Date: Tue, 13 Aug 2013 01:35:44 +0400 From: Lev Serebryakov <lev@FreeBSD.org> To: Adrian Chadd <adrian@freebsd.org> Cc: freebsd-wireless@freebsd.org Subject: Re: ath as AP panics Message-ID: <809218974.20130813013544@serebryakov.spb.ru> In-Reply-To: <CAJ-VmomtRbX9d_Ejd%2BUOhpbq1c-cR=EHH%2BnU_Cxkw7N__x6V5Q@mail.gmail.com> References: <238348209.20130812212328@serebryakov.spb.ru> <CAJ-Vmo=JKZ51N-=NotZm1ba_7AUuEpdUhqP8Ah%2BAHNm-k-bifw@mail.gmail.com> <1391593482.20130812213235@serebryakov.spb.ru> <CAJ-VmokU8EdEnNuvQLXdRN0LjRjcQK%2B8rrupyojpPe2fNk6U1A@mail.gmail.com> <1769815169.20130812214148@serebryakov.spb.ru> <CAJ-VmomtRbX9d_Ejd%2BUOhpbq1c-cR=EHH%2BnU_Cxkw7N__x6V5Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Adrian.
You wrote 12 =C1=D7=C7=D5=D3=D4=C1 2013 =C7., 21:47:46:
>> AC> Hm. OK.
>> AC> What I want is the code path _in_ that's queuing a frame via
>> AC> ieee80211_vap_transmit() with m_nextpkt set to NON-NULL.
>> I could set breakpoint on "printf()" from patch and get backtrace when=
it
>> will be hit. Is it enough?
AC> yup
db> trace
Tracing pid 0 tid 100037 td 0xfffffe0001a95920
ieee80211_vap_transmit() at ieee80211_vap_transmit+0x12b/frame 0xffffff8122=
05e950
pwrsave_flushq() at pwrsave_flushq+0x19f/frame 0xffffff812205e9a0
hostap_input() at hostap_input+0x8a9/frame 0xffffff812205ea30
ath_rx_pkt() at ath_rx_pkt+0x3fa/frame 0xffffff812205eaa0
ath_rx_proc() at ath_rx_proc+0x290/frame 0xffffff812205eb30
taskqueue_run_locked() at taskqueue_run_locked+0xe6/frame 0xffffff812205eb80
taskqueue_thread_loop() at taskqueue_thread_loop+0xa8/frame 0xffffff812205e=
bb0
fork_exit() at fork_exit+0x75/frame 0xffffff812205ebf0
fork_trampoline() at fork_trampoline+0xe/frame 0xffffff812205ebf0
--- trap 0, rip =3D 0, rsp =3D 0xffffff812205ecb0, rbp =3D 0 ---
And here are files/lines in r254250 with "printf() patch"):
// No surprise here :)
(kgdb) list *(ieee80211_vap_transmit+0x12b)
0xffffffff8059ad6b is in ieee80211_vap_transmit (/data/src/sys/net80211/iee=
e80211_output.c:466).
461 * Complain if m->m_nextpkt is set.
462 *
463 * The caller should've pulled this apart for us.
464 */
465 if (m->m_nextpkt !=3D NULL) {
466 printf("%s: m_nextpkt not NULL?!\n", __func__);
467 m->m_nextpkt =3D NULL;
468 }
469
470 /*
(kgdb) list *(pwrsave_flushq+0x19f)
0xffffffff8059f63f is in pwrsave_flushq (/data/src/sys/net80211/ieee80211_p=
ower.c:477).
472
473 /* VAP frames, aren't encapsulated */
474 if (ifp !=3D NULL) {
475 while (ifp_q !=3D NULL) {
476 m =3D ifp_q;
477 ifp_q =3D m->m_nextpkt;
478 KASSERT((!(m->m_flags & M_ENCAP)),
479 ("%s: vapq with M_ENCAP frame!\n", __fu=
nc__));
480 (void) ieee80211_vap_xmitpkt(vap, m);
481 }
(kgdb) list *(hostap_input+0x8a9)
0xffffffff80588219 is in hostap_input (/data/src/sys/net80211/ieee80211_hos=
tap.c:655).
650 /*
651 * For 4-address packets handle WDS discovery
652 * notifications. Once a WDS link is setup frames
653 * are just delivered to the WDS vap (see below).
654 */
655 if (dir =3D=3D IEEE80211_FC1_DIR_DSTODS && ni->ni_w=
dsvap =3D=3D NULL) {
656 if (!ieee80211_node_is_authorized(ni)) {
657 IEEE80211_DISCARD(vap,
658 IEEE80211_MSG_INPUT |
659 IEEE80211_MSG_WDS, wh,
(kgdb) list *(ath_rx_proc+0x290)
0xffffffff80308ec0 is in ath_rx_proc (/data/src/sys/dev/ath/if_ath_rx.c:995=
).
990 * Process a single frame.
991 */
992 bus_dmamap_sync(sc->sc_dmat, bf->bf_dmamap, BUS_DMA=
SYNC_POSTREAD);
993 bus_dmamap_unload(sc->sc_dmat, bf->bf_dmamap);
994 bf->bf_m =3D NULL;
995 if (ath_rx_pkt(sc, rs, status, tsf, nf, HAL_RX_QUEU=
E_HP, bf, m))
996 ngood++;
997 rx_proc_next:
998 TAILQ_INSERT_TAIL(&sc->sc_rxbuf, bf, bf_list);
999 } while (ath_rxbuf_init(sc, bf) =3D=3D 0);
--=20
// Black Lion AKA Lev Serebryakov <lev@FreeBSD.org>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?809218974.20130813013544>