Date: Sat, 17 Oct 2020 21:08:18 +0000 From: bugzilla-noreply@freebsd.org To: wireless@FreeBSD.org Subject: [Bug 250424] [rtwn] an USB device could panic under load: panic: not an HT sta Message-ID: <bug-250424-21060@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D250424 Bug ID: 250424 Summary: [rtwn] an USB device could panic under load: panic: not an HT sta Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: wireless Assignee: wireless@FreeBSD.org Reporter: vidwer+fbsdbugs@gmail.com This panic has been observed when updating /usr/ports/ using git. git was t= he only userland tool generating frames. >From kgdb: Reading symbols from /usr/lib/debug/boot/kernel/kernel.debug... Unread portion of the kernel message buffer: panic: not an HT sta cpuid =3D 3 time =3D 1602954519 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00107e6= 770 vpanic() at vpanic+0x182/frame 0xfffffe00107e67c0 panic() at panic+0x43/frame 0xfffffe00107e6820 ieee80211_ampdu_reorder() at ieee80211_ampdu_reorder+0x9c6/frame 0xfffffe00107e68c0 sta_input() at sta_input+0xc38/frame 0xfffffe00107e6960 ieee80211_input_mimo() at ieee80211_input_mimo+0x219/frame 0xfffffe00107e6a= 10 rtwn_bulk_rx_callback() at rtwn_bulk_rx_callback+0x2ab/frame 0xfffffe00107e= 6a80 usbd_callback_wrapper() at usbd_callback_wrapper+0x85e/frame 0xfffffe00107e= 6ac0 usb_command_wrapper() at usb_command_wrapper+0x7e/frame 0xfffffe00107e6ae0 usb_callback_proc() at usb_callback_proc+0x8e/frame 0xfffffe00107e6b00 usb_process() at usb_process+0xf3/frame 0xfffffe00107e6b30 fork_exit() at fork_exit+0x80/frame 0xfffffe00107e6b70 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00107e6b70 --- trap 0, rip =3D 0, rsp =3D 0, rbp =3D 0 --- KDB: enter: panic __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 55 __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (offsetof(stru= ct pcpu, (kgdb) bt #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 #1 doadump (textdump=3D0) at /usr/src/sys/kern/kern_shutdown.c:394 #2 0xffffffff804a0a8a in db_dump (dummy=3D<optimized out>, dummy2=3D<optim= ized out>, dummy3=3D<unavailable>, dummy4=3D<unavailable>) at /usr/src/sys/ddb/db_command.c:575 #3 0xffffffff804a0850 in db_command (last_cmdp=3D<optimized out>, cmd_table=3D<optimized out>, dopager=3D1) at /usr/src/sys/ddb/db_command.c:= 482 #4 0xffffffff804a05ad in db_command_loop () at /usr/src/sys/ddb/db_command.c:535 #5 0xffffffff804a38c6 in db_trap (type=3D<optimized out>, code=3D<optimize= d out>) at /usr/src/sys/ddb/db_main.c:270 #6 0xffffffff80c255d4 in kdb_trap (type=3D3, code=3D0, tf=3D<optimized out= >) at /usr/src/sys/kern/subr_kdb.c:699 #7 0xffffffff81021dde in trap (frame=3D0xfffffe00107e66a0) at /usr/src/sys/amd64/amd64/trap.c:576 #8 <signal handler called> #9 kdb_enter (why=3D0xffffffff8120c497 "panic", msg=3D<optimized out>) at /usr/src/sys/kern/subr_kdb.c:486 #10 0xffffffff80bd996e in vpanic (fmt=3D<optimized out>, ap=3D<optimized ou= t>) at /usr/src/sys/kern/kern_shutdown.c:901 #11 0xffffffff80bd9713 in panic (fmt=3D0xffffffff81c88468 <cnputs_mtx> "\270\331\034\201\377\377\377\377") at /usr/src/sys/kern/kern_shutdown.c:838 #12 0xffffffff80d3f036 in ieee80211_ampdu_reorder (ni=3D0xfffffe0065ab7000, m=3D0xfffff8012b7e7900, rxs=3D0xfffffe00107e6660) at /usr/src/sys/net80211/ieee80211_ht.c:1018 #13 0xffffffff80d6a898 in sta_input (ni=3D<optimized out>, m=3D0xfffff8012b= 7e7900, rxs=3D0xfffffe00107e6978, rssi=3D<optimized out>, nf=3D<optimized out>) at /usr/src/sys/net80211/ieee80211_sta.c:678 #14 0xffffffff80d45f59 in ieee80211_input_mimo (ni=3D0xfffffe0065ab7000, m=3D0xfffff8012b7e7900) at /usr/src/sys/net80211/ieee80211_input.c:101 #15 0xffffffff829423ab in rtwn_bulk_rx_callback (xfer=3D<optimized out>, error=3D<optimized out>) at /usr/src/sys/dev/rtwn/usb/rtwn_usb_rx.c:419 #16 0xffffffff80a0c5ee in usbd_callback_wrapper (pq=3D<optimized out>) at /usr/src/sys/dev/usb/usb_transfer.c:2483 #17 0xffffffff80a0d94e in usb_command_wrapper (pq=3D0xfffffe0065559060, xfer=3D<optimized out>) at /usr/src/sys/dev/usb/usb_transfer.c:3136 #18 0xffffffff80a0c76e in usb_callback_proc (_pm=3D<optimized out>) at /usr/src/sys/dev/usb/usb_transfer.c:2346 #19 0xffffffff80a074a3 in usb_process (arg=3D0xfffffe004bb294e0) at /usr/src/sys/dev/usb/usb_process.c:178 #20 0xffffffff80b94950 in fork_exit (callout=3D0xffffffff80a073b0 <usb_proc= ess>, arg=3D0xfffffe004bb294e0, frame=3D0xfffffe00107e6b80) at /usr/src/sys/kern/kern_fork.c:1052 #21 <signal handler called> --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-250424-21060>