From owner-freebsd-current@FreeBSD.ORG Mon Mar 14 13:25:39 2005 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 025A016A545 for ; Mon, 14 Mar 2005 13:25:39 +0000 (GMT) Received: from www.mmlab.cse.yzu.edu.tw (www.mmlab.cse.yzu.edu.tw [140.138.150.166]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6C34F43D31 for ; Mon, 14 Mar 2005 13:25:38 +0000 (GMT) (envelope-from avatar@mmlab.cse.yzu.edu.tw) Received: by www.mmlab.cse.yzu.edu.tw (qmail, from userid 1000) id 73DB74EFCDB; Mon, 14 Mar 2005 21:25:37 +0800 (CST) Received: from localhost (localhost [127.0.0.1]) by www.mmlab.cse.yzu.edu.tw (qmail) with ESMTP id 678364EFCD3; Mon, 14 Mar 2005 21:25:37 +0800 (CST) Date: Mon, 14 Mar 2005 21:25:37 +0800 (CST) From: Tai-hwa Liang To: pcasidy@casidy.com In-Reply-To: <20050309154654.DDFD7B86C@smtp.casidy.net> Message-ID: <05031421154517.5336@www.mmlab.cse.yzu.edu.tw> References: <20050309154654.DDFD7B86C@smtp.casidy.net> MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-40396496-1110806737=:5336" cc: freebsd-current@freebsd.org Subject: Re: Panic: Use-after-free in bfe X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Mar 2005 13:25:40 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-40396496-1110806737=:5336 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Hello Phil, Would you please rebuild your if_bfe.ko with the attached patch and tell me whether it fixes your problem or not? The attached patch is for -CURRENT as of Mar-12-2005; however, you should be able to apply it to 5-STABLE as well. -- Cheers, Tai-hwa Liang On Wed, 9 Mar 2005 pcasidy@casidy.com wrote: [...] > --- trap 0xc, eip = 0xc07a810, esp = 0xe5e61c90, ebp = 0xe5e61c98 --- > _bus_dmamap_unload(c3102400,c3104540) at _bus_dmamap_unload+0x16 > bfe_rx_ring_free(c3105000,c3105000,c3105000,e5e61cd8,c04dd0a3) at > bfe_rx_ring_free+0x50 > bfe_stop(c3105000,400,c3105000,e5e61cf4,c04dcae7) at bfe_stop+0x45 > bfe_init_locked(c3105000) at bfe_init_locked+0x33 > bfe_intr(c3105000) at bfe_intr+0x9f > ithread_loop(c2fe9500,e5e61d48,c2fe9500,c0601a54,0) at > ithread_loop+0x120 > fork_exit(c0601a54,c2fe9500,e5e61d48) at fork_exit+0xa4 > fork_trampoline() at fork_trampoline+0x8 > --- trap 0x1, eip = 0, esp = 0xe5e61d7c, ebp = 0 --- > db> > >>>>>> > > On -STABLE the panic is preceded by a "storm interrupt" on "irq18: bfe0 > uhci2" and dmesg reports: > > bfe0: mem 0xfaffe000-0xfaffffff irq 18 at device 0.0 on pci2 > bfe0: Ethernet address: 00:11:43:65:ab:d1 > miibus0: on bfe0 > bmtphy0: on miibus0 > bmtphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto > > > For the moment, I use NDISulator to have this NIC working and I am > compiling a new STABLE kernel with DDB and KDB. > > Do not hesitate to ask me more information as long as I can provide them > using the fixit terminal on the miniinst SNAP. > > Thanks > > Phil. --0-40396496-1110806737=:5336 Content-Type: TEXT/PLAIN; charset=US-ASCII; name=patch.txt Content-Transfer-Encoding: BASE64 Content-ID: <050314212537C.5336@www.mmlab.cse.yzu.edu.tw> Content-Description: Content-Disposition: attachment; filename=patch.txt LS0tIHN5cy9kZXYvYmZlL2lmX2JmZS5jLm9yaWcJTW9uIEphbiAxMCAwMzo1 Nzo1NSAyMDA1DQorKysgc3lzL2Rldi9iZmUvaWZfYmZlLmMJU2F0IE1hciAx MiAyMzo1MjoxMCAyMDA1DQpAQCAtNTQxLDggKzU0MSw2IEBADQogCQkJc2Mt PmJmZV90eF9yaW5nW2ldLmJmZV9tYnVmID0gTlVMTDsNCiAJCQlidXNfZG1h bWFwX3VubG9hZChzYy0+YmZlX3RhZywNCiAJCQkJCXNjLT5iZmVfdHhfcmlu Z1tpXS5iZmVfbWFwKTsNCi0JCQlidXNfZG1hbWFwX2Rlc3Ryb3koc2MtPmJm ZV90YWcsDQotCQkJCQlzYy0+YmZlX3R4X3JpbmdbaV0uYmZlX21hcCk7DQog CQl9DQogCX0NCiAJYnplcm8oc2MtPmJmZV90eF9saXN0LCBCRkVfVFhfTElT VF9TSVpFKTsNCkBAIC01NjAsMTUgKzU1OCwxMiBAQA0KIAkJCXNjLT5iZmVf cnhfcmluZ1tpXS5iZmVfbWJ1ZiA9IE5VTEw7DQogCQkJYnVzX2RtYW1hcF91 bmxvYWQoc2MtPmJmZV90YWcsDQogCQkJCQlzYy0+YmZlX3J4X3JpbmdbaV0u YmZlX21hcCk7DQotCQkJYnVzX2RtYW1hcF9kZXN0cm95KHNjLT5iZmVfdGFn LA0KLQkJCQkJc2MtPmJmZV9yeF9yaW5nW2ldLmJmZV9tYXApOw0KIAkJfQ0K IAl9DQogCWJ6ZXJvKHNjLT5iZmVfcnhfbGlzdCwgQkZFX1JYX0xJU1RfU0la RSk7DQogCWJ1c19kbWFtYXBfc3luYyhzYy0+YmZlX3J4X3RhZywgc2MtPmJm ZV9yeF9tYXAsIEJVU19ETUFTWU5DX1BSRVJFQUQpOw0KIH0NCiANCi0NCiBz dGF0aWMgaW50DQogYmZlX2xpc3RfcnhfaW5pdChzdHJ1Y3QgYmZlX3NvZnRj ICpzYykNCiB7DQpAQCAtOTc1LDYgKzk3MCwxMCBAQA0KIAkJZm9yKGkgPSAw OyBpIDwgQkZFX1RYX0xJU1RfQ05UOyBpKyspIHsNCiAJCQlidXNfZG1hbWFw X2Rlc3Ryb3koc2MtPmJmZV90YWcsDQogCQkJICAgIHNjLT5iZmVfdHhfcmlu Z1tpXS5iZmVfbWFwKTsNCisJCX0NCisJCWZvcihpID0gMDsgaSA8IEJGRV9S WF9MSVNUX0NOVDsgaSsrKSB7DQorCQkJYnVzX2RtYW1hcF9kZXN0cm95KHNj LT5iZmVfdGFnLA0KKwkJCSAgICBzYy0+YmZlX3J4X3JpbmdbaV0uYmZlX21h cCk7DQogCQl9DQogCQlidXNfZG1hX3RhZ19kZXN0cm95KHNjLT5iZmVfdGFn KTsNCiAJCXNjLT5iZmVfdGFnID0gTlVMTDsNCg== --0-40396496-1110806737=:5336--