From owner-freebsd-net@FreeBSD.ORG Sun Jan 23 07:40:09 2011 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DA8C3106564A for ; Sun, 23 Jan 2011 07:40:09 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id AF4AB8FC0A for ; Sun, 23 Jan 2011 07:40:09 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p0N7e9rw074644 for ; Sun, 23 Jan 2011 07:40:09 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p0N7e98A074643; Sun, 23 Jan 2011 07:40:09 GMT (envelope-from gnats) Date: Sun, 23 Jan 2011 07:40:09 GMT Message-Id: <201101230740.p0N7e98A074643@freefall.freebsd.org> To: freebsd-net@FreeBSD.org From: PseudoCylon Cc: Subject: Re: kern/153938: [run] [panic] [patch] Workaround for use-after-free panic X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: PseudoCylon List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Jan 2011 07:40:09 -0000 The following reply was made to PR kern/153938; it has been noted by GNATS. From: PseudoCylon To: bug-followup@freebsd.org, Juergen Lock Cc: Juergen Lock Subject: Re: kern/153938: [run] [panic] [patch] Workaround for use-after-free panic Date: Sat, 22 Jan 2011 23:35:14 -0800 (PST) ----- Original Message ---- > From: Juergen Lock > To: PseudoCylon > Cc: bug-followup@freebsd.org; Juergen Lock > Sent: Fri, January 21, 2011 11:21:20 AM > Subject: Re: kern/153938: [run] [panic] [patch] Workaround for use-after-free >panic > > It's possible this was triggered by the first DPRINTFN() in > run_node_cleanup() (that I turned into a device_printf() and meanwhile > have disabled, maybe it caused a taskswitch) Your bt says no. > #5 0xffffffff8117839b in run_node_cleanup (ni=0xffffff8000f83000) > at >/data2v/home/nox/src-r81/src/sys/modules/usb/run/../../../dev/usb/wlan/if_run.c:1719 > > 1719 RUN_LOCK(sc); > (kgdb) l run_node_cleanup() was called with node lock held. Happens all the time. > - but in any case I'd > say this is not safe i.e. needs to be fixed. :) > Yes. Here is fix. This one shall work. http://gitorious.org/run/run/trees/fifo_fix/dev/usb/wlan AK