NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

re: kern/56489: NetBSD 9.99.92/amd64 panicked by aircrack-ng

The following reply was made to PR kern/56489; it has been noted by GNATS.

From: matthew green <mrg%eterna.com.au@localhost>
To: gnats-bugs%netbsd.org@localhost, john%ziaspace.com@localhost
Cc: kern-bug-people%netbsd.org@localhost, gnats-admin%netbsd.org@localhost,
    netbsd-bugs%netbsd.org@localhost
Subject: re: kern/56489: NetBSD 9.99.92/amd64 panicked by aircrack-ng
Date: Tue, 09 Nov 2021 06:41:32 +1100

 >  nic: kernel diagnostic assertion "mutex_owned(&sc->sc_write_mtx)" faile=
 d: file "/usr/current/src/sys/dev/usb/if_urtwn.c", line 4423 =
 
 > [ 348710.188668] cpu1: Begin traceback...
 > [ 348710.188668] vpanic() at netbsd:vpanic+0x156
 > [ 348710.188668] __x86_indirect_thunk_rax() at netbsd:__x86_indirect_thu=
 nk_rax
 > [ 348710.198668] urtwn_set_chan.constprop.0() at netbsd:urtwn_set_chan.c=
 onstprop.0+0x9a5
 > [ 348710.198668] urtwn_ioctl() at netbsd:urtwn_ioctl+0x135
 > [ 348710.198668] doifioctl() at netbsd:doifioctl+0x30e
 > [ 348710.198668] sys_ioctl() at netbsd:sys_ioctl+0x56d
 
 can you try this?  there are two cases i see this being
 problematic, but this change handles both.  the above
 path, and, also another path thru urtwn_ioctl() via the
 80211 ic_reset() calback.
 
 
 Index: if_urtwn.c
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
 RCS file: /cvsroot/src/sys/dev/usb/if_urtwn.c,v
 retrieving revision 1.101
 diff -p -u -r1.101 if_urtwn.c
 --- if_urtwn.c	21 Oct 2021 20:18:16 -0000	1.101
 +++ if_urtwn.c	8 Nov 2021 19:40:18 -0000
 @@ -2998,6 +2998,7 @@ urtwn_ioctl(struct ifnet *ifp, u_long cm
  	    0, 0);
  =
 
  	s =3D splnet();
 +	mutex_enter(&sc->sc_write_mtx);
  =
 
  	switch (cmd) {
  	case SIOCSIFFLAGS:
 @@ -3053,6 +3054,7 @@ urtwn_ioctl(struct ifnet *ifp, u_long cm
  		error =3D 0;
  	}
  =
 
 +	mutex_exit(&sc->sc_write_mtx);
  	splx(s);
  =
 
  	return error;
Home | Main Index | Thread Index | Old Index