Site Navigation

Date:      Sat, 20 Aug 2016 01:40:28 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-wireless@FreeBSD.org
Subject:   [Bug 212005] [panic] [net80211] age -4
Message-ID:  <bug-212005-21060@https.bugs.freebsd.org/bugzilla/>

---

next in thread | raw e-mail | index | archive | help

---

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212005

            Bug ID: 212005
           Summary: [panic] [net80211] age -4
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: wireless
          Assignee: freebsd-wireless@FreeBSD.org
          Reporter: markj@FreeBSD.org

I use if_run(4) in hostap mode. The system using it has now panicked twice =
in
ieee80211_pwrsave() at the age >=3D 0 assertion. Both times it happened aft=
er I
woke up a Windows laptop that automatically associates to the AP:

#0  __curthread () at ./machine/pcpu.h:221
#1  doadump (textdump=3D1) at
/home/mark/src/freebsd-dev/sys/kern/kern_shutdown.c:298
#2  0xffffffff806c2545 in kern_reboot (howto=3D<optimized out>) at
/home/mark/src/freebsd-dev/sys/kern/kern_shutdown.c:366
#3  0xffffffff806c2b1b in vpanic (fmt=3D<optimized out>, ap=3D0xfffffe04691=
85600)
    at /home/mark/src/freebsd-dev/sys/kern/kern_shutdown.c:759
#4  0xffffffff806c2956 in kassert_panic (fmt=3D0xffffffff80b6c114 "age %d")
    at /home/mark/src/freebsd-dev/sys/kern/kern_shutdown.c:649
#5  0xffffffff808109cb in ieee80211_pwrsave (ni=3D0xfffffe0026178000,
m=3D0xfffff802fb50bb00)
    at /home/mark/src/freebsd-dev/sys/net80211/ieee80211_power.c:392
#6  0xffffffff8080a0fb in ieee80211_vap_pkt_send_dest (vap=3D0xfffff80027d6=
5000,
m=3D0xfffff802fb50bb00, ni=3D0xfffffe0026178000)
    at /home/mark/src/freebsd-dev/sys/net80211/ieee80211_output.c:136
#7  0xffffffff8080b5c4 in ieee80211_start_pkt (vap=3D0xfffff80027d65000,
m=3D0xfffff802fb50bb00)
    at /home/mark/src/freebsd-dev/sys/net80211/ieee80211_output.c:435
#8  ieee80211_vap_transmit (ifp=3D<optimized out>, m=3D<optimized out>)
    at /home/mark/src/freebsd-dev/sys/net80211/ieee80211_output.c:495
#9  0xffffffff807bc0ff in ether_output_frame (ifp=3D<optimized out>,
m=3D<unavailable>)
    at /home/mark/src/freebsd-dev/sys/net/if_ethersubr.c:457
#10 ether_output (ifp=3D<optimized out>, m=3D<optimized out>,
dst=3D0xfffffe0469185810, ro=3D<optimized out>)
    at /home/mark/src/freebsd-dev/sys/net/if_ethersubr.c:429
#11 0xffffffff807a5692 in bpfwrite (dev=3D<optimized out>, uio=3D<optimized=
 out>,
ioflag=3D<optimized out>)
    at /home/mark/src/freebsd-dev/sys/net/bpf.c:1173
#12 0xffffffff80598157 in devfs_write_f (fp=3D0xfffff8001999bb90,
uio=3D0xfffffe0469185970, cred=3D0xfffff8002709c500, flags=3D0,=20
    td=3D<optimized out>) at
/home/mark/src/freebsd-dev/sys/fs/devfs/devfs_vnops.c:1773
#13 0xffffffff80727414 in fo_write (fp=3D<optimized out>, uio=3D0xfffffe046=
9185970,
active_cred=3D<unavailable>, flags=3D0,=20
    td=3D<optimized out>) at /home/mark/src/freebsd-dev/sys/sys/file.h:311
#14 dofilewrite (td=3D0xfffff8002709c500, fd=3D4, fp=3D0xfffff8001999bb90,
auio=3D0xfffffe0469185970, offset=3D<optimized out>,=20
    flags=3D0) at /home/mark/src/freebsd-dev/sys/kern/sys_generic.c:593
#15 0xffffffff807270b8 in kern_writev (td=3D0xfffff8002709c500, fd=3D4,
auio=3D0xfffffe0469185970)
    at /home/mark/src/freebsd-dev/sys/kern/sys_generic.c:508
#16 0xffffffff80727044 in sys_write (td=3D<unavailable>, uap=3D<optimized o=
ut>)
    at /home/mark/src/freebsd-dev/sys/kern/sys_generic.c:421
#17 0xffffffff809fabab in syscallenter (td=3D0xfffff8002709c500, sa=3D<opti=
mized
out>)
    at /home/mark/src/freebsd-dev/sys/amd64/amd64/../../kern/subr_syscall.c=
:135
#18 amd64_syscall (td=3D0xfffff8002709c500, traced=3D0) at
/home/mark/src/freebsd-dev/sys/amd64/amd64/trap.c:942

It looks like there were already two packets in the low-priority aging queu=
e:

(kgdb) frame 5
#5  0xffffffff808109cb in ieee80211_pwrsave (ni=3D0xfffffe0026178000,
m=3D0xfffff802fb50bb00)
    at /home/mark/src/freebsd-dev/sys/net80211/ieee80211_power.c:392
warning: Source file is more recent than executable.
392             KASSERT(age >=3D 0, ("age %d", age));
(kgdb) p ni->ni_psq->psq_head[0]
$1 =3D {head =3D 0x0, tail =3D 0x0, len =3D 0}
(kgdb) p ni->ni_psq->psq_head[1]
$2 =3D {head =3D 0xfffff8027be5f400, tail =3D 0xfffff80027b7de00, len =3D 2}

age was 0:

(kgdb) p ni->ni_intval
$3 =3D 1
(kgdb) p ni->ni_ic->ic_bintval=20
$4 =3D 100

and the first packet in the queue has age 4:

(kgdb) p ni->ni_psq->psq_head[1].head->m_pkthdr.PH_per.thirtytwo[1]
$5 =3D 4

... so this code sets age to -4, tripping the assertion:

388         } else {=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20
389                 qhead->tail->m_nextpkt =3D m;
390                 age -=3D M_AGE_GET(qhead->head);=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20
391         }

I can provide more info from the core if that's helpful.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-212005-21060>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact