I need a little help in fixing `exclusive sleep mutex urtwn0_com_lock` in CURRENT

Wed Mar 30 09:31:20 UTC 2016

Hello

Today I found a way to crash CURRENT kernel. I'm a full-time *nix C
developer but I never did kernel development before. I read "FreeBSD
Device Drivers" and "FreeBSD Developer's Handbook" recently. Also I
learned how to use DDB and KGDB. Discovered problem doesn't seem to be
too complicated and I hope you could guide me a little bit through
fixing it.

I'm using TP-LINK TL-WN725N USB Wi-Fi adapter. When I do:

sudo ifconfig wlan0 down
sudo ifconfig wlan0 up

... and then pull Wi-Fi adapter out of USB kernel crashes like this:

http://pastebin.com/raw/LkuE6Y7s

It reproduces in 100% of cases.

Here is a code that causes a problem (ieee80211_scan_sw.c:765):

```
static void
scan_end(struct ieee80211_scan_state *ss, int scandone)
{
        struct scan_state *ss_priv = SCAN_PRIVATE(ss);
        struct ieee80211vap *vap = ss->ss_vap;
        struct ieee80211com *ic = ss->ss_ic;

        IEEE80211_LOCK_ASSERT(ic);

        IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN, "%s: out\n",
        __func__);

        if (ss_priv->ss_iflags & ISCAN_ABORT) {
                scan_done(ss, scandone);
                return;
        }   

        IEEE80211_UNLOCK(ic);
        ic->ic_scan_end(ic);            /* notify driver */
        IEEE80211_LOCK(ic); /* <--- HERE */
```

So as I understand some code acquired a mutex and didn't release it.
And naturally it has something to do with USB. Now how can I figure out
what code acquired this lock? Best approach I can think of currently is
to find all places where this lock is accessed and add a debug logging.
But perhaps there is a better way?

-- 
Best regards,
Aleksander Alekseev
http://eax.me/