Date: Fri, 14 Aug 2009 19:06:05 +0100 From: Florent Thoumie <flz@xbsd.org> To: Sam Leffler <sam@errno.com> Cc: freebsd-current@freebsd.org, Hans Petter Selasky <hselasky@c2i.net> Subject: Re: Panic in rum(4) on 8.0-BETA2 Message-ID: <a01628140908141106m590b0bd0k1cae8fd41fa1aae3@mail.gmail.com> In-Reply-To: <4A85A6B8.6090400@errno.com> References: <a01628140908140417q6df66913n12603111214a5f44@mail.gmail.com> <200908141407.56248.hselasky@c2i.net> <4A85A6B8.6090400@errno.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Aug 14, 2009 at 7:02 PM, Sam Leffler <sam@errno.com> wrote: > Hans Petter Selasky wrote: > > This looks like a WLAN problem rather than an USB problem. Some months >> back the WLAN statemachine was converted to taskqueues. In that regard I've >> seen 100% reproducable panics, but I did not have time to investigate. If >> you put some delay between the "ifconfig" commands on your wlan device, does >> the problem disappear? >> > > The rum driver violates locking requirements by dropping the net80211 lock > in the driver's newstate method in order to pickup the driver softc to do > usb operations. This opens a race whereby wpa_supplicant makes a request > that clocks the state machine again causing a state transition to be lost: > > wlan0: ieee80211_new_state_locked: pending SCAN -> AUTH transition lost > > This in turns causes net80211 state to be wrong and causes the crash. > > I will need to understand why the above is done to see if the driver can be > changed to do what is required. I also note other bugs in this routine that > can cause further problems. I've filed a PR: kern/137776, as suggested by Sam. We should probably move the discussion there. -- Florent Thoumie flz@FreeBSD.org FreeBSD Committer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a01628140908141106m590b0bd0k1cae8fd41fa1aae3>