[Bug 250424] [rtwn] an USB device could panic under load: panic: not an HT sta

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sat Oct 17 21:08:19 UTC 2020 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=250424

            Bug ID: 250424
           Summary: [rtwn] an USB device could panic under load: panic:
                    not an HT sta
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: wireless
          Assignee: wireless at FreeBSD.org
          Reporter: vidwer+fbsdbugs at gmail.com

This panic has been observed when updating /usr/ports/ using git. git was the
only userland tool generating frames.

>From kgdb:
Reading symbols from /usr/lib/debug/boot/kernel/kernel.debug...

Unread portion of the kernel message buffer:
panic: not an HT sta
cpuid = 3
time = 1602954519
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00107e6770
vpanic() at vpanic+0x182/frame 0xfffffe00107e67c0
panic() at panic+0x43/frame 0xfffffe00107e6820
ieee80211_ampdu_reorder() at ieee80211_ampdu_reorder+0x9c6/frame
0xfffffe00107e68c0
sta_input() at sta_input+0xc38/frame 0xfffffe00107e6960
ieee80211_input_mimo() at ieee80211_input_mimo+0x219/frame 0xfffffe00107e6a10
rtwn_bulk_rx_callback() at rtwn_bulk_rx_callback+0x2ab/frame 0xfffffe00107e6a80
usbd_callback_wrapper() at usbd_callback_wrapper+0x85e/frame 0xfffffe00107e6ac0
usb_command_wrapper() at usb_command_wrapper+0x7e/frame 0xfffffe00107e6ae0
usb_callback_proc() at usb_callback_proc+0x8e/frame 0xfffffe00107e6b00
usb_process() at usb_process+0xf3/frame 0xfffffe00107e6b30
fork_exit() at fork_exit+0x80/frame 0xfffffe00107e6b70
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00107e6b70
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic

__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
55              __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct
pcpu,
(kgdb) bt
#0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1  doadump (textdump=0) at /usr/src/sys/kern/kern_shutdown.c:394
#2  0xffffffff804a0a8a in db_dump (dummy=<optimized out>, dummy2=<optimized
out>, dummy3=<unavailable>, dummy4=<unavailable>) at
/usr/src/sys/ddb/db_command.c:575
#3  0xffffffff804a0850 in db_command (last_cmdp=<optimized out>,
cmd_table=<optimized out>, dopager=1) at /usr/src/sys/ddb/db_command.c:482
#4  0xffffffff804a05ad in db_command_loop () at
/usr/src/sys/ddb/db_command.c:535
#5  0xffffffff804a38c6 in db_trap (type=<optimized out>, code=<optimized out>)
at /usr/src/sys/ddb/db_main.c:270
#6  0xffffffff80c255d4 in kdb_trap (type=3, code=0, tf=<optimized out>) at
/usr/src/sys/kern/subr_kdb.c:699
#7  0xffffffff81021dde in trap (frame=0xfffffe00107e66a0) at
/usr/src/sys/amd64/amd64/trap.c:576
#8  <signal handler called>
#9  kdb_enter (why=0xffffffff8120c497 "panic", msg=<optimized out>) at
/usr/src/sys/kern/subr_kdb.c:486
#10 0xffffffff80bd996e in vpanic (fmt=<optimized out>, ap=<optimized out>) at
/usr/src/sys/kern/kern_shutdown.c:901
#11 0xffffffff80bd9713 in panic (fmt=0xffffffff81c88468 <cnputs_mtx>
"\270\331\034\201\377\377\377\377") at /usr/src/sys/kern/kern_shutdown.c:838
#12 0xffffffff80d3f036 in ieee80211_ampdu_reorder (ni=0xfffffe0065ab7000,
m=0xfffff8012b7e7900, rxs=0xfffffe00107e6660) at
/usr/src/sys/net80211/ieee80211_ht.c:1018
#13 0xffffffff80d6a898 in sta_input (ni=<optimized out>, m=0xfffff8012b7e7900,
rxs=0xfffffe00107e6978, rssi=<optimized out>, nf=<optimized out>) at
/usr/src/sys/net80211/ieee80211_sta.c:678
#14 0xffffffff80d45f59 in ieee80211_input_mimo (ni=0xfffffe0065ab7000,
m=0xfffff8012b7e7900) at /usr/src/sys/net80211/ieee80211_input.c:101
#15 0xffffffff829423ab in rtwn_bulk_rx_callback (xfer=<optimized out>,
error=<optimized out>) at /usr/src/sys/dev/rtwn/usb/rtwn_usb_rx.c:419
#16 0xffffffff80a0c5ee in usbd_callback_wrapper (pq=<optimized out>) at
/usr/src/sys/dev/usb/usb_transfer.c:2483
#17 0xffffffff80a0d94e in usb_command_wrapper (pq=0xfffffe0065559060,
xfer=<optimized out>) at /usr/src/sys/dev/usb/usb_transfer.c:3136
#18 0xffffffff80a0c76e in usb_callback_proc (_pm=<optimized out>) at
/usr/src/sys/dev/usb/usb_transfer.c:2346
#19 0xffffffff80a074a3 in usb_process (arg=0xfffffe004bb294e0) at
/usr/src/sys/dev/usb/usb_process.c:178
#20 0xffffffff80b94950 in fork_exit (callout=0xffffffff80a073b0 <usb_process>,
arg=0xfffffe004bb294e0, frame=0xfffffe00107e6b80) at
/usr/src/sys/kern/kern_fork.c:1052
#21 <signal handler called>

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-wireless mailing list