panic: bogus long slot station count 0

From: Michal Mertl <mime_at_traveller.cz>
Date: Sat, 13 Aug 2005 17:18:07 +0200
I'm getting easy to reproduce INVARIANTS panics on fresh CURRENT.

The panicing machine has ath0 configured like this: "ifconfig ath0
192.168.0.1/24 media auto mode 11b mediaopt hostap ssid mig_ap_xx".

When I associate to it with a notebook with an ipw card I get later
several panics with the same INVARIANTS cause - line 2073 in
src/sys/net80211/ieee80211_node.c.

The "normal" panic is this scenario - a station connects and then leaves
(is turned off or something).

I run '80211debug assoc' and this is what I get before the panic:

ath0: [00:0c:f1:3e:8b:07] recv probe req
ath0: [00:0c:f1:3e:8b:07] station associated at aid 1: short preamble,
long slot time
ath0: [00:0c:f1:3e:8b:07] station with aid 1 leaves

After the association was formed I put the ipw0 card 'down' and after
short while (a minute or so) I received the third message above and the
panic with the traceback below. I don't understand much what 'short
preamble' means but I'd expect to see 'S' character in 'ifconfig ath0
list sta' command output on the AP if the station was really doing
shoart preamble. 

Output of 'ifconfig ath0 list sta' on the AP before the crash is this:

ADDR               AID CHAN RATE RSSI IDLE  TXSEQ  RXSEQ CAPS ERP
00:0c:f1:3e:8b:07    1    1   1M   25  210      2    208 E      0


Traceback:

#24 0xc0548f86 in panic (fmt=0xc06ebe35 "bogus long slot station count %
d") at ../../../kern/kern_shutdown.c:537
#25 0xc05e36d2 in ieee80211_node_leave_11g (ic=0xc16251ac,
ni=0xc17c8000) at ../../../net80211/ieee80211_node.c:2073
#26 0xc05e3952 in ieee80211_node_leave (ic=0xc16251ac, ni=0xc17c8000)
at ../../../net80211/ieee80211_node.c:2156
#27 0xc05e2fc6 in ieee80211_timeout_stations (nt=0xc16259a8)
at ../../../net80211/ieee80211_node.c:1880
#28 0xc05d153d in ieee80211_watchdog (ic=0xc16251ac)
at ../../../net80211/ieee80211.c:748
#29 0xc04db32f in ath_watchdog (ifp=0xc1623c00)
at ../../../dev/ath/if_ath.c:4567
#30 0xc05bf308 in if_slowtimo (arg=0x0) at ../../../net/if.c:1202
#31 0xc05564f8 in softclock (dummy=0x0)
at ../../../kern/kern_timeout.c:295
#32 0xc053288c in ithread_loop (arg=0xc1540280)
at ../../../kern/kern_intr.c:545
#33 0xc05319b2 in fork_exit (callout=0xc053273c <ithread_loop>, arg=0x0,
frame=0x0) at ../../../kern/kern_fork.c:789
#34 0xc069594c in fork_trampoline ()
at ../../../i386/i386/exception.s:208


The second scenario with similar panic happens on shutdown on the AP:

