:413
#5  0xc0497eaa in db_command_loop () at /usr/src/sys/ddb/db_command.c:466
#6  0xc049995d in db_trap (type=12, code=0) at
/usr/src/sys/ddb/db_main.c:228
#7  0xc0818b06 in kdb_trap (type=12, code=0, tf=0xe58aeae4) at
/usr/src/sys/kern/subr_kdb.c:524
#8  0xc0af5f6f in trap_fatal (frame=0xe58aeae4, eva=0) at
/usr/src/sys/i386/i386/trap.c:930
#9  0xc0af6230 in trap_pfault (frame=0xe58aeae4, usermode=0, eva=0)
    at /usr/src/sys/i386/i386/trap.c:849
#10 0xc0af6c2a in trap (frame=0xe58aeae4) at
/usr/src/sys/i386/i386/trap.c:528
#11 0xc0ada8cb in alltraps_with_regs_pushed () at
/usr/src/sys/i386/i386/exception.s:155
#12 0xc5610008 in ?? ()
#13 0x00000028 in ?? ()
#14 0x00000028 in ?? ()
#15 0x00000002 in ?? ()
#16 0xc57f85e0 in ?? ()
#17 0xe58aeb24 in ?? ()
#18 0xe58aeb10 in ?? ()
#19 0xc563e000 in ?? ()
#20 0x00000000 in ?? ()
#21 0x00000220 in ?? ()
#22 0x00000000 in ?? ()
#23 0x0000000c in ?? ()
#24 0x00000000 in ?? ()
#25 0xc0756139 in usbd_get_buffer (xfer=0x0) at
/usr/src/sys/dev/usb/usbdi.c:488
#26 0xc07323a7 in ural_tx_mgt (sc=0xc563e000, m0=0xc57f8500, ni=Variable
"ni" is not available.
)
    at /usr/src/sys/dev/usb/if_ural.c:1252
#27 0xc0732f31 in ural_start (ifp=0xc5628000) at
/usr/src/sys/dev/usb/if_ural.c:1458
#28 0xc088688b in if_start (ifp=0x0) at pcpu.h:196
#29 0xc08bb1cb in ieee80211_mgmt_output (ic=0xc563e004, ni=0xc5b60000,
m=0xc57f8500, type=176)
    at /usr/src/sys/net80211/ieee80211_output.c:212
#30 0xc08bc420 in ieee80211_send_mgmt (ic=0xc563e004, ni=0xc5b60000,
type=176, arg=1)
    at /usr/src/sys/net80211/ieee80211_output.c:1948
#31 0xc08bfc0c in ieee80211_newstate (ic=0xc563e004,
nstate=IEEE80211_S_AUTH, arg=192)
    at /usr/src/sys/net80211/ieee80211_proto.c:1230
#32 0xc0734668 in ural_task (xarg=0xc563e000) at
/usr/src/sys/dev/usb/if_ural.c:787
#33 0xc0753551 in usb_task_thread (arg=0xc0cca534) at
/usr/src/sys/dev/usb/usb.c:481
#34 0xc07c5cc9 in fork_exit (callout=0xc07534a0 <usbread+192>,
arg=0xc0cca534, frame=0xe58aed38)
    at /usr/src/sys/kern/kern_fork.c:802
#35 0xc0ada940 in Xint0x80_syscall () at
/usr/src/sys/i386/i386/exception.s:255
#36 0x00000000 in ?? ()

-- thank you for your time
-- Paul G Webster

Comment 5 Gavin Atkinson freebsd_committer

2009-08-24 14:26:02 UTC

State Changed
From-To: feedback->open

Feedback was provided some time ago

Comment 6 Gavin Atkinson freebsd_committer

2009-08-24 14:26:02 UTC

Responsible Changed
From-To: gavin->freebsd-usb

Comment 7 Paul G Webster 2009-12-17 20:28:30 UTC

Sorry to ask, im not sure even if I should... as we are now on freebsd  
8.0-release and well im having yet another problem with the WUSB54G (ver  
4) (it wont associate with WPA access points), what happens to this post,  
its been open a long long time

-- thank you for your time
-- paul g webster
-- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

Comment 8 Eitan Adler freebsd_committer

2017-12-31 08:01:08 UTC

For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped

Comment 9 Graham Perrin freebsd_committer

2022-10-17 12:41:00 UTC

Keyword: 

    patch
or  patch-ready

– in lieu of summary line prefix: 

    [patch]

* bulk change for the keyword
* summary lines may be edited manually (not in bulk). 

Keyword descriptions and search interface: 

    <https://bugs.freebsd.org/bugzilla/describekeywords.cgi>