From owner-freebsd-bugs@FreeBSD.ORG Wed Feb 11 11:07:16 2015 Return-Path: Delivered-To: freebsd-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 15F656EA for ; Wed, 11 Feb 2015 11:07:16 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D560AE3D for ; Wed, 11 Feb 2015 11:07:15 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t1BB7F0k050705 for ; Wed, 11 Feb 2015 11:07:15 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 197535] [re] [panic] if_re (Realtek 8168) causes memory write after free and kernel panic Date: Wed, 11 Feb 2015 11:07:15 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: luca.pizzamiglio@gmail.com X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: mfc-stable10? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter flagtypes.name attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Feb 2015 11:07:16 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197535 Bug ID: 197535 Summary: [re] [panic] if_re (Realtek 8168) causes memory write after free and kernel panic Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: luca.pizzamiglio@gmail.com Flags: mfc-stable10? Created attachment 152865 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=152865&action=edit Dmesg and kernel panic on CURRENT When I set the network interface address, I get a bunch of "Memory modified after free" messages: Memory modified after free 0xfffff800039de800(2048) val=ffffffff @ 0xfffff800039de800 Memory modified after free 0xfffff800039d4800(2048) val=ffffffff @ 0xfffff800039d4800 If I wait long enough (a couple of minutes) I get a kernel panic. I attach an example (dmesg + kernel panic) I've tested it using 10.1-STABLE, same messages after ifconfig, but the kernel panic is different. On 10, I see really often the value 0x3201c040 causing segmentation fault (!), but I don't know where it comes from. About the messages, it could be that the init procedure of re(4) cannot correctly stop the device (a normal Realtek 8168) and the dma address are rewritten by receiving packets. -- You are receiving this mail because: You are the assignee for the bug.