Bug #1784
closedwlan_crypt_tkip panic
100%
Description
Hey guys,
It seems I've either munged the iwn driver I'm working on or I'm
genuinely hitting an edge case in the TKIP code. I got the following
panic. I'm attaching a tarball of the source directory and can
include patches from the unaltered FreeBSD source if needed.
My main concerns regarding the wifi driver porting in general is my
weak understanding of the mbuf handling code and the bus_dma* code.
Any ideas are appreciated.
Unread portion of the kernel message buffer:
panic: not enough data, data_len 3 space 2
Trace beginning at frame 0xd801c9b4
panic(ffffffff) at panic+0x8e
panic(c0609324,3,2,db20f500,5f0873f1) at panic+0x8e
michael_mic(1a,3,d801ca2c,c465dff8,d7d682b8) at michael_mic+0x455
tkip_enmic(d7d6b784,db210000,0) at tkip_enmic+0xb5
ieee80211_encap(d7dbb9c0,d7d6b6b8,db20bd00,d7dbb9c0,d7d682b8) at
ieee80211_encap+0x863
ieee80211_start(c48d8198,1,0,1,0) at ieee80211_start+0x657
ifq_dispatch(c48d8198,db20bd00,d801cb38) at ifq_dispatch+0x13a
ether_output_frame(c48d8198,db20bd00,db20bd9a,db20bd9a,0) at
ether_output_frame+0x1be
ether_output(c48d8198,db20bd00,c4549570,c46ef940,14) at
ether_output+0x29b
ieee80211_output(c48d8198,db20bd00,c4549570,c46ef940,0) at
ieee80211_output+0x2f
ip_output(db20bd00,0,d7c20104,10000,0) at ip_output+0xbc1
tcp_output(d7c20188,41eb68,0,db41eb68,1) at tcp_output+0x1449
tcp_usr_send(d7b616e0,0,c47b8700,0,0) at tcp_usr_send+0x1d3
netmsg_pru_send(db41eb68,c0714958,c0714958,d801cd84,c03def13) at
netmsg_pru_send+0x1c
netmsg_service(db41eb68,1,0,c0714440,ff800000) at netmsg_service+0x58
tcpmsg_service_loop(0,0,0,0,0) at tcpmsg_service_loop+0x1d
lwkt_exit() at lwkt_exit
Files
Updated by josepht over 14 years ago
On Sun, Jun 20, 2010 at 12:20:41PM -0400, Joe Talbott wrote:
Hey guys,
It seems I've either munged the iwn driver I'm working on or I'm
genuinely hitting an edge case in the TKIP code. I got the following
panic. I'm attaching a tarball of the source directory and can
include patches from the unaltered FreeBSD source if needed.My main concerns regarding the wifi driver porting in general is my
weak understanding of the mbuf handling code and the bus_dma* code.Any ideas are appreciated.
Unread portion of the kernel message buffer:
panic: not enough data, data_len 3 space 2
Here's the kgdb backtrace:
(kgdb) bt
#0 _get_mycpu (di=0xc06d6a00) at ./machine/thread.h:83
#1 md_dumpsys (di=0xc06d6a00) at
/home/josepht/src/dragonfly/sys/platform/pc32/i386/dump_machdep.c:263
#2 0xc0319e29 in dumpsys () at
/home/josepht/src/dragonfly/sys/kern/kern_shutdown.c:838
#3 0xc031a3a4 in boot (howto=260) at
/home/josepht/src/dragonfly/sys/kern/kern_shutdown.c:387
#4 0xc031a4ca in panic (fmt=0xc0609324 "not enough data, data_len %zu
space %u\n") at
/home/josepht/src/dragonfly/sys/kern/kern_shutdown.c:744
#5 0xc03a0369 in michael_mic (ctx=<value optimized out>, key=<value
optimized out>, m=0xdb20f500, off=26, data_len=3, mic=0xd801ca2c
"\324\264;\300\236")
at