#25 0xc05e36d2 in ieee80211_node_leave_11g (ic=0xc16251ac,
ni=0xc17c3000)
    at ../../../net80211/ieee80211_node.c:2073
#26 0xc05e3952 in ieee80211_node_leave (ic=0xc16251ac, ni=0xc17c3000)
    at ../../../net80211/ieee80211_node.c:2156
#27 0xc05e7705 in sta_disassoc (arg=0xc16251ac, ni=0xc17c3000)
    at ../../../net80211/ieee80211_proto.c:827
#28 0xc05e30ee in ieee80211_iterate_nodes (nt=0xc16259a8,
    f=0xc05e76c2 <sta_disassoc>, arg=0xc16251ac)
    at ../../../net80211/ieee80211_node.c:1907
#29 0xc05e783a in ieee80211_newstate (ic=0xc16251ac,
nstate=IEEE80211_S_INIT,
    arg=-1) at ../../../net80211/ieee80211_proto.c:866
#30 0xc04da8a0 in ath_newstate (ic=0xc16251ac, nstate=IEEE80211_S_INIT,
arg=0)
    at ../../../dev/ath/if_ath.c:4199
#31 0xc04d5270 in ath_stop_locked (ifp=0xc1623c00)
    at ../../../dev/ath/if_ath.c:957
#32 0xc04d5451 in ath_stop (ifp=0xc1623c00)
at ../../../dev/ath/if_ath.c:986
#33 0xc04d4bd0 in ath_shutdown (sc=0x0) at ../../../dev/ath/if_ath.c:673
#34 0xc04dcb83 in ath_pci_shutdown (dev=0x0)
    at ../../../dev/ath/if_ath_pci.c:241
#35 0xc0560c50 in device_shutdown (dev=0x0) at device_if.h:237
#36 0xc0561418 in bus_generic_shutdown (dev=0x0)
    at ../../../kern/subr_bus.c:2905
#37 0xc0560c50 in device_shutdown (dev=0x0) at device_if.h:237
#38 0xc0561418 in bus_generic_shutdown (dev=0x0)
    at ../../../kern/subr_bus.c:2905
#39 0xc0560c50 in device_shutdown (dev=0x0) at device_if.h:237
#40 0xc0561418 in bus_generic_shutdown (dev=0x0)
    at ../../../kern/subr_bus.c:2905
#41 0xc0560c50 in device_shutdown (dev=0x0) at device_if.h:237
#42 0xc0561418 in bus_generic_shutdown (dev=0x0)
    at ../../../kern/subr_bus.c:2905
#43 0xc0560c50 in device_shutdown (dev=0x0) at device_if.h:237
#44 0xc0561418 in bus_generic_shutdown (dev=0x0)
---Type <return> to continue, or q <return> to quit---
    at ../../../kern/subr_bus.c:2905
#45 0xc04a978f in acpi_shutdown (dev=0x0)
at ../../../dev/acpica/acpi.c:677
#46 0xc0560c50 in device_shutdown (dev=0x0) at device_if.h:237
#47 0xc0561418 in bus_generic_shutdown (dev=0x0)
    at ../../../kern/subr_bus.c:2905
#48 0xc0560c50 in device_shutdown (dev=0x0) at device_if.h:237
#49 0xc0561418 in bus_generic_shutdown (dev=0x0)
    at ../../../kern/subr_bus.c:2905
#50 0xc0560c50 in device_shutdown (dev=0x0) at device_if.h:237
#51 0xc0562756 in root_bus_module_handler (mod=0xc14ee8c0, what=0,
arg=0x0)
    at ../../../kern/subr_bus.c:3631
#52 0xc053e9fa in module_shutdown (arg1=0x0, arg2=0)
    at ../../../kern/kern_module.c:104
#53 0xc0548d73 in boot (howto=0) at ../../../kern/kern_shutdown.c:400
#54 0xc05484e3 in reboot (td=0x0, uap=0x0)
at ../../../kern/kern_shutdown.c:162
#55 0xc06a78c5 in syscall (frame=
      {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 2, tf_esi =
-1077940456, tf_ebp = -1077940792, tf_isp = -873558684, tf_ebx =
-1077940560, tf_edx = -1, tf_ecx = 4, tf_eax = 55, tf_trapno = 12,
tf_err = 2, tf_eip = 134547255, tf_cs = 51, tf_eflags = 646, tf_esp =
-1077941012, tf_ss = 59})
    at ../../../i386/i386/trap.c:986
#56 0xc069593f in Xint0x80_syscall ()
at ../../../i386/i386/exception.s:200

The third variant happens when I ussue 'ifconfig ath0 down':

#24 0xc0548f86 in panic (fmt=0xc06ebe35 "bogus long slot station count %
d") at ../../../kern/kern_shutdown.c:537
#25 0xc05e36d2 in ieee80211_node_leave_11g (ic=0xc16251ac,
ni=0xc1969000) at ../../../net80211/ieee80211_node.c:2073
#26 0xc05e3952 in ieee80211_node_leave (ic=0xc16251ac, ni=0xc1969000)
at ../../../net80211/ieee80211_node.c:2156
#27 0xc05e7705 in sta_disassoc (arg=0xc16251ac, ni=0xc1969000)
at ../../../net80211/ieee80211_proto.c:827
#28 0xc05e30ee in ieee80211_iterate_nodes (nt=0xc16259a8, f=0xc05e76c2
<sta_disassoc>, arg=0xc16251ac)
at ../../../net80211/ieee80211_node.c:1907
#29 0xc05e783a in ieee80211_newstate (ic=0xc16251ac,
nstate=IEEE80211_S_INIT, arg=-1)
at ../../../net80211/ieee80211_proto.c:866
#30 0xc04da8a0 in ath_newstate (ic=0xc16251ac, nstate=IEEE80211_S_INIT,
arg=0) at ../../../dev/ath/if_ath.c:4199
#31 0xc04d5270 in ath_stop_locked (ifp=0xc1623c00)
at ../../../dev/ath/if_ath.c:957
#32 0xc04db5ab in ath_ioctl (ifp=0xc1623c00, cmd=2149607696,
data=0xc164a240 "ath0") at ../../../dev/ath/if_ath.c:4664
#33 0xc05bf6f4 in ifhwioctl (cmd=2149607696, ifp=0xc1623c00,
data=0xc164a240 "ath0", td=0x0) at ../../../net/if.c:1310
#34 0xc05c00af in ifioctl (so=0xc17f042c, cmd=2149607696,
data=0xc164a240 "ath0", td=0xc197f300) at ../../../net/if.c:1544
#35 0xc0579d38 in soo_ioctl (fp=0x0, cmd=2149607696, data=0xc164a240,
active_cred=0xc1955000, td=0xc197f300) at ../../../kern/sys_socket.c:214
#36 0xc05732c0 in ioctl (td=0xc197f300, uap=0xcd4bed04) at file.h:258
#37 0xc06a78c5 in syscall (frame=
      {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 3, tf_esi = -1,
tf_ebp = -1077943224, tf_isp = -850662044, tf_ebx = -1077943280, tf_edx
= 0, tf_ecx = 0, tf_eax = 54, tf_trapno = 12, tf_err = 2, tf_eip =
672419903, tf_cs = 51, tf_eflags = 583, tf_esp = -1077943300, tf_ss =
59}) at ../../../i386/i386/trap.c:986
#38 0xc069593f in Xint0x80_syscall ()
at ../../../i386/i386/exception.s:200



I've got the core files of all the panics above and can supply any more
information if needed.


Michal
Received on Sat Aug 13 2005 - 13:18:25 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:41 UTC