re: kern/56489: NetBSD 9.99.92/amd64 panicked by aircrack-ng

[matthew green <mrg%eterna.com.au@localhost>]

>  nic: kernel diagnostic assertion "mutex_owned(&sc->sc_write_mtx)" failed: file "/usr/current/src/sys/dev/usb/if_urtwn.c", line 4423 
> [ 348710.188668] cpu1: Begin traceback...
> [ 348710.188668] vpanic() at netbsd:vpanic+0x156
> [ 348710.188668] __x86_indirect_thunk_rax() at netbsd:__x86_indirect_thunk_rax
> [ 348710.198668] urtwn_set_chan.constprop.0() at netbsd:urtwn_set_chan.constprop.0+0x9a5
> [ 348710.198668] urtwn_ioctl() at netbsd:urtwn_ioctl+0x135
> [ 348710.198668] doifioctl() at netbsd:doifioctl+0x30e
> [ 348710.198668] sys_ioctl() at netbsd:sys_ioctl+0x56d

can you try this?  there are two cases i see this being
problematic, but this change handles both.  the above
path, and, also another path thru urtwn_ioctl() via the
80211 ic_reset() calback.


Index: if_urtwn.c
===================================================================
RCS file: /cvsroot/src/sys/dev/usb/if_urtwn.c,v
retrieving revision 1.101
diff -p -u -r1.101 if_urtwn.c
--- if_urtwn.c	21 Oct 2021 20:18:16 -0000	1.101
+++ if_urtwn.c	8 Nov 2021 19:40:18 -0000
@@ -2998,6 +2998,7 @@ urtwn_ioctl(struct ifnet *ifp, u_long cm
 	    0, 0);
 
 	s = splnet();
+	mutex_enter(&sc->sc_write_mtx);
 
 	switch (cmd) {
 	case SIOCSIFFLAGS:
@@ -3053,6 +3054,7 @@ urtwn_ioctl(struct ifnet *ifp, u_long cm
 		error = 0;
 	}
 
+	mutex_exit(&sc->sc_write_mtx);
 	splx(s);
 
 	return error;