Panic: Use-after-free in bfe

Frank Mayhar frank at exit.com
Thu Mar 10 05:29:43 PST 2005 

pcasidy at casidy.com wrote:
> Here is a handwritten typescript of the panic while using february
> CURRENT-SNAP in Fixit-mode.
> 
>  1- I boot with the snapshot miniinst
>  2- Selecting keymap (french accent)
>  3- Fixit mode
>  4- Emergency shell
>  5- using Alt-F4 to go to the terminal
>  6- typing: "ifconfig bfe0 192.168.1.1" => the shell freeze
>  7- using Alt-F1 to go back to the 1st terminal where there is a panic
>     message:
>     <<<<<<< handwritten typescript
>  cpuid = 0
>  KDB: enter: panic
>  [thread pid 29 tid 100030 ]
>  Stopped at      kdb_enter+0x2b: nop
>  db> where  -- command entered
>  Tracing pid 29 tid 100030 td 0xc2ff1000
>  kdb_enter(c0823108) at kdb_enter+0x2b
>  panic(c083ca28,deadc000,c07c9462,0,80000000) at panic+0x127
>  vm_fault(c1459000,deadc000,1,0,c2ff1000) at vm_fault+0x1e1
>  trap_pfault(e5e61c50,0,deadc0ee) at trap_pfault+0x13b
>  trap(c0830018,10,10,c3105000,c3102400) at trap+0x335
>  calltrap() at calltrap+0x5
>  --- trap 0xc, eip = 0xc07a810, esp = 0xe5e61c90, ebp = 0xe5e61c98 ---
>  _bus_dmamap_unload(c3102400,c3104540) at _bus_dmamap_unload+0x16
>  bfe_rx_ring_free(c3105000,c3105000,c3105000,e5e61cd8,c04dd0a3) at
>     bfe_rx_ring_free+0x50
>  bfe_stop(c3105000,400,c3105000,e5e61cf4,c04dcae7) at bfe_stop+0x45
>  bfe_init_locked(c3105000) at bfe_init_locked+0x33
>  bfe_intr(c3105000) at bfe_intr+0x9f
>  ithread_loop(c2fe9500,e5e61d48,c2fe9500,c0601a54,0) at
>     ithread_loop+0x120
>  fork_exit(c0601a54,c2fe9500,e5e61d48) at fork_exit+0xa4
>  fork_trampoline() at fork_trampoline+0x8
>  --- trap 0x1, eip = 0, esp = 0xe5e61d7c, ebp = 0 ---
>  db>

I filed a PR along with a patch to fix this a few weeks ago, i386/77804.
Apparently the patch hasn't made it to -current just yet.  (Oh, probably
because Release is marked incorrectly as 4.11-stable; it's really for
6.0-current.)
-- 
Frank Mayhar frank at exit.com	http://www.exit.com/
Exit Consulting                 http://www.gpsclock.com/
                                http://www.exit.com/blog/frank/

More information about the freebsd-current mailing list