[Bug 197535] [re] [panic] if_re (Realtek 8168) causes memory write after free and kernel panic

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197535

            Bug ID: 197535
           Summary: [re] [panic] if_re (Realtek 8168) causes memory write
                    after free and kernel panic
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: luca.pizzamiglio at gmail.com
             Flags: mfc-stable10?

Created attachment 152865
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=152865&action=edit
Dmesg and kernel panic on CURRENT

When I set the network interface address, I get a bunch of "Memory modified
after free" messages:
Memory modified after free 0xfffff800039de800(2048) val=ffffffff @
0xfffff800039de800
Memory modified after free 0xfffff800039d4800(2048) val=ffffffff @
0xfffff800039d4800

If I wait long enough (a couple of minutes) I get a kernel panic.

I attach an example (dmesg + kernel panic)


I've tested it using 10.1-STABLE, same messages after ifconfig, but the kernel
panic is different.

On 10, I see really often the value 0x3201c040 causing segmentation fault (!),
but I don't know where it comes from.

About the messages, it could be that the init procedure of re(4) cannot
correctly stop the device (a normal Realtek 8168) and the dma address are
rewritten by receiving packets.

-- 
You are receiving this mail because:
You are the assignee for the bug.