freebsd stable - Sep 2005 - 6BETA5 panic with ifconfig nge

Addon rom gdb
#7  0xc0635164 in trap (frame      {tf_fs = -415563768, tf_es = 40, tf_ds = 40,
tf_edi = -1040566016, tf_esi = 11, tf_ebp = -415499444, tf_isp = -415499480,
tf_ebx = 352, tf_edx = 524320, tf_ecx = 55296, tf_eax = 524320, tf_trapno = 12,
tf_err = 0, tf_eip = -1068416848, tf_cs = 32, tf_eflags = 66050, tf_esp =
1000000, tf_ss = 0}) at /usr/src/sys/i386/i386/trap.c:442
#8  0xc061aaca in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#9  0xc05140b0 in m_freem (mb=0x80020) at mbuf.h:420
#10 0xc0471478 in nge_stop (sc=0xc1fa3900) at /usr/src/sys/dev/nge/if_nge.c:2125
#11 0xc04719da in nge_init_locked (sc=0xc1fa3900) at
/usr/src/sys/dev/nge/if_nge.c:1685
#12 0xc04732a1 in nge_ioctl (ifp=0xc1fb8400, command=2149607696, data=0xc26f61a0
"nge0")
    at /usr/src/sys/dev/nge/if_nge.c:2018
#13 0xc055a8d4 in ifhwioctl (cmd=0, ifp=0xc1fb8400, data=0xc26f61a0
"nge0", td=0x80020) at /usr/src/sys/net/if.c:1272
#14 0xc055b108 in ifioctl (so=0xc25c2858, cmd=2149607696, data=0xc26f61a0
"nge0", td=0xc24c9a80)
    at /usr/src/sys/net/if.c:1506
#15 0xc0502308 in soo_ioctl (fp=0x80020, cmd=2149607696, data=0xc26f61a0,
active_cred=0xc2190c00, td=0xc24c9a80)
    at /usr/src/sys/kern/sys_socket.c:214
#16 0xc04fac95 in ioctl (td=0xc24c9a80, uap=0xe73bfd04) at file.h:258
#17 0xc0635643 in syscall (frame      {tf_fs = 59, tf_es = 59, tf_ds =
-1078001605, tf_edi = 3, tf_esi = 1, tf_ebp = -1077943256, tf_isp = -415498908,
tf_ebx = -1077943312, tf_edx = -2145359600, tf_ecx = 134595453, tf_eax = 54,
tf_trapno = 12, tf_err = 2, tf_eip = 1208857439, tf_cs = 51, tf_eflags = 583,
tf_esp = -1077943332, tf_ss = 59}) at /usr/src/sys/i386/i386/trap.c:986
#18 0xc061ab1f in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:200
#19 0x00000033 in ?? ()

Patch below fixes my panics:
Main is:
            sc->nge_ldata = contigmalloc(sizeof(struct nge_list_data),
M_DEVBUF,
-           M_NOWAIT, 0, 0xffffffff, PAGE_SIZE, 0);
+           M_NOWAIT|M_ZERO, 0, 0xffffffff, PAGE_SIZE, 0);

Other is incorporated rev. 1.78-1.79 of if_nge.c from HEAD.

Jura




--- if_nge.c.orig       Mon Sep 26 17:02:00 2005
+++ if_nge.c.my Mon Sep 26 16:59:26 2005
@@ -839,7 +839,7 @@

        /* XXX: leaked on error */
        sc->nge_ldata = contigmalloc(sizeof(struct nge_list_data), M_DEVBUF,
-           M_NOWAIT, 0, 0xffffffff, PAGE_SIZE, 0);
+           M_NOWAIT|M_ZERO, 0, 0xffffffff, PAGE_SIZE, 0);

        if (sc->nge_ldata == NULL) {
                printf("nge%d: no memory for list buffers!\n", unit);
@@ -912,6 +912,7 @@

                } else {
                        printf("nge%d: MII without any PHY!\n",
sc->nge_unit);
+                       if_free(ifp);
                        bus_release_resource(dev, SYS_RES_IRQ, 0,
sc->nge_irq);
                        bus_release_resource(dev, NGE_RES, NGE_RID,
                                         sc->nge_res);
@@ -933,6 +934,7 @@
            nge_intr, sc, &sc->nge_intrhand);
        if (error) {
                /* XXX: resource leaks */
+               if_free(ifp);
                bus_release_resource(dev, SYS_RES_IRQ, 0, sc->nge_irq);
                bus_release_resource(dev, NGE_RES, NGE_RID, sc->nge_res);
                printf("nge%d: couldn't set up irq\n", unit);
@@ -960,7 +962,6 @@
        nge_stop(sc);
        NGE_UNLOCK(sc);
        ether_ifdetach(ifp);
-       if_free(ifp);

        bus_generic_detach(dev);
        if (!sc->nge_tbi) {
@@ -971,6 +972,7 @@
        bus_release_resource(dev, NGE_RES, NGE_RID, sc->nge_res);

        contigfree(sc->nge_ldata, sizeof(struct nge_list_data), M_DEVBUF);
+       if_free(ifp);

        NGE_LOCK_DESTROY(sc);