Date: Wed, 11 Feb 2015 11:07:15 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 197535] [re] [panic] if_re (Realtek 8168) causes memory write after free and kernel panic Message-ID: <bug-197535-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197535 Bug ID: 197535 Summary: [re] [panic] if_re (Realtek 8168) causes memory write after free and kernel panic Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: luca.pizzamiglio@gmail.com Flags: mfc-stable10? Created attachment 152865 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=152865&action=edit Dmesg and kernel panic on CURRENT When I set the network interface address, I get a bunch of "Memory modified after free" messages: Memory modified after free 0xfffff800039de800(2048) val=ffffffff @ 0xfffff800039de800 Memory modified after free 0xfffff800039d4800(2048) val=ffffffff @ 0xfffff800039d4800 If I wait long enough (a couple of minutes) I get a kernel panic. I attach an example (dmesg + kernel panic) I've tested it using 10.1-STABLE, same messages after ifconfig, but the kernel panic is different. On 10, I see really often the value 0x3201c040 causing segmentation fault (!), but I don't know where it comes from. About the messages, it could be that the init procedure of re(4) cannot correctly stop the device (a normal Realtek 8168) and the dma address are rewritten by receiving packets. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-197535-8>