Ticket #14646: report.txt

While poweroff with network active (iprowifi4965) i often got KDL.
Here is the trace:

====
wlan_control: 9234, 16
->iwn_rx_done begin
->Doing iwn5000_get_rssi
iwn5000_get_rssi: agc 39 rssi 4885 5400 0 result -59
->Doing iwn_hw_stop
->Doing iwn_reset_rx_ring
->doing iwn_reset_tx_ring
Last message repeated 19 times.
->iwn_rx_done: end
iwn_notif_intr: cur=1; qid 4 idx 3 flags 0 type 162(BEACON_MISSED) len 20
iwn_notif_intr: beacons missed 0/0
iwn_notif_intr: cur=2; qid 4 idx 17 flags 0 type 192(RX_PHY) len 68
iwn_rx_phy: received PHY stats
iwn_notif_intr: cur=3; qid c idx 204 flags cc type 204(IWN_CMD_BT_COEX_PRIOTABLE) len 52428
iwn_notif_intr: cur=4; qid 4 idx 19 flags 0 type 157(BEACON_STATS) len 528
->iwn_rx_statistics begin
->iwn_rx_statistics received during calib
iwn_notif_intr: cur=5; qid 9 idx 129 flags 0 type 168(IWN_CMD_SET_SENSITIVITY) len 4
iwn_notif_intr: cur=6; qid 4 idx 27 flags 0 type 192(RX_PHY) len 68
iwn_rx_phy: received PHY stats
iwn_notif_intr: cur=7; qid c idx 204 flags cc type 204(IWN_CMD_BT_COEX_PRIOTABLE) len 52428
iwn_notif_intr: cur=8; qid 4 idx 29 flags 0 type 157(BEACON_STATS) len 528
->iwn_rx_statistics begin
->iwn_rx_statistics received during calib
iwn_notif_intr: cur=9; qid 3 idx 7 flags 0 type 28(TX_DONE) len 44
iwn5000_tx_done: qid 3 idx 7 RTS retries 0 ACK retries 0 nkill 0 rate 420a duration 746 status 201
PANIC: no node
Welcome to Kernel Debugging Land...
Thread 759 "iwn intr handler" running on CPU 2
stack trace for thread 759 "iwn intr handler"
    kernel stack: 0xffffffff91046000 to 0xffffffff9104b000
frame                       caller             <image>:function + offset
 0 ffffffff9104abd8 (+  16) ffffffff8014132d   <kernel_x86_64> arch_debug_stack_trace + 0x13
 1 ffffffff9104abe8 (+  16) ffffffff800a7823   <kernel_x86_64> stack_trace_trampoline(void*) + 0x09
 2 ffffffff9104abf8 (+  24) ffffffff8013902c   <kernel_x86_64> arch_debug_call_with_fault_handler + 0x16
 3 ffffffff9104ac10 (+  96) ffffffff800a820f   <kernel_x86_64> debug_call_with_fault_handler + 0x8b
 4 ffffffff9104ac70 (+  96) ffffffff800a926b   <kernel_x86_64> kernel_debugger_loop(char const*, char const*, __va_list_tag*, int) + 0x10a
 5 ffffffff9104acd0 (+  80) ffffffff800a96d4   <kernel_x86_64> kernel_debugger_internal(char const*, char const*, __va_list_tag*, int) + 0x1a2
 6 ffffffff9104ad20 (+ 240) ffffffff800a98d3   <kernel_x86_64> panic + 0xba
 7 ffffffff9104ae10 (+  80) ffffffff80617096   </boot/system/non-packaged/add-ons/kernel/drivers/bin/iprowifi4965> iwn_tx_done + 0x1c6
 8 ffffffff9104ae60 (+ 192) ffffffff806257f1   </boot/system/non-packaged/add-ons/kernel/drivers/bin/iprowifi4965> iwn_notif_intr + 0x3c1
 9 ffffffff9104af20 (+ 112) ffffffff80627738   </boot/system/non-packaged/add-ons/kernel/drivers/bin/iprowifi4965> iwn_intr + 0x488
10 ffffffff9104af90 (+  32) ffffffff8065edcd   </boot/system/non-packaged/add-ons/kernel/drivers/bin/iprowifi4965> intr_handler(void*) + 0x1d
11 ffffffff9104afb0 (+  32) ffffffff800858f6   <kernel_x86_64> common_thread_entry(void*) + 0x37
12 ffffffff9104afd0 (+1861963824) ffffffff9104afe0
====


The [iwn_tx_done + 0x1c6] is KASSERT line in if_iwn.c (iwn_tx_done()):

       KASSERT(data->ni != NULL, ("no node"));

So, the problem is in race beetwin iwn_hw_stop and iwn_intr (->iwn_notify_intr-> ... iwn_tx_done)

The race is possible due the fact, that iwn_intr called from thread (freebsd compat glue) and iwn_hw_stop can be
called while iwn_intr is in way and not grab IWN_LOCK yet.

So, the problem is likely Haiku only (not bug in freebsd code).

I fixed it with patch, i have attached.  I just skip interrupts called while iface is not running.

But i am not sure if it ok, and if another drivers affects this too. So, i patched two modules only for example.

Please, check it.