[Bug 212005] [panic] [net80211] age -4
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Aug 20 01:40:29 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212005
Bug ID: 212005
Summary: [panic] [net80211] age -4
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: wireless
Assignee: freebsd-wireless at FreeBSD.org
Reporter: markj at FreeBSD.org
I use if_run(4) in hostap mode. The system using it has now panicked twice in
ieee80211_pwrsave() at the age >= 0 assertion. Both times it happened after I
woke up a Windows laptop that automatically associates to the AP:
#0 __curthread () at ./machine/pcpu.h:221
#1 doadump (textdump=1) at
/home/mark/src/freebsd-dev/sys/kern/kern_shutdown.c:298
#2 0xffffffff806c2545 in kern_reboot (howto=<optimized out>) at
/home/mark/src/freebsd-dev/sys/kern/kern_shutdown.c:366
#3 0xffffffff806c2b1b in vpanic (fmt=<optimized out>, ap=0xfffffe0469185600)
at /home/mark/src/freebsd-dev/sys/kern/kern_shutdown.c:759
#4 0xffffffff806c2956 in kassert_panic (fmt=0xffffffff80b6c114 "age %d")
at /home/mark/src/freebsd-dev/sys/kern/kern_shutdown.c:649
#5 0xffffffff808109cb in ieee80211_pwrsave (ni=0xfffffe0026178000,
m=0xfffff802fb50bb00)
at /home/mark/src/freebsd-dev/sys/net80211/ieee80211_power.c:392
#6 0xffffffff8080a0fb in ieee80211_vap_pkt_send_dest (vap=0xfffff80027d65000,
m=0xfffff802fb50bb00, ni=0xfffffe0026178000)
at /home/mark/src/freebsd-dev/sys/net80211/ieee80211_output.c:136
#7 0xffffffff8080b5c4 in ieee80211_start_pkt (vap=0xfffff80027d65000,
m=0xfffff802fb50bb00)
at /home/mark/src/freebsd-dev/sys/net80211/ieee80211_output.c:435
#8 ieee80211_vap_transmit (ifp=<optimized out>, m=<optimized out>)
at /home/mark/src/freebsd-dev/sys/net80211/ieee80211_output.c:495
#9 0xffffffff807bc0ff in ether_output_frame (ifp=<optimized out>,
m=<unavailable>)
at /home/mark/src/freebsd-dev/sys/net/if_ethersubr.c:457
#10 ether_output (ifp=<optimized out>, m=<optimized out>,
dst=0xfffffe0469185810, ro=<optimized out>)
at /home/mark/src/freebsd-dev/sys/net/if_ethersubr.c:429
#11 0xffffffff807a5692 in bpfwrite (dev=<optimized out>, uio=<optimized out>,
ioflag=<optimized out>)
at /home/mark/src/freebsd-dev/sys/net/bpf.c:1173
#12 0xffffffff80598157 in devfs_write_f (fp=0xfffff8001999bb90,
uio=0xfffffe0469185970, cred=0xfffff8002709c500, flags=0,
td=<optimized out>) at
/home/mark/src/freebsd-dev/sys/fs/devfs/devfs_vnops.c:1773
#13 0xffffffff80727414 in fo_write (fp=<optimized out>, uio=0xfffffe0469185970,
active_cred=<unavailable>, flags=0,
td=<optimized out>) at /home/mark/src/freebsd-dev/sys/sys/file.h:311
#14 dofilewrite (td=0xfffff8002709c500, fd=4, fp=0xfffff8001999bb90,
auio=0xfffffe0469185970, offset=<optimized out>,
flags=0) at /home/mark/src/freebsd-dev/sys/kern/sys_generic.c:593
#15 0xffffffff807270b8 in kern_writev (td=0xfffff8002709c500, fd=4,
auio=0xfffffe0469185970)
at /home/mark/src/freebsd-dev/sys/kern/sys_generic.c:508
#16 0xffffffff80727044 in sys_write (td=<unavailable>, uap=<optimized out>)
at /home/mark/src/freebsd-dev/sys/kern/sys_generic.c:421
#17 0xffffffff809fabab in syscallenter (td=0xfffff8002709c500, sa=<optimized
out>)
at /home/mark/src/freebsd-dev/sys/amd64/amd64/../../kern/subr_syscall.c:135
#18 amd64_syscall (td=0xfffff8002709c500, traced=0) at
/home/mark/src/freebsd-dev/sys/amd64/amd64/trap.c:942
It looks like there were already two packets in the low-priority aging queue:
(kgdb) frame 5
#5 0xffffffff808109cb in ieee80211_pwrsave (ni=0xfffffe0026178000,
m=0xfffff802fb50bb00)
at /home/mark/src/freebsd-dev/sys/net80211/ieee80211_power.c:392
warning: Source file is more recent than executable.
392 KASSERT(age >= 0, ("age %d", age));
(kgdb) p ni->ni_psq->psq_head[0]
$1 = {head = 0x0, tail = 0x0, len = 0}
(kgdb) p ni->ni_psq->psq_head[1]
$2 = {head = 0xfffff8027be5f400, tail = 0xfffff80027b7de00, len = 2}
age was 0:
(kgdb) p ni->ni_intval
$3 = 1
(kgdb) p ni->ni_ic->ic_bintval
$4 = 100
and the first packet in the queue has age 4:
(kgdb) p ni->ni_psq->psq_head[1].head->m_pkthdr.PH_per.thirtytwo[1]
$5 = 4
... so this code sets age to -4, tripping the assertion:
388 } else {
389 qhead->tail->m_nextpkt = m;
390 age -= M_AGE_GET(qhead->head);
391 }
I can provide more info from the core if that's helpful.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-wireless
mailing list