From owner-freebsd-hackers@freebsd.org Wed Mar 30 09:31:20 2016 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 86AC8AE0F9E for ; Wed, 30 Mar 2016 09:31:20 +0000 (UTC) (envelope-from mail@eax.me) Received: from relay16.nicmail.ru (relay16.nicmail.ru [195.208.5.134]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3E1301182 for ; Wed, 30 Mar 2016 09:31:19 +0000 (UTC) (envelope-from mail@eax.me) Received: from [109.70.25.215] (port=48796 helo=fujitsu) by f17.mail.nic.ru with esmtp (Exim 5.55) (envelope-from ) id 1alCT5-000Kkr-48 for freebsd-hackers@freebsd.org; Wed, 30 Mar 2016 12:31:15 +0300 Received: from [93.174.131.138] (account mail@eax.me HELO fujitsu) by proxy02.mail.nic.ru (Exim 5.55) with id 1alCT5-000766-4Z for freebsd-hackers@freebsd.org; Wed, 30 Mar 2016 12:31:15 +0300 Date: Wed, 30 Mar 2016 12:30:48 +0300 From: Aleksander Alekseev To: freebsd-hackers@freebsd.org Subject: I need a little help in fixing `exclusive sleep mutex urtwn0_com_lock` in CURRENT Message-ID: <20160330123048.3361a9e4@fujitsu> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Mar 2016 09:31:20 -0000 Hello Today I found a way to crash CURRENT kernel. I'm a full-time *nix C developer but I never did kernel development before. I read "FreeBSD Device Drivers" and "FreeBSD Developer's Handbook" recently. Also I learned how to use DDB and KGDB. Discovered problem doesn't seem to be too complicated and I hope you could guide me a little bit through fixing it. I'm using TP-LINK TL-WN725N USB Wi-Fi adapter. When I do: sudo ifconfig wlan0 down sudo ifconfig wlan0 up ... and then pull Wi-Fi adapter out of USB kernel crashes like this: http://pastebin.com/raw/LkuE6Y7s It reproduces in 100% of cases. Here is a code that causes a problem (ieee80211_scan_sw.c:765): ``` static void scan_end(struct ieee80211_scan_state *ss, int scandone) { struct scan_state *ss_priv = SCAN_PRIVATE(ss); struct ieee80211vap *vap = ss->ss_vap; struct ieee80211com *ic = ss->ss_ic; IEEE80211_LOCK_ASSERT(ic); IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN, "%s: out\n", __func__); if (ss_priv->ss_iflags & ISCAN_ABORT) { scan_done(ss, scandone); return; } IEEE80211_UNLOCK(ic); ic->ic_scan_end(ic); /* notify driver */ IEEE80211_LOCK(ic); /* <--- HERE */ ``` So as I understand some code acquired a mutex and didn't release it. And naturally it has something to do with USB. Now how can I figure out what code acquired this lock? Best approach I can think of currently is to find all places where this lock is accessed and add a debug logging. But perhaps there is a better way? -- Best regards, Aleksander Alekseev http://eax.me/