>Number:         35168
>Category:       kern
>Synopsis:       problable double free panic in net80211
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Dec 02 12:20:00 +0000 2006
>Originator:     Arnaud Degroote
>Release:        NetBSD-current
>Organization:
>Environment:
>Description:
Using a kernel with KMEMSTATS and DIAGNOSTIC, the net80211 stack quicly panic with the following message : panic : free 2 : inuse 0: probable double free. The backtrace seems like to

panic
free
node_free
_ieee80211_free_node
ieee80211_free_allnodes_locked
ieee80211_node_table_reset
wpi_newstate
ieee80211_next_scan
ieee80211_end_scan
wpi_intr
intr_biglock_wrapper



>How-To-Repeat:
Compile a kernel with KMEMSTATS options and DIAGNOSTIC option.
I don't know if it is related to the wpi driver or the 80211 stack.
>Fix:
Don't know for moment. 
I have first suspected the call of ieee802111_free_node from ieee80211_node-delucastkey but it doesn't seem to solve the issue if I remove it ( there are only two consummers for this function : first node_cleanup which is called from node_free, and ieee80211_ioctl_key ( which call ieee80211_node_free just after the call to ieee80211_node_delucastkey ).

I will continue to investigate about this panic.

Take cares.