[Bug 275616] bwn driver causes kernel panic after connect

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 275616] bwn driver causes kernel panic after connect"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 09 Dec 2023 15:52:53 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275616

--- Comment #11 from Mark Johnston <markj@FreeBSD.org> ---
(In reply to Frank Hilgendorf from comment #9)
So that corresponds to:

1660                 /* NB: this could be optimized 'cuz of
ieee80211_mbuf_adjust */                                                        
1661                 m_adj(m, sizeof(struct ether_header) - sizeof(struct
llc));                                                                          
1662                 llc = mtod(m, struct llc *);                               
1663                 llc->llc_dsap = llc->llc_ssap = LLC_SNAP_LSAP;             
1664                 llc->llc_control = LLC_UI;                                 
1665                 llc->llc_snap.org_code[0] = 0;                             
1666                 llc->llc_snap.org_code[1] = 0; <--- starts here            
1667                 llc->llc_snap.org_code[2] = 0;                             
1668                 llc->llc_snap.ether_type = eh.ether_type;

which seems to make sense, since KASAN reports 2 1-byte writes followed by a
2-byte write.

That is strange.  I suspect the bug is elsewhere.  Perhaps something (bwn?)
concurrently freed the mbuf chain?

-- 
You are receiving this mail because:
You are the assignee for the bug.