From owner-freebsd-current@FreeBSD.ORG Thu Mar 10 13:29:43 2005 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9E4D316A4CE for ; Thu, 10 Mar 2005 13:29:43 +0000 (GMT) Received: from tinker.exit.com (tinker.exit.com [206.223.0.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 249D843D62 for ; Thu, 10 Mar 2005 13:29:43 +0000 (GMT) (envelope-from frank@exit.com) Received: from realtime.exit.com (realtime [206.223.0.5]) by tinker.exit.com (8.13.3/8.13.3) with ESMTP id j2ADRXWR039788; Thu, 10 Mar 2005 05:28:18 -0800 (PST) (envelope-from frank@exit.com) Received: from realtime.exit.com (localhost [127.0.0.1]) by realtime.exit.com (8.13.1/8.12.9) with ESMTP id j2ADRW2X088898; Thu, 10 Mar 2005 05:27:32 -0800 (PST) (envelope-from frank@realtime.exit.com) Received: (from frank@localhost) by realtime.exit.com (8.13.1/8.13.1/Submit) id j2ADRW2C088897; Thu, 10 Mar 2005 05:27:32 -0800 (PST) (envelope-from frank) From: Frank Mayhar Message-Id: <200503101327.j2ADRW2C088897@realtime.exit.com> In-Reply-To: <20050309154654.DDFD7B86C@smtp.casidy.net> To: pcasidy@casidy.com Date: Thu, 10 Mar 2005 05:27:32 -0800 (PST) X-Copyright0: Copyright 2005 Frank Mayhar. All Rights Reserved. X-Copyright1: Permission granted for electronic reproduction as Usenet News or email only. X-Mailer: ELM [version 2.4ME+ PL119 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII cc: freebsd-current@freebsd.org Subject: Re: Panic: Use-after-free in bfe X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: frank@exit.com List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Mar 2005 13:29:43 -0000 pcasidy@casidy.com wrote: > Here is a handwritten typescript of the panic while using february > CURRENT-SNAP in Fixit-mode. > > 1- I boot with the snapshot miniinst > 2- Selecting keymap (french accent) > 3- Fixit mode > 4- Emergency shell > 5- using Alt-F4 to go to the terminal > 6- typing: "ifconfig bfe0 192.168.1.1" => the shell freeze > 7- using Alt-F1 to go back to the 1st terminal where there is a panic > message: > <<<<<<< handwritten typescript > cpuid = 0 > KDB: enter: panic > [thread pid 29 tid 100030 ] > Stopped at kdb_enter+0x2b: nop > db> where -- command entered > Tracing pid 29 tid 100030 td 0xc2ff1000 > kdb_enter(c0823108) at kdb_enter+0x2b > panic(c083ca28,deadc000,c07c9462,0,80000000) at panic+0x127 > vm_fault(c1459000,deadc000,1,0,c2ff1000) at vm_fault+0x1e1 > trap_pfault(e5e61c50,0,deadc0ee) at trap_pfault+0x13b > trap(c0830018,10,10,c3105000,c3102400) at trap+0x335 > calltrap() at calltrap+0x5 > --- trap 0xc, eip = 0xc07a810, esp = 0xe5e61c90, ebp = 0xe5e61c98 --- > _bus_dmamap_unload(c3102400,c3104540) at _bus_dmamap_unload+0x16 > bfe_rx_ring_free(c3105000,c3105000,c3105000,e5e61cd8,c04dd0a3) at > bfe_rx_ring_free+0x50 > bfe_stop(c3105000,400,c3105000,e5e61cf4,c04dcae7) at bfe_stop+0x45 > bfe_init_locked(c3105000) at bfe_init_locked+0x33 > bfe_intr(c3105000) at bfe_intr+0x9f > ithread_loop(c2fe9500,e5e61d48,c2fe9500,c0601a54,0) at > ithread_loop+0x120 > fork_exit(c0601a54,c2fe9500,e5e61d48) at fork_exit+0xa4 > fork_trampoline() at fork_trampoline+0x8 > --- trap 0x1, eip = 0, esp = 0xe5e61d7c, ebp = 0 --- > db> I filed a PR along with a patch to fix this a few weeks ago, i386/77804. Apparently the patch hasn't made it to -current just yet. (Oh, probably because Release is marked incorrectly as 4.11-stable; it's really for 6.0-current.) -- Frank Mayhar frank@exit.com http://www.exit.com/ Exit Consulting http://www.gpsclock.com/ http://www.exit.com/blog/frank/