/home/josepht/src/dragonfly/sys/netproto/802_11/wlan_tkip/ieee80211_crypto_tkip.c:900
#6 0xc03a12ba in tkip_enmic (k=0xd7d6b784, m=0xdb210000, force=0) at
/home/josepht/src/dragonfly/sys/netproto/802_11/wlan_tkip/ieee80211_crypto_tkip.c:232
#7 0xc03bb921 in ieee80211_crypto_enmic (vap=0xd7dbb9c0,
ni=0xd7d6b6b8, m=0xdb20bd00) at
/home/josepht/src/dragonfly/sys/netproto/802_11/ieee80211_crypto.h:219
#8 ieee80211_encap (vap=0xd7dbb9c0, ni=0xd7d6b6b8, m=0xdb20bd00) at
/home/josepht/src/dragonfly/sys/netproto/802_11/wlan/ieee80211_output.c:1320
#9 0xc03be63d in ieee80211_start (ifp=0xc48d8198) at
/home/josepht/src/dragonfly/sys/netproto/802_11/wlan/ieee80211_output.c:355
#10 0xc038b149 in ifq_dispatch (ifp=0xc48d8198, m=0xdb20bd00,
pa=0xd801cb38) at /home/josepht/src/dragonfly/sys/net/if.c:2273
#11 0xc038c4ba in ether_output_frame (ifp=0xc48d8198, m=0xdb20bd00) at
/home/josepht/src/dragonfly/sys/net/if_ethersubr.c:534
#12 0xc038c767 in ether_output (ifp=0xc48d8198, m=0xdb20bd00,
dst=0xc4549570, rt=0xc46ef940) at
/home/josepht/src/dragonfly/sys/net/if_ethersubr.c:468
#13 0xc03bbf2a in ieee80211_output (ifp=0xc48d8198, m=0xdb20bd00,
dst=0xc4549570, rt=0xc46ef940) at
/home/josepht/src/dragonfly/sys/netproto/802_11/wlan/ieee80211_output.c:408
#14 0xc03d5e4f in ip_output (m0=0xdb20bd00, opt=0x0, ro=0xd7c20104,
flags=<value optimized out>, imo=0x0, inp=0xd7c200c8) at
/home/josepht/src/dragonfly/sys/netinet/ip_output.c:981
#15 0xc03dd53f in tcp_output (tp=0xd7c20188) at
/home/josepht/src/dragonfly/sys/netinet/tcp_output.c:969
#16 0xc03e45c1 in tcp_usr_send (so=0xd7b616e0, flags=<value optimized
out>, m=0xc47b8700, nam=0x0, control=0x0, td=0xdb3f2c90) at
/home/josepht/src/dragonfly/sys/netinet/tcp_usrreq.c:761
#17 0xc034fa19 in netmsg_pru_send (msg=0xdb41eb68) at
/home/josepht/src/dragonfly/sys/kern/uipc_msg.c:564
#18 0xc039598d in netmsg_service (msg=0x0, mpsafe_mode=1, mplocked=0)
at /home/josepht/src/dragonfly/sys/net/netisr.c:310
#19 0xc03def13 in tcpmsg_service_loop (dummy=0x0) at
/home/josepht/src/dragonfly/sys/netinet/tcp_subr.c:410
#20 0xc0322537 in lwkt_deschedule_self (td=Cannot access memory at
address 0x8
) at /home/josepht/src/dragonfly/sys/kern/lwkt_thread.c:250
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
Updated by josepht over 14 years ago
On Sun, Jun 20, 2010 at 12:20:41PM -0400, Joe Talbott wrote:
As always I forgot the attachment. Here it is. If for some reason
the tarball gets stripped you can find it here:
http://leaf.dragonflybsd.org/~josepht/iwn.tgz
Joe
Updated by tuxillo almost 10 years ago
- Description updated (diff)
- Category set to Driver
- Status changed from New to Feedback
- Assignee deleted (
0) - Target version set to 4.2
Hi Josepht,
Is this still relevant?
Cheers,
Antonio Huete
Updated by tuxillo almost 3 years ago
- Status changed from Feedback to Closed
- % Done changed from 0 to 100
There was a WLAN upgrade in 2015 (085ff963b243cbeba68069d0b25c2b798c566b31) to what the FreeBSD code at that time (by Adrian).
I don't think this is no longer relevant.