Date: Sat, 12 May 2012 09:33:02 +0200 From: Bernhard Schmidt <bschmidt@techwires.net> To: Bryan Venteicher <bryanv@daemoninthecloset.org> Cc: wireless@freebsd.org Subject: Re: iwn 4965 crash Message-ID: <CAAgh0_aQeAVdDmmbep=brn5ToP-g6-NWQ8zbsBSq_kamF4XdCg@mail.gmail.com> In-Reply-To: <1124241085.354.1336803788589.JavaMail.root@sage.daemoninthecloset.org> References: <1359736622.339.1336803382061.JavaMail.root@sage.daemoninthecloset.org> <1124241085.354.1336803788589.JavaMail.root@sage.daemoninthecloset.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
On Sat, May 12, 2012 at 8:23 AM, Bryan Venteicher
<bryanv@daemoninthecloset.org> wrote:
> I've experienced the crash below pretty frequently from a one day old
> 9-STABLE during BSDCan, partiality in the 15th floor hacker lounge.
>
> #1 0xffffffff80893085 in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:442
> #2 0xffffffff80893531 in panic (fmt=Variable "fmt" is not available.
> ) at /usr/src/sys/kern/kern_shutdown.c:607
> #3 0xffffffff80b7edc0 in trap_fatal (frame=0xc, eva=Variable "eva" is not available.
> ) at /usr/src/sys/amd64/amd64/trap.c:843
> #4 0xffffffff80b7f13f in trap_pfault (frame=0xffffff8114a3e8d0, usermode=0) at /usr/src/sys/amd64/amd64/trap.c:759
> #5 0xffffffff80b7f61e in trap (frame=0xffffff8114a3e8d0) at /usr/src/sys/amd64/amd64/trap.c:454
> #6 0xffffffff80b6a0af in calltrap () at /usr/src/sys/amd64/amd64/exception.S:228
> #7 0xffffffff8055f1bc in iwn_notif_intr (sc=0xffffff800077b000) at /usr/src/sys/dev/iwn/if_iwn.c:2447
> #8 0xffffffff80561438 in iwn_intr (arg=Variable "arg" is not available.
> ) at /usr/src/sys/dev/iwn/if_iwn.c:3197
> #9 0xffffffff80868604 in intr_event_execute_handlers (p=Variable "p" is not available.
> ) at /usr/src/sys/kern/kern_intr.c:1260
> #10 0xffffffff80869d84 in ithread_loop (arg=0xfffffe00043d0ac0) at /usr/src/sys/kern/kern_intr.c:1273
> #11 0xffffffff808657ef in fork_exit (callout=0xffffffff80869ce0 <ithread_loop>, arg=0xfffffe00043d0ac0,
> frame=0xffffff8114a3ec40) at /usr/src/sys/kern/kern_fork.c:992
> #12 0xffffffff80b6a5de in fork_trampoline () at /usr/src/sys/amd64/amd64/exception.S:602
>
> if_iwn.c:
> 2444 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD);
> 2445
> 2446 txq = &sc->txq[le16toh(ba->qid)];
> 2447 tap = sc->qid2tap[le16toh(ba->qid)];
> 2448 tid = WME_AC_TO_TID(tap->txa_ac);
> 2449 ni = tap->txa_ni;
> 2450 wn = (void *)ni;
> 2451
> 2452 if (wn->agg[tid].bitmap == 0)
> 2453 return;
>
> FreeBSD curses.daemoninthecloset.org 9.0-STABLE FreeBSD 9.0-STABLE #0: Thu May 10 21:55:32 EDT 2012 bryanv@curses.daemoninthecloset.org:/usr/obj/usr/src/sys/GENERIC amd64
>
> vmcore available.
