wlan_crypt_tkip panic

Joe Talbott josepht at cstone.net
Sun Jun 20 09:29:34 PDT 2010


On Sun, Jun 20, 2010 at 12:20:41PM -0400, Joe Talbott wrote:
> Hey guys,
> 
> It seems I've either munged the iwn driver I'm working on or I'm
> genuinely hitting an edge case in the TKIP code.  I got the following
> panic.  I'm attaching a tarball of the source directory and can
> include patches from the unaltered FreeBSD source if needed.
> 
> My main concerns regarding the wifi driver porting in general is my
> weak understanding of the mbuf handling code and the bus_dma* code.
> 
> Any ideas are appreciated.
> 
> Unread portion of the kernel message buffer:
> panic: not enough data, data_len 3 space 2
> 

Here's the kgdb backtrace:

(kgdb) bt
#0  _get_mycpu (di=0xc06d6a00) at ./machine/thread.h:83
#1  md_dumpsys (di=0xc06d6a00) at
/home/josepht/src/dragonfly/sys/platform/pc32/i386/dump_machdep.c:263
#2  0xc0319e29 in dumpsys () at
/home/josepht/src/dragonfly/sys/kern/kern_shutdown.c:838
#3  0xc031a3a4 in boot (howto=260) at
/home/josepht/src/dragonfly/sys/kern/kern_shutdown.c:387
#4  0xc031a4ca in panic (fmt=0xc0609324 "not enough data, data_len %zu
space %u\n") at
/home/josepht/src/dragonfly/sys/kern/kern_shutdown.c:744
#5  0xc03a0369 in michael_mic (ctx=<value optimized out>, key=<value
optimized out>, m=0xdb20f500, off=26, data_len=3, mic=0xd801ca2c
"\324\264;\300\236")
    at
/home/josepht/src/dragonfly/sys/netproto/802_11/wlan_tkip/ieee80211_crypto_tkip.c:900
#6  0xc03a12ba in tkip_enmic (k=0xd7d6b784, m=0xdb210000, force=0) at
/home/josepht/src/dragonfly/sys/netproto/802_11/wlan_tkip/ieee80211_crypto_tkip.c:232
#7  0xc03bb921 in ieee80211_crypto_enmic (vap=0xd7dbb9c0,
ni=0xd7d6b6b8, m=0xdb20bd00) at
/home/josepht/src/dragonfly/sys/netproto/802_11/ieee80211_crypto.h:219
#8  ieee80211_encap (vap=0xd7dbb9c0, ni=0xd7d6b6b8, m=0xdb20bd00) at
/home/josepht/src/dragonfly/sys/netproto/802_11/wlan/ieee80211_output.c:1320
#9  0xc03be63d in ieee80211_start (ifp=0xc48d8198) at
/home/josepht/src/dragonfly/sys/netproto/802_11/wlan/ieee80211_output.c:355
#10 0xc038b149 in ifq_dispatch (ifp=0xc48d8198, m=0xdb20bd00,
pa=0xd801cb38) at /home/josepht/src/dragonfly/sys/net/if.c:2273
#11 0xc038c4ba in ether_output_frame (ifp=0xc48d8198, m=0xdb20bd00) at
/home/josepht/src/dragonfly/sys/net/if_ethersubr.c:534
#12 0xc038c767 in ether_output (ifp=0xc48d8198, m=0xdb20bd00,
dst=0xc4549570, rt=0xc46ef940) at
/home/josepht/src/dragonfly/sys/net/if_ethersubr.c:468
#13 0xc03bbf2a in ieee80211_output (ifp=0xc48d8198, m=0xdb20bd00,
dst=0xc4549570, rt=0xc46ef940) at
/home/josepht/src/dragonfly/sys/netproto/802_11/wlan/ieee80211_output.c:408
#14 0xc03d5e4f in ip_output (m0=0xdb20bd00, opt=0x0, ro=0xd7c20104,
flags=<value optimized out>, imo=0x0, inp=0xd7c200c8) at
/home/josepht/src/dragonfly/sys/netinet/ip_output.c:981
#15 0xc03dd53f in tcp_output (tp=0xd7c20188) at
/home/josepht/src/dragonfly/sys/netinet/tcp_output.c:969
#16 0xc03e45c1 in tcp_usr_send (so=0xd7b616e0, flags=<value optimized
out>, m=0xc47b8700, nam=0x0, control=0x0, td=0xdb3f2c90) at
/home/josepht/src/dragonfly/sys/netinet/tcp_usrreq.c:761
#17 0xc034fa19 in netmsg_pru_send (msg=0xdb41eb68) at
/home/josepht/src/dragonfly/sys/kern/uipc_msg.c:564
#18 0xc039598d in netmsg_service (msg=0x0, mpsafe_mode=1, mplocked=0)
at /home/josepht/src/dragonfly/sys/net/netisr.c:310
#19 0xc03def13 in tcpmsg_service_loop (dummy=0x0) at
/home/josepht/src/dragonfly/sys/netinet/tcp_subr.c:410
#20 0xc0322537 in lwkt_deschedule_self (td=Cannot access memory at
address 0x8
) at /home/josepht/src/dragonfly/sys/kern/lwkt_thread.c:250
Backtrace stopped: previous frame inner to this frame (corrupt stack?)






More information about the Bugs mailing list