kern/157287: re0: INVARIANTS panic (Memory modified after free)
Joerg Wunsch
j at uriah.heep.sax.de
Wed May 25 20:33:15 UTC 2011
Some more analysis on the stack trace:
re_attach+0x118a corresponds to re_allocmem(), line 1085:
/* Allocate DMA'able memory for the RX ring */
error = bus_dmamem_alloc(sc->rl_ldata.rl_rx_list_tag,
(void **)&sc->rl_ldata.rl_rx_list,
BUS_DMA_WAITOK | BUS_DMA_COHERENT | BUS_DMA_ZERO,
&sc->rl_ldata.rl_rx_list_map);
callee bus_dmamem_alloc+0x8a is i386/i386/busdma_machdep.c,
bus_dmamem_alloc() line 526:
/*
* XXX:
* (dmat->alignment < dmat->maxsize) is just a quick hack; the exact
* alignment guarantees of malloc need to be nailed down, and the
* code below should be rewritten to take that into account.
*
* In the meantime, we'll warn the user if malloc gets it wrong.
*/
if ((dmat->maxsize <= PAGE_SIZE) &&
(dmat->alignment < dmat->maxsize) &&
dmat->lowaddr >= ptoa((vm_paddr_t)Maxmem)) {
*vaddr = malloc(dmat->maxsize, M_DEVBUF, mflags);
} else {
I could not spot anything obvious though.
--
cheers, J"org .-.-. --... ...-- -.. . DL8DTL
http://www.sax.de/~joerg/ NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)
More information about the freebsd-bugs
mailing list