Please try attached patch
--
Bernhard
[-- Attachment #2 --]
Index: sys/dev/iwn/if_iwn.c
===================================================================
--- sys/dev/iwn/if_iwn.c (revision 234975)
+++ sys/dev/iwn/if_iwn.c (working copy)
@@ -2758,13 +2758,13 @@ static void
iwn_ampdu_tx_done(struct iwn_softc *sc, int qid, int idx, int nframes,
void *stat)
{
+ struct iwn_ops *ops = &sc->ops;
struct ifnet *ifp = sc->sc_ifp;
struct iwn_tx_ring *ring = &sc->txq[qid];
struct iwn_tx_data *data;
struct mbuf *m;
struct iwn_node *wn;
struct ieee80211_node *ni;
- struct ieee80211vap *vap;
struct ieee80211_tx_ampdu *tap;
uint64_t bitmap;
uint32_t *status = stat;
@@ -2802,29 +2802,28 @@ iwn_ampdu_tx_done(struct iwn_softc *sc, int qid, i
bitmap = bitmap << shift;
bitmap |= 1ULL << bit;
}
+
tap = sc->qid2tap[qid];
- if (tap != NULL) {
- tid = WME_AC_TO_TID(tap->txa_ac);
- wn = (void *)tap->txa_ni;
- wn->agg[tid].bitmap = bitmap;
- wn->agg[tid].startidx = start;
- wn->agg[tid].nframes = nframes;
- }
+ tid = WME_AC_TO_TID(tap->txa_ac);
+ wn = (void *)tap->txa_ni;
+ wn->agg[tid].bitmap = bitmap;
+ wn->agg[tid].startidx = start;
+ wn->agg[tid].nframes = nframes;
seqno = le32toh(*(status + nframes)) & 0xfff;
for (lastidx = (seqno & 0xff); ring->read != lastidx;) {
data = &ring->data[ring->read];
- KASSERT(data->ni != NULL, ("no node"));
-
/* Unmap and free mbuf. */
bus_dmamap_sync(ring->data_dmat, data->map,
BUS_DMASYNC_POSTWRITE);
bus_dmamap_unload(ring->data_dmat, data->map);
m = data->m, data->m = NULL;
ni = data->ni, data->ni = NULL;
- vap = ni->ni_vap;
+ KASSERT(ni != NULL, ("no node"));
+ KASSERT(m != NULL, ("no mbuf"));
+
if (m->m_flags & M_TXCB)
ieee80211_process_callback(ni, m, 1);
@@ -2835,6 +2834,18 @@ iwn_ampdu_tx_done(struct iwn_softc *sc, int qid, i
ring->read = (ring->read + 1) % IWN_TX_RING_COUNT;
}
+ if (ring->queued == 0 && IEEE80211_AMPDU_RUNNING(tap) == 0) {
+ DPRINTF(sc, IWN_DEBUG_XMIT, "%s: ra=%d tid=%d ssn=%d qid=%d\n",
+ __func__, wn->id, tid, tap->txa_start, qid);
+ if (iwn_nic_lock(sc) != 0)
+ return;
+ ops->ampdu_tx_stop(sc, qid, tid, tap->txa_start & 0xfff);
+ iwn_nic_unlock(sc);
+ sc->qid2tap[qid] = NULL;
+ free(tap->txa_private, M_DEVBUF);
+ tap->txa_private = NULL;
+ }
+
sc->sc_tx_timer = 0;
if (ring->queued < IWN_TX_RING_LOMARK) {
sc->qfullmsk &= ~(1 << ring->qid);
@@ -5633,6 +5644,8 @@ iwn_ampdu_tx_start(struct ieee80211com *ic, struct
if ((error = iwn_nic_lock(sc)) != 0)
return 0;
qid = *(int *)tap->txa_private;
+ DPRINTF(sc, IWN_DEBUG_XMIT, "%s: ra=%d tid=%d ssn=%d qid=%d\n",
+ __func__, wn->id, tid, tap->txa_start, qid);
ops->ampdu_tx_start(sc, ni, qid, tid, tap->txa_start & 0xfff);
iwn_nic_unlock(sc);
@@ -5645,21 +5658,27 @@ iwn_ampdu_tx_stop(struct ieee80211_node *ni, struc
{
struct iwn_softc *sc = ni->ni_ic->ic_ifp->if_softc;
struct iwn_ops *ops = &sc->ops;
+ struct iwn_node *wn = (void *)ni;
uint8_t tid = WME_AC_TO_TID(tap->txa_ac);
int qid;
+ sc->sc_addba_stop(ni, tap);
+
if (tap->txa_private == NULL)
return;
qid = *(int *)tap->txa_private;
- if (iwn_nic_lock(sc) != 0)
- return;
- ops->ampdu_tx_stop(sc, qid, tid, tap->txa_start & 0xfff);
- iwn_nic_unlock(sc);
- sc->qid2tap[qid] = NULL;
- free(tap->txa_private, M_DEVBUF);
- tap->txa_private = NULL;
- sc->sc_addba_stop(ni, tap);
+ if (sc->txq[qid].queued == 0) {
+ DPRINTF(sc, IWN_DEBUG_XMIT, "%s: ra=%d tid=%d ssn=%d qid=%d\n",
+ __func__, wn->id, tid, tap->txa_start, qid);
+ if (iwn_nic_lock(sc) != 0)
+ return;
+ ops->ampdu_tx_stop(sc, qid, tid, tap->txa_start & 0xfff);
+ iwn_nic_unlock(sc);
+ sc->qid2tap[qid] = NULL;
+ free(tap->txa_private, M_DEVBUF);
+ tap->txa_private = NULL;
+ }
}
static void
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAgh0_aQeAVdDmmbep=brn5ToP-g6-NWQ8zbsBSq_kamF4XdCg>