NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
kern/45745: ath0 hostap change mode panic
>Number: 45745
>Category: kern
>Synopsis: ath0 hostap panics with ifconfig ath0 mode 11g
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Dec 26 22:20:00 +0000 2011
>Originator: Patrick Welche
>Release: NetBSD 5.99.59
>Organization:
>Environment:
Architecture: i386
Machine: i386
>Description:
On NetBSD/i386-current from 24 Dec, I tried setting up a hostap based on ath0:
Vendor Name: Atheros Communications (0x168c)
Device Name: AR5212 Wireless LAN (0x0013)
The iwn0 client and the ath0 had an "active" network, but according
to tcpdump, neither could see any packets. I then tried
ifconfig ath0 mode 11g
as ifconfig -m ath0 lists
media autoselect mode 11g mediaopt hostap
as the iwn0 selected 11g but as the ath0 was in hostap mode,
it picked the first available mode, i.e., 11b (ieee80211.c::642).
However, this caused a (repeatable) panic:
#0 0xc031c7a8 in maybe_dump (howto=260)
at ../../../../arch/i386/i386/machdep.c:861
#1 cpu_reboot (howto=260, bootstr=0x0)
at ../../../../arch/i386/i386/machdep.c:886
#2 0xc0481676 in vpanic (fmt=0xc065e78c "bogus long slot station count %d",
ap=0xce45a648 "") at ../../../../kern/subr_prf.c:308
#3 0xc0481738 in panic (fmt=0xc065e78c "bogus long slot station count %d")
at ../../../../kern/subr_prf.c:205
#4 0xc025cb08 in ieee80211_node_leave_11g (ni=0xc3497000, ic=0xcbdae4ac)
at ../../../../net80211/ieee80211_node.c:2228
#5 ieee80211_node_leave (ic=0xcbdae4ac, ni=0xc3497000)
at ../../../../net80211/ieee80211_node.c:2311
#6 0xc025c7c5 in ieee80211_iterate_nodes (nt=0xcbdaec2c,
f=0xc02607a0 <sta_disassoc>, arg=0xcbdae4ac)
at ../../../../net80211/ieee80211_node.c:2062
#7 0xc0260d34 in ieee80211_newstate (ic=0xcbdae4ac, nstate=IEEE80211_S_INIT,
arg=-1) at ../../../../net80211/ieee80211_proto.c:939
#8 0xc017ec35 in ath_newstate (ic=0xcbdae4ac, nstate=IEEE80211_S_INIT, arg=-1)
at ../../../../dev/ic/ath.c:4805
#9 0xc017a4df in ath_stop_locked (ifp=0xcbdae030, disable=0)
at ../../../../dev/ic/ath.c:1112
#10 0xc017f818 in ath_init (sc=0xcbdae000) at ../../../../dev/ic/ath.c:999
#11 0xc017fa1d in ath_media_change (ifp=0xcbdae030)
at ../../../../dev/ic/ath.c:1454
#12 0xc027a217 in ifmedia_change (ifp=0xcbdae030, ifm=0xcbdaecf0)
at ../../../../net/if_media.c:125
#13 ifmedia_ioctl (ifp=0xcbdae030, ifr=0xcc8faf00, ifm=0xcbdaecf0,
cmd=3230689589) at ../../../../net/if_media.c:298
#14 0xc02559bb in ieee80211_ioctl (ic=0xcbdae4ac, cmd=3230689589,
data=0xcc8faf00) at ../../../../net80211/ieee80211_ioctl.c:2609
#15 0xc017faee in ath_ioctl (ifp=0xcbdae030, cmd=3230689589, data=0xcc8faf00)
at ../../../../dev/ic/ath.c:5365
#16 0xc0265706 in ifioctl (so=0xc2ece928, cmd=3230689589, data=0xcc8faf00,
l=0xcdc8fd40) at ../../../../net/if.c:1839
#17 0xc04959da in soo_ioctl (fp=0xd3af8c40, cmd=3230689589, data=0xcc8faf00)
at ../../../../kern/sys_socket.c:200
#18 0xc048a921 in sys_ioctl (l=0xcdc8fd40, uap=0xce45acf4, retval=0xce45ad1c)
at ../../../../kern/sys_generic.c:645
#19 0xc0495ac7 in sy_call (rval=0xce45ad1c, uap=0xce45acf4, l=0xcdc8fd40,
sy=0xc06d6e08) at ../../../../sys/syscallvar.h:61
#20 syscall (frame=0xce45ad48) at ../../../../arch/x86/x86/syscall.c:196
#21 0xc010058d in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
ieee80211_node
ni->nicapinfo = 49 = 0x31 = ESS, PRIVACY, SHORT_PREAMBLE
ieee80211com
ic->ic_longslotsta = 0
ic->ic_modecaps = 13 = 1+4+8 = IEEE80211_MODE_AUTO, 11B, 11G.
ic->ic_curmode = 3 = IEEE80211_MODE_11G
I think that the problem is that we ask for 11G, so ic_curmode is changed
to 11G, then we need to reset for the change to take effect => ath_init, but
then we must leave our current network: 11G as that is what curmode now says.
oops.
>How-To-Repeat:
>Fix:
>Unformatted:
24 Dec 2011
Home |
Main Index |
Thread Index |
Old Index