From owner-freebsd-current@FreeBSD.ORG  Fri Aug 14 18:02:36 2009
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B7E9110656A7
	for <freebsd-current@freebsd.org>; Fri, 14 Aug 2009 18:02:36 +0000 (UTC)
	(envelope-from sam@errno.com)
Received: from ebb.errno.com (ebb.errno.com [69.12.149.25])
	by mx1.freebsd.org (Postfix) with ESMTP id 9175D8FC4B
	for <freebsd-current@freebsd.org>; Fri, 14 Aug 2009 18:02:36 +0000 (UTC)
Received: from ice.local ([10.0.0.115]) (authenticated bits=0)
	by ebb.errno.com (8.13.6/8.12.6) with ESMTP id n7EI2W5s093315
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Fri, 14 Aug 2009 11:02:32 -0700 (PDT) (envelope-from sam@errno.com)
Message-ID: <4A85A6B8.6090400@errno.com>
Date: Fri, 14 Aug 2009 11:02:32 -0700
From: Sam Leffler <sam@errno.com>
User-Agent: Thunderbird 2.0.0.22 (Macintosh/20090605)
MIME-Version: 1.0
To: Hans Petter Selasky <hselasky@c2i.net>
References: <a01628140908140417q6df66913n12603111214a5f44@mail.gmail.com>
	<200908141407.56248.hselasky@c2i.net>
In-Reply-To: <200908141407.56248.hselasky@c2i.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-DCC-x.dcc-servers-Metrics: ebb.errno.com; whitelist
Cc: freebsd-current@freebsd.org, Florent Thoumie <flz@xbsd.org>
Subject: Re: Panic in rum(4) on 8.0-BETA2
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Aug 2009 18:02:36 -0000

Hans Petter Selasky wrote:

> This looks like a WLAN problem rather than an USB problem. Some months back 
> the WLAN statemachine was converted to taskqueues. In that regard I've seen 
> 100% reproducable panics, but I did not have time to investigate. If you put 
> some delay between the "ifconfig" commands on your wlan device, does the 
> problem disappear?

The rum driver violates locking requirements by dropping the net80211 
lock in the driver's newstate method in order to pickup the driver softc 
to do usb operations.  This opens a race whereby wpa_supplicant makes a 
request that clocks the state machine again causing a state transition 
to be lost:

wlan0: ieee80211_new_state_locked: pending SCAN -> AUTH transition lost

This in turns causes net80211 state to be wrong and causes the crash.

I will need to understand why the above is done to see if the driver can 
be changed to do what is required.  I also note other bugs in this 
routine that can cause further problems.

	Sam