Re: crash when unplugging urtwn usb wifi adapter

2018-04-19 Thread Stefan Sperling 
On Wed, Apr 18, 2018 at 10:27:44PM +1000, Jonathan Matthew wrote:
> On Sat, Apr 14, 2018 at 06:54:35AM +0200, p...@ex.com.pl wrote:
> > >Synopsis:  page fault trap when removing urtwn Wifi adapter from the port
> > >Category:  kernel
> > >Environment:
> > System  : OpenBSD 6.3
> > Details : OpenBSD 6.3 (GENERIC.MP) #107: Sat Mar 24 14:21:59 MDT 
> > 2018
> >  
> > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> > 
> > Architecture: OpenBSD.amd64
> > Machine : amd64
> > >Description:
> > I'm observing system crash if I remove the the TP-Link TL-WN725N
> > WiFi adapter from the port. The system reports kernel panic:
> > 
> > kernel: page fault trap, code=0
> > Stopped at softclock+0x16b: movq %rax,0(%rdx)
> 
> Does this fix it?

Either way, OK with me.

It occurred to me we might not want to schedule this timeout in the
first place if the driver doesn't support background scan.
I'll take a look at that next week.

> Index: ieee80211.c
> ===
> RCS file: /cvs/src/sys/net80211/ieee80211.c,v
> retrieving revision 1.65
> diff -u -p -u -p -r1.65 ieee80211.c
> --- ieee80211.c   12 Dec 2017 15:52:49 -  1.65
> +++ ieee80211.c   18 Apr 2018 12:25:34 -
> @@ -193,6 +193,7 @@ ieee80211_ifdetach(struct ifnet *ifp)
>  {
>   struct ieee80211com *ic = (void *)ifp;
>  
> + timeout_del(>ic_bgscan_timeout);
>   ieee80211_proto_detach(ifp);
>   ieee80211_crypto_detach(ifp);
>   ieee80211_node_detach(ifp);
> 
>

Re: crash when unplugging urtwn usb wifi adapter

2018-04-18 Thread Jonathan Matthew 
On Sat, Apr 14, 2018 at 06:54:35AM +0200, p...@ex.com.pl wrote:
> >Synopsis:page fault trap when removing urtwn Wifi adapter from the port
> >Category:kernel
> >Environment:
>   System  : OpenBSD 6.3
>   Details : OpenBSD 6.3 (GENERIC.MP) #107: Sat Mar 24 14:21:59 MDT 
> 2018
>
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> 
>   Architecture: OpenBSD.amd64
>   Machine : amd64
> >Description:
> I'm observing system crash if I remove the the TP-Link TL-WN725N
> WiFi adapter from the port. The system reports kernel panic:
> 
> kernel: page fault trap, code=0
> Stopped at softclock+0x16b: movq %rax,0(%rdx)

Does this fix it?

Index: ieee80211.c
===
RCS file: /cvs/src/sys/net80211/ieee80211.c,v
retrieving revision 1.65
diff -u -p -u -p -r1.65 ieee80211.c
--- ieee80211.c 12 Dec 2017 15:52:49 -  1.65
+++ ieee80211.c 18 Apr 2018 12:25:34 -
@@ -193,6 +193,7 @@ ieee80211_ifdetach(struct ifnet *ifp)
 {
struct ieee80211com *ic = (void *)ifp;
 
+   timeout_del(>ic_bgscan_timeout);
ieee80211_proto_detach(ifp);
ieee80211_crypto_detach(ifp);
ieee80211_node_detach(ifp);

crash when unplugging urtwn usb wifi adapter

2018-04-13 Thread pki 
>Synopsis:  page fault trap when removing urtwn Wifi adapter from the port
>Category:  kernel
>Environment:
System  : OpenBSD 6.3
Details : OpenBSD 6.3 (GENERIC.MP) #107: Sat Mar 24 14:21:59 MDT 
2018
 
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

Architecture: OpenBSD.amd64
Machine : amd64
>Description:
I'm observing system crash if I remove the the TP-Link TL-WN725N
WiFi adapter from the port. The system reports kernel panic:

kernel: page fault trap, code=0
Stopped at softclock+0x16b: movq %rax,0(%rdx)

and drops to the debugger console. Pressing any key in debugger
causes kernel panic:

panic: mtx 0x81ac55f0: locking against myself
Stopped at db_enter+0x5: popq %rbp
TIDPID   UID PRFLAGS   PFLAGS  CPU COMMAND
423317 28010  35 0x100010  0x802   xconsole
db_enter() at db_enter+0x5
panic() at panic+0x129
__mtx_enter(80278000) at __mtx_enter+0x74
timeout_del(80278000) at timeout_del+0x17
xhci_xfer_done(967f170) at xhci_xfer_done+0xbf
xhci_event_dequeue(800033254f24) at xhci_event_dequeue+0xf3
xhci_softintr(800033254f20) at xhci_softintr+0x23
xhci_intr1(800033254f20) at xh ci_intr1+0x66
ukbd_cngetc(800033254f20,800033254f24,d) at ukbd_cngetc+0x39
wskbd_cngetc() at wskbd_cngetc+0x78
db_readline(0,0) at db_readline+0x45
db_read_line() at db_read_line+0x15
db_command_loop() at db_command_loop+0x83
db_trap() at db_trap+0x137

The problem is reproducible and it didn't occur in 6.2 (or it
frequency was so low that I didn't notice).

>How-To-Repeat:
1. Plug the  TP-Link TL-WN725N (might be it will be the same with
any other adapter handled by urtwn) into the port, assign it an
IP, bring it up (in my case I'm using WPA2 with static IPv4
address).
2. Start any dummy network activity, like ping www.yahoo.com
3. Remove the adapter from usb port -> it's likely that you will
get kernel crash.
>Fix:
The only potential workaround I can think of is to bring the
interface down before the adapter gets removed.


dmesg:
OpenBSD 6.3 (GENERIC.MP) #107: Sat Mar 24 14:21:59 MDT 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4174385152 (3981MB)
avail mem = 4040790016 (3853MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x8afad000 (32 entries)
bios0: vendor Apple Inc. version "MBA71.88Z.0166.B30.1706181928" date 06/18/2017
bios0: Apple Inc. MacBookAir7,1
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP HPET APIC SBST ECDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT 
SSDT DMAR MCFG
acpi0: wakeup devices PEG0(S3) EC__(S3) HDEF(S3) RP01(S3) RP02(S3) RP03(S4) 
ARPT(S4) RP05(S3) RP06(S3) SPIT(S3) XHC1(S3) ADP1(S3) LID0(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-5250U CPU @ 1.60GHz, 1500.23 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SENSOR,ARAT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
acpihpet0: recalibrated TSC frequency 163279 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 100MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-5250U CPU @ 1.60GHz, 1500.01 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SENSOR,ARAT,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Core(TM) i5-5250U CPU @ 1.60GHz, 1500.01 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SENSOR,ARAT,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 1, core 0, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i5-5250U CPU @ 1.60GHz, 1500.01 MHz
cpu3: