Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 30 Mar 2016 14:30:41 +0300
From:      "Andriy Voskoboinyk" <s3erios@gmail.com>
To:        freebsd-hackers@freebsd.org, "Aleksander Alekseev" <mail@eax.me>
Subject:   Re: I need a little help in fixing `exclusive sleep mutex urtwn0_com_lock` in CURRENT
Message-ID:  <op.ye4x9fosiew4ia@localhost>
In-Reply-To: <20160330123048.3361a9e4@fujitsu>
References:  <20160330123048.3361a9e4@fujitsu>
next in thread | previous in thread | raw e-mail | index | archive | help 
Wed, 30 Mar 2016 12:30:48 +0300 =D0=B1=D1=83=D0=BB=D0=BE =D0=BD=D0=B0=D0=
=BF=D0=B8=D1=81=D0=B0=D0=BD=D0=BE Aleksander Alekseev  =

<mail@eax.me>:

> and then pull Wi-Fi adapter out of USB

Here (it's not the only driver which does detach incorrectly).


> Hello
>
> Today I found a way to crash CURRENT kernel. I'm a full-time *nix C
> developer but I never did kernel development before. I read "FreeBSD
> Device Drivers" and "FreeBSD Developer's Handbook" recently. Also I
> learned how to use DDB and KGDB. Discovered problem doesn't seem to be=

> too complicated and I hope you could guide me a little bit through
> fixing it.
>
> I'm using TP-LINK TL-WN725N USB Wi-Fi adapter. When I do:
>
> sudo ifconfig wlan0 down
> sudo ifconfig wlan0 up
>
> ... and then pull Wi-Fi adapter out of USB kernel crashes like this:
>
> http://pastebin.com/raw/LkuE6Y7s
>
> It reproduces in 100% of cases.
>
> Here is a code that causes a problem (ieee80211_scan_sw.c:765):
>
> ```
> static void
> scan_end(struct ieee80211_scan_state *ss, int scandone)
> {
>         struct scan_state *ss_priv =3D SCAN_PRIVATE(ss);
>         struct ieee80211vap *vap =3D ss->ss_vap;
>         struct ieee80211com *ic =3D ss->ss_ic;
>
>         IEEE80211_LOCK_ASSERT(ic);
>
>         IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN, "%s: out\n",
>         __func__);
>
>         if (ss_priv->ss_iflags & ISCAN_ABORT) {
>                 scan_done(ss, scandone);
>                 return;
>         }
>
>         IEEE80211_UNLOCK(ic);
>         ic->ic_scan_end(ic);            /* notify driver */
>         IEEE80211_LOCK(ic); /* <--- HERE */
> ```
>
> So as I understand some code acquired a mutex and didn't release it.
> And naturally it has something to do with USB. Now how can I figure ou=
t
> what code acquired this lock? Best approach I can think of currently i=
s
> to find all places where this lock is accessed and add a debug logging=
.
> But perhaps there is a better way?

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.ye4x9fosiew4ia>