From owner-freebsd-usb@FreeBSD.ORG Wed Jul 7 19:16:14 2010 Return-Path: Delivered-To: freebsd-usb@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 433BF106566C; Wed, 7 Jul 2010 19:16:14 +0000 (UTC) (envelope-from hselasky@c2i.net) Received: from swip.net (mailfe12.swipnet.se [212.247.155.97]) by mx1.freebsd.org (Postfix) with ESMTP id 486C18FC13; Wed, 7 Jul 2010 19:16:12 +0000 (UTC) X-Cloudmark-Score: 0.000000 [] X-Cloudmark-Analysis: v=1.0 c=1 a=3vXfOHqyassA:10 a=hO-oPbc3tlwA:10 a=kj9zAlcOel0A:10 a=M8b_wTzEtboA:10 a=MnI1ikcADjEx7bvsp0jZvQ==:17 a=6I5d2MoRAAAA:8 a=7ZPwSmUIkKDfCbhwi0UA:9 a=Kj5IHaox4LK5jQf5aFUA:7 a=bJC06uc2dnVEk673HOXFIBPbPg8A:4 a=CjuIK1q_8ugA:10 Received: from [188.126.201.140] (account mc467741@c2i.net HELO laptop002.hselasky.homeunix.org) by mailfe12.swip.net (CommuniGate Pro SMTP 5.2.19) with ESMTPA id 1206394479; Wed, 07 Jul 2010 21:16:11 +0200 From: Hans Petter Selasky To: Sam Leffler Date: Wed, 7 Jul 2010 21:13:16 +0200 User-Agent: KMail/1.12.4 (FreeBSD/8.1-PRERELEASE; KDE/4.3.4; amd64; ; ) X-Face: +~\`s("[*|O,="7?X@L.elg*F"OA\I/3%^p8g?ab%RN'(; _IjlA: hGE..Ew, XAQ*o#\/M~SC=S1-f9{EzRfT'|Hhll5Q]ha5Bt-s|oTlKMusi:1e[wJl}kd}GR Z0adGx-x_0zGbZj'e(Y[(UNle~)8CQWXW@:DX+9)_YlB[tIccCPN$7/L' MIME-Version: 1.0 Content-Type: Text/Plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <201007072113.16320.hselasky@c2i.net> Cc: freebsd-current@freebsd.org, PseudoCylon , freebsd-usb@freebsd.org Subject: [panic] Race in IEEE802.11 layer towards device drivers X-BeenThere: freebsd-usb@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: FreeBSD support for USB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Jul 2010 19:16:14 -0000 Hi, When supplying wpa_supplicant.conf with incorrect passwords, but a valid SSID, I have seen kernel panics several times when using USB based WLAN dongles. When only supplying a valid password, no panic has been seen. How to reproduce: 1) configure invalid password 2) wpa_cli: reconfigure 3) configure valid password 4) wpa_cli: reconfigure 5) goto 1 The USB commands which are executed inside the newstate callback usually take very little time, but still not as little time as PCI read/writes. I've forced slower operation in the newstate callback, and can reproduce warning printouts from the IEEE802.11 layer in FreeBSD. Try to apply the following patch to your USB code: http://p4web.freebsd.org/@@180604?ac=10 In my opinion the deferring of all states to a single task is wrong. There should be at least one task per possible state, and the queuing mechanism should follow the last-queued is last executed rule. This is not the case with the task-queue mechanism in the kernel. See the USB code's task-queue replacement which I think the IEEE802.11 stack in FreeBSD could take advantage of. src/sys/dev/usb/usb_process.c Description of panics. I didn't have core dump enabled on this box, so please bear over with the following hand-written notes: 1) A vap->iv_bss == NULL, inside ratectl task in RUM driver. 2) A memcpy() fails inside the iee80211...newstate_cb() 3) This and similar printouts are seen: wlan0: ieee80211_new_state_locked: pending AUTH -> ASSOC transition lost --HPS